Cardiac Biometric

MIT Technology Review is reporting about an infrared laser device that can identify people by their unique cardiac signature at a distance:

A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser. While it works at 200 meters (219 yards), longer distances could be possible with a better laser. “I don’t want to say you could do it from space,” says Steward Remaly, of the Pentagon’s Combatting Terrorism Technical Support Office, “but longer ranges should be possible.”

Contact infrared sensors are often used to automatically record a patient’s pulse. They work by detecting the changes in reflection of infrared light caused by blood flow. By contrast, the new device, called Jetson, uses a technique known as laser vibrometry to detect the surface movement caused by the heartbeat. This works though typical clothing like a shirt and a jacket (though not thicker clothing such as a winter coat).


Remaly’s team then developed algorithms capable of extracting a cardiac signature from the laser signals. He claims that Jetson can achieve over 95% accuracy under good conditions, and this might be further improved. In practice, it’s likely that Jetson would be used alongside facial recognition or other identification methods.

Wenyao Xu of the State University of New York at Buffalo has also developed a remote cardiac sensor, although it works only up to 20 meters away and uses radar. He believes the cardiac approach is far more robust than facial recognition. “Compared with face, cardiac biometrics are more stable and can reach more than 98% accuracy,” he says.

I have my usual questions about false positives vs false negatives, how stable the biometric is over time, and whether it works better or worse against particular sub-populations. But interesting nonetheless.

Posted on July 8, 2019 at 12:38 PM21 Comments


Rob July 8, 2019 12:49 PM

I second the stability question. Heartbeat is something that is easily affected by drugs. Does, say, the number of unique individuals in a crowd compared to a crowd of the same size elsewhere correlate with how close the local Starbucks is?

Rory July 8, 2019 1:25 PM

I’d be interested to see if one of those Dr. Ho muscle stimulation jobbies could change the vibration pattern enough to trick it.

Agammamon July 8, 2019 1:58 PM

It also sounds like it would be subject to the same countermeasures that laser-mics are – random vibrations induced in the surface of the object being lased.

dafydd July 8, 2019 4:46 PM

Any biometric technology dependent on EM radiation can be defeated with EM radiation…

Jesse Thompson July 8, 2019 5:20 PM

My first question after reading the excerpt was the obvious Heisenberg uncertainty principal one of frequency vs time. Namely, that ~1Hz is a damn low frequency, so how much time would you have to sample for just in order to collect enough entropy to tell one person from another?

Luckily article offers a claim here as well.

an invisible, quarter-size laser spot could be kept on a target. It takes about 30 seconds to get a good return, so at present the device is only effective where the subject is sitting or standing.

It’s not clear to me what’s going to look different about my pulse after only 30 beats compared to somebody else? Are they measuring something more subtle than timing between pulses, like listening to the hiss of individual blood cells streaming through schlerotic valves? 😛

Rachel July 8, 2019 5:44 PM

Did they have trouble finding people with a heart (or, ‘with heart’) in their locale, to test it properly? Must have caused some serious delays.
Such a fact should provide default protection for large sections of personnel

Faustus July 8, 2019 8:11 PM

Why MIT puts their name on something that is so meaningless as this article is beyond me. A few sentences could clarify so much. As it is this is simply a PR release.

I suspect the whole product is make believe. Through clothes? At 200 yards? Why not claim it reads minds too?!

If it said:

“Out of a database of 200 signatures a randomly chosen subject was correctly identified 950 out of 1000 tests. A wrong identification was made 40 times and 10 tests yielded no identification. Signature generation required a stationary undressed subject in a quiet office. 500 field ids were tested in summer wear, 500 in autumn wear, stationary at distance of 20 yards with no statistically significant difference between the two wardrobes.”

just think how much more we would know.

I suspect the details were elided because the test setup was artificial and unimpressive.

Rachel July 8, 2019 8:35 PM

Thankyou Faustus for your most pertinent assessment.

Thanks Jesse Thompson for mentioning Heisenberg Uncertainty.
What if the fact of the subject [a signal] interfered with the object being measured [heart, whatever]

bluetooth biological measuring devices worn on the body are a classic example of this. it’s verifably known pulsed microwaves interfere with neurological function, also blood sugar and insulin response mechanisms.
yet there are bluetooth or wi-fi centric devices used for assessing each, with intimate proximity

Blah July 9, 2019 12:01 AM

“Why MIT puts their name on something that is so meaningless as this article is beyond me”

As opposed to the name Faustus being put on some whining about gait recognition?

Stevo July 9, 2019 2:49 AM

And completely defeated by body armour, which is what the bad guy is wearing anyways.

Ismar July 9, 2019 4:46 AM

As someone suffering from irregular hart beats I agree with @Rob in that there are readily available drugs for regulating your heart beats. For those with healthy hearts there are other substances that can modify your “heart signature”.
The question is then why have these people spent millions of dollars on a technology that can be rendered useless by a $5 drug?

