Voxx sees iris scans putting password era to bed

Jan 07, 2014
Voxx International wants iris recognition technology to render passwords obsolete, offering a "one in two trillion" level of online security

Voxx International wants iris recognition technology to render passwords obsolete, offering a "one in two trillion" level of online security.

The US-based consumer electronics company once known as Audiovox on Monday unveiled myris, a hockey-puck size gadget that allows a gaze to be the key to unlocking a computer, teller machine, or any other device needing a password.

"Only DNA is more accurate than iris identity authentication," Voxx Electronics president Tom Malone said while introducing myris, which was made in collaboration with biometrics firm EyeLock.

"The chance of a false match is one in more than two trillion."

Myris scans eyes and converts each individual's unique identifying data into an encrypted code, according to Voxx.

The device can then be plugged into USB ports to access machines or online accounts with one's eyes.

"Photos or video recordings of faces won't work," Malone said during a press event here on the eve of the formal start of the international Consumer Electronics Show.

"This is truly the elimination of passwords."

Voxx billed myris as the first consumer-facing version of the , which had been kept out of reach by complexity and cost. While not releasing pricing, Malone said myris will be available at affordable prices through retailers.

He envisioned the technology being put to use to safeguard bank accounts, hospital records, and other valuable personal data as well as for people's devices and online services.

"Identity theft is a worldwide problem and we have a global solution," Malone said. "To say biometrics is a growth category is an understatement."

Iris authentication has been available to corporations and enterprises for years, but no platform has been simple enough for consumers to use in everyday situations, according to Voxx.

"Eyelock is the only iris authentication technology to employ fast motion video and dual eye authentication, allowing us to provide a more seamless, simple and user-friendly experience, with unparalleled levels of security," said Eyelock chief executive officer Jim Demitrieus.

"Partnering with VOXX Electronics guarantees our technology will reach the broadest possible audience and propel digital security into the next era."

Explore further: Biometrics researchers see world without passwords (Update)

add to favorites email to friend print save as pdf

Related Stories

EyeLock brings biometric security to your websites

May 13, 2011

(PhysOrg.com) -- Biometric security is always a field of interest for those people who need to keep your data secure. Currently, it is used in a wide variety of high security applications, mostly by large ...

Authentic brain waves improve driver security

Sep 05, 2013

One-time entry authentication methods, such as passwords, iris scanners and fingerprint recognition are fine for simple entry whether to a protected building or a private web page. But, a continuous biometric system is needed ...

Google vision of password rings heard at security event

Mar 13, 2013

(Phys.org) —Google finds much appeal in gaining the distinction of leading the way toward a future where USB sticks and rings can replace traditional passwords. The idea of killing off passwords has been ...

Recommended for you

FIXD tells car drivers via smartphone what is wrong

13 hours ago

A key source of anxiety while driving solo, when even a bothersome back-seat driver's comments would have made you listen: the "check engine" light is on but you do not feel, smell or see anything wrong. ...

User comments : 10

Adjust slider to filter visible comments by rank

Display comments: newest first

CuriousMan
4 / 5 (5) Jan 07, 2014
And how do you ensure that the signal received by a server from a "retina scanner" is actually scanning a retina, not just re-sending a signal captured elsewhere? Would Voxx build some validation mechanism into their scanners? Which puts their servers at the center of all transactions, able to mine all that data? How very kind of them. 93 ASCII characters in an 8-character password provide 5,595,818,096,650,401 possible combinations. A retina scanner would be convenient for those who don't want to remember passwords, but not necessarily more secure.
JRi
not rated yet Jan 07, 2014
Samsung is apparently planning retina scanner for their new smart phones, perhaps for Galaxy S5:

http://www.design...ures.htm
shavera
3.5 / 5 (6) Jan 07, 2014
and what happens when the database of retina scans is hacked and retina ids (as some kind of bit stream readout from the display) are released to the wild? I think I'm more familiar with password databases being cracked these days than individual passwords being brute-forced open.

