Sending a password or secret code over airborne radio waves such as Wi-Fi or Bluetooth makes those transmissions vulnerable to hackers who can attempt to break the encrypted code.

Now, University of Washington (UW) computer scientists and electrical engineers have devised a way to send passwords more securely through the human body—using benign, low-frequency transmissions generated by fingerprint sensors and touchpads on consumer devices.

“Fingerprint sensors have so far been used as an input device. What is cool is that we’ve shown for the first time that fingerprint sensors can be repurposed to send out information that is confined to the body,” says Shyam Gollakota, assistant professor of computer science and engineering.

According to the researchers, these “on-body” transmissions offer a more secure way to transmit authenticating information between devices that touch parts of the body—such as a smart door lock or wearable medical device—and a phone or device that confirms one's identity by requiring a password to be entered.

“Let’s say I want to open a door using an electronic smart lock,” says Mehrdad Hessar, electrical engineering doctoral student. “I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door, without leaking that personal information over the air.”

UW electrical engineering doctoral students Vikram Iyer (l) and Mehrdad Hessar. Image credit: Dennis Wise/University of Washington.The research team from UW’s Networks and Mobile Systems Lab systematically analyzed smartphone sensors to understand which of them generate low-frequency transmissions below 30 megahertz that travel well through the human body but don’t propagate over the air. They found that fingerprint sensors and touchpads generate signals in the 2- to 10-megahertz range and employ capacitive coupling to sense where one's finger is in space, as well as to identify the ridges and valleys that form unique fingerprint patterns.

Normally, sensors use these signals to receive input about the finger. But the UW engineers devised a way to use these signals as output that corresponds to data contained in a password or access code. When entered on a smartphone, data that authenticates one's identity can travel securely through the body to a receiver embedded in a device that needs to confirm one's identity.

Their process employs a sequence of finger scans to encode and transmit data. Performing a finger scan correlates to a 1-bit of digital data, and not performing the scan correlates to a 0-bit. The team achieved bit rates of 50 bits per second on laptop touchpads and 25 bits per second with fingerprint sensors—fast enough to send a simple password or numerical code through the body and to a receiver within seconds.

The research team tested the technique on iPhone and other fingerprint sensors, as well as Lenovo laptop trackpads and the Adafruit capacitive touchpad. In tests with 10 different subjects, they were able to generate usable on-body transmissions on people of different heights, weights and body types.

“We showed that it works in different postures like standing, sitting and sleeping,” says Vikram Iyer, electrical engineering doctoral student. “We can also get a strong signal throughout your body. The receivers can be anywhere—on your leg, chest, hands—and still work.”