The Nymi works by using your unique electrocardiogram (ECG) signals to act as a biometric authentication layer for other devices, applications and services. Put another way, Nymi uses your heartbeat like a password to confirm that you are, in fact, you. According to Bionym CEO Karl Martin, ECG is significantly more reliable than face recognition and only slightly less secure than a fingerprint.
All Killer, No Filler
We’re bringing Momentum to New York: our newest event, showcasing only the best speakers and startups.
When it arrives later this year, Nymi will offer three-factor authentication: the wristband itself, your unique cardiac rhythm and a mobile device, like a smartphone or tablet. The Nymi hardware acts as a secure token that ties into the biometric, and your wristband will need to check-in with your smartphone or tablet at the beginning of the day.
To activate the wristband, you’ll need to place the fingers from your other hand on top of the wristband to provide two points of contact. The resulting ECG isn’t medical-grade, but it should be enough to identify you accurately.
“This is a vehicle to put persistent identity on someone’s body,” Martin explained. “It’s privacy-protected and opt-in.”
Because wearing a device requires a deeper level of invasiveness than other gadgets, all wearables have to answer the question, “What do I get out of this that makes it worth wearing?” Nymi believes that its value proposition comes through the persistence of its authentication. The fingerprint sensors in the iPhone 5s and the Galaxy S5 offer strong biometrics, but they can’t continuously verify your identity.
At SXSW this year, Nymi ran an experiment to let users try out the technology at a series of pop-up events. For instance, when I registered for a demo wristband, I listed my favorite drink. When I tapped the wristband on a reader at the bar, the bartender made the drink and called me by name. At another event, users could use the Nymi to request their favorite songs from a DJ. Drinks and tunes may seem like superficial use cases, but it’s easy to imagine the implications for payment, device management, the connected home and personalization.
The thing that excites me most about Nymi is its potential to eliminate the password. The modern password, with its mix of capital letters, numbers and punctuation, is a terrible user experience. Password managers try to mitigate the issue, but they’re hardly an elegant solution.
“[Killing the password] is one of our goals,” Martin said, noting that the Nymi will be compatible with the FIDO Alliance.
FIDO, which stands for Fast IDentity Online, was created by PayPal and Lenovo and now counts Google and Microsoft among its members. The alliance has set out to create the next-generation standard for identity verification. When I asked PayPal CTO James Barrese about the future of payment and the role of the FIDO Alliance during a separate interview earlier this month, he noted:
I think the password’s going to die [in the next five years]. It’s going to be replaced with biometrics. Wearable computing will take off and the payment experience will be integrated with that.
Martin posed Bionym’s mission as answering the following question: “If you were to reengineer the human body for the modern world, what are the capabilities you would give this human?” In his view, one of the features we would add is the ability to “seamlessly send their identity securely.”
“We never claim that [Nymi] is 100% bulletproof. It’s about how much effort do you make your attacker go through? That’s a lot of effort.”
Beyond the identity piece of the Nymi, the wearable will also offer several other features, such as a heart rate monitor and gesture recognition through its accelerometer and gyroscope.
The first batch of 25,000 Nymi pre-orders cost $79, but the price will rise to $99 afterward. Bionym’s plan, however, is not to rely solely on money from the hardware, as it believes it can build a strong business around providing identity management for service providers. Bionym plans to sync up with the cloud eventually, but it wants to first build confidence in the system, independent of the online component.
“We’re launching [Nymi] specifically without a cloud service because it doesn’t need a cloud service to operate,” Martin said. “We’re not shuttling your data up into the cloud. It’s direct communication between the Nymi and the devices.”
Wearing a Bluetooth identity bracelet introduces a number of privacy concerns, but Martin says the team built the Nymi with security at the forefront using a system called Privacy by Design.
“We designed this so that you cannot be tracked,” Martin said. “[When] you get your Nymi and activate it for the first time, even we don’t know who you are,” he said.
All activations between the device and a service are opt-in, so passive Bluetooth beacons won’t be able to just pick up where you are. The device will allow you to completely silo your identity for each application and revoke your identity from specific providers.
“The way we put it is we’re putting you in control of your identity,” Martin said.
While Bionym could certainly make loads of money selling user information to advertisers, the company built its platform so it doesn’t have access to your data.
“We decided for this to be successful, users need to trust us,” Martin said. “In the end, we don’t really know what’s inside. We can’t violate the trust.”
On the off chance that you’re worried about the Nymi becoming the “Mark of the Beast,” a Biblical reference often used by conspiracy theorists to decry new authentication technologies, Martin confirmed that the company decided from the outset to never build a chip that would embed within your skin because it would remove the sense of control.
“The nice thing about a wristband is I can take it off. I can stop using it,” he said. “This technology is not about controlling you, we want you to control it. We will always make products that put user control first. Some people believe that [privacy is] about keeping everything secret, but for me personally, there’s actually a European concept about privacy that means control, control over your personal information. That’s the one we follow.”
The Nymi isn’t the only bright star on the wearable horizon. Google’s Android Wear initiative, for instance, is just getting started. However, Bionym’s efforts represent a technology that enables a valuable new functionality that can only be achieved through a wearable form factor.
There’s no guarantee that the Nymi will accomplish its goals when it launches in mid-late 2014. After all, its success relies heavily on widespread adoption among developers and merchants. Still, that doesn’t stop me from getting excited about the possibility for wearables to solve the identity problem and get rid of the annoyingly antiquated password.