Usability/Acceptability of Wearable Authentication Devices

This is a continuation of a Spring 2017 project and here's the resulting Research Day Conference 2017 Paper.

This semester will focus on extending the Technology Acceptance Model (TAM) into cardiac rhythm ECG-based wearable authentication devices in order to define, understand and evaluate whether such devices will be accepted, deployed and used to the extent possible to prevent fraudulent activities by validating identity, granting access or authorizing usage.

The work will revolve around the life-cycle of data collected by the wearable devices. Specifically, using the Big Data Value Chain framework1, explore the five stages of data: its acquisition, storage, analysis, curation and usage. The purpose of this component is to define and evaluate the capability of preventing fraudulent activities by using historical ECG data streams to validate, authenticate and authorize access.


The availability, affordability and pervasiveness of mobile and wearable devices is at an all-time high and growing. New applications are constantly being developed to increase the functionality and usefulness of wearable devices in order to enhance and improve quality-of-life areas such as fitness, communications, healthcare and electronic commerce.

At the same time, the increasing magnitude of security breaches associated with identity, financial, and credit cards theft in the past five years have reached alarming rates. Fortune 500 companies, federal government institutions, and private sector enterprises are at the forefront of such breaches, resulting in the unauthorized release of more than 169 million personal records in 2015, stemming from 781 publicized breaches across a variety of economic sectors. The economic losses are staggering and the impact on personal credit ratings is unprecedented. The average global cost per each lost or stolen record containing confidential and sensitive data was $154. The industry with the highest cost per stolen record was healthcare, at $363 per record. The majority of data breach victims surveyed, 81 percent, report they had neither a system nor a managed security service in place to ensure they could self-detect data breaches, relying instead on notification from an external party. Despite the availability of tools to protect our records, such as the use of multi-factor authentication protocols, possession protocols, or inheritance protocols, the threat remains persistent.

This area is becoming important -- see, for example, Heartbeat could be used as password to access electronic health records.

Reference: Identity Theft Resource Center Breach Report Hits Near Record High in 2015.


The aim of this project is to attempt to understand how the societal perceptions of on-body (OB) wearable-based authentication will ultimately impact how readily a new form of mobile technology will be adopted within society. It will focus on extending The Technology Acceptance Model into wearable authentication devices, such as cardiac rhythm ECG-based wearable authentication devices, in order to define, understand, and evaluate whether such devices will be accepted, deployed and used to the extent possible to prevent fraudulent activities by validating identity, granting access, or authorizing usage.

Additional input and data is required that revolves around economic viability of device implementation in relationship to cost-benefit implications (i.e. will device cost hamper diffusion?). Currently, there is only one device that is nearing commercial deployment -- Nymi, also see Details -- which uses cardiac rhythm based authentication, but the cost is about $250 per unit, which is a high "barrier to entry." Thus, it would be interesting to explore at what threshold the device becomes affordable so that it leads to a profitable adoption and acceptance (diffusion of innovation perspective).

If time permits, a survey will be designed to study the economic viability of usage and diffusion.

Project Steps