Posted by
ryuzaki0
on from the what-about-contacts? dept.
prevost writes "Three bank machines using retina-scans were turned on in Texas yesterday. Cool because it's harder for me to lose my eyes than my ATM card. Scary because eyes're harder to replace after you're mugged. Read more about it "
194 comments
Eyes For Sale
by
Anonymous Coward
·
· Score: 0
Ok, I can see the whole black market on eyeballs, and persons getting jumped and their eyes ripped out of their sockets!! Ok, who here does not have a criminal record and wants to sell me their eye, I only need one so you wont be totaly blind!!
A way to prevent that? How about a video camera, like is already installed on most ATMs. I'm sure that it would seem suspicious if you were caught on film holding someone's head up to the eyeball scanner.
-- I'll never make that mistake again, reading the experts' opinions. - Feynman
Who what where? There's me posting that it'll take years for that technology to become commonpace here, and you are contradicting me, damnit... where are they using it already?
Nationwide Building Society have been running trials of Iris scanning for around 18 months. Biggest problem is the cost of the machines, as the cameras are about 15k GBP...
People have been very willing to accept the technology as it's non-intrusive, and secure.
Nationwide Building Society unveiled its system in a branch located in one of their office buildings two summers ago. I thought they were joking with the new guy when I was told about it. Brits win on Technology again, then everybody builds a better system.
Re:Eye Thieves....
by
Anonymous Coward
·
· Score: 0
Backward old England!!!??? We have had these so-called iris/retina scans for months!! Go to a Nationwide bank in Halifax and wonder in awe as you put your eye up to a camera...
Simply Senzuri
Any good links
by
Anonymous Coward
·
· Score: 0
to iris scanning available? I'm amazed that the computer can draw a match when the pupil (and the surrounding iris) can vary in size so much. Would a stolen eye even work? I'm sure that they dehydrate fairly quickly, the normal blood pressure is gone, and the muscles that control the pupil are relaxed and fixed. Perhaps the technology should also do a little more work and ensure that the eye is warm and surrounded by a head (then they'd have to decapitate you quickly for your $50). Seem most likely that they'd still do what they do now, and just hang around the ATM till you get your cash, then strongarm it from you.
Hazel Eyes...
by
Anonymous Coward
·
· Score: 0
My question would be what about people with Hazel eyes? My eyes change from dark brown to bright green. The iris also expands/contracts to let more/less light in depending on the lighting in the area.
I find this hard to believe that this is iris scanning. It probably scans the back of the retina (Which is like a fingerprint as no two peoples are the same.).
Most probably the reporter or the manager he interviewed didn't really know the technology and and replaced 'retina' for 'iris'. This wouldn't be the first time a reporter or manager has made a mistake reporting the facts from just total lack of knowledge. If we add a politician to the mix to support this technology that should complete the loop.:P
- Killjoy
The difference between dreams and reality, is in dreams you just haven't figured out how to get there yet.
My question would be what about people with Hazel eyes? My eyes change from dark brown to bright green. The iris also expands/contracts to let more/less light in depending on the lighting in the area.
well, those are really advantages to the technology. provided the software is good enough, it should be able to take account of those factors and use them to confirm whether it's really you when you step up to that atm.
all implementations of iris scanning [that i've seen so far] have an initial training or enrollment procedure where you have to stare into the camera for a minute or so and allow it to record some data about your iris. notice that it doesn't just take a single static snapshot; in principle it could record information like how your pupil responds to variations in ambient light, how the color varies over time, and so on.
I find this hard to believe that this is iris scanning. It probably scans the back of the retina
nope. iris scanning is proving to be far more practical than retinal scanning these days. cheaper equipment, if nothing else, and less invasive (at least conceptually; everyone can already see your iris).
Re:Bypassing this security
by
Anonymous Coward
·
· Score: 0
Remember that scene in Demolition Man where Wesley Snipes escapes from the cryo-prison using the warden's eye? Not a pretty sight..
Re:Getting your "eye" riped ..
by
Anonymous Coward
·
· Score: 0
The thing is, does the average thief who would mug you for a couple hundred bucks know that stealing your eye would not work? I'd assume they would not.
Re:Getting your "eye" riped ..
by
Anonymous Coward
·
· Score: 0
I'm sure that there may be a few casulaties when the technology first comes out, but after this fallacy becomes common knowledge, most thieves would come to appreciate the facts of the matter.
Re:Only an eye?
by
Anonymous Coward
·
· Score: 0
Yea, well I wouldn't want to be one of the people the "stupid" muggers pull an eye from to try it.;-)
"ATM Machine" redundant?
by
Anonymous Coward
·
· Score: 0
Sort of like PIN Number (Personal Access Number Number) (Automated Teller Machine Machine)
It's not an "ATM Machine"
by
Anonymous Coward
·
· Score: 0
ATM stands for "automatic teller machine". So an ATM machine is an "automatic teller machine machine." That's dumb. So's "PIN Number". Or "VIN Number". Or "IBM Machines". Or "USA America".
Re:It's not an "ATM Machine"
by
Anonymous Coward
·
· Score: 0
Excuse me while I listen to my compact CD disk.
Re:It's not an "ATM Machine"
by
Russ+Steffen
·
· Score: 1
Well, you have to say "ATM machine" to differentiate it from "ATM mode" networking.
Sorry, couldn't resist.
Re:It's not an "ATM Machine"
by
gavinhall
·
· Score: 1
Posted by FascDot Killed My Previous Use:
Or "SCUBA apparatus"
Re:It's not an "ATM Machine"
by
Lurking+Grue
·
· Score: 1
Or NIC card...
Re:It's not an "ATM Machine"
by
JerkBoB
·
· Score: 1
I hate that! "Let's install the NIC card." It's a NIC, you idiot! Network... Interface... Card!!!
Argh. I'll be ok.
-- A host is a host from coast to coast...
Unless it's down, or slow, or fails to POST!
Apple, in there next OS release (Sonata), will include voice print technology to allow people to use their voice to log onto the system. Talk about ease of use! Here is a possible scenerio: "Mac log me in" (your customized desktop appears) "Mac open Netscape" "Mac connect me to Slashdot" You here without touching the keyboard.
Voice control sucks now, but in their next release they are supposed to be adding Dragon Systems' code, which should greatly improve the quality. Add a G4 processor, and dictation and voice control become a real possibility.
Besides, the point of the post was not to emphasize the virtues of PlainTalk, but to highlight Apple's new technologies like voiceprint.
Re:Apple's Latest Voice Technology
by
Defiler
·
· Score: 1
That's great, until someone makes an MP3 of you saying that, and plays it back from a RIO.;)
Re:Apple's Latest Voice Technology
by
cpt+kangarooski
·
· Score: 1
Well voice control (like opening programs and such) has been around for a long time - since '92 IIRC. It predates the Power Macs, I'm certain of that. However it's not _that_ good, trust me. (Fortunately it rarely screws up as wildly as the Newton sometimes did. 'Course, the Newt had some degree of learning, and PlainTalk does not.) Eat up Martha.
-- --
This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
Sort of exists already.
by
Anonymous Coward
·
· Score: 0
There's actually something like that, only with fingerprints. It costs about $200 and it's a little scanner thing that sits on your desk. It looks out your computer, and presumably a password file, unless you have the right fingerprint. Of course, it's not taken off very well yet.
Re:Scalpel muggings.
by
Anonymous Coward
·
· Score: 0
What's frightening is that someone will still try it. I imagine it will take some time for the criminally deranged to familiarize themselves with the security features of this technology. It will have to appear on those 'stupid criminal' reports a few times at least. "The suspect apparently assumed that if the eye scanning camera worked while the eye was in the socket, surely it work if the eye was out."
How can I have my sis go get me a quick $100?
by
Anonymous Coward
·
· Score: 0
I am opposed to any sort of ATM security that prevents me from authorizing anyone I wish to withdraw money, do a deposit, etc. in my place. If I say it's OK for someone else to access my money, then it had better be OK with the machine. And having everyone I ever may wish to access my ATM get pre-retina-scanned by my bank is an unnaceptable option.
With a gun to your head, "Withdraw $300 or die."
by
Anonymous Coward
·
· Score: 0
Since most people do not write down their ATM PIN codes anyway, I see no safer advantage with eye scanning.
Eyeball life support?
by
Anonymous Coward
·
· Score: 0
How long until an eyeball can be kept "alive" connected to a gadget.
I think I'll keep my plastic card, and just hand it to the mugger.
Re:Eyeball life support?
by
Anonymous Coward
·
· Score: 0
Lets see... an incredibly complex and expensive machine built to keep a human eye alive (assuming you can remove it in a struggle without significantly damaging it), used in order to get only a couple hundred dollars from someone... if they even have that much in their account!
Simple economics: easier, cheaper, faster to simply stick the person up after they've gotten the money for you. Then you're also not on the security cam.
Doug
-- Venn ist das nurnstuck git und Slotermeyer? Ya! Beigerhund das oder die Flipperwaldt gersput!
Agreed-here's a technical solution to iris forgery
by
Anonymous Coward
·
· Score: 0
I'd like assurance that my eye scans are not made available to ANYBODY. What is going to prevent them from making them available to employees or hackers or even law enforcement?
I really think the system sounds cool, but they had better have a VERY secure storage methodogy.
Which brings me to my thought... couldn't they store your "eyeprint" information encrypted in such a way that it would be impossible to reproduce your original iris "settings"?
When your iris is scaned at a later date would actually "unlock" (sorta like a PGP key) the "encrypted" iris picture and allow your transaction. Does that make sense? This system would actually prevent iris forgery of any sort.
Re:Alternative...
by
Anonymous Coward
·
· Score: 0
Fingerprint are partly random, partly genetic. So identical twins don't have identical fingerprints, but their fingerprints would very similar.
