1359553
story
prevost writes
"Three bank machines using retina-scans were turned on in Texas yesterday. Cool because it's harder for me to lose my eyes than my ATM card. Scary because eyes're harder to replace after you're mugged. Read more about it "
Re:Backup system would be needed as well (Score:1)
Aniridia ? (Score:1)
not an ATM machine. (Score:1)
Dead people's eyeballs? I don't think so (Score:2)
The thieves can then go to a regular cash machine, pull out the camera, crocodile-clip the camera nodes to a lap-top, and play the scanned sequence back direct to the internal reader. They can then withdraw as much cash as they want.
Now here is the real problem with biometrics. With the fake regular ATMs, the banks and police can put out a warning and those that realise they have been duped can quickly cancel their cards and get new ones sent to them. So how exactly can someone do this with an eye pattern that will remain with them for life?
Re:Only an eye? (Score:1)
BTW, re the title of the article, it's an iris scan, not a retinal scan.
Re:It's not an "ATM Machine" (Score:1)
Sorry, couldn't resist.
Excellent point (eom) (Score:1)
I'd think not. (Score:1)
With an unhashed value, one can allow a certain level of variance (due to electronic noise, lighting and other Real World stuff).
for more info (Score:1)
For more information about the technology behind this click here [sensar.com] to go to the Sensar website.
Re:It's not an "ATM Machine" (Score:1)
Or "SCUBA apparatus"
Re:Bypassing this security (Score:1)
bioauthentication still has one flaw. consistancy. regardless of how many "charictaristics" there are, they all still boil down to 0s and 1s. to circumvent this kind of security, you will just need to be able to produce a standard, expected responce in a predetermined format. this could be done on the front end (the retinal scanner) or on the wire on the otherside of the scanner. i don not wish to say that a gauntlet has been dropped, but it is something to think about.
Re:We need this on the desktop (Score:1)
One magazine (PC Magazine?) did a review of thumb and voiceprint scanners. The best price/performance device, and one that they weren't able to circumvent via trickery, was the U.are.U fingerprint scanner, a ~$100 USB device. I'd love to have one, so simple even a small child can use it.
I tried websearching but couldn't find a homepage for it though.
Re:Wierd alternatives.... (Score:1)
Re:Eye Thieves.... (Score:1)
hash it? (Score:1)
OTOH, i simply presumed that they did this in the first place . . .
You are correct (Score:1)
Sensar, and he indicated that the
scanner will reject dead eyes and the like.
Re:Iris scans not retina scans... (Score:1)
Uhh.. (Score:1)
The only possible "privacy" concern I can think of is having an image of your iris available to your bank, which is personally something I could care less about, but some of the more paranoid on slashdot have loudly pointed this out.
Re:Privacy? Sure. (Score:1)
It's also quite possible that a PIN will still be required to make a withdrawal. (Though I suppose if they've found some way to get at ultra-secure information like your iris image from the bank, they could get your PIN too, but I've never in my life heard of a single case where a PIN was retrieved from a bank...)
Re:Backup system would be needed as well (Score:1)
Though, like the other poster mentioned, iris scanning probably won't be the only way you can access your funds from an ATM.
Re:Contact Lenses (Score:1)
I doubt that this will be the only way to retrieve funds from your local ATM, however. There surely will be backup methods (like your traditional ATM card + PIN).
Re:Uhh.. (Score:1)
I guess if you're really that paranoid you could make all of your ATM transactions using ski masks and platform shoes, but c'mon...
Re:We need this on the desktop (Score:3)
If the data's coming off the net, who knows - it might be coming off a hard disk, grabbed from a sniffer, or anywhere....
If your password gets compromised, you can change it.... how do you change your eyes?
--
Re:Apple's Latest Voice Technology (Score:1)
Iris/Retina (Score:1)
In mid-1980sh, it was discovered that AIDS virus does transfer with eye fluids. It was discovered when some major biometrics conference was under way. Noone at the conference agreed to test retina scanner, and that was the death of retina scanners.
Re:Alternative...except (Score:1)
Getting your "eye" riped .. (Score:1)
From what I remeber about these systems (Gata love the Discovery channel) they won't work if the eye is no longer attached to the user. The systems check to ensure that the eye is still "alive". (Small changes/fluctuations in the iris)
If someone mugs you and pokes out your eye the ATM will not authenticate it (the eye) because these changes will no longer occur. A picture won't work for the same reason.
