Eye vein verification

Last updated

Eye vein verification is a method of biometric authentication that applies pattern-recognition techniques to video images of the veins in a user's eyes. [1] The complex and random patterns are unique, and modern hardware and software can detect and differentiate those patterns at some distance from the eyes.

Contents

Introduction

The veins in the sclera—the white part of the eyes—can be imaged when a person glances to either side, providing four regions of patterns: one on each side of each eye. Verification employs digital templates from these patterns, and the templates are then encoded with mathematical and statistical algorithms. These allow confirmation of the identity of the proper user and the rejection of anyone else. [2] Advocates of eye vein verification note that one of the technology's strengths is the stability of the pattern of eye blood vessels; the patterns do not change with age, alcohol consumption, allergies, or redness. Eye veins are clear enough that they can be reliably imaged by the cameras on most smartphones. [3] The technology works through contacts and glasses, though not through sunglasses. At least one version of eye vein detection uses infrared illumination as part of the imaging, allowing imaging even in low-light conditions. [4]

History

Dr. Reza Derakhshani at University of Missouri, Kansas City, developed the concept of using the veins in the whites of the eyes for identification. He holds several patents on the technology, including a 2008 patent for the concept of using the blood vessels seen in the whites of the eye as a unique identifier.

More recent research has explored using vein patterns in both the iris and the sclera for recognition. [5]

Uses

Eye vein verification, like other methods of biometric authentication, can be used in a range of security situations, including mobile banking, government security, and in healthcare environments. [1] [6] EyeVerify, a Kansas City, Kansas, company, markets eye vein verification with a system called Eyeprint. [7] In 2012, EyeVerify licensed the technology developed and patented by Derakhshani. And Derakhshani now serves as chief science officer of EyeVerify.

Advantages

Disadvantages

See also

Related Research Articles

<span class="mw-page-title-main">Authentication</span> Act of proving an assertion, often the identity of a computer system user

Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.

Biometrics are body measurements and calculations related to human characteristics. Biometric authentication is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance.

<span class="mw-page-title-main">Iris recognition</span> Method of biometric identification

Iris recognition is an automated method of biometric identification that uses mathematical pattern-recognition techniques on video images of one or both of the irises of an individual's eyes, whose complex patterns are unique, stable, and can be seen from some distance. The discriminating powers of all biometric technologies depend on the amount of entropy they are able to encode and use in matching. Iris recognition is exceptional in this regard, enabling the avoidance of "collisions" even in cross-comparisons across massive populations. Its major limitation is that image acquisition from distances greater than a meter or two, or without cooperation, can be very difficult. However, the technology is in development and iris recognition can be accomplished from even up to 10 meters away or in a live camera feed.

A retinal scan is a biometric technique that uses unique patterns on a person's retina blood vessels. It is not to be confused with other ocular-based technologies: iris recognition, commonly called an "iris scan", and eye vein verification that uses scleral veins.

Speaker recognition is the identification of a person from characteristics of voices. It is used to answer the question "Who is speaking?" The term voice recognition can refer to speaker recognition or speech recognition. Speaker verification contrasts with identification, and speaker recognition differs from speaker diarisation.

<span class="mw-page-title-main">Hand geometry</span> Biometric identification

Hand geometry is a biometric that identifies users from the shape of their hands. Hand geometry readers measure a user's palm and fingers along many dimensions including length, width, deviation, and angle and compare those measurements to measurements stored in a file.

Living in the intersection of cryptography and psychology, password psychology is the study of what makes passwords or cryptographic keys easy to remember or guess.

In computer security, shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder. Unauthorized users watch the keystrokes inputted on a device or listen to sensitive information being spoken, which is also known as eavesdropping.

Keystroke dynamics, keystroke biometrics, typing dynamics andtyping biometrics refer to the detailed timing information that describes each key press related event that occurs when a user is typing on a keyboard.

Private biometrics is a form of encrypted biometrics, also called privacy-preserving biometric authentication methods, in which the biometric payload is a one-way, homomorphically encrypted feature vector that is 0.05% the size of the original biometric template and can be searched with full accuracy, speed and privacy. The feature vector's homomorphic encryption allows search and match to be conducted in polynomial time on an encrypted dataset and the search result is returned as an encrypted match. One or more computing devices may use an encrypted feature vector to verify an individual person or identify an individual in a datastore without storing, sending or receiving plaintext biometric data within or between computing devices or any other entity. The purpose of private biometrics is to allow a person to be identified or authenticated while guaranteeing individual privacy and fundamental human rights by only operating on biometric data in the encrypted space. Some private biometrics including fingerprint authentication methods, face authentication methods, and identity-matching algorithms according to bodily features. Private biometrics are constantly evolving based on the changing nature of privacy needs, identity theft, and biotechnology.

<span class="mw-page-title-main">Multi-factor authentication</span> Method of computer access control

Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.

<span class="mw-page-title-main">Vein matching</span> Technique of biometric identification

Vein matching, also called vascular technology, is a technique of biometric identification through the analysis of the patterns of blood vessels visible from the surface of the skin. Though used by the Federal Bureau of Investigation and the Central Intelligence Agency, this method of identification is still in development and has not yet been universally adopted by crime labs as it is not considered as reliable as more established techniques, such as fingerprinting. However, it can be used in conjunction with existing forensic data in support of a conclusion.

