We have all heard the horror stories of password management. Users choose the same weak passwords, trade them for chocolate bars. They keep track of them on post-it notes. Firms are negligent in managing weak passwords. Help Net Security wrote about the latest innovation in passwords from Canadian security start-up Bionym.
Bionym created Nymi, a bracelet/wristband containing an ECG (electrocardiogram) sensor that “reads” the unique heartbeat pattern of the wearer. The bracelet will use the ECG to authenticate into electronic devices; cars, computers, smartphones, TVs, etc.
“It was actually observed over 40 years ago that ECGs had unique characteristics,” Bionym CEO Karl Martin pointed out to Tech Hive. “What we do is ultimately look for the unique features in the shape of the wave that will also be permanent over time. The big breakthrough was a set of signal-processing and machine-learning algorithms that find those features reliably and to turn them into a biometric template.”
“When you clasp the Nymi around your wrist it powers on. By placing a finger on the topside sensor while your wrist is in contact with the bottom sensor, you complete an electrical circuit. After you feel a vibration and see the LEDs illuminate, your Nymi knows you are you and your devices will too. You will stay authenticated until your Nymi is taken off,” it’s explained on the firm’s website.
3-factor security
The Nymi functions on a 3-factor security system. To take control of your identity you must have your Nymi, your unique heartbeat, and an Authorized Authentication Device (AAD). The AAD could be a smartphone or device registered with their app.
No details about the bracelet’s security have been share on the site. Ars Technica’s Dan Goodin has pumped Martin for information and, so far, the news is good. Elliptic curve cryptography is used to ensure data traveling between the bracelet and the device is not monitored or intercepted by attackers. ECC also encrypts the handshake performed between the bracelet and the devices being unlocked.
“The Nymi also has motion sensing and proximity detection that allows users to perform remote, gesture-specific commands, creating a dynamic and interactive environment,” it is explained. “A simple twist of the wrist can unlock your car door.”
When it arrives, Nymi will offer three-factor authentication. The wristband itself, your unique cardiac rhythm, and a mobile device, like a smartphone or tablet. The Nymi hardware acts as a secure token that ties into the biometric. The wristband will need to check in with your smartphone or tablet at the beginning of the day.
rb-
The thing that excites me most about Nymi is its potential to get rid of passwords. I think the password has a limited shelf-life. Once wearable computing takes off, payment processing will be integrated with biometrics on the wearable devices, there will be no need for passwords.
Bionym’s Martin stated, “[Killing the password] is one of our goals,” noting that the Nymi will be compatible with the FIDO Alliance.
FIDO, which stands for Fast IDentity Online, was created by PayPal and Lenovo (LNVGY) and now counts Google (GOOG) and Microsoft (MSFT) among its members. The alliance has set out to create the next-generation standard for identity verification.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.