The only way you can be mugged is either after you got the money out. Or haveing the mugger make you takout the cash at gun point at the cash machine. So nothing has really changed with the exception of not having to remeber a card and a pin number.
Ex-Nt-User
Re:How did they... (Score:1)
They didn't say how they tested that it works.. just that it does. I figure they did it with animals or something like that. (I know not a pleasant thought)
Ex-Nt-User
Re:Actually, we need an open source directory serv (Score:1)
Contact Lenses (Score:2)
Re:Not the first (Score:1)
Regards, Ralph.
Re:Scalpel muggings. (Score:1)
1) The thing requires the eye to be alive. Won't work with a goughed out eye anyway.
2) In comment to the guy talking about now someone will wait until you scan your eye and then shoot you or some such nonsense, WHERE ARE YOU LIVING? That happens all the time anyway.
This is so much more secure than an ATM card... the biggest valid problem I've heard with it was the fact that a parent doesn't have the option of telling their kid "go get me $40" or having a friend do it.
These, BTW, aren't anything new, its just the non-testing installation of it thats new. There've been a bunch of banks around the country doing it for a year or so on a testing basis, or at least so I remember reading last year.
Re:What about... (Score:1)
I've never heard one voice prompt me...
Re:But a high-rez display with appropriate softwar (Score:1)
I think they're into the near infared, so that the image remains contrasty with people whose eye color changes, etc...
Either way, I'd guess if you had a way to get a hires animated image of someone's eye, and fool the machine (which has to be looking for other facial items to even locate the eye -- you don't stick them in front of the camera with these), you're probably clever enough to steal the money from the bank in less easily-catchable ways than stealing from an ATM.
You do know that ATM machines photograph every transaction right? You're gonna look pretty silly holding the display over one of your eyes and hoping it'll work.
Iris scans and Friday nights... (Score:1)
In short time, ye old peace pipe can route more than 266 points of information on thee iris! After a night on the town, it might refuse to hand over the dough!
How long will it take for iris roadside checkpoints to catch the drivers that have been hammered and stoned? "We saw your red eyes all the way down the block, step out of the car please!"
Scalpel muggings. (Score:5)
Dan Wineman
Re:Apple's Latest Voice Technology (Score:1)
However it's not _that_ good, trust me.
(Fortunately it rarely screws up as wildly as the Newton sometimes did. 'Course, the Newt had some degree of learning, and PlainTalk does not.)
Eat up Martha.
I'd think that biometrics would be a security risk (Score:3)
I'll stick with different passwords for everything important, thanks.
Re:It's not an "ATM Machine" (Score:1)
DNA is easier to steal, too. (Score:1)
That must be one of the most insecure ways of identification, except for the From field in e-mail messages or news articles.
If you believe that DNA is good enough to identify you, and at the same time think it is scary that virtually anybody can pick up the scraps of your own body you leave behind to _track_ you down, I'm really, really surprised that you can't connect the two to:
The same virtually anybodies can take those scraps of skin, hair, blood remains etc from your garbage, hotel room, car, whatever _and put it somewhere else_, pretending that you were there. But of course you weren't there, just some minor parts of you somebody else stole.
You don't have to see "Conspiracy Theory" and believe in it to think that these things can happen. They can happen because someone has thought about it, and because there tend to be people who abuse every new thing they can come across. That can be your everyday psychopathical specimen, it can be a super-secret government agency (for which government?), it can be organized crime, it can be a prankster, it could be an accident.
So don't go around trusting DNA to be of any help.
What are the alternatives, then, if you don't believe an iris or retina scan is good enough?
Well, you can apply some modern image recognition software. Today, it's possible to recognize a person from her facial features, even through physical changes such as minor injuries (swollen eye, fresh cut across the face, etc), with a precision similar to that of fingerprints (I honestly cannot remember which way is more sure, except for fingerprints having lots of "proven" technology behind it).
This makes it possible to recognize that person's most common facial expressions.
Take this one step further, into recognizing several facial expressions in succession (that is, the way your face changes).