Retinal patterns are random. From a previous post, so are iris patterns, and you can trigger an iris contraction to verify it's a living eye, which you can't do with a retinal pattern.
Yet another invasion of our privacy
by
Anonymous Coward
·
· Score: 0
I've heard that a retinal scan can tell if you are drunk or with child.....
Watching WAY too many sci-fi movies
by
Anonymous Coward
·
· Score: 0
So you think someone is going to cut off your head or cut out your eye to get some cash? That is just plain stupid. It'd be much easier to just take your cash after you withdraw it.
There are possible issues with this, but THIS is NOT one of them...
Re:With a gun to your head, "Withdraw $300 or die.
by
Anonymous Coward
·
· Score: 0
The don't write them down, but they do forget them. Seems like a complex solution when people could just remember their pin numbers.
Re:You thought the Pentium III Id was invasive...
by
Anonymous Coward
·
· Score: 0
If you don't like the pentium III id number I wouldn't recommend ever getting a network card either. They have unique ID's available to anyone via a network or the internet and it has been this way for as long as I can remember.
Helium is too expensive
by
Anonymous Coward
·
· Score: 0
Maybe when hydrogen fusion becomes commonplace. The ash can be used as a cheap source of helium for personal transortation.
--Walt
ATM Camera is there to protect machine; not you.
by
Anonymous Coward
·
· Score: 0
Besides, I've seen far too many of these with deliberate scratches all over the lucite cover or just covered over with spraypaint. Ditto for 'security' cameras on board busses.
gotta love the FOX network!
by
Anonymous Coward
·
· Score: 0
bad boys, bad boys, whatcha gonna do?, whatcha gonna do when they eyeball you...
Non indentifing...
by
Anonymous Coward
·
· Score: 0
How is the criminal supposed to know which bank you use, or if you have money in your account, etc?
They always said I had my mother's eyes
by
Anonymous Coward
·
· Score: 0
so now i can get to her bank account right? =]
You all are paranoid!!
by
Anonymous Coward
·
· Score: 0
No one is going to rip your eye out when it would be a gazillion times easier to put a gun up to your head, or smash your face up against the scanner. I would think standing to the side out of camera view with a gun would look alot less supicious than walking up to an ATM with a dead eye in your hand.
List of authorized irises
by
Anonymous Coward
·
· Score: 0
Perhaps in this situation you go to the bank with your sister and add her to the 'authorized irises' for your account:-]
Of course as far as I remember there's both an iris and a PIN for the ATM.
Re:Bypassing this security
by
Anonymous Coward
·
· Score: 0
Uhh..
Down with people who spend too much time on paranoid brainstorming!
Re:Backup system would be needed as well
by
Anonymous Coward
·
· Score: 1
I'd think there'd almost _have_ to be an alternative system available - there are, after all, people without eyes, or at least without usable ones. And given the legal climate in the USA, if they implement a system that isn't usable by everyone from one-armed acromegalic albinos to quadriplegic spastic achondroplastic dwarves, they're likely to get sued for "violating" someone's "civil rights".
Aniridia ?
by
Anonymous Coward
·
· Score: 1
What if, like me, you don't have anything recognizable as an iris ?
Exactly - say you were blind or had glass eyeballs! I've never met anyone with two glass eyeballs, they just had one, but still...yeah, something like thumbprint technology. What if you don't have thumbs?
--
not an ATM machine.
by
Anonymous Coward
·
· Score: 1
There's no such thing! ATM stands for Automated Teller Machine. an ATM machine would be an Atutomated Teller Machine Machine, which does not make sense... and don't go telling me how you use your "PIN Number" either...
Dead people's eyeballs? I don't think so
by
Anonymous Coward
·
· Score: 2
I don't think people will be stealing eyeballs. More likely people will be setting up fake temporary ATMs, with iris scanners, and when someone tries to withdraw money it will scan their iris but refuse to give them money claiming an error. This has been done before with regular ATM cash machines to capture PIN numbers (whilst 'swallowing' the cards).
The thieves can then go to a regular cash machine, pull out the camera, crocodile-clip the camera nodes to a lap-top, and play the scanned sequence back direct to the internal reader. They can then withdraw as much cash as they want.
Now here is the real problem with biometrics. With the fake regular ATMs, the banks and police can put out a warning and those that realise they have been duped can quickly cancel their cards and get new ones sent to them. So how exactly can someone do this with an eye pattern that will remain with them for life?
Re:Dead people's eyeballs? I don't think so
by
Mythor
·
· Score: 1
There should be a 'mecanism' to detect if the scan has been performed on a 'dead eye': wheter the eye belongs to a dead person or has just been poped out of its 'socket'. If the system is to stay, massive announcement should be made to make sure criminals are informed that it's useless to 'steel' eye balls or kill someone if they want the scan to succeed.
Personnaly, i don't like this bio-metric 'authentication' applided to ATM... i'm already missing my little plastic card.
Most iris scanning systems can tell if they're looking at a live eye or a dead one. Stealing an eye would be useless (although stupid muggers might try anyway).
BTW, re the title of the article, it's an iris scan, not a retinal scan.
For more information about the technology behind this click here to go to the Sensar website.
Re:Bypassing this security
by
gavinhall
·
· Score: 1
Posted by zann:
bioauthentication still has one flaw. consistancy. regardless of how many "charictaristics" there are, they all still boil down to 0s and 1s. to circumvent this kind of security, you will just need to be able to produce a standard, expected responce in a predetermined format. this could be done on the front end (the retinal scanner) or on the wire on the otherside of the scanner. i don not wish to say that a gauntlet has been dropped, but it is something to think about.
Re:We need this on the desktop
by
Eccles
·
· Score: 1
>What we need, and which may well happen within a few years, is a system like this for the desktop.
One magazine (PC Magazine?) did a review of thumb and voiceprint scanners. The best price/performance device, and one that they weren't able to circumvent via trickery, was the U.are.U fingerprint scanner, a ~$100 USB device. I'd love to have one, so simple even a small child can use it.
I tried websearching but couldn't find a homepage for it though.
-- Ooh, a sarcasm detector. Oh, that's a real useful invention.
Re:Wierd alternatives....
by
lordhades
·
· Score: 1
Sperm? So if your girlfriend wanted to use your computer...
Banks already track your ATM movements using your ATM card and PIN. This doesn't make one iota of difference as far as the banks knowing where you are (or were). Chill out...
The only possible "privacy" concern I can think of is having an image of your iris available to your bank, which is personally something I could care less about, but some of the more paranoid on slashdot have loudly pointed this out.
Yes, but the difference is that I can give my ATM card to my wife, or my kids to use and then there is no way for the banks to know who actually used the ATM card. With iris scanning, there is no doubt that it was you and you alone that made the transaction. ---
Banks don't routinely give out things like your PIN, do they? I dunno, in MY bank, nobody even has access to that information. There ARE secure ways of storing things like this.
It's also quite possible that a PIN will still be required to make a withdrawal. (Though I suppose if they've found some way to get at ultra-secure information like your iris image from the bank, they could get your PIN too, but I've never in my life heard of a single case where a PIN was retrieved from a bank...)
Re:Backup system would be needed as well
by
Fastolfe
·
· Score: 1
If you experience some sort of permanent or semi-permanent change, you'd probably want to make a quick visit to your bank to refresh that biometric data.
Though, like the other poster mentioned, iris scanning probably won't be the only way you can access your funds from an ATM.
If you're wearing a contact lens designed to obscure the iris, naturally, iris recognition systems will fail to recognize your iris.
I doubt that this will be the only way to retrieve funds from your local ATM, however. There surely will be backup methods (like your traditional ATM card + PIN).
Re:We need this on the desktop
by
slim
·
· Score: 3
Hrm, the problem there is that an ATM can know (to some level of trustworthiness) that the data it's getting really is from an eye scanner. If the data's coming off the net, who knows - it might be coming off a hard disk, grabbed from a sniffer, or anywhere.... If your password gets compromised, you can change it.... how do you change your eyes?
There's a funny thing about retina scans: In mid-1980sh, it was discovered that AIDS virus does transfer with eye fluids. It was discovered when some major biometrics conference was under way. Noone at the conference agreed to test retina scanner, and that was the death of retina scanners.
Bad misinformation. HIV virus can sometimes be _detected_ in tears but there are _no_ known cases of transmission via this route. If possible, it must be _extremely_ rare and difficult or it would have been seen by now. That is not to say there is no worry since many infections _can_ be spread eye-to-eye but HIV is not one of them. Please, please get facts straight on this very serious topic. Robin Colgrove MD Laboratory of Molecular Retrovirology Division of Infectious Diseases Beth Israel Deaconess Medical Center Harvard School of Medicine
-- Good judgement comes from experience, and experience comes from bad judgement. - W. Wriston, former Citibank CEO
Getting your "eye" riped ..
by
Ex-NT-User
·
· Score: 1
won't work. Neither will a color copy of your face. From what I remeber about these systems (Gata love the Discovery channel) they won't work if the eye is no longer attached to the user. The systems check to ensure that the eye is still "alive". (Small changes/fluctuations in the iris)
If someone mugs you and pokes out your eye the ATM will not authenticate it (the eye) because these changes will no longer occur. A picture won't work for the same reason.
The only way you can be mugged is either after you got the money out. Or haveing the mugger make you takout the cash at gun point at the cash machine. So nothing has really changed with the exception of not having to remeber a card and a pin number.
They didn't say how they tested that it works.. just that it does. I figure they did it with animals or something like that. (I know not a pleasant thought)
Ex-Nt-User
Re:Actually, we need an open source directory serv
by
osi
·
· Score: 1
OpenLDAP isn't bad at all. Dig up the nss_ldap module and you can store anything that NSS would use in a LDAP directory. LDAP is great!
As a side note, how do these things work with people who wear contacts sometimes and glasses other times. Would they not be able to wear contacts while using the ATM because it would mess up the iris scan? Anyone who knows something about this would be helpful, I don't want to look forward to a life where I have to take out my contacts every time I want to get money.