Clive Robinson July 9, 2019 5:59 AM

@ Bruce,

I have my usual questions…

Well if people think about it the first thing the opperators of such systems have to get is a clean copy of your heart rate for comparison purposes, and that might not be easy.

Also I know for certain my heart pattern has changed dramatically over the recent past as my cardiac specialist would confirm (or you can just look at the ECG tracings). More recently it has undergone a series of what you might call bursts of changes which is why I now have a box in my chest to keep the darn thing beating (my heart randomly stopped for 5-15 seconds which might acount for my habit of finding myself face down in all sorts of places) at other times it beats so fast (over 200BPM) that again I find myself heading for the floor. The question then arises are you seeing the persons natural heart rate or that of their cardiac assist device?

But to say my heart rate and rhythm are eratic is one of lifes little understatments… Which I’m reasonably sure for increasing numbers of people is also true, as survival rates from first cardiac events is steadily rising in many places (but apparently not so much in the US).

@ All,

But… If we look at the article we see the following,

    By contrast, the new device, called Jetson, uses a technique known as laser vibrometry to detect the surface movement caused by the heartbeat. This works though typical clothing like a shirt and a jacket (though not thicker clothing such as a winter coat).

We see “laser vibrometry” which is a fancy term for the effect “laser microphones” that have been around for something like four decades use. And more recently a passive effect where high resolution digital cameras that could hear things in a room by looking at the light reflected from a crumpled up crisp packet through a couple of windows (ie in a building across the street).

So a prediction… The next step in this technology will be not an active system using a lazer which can be detected, to a passive system focused in on the reflected light from your eyeball or jewelry or other hard light reflecting surface in contact with your body, say the surface of a watch or it’s metal strap etc, even the key you hold out to open your door. (yes I copyright (c) this idea and want royalties).

People can sit down and work out the “forward gain” of such a laser device, it’s not exactly difficult just tedious and you can get the information from any book on Radar or more sprcifically “Lidar”. But I can tell you now it’s going to be very low and unlike the lower EM spectrum of microwaves the background noise is going to be very high. So inherently a very low signal to noise ratio without any man made noise or natural interferance… Such “extra noise’ is more than likely to “swamp” the required signal, when intentional we call it “jamming”. Either way it means the system designers would have to use either “averaging” or “estimation techniques” to dig a sufficiently clean signal out of the noise.

The problem is that averaging needs to “double the samples to get each 3dB increase in signal power, and to work even that well the period (1/f) of the signal has to be quite stable over the entire averaging period, which heart rates have a habit of only doing at rest even in healthy individuals… Thus to find a signal that they want in any kind of sensible time period they would also have to use some kind of estimation technique such as a matched filter. Then run a sampled period through it at different rates to get some kind of correlation to use to make averaging more effective. Which will burn a fair old amount of CPU cycles…

Thus if you know the way the signal recovery part of this sytstem works you can exploit it’s weaknesses very advantageously at quite low cost. Whilst forcing their costs to rise quite dramatically to a power law. Which is the same game we play with “adding an extra bit” to the length of an encryption system.

I don’t know about others but I can think of numerous was to do this sort of “jamming” 😉

@ Bob Paddock,

So it has major fail in groups?

Most probably… It’s been long known that when people live in tight groups their biological cycles come into alignment. The earliest records I’ve ever seen from this was in the calculation of the size of sewer pipes for the number of people in dormitories etc.

If the people living in dormitories and the like did not sync up then you could “root mean squared” to get the average flow rate and then double it for a safety margin etc. That is if the events were truely independebt of each other they would follow a Poisson distribution… This works for the likes of housing estates and streets etc because the people there don’t sync up very much beyond that of the “daily grind times”. But not for dormitories where the people become almost one living entity, thus you have to design for “peak flows” not “average flows”…

We also see such syncing in other areas look into the history behind Agner Krarup Erlang’s capacity planning and queuing theories for telecommunications circuits Erlang B, Extended Erlang B and Erlang C.

Basically normal loads follow a Poisson distribution as they are unrelated to each other. However as you aproach “chord capacity” the distribution starts to change as people don’t connect thus “redial” their calls are nolonger independent of each other. If you add a connected but waiting or holding que at the destination end then the number of connected calls again follow a different distribution due to the metrics of the holding que. The same logic holds true for nearly all gueuing systems including those you find humming along in your personal computer and in servers, where it can likewise be shown the event/job distributions are markedly different due to their various levels of independence from each other.

