Security in the eye of the beholder
EyeLock has developed an iris authentication system for the Internet of Things market in response to growing concerns about network security. Adelle King reports.
In late 2016 thousands of hacked internet-connected devices simultaneously sent massive amounts of junk data to a number of key servers that shut down hundreds of websites including Twitter, Reddit, Netflix and Spotify (see www.nytimes.com/2016/10/22/business/internet-problems-attack.html?_r=0).
What made this attack different to those before it was that many of the compromised devices weren’t computers or laptops but Internet of Things (IoT) devices such as CCTV video cameras, digital video recorders and home routers.
The attack proved that hackers now have the capability to use malware to scan the internet looking for vulnerable IoT devices that can be used to attack online targets. With 24 billion IoT devices expected to be installed globally by 2020 according to Business Insider’s Intelligence report, the security of networks has become a growing concern for both businesses and consumers.
EyeLock, an iris based identity management technology company, has developed a biometric solution to this problem known as EyeLock ID.
EyeLock ID has been designed specifically for the IoT market and employs proprietary and patented methods for using the iris to identify and authenticate individuals across physical and logical environments. According to the company, iris-authentication has a false acceptance rate of just one in 1.5 million for a single eye, making it second only to DNA in terms of accuracy in differentiating one person from another using a body part.
The EyeLock ID system consists of a high resolution digital camera working in unison with a pair of IR emitters to capture images of both the right and left eye. Algorithms process the individual frames to find a crystal clear image of both eyes separately and then another algorithm maps the unique design of the irises. From the algorithms a code unique to the individual is created and encrypted with a cipher called AES-256, a widely-used military grade encryption.
EyeLock chief marketing and business development officer Anthony Antolino says because each iris contains more than 240 points of unique characteristics EyeLock ID is an extremely secure system for providing authentication.
“No two people in the world have the same iris design and the right and left eye are different, which makes EyeLock very safe and reliable,” he says.
EyeLock technology, with 45 patents and more than 50 in various stages of patent execution, can be integrated into a number of devices and differentiates EyeLock ID from other solutions on the market.
“We are the only company in the iris community that uses video based recognition technology to do all of our eye finding and image acquisition. What’s important to note though, is that we are not recording the images of the eyes and we don’t keep them so there is no personal information being maintained. Once individuals are enrolled with the irises, only the code is used to create a match on a go-forward basis. The algorithms we use to create this code enable an unmatched user experience that is fast, easy and has the highest degree of security and reliability,” says Anthony.
This technology has already been integrated across a range of platforms, including ATMs, mobile phones, cars and the Qualcomm next generation snap dragon processor.
To achieve this, EyeLock miniaturised sophisticated, high-tech systems that process complicated math and science in real time to allow users to authenticate with a high degree of certainty in less than one second.
As these advancements continue biometrics will begin to play an increasingly important role in network security. Fingerprint scanners have already become common across a number of products and as more devices become connected biometrics will become part of the features consumers expect for next level security.
“I think we’re going to see iris biometrics relative to network security become a utility type of application much like we’ve seen Bluetooth or WiFi become part of our everyday reliance. As a growing number of devices come online and become connected there will be a need for authentication to access different layers of a protocol or different layers of authentication for actions,” says Anthony.
“We’re going to see very rapid improvements and the introduction of new experiences and new ways of doing things because a lot of new infrastructure that has been laid down over the last few years is now available to the end market.”