Duckface to unlock: How our selfie obsession helped make eye-recognition possible

How our selfie obsession helped make eye recognition possible
Let’s all give thanks for selfies. Not because they’ve given the vain something to occupy their time, but because without them, we wouldn’t be on the cusp of unlocking our phones merely by looking at them. In a strange twist of fate, the world’s obsession with the selfie has helped propel eye-recognition technology forward faster than expected.

If the selfie craze hadn’t happened, we might not be where we are, according to Toby Rush, CEO and founder of EyeVerify, which makes eye-recognition technology called Eyeprint ID. According to Rush, selfies were just starting to take off when his team began working on their technology, and not every phone had a high-res front camera. “We were naive. We thought people would turn their phones around,” he laughed.

Thankfully, our lust for photos of ourselves sparked a wave of new hardware that Rush’s team was able to ride right alongside preteens snapping selfies. “All of a sudden, every smartphone manufacturer wanted to put a 5 or an 8-megapixel camera on the front of a phone,” Toby remembers. Apple’s introduction of TouchID on the iPhone 5S, he adds, played a big part in bringing attention to the world of biometric authentication.

Not more secure, more convenient

Why should our phones scan our eyes instead of our fingerprints? They shouldn’t.

“We don’t see EyePrint as an alternative to fingerprint scanning, we see it as an addition to it,” Rush explains. “When you think about biometrics, there is no right or wrong, but you do need to think about what the user is doing the vast majority of the time when they want to authenticate an action.”

“It’s not more security, it’s more convenience.”

“Heartrate makes a perfect biometric for smartwatches, but don’t make me talk, touch, or look at it. But with a smartphone, you’re either touching or looking at it, and some of the companies we’re working with — on flagship phones — want to provide both. It’s not more security, it’s more convenience.”

EyeVerify’s technology impressed when we saw it on the ZTE Grand S3 back at CES this year. It works by matching the blood vessels in the whites of our eyes, each one of which is like mapping 100 unique points-of-interest on a map, and then another 100 points-of-interest on each one when you zoom in. It’s not the same as iris or retina scanning, and both of these require special camera hardware to measure. EyeVerify’s method, as we’ve already found, only needs a selfie cam.

No additional hardware needed

Without additional hardware cost, even low-end phones can incorporate eye recognition without spending out on an extra component. However, is a low-res front camera up to the job of looking deeply into our eyes?

“The only difference for us is range,” said Toby, when asked if there was a difference between a 2-megapixel and a 13-megapixel front camera for use with EyePrint’s technology. “The better the resolution, the farther away you can hold the phone.” However, even the lowest megapixel front cams can produce surprising results. A single megapixel camera is still usable from 20cm away, for example. For comparison, a 5-megapixel camera is capable of operating from 30cm away, and an 8-megapixel camera is happy at between 35 and 40cm — easily covering most outstretched arms.

Like all good security measures, the authentication process is designed to be quick and seamless. “We don’t want to move a finger to the fingerprint sensor when we’re already looking at the device.” said Toby. EyeVerify is now authenticating at a speed of 500 milliseconds, and even on older processors — such as the Snapdragon 400 — the time is still only just over a second. Interestingly, the graphics processor inside a phone is actually more important than the CPU for EyeVerify, due to the heavy use of image processing. So besides selfies, Rush has the rise of 3D mobile games to thank for the hardware that enables his technology, too.

Nothing stored in the cloud means nothing to hack

There is something pleasingly sci-fi about having our eyes scanned for recognition, but what about the real-world security aspects of biometric authorization? For Eyeprint, there is only one option, and it’s not storing data in the cloud. “It’s never a matter of ‘if’, it’s only ‘when’,” said Toby, referring to data stores like this being hacked. “So we do all of our matching on the device.” To make sure there’s no chance of anything being transferred to the cloud accidentally, EyeVerify doesn’t sell any cloud server software at all.

While this may sound like the simple option, it’s not. “What we had to do is calculate a special security key from your eye, which is a two-step process. Step one is to match the biometric, and if they match at a high enough level, then you pass. We have to go beyond that for step two, and calculate a key that’s the equivalent of a 50-character complex password, which is used for authentication. It’s not just a true or false.” Imagine trying to remember a password of this length and complexity, on an everyday basis.

Should the password be compromised, all that’s needed is a quick reset and re-authentication, and a new key is created. No keys are ever sent from an EyeVerify-equipped device, even if a server-based app is asking for authentication, when a publicly-generated, one-time key is used. It was also a considerable challenge to come up with a way to generate the keys on the device, and not on a server. For data privacy’s sake, it was worth it.

