Iris scans as ID grow in use

Smartphones, ATMs and autos envisioned as prime candidates for iris scan tech as ID verification

Iris scanner technology is emerging in smartphones, including the new Samsung Note 7, but is expected to come soon to cars and ATM machines to verify a user’s identity.

Experts say an iris scan can be more reliable than a fingerprint scan, which is a big reason it is expected to be used in more devices in coming years. Each iris, the colorful part of the eye that forms a ring around the pupil, is unique and therefore a good biometric indicator.

Samsung’s Android 6-based Note 7, which shipped on Aug. 19, takes advantage of the technology as well as the Windows 10 Mobile-based HP Elite X3.

In the Note 7 and other iris scanning phones, a special front-facing camera sensor and an infrared sensor are used to take a series of video frames of a user’s iris. Then, software looks at hundreds of points in the scan from various video frames to determine if that person is the authorized user before unlocking the device. A user can customize which of the phone’s features, such as Secure Folder, will also require an iris scan for entry.

Samsung has also preserved the use of passwords, keyboard patterns and fingerprint scanning on the Note 7, partly to give users a choice.

Some reviewers have noted that the Note 7’s iris scanner is not as reliable as its fingerprint sensor, partly because it is hard to do scans in direct sunlight or when the user is wearing glasses or colored contacts.

The Note 7 and Elite X3 were not the first phones to use iris scanner technology. More than a year ago, Fujitsu included an iris scanner on the Arrows NX F-04G smartphone, sold by NTT Docomo only in Japan.

That phone as well as a later Fujitsu smartphone model and a Fujitsu tablet all took advantage of iris scanners. All three relied on intellectual property for iris scanners called ActiveIRIS from Delta ID, a startup of fewer than 20 people based in Newark, Calif., that was formed in 2011.

Delta ID President Salil Prabhakar said in an interview that his company is working with other smartphone makers interested in the ActiveIRIS technology, although he could not name the companies due to contractual agreements. He said those other companies include smartphones already on sale in the U.S., which implies that ActiveIRIS works with Note 7, as widely rumored. ActiveIRIS is included in Samsung’s Galaxy Tab Iris, according to Prabhakar in a report.

Aside from not working well in sunlight, iris scan technology is considered more reliable than a fingerprint scan, Prabhakar said. That’s partly because fingerprints of women and children are harder to read because their hands and fingers are smaller and their fingerprints have smaller peaks and valleys to detect. Also, fingerprints age as a person ages, and fingerprints can be obscured by dust and grime among people who work with their hands.

“No biometric is bad, but every biometric has its challenges,” Prabhakar said. Statistically, a fingerprint scan can mistakenly identify a fingerprint for someone else (called a false match) once in 10,000 times, while an iris scan makes a false match once in a million times, he said.

The reliability for a fingerprint scan is roughly equivalent to a four-digit PIN, while the iris scan is equivalent to a six-digit PIN. “Banks love it. An iris scan is better security,” Prabhakar said.

Because of that high level of reliability, Delta ID is approaching banks to put ActiveIRIS in ATM machines, and has been in talks with three U.S automakers and several others abroad to include ActiveIRIS in cars, he said.

An infrared sensor in a car could be placed in the instrument panel, center console or rearview mirror to identify who is in the driver’s seat with an iris scan. With that kind of identity information, a car’s systems could be set to individual preferences for the height of the seat or radio stations, Prabhakar said. Iris scanners could even be used to detect when the driver is getting drowsy.

“Car makers can use it for whatever feature they want to build,” he said. A prime market will be rental car companies, which could identify frequent customers once they get seated in a car for a quick checkout.

In future iterations of iris scan technology, Delta ID may enhance the iris scan with identifiable aspects of a person’s nose and eyes, including the shape of the eyes and the distance between the eyes and nose. “It can’t be just the eyes and nose, but that information can supplement other information,” he said.

Interestingly, iris scans work for the blind and even for people with eye diseases, including like cataracts and glaucoma, Prabhakar said. That’s because most of those diseases affect the lens of the eye and not the iris, which is a muscle that controls the pupil aperture.

However, there are some people’s irises that cannot be scanned because their pupils are not circular or are elongated, he said. Or, the iris has been injured or a person cannot open his or her eyes wide enough. India’s national identity program, with 1 billion fingerprints and iris scans completed, found that one in a 1,000 irises could not be scanned. That program also found that one in 20 fingerprints could not be accurately scanned, a much higher rate.

“The iris ID has so much going for it. We want to stay focused on it,” Prabhakar said.

While Delta ID and a few competitors like Eyelock and Iris ID are focused on growing the iris scanning market in various devices, IHS Technology said earlier this year that it is a small market so far. Iris scanners made up less than 1% of the market for iris, fingerprint and facial scanners in 2015, IHS said.

Iris scanner technology alone is unlikely to increase sales of any smartphone or tablet model, said Ramon Llamas, an analyst at IDC. “People don’t buy a device for a security feature like [an iris scan],” he said. “Now, a complete security solution is a different story.”

Join the CSO newsletter!

Error: Please check your email address.

More about DeltaGalaxyHPIHSSamsungTabTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matt Hamblen

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place