You hold your smartphone in front of your face, the angle and distance guided by on-screen feedback. It flashes near-infrared (NIR) light into your eyes -- a brief dull-red glow. Your smartphone recognizes one or both of your irises, and unlocks itself.
At least, that's the new smartphone login scenario. Previously seen mostly in military devices and fixed installations, iris scanning is joining other biometric authentication methods (such as fingerprint scanning, facial recognition and voice recognition) intended to move mobile devices beyond the limitations of password-based security.
But how exactly does iris scanning work? And is it really more secure than any of the other methods? Read on.
How it works
The iris is the colored ring in the eyeball between the central pupil and the sclera (the outer white area). It contains muscles that control the aperture of the pupil along with interlaced ligaments of connective tissue.
While the color of the iris is determined by genetics, the patterns in the ligaments are created by random tissue folding during gestation and are unique to each eyeball. The odds of any two irises being identical has been calculated to be one in 10 raised to the power of 78. Barring injury, the patterns remain stable through life, unlike faces, voices and even fingerprints.
While the color of the iris is determined by genetics, the patterns in its ligaments are created by random tissue folding during gestation and are unique to each eyeball.
"There are 225 different points of comparison that are unique to each iris, compared to 40 on a fingerprint," says Patrick Moorhead, analyst at Moor Insights & Strategy. "So iris scanning can be more accurate. And fingerprints get worn, calloused, and dirty -- and in winter you have to wear gloves."
So it's no wonder that smartphone vendors are adding iris scanning capabilities to their new devices. As of this writing, smartphones with iris scanning included the Microsoft Lumia 950 and 950 XL, the Samsung Galaxy Note7, the Fujitsu Arrows NX-F-04G, the ZTE Nubia Prague S, and the new HP Elite x3.
As for how they work, published specifications and responses from corporate spokespeople are sketchy -- for a reason. "No one is very boastful about how secure they are, since it would make them a target for black hats," says Moorhead. "They want to keep it a mystery. The more people you tell the details to, the less secure it will be."
Less reticent is Daehoon Kim, founder and CEO of IriTech, a Virginia-based maker of stand-alone iris scanners and component modules for smartphones.
"Due to advances in [image] capturing technology, iris scanners no longer require dedicated and bulky camera sensors and lens," he says. "Instead, high quality iris images can now be captured using [off the shelf] CMOS sensors, with negligible extra cost for an NIR LED."
Sign up for Computerworld eNewsletters.