Iris Scanners Are The New PIN

by Salil Prabhakar, CEO, Delta ID    May 03, 2017


For most of us, there isn’t a day in our life that passes without the use of passwords or PINs. And perhaps there also isn’t a day in our life that passes without us mistyping or forgetting and resetting a password or PIN. Mobile phones with small touchless keyboard have made the problem even worse.

Thankfully nature has a solution. It is the use of biometrics. Each one of us have unique body features – face, fingerprints, eyes (iris) – that can be used as password or PINs that we will don’t have to remember and we will never forget. But not all body features are equal when it comes to the use of these features as a password or PIN. When looking at any biometric modality for use as a secret code for authentication, we need to measure them on three scales – security, reliability and ease-of-use.

In this age of selfies, we all know how easy it is to use a mobile phone to scan face. But face recognition falls short when it comes to security and reliability. Computer algorithms are not able to draw enough uniqueness to reliably distinguish one face versus the other, or rightfully recognizing your own face the very next time. Even worse, face recognition can be easily spoofed by using a picture of the user.

Fingerprint scanners have become ubiquitous in mobile phones, they are easy to use and fairly secure, but tend to be less reliable for people across various occupations and age groups. Fingerprint scanning is severely affected by what people touch or do with their hands. People involved in manual labor, such as construction workers, farmers end up damaging their fingerprints. Many young people have soft skins with wrinkles that affects scanning of their fingerprints, many older people have dry and brittle skin that does not have the appropriate contact for scanning.

In the last 18-24 months, many mobile phone manufacturers, including Samsung in its latest flagship Samsung Galaxy S8, have launched iris scanners. Iris scanners measure much better on all scales – security, reliability and ease-of-use. So, what makes iris scanners perform better?

Iris is the doughnut like muscle structure around the pupil of the eye. Iris has rich and unique patterns, similar to the fingerprint pattern, which is used by computer algorithms to derive a unique “password or PIN” and associate it with the individual to authenticate him or her. The advantages of iris stem from the these patterns, and how they can be scanned in a reliable and cost-effective way.

The pattern of the iris is more complex, hence, yielding more informational content, more entropy, and higher level security of the “password or PIN” generated using the iris. Fingerprint patterns are simpler as compared to iris patterns, and thus, have lower information content, and lower security of the “passwords” that can be generated. In a way, fingerprint pattern generates a 4-digit passcode, while the iris due to its richer pattern generates an equivalent to a 6-digit passcode.  In this aspect iris scanning provides higher level of security compared to fingerprint scanning.

The iris is an internal organ, completely covered by a transparent layer called cornea. It remains unaffected by external conditions, and does not change with age. Hence, iris scanners work reliably for people across age groups and occupations. The iris scanning process is simple and easy to use – just a very short glance at the smartphone is all it takes to scan the eye to authenticate the user. It starts and ends in the natural action of lifting and bringing the smartphone in front to use.

Iris scanners are fairly simple and inexpensive. They use a slightly modified front or back facing cameras found in almost all smartphones. In the near term, iris scanning will be able to share the same front or back facing cameras that are used for taking pictures, further reducing the incremental cost for mobile manufacturers to add iris scanning.

With iris providing a higher level of security, reliability and ease-of-use at lower cost and complexity, more consumer mobile devices are expected to provide this technology as “passwords or PINs” for us to easily access our devices, applications and services. 

[Disclaimer: The views expressed in this article are solely those of the authors and do not necessarily represent or reflect the views of Trivone Media Network's or that of CXOToday's.]