A whole new range of techniques has been developed to identify people since the 1960s from the measurement and analysis of parts of their bodies to DNA profiles. Forms of identification are used to ensure that citizens are eligible for rights to benefits and to vote without fear of impersonation while private individuals have used seals and signatures for centuries to lay claim to real and personal estate. Generally, the amount of proof of identity that is required to gain access to something is proportionate to the value of what is being sought. It is estimated that only 4% of online transactions use methods other than simple passwords. Security of systems resources generally follows a three-step process of identification, authentication and authorization. Today, a high level of trust is as critical to eCommerce transactions as it is to traditional face-to-face transactions.

<span class="mw-page-title-main">Smudge attack</span> Discerning a password via screen smudges

A smudge attack is an information extraction attack that discerns the password input of a touchscreen device such as a cell phone or tablet computer from fingerprint smudges. A team of researchers at the University of Pennsylvania were the first to investigate this type of attack in 2010. An attack occurs when an unauthorized user is in possession or is nearby the device of interest. The attacker relies on detecting the oily smudges produced and left behind by the user's fingers to find the pattern or code needed to access the device and its contents. Simple cameras, lights, fingerprint powder, and image processing software can be used to capture the fingerprint deposits created when the user unlocks their device. Under proper lighting and camera settings, the finger smudges can be easily detected, and the heaviest smudges can be used to infer the most frequent input swipes or taps from the user.

<span class="mw-page-title-main">EyeVerify</span>

EyeVerify, Inc. is a biometric security technology company based in Kansas City, Missouri owned by Ant Group. Its chief product, Eyeprint ID, provides verification using eye veins and other micro-features in and around the eye. Images of the human eye are used to authenticate mobile device users. EyeVerify licenses its software for use in mobile banking applications, such as those offered by Tangerine Bank, NCR/Digital Insight and Wells Fargo.

<span class="mw-page-title-main">Biometric device</span> Identification and authentication device

A biometric device is a security identification and authentication device. Such devices use automated methods of verifying or recognising the identity of a living person based on a physiological or behavioral characteristic. These characteristics include fingerprints, facial images, iris and voice recognition.

Reza Derakhshani is an inventor and professor of computer science and electrical engineering at the University of Missouri Kansas City. He is known for inventing and developing a biometric security system that uses the patterns of blood vessels in the eyes. His research has encompassed biometrics, biometric spoofing, biomedical signal and image processing, and computational intelligence.

<span class="mw-page-title-main">Thermal attack</span> Type of computer security breach

A thermal attack is an approach that exploits heat traces to uncover the entered credentials. These attacks rely on the phenomenon of heat transfer from one object to another. During authentication, heat transfers from the users' hands to the surface they are interacting with, leaving heat traces behind that can be analyzed using thermal cameras that operate in the far-infrared spectrum. These traces can be recovered and used to reconstruct the passwords. In some cases, the attack can be successful even 30 seconds after the user has authenticated.

Passwordless authentication is an authentication method in which a user can log in to a computer system without the entering a password or any other knowledge-based secret. In most common implementations users are asked to enter their public identifier and then complete the authentication process by providing a secure proof of identity through a registered device or token.

<span class="mw-page-title-main">Neurotechnology (company)</span>

Neurotechnology is an algorithm and software development company founded in Vilnius, Lithuania in 1990.

References

  1. 1 2 Ungerleider, Neal (22 November 2013). "Your Next Password Might Be Your Eye". Fast Company . Retrieved 20 February 2014.
  2. Stacy, Michael (22 February 2012). "Kansas City startup EyeVerify sees opportunity in the whites of your eyes". Silicon Prairie News. Retrieved 20 February 2014.
  3. Miller, Michael (5 March 2014). "Beyond Passwords: Log In With Your Voice, Your Eyes, or Your Face". PC Mag. Retrieved 19 March 2014.
  4. Davies, Chris (24 February 2013). "EyeVerify eye-vein biometrics hands-on". PC Mag. Retrieved 19 March 2014.
  5. Zhou, Zhi; Du, Eliza; Thomas, N. Luke; Delp, Edward J. (2013). "A comprehensive multimodal eye recognition". Signal, Image and Video Processing. Springer Science+Business Media New York, NY, USA. 7 (4): 619. doi:10.1007/s11760-013-0468-8. S2CID   255380965.
  6. Blyskal, Jeff (2013-05-23). "CR Money Minute: Better smart phone banking security?". Consumer Reports News. Retrieved 2014-02-21.
  7. "EyeVerify: Mobile Authentication Through Eye Vein Biometrics" . Retrieved 2014-02-21.
  8. 1 2 Derakhshani, R.; Ross, A. (2007). "A Texture-Based Neural Network Classifier for Biometric Identification using Ocular Surface Vasculature". 2007 International Joint Conference on Neural Networks. IJCNN, Orlando, FL, USA. pp. 2982–2987. doi:10.1109/IJCNN.2007.4371435. ISBN   978-1-4244-1379-9. S2CID   1042317.