But the classic example of peak not mean capacity planning is what got called “half time load” in the UK. England’s alledged national drink is tea, and this requires about a two KW load for two minutes with an electric kettle. Likewise the alledged national sport of the UK is “football”[1] or as those in the US call it “soccer”. Every year in England we have the Football Association (FA) Cup Final that gets broadcast on radio, television, satellite television and of course these days the Internet, but more of the problems that brings later…

Well as the famous quote has it “football is a game of two halves” with a break in the middle called “half time”. Where traditionaly the players rest a short while and have a cup of beef tea for strength and a several slices of orange to “zest them up” (the reality these days we are led to believe is they go into a room where the manager screams, shouts and throws football boots at star players as a form of encoragement, knowing how humans think I think that would be better viewing than the game ;-). Anyway many spectators at home likewise have a cup of tea etc at the same time… So the load on the National Grid in England goes from lower than normal to a dramatic peak as five to ten million kettles get turned on all within a four or five minute period.

Traditional steam powered generators can not deal with such sudden changes in load, which is where Wales, France and one or two other nations have come to help out. In Wales there is a large lake at the top of a mountain with one at the bottom, also many hydro powered generators that can spin up from idle to full power in just seconds, so it makes a very large capacity high power kinetic battery. Likewise other countries with cables into England can dump excess capacity from their closer to quiescent networks etc. Unfortunately one of the scourges of satellites and the Internet is there are now very large numbers of people in other countries watching, including many European ones but India and Argentina so that peak demand problem is nolonger “localised” to just a few million homes…

It’s these little problems that are “an engineers lot in life” because if they get it perfectly right, nobody thanks them, if they predict the capacity to low, then you could end up with cascade overload failures all over the place which would get a lot of peoples backs up fairly instantly as they loose power for half a day. Oh and if the engeneers err to much the other way, first the accountants, then the bill payers will be screaming at them about the waste of money… Because those that offer such peak capacity want a lot of money, not just for the power supplied but also being on stand by to maybe supply it… Because whilst external combustion power generation can be made more efficient than internal combustion power generation for continuous loads it has significantly more lag, that can be measured in hours not seconds due to heating up the “working fluid” in sufficient bulk to be ready for the peak load.

[1] It’s not, fishing with a rod and line is by numbers of participents. But then fishing does not make a good real time spectator sport, watching paint dry would be better because atleast is guarrnteed to have a finish 😉

donk July 9, 2019 8:03 AM

This wouldn’t work by sensing pulse rate or blood pressure — those can be quite variable even for an individual. It appears to work by constructing a blood pressure profile. The human heart has four chambers that contract and expand periodically as well as some check valves. Their operation results in a rather complex waveform best seen, I would guess, in an Electro-cardiogram So what we have here is a sort of remote IR EKG purportedly able to recognize individual “EKG” patterns through light clothing at a distance of several hundred meters. Assuming that it works at all, it’s probably jammable, possibly spoofable, and might not work if there are bright IR sources in the area.

This might, and I emphasize might, be usable for access control in situations where being right much of the time is all that is needed to discourage attempts to enter restricted areas. It does have the advantage of being non-intrusive.

ROF July 9, 2019 11:48 AM

Heart rate is probably not the likely technique used here. Rather pulse shape is the more likely technique. It would seem that the pulse shape of each pulse for an individual is likely to remain nearly constant independant of pulse rate. Pulse shape is likley a function of various components of the heart perhaps the size and shape of the chambers, valves and muscles. Each individuals heart is likeley to produce a pulse shape at any heart rate that is unique to that individual. This may change over years as the size and shape of the hearts components change so that a pulse shape captured 30 years ago may not match today. It is also unlikley that the signature before heart surgery (ie: valve replacement) would be the same as the signature after surgery. A recent capture of the pulse shape signature would be required.

Thunderbird July 9, 2019 1:16 PM

It’s not clear to me what’s going to look different about my pulse after only 30 beats compared to somebody else?

As others have posted, there isn’t enough information to determine the basic plausibility of the claims nor to estimate the usefulness of the result.

I did notice that it claimed “up to 95% accuracy” but when I looked closely, it sound like the claim is really that it could detect a heartbeat 95% of the time. The actual discrimination rate may have been something like “it can tell the difference between Mary and Joe more than half the time.”

TS July 10, 2019 7:29 AM

combined with other biometrics itll work better than on it’s own, but that goes for all biometrics.

on their own they’re easy to defraud, fake, manipulate.
– take fingerprints as an example.

Together they’d be much more reliable – the problem is that they’d take a LOT of storage compared to just a long passphrase.

Gerard van Vooren July 11, 2019 3:01 PM

Given enough time and money it’s gonna be there. And with that all the things that we do will be hunted down, automatically. This is scary. We ought to be scared.

A Nonny Bunny July 12, 2019 2:46 PM


The question is then why have these people spent millions of dollars on a technology that can be rendered useless by a $5 drug?

Because no one is going to take a $5 drug just on the off chance this technology might be used against them.
Heck, thieves barely ever wear gloves even though it’s cheap and would protect them against identification by fingerprints.
Just because technology could in theory be easily rendered useless doesn’t mean it will be in practice.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.