Two feet beat one password every time, researchers believe

Two feet beat one password every time, researchers believe

Summary: Researchers are focusing on the feet to develop a new biometric system that proves identity and can help detect certain diseases.

TOPICS: Security

Biometrics to define identity have tapped hands, fingers, eyes, voice and other distinct human characteristics, but now researchers at Carnegie Mellon University are looking at your sole.

Actually, researchers along with Autonomous ID, a Canadian vendor with a product called BioSole, are fixated on the feet, how they move a person and how that movement can be used to prove identity.

Todd Gray, chairman and president of Autonomous ID, says BioSole, which has been in the works for three years, can identify a user in as little as three steps. The input device is a thin insole inserted in the user’s shoe. The work with CMU will broaden the test base Autonomous ID has already been working with.

The duo is working on tests of the insole sensory system that monitors foot movement not only for identity but to detect other important, and potentially life-saving, data such as the onset of diabetes and Parkinson’s disease.

The research is being done at CMU’s new Pedo-Biometrics Research and Identity Automation Lab, which is headed by Marios Savvides, an electrical and computer engineering professor.

Savvides is no stranger to biometrics. He is founder and director of CMU’s CyLab Biometrics Center, which is working on such projects as Iris Recognition, 3D Face Reconstruction from 2D Images, and Facial Pose Correction.

Savvides also is working to simplify biometric algorithms so they can be implemented on small form-factor devices such as PDAs and mobile phones.

The notion behind the research on human gait is that mimicking the movement is nearly impossible, therefore a trusted attribute of identity.

In addition, unlike hands and fingers, movement is not something that can be removed from a person for use with biometric readers.

Savvides and his colleague Vijayakumar Bhagavatula are working with Vladimir Polotski, the chief science and technology officer of Autonomous ID.

The trio says pedo-biometrics can be used in medical diagnosis, forensic science, privacy, security and automation.

For example, a person walking up to a locked door could be identified and the door unlocked when they arrive.  A person’s gait information can be stored in the cloud and accessed via remote readers.

Gray says CMU provides needed research and development for field trials.

The study of gait as a means of identity is not new. In 2000, Georgia Tech University was working in conjunction with DARPA’s HumanID at a Distance program on technology for screening people. They studied stride and collected data such as distance between head and foot, head and pelvis and foot and pelvis for both the left and right foot.

The goal was to be able to identify people in a crowd or group, such as workers on an airport tarmac. The technology could pick out someone who was not suppose to be there.

See also:



Topic: Security


John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Just one problem with biometrics

    If I can't steal your body part, I will steal the digital image from the website you are dealing with and so it will work everywhere for me and you cannot change it ever because you cannot change a body part.
  • How constant is gait?

    I wonder if they've done any research on how a person's gait may evolve over time? If I gain or lose weight, or maybe even change my shoes or put in some insoles, and suddenly I'm locked out? That's a non-starter right there.

    Bone structure and eyes are good biometrics because they don't change. As for the baddies stealing eyes or fingers, there are relatively straightforward ways to guarantee viability: pulse in the skin (O2 level?) or iris-response in the eye. A fake eye or fingerprint won't respond as though it was "alive" unless the bad guys are willing to spend so much money / effort, it doesn't matter.

    If the bad guys have you captive and are forcing you to use your biometrics to get them access, well, there's no biometric that is foolproof against that.

    Frankly, I'm more interested in the medical-diagnostic applications. Recent studies have shown connection between gait and Alzheimer's. Your motion is a combination of the physical (bones, joints, muscles), and the mental (balance, coordination, neural function), so I can imagine careful study of your gait may lead to all sorts of interesting diagnostics.

    Note that diagnosing disease based on a change of gait, indicates that your gait may change due to medical reasons, making my original point. Try telling the doorway that won't open, "I am not my disease."
  • accident proof?

    what happens if someone gets a limp?
    • Limps, sore feet, new shoes ...

      Blackweaver asks about the subject developing a limp. That's just one end of a spectrum of variability that needs to be accommodated. A person's gait will likely change when they have a sore foot, or if they change shoes, or even if they're tired. Sure, the biometric modelling might be based on traits that are relatively invariant but there is always some variation in the way one person presents any given trait. So all biometrics systems have to allow for variability to minimise false negatives, and in so doing, they become susceptible to false positives. This is inescapable: improve security/specificity/false positives and you must lose out on convenience/sensitivity/false negatives. Perhaps the most important characteristic of any biometric is the Detection Error Tradeoff curve, which shows how False Accept Rate and False Reject Rate vary as the implementer tunes the system to achieve the best practical compromise.
  • Don't grow old or you will have real problems

    I am 73 and the ridges on my fingers are almost undetectable either with electronic scanning or the old ink process. For this reason I do not use a fingerprint scanner for my computer security. It could keep me from getting back into my system if the scanner stops being able to recognize my fingerprint. The same goes for your gait as someone mentioned already.