But what about those novelty contacts? You know cat slits, biohazad symbols and alike that completely obscure the iris. But as long as it can handle the full eye chrome set I'm looking at I will be happy.
The iris pattern is processed and encoded into an IrisCode, which is stored in a database and used for recognition in any transaction when a live iris is presented for comparison. Eyeglasses and contact lenses are accommodated easily.
of course, this is specific to that company's implementation of iris recognition, but i suspect that it's all in the method. if you can algorithmically process an image of an iris into a representation that matches even after optical distortion, then you're set.
1) The thing requires the eye to be alive. Won't work with a goughed out eye anyway.
2) In comment to the guy talking about now someone will wait until you scan your eye and then shoot you or some such nonsense, WHERE ARE YOU LIVING? That happens all the time anyway.
This is so much more secure than an ATM card... the biggest valid problem I've heard with it was the fact that a parent doesn't have the option of telling their kid "go get me $40" or having a friend do it.
These, BTW, aren't anything new, its just the non-testing installation of it thats new. There've been a bunch of banks around the country doing it for a year or so on a testing basis, or at least so I remember reading last year.
Braile buttons or not, there's not very many ATM machines usable by the blind anyway.
I've never heard one voice prompt me...
Re:But a high-rez display with appropriate softwar
by
tgd
·
· Score: 1
I seem to recall reading last year that the visual range the scanners use is not the human-visible range, which is what miniaturized monitors display in.
I think they're into the near infared, so that the image remains contrasty with people whose eye color changes, etc...
Either way, I'd guess if you had a way to get a hires animated image of someone's eye, and fool the machine (which has to be looking for other facial items to even locate the eye -- you don't stick them in front of the camera with these), you're probably clever enough to steal the money from the bank in less easily-catchable ways than stealing from an ATM.
You do know that ATM machines photograph every transaction right? You're gonna look pretty silly holding the display over one of your eyes and hoping it'll work.
Iris scans and Friday nights...
by
dattaway
·
· Score: 1
It also says an iris contains 266 points of information, a lot more than a fingerprint. Put that in your pipe and smoke it.
In short time, ye old peace pipe can route more than 266 points of information on thee iris! After a night on the town, it might refuse to hand over the dough!
How long will it take for iris roadside checkpoints to catch the drivers that have been hammered and stoned? "We saw your red eyes all the way down the block, step out of the car please!"
Everyone who's worried about getting mugged for their eyeballs -- do you have any idea how unlikely this is? Here's a breakdown:
The mugger must knock you out and steal your wallet. This risk is already present.
The mugger must not immediately leave the scene of the crime, even though he's already got whatever cash and credit cards you were carrying.
The mugger must now use his scalpel, forceps, grapefruit spoon, melon baller, or whatever else he's got handy to remove your eyeball from the socket and sever the optic nerve and muscles that hold it in place, all without puncturing the eyeball in the process (which would probably result in an unusable iris due to the influx of blood).
You must not wake up during any of this.
Because of the $300-per-day limit your bank undoubtedly has on ATM withdrawals, the mugger must now appear on security video at multiple ATM locations over several days holding a severed eyeball, or the whole endeavor is only mildly profitable given the risk. Additionally, the eyeball must maintain its appearance for quite some time with no hydration or blood supply. Formaldehyde may help here; I don't know.
Conclusion: scalpel gangs are not going to rule the streets anytime soon. I'd be more worried about the reliability of the hardware, and the fact that while you can change a PIN, you can't easily change your iris pattern.
What we need is a reliable anonymous electronic payment system.
In a way, we have this already. Have you ever used a pre-paid phone card? You pop your money in, you get a card worth whatever you paid (typical amounts: $5, $10, $20) with an ID number on it.
There's no way to associate that card with you because the PIN (really an account number) is set when the card is printed, long before you walk up to the machine. Ran out? Get another!
A similar system is the DC metro, where you put money into a machine and get a paper card with a mag-strip on it. When you go through the gate you pop the card into a slot; at the other side you get a new card with the amount left printed on it. When you don't have enough left to go through a gate, you can pop the card into a farecard machine and add money; the value of the old card is added to what you put in and you get a new card.
I think a hybrid of these would work. You'd have a machine like an ATM, run by Your Favorite Credit Card Company. You put money in, give it a PIN for cash withdrawals and it spits out a card with a magstripe. Then you take this to a merchant and they run it through just like a Visa card.
The merchant knows they'll get their money because it's run by Visa (or whoever). You have your privacy.
Who's to say some criminal won't just sit by the ATM, and when you go to withdraw, he pulls a gun off-camera, and tells you to give him the $300 you just withdrew?
I mean, all we've done here is make the crime all the more violent and personal, with the added bonus of throwing your privacy out the window. I *like* anonymity. I don't care that there's a %0.01 chance that somebody might guess my pin and rip me off - that's what insurance is for. All I'm seeing is a bunch of greedy companies trying to keep the criminal element out... by compromising our privacy and anonymity.
Good points, all... so what is the likelihood of a nationwide (or worldwide) retina database that business owners can access for a fee? Gov't sponsored registration of all US citizens at birth (or at full retinal development age).
There could be a lock system, implemented at Customs, so that upon entry to the US, you pass through, show your visa, and scan your peepers; this "logs you in" to America and lets you buy things legally--life becomes much more difficult for illegal immigrants.
Sure, you'll have business owners who won't subscribe-- they'll put "cash only" signs in their windows, or an eye in a slashed red circle, and get a reputation for being 'swarthy' and 'unreliable' places; the media could portray them as such, and make a bigger deal out of robberies. To combat this backlash and show that a business has implemented eyeball-based payment, they could put a small picture of an eye on their door or window.
Now, I'm sure the NSA and FBI would love that--tap the machines that read from the database and flag the locations of known criminals. The eyeball could stand for that well-worn phrase about Big Brother's voyeuristic habits.
Because of the $300-per-day limit your bank undoubtedly has on ATM withdrawals, the mugger must now appear on security video at multiple ATM locations over several days holding a severed eyeball, or the whole endeavor is only mildly profitable given the risk.
ROTFLMAO!
(sorry about the zero-content posting, but I had to congratulate djw for providing me with the funniest mental image I've had all day. Cheers djw:-)
Iris scanning for ATMs aims at solving a symptom (reliable access to cash) to a problem (cash itself).
What we need is a reliable anonymous electronic payment system. I think Mondex is close to this (although I don't know too much about it myself). Something where you can charge an electronic card up with cash units from your credit card in the comfort of your own home would give you:
1/ Greater security, since you're not getting a large quantity of cash at an obvious crime target (static ATM). 2/ You don't need to carry so much anonymous money , since you can recharge at your leisure.
Differentiating between anonymous money and verified money is important. Verified money (with a good verification system) is difficult to steal (a signature on a credit card slip is verified but it's not a good system). Anonymous money is necessary for your privacy, but is more attractive to criminals. The convertion point where you exchange verified -> anonymous money carries the greatest security risk and the sooner it is removed from public places the better.
I believe it is is iris scanning...
by
RealTime
·
· Score: 0
not retina scanning.
--
Yesterday it worked; today it is not working; Windows is like that...
I'd think that biometrics would be a security risk
by
cpt+kangarooski
·
· Score: 3
Think about it - you've just eliminated the current ideal of compartmentalizing your proofs of identity (e.g. passwords, accounts, etc.) by having them all use a single key. Namely your eyeball, which will, sooner or later, not be all that useful once someone figures out how to spoof the scanner.
I'll stick with different passwords for everything important, thanks.
-- --
This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
I can't imagine why anyone would even _think_ about having one's finger pricked for a drop of blood should be good enough for determining identity anyway.
That must be one of the most insecure ways of identification, except for the From field in e-mail messages or news articles.
If you believe that DNA is good enough to identify you, and at the same time think it is scary that virtually anybody can pick up the scraps of your own body you leave behind to _track_ you down, I'm really, really surprised that you can't connect the two to:
The same virtually anybodies can take those scraps of skin, hair, blood remains etc from your garbage, hotel room, car, whatever _and put it somewhere else_, pretending that you were there. But of course you weren't there, just some minor parts of you somebody else stole.
You don't have to see "Conspiracy Theory" and believe in it to think that these things can happen. They can happen because someone has thought about it, and because there tend to be people who abuse every new thing they can come across. That can be your everyday psychopathical specimen, it can be a super-secret government agency (for which government?), it can be organized crime, it can be a prankster, it could be an accident.
So don't go around trusting DNA to be of any help.
What are the alternatives, then, if you don't believe an iris or retina scan is good enough?
Well, you can apply some modern image recognition software. Today, it's possible to recognize a person from her facial features, even through physical changes such as minor injuries (swollen eye, fresh cut across the face, etc), with a precision similar to that of fingerprints (I honestly cannot remember which way is more sure, except for fingerprints having lots of "proven" technology behind it).
This makes it possible to recognize that person's most common facial expressions.
Take this one step further, into recognizing several facial expressions in succession (that is, the way your face changes).
Use cameras from several angles to make sure that it is a real person, and not some face superimposed on a dummy/robot.
Require that your voice is synchronized with (and matches) your facial movements when you say "I want to withdraw some money" (or whatever your not-so-secret passphrase is).
Feel free to combine this with some other method that can be performed simultaneously, such as measuring iris response to varying light level, blood pressure and pulse, perhaps even the fingerprint (but that can be faked more easily).
The bonus for the customer is that this would take less energy and time than remembering a PIN code and punching it in, and/or leaning towards a scanner to measure the exact retina, but would still be at least as secure.
The downer is that this technology has yet to be actually implemented, tested and "proven" in a real user environment, and that it'll probably be a bit expensive for the next five years or so, until technology catches up and becomes really cheap.
