Duckface to unlock: How our selfie obsession helped make eye-recognition possible

How our selfie obsession helped make eye recognition possible
Let’s all give thanks for selfies. Not because they’ve given the vain something to occupy their time, but because without them, we wouldn’t be on the cusp of unlocking our phones merely by looking at them. In a strange twist of fate, the world’s obsession with the selfie has helped propel eye-recognition technology forward faster than expected.

If the selfie craze hadn’t happened, we might not be where we are, according to Toby Rush, CEO and founder of EyeVerify, which makes eye-recognition technology called Eyeprint ID. According to Rush, selfies were just starting to take off when his team began working on their technology, and not every phone had a high-res front camera. “We were naive. We thought people would turn their phones around,” he laughed.

Thankfully, our lust for photos of ourselves sparked a wave of new hardware that Rush’s team was able to ride right alongside preteens snapping selfies. “All of a sudden, every smartphone manufacturer wanted to put a 5 or an 8-megapixel camera on the front of a phone,” Toby remembers. Apple’s introduction of TouchID on the iPhone 5S, he adds, played a big part in bringing attention to the world of biometric authentication.

Not more secure, more convenient

Why should our phones scan our eyes instead of our fingerprints? They shouldn’t.

“We don’t see EyePrint as an alternative to fingerprint scanning, we see it as an addition to it,” Rush explains. “When you think about biometrics, there is no right or wrong, but you do need to think about what the user is doing the vast majority of the time when they want to authenticate an action.”

“It’s not more security, it’s more convenience.”

“Heartrate makes a perfect biometric for smartwatches, but don’t make me talk, touch, or look at it. But with a smartphone, you’re either touching or looking at it, and some of the companies we’re working with — on flagship phones — want to provide both. It’s not more security, it’s more convenience.”

EyeVerify’s technology impressed when we saw it on the ZTE Grand S3 back at CES this year. It works by matching the blood vessels in the whites of our eyes, each one of which is like mapping 100 unique points-of-interest on a map, and then another 100 points-of-interest on each one when you zoom in. It’s not the same as iris or retina scanning, and both of these require special camera hardware to measure. EyeVerify’s method, as we’ve already found, only needs a selfie cam.

No additional hardware needed

Without additional hardware cost, even low-end phones can incorporate eye recognition without spending out on an extra component. However, is a low-res front camera up to the job of looking deeply into our eyes?

“The only difference for us is range,” said Toby, when asked if there was a difference between a 2-megapixel and a 13-megapixel front camera for use with EyePrint’s technology. “The better the resolution, the farther away you can hold the phone.” However, even the lowest megapixel front cams can produce surprising results. A single megapixel camera is still usable from 20cm away, for example. For comparison, a 5-megapixel camera is capable of operating from 30cm away, and an 8-megapixel camera is happy at between 35 and 40cm — easily covering most outstretched arms.

Like all good security measures, the authentication process is designed to be quick and seamless. “We don’t want to move a finger to the fingerprint sensor when we’re already looking at the device.” said Toby. EyeVerify is now authenticating at a speed of 500 milliseconds, and even on older processors — such as the Snapdragon 400 — the time is still only just over a second. Interestingly, the graphics processor inside a phone is actually more important than the CPU for EyeVerify, due to the heavy use of image processing. So besides selfies, Rush has the rise of 3D mobile games to thank for the hardware that enables his technology, too.

Nothing stored in the cloud means nothing to hack

There is something pleasingly sci-fi about having our eyes scanned for recognition, but what about the real-world security aspects of biometric authorization? For Eyeprint, there is only one option, and it’s not storing data in the cloud. “It’s never a matter of ‘if’, it’s only ‘when’,” said Toby, referring to data stores like this being hacked. “So we do all of our matching on the device.” To make sure there’s no chance of anything being transferred to the cloud accidentally, EyeVerify doesn’t sell any cloud server software at all.

While this may sound like the simple option, it’s not. “What we had to do is calculate a special security key from your eye, which is a two-step process. Step one is to match the biometric, and if they match at a high enough level, then you pass. We have to go beyond that for step two, and calculate a key that’s the equivalent of a 50-character complex password, which is used for authentication. It’s not just a true or false.” Imagine trying to remember a password of this length and complexity, on an everyday basis.

Should the password be compromised, all that’s needed is a quick reset and re-authentication, and a new key is created. No keys are ever sent from an EyeVerify-equipped device, even if a server-based app is asking for authentication, when a publicly-generated, one-time key is used. It was also a considerable challenge to come up with a way to generate the keys on the device, and not on a server. For data privacy’s sake, it was worth it.

