The new Samsung Note 7 smartphone includes several security features to protect your device and data including an iris scanner. The Note is the first smartphone, along with the Windows 10 HP Elite X3 to include an iris scanner but expect to start seeing them in your car, in banks and ATMs.
Iris scanners, according to the experts, are more accurate and reliable than fingerprints. The iris is the colored part of your eye around your pupil and like fingerprints each one is unique. Unlike finger prints, as of today anyway, an iris is far more difficult to duplicate or fake unlike a fingerprint. Fingerprints are left behind on everything people touch, iris are not. This is one of the many reasons iris scanning will be used more and more going forward than fingerprints alone.
Like all biometric authentication it is not without faults. Bright daylight, glasses, contact lenses can make the iris scanning dependent on the power of the camera and conditions around them. Although a problem I do not see it to be a prohibited for implementation. There is also the ‘false positives’ where the technology will mistaken accept a biometric incorrectly. For fingerprints the rate is roughly 1 in 100,000, for iris that goes to 1 in a 1,000,000. All dependent on the technology behind it.
In all the reviews of biometric authentication all the publications and experts focus on the singular method. Only the finger, only the iris. All with their faults but I haven’t seen anyone talk about creating a mutli-component biometric authentication. Taking one or more bio components and combining them into a singular match. If the first component matches and the second fails the user is blocked. In the case of a false positive your ‘false’ readings would grow exponentially to a double false to let the wrong person in.
I am talking about facial recognition as the first step. An iris scanner would be the perfect method to include facial recognition as the first step. As you raise the phone to your face you need to move is past the profile of your face to get close enough for the phone’s camera to see the iris. A quick pause on the way in could scan the face, check it as the user scans the iris. When both match, done.
Multi-bio biometric. Use your face. Facial recognition is already widespread, Facebook is sure good at it, a component that only compares one face to the face stored would be minimal if noticeable speed. Now you have a compound key, significantly reduce the false positive rate and greatly increase the security with minimal impact from an iris scan process today.
It only makes sense that when you are doing an iris scan you want to make sure the eye that is being checked is attached to the face that registered it. No?
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.