HeartKey

Demo Auth Page
Dashboard Part 1
Dashboard Part 2
Demo Auth Success

Inspiration

Passwords get stolen. Phones get spoofed. We wanted authentication that proves a real, living human is present at the moment of action.
ECG biometrics are unique to each person, extremely difficult to counterfeit, and inherently prove liveness since signals can only be acquired from living individuals (Meltzer et al., 2023).
In the US, data breaches cost an average of $10.22M per incident (IBM, 2025). Stolen credentials are used in 53% of breaches and take an average of 246 days to detect (IBM, 2025).
Unlike fingerprints or facial recognition, no technology exists to artificially produce ECG signals, making them fundamentally harder to spoof.

What it does

HeartKey is a drop-in step-up authentication middleware. Apps handle normal login through Auth0, but when a user triggers a high-risk action, HeartKey captures a live ECG reading from a Raspberry Pi sensor, verifies the user's identity, and returns allow, deny, or step_up with confidence scores and reason codes.

A Siamese network with triplet loss generates 188-dimensional ECG embeddings on-device
Identity is verified through cosine similarity against enrolled templates
Anomaly detection flags unusual physiological state (stress, duress)
Raw ECG data never leaves the edge device. Only embeddings and metadata are transmitted.

How we built it

Edge: Raspberry Pi + AD8232 ECG sensor + ADS1115 ADC, reading signals over I2C. A Siamese neural network trained with triplet loss encodes ECG windows into embeddings before anything leaves the device.
ML pipeline: We recorded real ECG data from participants, then synthetically augmented the dataset to increase volume and diversity. The model reached 97.79% accuracy on a held-out test set and generalizes well to unseen subjects.
Enrollment: Admins enroll users through the dashboard. The edge device captures an ECG baseline, the on-device model generates an embedding, and the backend stores it in a vector database alongside baseline heart rate and HRV statistics. From that point on, any verification compares live readings against that enrolled template.
Transport: HTTP by default, with Bluetooth Low Energy as a fallback for offline or local scenarios. A simulation mode allows development and demos without hardware. The transport layer is fully abstracted, so the backend doesn't know or care which method is being used. This means any new edge device can connect to the backend service over either protocol with no backend changes, making it straightforward to scale across multiple devices or locations.
Backend: FastAPI handling authorization, enrollment, cosine similarity scoring, z-score anomaly detection, policy enforcement, and audit logging. ChromaDB for vector storage, SQLite for relational state.
Auth: Auth0 for standard login, HeartKey for biometric step-up. True two-factor authentication combines something you know with something you are.
Frontend: Admin dashboard for enrollment, user management, and monitoring. A demo app showing the full auth flow. A Python SDK for developer integration.

Challenges we ran into

Getting clean ECG signals from a low-cost sensor was harder than expected. Noise from movement and poor electrode contact forced us to build signal quality thresholds and reject unreliable readings.
Training the Siamese network required careful data augmentation. We had limited real ECG recordings and needed the model to generalize across subjects it had never seen before.
Deciding what data should cross the transport boundary shaped most of our architecture. The backend needs enough information to make decisions, but raw biometrics should stay on the device.
We built the BLE fallback and simulation mode early so hardware issues would never block the rest of the team.

Accomplishments that we're proud of

97.79% accuracy on our ECG identity model with strong generalization to unseen subjects
Raw ECG never leaves the edge device. Embeddings-only architecture keeps biometric data private without sacrificing functionality.
Plug-and-play device scaling. Any new edge device connects over HTTP or BLE with zero backend changes.
Two independent transport modes with seamless fallback
The system handles real decisions: identity similarity, physiological anomaly detection, signal quality evaluation, and risk-based policy enforcement
A clean Python SDK that lets any app add biometric step-up auth in a few lines of code

What we learned

Biometric systems are not just about accuracy. They are about trust boundaries. Deciding where raw data lives, what crosses the network, and how to handle poor signal or sensor disconnection taught us more about security architecture than we expected.
Data augmentation was critical. Our real ECG dataset was small, but careful synthetic data generation enabled us to train a model that generalizes to new subjects.
Transport abstraction pays off immediately. Switching between HTTP, BLE, and simulated modes saved us multiple times and ensured no one was ever blocked waiting for hardware.

What's next for us

Multi-sample enrollment for stronger baselines
Continuous authentication that re-verifies during sensitive sessions, not just at the start
Additional biometric signals like PPG and accelerometer-based gait detection
Encrypted embeddings at rest, key rotation, and rate limiting
SDK packages for Node.js, Go, and Java