Bionym Wristband Authenticates Using Wearer's Heartbeat

As banks struggle to improve online and mobile authentication for their customers, a Canadian startup called Bionym revealed Tuesday a line of devices designed to confirm people's identities with their heartbeat. The hardware, which the user wears on his wrist like a watch, should make unlocking bank accounts a simple matter.

Nymi, the name of the wristband, verifies people are who they say they are by taking an electrocardiogram (ECG), which is a recording and interpretation of the bioelectrical activity of the heart. The hardware comes with an embedded ECG sensor, motion sensor and Bluetooth low energy radio. While the hardware authenticates the identity of the wearer using his ECG as a unique biometric characteristic, the motion sensor supports gesture recognition to allow the user to indicate intent, and the Bluetooth low energy radio allows for the user's identity and sensor data to be transmitted to other devices and systems.

Nymi is designed to solve an area ripe for disruption: removing friction from all facets of identity issues, including but not limited to: opening up cars, unlocking mobile banking apps and making payments.

"It's a trusted central point of authentication that you are carrying around," says Karl Martin, president and co-founder of Bionym.

Large technology companies, including Samsung, Apple, Google and Microsoft, have been rumored to be building smartwatches that could run apps similar to those running on smartphones such as fitness tracking. Samsung is expected to launch a smartwatch called Galaxy Gear this week.

Meanwhile, U.S. Bank started a computing wristband test in 2011 that was designed to store a consumer's emergency and contact info and allow him to make contactless payments.

A user of the Nymi device touches his opposite hand to the wristband. Once Nymi collects the ECG, it talks to tablets, smartphones or computers running the app to authenticate the user. Nymi will keep the user authenticated until he takes off the device.

Bionym emerged from research conducted at the University of Toronto, where the co-founders began to build a product based on how every person produces a unique cardiac rhythm signal, even during exercise. Cardiac rhythm is meant to describe the shape of ECG waves. The shape, size and position of the heart within a person's body as well as his overall body shape and size are some of the factors that make each ECG unique. Consumers using drugs, however, could have misreads.

Nymi, which will cost less than $100, is expected to ship in early 2014.

Now, Bionym will work on getting developers to create apps for Nymi. "The obvious apps are around access," says Martin. "But that's just one area. Nymi is about identity. ...It's not just a better mousetrap."

The young company will release an API and developer kit this fall. Bionym initially seeks two primary developer types: solo developers that write software and hardware apps and individuals who have experience working on Bluetooth-enabled smartlocks.

Biometrics is an area banks are looking at to provide secure, yet friction-free, logins to online and mobile banking. Fingerprints, facial recognition, voice recognition, iris scans, and palm prints are just some of the biometric alternatives floating among financial services and technology firms.

Other academics are exploring ECG as a way to authenticate identity.

YN Singh, co-author of "Evaluation of Electrocardiogram for Biometric Authentication," is developing a biometric recognition system that uses ECGs for identity proofing.

"Our research has proved that the ECG signal acquired from different persons are heterogeneous," says Singh in a recent email to BTN. "We claim that the ECG biometric recognition system is safe, secured, efficient and robust."