New phones with eye-scanning tech out before the end of the year

Keeping our phones locked, and payment methods secure is only the start. Looking to the future, Toby sees our phones and any relevant wearable devices becoming tied to medical records and health data, for which a higher degree of security will be needed to authenticate when we visit healthcare practitioners. This, combined with increased reliance on our phones for financial and company information, makes reliable, super-secure biometrics even more important.

The more confidential data that’s stored on, or accessed using, a smartphone, the more comprehensive that security needs to become. EyeVerify is working on even more complex keys, and says a 100-character password created by using an Eyeprint ID eye scan — twice what it’s capable of producing now — is possible in the next six months or so.

The good news is, we’re not going to have to wait long for more phones to come out with EyeVerify’s eye print recognition installed either. Toby confirmed that the company is “working with 20 different smartphone manufacturers right now.” Four have already launched with EyeVerify’s technology — ZTE, Alcatel, Vivo, and Umi — and he expects another four before the end of 2015. Soon, look-to-unlock will be as normal and natural as using our finger for a scan, or to tap out a PIN code.

All because we can’t stop taking selfies.

Smart Home

Best Buy zaps price on Nest Secure alarm, Nest Cam, and Google Home Mini bundle

Best Buy zapped the price of Nest smart home security Nest Secure Alarm and Nest Cam Outdoor bundle and added a Google Home Mini. Nest Detect sensors watch your home inside and out. Stream Nest Cam video in real-time or view clips later.
Smart Home

Hate messy wires? Check out the best wireless home security cameras

Home security cameras can give you piece of mind, but if they have wires, are limited in where you can put them. We've rounded up the best battery-operated home security cameras to give you flexibility along with your security.
Smart Home

Keep your stuff safe and porch pirates away with the best home security cams

When it comes to the best home security cameras, the choice often comes down to the one that simply knows how to stay out of your way. Here are some of our favorites, both indoor and outdoor.
Mobile

These parental control apps will help keep your kids' device habits in check

Looking for extra security and monitoring on mobile devices? Take a look at the best parental control apps for limiting time and keeping watch on your child's phone usage and behavior. We have the top options for Android and iOS here.
Health & Fitness

Google’s redesigned Fit activity tracker is now an iOS app

Google Fit has landed for iOS. The activity tracker offers the same clean design that arrived with the major revamp of the Android version a year ago, with features such as Move Minutes and Heart Points also included.
Mobile

Stunning photo shows Honor 20 will get the full Moschino designer treatment

Honor will launch the Honor 20 on May 21, at an event taking place in London. A special Moschino version will also be revealed, potentially with a Lite version, and perhaps even another model also showing up on the day.
Mobile

Leak says Huawei will supply 5G equipment to the U.K., but with a caveat

A leak from the U.K.'s National Security Council says Huawei has been approved to supply certain 5G infrastructure equipment, but not the core components related to secure aspects of the network.
Mobile

Smash your carrier shackles with the best unlocked phones

If you want the freedom to switch carriers at will or you prefer to get your phone directly from the company that makes it, you'll want to buy an unlocked smartphone. These are the best unlocked phones you can buy in the U.S.
Mobile

Google Assistant for Android and iOS wants to tell you a story

Just in time for National Tell a Story Day on April 27, Google has added the ability for Google Assistant for iOS and Android to read you a story. So now there's no excuse for not catching up with a good book.
Android

Here's how much it will cost to buy the Galaxy S10 5G, and when it releases

Samsung announced a whopping four new Galaxy S10 devices, from the low-cost S10e to the triple-camera S10 and S10 Plus. But it's the Galaxy S10 5G that steals the show, as it will be the first 5G-ready smartphone to hit the market.
Mobile

Verizon reveals 20 new cities that will get its 5G network in 2019

Verizon is in the midst of a massive 5G rollout. In addition to fixed 5G service, it has also begun deploying mobile 5G. Here's everything you need to know about Verizon's 5G network, including when it will be in your town.
Mobile

Bothering the bots: Funny questions and commands to pose to Google Assistant

Communicating with Google Assistant can be a chore. Luckily, there are plenty of fun questions and commands to add a little entertainment to your oft-rigid conversation. Here are some of our favorites.
Mobile

Protect your gadget with our rundown of the best iPhone 6S cases and covers

If you’ve been wondering what kind of stylish cover or protective case is still available for the iPhone 6S, take a step inside and look at our top picks for the best iPhone 6s cases. From style to protection, we've got you covered.
Computing

George Clooney and Microsoft’s TrialWatch hopes to put a spotlight on injustice

Microsoft and The Clooney Foundation for Justice unveiled the TrialWatch app Thursday during an event at Columbia University — a new tool in CFJ’s ongoing effort to shine a light on injustice in courts around the globe.