The Latest in IT Security

Nymi Wristband Uses Your Heartbeat As Your Password

05
Dec
2013

Imagine if your phone, computer, car and home could recognize you and unlock when youre nearby. How would they know it was you and not someone else? They would recognize your heartbeat. Thats the premise behind the Nymi, an upcoming security device from Toronto-based Bionym Inc. The Nymi is a wristband that reads a wearers electrocardiogram, or EKG, a measurement of the hearts electrical activity. The wristband then transmits an ID based on the EKG to the wearers devices. MORE: Hack-Proof Pacemakers: Code Based on Heartbeat Could Thwart Disruption IF youve been lucky enough to never see an EKG reading in real life, youve probably seen one in a movie or TV show, usually as a heartbeat wave on a hospital monitor while a character lies injured or dying. EKGs are based on a number of factors, including temporary measurements such as heart rate and stress, but they also include permanent factors, such as a hearts size, position in the chest and electrical signals. All of these characteristics contribute to the EKG waves unique shape. The first time you put on the Nymi wristband, it performs an enrollment process. The Nymi takes a reading of its wearers EKG, and then puts the results through an algorithm designed to strip away temporary data and quantify the unique, persistent data. The Nymi then turns the persistent data into a theoretically unique string of numbers, called a HeartID, which the wristband transmits via a Bluetooth 4.0 Low Energy radio signal. Each time a user puts the Nymi back on, the wristband performs a check to match the EKG with what it has on file. After that, the Nymi merely monitors whether it is still in contact with the original wearer — it doesnt provide any data about the wearers heart or other medical functions.  If the Nymi is removed, it will cease its Bluetooth transmissions and wont resume until it verifies that the correct user is wearing it. MORE: 7 Ways to Lock Down Your Online Privacy Devices running Nymi-associated apps can read the devices signal and react appropriately. For example, a smartphone with a Nymi app could unlock its screen when in range of the wristbands Bluetooth signal. Cars, homes and other electronic devices with the app could also be configured to unlock when in range of the Nymi device. The Nymi is scheduled to hit shelves in June 2014. By early December 2013, more than 6,000 people had applied for Nymis software development kit (SDK). Karl Martin, CEO of Bionym Inc., imagines further uses for the Nymi. A smart home could adjust heat and lights as a Nymi-wearing person moves from room to room, and even configure presets for individuals. Retail stores could create custom shopping experiences for Nymi-wearing consumers.    Security based on a biometric — a measurement of a unique aspect of a persons body — isnt new, but it has been used more frequently in recent years. For example, the iPhone 5s features a fingerprint reader that lets users unlock phones without needing to enter a password. Similarly, many Android phones have a Face Unlock feature. (Neither feature is foolproof, and both require passwords as backups.) One drawback of using biometric measurements for security purposes is that these biological traits cant be changed — if a password is compromised, you can create a new one, but you cant change your fingerprints if someone gets access to them. MORE: iPhone Fingerprint Reader Already Hacked Trustworthy security is critical to a device like the Nymi, and not just because it unlocks doors and opens password-protected devices. A persons EKG is as distinctive as a fingerprint, and more medically sensitive. The Nymi wristband uses hardware encryption (far more secure and energy-efficient than software encryption) to store its owners HeartID. When the wristband broadcasts its Bluetooth signal, it encrypts that message using cutting-edge elliptic-curve public-key cryptography. These layers of protection serve to keep the HeartID and any other personal data secure. Even if someone were able to capture the Nymis Bluetooth signal, he or she would not be able to decrypt it and get to the information stored within. The Nymi wristband also includes a unique digital signature in its Bluetooth signals. Any application that unlocks using a HeartID will also need to verify the signature. transmissions have to go through the sensor , Martin said. There is no way to brute-force it. A brute-force attack cracks a password by methodically trying every possible combination of characters. No security is perfect, of course. For example, if someone were to steal a Nymi wearers phone, the thief could unlock the phone by bringing it close to the persons body. Theres always a situation where you might be forced to do something, Martin said. Its the age-old problem that the best way to crack a password is with a baseball bat. We dont necessarily solve that . When the Nymi is launched, Bionym wont be able to see its users HeartIDs, further protecting their security, Martin said. The company will have only customer names and payment information on file, as well as the product ID of each Nymi wristband. Were looking, in the future, to have a cloud service to enable new applications, Martin said, but none of data would be shuttled off into the cloud without knowing. Thats a basic principle of this company. Email [email protected] or follow her @JillScharr and Google+ .  Follow us @TomsGuide , on Facebook and on Google+ . How Secure is the New iPhones Fingerprint Security? PC-Based Home Security: Do It Yourself 13 Security and Privacy Tips for the Truly Paranoid Copyright 2013 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Comments are closed.

Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments