The Nymi armband from Toronto-startup Bionym is edging closer to reality, and a new partnership announced today helps make it more clear how it’ll be useful to everyday consumers. Bionym is teaming up with PasswordBox to make it possible to authenticate your mobile logins using your heart rate automatically, for super fast access to sites, devices and services. PasswordBox is a login locker,… Read More
Wearable devices might be thenext big thing, but you can be sure that not every single release would end up as a hit. The Nymi wristband from Bionym is an interesting proposition, considering we first talked about it in September last year. Apparently, the Nymi wristband works by making use of your body’s unique electrocardiogram (ECG) signals in order to function as a biometric authentication layer for other devices, applications and services. To paraphrase it, this could be your central “password vault” of sorts, relying on your heartbeat to confirm your identity.
Toronto-based wearable startup Bionym’s Nymi band uses your ECG to securely identify you to various devices and services, and as of today there’s another trick up its sleeve – acting as a secure, easy to use Bitcoin wallet. The company revealed today that one of the launch applications that will ship with the Nymi will be a Bitcoin wallet, and that said wallet will provide a more secure method of storing your account’s private key.
All Bitcoin transactions consist of a key exchange: when someone is depositing funds into your account, they use the public key (it’s public since people don’t often get that cheesed about getting free money); when they want to send or withdraw the cryptocurrency, they use the private key. Recently, some evidence has suggested that it’s actually frighteningly easy to get at that private key if it’s stored on a hard drive or shared via QR code.
What Nymi brings to the table is a way to keep the private key securely stored independent of any computer, and tied to your unique ECG biometric signature. This makes it not only secure, but also more convenient than existing Bitcoin wallet solutions, Bionym President Andrew D’Souza explained in an interview.
“People just don’t understand how [Bitcoin] works, and how they gain access to it without putting themselves at risk,” “We see Nymi as essentially being that enabling technology that brings it to market. Everyone who buys a Nymi will get a Bitcoin wallet and be able to securely transact, and understand that their wallet is encrypted, and tied to their biometrics so that even if you lose your Nymi or it’s stolen they won’t be able to access your bitcoins.”
D’Souza says that while Bitcoin has a lot of potential, there’s a risk that it will either fade away into obscurity because of its perceived complexity, or that it’ll get legislated away and receive such a negative connotation that it doesn’t ever hit the mainstream. By making Bitcoin more accessible, and more secure, Bionym hopes to help it avoid those pitfalls. Their vision is of a world where you maintain a Bitcoin savings wallet on a computer, but then use your Nymi like a walkaround checking account for daily transactions.
“With Nymi, when you walk away from your computer your Bitcoin wallet will lock automatically,” explained Bionym Chief Cryptographer Yevgeniy Vahlis. “But it won’t just lock in terms of the interface; there’s nothing there to steal. Everything that’s important about your Bitcoin account is stored physically on the Nymi, so hacking into your computer won’t allow anyone to steal or misuse your Bitcoin, even if they hack into your computer while you’re using your Nymi.”
The Bitcoin Wallet will be shipping with the first Nymi armbands when they eventually ship. Bionym is keeping mum on when exactly that will be, but the company still states an “early 2014″ ship date on its pre-order page for the first batch of units. As with any hardware startup, demonstrating utility to early customers will be key, so Bitcoin integration, if it really can democratize the concept of the cryptocurrency, could indeed be a killer app.
Toronto-based Bionym turned heads with its concept for wearable hardware that authenticates a user based on their heartwave signature, which could turn the whole world of digital security on its head. It’s a key tied to your person in a very intimate sense, meaning it can’t really be stolen or lost like even a current standalone unique passkey generator can.
We met with Bionym CEO and co-founder Karl Martin at their headquarters in Toronto, where the engineering team shares relatively limited space with the rest of the folks. The team is growing at a rapid clip, however, and the plan is to move into a more accommodating space in the near future. As it stands, however, it’s kind of nice to see people soldering and testing brand new circuit boards right next to those arranging future partnerships and doing developer outreach.
Martin filled us in on the progress his startup has made since launchings its pre-order campaign back in September, and it sounds as if things are on track. Final design is still mostly up in the air, but as you can see, things have come a long way from the original prototype that Martin and his co-founder Foteini Agrafioti developed first only roughly a year ago. It’s also very interesting to hear Martin articulate exactly where he sees Nymi’s tech headed – including a long-term goal where it becomes a wearable you won’t even notice you’re wearing.