Use cameras from several angles to make sure that it is a real person, and not some face superimposed on a dummy/robot.
Require that your voice is synchronized with (and matches) your facial movements when you say "I want to withdraw some money" (or whatever your not-so-secret passphrase is).
Feel free to combine this with some other method that can be performed simultaneously, such as measuring iris response to varying light level, blood pressure and pulse, perhaps even the fingerprint (but that can be faked more easily).
The bonus for the customer is that this would take less energy and time than remembering a PIN code and punching it in, and/or leaning towards a scanner to measure the exact retina, but would still be at least as secure.
The downer is that this technology has yet to be actually implemented, tested and "proven" in a real user environment, and that it'll probably be a bit expensive for the next five years or so, until technology catches up and becomes really cheap.
This doesn't prevent someone from threatening you or your family to force you to withdraw money, buy a Corvette or whatever, but what does? Maybe sometime in the future, we can actually determine for sure whether someone is under pressure for doing things, and that she shouldn't be doing it. I somehow doubt that, but we'll hopefully live to see.
Camera positioning (Score:1)
I hope that they are providing an alternate way of identifing yourself. Like the old-fashioned ATM card with a PIN.
Re:Iris scans not retina scans... (Score:1)
I doubt most people would want to subject themselves to a retina scan given the current state of the art. It requires the scanner to come into direct contact with the eye.
Actually, no.
I had a retinal photo the other day as part of my latest eye exam. The lens does get close-in, but it didn't touch my eye. It does shine a very bright linear light in, and the camera rotates from one side to the other (like a panoramic camera).
The afterimage of the light had very clear tracery of the retinal blood vessels in it.
Re:Scalpel muggings. (Score:1)
What we need is a reliable anonymous electronic payment system.
In a way, we have this already. Have you ever used a pre-paid phone card? You pop your money in, you get a card worth whatever you paid (typical amounts: $5, $10, $20) with an ID number on it.
There's no way to associate that card with you because the PIN (really an account number) is set when the card is printed, long before you walk up to the machine. Ran out? Get another!
A similar system is the DC metro, where you put money into a machine and get a paper card with a mag-strip on it. When you go through the gate you pop the card into a slot; at the other side you get a new card with the amount left printed on it. When you don't have enough left to go through a gate, you can pop the card into a farecard machine and add money; the value of the old card is added to what you put in and you get a new card.
I think a hybrid of these would work. You'd have a machine like an ATM, run by Your Favorite Credit Card Company. You put money in, give it a PIN for cash withdrawals and it spits out a card with a magstripe. Then you take this to a merchant and they run it through just like a Visa card.
The merchant knows they'll get their money because it's run by Visa (or whoever). You have your privacy.
Actually, we need an open source directory service (Score:2)
sendmail, imap, inn, nfs, lpd, apache
We do have Open LDAP but I find it a bitch to set up and use. Don't know much about the Open Group's DCE, it looks expensive.
I guess one could roll one's own (using PAM and such), but that is more work than most people care to do.
Iris scans not retina scans... (Score:2)
Re:Bypassing this security (Score:1)
see the movie, how did they do it?
Only an eye? (Score:3)
1. something you HAVE
2. something you ARE
3. something you KNOW
/me shrugs.
Re:Another privacy concern... (Score:1)
Re:It's not an "ATM Machine" (Score:1)
Argh. I'll be ok.
Re:yeah, but what about... (Score:1)
Incidentally, my eyes change color, as well. It's kinda fun. My eyes are brown or green or somewhere in between, depending on my mood.
Fashion Models better ATM disable their accounts (Score:2)
I am sure that there are plenty of pretty high resolution photographs that show details of people's irises. For example, people on magazine covers. How difficult would it be to laser print one on an elastimer sheet, and distort the iris sections mechanically to simulate pupil contraction. A photocell here, a solinoid there, ia bit of circuitry, and boom, a photosenisitve facial fascimle.
Sure magazine could use photoshop or such to replace irises in pictures before publication, but what about the thousands of pictures already out there.
Irises are just too 'out-there' in plain sight. Its like walking around with your pin number tatooed on your face. Anyone with a telephoto camera could steal it.
