Security Encyclopedia

Eye Authentication

Eye Authentication is a technology that enables people to access online services, physical settings, and other resources using images of their eye(s).

Also called eye scan, eye authentication relies on mobile and other devices’ native sensing technology or third-party biometric algorithms. Third-party eye scan algorithms are deployed as software that leverages device cameras for this purpose.

Some eye authentication solutions are architected in a decentralized model such as FIDO open standards that ensure a consumer or employee’s eye template is secured on their own device. Here, a user’s eye scan is verified locally against itself, a token is sent to the service provider, and access is granted. The biometric itself is not stored at the service provider (true secret).

Other eye authentic cation solutions are architected in a legacy centralized scheme in which users’ eye image templates are stored at the service provider, and matching is done against a library of all other users’ biometrics (shared secret). These systems are commonplace in criminal justice, border protection, and national security settings. Lastly, some eye scan systems (e.g. in government) rely on specialized hardware found at the point of care, access, or sale. Dedicated hardware for eye scan is primarily a feature of legacy centralized implementations.

Example:

“The American cyberpunk film Minority Report depicts a dystopian police state where biometrics, including eye authentication, is abused. This causes the protagonist to be unreasonably and unjustifiably tracked every time his eyes are scanned in public places.”