Toronto-based startup Bionym has launched an SDK for its forthcoming identity-authenticating wristband, Nymi. It said today that more than 6,000 developers have registered their interest in building software that hooks into the heartwave-sensing bangle. Thus far, it’s managed to pre-sell more than 7,000 of the $79 wristbands, which are due to ship in Spring 2014.
The Nymi wristband authenticates the wearer’s identity by matching the overall shape of their heartwave (captured via an electrocardiogram sensor). It sustains authentication, so long as the wristband remains in position, reducing the need for repeated authentications during the day.
When Bionym launched pre-orders for Nymi back in September, it was just days before Apple confirmed its new flagship iPhone, the 5s, would have a fingerprint sensor embedded in the home button. Apple adopting biometrics suggests the tech is finally set to heat up in the consumer electronics space, offering a more convenient alternative to passcodes/passwords – even if neither can promise bulletproof security.
Apple’s entry may seem like bad timing for Nymi but the startup is hoping to convince people to wear its wristband to authenticate their identity across a range of devices and environments, and change how they experience them. So being shut-out of Apple’s walled garden is no great loss, it says.
“Apple has shown in the past they will open up an API if there’s a compelling case because they’re just going too much against the tide but we’re not depending on them to go that route,” says Bionym CEO and co-founder Karl Martin.
“Device unlocking is really the very simple demonstration of the capability we provide and certainly we can do that on pretty much any platform but iOS. Our thinking is much, much broader than that… Our interest is much more about how can we change your interaction either with your personal technology, in the home environment, or at events, or in recreation environments, things like that.”
What kind of apps are its developers working on building for Nymi? “The obvious ones that people are working on is simply unlocking various things, from doors to their personal devices. But the ones that are most interesting to us are the people that are thinking outside the box in terms of different environments and different appliances – that, how could they behave differently if they knew who you are?” says Martin.
“So there are the kind of silly ones that your coffee machine knows your settings vs your partner’s and is going to produce your coffee the way you want it.”
“It’s not just software,” he adds. “There’s a lot of people interested in making Arduino or other kinds of hardware modules that can talk to the Nymi. So imagine an Arduino module that wants to be one of those people that overshares and tweets whenever you’re in the room saying you came home and you’re here… It’s those kind of things that interest us, because we don’t just view ourselves as just about security.”
Bionym is also working on partnerships to expand the applications for the wristband – describing example scenarios such as visiting a themepark and getting “integrated benefits that will alter your experience”, because you’re wearing Nymi. Or using it for personalised retail experiences (which sounds like it’s competing with iBeacon).
Another example could be going into a restaurant or a bar and the Nymi passing info on your dietary restrictions or favourite drink. Other potential use-cases could be for premium hotels or airlines for frequent flyers. “Your identity matters and the world should confirm or your experience should improve because of who you are and your preferences,” adds president Andrew D’Souza.
“Those are the types of the experiences that we’re hoping to go and create. It’s not going to be on a mass scale but we hope over the course of the next year we’re going to see some really interesting use-cases in specific places that will start to get people’s imagination’s going over what the future of the world can look like.”
Martin said the startup is hopeful Nymi will launch with “about 10 killer apps”.
Unlike faces and fingerprints, a heart’s electrical activity is difficult to fake — it’s a unique and potentially ideal security tool. Bionym is taking advantage of this trustworthiness in its upcoming Nymi bracelet. The wristwear authenticates users through a combination of electrocardiograms and Bluetooth proximity detection; if Nymi recognizes your heart rhythm, it automatically logs you into nearby devices. The bracelet also recognizes gesture commands, and a future developer kit should extend the gadget’s usefulness beyond basic security for PCs and smartphones. It could unlock doors or make retail payments, for example. Nymi won’t ship until early 2014, but it’s already available for pre-order at a $79 early bird price.
Passwords could be passé if this Toronto-based startup has its way. Bionym, which was founded in 2011 and closed a $1.4 million (CAD) seed round last month, has devised a biometric recognition system in the form of a wearable wristband — called Nymi, just launched as a pre-order for $79 for early 2014 shipping.
The wristband relies on authenticating identity by matching the overall shape of the user’s heartwave (captured via an electrocardiogram sensor). Unlike other biotech authentication methods — like fingerprint scanning and iris-/facial-recognition tech — the system doesn’t require the user to authenticate every time they want to unlock something. Because it’s a wearable device, the system sustains authentication so long as the wearer keeps the wristband on.
To authenticate via Nymi, the user puts the wristband on and touches a topside sensor with one hand to complete an electrical loop with the bottom-side sensor touching their wrist. That generates the ECG data used to authenticate their identity, and the wristband transmits the ECG (via Bluetooth) to the corresponding registered app, on a smartphone or other device in proximity to the user, to verify the wearer is who they say they are.
