Scientists have developed a new system that can identify people using their brain waves or 'brainprint' with 100 per cent accuracy, an advance that may be useful in high-security applications.
Researchers at Binghamton University in US recorded the brain activity of 50 people wearing an electroencephalogram (EEG) headset while they looked at a series of 500 images designed specifically to elicit unique responses from person to person - eg a slice of pizza, a boat, or the word "conundrum."
They found that participants' brains reacted differently to each image, enough that a computer system was able to identify each volunteer's 'brainprint' with 100 per cent accuracy.
"When you take hundreds of these images, where every person is going to feel differently about each individual one, then you can be really accurate in identifying which person it was who looked at them just by their brain activity," said Assistant Professor Sarah Laszlo.
According to Laszlo, brain biometrics are appealing because they are cancellable and cannot be stolen by malicious means the way a finger or retina can.
The results suggest that brainwaves could be used by security systems to verify a person's identity.
"If someone's fingerprint is stolen, that person can't just grow a new finger to replace the compromised fingerprint - the fingerprint for that person is compromised forever," said Laszlo.
"In the unlikely event that attackers were actually able to steal a brainprint from an authorised user, the authorised user could then 'reset' their brainprint," Laszlo said.
Zhanpeng Jin, assistant professor at Binghamton University, does not see this as the kind of system that would be mass-produced for low security applications, but it could have important security applications.
"We tend to see the applications of this system as being more along the lines of high-security physical locations, like the Pentagon or Air Force Labs, where there aren't that many users that are authorised to enter, and those users don't need to constantly be authorising the way that a consumer might need to authorise into their phone or computer," Jin said.
The study was published in The IEEE Transactions on Information Forensics and Security journal.