Blog

I ♥ Biometrics

Sep 10, 2013
Dave Kearns

If you’ve followed my writings for very long, you know I’m a strong believer in biometric authentication. (See, for example, this Network World column from over a dozen years ago) Why? Well, for one reason, unlike a password or a hardware token, you can’t misplace or lose a biometric (fingerprint, facial scan, keyboard dynamics, etc.) – it’s always with you. Now, there’s another biometric system for you to look at.

Bionym, Inc. has announced Nymi, a biometric reader that goes a step further than most others.

Nymi is a bracelet with two electrical contacts – one on the underside, which is in contact with your wrist, and one topside for you to press with a finger. Putting the bracelet on powers it up, touching the top contact completes a circuit, allowing Nymi to read your unique “cardiac rhythm” similar to the reading an electrocardiogram takes. Bionym assures us that everyone's is unique. That signal is then sent (via Bluetooth) to a nearby device (such as a smartphone), which is running the app registered to that biometric signature and which contains the data and/or rules necessary to authenticate to other devices and services.

As long as the bracelet stays on your wrist, there’s no need to re-read the cardiac signal. Should it be removed then re-placed, you would need to re-authenticate. That also means there’s no need to actively authenticate to any registered service – which could be a great timesaver.

Along with the ECG sensor and Bluetooth transmitter, the wristband contains a gyroscope and accelerometer so that it can support gesture unlocking scenarios, also, such as different gestures to unlock your car, your PC, a door, etc.

Bionym calls the Nymi a 3-factor security system. They say that to take control of your identity you must have your Nymi, your unique heartbeat and an Authorized Authentication Device (AAD), which would be a smartphone or device registered with their app.

They also claim the Nymi is built upon the principles of Privacy by Design, explaining that this means that only you control and access your identity and personal information. Since that information is not sent to a third party, the company believes that – in future – personalization information could also be stored. They theorize, for example, that the “smart house” of the future would react to the entry of someone wearing (and authenticated to) the device by adjusting temperatures, lighting, entertainment, etc. The device includes hardware-based encryption for all transactions, by the way, further strengthening the authentication services as well as further protecting personally identifiable information.

This is a very interesting concept – it’s easier to use than passwords and safer. It still is susceptible to the problems of a token (can be lost, stolen or strayed), but a lost bracelet won’t work with someone else’s heart wave and remembering to wear it should be as automatic as remembering to put on socks. As yet there are very few applications, but Bionym says the app will be available on iOS, Android, Windows and Mac OSX initially. An open-source SDK will allow for developers to port support to other platforms.

Other news of wearable technology came from Samsung last week with the release of the Galaxy Gear, the next generation of smart device, a “smartwatch”. The smartwatch will work in concert with users’ smartphones (it won’t replace the phone yet). Among the features shown at its debut:

  • Users also will be able to accept phone calls on the watch, answering calls by putting their wrist next to their heads. There are speakers and a microphone in the clasp area of the watch.
  • Gear will also respond to voice commands, so users don’t always have to physically fiddle with the watch while placing calls.
  • The watch also has a camera that captures short video clips — visual memos, the company is calling it — as well as photographs.
  • The smartwatch will also be able to translate signs in foreign languages simply by analyzing a picture. The Gear will also support its own apps, which have been specifically designed for the watch.
The Gear would seem to be ideally matched to the Galaxy note smartphone, one of the devices labeled as a “phablet” because it’s a phone with a larger screen and form factor. The Gear would allow conversations, for example, without the need to hold a large device to your head.

All we need now is for Samsung and Bionym to get together and develop an “all-in-one” wrist appliance that could handle authentication as well as control for your devices. To me that’s the logical extension of these technologies.

*****

Speaking of authentication and access, remember that on the 26th of this month I’ll be hosting a webinar called “Authorization as a Calculated Risk”. Joining me will be Brian Spector from Certivox, Jamie Cowper from Nok-Nok Labs and Gerry Gebel from Axiomatics . Register now.