This doesn't prevent someone from threatening you or your family to force you to withdraw money, buy a Corvette or whatever, but what does? Maybe sometime in the future, we can actually determine for sure whether someone is under pressure for doing things, and that she shouldn't be doing it. I somehow doubt that, but we'll hopefully live to see.
Being someone who is confined to a wheelchair, I am curious as to where the camera is located. I assume that they are positioned for a standing person of average height, which would be impossible for me to get to.
I hope that they are providing an alternate way of identifing yourself. Like the old-fashioned ATM card with a PIN.
Re:Iris scans not retina scans...
by
Old+Man+Kensey
·
· Score: 1
Ares wrote:
I doubt most people would want to subject themselves to a retina scan given the current state of the art. It requires the scanner to come into direct contact with the eye.
Actually, no.
I had a retinal photo the other day as part of my latest eye exam. The lens does get close-in, but it didn't touch my eye. It does shine a very bright linear light in, and the camera rotates from one side to the other (like a panoramic camera).
The afterimage of the light had very clear tracery of the retinal blood vessels in it.
-- -- Old Man Kensey
Actually, we need an open source directory service
by
cthonious
·
· Score: 2
Something like NDS, but it won't do it any good until all the server apps are directory enabled.
sendmail, imap, inn, nfs, lpd, apache... all this stuff needs to be directory enabled. This way one can log on once and have access to all the network resources that are directory-aware.
We do have Open LDAP but I find it a bitch to set up and use. Don't know much about the Open Group's DCE, it looks expensive.
I guess one could roll one's own (using PAM and such), but that is more work than most people care to do.
--
support gun control: take guns from cops
Iris scans not retina scans...
by
Ares
·
· Score: 2
Everyone seems to be pointing this out. Can't imagine why. Anyway, I doubt most people would want to subject themselves to a retina scan given the current state of the art. It requires the scanner to come into direct contact with the eye. Not exactly my idea of a good time.
Re:Iris scans not retina scans...
by
Duke+of+URL
·
· Score: 2
Is that true? You need to put your eye against the scanner? I would NEVER put my cornea up against anything else that other people may have toched in any fashion. The cornea (clear part over your iris) does not receive direct blood flow, thus it is more difficult to fight off infections which could be picked up from direct contact with the scanner.
Here's a link to a picutre of the anatomy of the eye
Re:Bypassing this security
by
MenTaLguY
·
· Score: 1
as someone who is not likely to have time to see the movie, how did they do it?
The person who sent in this link makes an excellent point... I wouldn't want to be mugged for my eyes. That's why I find it stupid to only have a single form of authentication. A PIN number or some other code should be used as well, to make eyes less attractive to would-be theives.
1. something you HAVE 2. something you ARE 3. something you KNOW
/me shrugs.:)
Re:Another privacy concern...
by
Fletch
·
· Score: 1
having a PIN should be the customers option when he/she signs up for the account.
Re:yeah, but what about...
by
JerkBoB
·
· Score: 1
I don't think that the system cares about iris color. Have you ever looked at an iris closely? There are all kinds of blobs and squiggles, and those are what the system records.
Incidentally, my eyes change color, as well. It's kinda fun. My eyes are brown or green or somewhere in between, depending on my mood.
-- A host is a host from coast to coast...
Unless it's down, or slow, or fails to POST!
Fashion Models better ATM disable their accounts
by
Jon+Luckey
·
· Score: 2
An Iris is pretty huge. From what I can tell from the article, that the eyes are not very close to the scanner and must have a fair amount of variation in closeness to the camera.
I am sure that there are plenty of pretty high resolution photographs that show details of people's irises. For example, people on magazine covers. How difficult would it be to laser print one on an elastimer sheet, and distort the iris sections mechanically to simulate pupil contraction. A photocell here, a solinoid there, ia bit of circuitry, and boom, a photosenisitve facial fascimle.
Sure magazine could use photoshop or such to replace irises in pictures before publication, but what about the thousands of pictures already out there.
Irises are just too 'out-there' in plain sight. Its like walking around with your pin number tatooed on your face. Anyone with a telephoto camera could steal it.
--
-- 3 events that reshaped the world in the 20th century: WW1, WW2, and WWW
Do these machines have instructions in Braille?
by
fishbowl
·
· Score: 2
How do they get around the A.D.A.? (There are Americans without eyes...)
-- -fb
Everything not expressly forbidden is now mandatory.
Re:We need this on the desktop
by
XNormal
·
· Score: 1
Using biometrics on your desktop for securing network access is tempting but it is also very dangerous - there must be a secure path from the reader to the verifier. In the case of an ATM it is physically secured inside the ATM strongbox. On a network it would have to be a combination of cryptographic authentication and a tamper-resistant reader (no such thing as tamperproof).
Without this it would be ridiculously easy to sniff your iris/finger/hand/face/voice print over the network and impersonate you.
The embedded cryptographic engine inside the tamper resistant reader would use a challenge-response algorithm to ensure that:
1. The scan comes from a real scanner 2. The scan has been performed in the last few seconds.
Without this, it is useless.
--
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
Desktop biometrics - dangerous unless done right
by
XNormal
·
· Score: 5
Using biometrics on your desktop for securing network logins is tempting but it is also very dangerous - there must be a secure path from the reader to the verifier. In the case of an ATM it is physically secured inside the ATM strongbox. On a network it would have to be a combination of cryptographic authentication and a tamper-resistant reader (no such thing as tamperproof).
Without this it would be ridiculously easy to sniff your iris/finger/hand/face/voice print over the network and impersonate you.
The embedded cryptographic engine inside the tamper resistant reader would use a challenge-response algorithm to enable the server to ensure that:
1. The scan comes from a real scanner 2. The scan has been performed in the last few seconds.
Without this, it is useless.
--
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
iris images being stored.
by
magister
·
· Score: 1
First off this sounds very insecure. i work on computers 24/7 and i dont trust any computer outside my reach. I think they should implement a more secure method.
My idea would be more like, when applying for the account they have a randomly generated 4096byte key genrated, this would be used to unlock you accound when it needs to be accessed to with draw from an ATM or else ware. Then they could use you iris as the encrypting key using somthing like RSA's RC5-64, or somthing better.
That way when you goto get some money from the ATM machine it just uses you IRIS to decrypt the key to unlock you account. no need to store you iris, execpt in your head:).
It just seems more secure that way, cause if some one did break into the banks computers, then they would be trying to decrypt keys for a long time, you will probly be dead and have passed you money on in your will befor it gets cracked.
-- -magister-
They won't have to take your eyeballs
by
ch-chuck
·
· Score: 1
Sounds like it might be fairly trivial to get somebody's retina scan - Don't know anything about it but the article sounded like you just stand there - does one have to put there eye up to something like looking into a microscope to be verified?
Another privacy concern...
by
MAXOMENOS
·
· Score: 4
The inventor of this technology assures us that photographs of irises will not be distributed outside of the bank. But as we know, accidents (and outright negligence, and occasional criminal behavior) do happen.
It's easy to replace a stolen ATM card, and maybe even to get your ATM number changed. But what if your iris image gets stolen?? Once that cat is out of the bag, how can the bank ever trust your eyes again, and how can you ever prove that it wasn't you who withdrew $700 in Jamaica?
At the very least, they should incorporate a PIN number with this, to ensure that fraud doesn't occur. Even if they have your eyes, they can't get your money without a PIN. In my mind this would be the best solution all around: no card to lose, your eyes become immensely less valuable for a mugger, and if your iris photo is stolen, it only increases their chances of stealing your money to one in ten thousand. I'm not saying iris checking with PIN is crimeproof, but iris checking with no PIN is a rotten idea.
Problems with Pregenant women resolved?
by
afniv
·
· Score: 1
Some years ago (3 or 4 years), I was shown a tour of a highly secured U.S. Air Force base. There was some talk about some of the security measures. I never observed this particular one, but to enter certain areas, one had to stand in a small phone booth size compartment (so only one person could enter) and then would have to submit to a retinal scan before the person would be allowed through.
It was discovered, using these devices, that a woman's retina changes slightly during a pregnancy. I guess more than a few times the poor trapped woman trying to get into the secured area would set off the alarm and immediately be surrounded by armed security guards. Supposedly, this was how some women first learned they were pregnant.
I wonder if this is true for modern retinal scanners? Either that or your money is safe if your wife is pregnant.
~afniv "Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
-- ~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
Richard von Weizs
I'm actually sure if it was a retinal or an iris scan. If it was retinal, perhaps the iris scan is immune from changes during a pregnancy.
~afniv "Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
-- ~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
Richard von Weizs
Actually...it's *iris* scanning...
by
dschuetz
·
· Score: 3
I hate to be picky, but these machines scan the details of your iris (the color in your eyes around the pupil), not the retina (which requires, IIRC, bright light and a close-in lens).
Other-n-that, pretty darned cool. Though I'd still like to have a code of some sort (might be nice to have an "emergency" code that'd provide money, but call the cops, too...or something like that...)
No need to worry, even evil twin brothers have different fingerprints. Fingerprints are influenced by your development in the womb rather than your genetics. (Warning this information was retrived from an unreliable source, my memory).
Re:But a high-rez display with appropriate softwar
by
baglunch
·
· Score: 1
So you have a larger central light source that brightens and dims randomly. You have a series of LEDs around it's border. These LEDs turn on one at a time in a random fashion. The combination of these two random events, coupled with your iris's reponse to them should provide a pretty compelling security arrangement. But I don't think that this is sufficient. It would be nice to have a brainwave recognition complement to the iris ID. When you are getting your iris scan, you think of something in particular and don't tell anyone. So your iris pattern is recognized in conjunction with how your eye responds to what you are thinking of, combined with the particular pattern of your brainwaves upon thinking of this something. Even if everyone thought of Sex with the same person in the same position in the same setting, etc., everyone would think of it in different ways, would have different brainwave patterns, and different iris reactions. It'd be interesting to see a spoof that circumvented this.