Re:Scalpel muggings. (Score:2)
I mean, all we've done here is make the crime all the more violent and personal, with the added bonus of throwing your privacy out the window. I *like* anonymity. I don't care that there's a %0.01 chance that somebody might guess my pin and rip me off - that's what insurance is for. All I'm seeing is a bunch of greedy companies trying to keep the criminal element out... by compromising our privacy and anonymity.
--
Do these machines have instructions in Braille? (Score:2)
are Americans without eyes...)
Re:We need this on the desktop (Score:1)
On a network it would have to be a combination of cryptographic authentication and a tamper-resistant reader (no such thing as tamperproof).
Without this it would be ridiculously easy to sniff your iris/finger/hand/face/voice print over the network and impersonate you.
The embedded cryptographic engine inside the tamper resistant reader would use a challenge-response algorithm to ensure that:
1. The scan comes from a real scanner
2. The scan has been performed in the last few seconds.
Without this, it is useless.
Desktop biometrics - dangerous unless done right (Score:5)
On a network it would have to be a combination of cryptographic authentication and a tamper-resistant reader (no such thing as tamperproof).
Without this it would be ridiculously easy to sniff your iris/finger/hand/face/voice print over the network and impersonate you.
The embedded cryptographic engine inside the tamper resistant reader would use a challenge-response algorithm to enable the server to ensure that:
1. The scan comes from a real scanner
2. The scan has been performed in the last few seconds.
Without this, it is useless.
iris images being stored. (Score:1)
My idea would be more like, when applying for the account they have a randomly generated 4096byte key genrated, this would be used to unlock you accound when it needs to be accessed to with draw from an ATM or else ware. Then they could use you iris as the encrypting key using somthing like RSA's RC5-64, or somthing better.
That way when you goto get some money from the ATM machine it just uses you IRIS to decrypt the key to unlock you account. no need to store you iris, execpt in your head
It just seems more secure that way, cause if some one did break into the banks computers, then they would be trying to decrypt keys for a long time, you will probly be dead and have passed you money on in your will befor it gets cracked.
They won't have to take your eyeballs (Score:1)
somebody's retina scan - Don't know anything about
it but the article sounded like you just stand
there - does one have to put there eye up to
something like looking into a microscope to be
verified?
Chuck
ok - IRIS scan (Score:1)
Chuck
Another privacy concern... (Score:4)
It's easy to replace a stolen ATM card, and maybe even to get your ATM number changed. But what if your iris image gets stolen?? Once that cat is out of the bag, how can the bank ever trust your eyes again, and how can you ever prove that it wasn't you who withdrew $700 in Jamaica?
At the very least, they should incorporate a PIN number with this, to ensure that fraud doesn't occur. Even if they have your eyes, they can't get your money without a PIN. In my mind this would be the best solution all around: no card to lose, your eyes become immensely less valuable for a mugger, and if your iris photo is stolen, it only increases their chances of stealing your money to one in ten thousand. I'm not saying iris checking with PIN is crimeproof, but iris checking with no PIN is a rotten idea.
Re:Iris scans not retina scans... (Score:2)
Is that true? You need to put your eye against the scanner? I would NEVER put my cornea up against anything else that other people may have toched in any fashion. The cornea (clear part over your iris) does not receive direct blood flow, thus it is more difficult to fight off infections which could be picked up from direct contact with the scanner.
Here's a link [eyenet.org] to a picutre of the anatomy of the eye
Problems with Pregenant women resolved? (Score:1)
It was discovered, using these devices, that a woman's retina changes slightly during a pregnancy. I guess more than a few times the poor trapped woman trying to get into the secured area would set off the alarm and immediately be surrounded by armed security guards. Supposedly, this was how some women first learned they were pregnant.
I wonder if this is true for modern retinal scanners? Either that or your money is safe if your wife is pregnant.
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
Correction (Score:1)
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
Actually...it's *iris* scanning... (Score:3)
Other-n-that, pretty darned cool. Though I'd still like to have a code of some sort (might be nice to have an "emergency" code that'd provide money, but call the cops, too...or something like that...)
Re:Alternative... (Score:1)
than your genetics. (Warning this information was retrived from an unreliable source, my memory).
Re:Contact Lenses (Score:1)
Re:But a high-rez display with appropriate softwar (Score:1)
But I don't think that this is sufficient. It would be nice to have a brainwave recognition complement to the iris ID. When you are getting your iris scan, you think of something in particular and don't tell anyone. So your iris pattern is recognized in conjunction with how your eye responds to what you are thinking of, combined with the particular pattern of your brainwaves upon thinking of this something. Even if everyone thought of Sex with the same person in the same position in the same setting, etc., everyone would think of it in different ways, would have different brainwave patterns, and different iris reactions. It'd be interesting to see a spoof that circumvented this.
Re:Bypassing this security (Score:1)
Re:The Hindenberg effect (Score:1)
If this doesn't get shot down, 10 years from now you won't have any cards, you'll just get your eye scanned everywhere. That gives crackers way more power, because once the system is breached your whole identity can be stolen. If someone steals your drivers license, you can get a new one and invalidate the old. If someone replaces your iris scan with thier own, how do you prove you were ever you?
Besides which, are PIN's really that insecure? The people who get thier accounts raided are the ones SMRT enough to write it on the card, or use 1111. Do we really need to give away all our privacy to protect morons from themselves?
How do you revoke your iris (Score:1)
Already in UK (Score:1)
Bypassing this security (Score:1)
Iris Scanning CRACK!! Contact lenses are the key! (Score:1)
I've even seen some movies in which spies were protrayed using such a method to defeat iris security. So it's certainly not a new idea, but one most people wouldn't think of.
Wonder how they will prevent people from bypassing IRIS security via this method?? I bet they really can't unless they also still require a PIN...but then what's the point of the whole IRIS scanning thing if one still needs a PIN anyways?? DUMB!!
Ron Bennett
Re:Bypassing this security (Score:1)
Re:Uhh.. (Score:1)
---
Re:What about... (Score:1)
"Enter YES to verify $1000 withdrawal"
Re:Eyes For Sale (Score:1)
Re:Scalpel muggings. (Score:1)
There could be a lock system, implemented at Customs, so that upon entry to the US, you pass through, show your visa, and scan your peepers; this "logs you in" to America and lets you buy things legally--life becomes much more difficult for illegal immigrants.
Sure, you'll have business owners who won't subscribe-- they'll put "cash only" signs in their windows, or an eye in a slashed red circle, and get a reputation for being 'swarthy' and 'unreliable' places; the media could portray them as such, and make a bigger deal out of robberies. To combat this backlash and show that a business has implemented eyeball-based payment, they could put a small picture of an eye on their door or window.
Now, I'm sure the NSA and FBI would love that--tap the machines that read from the database and flag the locations of known criminals. The eyeball could stand for that well-worn phrase about Big Brother's voyeuristic habits.
Sound fun to anyone?
Re:Bright light.... make it stop (Score:1)
that's how a retina scan would be; iris scans just use a regular video image of the front of your eye, so really you're only limited to the quality of the image that a video camera can produce at distance. i think that current systems can recognize you at a distance of a foot or so.
Re:Hazel Eyes... (Score:1)
well, those are really advantages to the technology. provided the software is good enough, it should be able to take account of those factors and use them to confirm whether it's really you when you step up to that atm.
all implementations of iris scanning [that i've seen so far] have an initial training or enrollment procedure where you have to stare into the camera for a minute or so and allow it to record some data about your iris. notice that it doesn't just take a single static snapshot; in principle it could record information like how your pupil responds to variations in ambient light, how the color varies over time, and so on.
nope. iris scanning is proving to be far more practical than retinal scanning these days. cheaper equipment, if nothing else, and less invasive (at least conceptually; everyone can already see your iris).
Re:But a high-rez display with appropriate softwar (Score:1)
if the system was looking for pupillatory oscillations it wouldn't find them, unless you were playing high-resolution video of a real eyeball. if it was generating different light levels and observing the response of the iris, the static / prerecorded video image wouldn't be up to par.
and if you were smart enough to develop an interactive, real-time, high-resolution, realistic computer-generated iris image that can behave just like a real eye and respond instantaneously to external stimuli, why the fuck would you waste your time trying to get fifty bucks out of an ATM?
