Sign up to our newsletter
The latest security news direct to your inbox
Human heartbeats are near-unique – each person’s rhythm forms a mathematical pattern which can be used to identify people. A bracelet which aims to use this for secure ID – instead of passwords and PINS – took a big step towards PCs and phones in the home this week, as 6,000 developers began work on apps for the hi-tech bangle, according to a TechCrunch report.
TechCrunch reports that the Toronto-based start-up Bionym has already pre-sold 7,000 $79 Nymi bracelets. Nymi read a users heartbeat via a miniature ECG, then wirelessly communicates with nearby devices – instantly unlocking PCs, smartphones and sites. Maker Bionym envisage it could be used to replace “PINs, passwords, and even keys and cards.”
“The Nymi wristband authenticates the wearer’s identity by matching the overall shape of their heartwave (captured via an electrocardiogram sensor). It sustains authentication, so long as the wristband remains in position, reducing the need for repeated authentications during the day,” TechCrunch wrote.
The device will initially work with Android, iOS and Mac OS X devices, its makers say, and will ship in 2014. Since the Toronto start-up unveiled the device, it has produced a white paper explaining the underlying science – and why such devices have been unavailable until now.
The bracelet was announced a few days before Apple unveiled the fingerprint sensor in its iPhone 5S – which helped reignite the debate over biometric security in consumer devices, as reported by We Live Security here.
Stephen Cobb, ESET Security Researcher with ESET said when Apple unveiled the fingerprint sensor in Apple’s iPhone 5S that the device could be a “game changer.” in a We Live Security report here. Cobb said, “Successful implementation of biometrics in a segment leading product could bode well for consumer acceptance.”
“I have been a fan of biometrics as an added authentication factor ever since I first researched multi-factor and 2FA systems 20 years ago, however, user adoption is very sensitive to performance; in other words the iPhone 5S could advance biometrics, or put a whole lot of people off biometrics.”
Bionym is just one of several “biometric” systems in development, such as Fiberio, an in-development touchscreen that reads users fingerprints.
“It was actually observed over 40 years ago that ECGs had unique characteristics,” Bionym chief executive Martin said in an interview with TechHive. “The modern research into practical systems goes back about 10 years or so. What we do is ultimately look for the unique features in the shape of the wave that will also be permanent over time. The big breakthrough was a set of signal-processing and machine-learning algorithms that find those features reliably and to turn them into a biometric template.”
ESET Senior Research Fellow David Harley discusses the advantages of biometric systems in a We Live Security blog post, “The sad fact is, static passwords are a superficially cheap but conceptually unsatisfactory solution to a very difficult problem, especially if they aren’t protected by supplementary techniques. Biometrics and one-time passwords and tokens are much more secure, especially when implemented in hardware as a two-factor authentication measure.”
“The Nymi functions as a three-factor security system,” its makers claim. “It requires your personalized Nymi, your unique heartbeat, and a smartphone or device that has been registered to the app. This system allows for complete security without compromising convenience.”
“When it comes to identity, privacy is a chief concern,” said Karl Martin, CEO of Bionym, “The Nymi has been built by the principles of Privacy by Design. This means that each user has complete control over their data and identity. Transparency is very important to Bionym’s culture, and every user has a right to know where their data is going.”
Author Rob Waugh, We Live Security