Nymi: Wearable Authentication

Startup uses heartbeat biometric sensors to improve security, reduce log-in time.


If you had one device that could log into all your electronics automatically, allowing you to make electronic payments more securely based on your heart beat rhythms, would you use it?

That’s the question a startup named Nymi is asking—and a lot of other companies are watching. The company began its life in 2011 using a biometric electrocardiogram developed at the University of Toronto.

What makes an EKG so interesting is that it’s a much more complex pattern recognition scheme. Fingerprints and facial recognition are static, but EKGs are mapped over time. That isn’t to say they cannot be compromised, but it’s more difficult and takes much more work. And when multiple types of biometric inputs are included, hacking becomes far too time consuming and difficult to make it worthwhile.

“The goal was to change the model with biometrics and put it on the body,” said Karl Martin, the company’s CEO. “So you can put on a device at the beginning of the day and use it to unlock your computer, your phone, make payments. You’re using multi-factor authentication on one device. So you’re carrying a physical token, which is one factor. You uniquely possess that. Then you’re adding a second biometric factor, from an electrocardiogram (EKG).”

The EKG requires a second hand to touch the sensor initially, creating a waveform of beating patterns. That, in turn, is matched up with a previous pattern. If the two match, the authentication is live. But Martin noted that other biometrics can be added as well, to have a third, fourth and even fifth reference point for even greater security.

Equally important, battery life of the device is five to seven days, according to Gregor Simeonov, hardware engineer at Nymi. That number is based on a standard lithium polymer battery, utilizing an ARM Cortex M4 with Bluetooth Low Energy doing the majority of the I/O. There’s also a motion sensor and a dedicated analog front end with a user interface.

Nymi isn’t alone in this space. Fingerprint sensors already are being used in the iPhone and iPad, and there is work underway to make body chemistry another point of reference through on-skin sensors. But Nymi has garnered a fair share of interest in a short period of time. MasterCard, one of its ecosystem partners, invested in the company in the last financing round. Nymi also struck a deal with NXP, which makes chips that are being used for secure credit card transactions.

“This is another form of authentication,” said Brintha Koether, payments segment director at NXP, noting that with chips replacing magnetic strips in smart cards, the focus has shifted to devices that use those cards. Of particular concern is making sure the readers of those cards on both sides of the transaction are secure. “The view will be more focused on mobile, which includes fingerprints, heart rate data from Nymi, as well as other things. There is room for a lot of things to be brought in. Consumers don’t want to worry about entering or remembering a pin number. This is unique to you.”

  • TrulySecure fan

    Face recognition can include live-ness detection which is a dynamic component. EKG is not the only way to avoid spoofing with static targets.