Overwhelmed by the increasing number of passwords for electronic devices and PINs for bank cards we have to remember, as well as frustrated by growing amount of access cards we have to carry, we are more willing to use solutions and keys based on biometric technologies. At present, we use fingerprint readers, in a moment face recognition will become common – MasterCard has just introduced “selfie pay” service, and Google is testing Hands Free payments – and the next big thing in data security will be ECG analysis performed by wearables.
Until now, many interactions in secured workplace made by employee accessing various devices, applications and physical spaces has required on-demand authentication and handling of frustrating passwords, PINs and keys. All of these items, physical or logical, may be stolen or compromised.
The Nymi Band designed for the enterprise redefines this experience by moving to a persistent authentication model. The wristband authenticates users identity using his or her electrocardiogram (ECG), which is a unique and secure biometric.
In the contrary to fingerprints and facial recognition, electrocardiograms cannot easily be captured without cooperation from the person, as measuring ECG requires direct or very close contact with the user. Here latent samples are not left behind on contact surfaces (unlike fingerprints), and can not be photographed (opposed to a face).
Nymi Band uses HeartID technology that leverages an individual’s unique electrocardiogram for authentication. Like a fingerprint, the ECG is unique to an individual, with additional benefits such as resilience to replay attacks and spoofing.
Before the first use, a user creates and encrypts a biometric template that is stored locally (it is never transmitted to a database or cloud) for future instances of authentication. Thereafter, the band reads ECG only when the user authenticates each day, or whenever he or she decides to put the device on a wrist. Nymi does not collect usage data or personal information of any sort, and Nymi Enabled Applications cannot collude in any way to identify its user.
When the device is authenticating the user, it’s looking at the shape of his or her ECG wave, not the heart rate, extracting unique and consistent features that are a result of human physiology. Mild variations in heart rate caused by activities such as moderate exercise, consuming caffeine or taking medication do not impact HeartID’s ability to authenticate the user.
The Nymi Band works properly also when the user has irregular or faster than normal heartbeat.
Medical heart conditions such as cardiac arrhythmias, arterial fibrillations, or implants (e.g., pacemakers) do not impact HeartID’s performance. During the authentication process, the system is able to ignore low-frequency anomalies and can still correctly identify the enrolled user. If an individual experiences a severe cardiac event that significantly alters their ECG, he or she can update their biometric template using a secure process. HeartID can use this updated template to recognise the individual.
The existing Nymi Band is not a continuous heart monitoring or medical device, and cannot be used to diagnose medical conditions. Though, it is possible that future generations of HeartID could expand to include medical capabilities.
Once in an authenticated state, the Nymi Band creates a Personal Authentication Network around the user, continuously communicating a secure, digital identity credential via Bluetooth Low Energy (BLE) to individuals enabled apps.
The Nymi Band’s functionality is only enabled when it’s clasped on user’s wrist, after he or she has authenticated to the device. When the band is removed from the user’s wrist, the device is deactivated, and cannot be used until the authorised user re-authenticates to the device.
It contains haptic feedback motor and LED lights to give various types of notifications. The rechargeable battery has 5-day battery life, and a full charge takes approximately two hours.
Nymi & MasterCard
Canadian company Nymi Inc. has already been partnering with leading financial institutions to bring to life the world’s first wearable, biometrically-authenticated payment using one’s ECG. In May 2015, MasterCard began piloting Nymi’s technology in Canada, United States and Ireland to increase convenience and security inside and outside of its offices.
Nymi and Mastercard’s partnership transcends payments to continue paving the way towards the workplace of the future, where authentication is both seamless and secure.
Over 250 pilot participants were provided with NFC-enabled Nymi Bands. Once authenticated, these pilot users were able to make payments at existing contactless terminals in Canada, the US and in Europe. The Nymi Band’s secure Bluetooth communication was also used for locking and unlocking computers without the need for a password.
Nymi Band is not only a security or convenience tool, as it opens a much broader range of possibilities. It can unlock physical doors in buildings and cars equipped with digital locks, as well as it can be used as a virtual alibi and geo-presence validation in the judicial system.
Naturally, Nymi will be used for applications such as activity tracking (e.g. pedometer, sports, fitness, etc.) and gesture recognition (e.g. for turning on a light). This level of personalisation makes the Nymi Band ideal for service industries (i.e. hospitality and tourism) and retail stores.
In fact, most people will not put on their wrist something just to be their authentication device. Nymi’s functionality will have to be integrated into multifunction smartwatches or smartclothes to be widely accepted.
If you are a developer, you can download free SDK and begin developing applications for the Nymi Band. If you are an entrepreneur looking to implement the Nymi Band for your business, you can contact Nymi’s team here.
Do you like the article? Then buy me a coffee! You can donate a small sum of money using your PayPal account or credit card. All donations will finance my journeys to fairs, festivals and conferences devoted to design and new technology – this is where I find news for my blog. Just click the button below to perform a secure transaction. Thank you for your support, it will help me to take a step forward and write new posts.