--
Work is for people who lack the imagination to play.
Re:Bypassing this security
by
smileyy
·
· Score: 1
And good riddance, if you ask me. When you see things like this working in science fiction it assumes a totally secure system, which we all know cannot be built. I would much rather see advances in smart-cards and e-cash, something that retains the anonimity of paper money (anyone read Shadowrun?). If this doesn't get shot down, 10 years from now you won't have any cards, you'll just get your eye scanned everywhere. That gives crackers way more power, because once the system is breached your whole identity can be stolen. If someone steals your drivers license, you can get a new one and invalidate the old. If someone replaces your iris scan with thier own, how do you prove you were ever you? Besides which, are PIN's really that insecure? The people who get thier accounts raided are the ones SMRT enough to write it on the card, or use 1111. Do we really need to give away all our privacy to protect morons from themselves?
How do you revoke your iris
by
Squamus
·
· Score: 1
One of the primary tenents of a good auth system is revocation. The system will eventually be hacked, count on it; and when it is, how does the unfortunate viction go about getting a new "password".
Wasn't this already tried in the UK? I'm sure one of the banks over here ran a trial with a few machines. It was very popular IIRC. People loved being able to do without their cards.
Yup, I remember seeing it on "Tomorrow's World" several months ago. In Swindon I think - every new technology seems to get trialled there, the demographics of the population map almost exactly onto the national population, or something. Anyway, I seem to remember that you still needed a card - you didn't have to remember a PIN tho'. You'll still need a card anyway - debit/credit card, or cheque guarantee, so why bother?
I'm curious as to how crooks/con artists are going to try and bypass this kind of security. Maybe we'll see a black market pop up for glass eyes that are replicas of legitimate bank customers' eyes.:-)
Re:Bypassing this security
by
tofupup
·
· Score: 1
settle down bevis
Re:Bypassing this security
by
periscope
·
· Score: 1
An "easy" way around this little problem is to use RF signals. As anyone knows, electronic devices such as ATMs use electronic control signals. Transmitting on the correct frequency will cause the eye-scanner to "think" that it is receiving scan pictures - actually, they will be radio signals interfering with its operation. SECOND WAY to do this is as follows.... YOU ***ALL*** SHOULD BY NOW know those new projectors which use lazers to project pictures into your eye instead of using areal screen? Well, just use one of those to project an iris scan onto the screen. 3. Hack into the back computer and add your own scan in place of someone else's (best use someone else's iris - in case you get cought...:-). 4. I will NEVER let any bank store my IRIS scan unless ***THEY*** sign a contract to say who sees it (this will include not divulging it to the US government or the police. Furthermore, I would demand to be allowed to attempt to hack in to the computer to see how secure it is. At this point I would expect to be told where to go, so you can see that I won't be having an IRIS controlled bank account anytime soon....:-)
-- http://www.jonmasters.org/
Re:Bypassing this security
by
MindStalker
·
· Score: 1
I saw it, but couldn't quite make it out though basically what they did was they had a friend who worked where this guy went in for an eye exam. So their friend was able to get a copy of the retna/iris scan from the computer at the doctors while it was being scanned. And they created some sorta interface.. I couldn't quite make out what it was quick moving movie that used this information and spit it into the scanner
Re:Bypassing this security
by
p00ploop
·
· Score: 1
Hmm.... Sounds like a classic birthday problem to me.
If you haven't seen "Entrapment" yet, do so - it's got an interesting way to get aroung this problem, and it didn't seem too "techie" - seemed reasonably doable.
When I saw (what I assume is) the underlying work presented about 6 years ago (by the inventor), he said you could ensure it was a real living iris by stimulating it with light and monitoring how it reacts - the check test worked regardless of pupil size as the iris just shrinks when the pupil is enlarged, so the pattern remains the same.
ISTR the test used a Gabor function on the scanned pattern, and it worked when there was the iris occupied about 80 pixels or more in diameter.
if I'm going to hold you up at the ATM machine, I can now just slam your face against the glass and let it scan you. No more extorting PIN codes. This will have a zero result on security, with the exception that ATM fraud will decrease. Though, who's to say you couldn't create a fake iris which you could encode at will, just like they have for the magnetic strips on credit cards? Its just a computer on the other side...that's never stopped anyone before.
Iris Scanning CRACK!! Contact lenses are the key!
by
Ron+Bennett
·
· Score: 1
Seems to me that all one must do is get a high resolution photograph of someone elses irises and print these out to the aprox real size onto contact lenses. There's many methods by which this could be done.
I've even seen some movies in which spies were protrayed using such a method to defeat iris security. So it's certainly not a new idea, but one most people wouldn't think of.
Wonder how they will prevent people from bypassing IRIS security via this method?? I bet they really can't unless they also still require a PIN...but then what's the point of the whole IRIS scanning thing if one still needs a PIN anyways?? DUMB!!
Yes, I'd feel very safe with a voice prompt like... "Enter YES to verify $1000 withdrawal"
-- Eh?
Re:Bright light.... make it stop
by
th0m
·
· Score: 1
we've got to stick our eye up against some camera, while we have a really bright light shone directly into it so that it can check our iris
that's how a retina scan would be; iris scans just use a regular video image of the front of your eye, so really you're only limited to the quality of the image that a video camera can produce at distance. i think that current systems can recognize you at a distance of a foot or so.
Re:But a high-rez display with appropriate softwar
by
th0m
·
· Score: 1
assuming for argument's sake that a display could ever produce an image that was sharp and high-res enough to fool the camera, it still wouldn't work against systems that tested for a live eyeball.
if the system was looking for pupillatory oscillations it wouldn't find them, unless you were playing high-resolution video of a real eyeball. if it was generating different light levels and observing the response of the iris, the static / prerecorded video image wouldn't be up to par.
and if you were smart enough to develop an interactive, real-time, high-resolution, realistic computer-generated iris image that can behave just like a real eye and respond instantaneously to external stimuli, why the fuck would you waste your time trying to get fifty bucks out of an ATM?
one of the cool things about iris scan technology is that it (can be configured so that it) rejects 'fake' id material like a photograph of an iris, some kind of model of an eye, or even a dead guy's eyeball.
the human pupil naturally oscillates and responds to changes in light level; a particularly secure iris recognition system could make use of this by, for example, providing a variable light source over the course of a few seconds to ensure that the iris is 'live' and not somehow simulated.
this is similar to the capabilities of that desktop face-recognition software that was going around a couple years ago - you could put it in a mode where it asked you to blink or smile or something during the recognition process. a bit less convenient but a bit more secure.
Except thumbscanning sucks when you have an evil twin brother. I think irises are supposed to be different between twins.
Invasive? All you lose is your deniability!
by
FatSean
·
· Score: 1
And me? I'm for all deniability a person can get!
-- Blar.
Even worse than scalpel muggings.
by
the_tsi
·
· Score: 2
What's MORE frightening is that five years from now everyone will be getting email chain letters that talk about some guy who goes to a party, gets a drink, and wakes up in a bathtub full of ice without his eyeballs.
The story I saw on channel 4 was funny. They said this technology was only seen in the movies... I saw this about a couple months ago in Electronics Now.. But the military uses retna scanning on classified project and has been using that technology since the early 80's. "Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
I saw a thumb-scanner for using to access computers at Fry Electronics. "Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
Actually, I think thumb prints between twins are just a bit diffrent. But not 100% sure. "Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
find out that? Did they have a live person test it, then kill them and take his eye? "Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
It could be worse.. Blood dna match.. Or Sperm style system.. Haha.. "Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
"Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
-- I ate my tag line.
-=Ellis (D)25=-
Re:Did you never dissect a Cow's Eye in
by
Ellis-D
·
· Score: 0
Nope..Just Worms and frogs.. => I made the statement to be a smart ass.. "Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
It's funny that the article mentions James Bond and says how this technology is like out of those movies. Well does any one remember that James Bond movie (I forget the name) when the bad guys remove someone's eye and surgically place into someone else's socket to unlock the iris reading lock.? I would think that today's medicine is not too far from being able to do this (if not already). Not that you'd do this to get money from ATM but if this technology becomes pervasive for other more important things...
Re:James Bond and eye removal
by
Winkel
·
· Score: 1
They do retina transplants every day. Its a big deal. So I guess if you get a retina of some shmoe, you also get his cash. Sounds pretty cool. Maybe Bill has a donor sticker on his drivers lisence?
"In response to questions about privacy concerns, Bank United said the iris pictures will not be distributed to anyone outside the bank."
Call me backwards, but I don't buy it. Reading Hackernews on a daily basis makes me suspicious about statements like this. I wonder how hard it would be to make a 'replica eye' or some such. I think I'll stick to my ATM for now, thanks.
-- --
'As it all washes away you know -- as it all is one, no one is alone.' -Cosmic Disorder
"In response to questions about privacy concerns, Bank United said the iris pictures will not be distributed to anyone outside the bank." Until the government thinks they need the information to help solve some 'crime' and forces the bank to give it up.. Or some company offers the bank a shitload of money for the information. Is there a written contract saying the bank won't change its stance on this in a couple years? This iris scanning stuff is 'cool' technology that has been begging for an application the last 8 years or so IMHO.
Oh, and what is the statistical occurrence of ATM fraud? 1 in 10 million (guessing here) transactions? Is this going to lower it? come on.. Its gee wiz stuff with a real privacy issue associated with it.
This yanks my chain about as much as the finger printing being done in elementary schools for 'child safety' reasons.
"...not be distributed to anyone outside the bank"...until the bank is bought out by a bigger bank, or some other firm dying to get its hands on all that luscious consumer data. I for one am not looking forward to the time when I have to disclose biometric data just to get a $@!*&%-ing checking account.
--
...disciplining the ronkeys since 3/2000...
