A patent filed by Samsung way back in July and published by the World Intellectual Property Organization (WIPO) on January 25, may give way to a new authentication method that verifies users based on their blood flow. Filed under international patent number PCT/KR2017/007827, perhaps the most interesting information in the patent is that the company doesn't appear to plan to use just blood flow patterns. Instead, Samsung's application states that the technology that a user would be able to be authenticated "at least in part" based on the physiological biomarkers measured by blood flow sensors and the morphological characteristics associated with that user. That, along with associated patent images, seems to suggest that this would be a supplementary authentication method to current methods - meant to bolster those other methods. It also seems to suggest that the tracking of blood flow would be more continuous and continuously updated based on readings from associated sensors, rather than being captured with a single reading or set of readings from those.
To that end, the technology involved on the hardware side seems to be based primarily on the blood pressure or blood flow sensors most often included in the company's Galaxy Note family of devices. However, it certainly isn't limited to that, as shown in the accompanying patent images. Aside from smartphone security purposes, Samsung appears to see its use as a secondary way to authenticate identity on everything from laptops to wearables. For example, one image shows the authentication being used to log into a smartphone. Another shows a similar sensor embedded in a wearable and apparently being used to provide further security in conjunction with a webcam being used for facial recognition.
It bears mention, of course, that Samsung may never put this patent to use, as is often the case with patents. It may turn out to be something that can't be implemented with accuracy and it's as likely that it won't be economically or commercially viable. However, Samsung has a respectable amount of experience when it comes to biometrics and may have a point about using metrics such as blood flow measurements as a way to backup other biometrics or login credentials. Such authentication data would effectively change with the user's health and other factors but would be monitored frequently. So it could feasibly be more difficult to crack since it shifts naturally over time in ways that may be more or less unpredictable. It may or may not also be more difficult to steal associated security data generated by a user's individual blood flow.