Skip to main content

A Toronto startup named Bionym is turning that insight into a novel kind of security product: A bracelet that acts as a wearable password

It was in the last few decades that researchers realized that the human heartbeat, no matter how fast or slow it's going, generates signals that are every bit as unique to an individual as a fingerprint or retina.

Now, a Toronto startup named Bionym is turning that insight into a novel kind of security product: A bracelet that acts as a wearable password – one that can't be lost, can't be stolen, and can't be used by others - but can still be taken off at will.

"By wearing something that knows who you are, it can be used as a universal identifier, says Karl Martin, Bionym's CEO.

Story continues below advertisement

Founded by Karl Martin and Foteini Agrafioti, two University of Toronto PhD students, Bionym's first product is a $99 Bluetooth-enabled bracelet called the Nymi. When a user puts the device on, they can authenticate themselves by pressing it to their wrist for a few seconds, during which the device picks up a few heartbeats' worth of the ECG signatures that, once run through an algorithm, are unique to each person. Having gotten the user's pulse, as it were, the device can now use its Bluetooth radio to wirelessly vouch that its wearer is indeed who she says she is.

However, as soon as the bracelet loses contact with its wearer's skin, it resets itself. So, unlike for instance, a smartphone that contains digital credentials, a lost or stolen bracelet is of no value to those who'd break into accounts. (The Nymi's guts are in a little puck on top, smaller than a watch; the firm says that reliability issues made it opt against using flexible electronics.)

Bionym uses an open API and is working with developers on assorted applications: The bracelet could unlock both physical doors - like house doors secured with Bluetooth-enabled products like Lockitron - or virtual ones, like online logins for e-mail accounts, or even bank and bitcoin accounts. (Sure enough, standards for password-free security systems are emerging under the umbrella of groups like the FIDO Alliance.)

But using heartbeats to bypass passwords is only the beginning.

"In the biometrics world, there's a tunnel vision," says Martin. Biometrics solutions, he says, focus too much on one-off tasks like simply getting people through gates, like passwords. However, he says, the real potential in these technologies lies in using these devices to broadcast your identity continuously, to devices around you that might be listening.

"You can have a personalized experience. Devices can know who you are," he says. "That's what we're offering: Persistent identity."

For instance, he says, users could opt in to programs that would allow businesses to recognize them when they walk through the door. Since the bracelet's signals can travel a good 30 feet, devices that are authorized to speak with them can offer personalized experiences, be it an iPad kiosk at a department store that responds to their shopping history, or a high-end hotel lobby that sends service staff scuttling up to assist a high-value customer.

Story continues below advertisement

The key word for Bionym is "opt in": Martin says that the bracelet does not give off any signals that could be used to track users who haven't explicitly signed up to be recognized at a given location.

(He adds that the Nymi can't even be tracked by the systems that retailers use to anonymously tag passing customers by picking up on the wireless signals coming from their phones: It randomly rotates the identifiers, like MAC addresses, that these systems keep track of.)

Founded in 2011, but built on six years of research, the company has grown rapidly since being spun off, now reaching 22 people and in the middle of a new funding round. Agrafioti worked on the heartbeat-reading algorithms that are at the core of the product, while Martin, her co-founder, focused on cryptography. The Nymi is in pre-orders (for a discounted $79) and will be shipping this year. Martin says the company is currently working with developers who will use its API to make sure that even early adopters will have applications for their bracelets.

"We'll be focusing on making sure that users have something useful with it out of the box."

An earlier online version of this story incorrectly spelled Foteini Agrafioti's first name. This online version has been corrected.

Follow us @GlobeSmallBiz and on Pinterest
Join our Small Business LinkedIn group
Add us to your circles
Sign up for our weekly newsletter

Report an error Editorial code of conduct
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • All comments will be reviewed by one or more moderators before being posted to the site. This should only take a few moments.
  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed. Commenters who repeatedly violate community guidelines may be suspended, causing them to temporarily lose their ability to engage with comments.

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.
Cannabis pro newsletter