140:4·L.Wang et al. to the skin of the user,which is inconvenient for daily use.BCG measures the micro recoil movements of the body caused by the blood traveling along the vascular tree [8,20,41].Such micro-movements can be captured by highly sensitive geophone mounted on the bed that the user is sleeping on [29,30].SCG measures the local vibration of the chest caused by the heartbeat and it has been used for heart rate estimation [9,36,52,56].SCG can also be used for assessments of the time interval of different mechanical events occurring during the systolic and diastolic phase [14-16].However,most SCG systems require specifically designed chest belt to attach the sensor to the chest of the user [14].Recently,RF-based systems provide a non-intrusive and contactless way for heartbeat measurement.Adib et al.[1]use Frequency Modulated Continuous Wave(FMCW)to monitor the heart rates with a median accuracy of 99%.Yang et al.[64]propose a system that uses 60GHz millimeter wave (mmWave)for heartbeat monitoring.However,most of these systems use expensive special hardware and only provide coarse heart rate estimations that are not applicable for user authentication. Commodity Device based Heartbeat Measurement:Low-cost commodity devices,including Wi-Fi devices and smartphones,can also be used for heartbeat monitoring.With the Channel State Information(CSI)captured from commercial WI-Fi devices,it is possible to estimate the heart rate by either the amplitude of CSI [40]or the phase of CSI [63].Furthermore,Zhao et al.[66]show that CSI provides enough details in heartbeat cycles so that it can be used for recognizing the emotional state of the user.Oian et al.[51]leverage inaudible acoustic signals emitted by commodity mobile phones to monitor the heart rates.However,these Wi-Fi and acoustic signal based measurements are sensitive to environmental changes,including the angle and the distance of the device to the target user. There are systems that use the built-in accelerometers or gyroscopes in commodity mobile phone to capture the SCG signals [35,44,59].Most of these systems only provide coarse measurements,such as heart rates or Heart Rate Variability(HRV)[35,44].In a recent system deployed on smartphones,Wang et al.[59]detect the detailed fiducial point of the SCG signals with the aid of photoplethysmogram(PPG)to measure the blood pressure of the user.In comparison,our system solely relies on the SCG signals captured by the built-in accelerometer to extract detailed heart movement pattern without help from other sensors. Biometrics based Authentication:Biometrics-based authentication uses features,such as fingerprint [53,55], face [18,21],voice [7,19,31,49],breath [11],iris [57],and heartbeat [12,24],to authenticate the user.Among these features,the heartbeat pattern is a relatively new and hard-to-spoof biometric feature for authentication. Choudhary and Manikandan [12]propose a heartbeat extraction framework for authentication based on ECG signals.BreathLive [24]uses a heartbeat sound based authentication system,which relies on the inherent correlation between chest motion and sounds caused by deep respiration to protect the user from replay attacks Auth'n'Scan [23]uses physiological information,including heart rates,HRV,and respiration rates,derived from PPG to authenticate the user.Cardiac Scan [39]uses a remote,high-resolution heartbeat monitoring system based on DC-coupled continuous-wave radar to achieve continuous user authentication.However,most of these heartbeat-based authentication systems use specially designed equipment and cannot be easily applied to current commodity mobile devices. 3 SYSTEM OVERVIEW 3.1 Authentication Model and System Components Our heartbeat-based authentication system aims at identifying the owner of the mobile device.We assume that the mobile device only has one owner.However,our system can be extended to identify multiple users on the same device by updating our training and recognition process. The first step of our system is the training process as shown in Figure 2.During the training process,the user needs to press the mobile device on his/her chest,more specifically,put the bottom of the phone perpendicularly on the lower portion of the sternum,to collect training heartbeat samples,as shown in Figure 1(a).The training Proc.ACM Interact.Mob.Wearable Ubiquitous Technol.,Vol.2,No.3,Article 140.Publication date:September 2018.140:4 • L. Wang et al. to the skin of the user, which is inconvenient for daily use. BCG measures the micro recoil movements of the body caused by the blood traveling along the vascular tree [8, 20, 41]. Such micro-movements can be captured by highly sensitive geophone mounted on the bed that the user is sleeping on [29, 30]. SCG measures the local vibration of the chest caused by the heartbeat and it has been used for heart rate estimation [9, 36, 52, 56]. SCG can also be used for assessments of the time interval of different mechanical events occurring during the systolic and diastolic phase [14–16]. However, most SCG systems require specifically designed chest belt to attach the sensor to the chest of the user [14]. Recently, RF-based systems provide a non-intrusive and contactless way for heartbeat measurement. Adib et al. [1] use Frequency Modulated Continuous Wave (FMCW) to monitor the heart rates with a median accuracy of 99%. Yang et al. [64] propose a system that uses 60GHz millimeter wave (mmWave) for heartbeat monitoring. However, most of these systems use expensive special hardware and only provide coarse heart rate estimations that are not applicable for user authentication. Commodity Device based Heartbeat Measurement: Low-cost commodity devices, including Wi-Fi devices and smartphones, can also be used for heartbeat monitoring. With the Channel State Information (CSI) captured from commercial WI-Fi devices, it is possible to estimate the heart rate by either the amplitude of CSI [40] or the phase of CSI [63]. Furthermore, Zhao et al. [66] show that CSI provides enough details in heartbeat cycles so that it can be used for recognizing the emotional state of the user. Qian et al. [51] leverage inaudible acoustic signals emitted by commodity mobile phones to monitor the heart rates. However, these Wi-Fi and acoustic signal based measurements are sensitive to environmental changes, including the angle and the distance of the device to the target user. There are systems that use the built-in accelerometers or gyroscopes in commodity mobile phone to capture the SCG signals [35, 44, 59]. Most of these systems only provide coarse measurements, such as heart rates or Heart Rate Variability (HRV) [35, 44]. In a recent system deployed on smartphones, Wang et al. [59] detect the detailed fiducial point of the SCG signals with the aid of photoplethysmogram (PPG) to measure the blood pressure of the user. In comparison, our system solely relies on the SCG signals captured by the built-in accelerometer to extract detailed heart movement pattern without help from other sensors. Biometrics based Authentication: Biometrics-based authentication uses features, such as fingerprint [53, 55], face [18, 21], voice [7, 19, 31, 49], breath [11], iris [57], and heartbeat [12, 24], to authenticate the user. Among these features, the heartbeat pattern is a relatively new and hard-to-spoof biometric feature for authentication. Choudhary and Manikandan [12] propose a heartbeat extraction framework for authentication based on ECG signals. BreathLive [24] uses a heartbeat sound based authentication system, which relies on the inherent correlation between chest motion and sounds caused by deep respiration to protect the user from replay attacks. Auth’n’Scan [23] uses physiological information, including heart rates, HRV, and respiration rates, derived from PPG to authenticate the user. Cardiac Scan [39] uses a remote, high-resolution heartbeat monitoring system based on DC-coupled continuous-wave radar to achieve continuous user authentication. However, most of these heartbeat-based authentication systems use specially designed equipment and cannot be easily applied to current commodity mobile devices. 3 SYSTEM OVERVIEW 3.1 Authentication Model and System Components Our heartbeat-based authentication system aims at identifying the owner of the mobile device. We assume that the mobile device only has one owner. However, our system can be extended to identify multiple users on the same device by updating our training and recognition process. The first step of our system is the training process as shown in Figure 2. During the training process, the user needs to press the mobile device on his/her chest, more specifically, put the bottom of the phone perpendicularly on the lower portion of the sternum, to collect training heartbeat samples, as shown in Figure 1(a). The training Proc. ACM Interact. Mob. Wearable Ubiquitous Technol., Vol. 2, No. 3, Article 140. Publication date: September 2018