Nymi Wristband Uses Your Heartbeat As Your Password
Tom's Guide / Jill Scharr
Updated
Imagine if your phone, computer, car and home could recognize you and unlock when you're nearby.
How would they know it was you and not someone else? They would recognize your heartbeat.
That's the premise behind the Nymi, an upcoming security device from Toronto-based Bionym Inc.
The Nymi is a wristband that reads a wearer's electrocardiogram, or EKG, a measurement of the heart's electrical activity. The wristband then transmits an ID based on the EKG to the wearer's devices.
IF you've been lucky enough to never see an EKG reading in real life, you've probably seen one in a movie or TV show, usually as a heartbeat wave on a hospital monitor while a character lies injured or dying.
EKGs are based on a number of factors, including temporary measurements such as heart rate and stress, but they also include permanent factors, such as a heart's size, position in the chest and electrical signals. All of these characteristics contribute to the EKG wave's unique shape.
The first time you put on the Nymi wristband, it performs an enrollment process. The Nymi takes a reading of its wearer's EKG, and then puts the results through an algorithm designed to strip away temporary data and quantify the unique, persistent data.
The Nymi then turns the persistent data into a theoretically unique string of numbers, called a HeartID, which the wristband transmits via a Bluetooth 4.0 Low Energy radio signal.
Each time a user puts the Nymi back on, the wristband performs a check to match the EKG with what it has on file. After that, the Nymi merely monitors whether it is still in contact with the original wearer — it doesn't provide any data about the wearer's heart or other medical functions.
If the Nymi is removed, it will cease its Bluetooth transmissions and won't resume until it verifies that the correct user is wearing it.
Devices running Nymi-associated apps can read the device's signal and react appropriately. For example, a smartphone with a Nymi app could unlock its screen when in range of the wristband's Bluetooth signal. Cars, homes and other electronic devices with the app could also be configured to unlock when in range of the Nymi device.
The Nymi is scheduled to hit shelves in June 2014. By early December 2013, more than 6,000 people had applied for Nymi's software development kit (SDK).
Karl Martin, CEO of Bionym Inc., imagines further uses for the Nymi. A "smart" home could adjust heat and lights as a Nymi-wearing person moves from room to room, and even configure presets for individuals. Retail stores could create custom shopping experiences for Nymi-wearing consumers.
Security based on a biometric — a measurement of a unique aspect of a person's body — isn't new, but it has been used more frequently in recent years. For example, the iPhone 5s features a fingerprint reader that lets users unlock phones without needing to enter a password. Similarly, many Android phones have a Face Unlock feature. (Neither feature is foolproof, and both require passwords as backups.)
One drawback of using biometric measurements for security purposes is that these biological traits can't be changed — if a password is compromised, you can create a new one, but you can't change your fingerprints if someone gets access to them.
Trustworthy security is critical to a device like the Nymi, and not just because it unlocks doors and opens password-protected devices. A person's EKG is as distinctive as a fingerprint, and more medically sensitive.
The Nymi wristband uses hardware encryption (far more secure and energy-efficient than software encryption) to store its owner's HeartID. When the wristband broadcasts its Bluetooth signal, it encrypts that message using cutting-edge elliptic-curve public-key cryptography.
These layers of protection serve to keep the HeartID and any other personal data secure. Even if someone were able to capture the Nymi's Bluetooth signal, he or she would not be able to decrypt it and get to the information stored within.
The Nymi wristband also includes a unique digital "signature" in its Bluetooth signals. Any application that unlocks using a HeartID will also need to verify the signature.
"[HeartID] transmissions have to go through the sensor [on the Nymi wristband]," Martin said. "There is no way to brute-force it."
A "brute-force attack" cracks a password by methodically trying every possible combination of characters.
No security is perfect, of course. For example, if someone were to steal a Nymi wearer's phone, the thief could unlock the phone by bringing it close to the person's body.
"There's always a situation where you might be forced to do something," Martin said. "It's the age-old problem that the best way to crack a password is with a baseball bat. We don't necessarily solve that [with the Nymi]."
When the Nymi is launched, Bionym won't be able to see its users' HeartIDs, further protecting their security, Martin said. The company will have only customer names and payment information on file, as well as the product ID of each Nymi wristband.
"We're looking, in the future, to have a cloud service to enable new applications," Martin said, "but none of [customers'] data would be shuttled off into the cloud without [them] knowing. That's a basic principle of this company."
Copyright 2013 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
Ohtani tagged Braves ace Max Fried for a two-run shot in the first inning, then hit a solo shot in the eighth as the Dodgers prevailed in a battle of NL favorites.
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.