New phones with eye-scanning tech out before the end of the year

Keeping our phones locked, and payment methods secure is only the start. Looking to the future, Toby sees our phones and any relevant wearable devices becoming tied to medical records and health data, for which a higher degree of security will be needed to authenticate when we visit healthcare practitioners. This, combined with increased reliance on our phones for financial and company information, makes reliable, super-secure biometrics even more important.

The more confidential data that’s stored on, or accessed using, a smartphone, the more comprehensive that security needs to become. EyeVerify is working on even more complex keys, and says a 100-character password created by using an Eyeprint ID eye scan — twice what it’s capable of producing now — is possible in the next six months or so.

The good news is, we’re not going to have to wait long for more phones to come out with EyeVerify’s eye print recognition installed either. Toby confirmed that the company is “working with 20 different smartphone manufacturers right now.” Four have already launched with EyeVerify’s technology — ZTE, Alcatel, Vivo, and Umi — and he expects another four before the end of 2015. Soon, look-to-unlock will be as normal and natural as using our finger for a scan, or to tap out a PIN code.

All because we can’t stop taking selfies.

Product Review

From tables to porches, Ring's Stick Up Cam watches wherever you want

Ring’s latest home security camera offers more versatility than ever before, with the ability to mount it, set it on a table, or put it inside or outside. We got a chance to test it out. Here’s how it went.
Mobile

Google insists it’s doing what it can to purge Play Store of malicious apps

Google's efforts to provide a secure and safe Play Store for Android users resulted in the company rejecting 55 percent more app submissions in 2018 compared to a year earlier. But the challenge is ongoing.
Mobile

Google might release a smartwatch and multiple Pixel phones in 2019

Google seems to have a lot planned for 2019. According to a report, Google is planning on releasing multiple new Pixel phones, a smartwatch, a new Google Home, and a Nest Security camera this year.
Smart Home

Lowe’s offers Presidents Day bargains on Samsung appliances, Nest, and Dyson

Anticipating the demand for DIY makeovers, Lowe's Presidents' Day sale has deals on popular products from Dyson, Nest, and Samsung. If you're shopping for a vacuum cleaner, a stainless steel fridge, or home security devices, head to Lowe's.
Mobile

Worried about extra data charges? Here's how to check your usage on an iPhone

It's common to get a little nervous about nearing data limits. Keep your peace of mind by checking how much data your iPhone is using. Our guide on how to check data usage on an iPhone helps you stay in control.
Mobile

North Focals smartglasses discount cuts the price by a massive $400

Canadian startup North is hoping smartglasses will be the next big wearable. After announcing its new Focals smartglasses in late 2018, the company opened product showrooms in Brooklyn and Toronto and has made its first shipment.
Mobile

Exclusive: Take a look at what a next-generation 5G phone will look like

With 5G phones debuting at MWC in mere days, there is discussion about whether they will be clunky bricks that die after a few hours? A reference design from Qualcomm offerrs a glimpse of the future: This is what 5G phones will look like.
Mobile

New Apple patent hints clamshell-style foldable phone may be in the works

Apple has filed a patent for a foldable phone that suggests the company could be following in the footsteps of the likes of Samsung and Huawei. The patent describes a clamshell-style foldable phone with two separate sections.
Mobile

Xiaomi Mi 9 will be one of the first phones with monster Snapdragon 855 chip

Xiaomi's next major smartphone release will be the Mi 9, and the company hasn't held back in giving us a good look at the phone, revealing the design, the camera, and a stunning color.
Wearables

Galaxy Watch Active isn't official yet, but you can see it in Samsung's own app

Samsung may be about to resurrect its Sport line of smartwatches under a new name: The Galaxy Watch Sport Active. Leaks and rumors are building our picture of the device at the moment.
Mobile

Stop buying old tablets, says Samsung, buy the new Galaxy Tab S5e instead

Samsung has launched the Galaxy Tab S5e -- the E is for Essential -- a reasonably priced tablet that includes many of the features we like from the Tab A 10.5, and the Tab S4. Here's what you need to know.
Mobile

Bag yourself a bargain with the best budget tablets under $200

The battle for your budget tablet affections is really ramping up. Which tablet, costing less than $200, should be commanding your attention? We take a look at some different options for the budget-conscious.
Computing

What is Wi-Fi 6? Here's a look at the next evolution of the wireless standard

We're exploring the new naming convention for wireless standards, how it affects the devices you buy, and what the upcoming Wi-Fi generation is changing for the better.
Home Theater

Samsung accidentally leaks its new Galaxy Buds ahead of launch

It's been all but certain that Samsung would launch a successor to its Gear IconX wireless earbuds soon, but a newly leaked photo and recent FCC certification document seems to indicate that the debut is very close.