But a high-rez display with appropriate software..
by
Kaa
·
· Score: 1
I believe that very small very high-rez displays are already available (to be used behind a magnifying glass in e.g. PDAs and cell phones). Make appropriate software to drive it and you probably (IMHO, I'm not even close to an expert) fool at least some of the iris scanning systems.
Kaa
--
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Backup system would be needed as well
by
Kaa
·
· Score: 3
The standard problem with the biometric systems: what happens if your body changes? What if I got conjuctivitis (eye inflammation)? or something happened to my brow and I have to have my eye bandaged? or I developed a temporary light sensitivity and have to wear a patch today? What about colored contact lenses?
The idea is good, but I'd like to have an alternative system available as well.
Kaa
--
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
What about contact lenses, especially the colored ones that cover up the iris? Will the blind, or those with otherwise funky eyes, have some alternate way to get cash from these machines? (I didn't see anything on the page about this.)
If these things were cheap, they'd make sweet peripherals. No chance of people finding out your password when all passwords are replaced by eye scans.
I have, but wish I hadn't. There was an ATM by my house that had a voice walk you through transactions (redundant to the commands on the monitor). For some unfathomable reason the recorded voice was a woman with a snobby sounding English accent (this was in upstate New York). It was so grating that after a while I started subconsciously avoiding that bank's ATMs.
--
...disciplining the ronkeys since 3/2000...
Re:a whole new reason for kidnapping
by
Xenu
·
· Score: 1
This is already fairly common with regular ATM cards. The robber takes the victim to the nearest ATM machine and forces the victim to withdraw cash.
Re:a whole new reason for kidnapping
by
avdp
·
· Score: 1
But we're making their lives even easier now...
my card works everywhere, so -
by
avdp
·
· Score: 1
I know there are only 3 such ATMs yet... But we are talking about the future - where presumable this would replace the current card model.
Do you only use your ATM card at your own bank??? I can use my Bank card (which is a Visa logo on it) pretty any ATM in the world. I have yet to find an ATM in the U.S. that won't take it, and so far I have also used it in Belgium, France, UK, Italy, Taiwan, Japan and Hong-Kong (I know I am missing a few country, but you get the point)...
In the hypothetical case where the Iris-thing becomes the worldwide standard on ATM (where are many many years away from that) a thief would just have to wait around an ATM, grab any random person (whether that person was just passing by, or actually intended to use the ATM is irrelevant - pretty much every living person in the western world has a bank account and an ATM card of some sort), force him to look in the camera to widthraw his cash.
It will be extremely easy to steal money.
As I said, the iris thing is definetely convienient (no need to remember to bring a card or remember a code), but as far as safety, i am not comfortable with it. At least not without a secret code of some sort in conjunction with it.
Re:What about laser eye surgery?
by
avdp
·
· Score: 1
even if it did affected the iris scan, who cares - just go to your bank and get another picture taken. not like you're gonna get laser surgery every week or anything
a whole new reason for kidnapping
by
avdp
·
· Score: 3
Everybody has been talking about the possibilities of getting one's eyeballs ripped out of their face... Well, regardless or whether or not that would work (and it seems it wouldn't), I see an even greater danger than that! Kidnapping! Plain and simple!
here is the scenario i am imagining...
you're walking somewhere, not suspecting anything bad.
a stranger comes next to you, tell you he has a gun, to be real quite. maybe he's holding you with a smile on his face, you know - like two friends or something.
walks to an ATM, tells you to look at the machine
widthraw cash
either kills you, or just run
Think about it! at least with a card or a pin, if you don't carry the card with you, there is nothing the criminal can do. And if you do carry it with you(I suspect most of us do), at least you have the option not to give the pin. or give a wrong pin, or something! With the eye thing, you can't leaves your eyes home, and you can't lie. Seems like a criminals' perfect situation.
Well there are many way one could easly set up a secure connection for sending the password.. Or even create somelike like a public key where its password is your eyescan. That way the server could send you random characters you could then digitally sign those caracters with your scan then send it back where it can be verified with your public key. Or something crazy like that that way both your private key and your retna would have to be stolen to break your security.. The private key could easily be changed if there is a break. And it could be carried around on a smart card.
The number of passwords that a busy Net user (like me) has to remember is getting silly. I have a system for passwords which works most of the time, but I'd much rather get rid of the silly things.
What we need, and which may well happen within a few years, is a system like this for the desktop. It might work something like this: you'd run an iris scan server on each machine on the network. When authenication is required, the remote host connects to your iris scan server which gets the little camera mounted on your monitor to ID you using your iris pattern and send the data back just like a password.
Heh, this means that breaking ATM security will be easier than ever. Just catch some assh*le. Take of his eye with a fork and go to ATM to collect your well earned money:-)
While this sounds cool, I do have one question about it. If your picture isn't released outside the bank and you don't have a ATM card and PIN then you couldn't use other banks ATMs even if they had eye scanners. Also at the moment you can't the this any on the other point of sale location that you can use an ATM card, like a gas station. You would be stuck using only the couple of eye-scanning ATMs at your banks' locations.
Currently I guess you would also need a normal ATM card and memorized PIN for times when you couldn't use your own banks ATMs, so it is more of a cute tech than anything really useful.
I don't think this would be a problem if every ATM had an iris scanner. Currently, your account information is only stored at your bank. If you use another bank's ATM, or a gas station's ATM, their system connects to your bank's to verify that the PIN is correct. What would stop them from doing the same, but with your iris information rather than your PIN information?
If the banks decide to go through with the changeover, they would have to continue to issue ATM cards until the majority of ATMs have the iris scanners installed. (I'm bummed that it doesn't scan the retina...'retinal scanner' just sounds so much cooler.)
I happen to have a copy of the "Proceedings of the IEEE", Sept 97 (vol 85, no. 9) edition on my desktop. It's a special issue on Automated Biometrics. The first paper is on Iris Recognition (the technology used here, not retina scans as the poster suggested). Some quotes from it might help clarify some of the issues raised here.
Addressing uniqueness of irises "Claims that the structure of the iris is unique to an individual and is stable with age comes from two main sources. The first source of evidence is clinical observations. During the course of examining large numbers of eyes, opthamologists and anatomists have noted that the detailed pattern of an iris, even the left and right iris of a single person, seems to be highly distinctive. Further in cases with repeated observations, the patterns seem to vary little, at least past childhood. The second source of evidence is developmental biology. There, one finds that while the general structure of the iris is genetically determined, the particulars of its minutiae are critically dependent on circumstances (e.g. the initial conditions in the embryonic precursor to the iris)." Note: this should even prevent people from cloning eyeballs from someone's DNA. Addressing using an eye plucked out of someone's head, or using a dead body's eye "Due to the complex interplay of the iris' muscles, the diameter of the pupil is in a constant state of small oscillation. Potentially, this movement could be monitored to make sure that a live specimen is being evaluated. Further, since the iris reacts very quickly to changes in impinging illumination (e.g., on the order of hundreds of milliseconds for contraction), monitoring the reaction to a controlled illuminant could provide similar evidence." Regarding having to put your eye up to an eyepiece "The Daugman system captures images with the iris diameter typically between 100 and 200 pixels from a distance of 15-46 cm using a 330-mm lens. Similarly the Wildes et al. system images the iris with approximately 256 pixels across the diameter from 20cm using an 80-mm lens." Regarding glasses / contacts "Further, by careful positioning of the light source below the operator, reflections of the point source off eyeglasses can be avoided in the imaged iris." Regarding eye color / colored contacts "Further, both systems essentially eschew color information in their use of monochrome cameras with 8-b gray-level resolution. Presumably, color information could provide additional discriminatory power."
I happen to have a copy of the "Proceedings of the IEEE", Sept 97 (vol 85, no. 9) edition on my desktop. It's a special issue on Automated Biometrics. The first paper is on Iris Recognition (the technology used here, not retina scans as the poster suggested). Some quotes from it might help clarify some of the issues raised here.
Addressing uniqueness of irises
"Claims that the structure of the iris is unique to an individual and is stable with age comes from two main sources. The first source of evidence is clinical observations. During the course of examining large numbers of eyes, opthamologists and anatomists have noted that the detailed pattern of an iris, even the left and right iris of a single person, seems to be highly distinctive. Further in cases with repeated observations, the patterns seem to vary little, at least past childhood. The second source of evidence is developmental biology. There, one finds that while the general structure of the iris is genetically determined, the particulars of its minutiae are critically dependent on circumstances (e.g. the initial conditions in the embryonic precursor to the iris)." Note: this should even prevent people from cloning eyeballs from someone's DNA.
Addressing using an eye plucked out of someone's head, or using a dead body's eye
"Due to the complex interplay of the iris' muscles, the diameter of the pupil is in a constant state of small oscillation. Potentially, this movement could be monitored to make sure that a live specimen is being evaluated. Further, since the iris reacts very quickly to changes in impinging illumination (e.g., on the order of hundreds of milliseconds for contraction), monitoring the reaction to a controlled illuminant could provide similar evidence."
Regarding having to put your eye up to an eyepiece
"The Daugman system captures images with the iris diameter typically between 100 and 200 pixels from a distance of 15-46 cm using a 330-mm lens. Similarly the Wildes et al. system images the iris with approximately 256 pixels across the diameter from 20cm using an 80-mm lens."
Regarding glasses / contacts
"Further, by careful positioning of the light source below the operator, reflections of the point source off eyeglasses can be avoided in the imaged iris."
Regarding eye color / colored contacts
"Further, both systems essentially eschew color information in their use of monochrome cameras with 8-b gray-level resolution. Presumably, color information could provide additional discriminatory power."
quit worrying about being mugged for your eyes
by
Merk
·
· Score: 3
Just the other week I happened to be looking through the Sept. 1997 "Proceedings of the IEEE", which was a special issue on Automated Biometric Systems.
