Fingerprints, facial recognition and iris scans have long dominated the biometric landscape, but Canada-based Bionym has developed an authentication device that moves to a different beat.
The company is marketing a wristband called Nymi – pronounced Nim-Me – that leverages the wearer’s electro cardiogram (ECG) as a unique identifier.
ECG-enabled authentication is relatively unknown, but as Bionym CEO Karl Martin explains, the biometric modality has been the subject of academic study for many years. “The uniqueness and permanence of the human ECG as a biometric identifier has been an established idea in the research community,” says Martin. “In a nutshell, we look at the overall shape of the ECG wave and apply machine learning to extract the unique and permanent features.”
Martin and his associates at Bionym have conducted research of ECG, testing more than 1,000 subjects at the University of Toronto. The study showed the accuracy may be greater than that face recognition and competitive with high-end fingerprint systems, explains Martin.
But will the solution work when heart rates are elevated or racing?
The scenario: You’re walking home, minding your own business, when an attacker attempts to rob you. You break free and make a beeline for your front door – which you access using your ECG-enabled biometric wristband. Will it still work with your newly elevated heart rate?
Absolutely, explains Martin, because ECG is not affected by heart rate.
Granted, this is a rather far-fetched scenario, but the answer is comforting. “If you’re already wearing your Nymi, you can rest assured that it would remain in an authenticated state no matter how fast you’re running,” he says.
How it works
“We use the ECG recognition as one of three factors,” explains Martin. “The other two factors are the possession of your particular wristband and the possession of a phone, tablet or computer that was registered to be used during the authentication process.”
The accompanying mobile app plays a key role in the system’s convenience and security. It is compatible with major mobile and computer operating systems including Android, iOS, Windows and Mac.
After installing the app to a tablet, computer or smart phone, the user puts the wristband on and touches the device with the opposite hand for several seconds. This action initiates the enrollment process using Bluetooth to transmit the ECG to the app.
In the future, the app conducts the authentication.
When the user puts on the wristband, it is in the unauthenticated state so no access transactions would be granted. To switch it to its authenticated state, the app is enabled and a biometric match is conducted by comparing the user’s actual ECG template with the enrolled version stored in the app.
“The process takes only a few seconds, and once positively authenticated, it will transmit a signal back to the Nymi device to put it into the authenticated state,” says Martin.
At this point the wristband is completely independent, no longer needing a smart phone or tablet to operate. It runs independently, maintaining its authenticated state until the wristband is removed from the user’s wrist. Removal disrupts the ECG reading and returns the wristband to the unauthenticated state.
The wristband’s battery currently lasts about a week and is charged via standard USB. This means that, if not removed, it could remain in the authenticated state for a full week.
Martin describes Nymi as a discreet but stylish wristband that the user can forget about. “You put it on at the start of your day, touch the device for a few seconds to activate it and go about the rest of your day,” he says.
As Martin jokingly explains, it’s a concept that follows the old adage of inventor and infomercial guru Ron Popeil: Set it and forget it. “Nymi sort of blends into the background, no longer leaving the user to think about where their authenticated identity is being used,” says Martin.
Convenience is an aspect of the biometrics equation that Martin believes the market is yet to achieve, and so Bionym is focused on user experience.
“The Holy Grail that nobody has seemed to do yet is convenience plus security, not convenience versus security,” says Martin.
Bionym is focusing its efforts on the developer community in an effort to grow organically. “We’ll have our own apps for each platform, but we will also have SDK’s for each of the platforms as well,” reveals Martin. “Our launch is very much focused on getting developers engaged – from solo developers to major companies.”