Bionym says Nymi is a three-factor security system, being as multiple pieces have to be in place for authentication to be achieved. However the system skips some ongoing hassle of multi-factor systems by maintaining an authenticated state and only requiring the user to offer up their biometric data once per day (or however often they remove the wristband).
As well as an ECG sensor and Bluetooth low energy for transmitting data, the wristband contains a gyroscope and accelerometer so it can support gesture unlocking scenarios, too (it has 6-axis motion sensing) — so you could use a particular wrist twist to unlock a car door, for instance. That sort of scenario will depend mostly on third party developers getting involved and building out an app ecosystem around the device. Bionym is releasing an API that will be open source so it’s hoping to attract broad interest.
Proximity is another parameter developers could build into unlocking scenarios — a payments application would make sense to require the wristband to be in close proximity to a reader to confirm a transaction, for instance, whereas a smart TV might want to configure a profile to a particular user when they walk into the room.
The wristband device itself could also be used for health/activity tracking, saysCEO and co-founder Karl Martin. “We will support basic gestures ourselves, and we will also give access to the motion information for other uses. For example, people might want to use it for activity tracking, in addition to the gestures,” he tells TechCrunch.
The Nymi device will include a battery to power the data capture and transfers — which Martin said will support about a week’s use between charges. The corresponding Nymi app will let users create custom notifications if they so desire, so they could configure the app to alert them to new emails or messages when they authenticate the device in the morning. The app will be available on iOS, Android, Windows and Mac OSX initially. An open-source SDK will allow for developers to port support to other platforms.
Bionym, which was originally spun out of the University of Toronto (where Martin got his Ph.D.), claims it doesn’t have any “real direct competitors” for the specific functionality it’s offering.
“We don’t view this as just a product to unlock your devices, smartphones, etc. Those are security applications. We’re looking beyond that to smart environments. How do we enable hyper-personalised experience? These are all applications of identity. Security is one application but not the only one, and as far as I know nobody else is doing that,” says Martin.
There’s no doubt plenty of others are eyeing up the password-alternative space, though. Google is one and is part of the FIDO Alliance that’s seeking to come up with a new framework for digital authentication. Anyone who can crack the ‘passwords are broken’ problem with a robust, low-friction alternative is clearly in for a very lucrative ride.
Add to that, there’s potential for capturing extremely granular user data if users are required to wear a sensor at all times when accessing their gadgets and services. However Martin stresses that Nymi is building in privacy “by design,” as well as security — with a hardware-secure element where the user’s ECG data is cryptographically stored and which — crucially — other applications will require user permission to access.
“We have a cryptographic chip on the wristband,” he notes. “We’re not just depending on software, we have hardware-based cryptography there. It … allows that communication to be encrypted. It doesn’t just depend on just the Bluetooth standard which has some weaknesses.
“When it’s transmitting your identity… to your devices around you you don’t want anybody to know that it’s you unless you opt in, you don’t want to be tracked, you don’t want somebody, say, a Bluetooth scanner to know when you’re around so we encrypt that information so that it becomes opt in. Nobody can know that it’s you without your permission.”
Using hardware-based cryptography also allows the Nymi to bolster its defences against identity spoofing attacks. “If your identity is essentially a long binary string, can’t somebody just copy that and retransmit it? And the answer to that is we digitally sign all the data coming off the wristband so that it’s impossible for anybody to spoof that data and essentially steal your identity,” he adds.
So what will Nymi offer its early adopters? At launch, in the beginning of 2014, it will support built in device unlocking capabilities, and be supported by a range of third party apps, says Martin.
“We’re going to be working very closely with developers this fall,” he says. “We already have lots of developers signed up for that. So we’re going to be ourselves offering basic capabilities ourselves for unlocking personal devices and computers. And then at the same time we are engaged with several companies that make consumer electronic products… that’s going on behind the scenes. And then there are third party developers — and we’re going to be all about nurturing that to happen so that by the time we launch there will definitely be some high quality third party applications.”
Looking ahead, the grand vision is surely for a password-less future, based on authentication via wearable biometrics. That’s a ways off, right now though, as Martin concedes. ”The goal is not to simply manage passwords, the goal is to replace passwords,” he says. “That being said it obviously takes time for these things to be adopted in a ubiquitous way so we are looking at some intermediate solutions to integrate with password managers, things like that.
“Part of our launch right now is to see what are the kinds of integrations people want the most… We want to get people’s ideas for what the vision for this kind of a product is so we can focus on that.”
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