They mention that it is possible to tell whether the eye is alive or not:
Another interesting aspect of the iris from a biometric point of view has to do with its moment-to-moment dynamics. Due to the complex interplay of the iris' muscles, the diameter of the pupil is in a constant state of small oscillation. Potentially, this movement could be monitored to make sure that a live specimen is being evaluated. Further, since the iris reacts very quickly to changes in impinging illumination (e.g., on the order of hundreds of milliseconds for contraction), monitoring the reaction to a controlled illuminant could provide similar evidence. In contrast, upon morbidity, the iris contracts and hardens, facts that may have ramifications for its use in forensics.
This article even mentions Never Say Never Again as a way iris recognition came to popular attention. My guess is that people who have worked on iris recognition are familliar with its use in movies and books and have tried to overcome potential deficiencies that have been suggested there.
So if these guys did their homework you won't have to worry about being mugged for your eyes.
I'm not worried about people being able to spoof my eyeball, but I don't like the idea of a bank recording a unique physical characteristic. I don't let anyone fingerprint me. I don't give out my SSN just because someone asks for it. So I'll be danged if I'm going to let someone record the characteristics of my iris.
This is a slippery slope, folks. PINs are a pain, but they at least are optional.
Hate to be picky, but Simon Felix didn't use the warden's eye to get his money, but instead to get out of the corrections facility.
:-)
You thought the Pentium III Id was invasive...
by
RiverRat
·
· Score: 2
At least it tracked just a computer around the Internet. This tracks you! Not an employee who checked out the company laptop after you or your brother who borrowed it. Also, this is like having one user id and password for all your accounts. When someone figures out how to spoof it, look out. Melissa is a warning about monoculture systems. Bio-diversity and techo-diversity make for more robust systems.
I don't know if it would work...but couldn't you just vary the brightness of a light to see if the pupil even reacts to to it? I would think that making the iris move appropriately for a dead eye would be a bigger pain than its worth;-)
Ok, so I knew this girl whose iris-color changes according to her mood. She had brilliant blue eyes when feeling normal, but when excited or very relaxed, would turn an amazing shade of green.
Also, how does it handle pupil dilation (iris contraction)?
Plus, I understand that someone who smokes pot regularly will get a sort of tan "flare" to the iris around the pupil.
How do they take into account such things?
What about laser eye surgery?
by
fluffhead
·
· Score: 1
Anybody know if getting your eyes lasered to correct poor vision would affect this? I would guess not, since AFAIK the laser only vaporizes part of the cornea, which is transparent, but I'm no opthamologist. Plus, this might be a way to spoof it if a sufficiently advanced technique for modifying the iris (dye injection, combined with various color lasers at absorption spectra of the dye, to repaint the patterns) were ever developed (I'm sure NSA/CIA/etc. are working on it now....;-).
#include "disclaim.h"
--
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
Sometimes I am very relieved to live in backwards old England... it'll be 20 years til that technology gets implemented here.
Eye Anatomy and Informed Opinion
by
DrRobin
·
· Score: 1
I was relieved to see that many slashdotters quickly grokked the difference between iris scanning and retinal scanning but alarmed at many totally clueless misconceptions about what goes where in eye-land. C'mon folks, this is the kind of uninformed blathering for which we love to bash the non-geek world. If it's not worth the effort to get the facts before posting, it's not worth the rest of our eyeball-time for reading. At the risk of slashdotting this great site, check out the interactive cow's eye dissection at the San Francisco Exploratorium (URL deleted to slow down the slashdot effect). As a bonus, here's an experiment to impress you about the amazing active control of the eye: Stand in front of a mirror close enough to see the patterns in your iris. Now, tip your head slowly left and right and watch what happens to the eyeball. Tres Cool, I think. I knew all those years in med school must've been good for something.
Did you never dissect a Cow's Eye in
by
Rocket+Boy
·
· Score: 1
Biology class? Our room had about 30 so I think a comp company can scrounge up a few for testing.
Live Cows are not all that hard to find either.
RB
Yes and no... How an ATM works
by
Rocket+Boy
·
· Score: 1
ATM's are hooked to the branches computer which in turn, is hooked up to the banks main computer. That computer at the central location, is hooked into the PULSE, MAC, Cirrus, or similar system. Those groups already know your bank and account numbers along with the pin.
You slide the card in, punch the pin, do your transaction, the ATM goes up the chain where the clearing house to verify if all the numbers add up (Correct Pin, Acct, balance..). If yes, the money gets dispensed and the transaction gets recorded. The only thing that changes is instead of the card activating that, the encoded scan gets fed into the data stream.
RB
Bright light.... make it stop
by
tykeal
·
· Score: 2
An iris scan, not a retina scan, so for this to work, we've got to stick our eye up against some camera, while we have a really bright light shone directly into it so that it can check our iris?
Sounds to me like that would hurt, a lot. Don't mind me, I'm just light sensitive.
Then again, what about people that have cataracts? Are they not going to be able to use those ATM's or are they still going to have to carry around a card and remember a PIN? Dear me, what's the next step to get around this, DNA scanners? Sounds like Gataga now *shiver*
Course to use a DNA scanner we'd be needing some source of DNA... they would probably want blood. There is now way that I'm walking up to a machine to get my finger pricked just so I can take money out. I'd rather carry a card and remember a PIN.
This technology could easily die on the vine due to the "Hindenberg" effect. Dirigibles (sp?) and Hydrogen as a power source were effectively killed, or at least seriously damaged by the crash of the Hindenberg. Despite the fact that helium-based dirigibles should be totally safe from the accident that happened to the Hindenberg, and that advances in Hydrogen -absorbing and -releasing alloys that render it basically safe have shown promise of making hydrogen safe for awhile.
Regardless of whether or not stealing an eyeball would actually work, the various published forms of "Stupid Criminal Tricks" convinces me that someone will try it. The first time that happens, our wonderful sensationalist media will probably scare everyone away from the technology forever.
Maybe PIN's in addition to iris-recognition will keep this from happening.
Don't believe me? Try wearing a trench coat to your local high school.
What about ABM machines?
by
gonzocanuck
·
· Score: 1
:-) couldn't resist. Automatic Banking Machines. I remember that from when I was a kid, now they're all ATMs. Or maybe it's just an American/Canadian thing?:-) I worry about the language barrier sometimes, eh?;-);-)
--
Re:But a high-rez display with appropriate softwar
by
Mr.+Slippery
·
· Score: 1
If I was an evil genius who could hack together a device that would spoof the ATMs, no, I wouldn't waste my time trying to get fifty bucks out of one. I'd sell them on the black market to gansters, drug kingpins, and other criminals with street-level organizations, and let them worry about the actual thefts.
-- Tom Swiss | the infamous tms | my blog You cannot wash away blood with blood
Eye i.d.,I see.If feminine changes to eyecolor are easily accomplished with lenses,how long before this innovation gets outfoxed?A breathalizer might work.
-- icey
Open standard for iris scanning?
by
Tech+Knight
·
· Score: 2
Is this technology based on any open standards like Interac? If several banks start implementing iris scanners, will people be able to use a different brand of bank machine? And if so - doesn't that make the whole thing even more insecure?;)
The technology used for DNA matching is not fast enough or cheap enough for use in applications like ATM machines.
As far as needing blood to run a sample goes, them days are long over. I hate to sound like a conspiracy nut, but I am becoming uneasy about how powerful PCR technology is getting. These days DNA can be analyzed from samples as small as a couple dozen cells. The upshot of that you are leaving a trail of DNA breadcrumbs everywhere you go (mostly from the skin cells that are shed constantly).
Short of wrapping yourself in tyvek suit, there is really no way of preventing someone determined enough to do it from tracking your every move. With prosecutors like the diligent Mr. Starr on the loose, I find that to be an unpleasant thought.
In addition to the problems mentioned by others (like changing irises &c), this is bad news because it either reduces interoperability or kills privacy. If I want to use an ATM of another bank, I will not be able to use this iris sacn thing since only my bank has it, or, if they share the DBs, the privacy essentially disappears.
Does it still work with dead eyes?
by
ratthedd
·
· Score: 1
This is scary - remember the part in Demolition Man when an eye was removed in order to get access to an ATM?
This article didn't indicate whether or not a dead eye could still be read.
There's more info at the following news blurb from infobeat:
Slashdot Mirror
Ok, I can see the whole black market on eyeballs, and persons getting jumped and their eyes ripped out of their sockets!! Ok, who here does not have a criminal record and wants to sell me their eye, I only need one so you wont be totaly blind!!
Here in the United Kingdom of Great Britain, a building society has had these on their ATM machines for about a year...
So not the first!
Simply Senzuri (not logged in)
Backward old England!!!??? We have had these so-called iris/retina scans for months!! Go to a Nationwide bank in Halifax and wonder in awe as you put your eye up to a camera...
Simply Senzuri
to iris scanning available? I'm amazed that the computer can draw a match when the pupil (and the surrounding iris) can vary in size so much.
Would a stolen eye even work? I'm sure that they dehydrate fairly quickly, the normal blood pressure is gone, and the muscles that control the pupil are relaxed and fixed. Perhaps the technology should also do a little more work and ensure that the eye is warm and surrounded by a head (then they'd have to decapitate you quickly for your $50). Seem most likely that they'd still do what they do now, and just hang around the ATM till you get your cash, then strongarm it from you.
My question would be what about people with Hazel eyes? My eyes change from dark brown to bright green. The iris also expands/contracts to let more/less light in depending on the lighting in the area.
:P
I find this hard to believe that this is iris scanning. It probably scans the back of the retina (Which is like a fingerprint as no two peoples are the same.).
Most probably the reporter or the manager he interviewed didn't really know the technology and and replaced 'retina' for 'iris'. This wouldn't be the first time a reporter or manager has made a mistake reporting the facts from just total lack of knowledge. If we add a politician to the mix to support this technology that should complete the loop.
