DIY Iris Scanning? 54
gadzook33 asks: "There have been rumors floating around about DIY iris scanning, using digital cameras for biometric security. Iris scanning presents a fantastic alternative to password-based authentication but hasn't really come to our desktops yet. I've looked around but can't find any concrete material on the subject. Is anyone doing this? Are there any efforts to develop open software for this sort of thing? Are patents holding things up? Given that passwords are an almost defunct technique for protecting data in certain situations, it would be nice to have an alternative."
Re: (Score:2)
Re: (Score:3, Funny)
Oh, and carry a few spare eyeballs with you- you know...backups!
Re: (Score:2)
eye scanner (Score:2, Insightful)
Re: (Score:2)
The problems I see with using cameras to take the picture is you'd have to have some form of size reference to do the mapping and have some points that align the sample to be compared. Lighting and visual mistake could also cause problems. On top of that dealing with damage (short or long term) to the eye would be a huge problem...Imagine a scratch to your eye or if you had a blood shot eye. So in reality pas
Why would I want to... (Score:4, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Better than retina scanning (Score:5, Funny)
Aaargh! Wrong laser! (Score:3, Funny)
Re: (Score:2)
Re:Better than retina scanning (Score:4, Interesting)
dave
Re: (Score:3, Interesting)
things most people would rather keep to themselves.
dave
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
really? (Score:5, Funny)
Re:really? (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Not an alternative... (Score:5, Insightful)
However, any system can be spoofed or cracked. And if someone figures out how to feed information into a scanner that looks (to it) exactly like my iris, well then I'm fucked. That person is me anywhere they do an iris scan.
It would be like someone stealing your passwords and you not being able to change them.
Useful? Yes. But as an additional level of security, not an alternative.
Re: (Score:2, Interesting)
1.) A key and irreplaceable component of any authentication instrument is a revocation feature. You state that biometric passwords are not changeable. Biometrics are just as revokable as passwords. In both cases, the user must recognize that the instrument has been compromised and tell his keymaster. In the password case, you simply ch
Re:Not an alternative... (Score:5, Interesting)
As for 2), the basic feature of biometrics is that it's simple. You touch a surface or look into a lens, and that's all, no typing passwords, no entering codes or searching your wallet for magnetic card. Take it away and you take away half of the charm of biometrics. You only leave the scare "they will knock you out and take your eye out in a dark backstreet to break in" plus vague and unreliable info about high security, which is neither verifiable nor unhackable and definitely doesn't appeal to management.
It's a bumpy road ahead of biometrics.
Re:Not an alternative... (Score:5, Insightful)
If simple biometrics become prevalent, then someone stealing my iris print (for example) would pretty much end my life. I wouldn't be able to have a bank account or any other kind of security. Either my accounts would be wide open to whoever had a copy, or no bank would issue an account to a security risk.
At least until I could grow a new eye. It's identity theft on a very personal level.
2) Sure, they're getting more advanced. They could hardly be more primitive. However there are two problems with making them more sophisticated:
a) You can't make security so sophisticated it can't be broken. (duh.)
b) The more complex a system is the more likely it is to fail. I'm not an expert in the field, but many of the things you propose would ilkley prevent me from accessing my account if I was ill or under the effect of any number of legal drugs. Which is of course unacceptable.
A system that sophisticated will cost a ton of money. Compare that to to the cost of a card reader and 12 button keypad found on most ATMs. The amount of ATM fraud based on stealing user ID's at the terminal is much smaller than cost of installing and maintaining biometric devices and will be for the foreseeable future.
Re: (Score:2)
"No, I'm sorry sir, you did it all yesterday -- I have it right here with a proper biometric scan.... Well -- I'm not trying to accuse you of anything -- but, if you were in Hawaii until this morning, then how did you provide an iris scan here yesterday?"
Re: (Score:1)
useless (Score:1)
anyone with a telephoto lens can steal your key
Re: (Score:2, Interesting)
Static Iris Scanning is useless, not dynamic (Score:5, Informative)
What is a dynamic iris scanner? One that looks not only for the unique patterns of the eye, but also simultaneously measures retinal response to stimuli such as dimming and brightening of the display. This is much more difficult to spoof (you would essentially need to build a model of the target's eye that could respond to external stimuli and then hold that up to the scanner).
Combined with facial recognition, dynamic iris scanning is very potent. First it recognizes your face and then your eye and then the retinal response with stimuli that is timed to be somewhat random. Just don't try to log on after a night of pubbing.
Better Yet, Go Multi-Tier (Score:3, Interesting)
Re: (Score:2, Interesting)
Each key will be a finger-print scanner. If you type home-row then match the keystrokes to fingers that are supposed to be used. When you press down on a key, it will take a photo/whatever of your finger and analyze it to a small database at the system[/kernel?] level to see if they match up.
If the finger print doesn't match, keypress is ignored.
You would need some incredibly quick fingerscanners for each key, and it would be VERY p
Re: (Score:1)
Standard warning: (Score:3)
Re: (Score:1)
Biometrics is very hard to get right. (Score:3, Insightful)
And you cannot change your face or iris, like you can change a password....
Re: (Score:2)
Little red lights (Score:2, Funny)
How I would do it... (Score:4, Informative)
I would attempt to obtain a fake eyeball of some sort. While it wouldn't work perfectly, it would give me some sort of method by which to focus with. Mounted with some tape to the eyecup, and then positioned in front of the webcam, I would be able to determine the focus fairly quickly.
I would then set up some kind of "ring illumination", wherein I would create a "ring" of LEDs - red/green/blue/IR - through which the webcam would peer. Focussing again might have to be adjusted. This ring would be set up in such a fashion so that I could trigger which set(s) of LED's would be active at once - likely via USB control, too.
Once I had that set up, and focussing correct, I would then work on the software. For this DIY project, I would simply set things up to take multiple image captures of my own eye, process the images through some filters to reduce the information to just my iris (cue on the white of eyeball, and black of the pupil), then (in some manner), use these images to create an "eigeniris" image, some kind of "average" of all the images I took (over several days or months, in different levels/conditions, so as to have the best average available). Then, the software could take an image, compare it to the "eigeniris", determine if it falls within range, and use that to trigger or deny access (to whatever).
That would be the route I would take if I was doing this. Overall, the hardware portion seems the simplest to implement - the software is where you will bog down. Just like any other pattern recognition project, I would imagine...