Skip to main content
  1. Home
  2. Mobile
  3. Features

Duckface to unlock: How our selfie obsession helped make eye-recognition possible

By

Let’s all give thanks for selfies. Not because they’ve given the vain something to occupy their time, but because without them, we wouldn’t be on the cusp of unlocking our phones merely by looking at them. In a strange twist of fate, the world’s obsession with the selfie has helped propel eye-recognition technology forward faster than expected.

If the selfie craze hadn’t happened, we might not be where we are, according to Toby Rush, CEO and founder of EyeVerify, which makes eye-recognition technology called Eyeprint ID. According to Rush, selfies were just starting to take off when his team began working on their technology, and not every phone had a high-res front camera. “We were naive. We thought people would turn their phones around,” he laughed.

Recommended Videos

Thankfully, our lust for photos of ourselves sparked a wave of new hardware that Rush’s team was able to ride right alongside preteens snapping selfies. “All of a sudden, every smartphone manufacturer wanted to put a 5 or an 8-megapixel camera on the front of a phone,” Toby remembers. Apple’s introduction of TouchID on the iPhone 5S, he adds, played a big part in bringing attention to the world of biometric authentication.

Related: 
The 8 best TVs for gaming in 2025, as vetted by our experts

Not more secure, more convenient

Why should our phones scan our eyes instead of our fingerprints? They shouldn’t.

“We don’t see EyePrint as an alternative to fingerprint scanning, we see it as an addition to it,” Rush explains. “When you think about biometrics, there is no right or wrong, but you do need to think about what the user is doing the vast majority of the time when they want to authenticate an action.”

“It’s not more security, it’s more convenience.”

“Heartrate makes a perfect biometric for smartwatches, but don’t make me talk, touch, or look at it. But with a smartphone, you’re either touching or looking at it, and some of the companies we’re working with — on flagship phones — want to provide both. It’s not more security, it’s more convenience.”

EyeVerify’s technology impressed when we saw it on the ZTE Grand S3 back at CES this year. It works by matching the blood vessels in the whites of our eyes, each one of which is like mapping 100 unique points-of-interest on a map, and then another 100 points-of-interest on each one when you zoom in. It’s not the same as iris or retina scanning, and both of these require special camera hardware to measure. EyeVerify’s method, as we’ve already found, only needs a selfie cam.

No additional hardware needed

Without additional hardware cost, even low-end phones can incorporate eye recognition without spending out on an extra component. However, is a low-res front camera up to the job of looking deeply into our eyes?

“The only difference for us is range,” said Toby, when asked if there was a difference between a 2-megapixel and a 13-megapixel front camera for use with EyePrint’s technology. “The better the resolution, the farther away you can hold the phone.” However, even the lowest megapixel front cams can produce surprising results. A single megapixel camera is still usable from 20cm away, for example. For comparison, a 5-megapixel camera is capable of operating from 30cm away, and an 8-megapixel camera is happy at between 35 and 40cm — easily covering most outstretched arms.

 

Like all good security measures, the authentication process is designed to be quick and seamless. “We don’t want to move a finger to the fingerprint sensor when we’re already looking at the device.” said Toby. EyeVerify is now authenticating at a speed of 500 milliseconds, and even on older processors — such as the Snapdragon 400 — the time is still only just over a second. Interestingly, the graphics processor inside a phone is actually more important than the CPU for EyeVerify, due to the heavy use of image processing. So besides selfies, Rush has the rise of 3D mobile games to thank for the hardware that enables his technology, too.

Nothing stored in the cloud means nothing to hack

There is something pleasingly sci-fi about having our eyes scanned for recognition, but what about the real-world security aspects of biometric authorization? For Eyeprint, there is only one option, and it’s not storing data in the cloud. “It’s never a matter of ‘if’, it’s only ‘when’,” said Toby, referring to data stores like this being hacked. “So we do all of our matching on the device.” To make sure there’s no chance of anything being transferred to the cloud accidentally, EyeVerify doesn’t sell any cloud server software at all.