Re:Contact Lenses (Score:2)
of course, this is specific to that company's implementation of iris recognition, but i suspect that it's all in the method. if you can algorithmically process an image of an iris into a representation that matches even after optical distortion, then you're set.
glass eyes won't work (Score:5)
the human pupil naturally oscillates and responds to changes in light level; a particularly secure iris recognition system could make use of this by, for example, providing a variable light source over the course of a few seconds to ensure that the iris is 'live' and not somehow simulated.
this is similar to the capabilities of that desktop face-recognition software that was going around a couple years ago - you could put it in a mode where it asked you to blink or smile or something during the recognition process. a bit less convenient but a bit more secure.
http://www.iriscan.com/ [iriscan.com] has some good information about iris scanning, particularly this page [iriscan.com].
Re:Alternative... (Score:1)
Invasive? All you lose is your deniability! (Score:1)
Even worse than scalpel muggings. (Score:2)
-Chris
Re:Bypassing this security (Score:1)
James Bond and eye removal (Score:1)
Privacy? Sure. (Score:1)
Call me backwards, but I don't buy it. Reading Hackernews [hackernews.com] on a daily basis makes me suspicious about statements like this. I wonder how hard it would be to make a 'replica eye' or some such. I think I'll stick to my ATM for now, thanks.
But a high-rez display with appropriate software.. (Score:1)
Kaa
Backup system would be needed as well (Score:3)
The idea is good, but I'd like to have an alternative system available as well.
Kaa
What about... (Score:1)
If these things were cheap, they'd make sweet peripherals. No chance of people finding out your password when all passwords are replaced by eye scans.
Re:a whole new reason for kidnapping (Score:1)
a whole new reason for kidnapping (Score:3)
here is the scenario i am imagining...
Think about it! at least with a card or a pin, if you don't carry the card with you, there is nothing the criminal can do. And if you do carry it with you(I suspect most of us do), at least you have the option not to give the pin. or give a wrong pin, or something! With the eye thing, you can't leaves your eyes home, and you can't lie. Seems like a criminals' perfect situation.
Comment removed (Score:4)
quit worrying about being mugged for your eyes (Score:3)
Just the other week I happened to be looking through the Sept. 1997 "Proceedings of the IEEE", which was a special issue on Automated Biometric Systems.
They mention that it is possible to tell whether the eye is alive or not:
This article even mentions Never Say Never Again as a way iris recognition came to popular attention. My guess is that people who have worked on iris recognition are familliar with its use in movies and books and have tried to overcome potential deficiencies that have been suggested there.
So if these guys did their homework you won't have to worry about being mugged for your eyes.
You thought the Pentium III Id was invasive... (Score:2)
Re:Scalpel muggings. (Score:2)
What we need is a reliable anonymous electronic payment system. I think Mondex is close to this (although I don't know too much about it myself). Something where you can charge an electronic card up with cash units from your credit card in the comfort of your own home would give you:
1/ Greater security, since you're not getting a large quantity of cash at an obvious crime target (static ATM).
2/ You don't need to carry so much anonymous money , since you can recharge at your leisure.
Differentiating between anonymous money and verified money is important. Verified money (with a good verification system) is difficult to steal (a signature on a credit card slip is verified but it's not a good system). Anonymous money is necessary for your privacy, but is more attractive to criminals. The convertion point where you exchange verified -> anonymous money carries the greatest security risk and the sooner it is removed from public places the better.
Re:Not the first (Score:2)
People have been very willing to accept the technology as it's non-intrusive, and secure.
The machine checks for a pulse in the eye...
For more information on this initiative, see the Nationwide's IRIS recognition info page [nationwide.co.uk].
Chiark.
Bright light.... make it stop (Score:2)
Sounds to me like that would hurt, a lot. Don't mind me, I'm just light sensitive.
Then again, what about people that have cataracts? Are they not going to be able to use those ATM's or are they still going to have to carry around a card and remember a PIN? Dear me, what's the next step to get around this, DNA scanners? Sounds like Gataga now *shiver*
Course to use a DNA scanner we'd be needing some source of DNA... they would probably want blood. There is now way that I'm walking up to a machine to get my finger pricked just so I can take money out. I'd rather carry a card and remember a PIN.
-tykeal-
Just cause I wanna
Open standard for iris scanning? (Score:2)