It's not like I can change my retina/iris/fingerprint. I can change my password. If we want some kind of tokenized password system, better to have some physical USB "key" (analogous to a key for my door or a key for a bank lockbox), plus some pin. Or some other 2-factor ID.
Returners
1 / 5 (2) Jan 07, 2014
Encrypt the data on your own machine using a code the "cloud" does not know with a password you know.

Send to the Cloud. Cloud encrypts again using your normal "log-in" password. This way even if someone hacked the cloud and got the "log-in" password, and decrypted on their side, they still would be unable to read the information.

Problem is, the cloud-side applications wouldn't be able to do "work" on data that was encrypted on the user side without having the second password and algorithm in their database anyway, which defeats the purpose of the idea.
Zephir_fan
Jan 07, 2014
This comment has been removed by a moderator.
Returners
1 / 5 (2) Jan 07, 2014
Zephir:

I will be reporting every post you make like this from now on for personal harassment.
Zephir_fan
Jan 07, 2014
This comment has been removed by a moderator.
antialias_physorg
5 / 5 (2) Jan 07, 2014
The chance of a false match is one in more than two trillion

Well, yeah: right up to the point when someone just puts a fake iris scanner out there (or just hacks into one to read the input from your retina)...then 3D prints out an object that will read as your eye (or just plays the image back using an appropriate screen). And as shavera points out: Once hacked your retina is useless. It's not like you can change it whenever you want.

Send to the Cloud. Cloud encrypts again using your normal "log-in" password.

Sweet lord: No. Encrypting something twice is always worse than encrypting once (because you are dropping security to the worse of the two encryption schemes)
Here I have to side with Zephir_fan: Please don't put out an opinion on something you have no clue about (encryption/data security).

Problem is, the cloud-side applications wouldn't be able to do "work" on data

Ever heard of homomorphic encryption?
Ojorf
not rated yet Jan 08, 2014
Regarding all the critical comments above, this is supposed to replace having to (remember and) type in a (secure) password. I think it should be easier and more secure.
Just think, it wont be long before someone just puts a fake keyboard out there (or just hacks into one to read the input from your typing) .
And how do you ensure that the signal received by a server from a "keyboard" is actually being typed, not just re-sending a signal captured elsewhere?
:)

Whydening Gyre
not rated yet Jan 08, 2014
Here I have to side with Zephir_fan: Please don't put out an opinion on something you have no clue about (encryption/data security).

Returners. I believe this is might be AP's actual job, so you might want to listen to him on this one. Unless, of course, God tells you not to in a vision...

Ever heard of homomorphic encryption?

No. Can you elucidate?
Bob_Wallace
not rated yet Jan 08, 2014
And how do you ensure that the signal received by a server from a "retina scanner" is actually scanning a retina, not just re-sending a signal captured elsewhere?


You do some things like hit the eye with a flash of light and observe pupil reaction. Flash a beam off the retina and check the returning wavelength.

In the case of an ATM you grab the face and do facial identity while confirming that it's a live feed as the person approaches. Then do the eye to make sure it's not the evil twin.

Bounce a light beam off the person's shoulder/whatever.

There must be multiple other pieces of data that can be used to make spoofing extremely difficult for those times when the potential loss is extreme. For the $200 max ATM theft the eye scan is likely far more than what is needed.
KBK
not rated yet Jan 12, 2014
The problem is that retinas are not fully formed when the child is born.

This means that the birth stressing and load and the initial 6+ months of life and any stress afterward, will show up as a pattern in the eye.

Like growth rings on a tree, or in the bone of a person, teeth, etc. all these different methods of checking on growth and patterns; comparatively...this sort of thing can be done with the eye.

What the end result will be, as the database builds..and techniques are considered and tested...is a database that can be mined for psychological and physiological metrics.

That the privacy of a person's internal makeup and their deepest drives, will be breached.