While this may sound like the simple option, it’s not. “What we had to do is calculate a special security key from your eye, which is a two-step process. Step one is to match the biometric, and if they match at a high enough level, then you pass. We have to go beyond that for step two, and calculate a key that’s the equivalent of a 50-character complex password, which is used for authentication. It’s not just a true or false.” Imagine trying to remember a password of this length and complexity, on an everyday basis.

Should the password be compromised, all that’s needed is a quick reset and re-authentication, and a new key is created. No keys are ever sent from an EyeVerify-equipped device, even if a server-based app is asking for authentication, when a publicly-generated, one-time key is used. It was also a considerable challenge to come up with a way to generate the keys on the device, and not on a server. For data privacy’s sake, it was worth it.

New phones with eye-scanning tech out before the end of the year

Keeping our phones locked, and payment methods secure is only the start. Looking to the future, Toby sees our phones and any relevant wearable devices becoming tied to medical records and health data, for which a higher degree of security will be needed to authenticate when we visit healthcare practitioners. This, combined with increased reliance on our phones for financial and company information, makes reliable, super-secure biometrics even more important.

The more confidential data that’s stored on, or accessed using, a smartphone, the more comprehensive that security needs to become. EyeVerify is working on even more complex keys, and says a 100-character password created by using an Eyeprint ID eye scan — twice what it’s capable of producing now — is possible in the next six months or so.

The good news is, we’re not going to have to wait long for more phones to come out with EyeVerify’s eye print recognition installed either. Toby confirmed that the company is “working with 20 different smartphone manufacturers right now.” Four have already launched with EyeVerify’s technology — ZTE, Alcatel, Vivo, and Umi — and he expects another four before the end of 2015. Soon, look-to-unlock will be as normal and natural as using our finger for a scan, or to tap out a PIN code.

All because we can’t stop taking selfies.

Andy Boxall
Andy Boxall
Senior Mobile Writer
Andy is a Senior Writer at Digital Trends, where he concentrates on mobile technology, a subject he has written about for…
Topics
Cost-cutting strips Pixel 9a of the best Gemini AI features in Pixel 9
Person holds Pixel 9a in hand while sitting in a car.

The Pixel 9a has been officially revealed, and while it's an eye candy, there are some visible cutbacks over the more premium Pixel 9 and 9 Pro series phones. The other cutbacks we don't see include lower RAM than the Pixel 9 phones, which can limit the new mid-ranger's ability to run AI applications, despite running the same Tensor G4 chipset.

Google's decision to limit the RAM to 8GB, compared to the 12GB on the more premium Pixel 9 phones, sacrifices its ability to run certain AI tasks locally. ArsTechnica has reported that as a result of the cost-cutting, Pixel 9a runs an "extra extra small" or XXS variant -- instead of the "extra small" variant on Pixel 9 -- of the Gemini Nano 1.0 model that drives on-device AI functions.

Read more
Does the Google Pixel 9a come with a charger? Here’s what’s in the box
A woman holding a purple Google Pixel 9a.

After much speculation in recent months, the Google Pixel 9a has finally been announced. Google's Pixel A series is an excellent choice for those seeking a reliable Android smartphone at a lower price point, and the latest model follows this trend. While it is undeniably part of the Google Pixel 9 series, it has fewer features than its higher-end counterparts.

One question you might have when considering the Pixel 9a is whether it comes with a charger. We’ve got the answer
The Pixel 9a does not come with a charger.
The short answer is that the Pixel 9a does not have a charger. This has become common practice for most smartphones today, including other models in the Pixel 9 series, like the Pixel 9 Pro. While this may be disappointing, it's not surprising.

Read more
Google Pixel 9a vs. Pixel 8a: should you upgrade?
Google Pixel 9a vs Pixel 8a.

Google has released a new budget phone, the Pixel 9a. How does it compare to its predecessor, the Pixel 8a? We've got the answers, and the changes are significant in some ways. In others, not so much. If you have a Pixel 8a and are considering upgrading, read this first.
Google Pixel 9a: vs. Google Pixel 8a: specs

Google Pixel 9a
Google Pixel 8a

Read more