A human heart beats more than 100,000 times a day and pumps about a million barrels of blood in a person’s lifetime, powered by its own electric impulse. If that weren’t enough, its unique “thump-thump” beating sound can now also authenticate a user on a Windows PC or even pay for a purchase, thanks to wearable biometric authentication technology from a company called Nymi.
The company used the results of ECG research conducted at the University of Toronto in 2011 as the source of a new authentication method developed by Nymi that is set to be released this fall.
Today, companies around the world face a gargantuan task of authenticating user credentials multiple times a day — many relying on old-school passwords, which can often be weak enough to be hacked by even a five-year-old playing a guessing game. For employees, the time it takes to go through these authentication processes several times a day can sap their productivity and cause some major frustrations.
Nymi is working to change that — and a lot more — with its new Fitbit-like biometric band that promises continuous and secure authentication throughout the day. PYMNTS recently caught up with Karl Martin, the company’s founder and CTO, to talk about the rise of biometrics and how Nymi is leveraging the technology to utilize the human heartbeat for user authentication.
“What we’re working to deliver is persistent authentication,” Martin told PYMNTS. “The idea that you wear something and you remain in an authenticated state so that, if you’re an employee in the workplace, once you’re wearing that device, you can get let into the office, log into the computer or log into your cloud accounts.”
Logging In Using A Heartbeat
When Martin and his team first developed their wearable biometric technology, they were unsure exactly what its practical application was. As the market and popularity for wearable devices grew, Martin’s team thought of developing wearables for authentication, but it wasn’t until two years later that they realized the power and potential of biometric authentication packed into a wristband.
And with that thought, Nymi’s first wearable band was developed. The biometric band feeds off of a person’s heartbeat, which is unique to each individual, to authenticate a user. This allows for seamless access to devices that can be constantly verified.
One such use case is giving employees access to their Windows PC through Nymi, thanks to a partnership with Microsoft, or giving access to other protected information without having to go through time-consuming security protocols.
“There’s trust that this is the correct user because it doesn’t work without it being on the right user,” Martin said. “With the wristband, when you’re tapping it, you’re already authenticated.”
For companies, it means having the ability to implement more stringent multifactor security systems without forcing employees to repeatedly validate security credentials — something which can often lead to locked accounts, thereby slowing things down.
“We are actually two factors in one,” Martin explained. “The device itself is a token. It cannot be replicated. It has secure hardware in there with an element that can’t be duplicated,” Martin said. “So, when a credential is being delivered from the wristband, it actually represents two factors. It represents the possession of the wristband plus the biometric that was used to activate it.”
Future Of Wearable Wristbands
As the popularity of wearables, like Fitbit, Jawbone and Apple Watch, grows, more people are bound to be wearing these biometric sensors in their day-to-day lives. But, of course, there are only so many bands a consumer can wear.
This is something that Martin thinks would lead to the integration of fitness trackers and other popular wearables that are worn by consumers nearly 24 hours a day.
Martin said the company’s long-term strategy is to integrate its security solutions into popular consumer products, like smartwatches and fitness bands. He also noted that Nymi is currently working on deals that would allow manufacturers of popular devices to offer its authentication solutions.
“There’s always going to be other reasons to justify wearing smart technology on your body,” Martin said. “We want to add authentication to that mix.”
The Toronto-based company is also currently working on using its technology to extend payments solutions. Nymi recently ran a pilot program with Mastercard (an investor in Nymi), Royal Bank of Canada and TD Bank.
As part of the pilot, the company put a wearable payment prototype in the hands of more than 200 shoppers to test whether consumers wanted to make payments using the wristband.
“It turned out to be very positive,” Martin said. “We studied it quite closely and just found that, as an experience, not only compared to credit cards but also compared to mobile payments, people really liked being able just to tap their wrist and pay for something.”
So Far, So Good
While no security system is impenetrable, Nymi’s protections, Martin cautioned, including secure pairing and communication, owner identity confirmation and digital signing, and random key generation and storage have kept bad actors from invading its servers thus far.
“We’ve had thousands of users so far, and those have been a variety of different use cases,” he said. “I can say that, using our system, there have been no known security breaches.”
Martin acknowledged that, for many employers, security goes hand-in-hand with convenience. Any solution that beefs up security needs to do so without hampering the productivity of employees operating in busy business settings. He said that wearable biometric authentication devices not only reduce frustrations of workers sick of having to constantly re-enter passwords but actually boost output in many offices.
“It’s always about the convenience side and the security side,” he said. “The core is around not demanding employees to do something many times a day. Productivity goes up because the employees are just able to walk around with their wristband and not do anything else to log in.”
It seems it may not be too long until all it takes is a flick of the wrist to pay for a purchase, unlock your office door or log into your computer — all while remaining securely authenticated.
To download the August edition of the Digital Identity Tracker™, powered by Socure, click the button below.
About The Tracker:
The PYMNTS.com Digital Identity Tracker™, powered by Socure, is a forum for framing and addressing key issues and trends facing the entities charged with efficiently and securely identifying and granting permission to individuals to access, purchase, transact or otherwise confirm their identity.