The RSA Conference had a number of high points as over 40,000 attendees found that talk of pure crypto has been supplanted by more topical subjects, like “Apple versus the FBI,” cybersecurity “workflows” and my personal favorite multi-factor authentication, specifically as it addresses challenges posed by concerns over privacy and “islands of verified attributes.”
My personal favorite discussion came in the form of a briefing with John Haggard, the CEO of Nymi, a private company that is coming out of semi-stealth mode to build awareness of its first product, Nymi Band. As illustrated in the video below, the Nymi Band takes a disarmingly simple and speedy approach to identity assertion and verification that is capable of supporting access management, be it opening a door or logging onto a laptop, smartphone or individual application.
The video demonstrates how an individual asserts his identity simply by putting on the Nymi Band. In this case he uses a biometric factor (his own heartbeat represented by an electrocardiagram). At the NXP Booth at RSA, John also showed how the Nymi Band’s support of BLE (Bluetooth Low Energy) could accept fingerprint-based authentication (like TouchID) from a smartphone. Authentication takes place continuously, until the band is taken off for charging at the end of the day.
The use case for Nymi Band goes something like this: Asserting ID is like taking your vitamins. You do it once a day, first thing in the morning. It starts with putting on the Nymi Band, which activates its power and awaits a factor or two to establish its role as an identification token. After that the use cases are almost limitless. The device “advertises” itself 240 times a second. Each “ad” is unique random number-based private key to support encrypted messaging with its public key encryption mate. The rapid refresh rate gives an instantaneous feel to strong authentication and rapid access to places or services.
Because it is not associated with specific applications or devices, the Nymi band has been paired with a variety of fitness trackers and payment systems. Its launch in June 2015 involved over 250 pilot participants who were provided with NFC-enabled (Near Field Communications-enabled) Nymi Bands, that served as wearable Mastercard® payment credential housed in the band’s secure (or trusted) hardware element. Users could make payments at existing contactless terminals in Canada, the U.S. or Europe.
As you can tell, there are a lot of elements in the simple looking band. It supports BLE (Bluetooth Low Energy) as the connection to laptops and smartphones. NFC, for rapid payment and USB, for physically hooking up to chargers or any device with a USB port. It is FIDO compliant, supporting the latest Universal 2nd Factor protocol (U2F) developed by Google, in conjunction with Yubico.
The company is actively seeking developers by offering a $149 Nymi Band Discovery Kit. And, as a private company, has active interest in initiating conversations with potential technology partners, resellers and investors.
Categories: Intelligent Authentication