Nymi Puts Its Heart Into IoT Authentication

Using its proprietary heartbeat authentication system, Nymi is rolling out wristbands that serve as physical and logical access-control devices, and, in the future, may double as MasterCard payment cards.
By Mary Catherine O'Connor

To set up the Nymi band, an individual first needs to download the Nymi Companion app, available for the Android or iOS operation system, on a smartphone or tablet. "Then they fire up the app, put the band on their wrist and place the index finger of their opposite hand on the sensor located top of the band," Chance says. "By doing so, they'll complete a circuit through their body." Keeping their finger in place for between one and one and a half minutes will allow sufficient time for the sensor to capture a profile of the wearer's unique ECG wave. At this point, the Nymi band creates the wearer's ECG biometric template, which is stored in the band. (The wristband vibrates to let the user know the template-creation process is complete.) It also sends the ECG template, in an encrypted form, to the Companion app via a Bluetooth connection.

"We use a cryptographic key system, so the actual template is stored on the smartphone [or tablet] but in an encrypted state," Chance explains. "The keys needed to decrypt it are in the band. Nymi does not store a copy in the back end, so the biometrics are localized [to the band]."

Once the user removes the band, it erases the ECG profile that it uses to authenticate that individual by comparing it to the ECG template. In this way, another person could not place the band on his or her own wrist and continue to use it.

To start using the band again, the user re-clasps it and repeats the process of holding the opposite hand's index finger on the sensor. The band then compares the newly captured ECG data with the information stored in the template and, as long as there is a match, authenticates the user's identity. This process takes only 10 seconds to complete.

Next month, Chance says, 150 MasterCard cardholders who are also employees or customers of the Royal Bank of Canada will participate in a second trial of the Nymi band.

Not Just Payments
Nymi has also worked with MasterCard to test the use of Nymi bands for access control, but has not announced whether MasterCard or any other company plans to deploy the technology on a permanent basis. For those tests, the band is issued in the place of a conventional RFID-based access card, and is then used to enter secured areas within corporate office buildings. As with the payments application, the band only works if the person to whom it has been issued is wearing it.

Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations