Cryptology ePrint Archive: Report 2005/121

Pass-thoughts: Authenticating With Our Minds

Julie Thorpe and P.C. van Oorschot and Anil Somayaji

Abstract: We present a novel idea for user authentication that we call pass-thoughts. Recent advances in Brain-Computer Interface (BCI) technology indicate that there is potential for a new type of human-computer interaction: a user transmitting thoughts directly to a computer. The goal of a pass-thought system would be to extract as much entropy as possible from a user’s brain signals upon “transmitting” a thought. Provided that these brain signals can be recorded and processed in an accurate and repeatable way, a pass-thought system might provide a quasi two-factor, changeable, authentication method resilient to shoulder-surfing. The potential size of the space of a pass-thought system would seem to be unbounded in theory, due to the lack of bounds on what composes a thought, although in practice it will be finite due to system constraints. In this paper, we discuss the motivation and potential of pass-thought authentication, the status quo of BCI technology, and outline the design of what we believe to be a currently feasible pass-thought system. We also briefly mention the need for general exploration and open debate regarding ethical considerations for such technologies.

Category / Keywords: applications / Authentication, Passwords

Date: received 21 Apr 2005

Contact author: jthorpe at scs carleton ca

Available formats: PDF | BibTeX Citation

Version: 20050421:233346 (All versions of this report)

Discussion forum: Show discussion | Start new discussion