for-sharing

Meet BioLock: Smart Biometrics for Tomorrow

ECG-based smart system for continuous authentication and monitoring of human well-being.

December 01, 2016

Introducing BioLock: a smart system by SoftServe for continuous authentication and monitoring of human well-being, based on electrocardiogram (ECG) analysis with biosensors embedded into a vehicle’s steering wheel and a mobile application working in offline mode.

If your company works with highly sensitive information, chances are probable that you might be interested in additional security systems built with continuous biometrical authentication with ECG, the technology behind authentication that may be used with Bluetooth Low Energy (BLE) powered devices.

Organizations in industries such as healthcare, have a large amount of sensitive information and manage access to it through password policies which require a lot of time and effort. What’s more, it is not always efficient. Employees need to change standard passwords on a regular basis, some of them expire, some get forgotten, with additional services then being involved to figure everything out. All these circumstances lead to extra costs and priceless time spent for device management.

With digital technologies being at heart of the modern life, password management may be solved with small custom devices that work for a long time on a single battery charge. Those devices collect ECG data and transfer it to a mobile phone via a BLE channel for further processing.

“Visibility is key to supply chain security. With BioLock’s technology, we’ll know if the correct driver is manning the truck at all times. Integrating with BioLock will not only provide Overhaul, our drivers and clients with an extra layer of cargo security but it will also prevent cargo theft ensuring successful hauls each time,” says Overhaul CEO Barry Conlon.

Enter SoftServe BioLock: a smart IoT device for biometric authentication. For this particular innovation, our team created a custom ECG reader device, placed it onto a printed cover for a mobile device and then embedded it into a steering wheel. The first stop on our way to the concept design was literature review and state-of-the-art algorithms research, along with dozens of experiments executed in simulated real-life conditions to collect the data for analysis.

As a result, we have identified that the custom-made device satisfied our two main criteria: recognition time is less than 30 seconds and accuracy is higher than 70%. It supports continuous ECG data streaming vs. one-time events such as entering passwords or simple fingerprint recognition. Additionally, continuous ECG-based authentication is easy to use, hard to steal and impossible to fake, either by emulating or combinatory guess.

Let’s take a step-by-step look at how reading continuous ECG streams, creates greater security capabilities by making biometric authentication much more robust.

Device Prototyping

Initially, our team needed to develop a prototype of a recording device in the form of phone/tablet 3D printed cover.



The prototype includes our main device ECG reader with Bluetooth interface that provides the possibility to stream data from cover, battery and charger module. When the idea became feasible, we disassembled a Logitech wheel and attempted to answer the following questions during concept brainstorming sessions:

  1. Where is a better to place the electrodes and the ECG device itself?
  2. What kind of electrode is suitable for authentication?

Disassembled wheel


In short, we opted to position the electrodes as shown above. ECG electrodes shown below were selected for prototyping after researching all possible combinations of signal quality.


Now, our cover is a more advanced device with the potential to be reused for automotive security solutions and embedded into a car wheel. All parts were successfully reused in a car wheel. That’s where our team faced a minor issue: noise from the external environment.

Bio Recording

How do you make a system actually recognize you as yourself? Well, Neural Networks (NN) are the way to do so. NN may produce only two results of the recognition process: either the user is authorized, or they are not. To teach NN to recognize users, we need to collect two sets of ECG data: one for the user to be authorized and another for unauthorized people.

Sounds pretty simple, right? Just collect the data you need, train NN and here you go: a user recognition system with ECG is ready.

Easier said than done. You can't simply use recorded data because the ECG data contains a lot of noise. So how do you remove it?

Let's start with most common noise that distorts ECG: power line interference. Electromagnetic fields caused by a powerline represent a common noise source in the ECG characterized by 50 or 60 Hz sinusoidal interference, possibly accompanied by a number of harmonics. To remove it, we used Bandpass FIR filter.

Even after FIR filtering, there still remains some noise that needs to be removed, leading us to the next steps: noise reduction and signal normalization. Noise reduction is a method of reducing an unwanted signal by addition of a second signal specifically designed to cancel the first one. The image below illustrates the basic idea:

In its turn, normalization presupposes reduction of data to any kind of a canonical form. Imagine that you have two different thermometers in one room: one shows the temperature in Celsius and the second one – in Fahrenheit. The condition triggers cooling when the temperature is more than 23 degrees of Celsius. This condition may work with two types of thermometers that give two different values – in Celsius and Fahrenheit basically converting data from two different metric systems to one canonical.

The same may be applied in our case: ECG data can be recorded on different devices with different metric systems, so we need a canonized form of ECG data for further processing.

Now, introduce Low Pass and High Pass filtering. Respiration, body and muscle movements create noise we should deal with as well.

After the data is filtered, there is another question: what ECG data exactly is needed to train the NN?

A common ECG pattern, QRS(T) complex, varies from human to human, so that’s what we need to use for NN training: detecting QRS complex from ECG time series.

Signal Squaring

Normalized ECG lies in range (-1, 1), so squaring is dedicated to removing negative parts from the signal.

Signal Averaging

This procedure helps define the length of QRS complex.

From this stage it is easy to identify R-peaks and the index of each maximum is an R-peak. R peaks will be initial points to identify Q- and S-peaks. To find a Q-peak, we need to find the minimum value from the beginning of the wave to an R-peak. Similar to the S-peak, find the minimum from R-peak to end of wave.

The end result of the QRS detection looks as follows:

Now we have ECG marked with QRS complex, it is ready to be used for NN training.

Our next step is to slice the data recorded from the ECG device and place slices into multiple plots to see what happens:

You expected to see something different, right? The example above shows how to detect QRS complex in laboratory conditions. The problem is that QRS detection algorithms are not 100% precise, especially when you are recording data from a handmade ECG recorder. So, some parts of ECG are treated as QRS complex, which they are not. The easiest way to solve this is to use filtering based on Standard Deviation (STD). As you can see, a majority of QRS complexes are similar. So we can calculate the STD Mean across all QRS and use this mean as the threshold to compare each QRS STD against. After applying this simple filtering, we get what follows:

As you can see, the data quality is much better, and even by visual assessment, you can say that ECG from both users are different. After this step, data can be used for proper NN training.

Want to see this technology in action? Watch the BioLock video today.

other stories

Software development tips, opinions and latest industry news.