At the flick of a wrist …
Nymi also houses a motion sensor that can enable task-specific gesture commands. “Developers can have access to the raw data to create additional commands, but Nymi will ship with a small set of gestures that the user can use for context-dependent actions,” says Martin. “If integrated with the user’s vehicle, for example, one motion could be used to unlock the driver’s side door, while another motion would unlock the trunk.”
The aspect of gesture commands can be context-dependent. “The idea is that the wristband is not just about the user’s identity, but what the user wants to do with their identity,” explains Martin. “In the case of a physical lock, you may not want it to lock every time you walk by, but rather choose through a specific motion to control when the door locks or unlocks.”
By attaching three factors to the user’s identity – ECG biometric, the wristband and the phone or tablet used for the authentication – Martin says hacking the system is highly unlikely. “The hacker would have to steal the wristband, steal the smart phone or tablet with the accompanying app and then spoof the ECG biometric,” he says.
Also key to Nymi’s security is a hardware-based security element embedded within the wristband itself that conducts cryptographic functions and also stores keys – a utility that as Martin explains, provides two main benefits. “First, all the data that comes out of the wristband is securely signed so it can’t be spoofed,” explains Martin. “This function is coming from the hardware itself, not software that can be compromised. The wristband is digitally signing all the data.”
Second, the device is also encrypting the data, which according to Martin, means that a third party cannot track the wearer without their express consent. “The big concerns here are, of course, privacy, broadcasting your identity and being tracked,” says Martin. “The data coming out features strong encryption and requires the user to opt in to share data with third parties.”
Changing the nature of authentication, more than the modality
One of the unique features is the one-time authentication process that leaves the wristband in a constantly authenticated state.
“We’re not looking to simply replace password and PINs with biometrics,” explains Martin. “The way the world works today – whether password, PIN or biometric – you authenticate your identity at the time of need, when trying to gain physical access at a door, logical access to a desktop, etc.”
Every time a user needs that authenticated identity, they provide that credential at that time. This really displays how the solution differs from other biometric offerings.
Martin is skeptical of initiatives like Apple’s new fingerprint sensor-enabled iPhone, questioning whether the user actually gains substantial benefit. “It’s only reducing their friction a little bit over the current method because, as you can imagine, the iPhone user provides a fingerprint to unlock the phone, but also has to provide that print again to make a digital payment,” explains Martin.
The point here is that the password/PIN, along with more traditional biometric modalities, still require the user to input their credential every time they want to use their identity.
“Simply going from passwords to biometrics is not improving people’s lives much,” says Martin. “What we’re doing is putting the authenticated identity onto the body, which requires the user to take only one action when putting Nymi on. We’re separating the authentication process from the access or time of identity use.”