Iris biometric secures mobile app
06 April, 2011
category: Biometrics, Library
Much of this issue examines use of the mobile device as an identity token. Key to this use is enabling biometric authentication on the handset to establish the identity of the user prior to initiating secure transactions.
In the U.S. very few handsets are biometric enabled. But since most devices are equipped with cameras there has been a move to use them to capture the biometrics instead of adding dedicated hardware.
WinkPass Creations did just that with its eyeD application for iPhone 4. The application uses the back facing camera on the handset to capture and then authenticate the user’s iris image.
To enroll and begin to use the app, I captured my iris image three different times to create the template that would be stored for future comparison. Going forward, I had to authenticate by capturing my iris image and passing the comparison test, in order to gain access to the eyeD application.
The application itself is really just a secured file that can be used to store important data–such as account information, user names and passwords–using AES 256-bit encryption.
I used the eyeD application for more than a month and found it interesting but lacking in several key areas. My main criticism of it is its limited functionality. I am not convinced that it’s worth the effort simply to protect a file containing passwords and other data.
Unfortunately it is not integrated to enable access to the iPhone itself or to restrict access to other applications. If I could use it as a strong authentication factor for access to a specific application, such as online banking, I would have a more use for it. But I suspect this isn’t the fault of the app or its developer; Apple would have to enable eyeD as an authentication factor and that process would likely be rigorous.
As for its usability I didn’t have too many problems, though a novice might have some issues. It requires use of the rear-facing camera on the iPhone 4 because it needs the flash to capture a good image. Because you cannot view your target image on the screen using this camera, lining it up correctly and maintaining the necessary four to five inch distance from the face is a bit challenging. Once you get the hang of it it’s no big deal, though I never got used to the flash going off in my eye and the spots I’d see for a couple of minutes after authenticating.
In future versions of the application, Winkpass wants to add voice prompts so the user will know where and how to hold the device in order to grab a good image, says Leon Atkinson-Derman, president at Winkpass Creations.
I did test the app with some other people, and while it’s far from a scientific study, nobody else I tried to authenticate was able to access my system.
What would make the biggest difference with this app? Clearly, the ability to use the front facing camera would help. If I could hold up the camera and align the iris to a specific place on the screen while watching in real time, the usability would increase tremendously.
But because of the lack of a flash and the lower resolution of the front facing camera, it likely won’t happen unless the iPhone makes a change, says Atkinson-Derman.
Winkpass is working on a separate application for facial recognition that would use the front facing camera, Atkinson-Derman says. And, he adds that the company will release a version of eyeD for Android powered devices later this year.
