Hacker News new | past | comments | ask | show | jobs | submit login
How to Teach an Iris Scanner That the Eye It’s Looking at Is Dead (ieee.org)
108 points by sohkamyung 47 days ago | hide | past | web | favorite | 47 comments



> The method we developed images the eye multiple times to see whether it’s actually responding to changes in brightness

Hopefully the person does not have Argyll Robertson pupils https://en.wikipedia.org/wiki/Argyll_Robertson_pupil which is seen in late stage syphilis and causes the pupil not to react to the light.

Also, another thing is that they should make sure that they train their system with dark eyed people. Often the iris is very easy to identify if people with light colored eyes. In people with dark eyes, it may be more difficult.


>Hopefully the person does not have Argyll Robertson pupils https://en.wikipedia.org/wiki/Argyll_Robertson_pupil which is seen in late stage syphilis and causes the pupil not to react to the light.

Or they (what percentage would that be?) could just use an alternative method. Like people with glass eyes would.


Surely at that point it's correctly detecting they're "mostly dead"?


Only the bright-eyed and bushy-tailed may enter the meeting room.


foiled again!


Ah, you would need to blave the system...and as we all know "to blave" means "to bluff".


Some people also lack eyes altogether, so these systems need a fallback either way, no?


Fingerprinting with a test that the person is applying pressure through their fingers?


> Also, another thing is that they should make sure that they train their system with dark eyed people. Often the iris is very easy to identify if people with light colored eyes. In people with dark eyes, it may be more difficult.

Surely this is a concern (and presumably a solved problem) for any iris scanner, regardless of whether it tries to detect if the eye responds to stimuli.


You would think but its a valid concern. Facial recognition systems tend to fail more often with dark skinned people and I would argue that should have been considered the same way.


Camera-based facial recognition.

The Apple-style IR Mesh doesn't care what your skin color is, everyone is grayscale as far as it is concerned :D


The mainstream press coverage of FR skin color failures has caused the FR industry to significantly enhance their algorithms. Any press still harping on this is beating a dead horse - or in this case a revived horse.


That progress is not made all at once. It's a problem with a known fix; but just like buffer overflows, a known fix doesn't always get implemented everywhere. For example, this 2019 paper:

https://arxiv.org/pdf/1902.11097.pdf


Wouldn't it be trivial to detect a pulse with IR similar to how it's done with other devices?


If I remember correctly (which may be wrong as it has been quite a few years), veins in an eye are better than iris for many issues related to using eyes for identification, but they can also reveal health information and so there are more issues with storing and sharing the data needed to verify a person.

Now, one may point out that if both pieces of information were being kept entirely private and were being secured with industry standard security this different wouldn't matter. I'll leave the implications of this for the reader to ponder upon.


I remember an Iris scanner demo from 20 years ago that worked because of the characteristic flutter / vibration of the iris as much as the pattern of the iris itself. As I remember it it didn't work well with high pigment eyes (it worked brilliantly with blue eyes, less well with everyone else).


I wonder if this could counter attacks using anesthesia (e.g. I shoot the guard with my tranq gun and drag him over to the scanner, MGS2 style.)


Does the eye still react to changes in brightness when a person is under anesthesia? I have no idea.


Anesthesia, yes. Paralytics, maybe. Depends on what you're using.


This is an interesting update on the state of iris detection, but I don't think "stolen eyeball" is a realistic threat model that you would have to protect yourself against. Sure, detecting the difference between an authentic iris and a photo is sensible, but if you have an actor willing to acquire another person's eyeball I can't help but feel like a retina scanner won't be the thing that ultimately foils their plans.


It doesn't seem that implausible given a military (or terrorist) operation of some kind. If you're raiding an important locked-down government facility, armed to the teeth but unable to enter the facility with explosives, then it seems reasonable to try forcing an employee to stand next to the scanner (which this technology obviously wouldn't prevent), or knocking them out or killing them and putting their face up to the scanner. Though ideally the facility would use MFA (combining the retina scan with a passcode or something).


