Typing a password into your might be a reasonable way to access the sensitive information it holds, but a startup called EyeVerify thinks it would be easier—and more secure—to just look into the smartphones’s camera lens and move your eyes to the side scan your sclera for security.
MIT Technology Reviewsays that Kansas City, Kansas based EyeVerify software claims that it can identify you by your “eyeprints,” the pattern of veins in the whites of your eyes. The firm claims the method is as accurate as a fingerprint or iris scan, without requiring any special hardware.
The company plans to roll out its security software next year. CEO and founder Toby Rush envisions a range of uses for it, including authenticating access to online medical records or bank accounts via smartphones. Mr. Rush told TR that phone manufacturers are interested in embedding the software into handsets so that many applications can use it for authenticating people, though he declined to name any prospective partners. The security software allows people to bypass the security on their mobile devices just by looking at it.
The article explains that the technology behind EyeVerify comes from Reza Derakhshani, associate professor of computer science and electrical engineering at the University of Missouri, Kansas City. Dr. Derakhshani, the company’s chief scientist, was a co-recipient of a patent for the eye-vein biometrics behind EyeVerify in 2008.
To the users EyeVerify seems pretty simple (though somewhat awkward in its prototype stage according to the article). To access data on a smartphone that’s locked with EyeVerify, the blog says you would look to the right or the left, enabling EyeVerify to capture eyeprints from each of your eyes with the camera on the back of the smartphone. (Eventually, EyeVerify expects to take advantage of a smartphone’s front-facing camera, but for now the resolution is not high enough on most of these cameras, Rush says.) EyeVerify’s software processes the images, maps the veins in your eye, and matches that against an eyeprint stored on the phone.
Rush says the software can tell the difference between a real person and an image of a person. It randomly challenges the smartphone’s camera to adjust settings such as focus, exposure, and white balance and checks whether it receives an appropriate response from the object it’s focused on.
The look of the veins in your eyes changes over time, and you might burst a blood vessel one day the article speculates. But Mr. Rush says long-term changes would be slow enough that EyeVerify could “age” its template to adjust. And the software only needs one proper eyeprint to authenticate you, so unless you bloody up both eyes, you should be able to use EyeVerify after a bar fight.
EyeVerify still needs to do more to prove that. Rush says that in tests of 96 people, the eyeprint system was 99.97 percent accurate. The company is working with Purdue University researchers to judge the accuracy of its software on 250 subjects—or another 500 eyes.
Mr. Rush’s favorite application is for voters on Election Day. “Being able to vote from the convenience of my house, I can already send in a mail-in ballot, why not verify biometrically here and simply vote?” he told Fox News.
The end-user will be the fundamental roadblock to any eye based biometrics. Traditionally, anything related to eye recognition has received strong resistance, because it is just human nature to be squeamish about having our eyes scanned.
I covered the challenges of biometrics here, as long as this technology is limited to smartphones, some but not all biometrics issues remain:
- What is the real world sensitivity / specificity tradeoff ie quantified False Positive and False Negative Error Rates?
- Revocability. What happens if the mobile devices is lost? What is the strategy to cancel and reissue a pair of eyes?
Despite the concerns scanning your sclera for security is coming to an iPhone near you.