As a key component of ubiquitous computing, the wireless body area network (WBAN) can be used in a variety of disciplines, including health monitoring. Our everyday routines have been transformed by wearable technology, which has changed the medical industry and made our lives more convenient. However, the openness of the wireless network has raised concerns about the privacy and security of patient’s data because of the latent threat imposed by attackers. Patients’ sensitive data are safeguarded with authentication schemes against a variety of cyberattacks. Using pulse signals and a lightweight cryptographic approach, we propose a hybrid, anonymous, authentication scheme by extracting the binarized stream (bio-key) from pulse signal. We acquired 20 different sample signals to verify the unpredictability and randomness of keys, which were further utilized in an authentication algorithm. Formal proof of mutual authentication and key agreement was provided by the widely known BAN logic, and informal verification was provided by the Automated Validation of Internet Security Protocol and Applications (AVISPA) tool. The performance results depicted that storage cost on the sensor side was only 640 b, whereas communication cost was 512 b. Similarly, the computation time and energy consumption requirements were 0.005 ms and 0.55 µJ, respectively. Hence, it could be asserted that the proposed authentication scheme provided sustainable communication cost along with efficient computation, energy, and storage overheads as compared to peer work.