> The method we developed images the eye multiple times to see whether it’s actually responding to changes in brightness

This is new? In 2019? Really? I find that so hard to believe.

> the process takes about 3 seconds

WHAAAAT? WHY?

> For comparison, even iris-recognition systems that require just one snapshot usually take about that much time to make an identification.

I feel like Robin Williams fresh out of Jumanji yelling "WHAT YEAR IS IT?"


I was told once by some startup founders that there are iris scanning cameras that can acquire 50 irises per minute from a distance. I don't know if that is true, or what the resolution and accuracy would be, but nothing about that seems physically impossible to me.


Apparently pupils don't adjust terribly quickly:

"Briefly, it was found that when light is flashed on a normal eye that is accommodated for the dark, there occurs a latent period of 0.1875 second before the pupil begins to contract. Then there follows a rapid primary contraction for 0.4365 second at the rate of 5.48 mm. per second. This is succeeded by a secondary contraction of 0.3125 second at the slower rate of 1.34 mm. per second"

https://jamanetwork.com/journals/jama/fullarticle/286369

Doesn't explain 3 seconds, but perhaps 1 second or so.


Well, the three times there make about a second for one light-change. So let's say it makes two light-changes, to be sure, for three images (it does say "multiple images", not "two"). That's two seconds, and then say there's another second for processing. Not too unreasonable, especially if (as it says) single-image systems also take about three seconds overall.


That makes perfect sense to me.


A possibility would be that you might want to make multiple changes in light level at random intervals to make it harder for e.g, a video being presented to the camera that matches the input it would expect.


That would make sense, certainly what I would call a further stage of development and currently they are doing viability and a basic level of operation. So that would seem like a logical progression.

Coz they could add a brainwave scanner that measures the reaction to the input of the eye, or have a higher resolution camera that measures blood flow being active in the eye. Many avenues of addressing this. But as a previous comment mentioned - generally easier to have a physical person next to the iris. After all, not like there is a shortage of humans to do jobs in the World today.


The LG iris scanner that I've used in the past had a small flickering red LED between your eyes. I'm not sure if it was just something to focus on or if the light was meant to make your pupils dilate slightly. The one I used was probably nearly 10 years old. The newer scanner out there look to be a lot faster and more automatic.


>This is new? In 2019? Really? I find that so hard to believe.

Yeah, sure, why? Who needs that level of security? Governments that can already afford to pay someone to stand by that door if it's so important?


But it is pretty expensive, if you have many doors to protect and also those humans sometimes turn out as unreliable .. so you need to pay people to check on them, etc.

(I worked briefly in security ... well, humans are really unreliable)


Make something faster, get rich :-)


Yeah that sounds terrible. It would be much better to detect saccades and/or blinks.


You could replicate that with an eyeball mounted on gimbals.


Sure, you could replicate anything given enough budget. It wouldn't be trivial, as saccades and blinks are among the fastest motions made by the human body.


>Sure, you could replicate anything given enough budget

You just killed a person and extracted their eyes to use to open some door. I think you have the budget for something that you can make for $200 with Lego Technic...


If you're bad enough to kill a person with the desired eyeball, you might as well unlock the door with them before you kill, with a few threats and promises. (pretty ugly thought)


Doesn't work in e.g a lock chamber, which would ensure only one person is in it (which has it's own issues, e.g. weighting is more complicated than it looks).


>with a few threats and promises

There have been people tortured to death who never gave up important secrets, so that might not be an option...


The saccades has properties that also differ per person.


If I remember correctly, the eyes of live persons are always twitching a little. It's relevant when, for example, a device needs to take a picture from your retina. Maybe this should be used as an heuristic as well.



Thanks, you’re destroying plot devices of thousands of films.


Preventative tech inspired by action/spy movies. Neat


How do you know it’s preventative... I have a feeling it already happened but they won’t tell


Preventive by nature (tech used to prevent intrusions using such method), not by timeline (tech used before the first such intrusion attempt to prevent it from ever happening).


IEEE lives up to its name




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: