This year has been full of chatter around biometric security measures for mobile, especially with the launch of Samsung’s Galaxy Note 7 and its built-in iris scanner last month.
But while the buzz has included everything from palm and voice recognition to eye scanners and fingerprint readers, one expert said there are certain factors that determine whether these technologies are truly viable in a smartphone.
When looking at biometric identification methods, Delta ID CEO Salil Prabhakar said there are two main considerations for mobile applications: security and convenience.
Prabhakar said, for example, voice recognition technology is best suited for use on a phone to verify the identities of callers dialing in for customer service or banking. However, in a mobile application, the technology becomes less than ideal. Prabhakar said voice recognition doesn’t work well in noisy environments and quality can vary from microphone to microphone – which means calling for bank information from Starbucks might become a frustrating experience.
Prabhakar said palm reading technology comes with similar issues, noting the awkwardness of lifting your hand for an ID photo at login and the fact that the feature might not work in extreme lighting situations.
But with fingerprint and iris scanning, things are different.
First, Prabhakar said both methods offer users one of the things they want the most: convenience. With fingerprint scanners, the phone is already in your hand. Similarly, iris scanning technology can utilize a device’s front-facing camera, which would already be pointed in the right direction.
Second, fingerprint and iris scanners offer the same level of security as a four or six digit PIN, respectively, making them extra secure, Prabhakar said. Iris scanning, in particular, is more secure because the measurement comes from a part of the eye that is protected by the cornea, where fingerprint scans have to combat the possibility of dirty, greasy or roughened digits.
Hoyos Labs Biometric Scientist Asem Othman agreed with Prabhakar’s assessment of the latter, calling iris scanning “one of the most reliable and accurate” biometric verification methods.
“Iris recognition systems are gaining interest because the iris’s rich texture offers a strong biometric cue for recognizing individuals,” Othman said. “The iris is the only internal organ readily visible from the outside. Thus, unlike fingerprints, capturing the iris biometric is like taking a picture and facial expressions and aging effects cannot easily alter its pattern.”
And it seems iris scanning is a technology that works for the vast majority of people.
In India, where the government has conducted fingerprint and iris scans on nearly a billion people for a massive biometric database, the Center for Global Development found iris scans were only unsuccessful in 0.33 percent of the population.
While it seems only a tiny portion of the population would have difficulty with either fingerprint or iris scanning, Prabhakar said the solution would be the inclusion of both biometric capabilities on mobile devices. One device, the HO Elite X3, already offers both factors, and Prabhakar said more cell phones and tablets with both fingerprint and iris scanning technology are expected to come to market later this year.
According to Prabhakar, the use cases for such technology are still in their infancy, but there are a number of possibilities on the immediate horizon.
While fingerprint technology is currently being utilized in the mobile payments space, and soon – thanks, in part, to Apple – the ecommerce space, Prabhakar said he also sees fingerprint and iris scans as viable options for enterprise, finance and other applications, like healthcare, that require two vector identification.
“For healthcare especially in U.S., where there is two factor authentication, it makes a lot of sense because there are only three levels of authentication: something you know (like a PIN or other personal knowledge), something you have (like a key fob) and something you are (biometrics),” Prabhakar said. “So my device can serve as one factor – server can authenticate my device by putting a cookie on it – and then the biometric serves as the second factor. It’s a much more convenient, seamless experience for the user and still offers the enterprise side its secure two factor authentication.”