“A biosignal can be defined as a physiological phenomenom, a body variable that can be measured and monitored. Since the number of physiological mechanisms is nearly unlimited, the diversity of biosignals is huge.” The above is one of the shortest and most to-the-point definitions we could find. It is really difficult to come up with something more concise than that.
Why we insist so much on biosignals and why we think they are better than other (static) biometrics? Biosignals belong of course to the extended family of biometrics, i.e. those biological characteristics that can be measured and quantified. The important difference, though, is that many classical biometrics are static: they characterize the person permanently. Think of the fingerprint patterns of a person, the pigmentation of her iris, or the general buildup of a face. They are obviously most of the times fairly unique, even among monozygotic twins, but still, they are not perfect if used for “privacy” applications. Once compromised, you cannot use them anymore. Ever!
Biosignals on the other hand are by definition dynamic. They change according to the current physiology of the person. Neurophysiological biosignals in under certain circumstances can depict the cognitive load or psychological status of a person, providing unique readings according to the presence or absence of a stimulus.
It is exactly this new approach that we want to take advantage of. Starting with very specific EEG reactions to visual and acoustic stimuli, combining them for more robustness with auxiliary neurophysiological biosignals, and providing a unique signature that will be only yours, according to the application in question.
If, albeit ultra-secure, the nature of that signature got compromised or the raw signal somehow intercepted, you would simply have to provide a new session of stimulus-reaction tandems in order to hash a new password. The advantage of biosignals are obvious: unique and specific as the classical biometric approaches, but with the extra convenience of being swappable at will.
This also has the added aspect of using different sessions for different uses. You don’t have to use the same biosignal passwords for public ID recognition uses (say border control), with those of your bank or workplace. This separation adds further layers of security.
Last, but not least, there is the advantage of non-coerced identification, but that will be the topic of a future blog post.