- Killjoy
The difference between dreams and reality, is in dreams you just haven't figured out how to get there yet.
Eyes + Camera == Very close to each other
Very close to each other == Pink Eye gets a new lease on life.
Can anybody say ASS Authentication
ASS + Camera == Smell but no Disease
Remember that scene in Demolition Man where Wesley Snipes escapes from the cryo-prison using the warden's eye? Not a pretty sight..
The thing is, does the average thief who would mug you for a couple hundred bucks know that stealing your eye would not work? I'd assume they would not.
I'm sure that there may be a few casulaties when the technology first comes out, but after this fallacy becomes common knowledge, most thieves would come to appreciate the facts of the matter.
Yea, well I wouldn't want to be one of the people the "stupid" muggers pull an eye from to try it. ;-)
Sort of like PIN Number (Personal Access Number Number) (Automated Teller Machine Machine)
ATM stands for "automatic teller machine". So
an ATM machine is an "automatic teller machine
machine." That's dumb. So's "PIN Number". Or
"VIN Number". Or "IBM Machines". Or "USA
America".
Apple, in there next OS release (Sonata), will include voice print technology to allow people to use their voice to log onto the system. Talk about ease of use! Here is a possible scenerio:
"Mac log me in" (your customized desktop appears)
"Mac open Netscape"
"Mac connect me to Slashdot"
You here without touching the keyboard.
-EJ-
There's actually something like that, only with fingerprints. It costs about $200 and it's a little scanner thing that sits on your desk. It looks out your computer, and presumably a password file, unless you have the right fingerprint. Of course, it's not taken off very well yet.
What's frightening is that someone will still try it. I imagine it will take some time for the criminally deranged to familiarize themselves with the security features of this technology. It will have to appear on those 'stupid criminal' reports a few times at least. "The suspect apparently assumed that if the eye scanning camera worked while the eye was in the socket, surely it work if the eye was out."
I am opposed to any sort of ATM security that prevents me from authorizing anyone I wish to withdraw money, do a deposit, etc. in my place. If I say it's OK for someone else to access my money, then it had better be OK with the machine. And having everyone I ever may wish to access my ATM get pre-retina-scanned by my bank is an unnaceptable option.
Since most people do not write down their ATM PIN codes anyway, I see no safer advantage with eye scanning.
How long until an eyeball can be kept "alive" connected to a gadget.
I think I'll keep my plastic card, and just hand it to the mugger.
I'd like assurance that my eye scans are not made available to ANYBODY. What is going to prevent them from making them available to employees or hackers or even law enforcement?
I really think the system sounds cool, but they had better have a VERY secure storage methodogy.
Which brings me to my thought... couldn't they store your "eyeprint" information encrypted in such a way that it would be impossible to reproduce your original iris "settings"?
When your iris is scaned at a later date would actually "unlock" (sorta like a PGP key) the "encrypted" iris picture and allow your transaction. Does that make sense? This system would actually prevent iris forgery of any sort.
Fingerprint are partly random, partly genetic. So identical twins don't have identical fingerprints, but their fingerprints would very similar.
Retinal patterns are random. From a previous post, so are iris patterns, and you can trigger an iris contraction to verify it's a living eye, which you can't do with a retinal pattern.
I've heard that a retinal scan can
tell if you are drunk or with child.....
So you think someone is going to cut off your head or cut out your eye to get some cash? That is just plain stupid. It'd be much easier to just take your cash after you withdraw it.
There are possible issues with this, but THIS is NOT one of them...
The don't write them down, but they do forget them. Seems like a complex solution when people could just remember their pin numbers.
If you don't like the pentium III id number I wouldn't recommend ever getting a network card either. They have unique ID's available to anyone via a network or the internet and it has been this way for as long as I can remember.
Maybe when hydrogen fusion becomes commonplace.
The ash can be used as a cheap source of helium for personal transortation.
--Walt
Besides, I've seen far too many of these with deliberate scratches all over the lucite cover or just covered over with spraypaint. Ditto for 'security' cameras on board busses.
heh
bad boys, bad boys, whatcha gonna do?, whatcha gonna do when they eyeball you...
How is the criminal supposed to know which bank you use, or if you have money in your account, etc?
so now i can get to her bank account right? =]
No one is going to rip your eye out when it would be a gazillion times easier to put a gun up to your head, or smash your face up against the scanner. I would think standing to the side out of camera view with a gun would look alot less supicious than walking up to an ATM with a dead eye in your hand.
Perhaps in this situation you go to the bank with your sister and add her to the 'authorized irises' for your account :-]
Of course as far as I remember there's both an iris and a PIN for the ATM.
Uhh..
Down with people who spend too much time on paranoid brainstorming!
I'd think there'd almost _have_ to be an alternative system available - there are, after all, people without eyes, or at least without usable ones. And given the legal climate in the USA, if they implement a system that isn't usable by everyone from one-armed acromegalic albinos to quadriplegic spastic achondroplastic dwarves, they're likely to get sued for "violating" someone's "civil rights".
What if, like me, you don't have anything recognizable as an iris ?
There's no such thing! ATM stands for Automated Teller Machine. an ATM machine would be an Atutomated Teller Machine Machine, which does not make sense... and don't go telling me how you use your "PIN Number" either...
I don't think people will be stealing eyeballs. More likely people will be setting up fake temporary ATMs, with iris scanners, and when someone tries to withdraw money it will scan their iris but refuse to give them money claiming an error. This has been done before with regular ATM cash machines to capture PIN numbers (whilst 'swallowing' the cards).
The thieves can then go to a regular cash machine, pull out the camera, crocodile-clip the camera nodes to a lap-top, and play the scanned sequence back direct to the internal reader. They can then withdraw as much cash as they want.
Now here is the real problem with biometrics. With the fake regular ATMs, the banks and police can put out a warning and those that realise they have been duped can quickly cancel their cards and get new ones sent to them. So how exactly can someone do this with an eye pattern that will remain with them for life?
Most iris scanning systems can tell if they're looking at a live eye or a dead one. Stealing an eye would be useless (although stupid muggers might try anyway).
BTW, re the title of the article, it's an iris scan, not a retinal scan.
----
Open mind, insert foot.
Excellent point
The problem with hashing it is any differences from the original would result in a completely different hash.
With an unhashed value, one can allow a certain level of variance (due to electronic noise, lighting and other Real World stuff).
Posted by Open Matrix:
For more information about the technology behind this click here to go to the Sensar website.
Posted by zann:
bioauthentication still has one flaw. consistancy. regardless of how many "charictaristics" there are, they all still boil down to 0s and 1s. to circumvent this kind of security, you will just need to be able to produce a standard, expected responce in a predetermined format. this could be done on the front end (the retinal scanner) or on the wire on the otherside of the scanner. i don not wish to say that a gauntlet has been dropped, but it is something to think about.
>What we need, and which may well happen within a few years, is a system like this for the desktop.
One magazine (PC Magazine?) did a review of thumb and voiceprint scanners. The best price/performance device, and one that they weren't able to circumvent via trickery, was the U.are.U fingerprint scanner, a ~$100 USB device. I'd love to have one, so simple even a small child can use it.
I tried websearching but couldn't find a homepage for it though.
Ooh, a sarcasm detector. Oh, that's a real useful invention.
Sperm? So if your girlfriend wanted to use your computer...
Gimme your eyes willingly or I gouge 'em out with this spoon!
Nah, the technology to remove an eye is ancient :)
Perhaps a password-style hash could be done, so that the actual retina information isn't stored?
OTOH, i simply presumed that they did this in the first place . . .
I know one of the people who work at
Sensar, and he indicated that the
scanner will reject dead eyes and the like.
Not direct contact, but closer than would be comfortable at your average ATM.
Banks already track your ATM movements using your ATM card and PIN. This doesn't make one iota of difference as far as the banks knowing where you are (or were). Chill out...
The only possible "privacy" concern I can think of is having an image of your iris available to your bank, which is personally something I could care less about, but some of the more paranoid on slashdot have loudly pointed this out.
Banks don't routinely give out things like your PIN, do they? I dunno, in MY bank, nobody even has access to that information. There ARE secure ways of storing things like this.
It's also quite possible that a PIN will still be required to make a withdrawal. (Though I suppose if they've found some way to get at ultra-secure information like your iris image from the bank, they could get your PIN too, but I've never in my life heard of a single case where a PIN was retrieved from a bank...)
If you experience some sort of permanent or semi-permanent change, you'd probably want to make a quick visit to your bank to refresh that biometric data.
Though, like the other poster mentioned, iris scanning probably won't be the only way you can access your funds from an ATM.
If you're wearing a contact lens designed to obscure the iris, naturally, iris recognition systems will fail to recognize your iris.
I doubt that this will be the only way to retrieve funds from your local ATM, however. There surely will be backup methods (like your traditional ATM card + PIN).
Hrm, the problem there is that an ATM can know (to some level of trustworthiness) that the data it's getting really is from an eye scanner.
If the data's coming off the net, who knows - it might be coming off a hard disk, grabbed from a sniffer, or anywhere....
If your password gets compromised, you can change it.... how do you change your eyes?
--
There's a funny thing about retina scans:
In mid-1980sh, it was discovered that AIDS virus does transfer with eye fluids. It was discovered when some major biometrics conference was under way. Noone at the conference agreed to test retina scanner, and that was the death of retina scanners.
for Data and Lore.
Good judgement comes from experience, and experience comes from bad judgement.
- W. Wriston, former Citibank CEO
won't work. Neither will a color copy of your face.
From what I remeber about these systems (Gata love the Discovery channel) they won't work if the eye is no longer attached to the user. The systems check to ensure that the eye is still "alive". (Small changes/fluctuations in the iris)
If someone mugs you and pokes out your eye the ATM will not authenticate it (the eye) because these changes will no longer occur. A picture won't work for the same reason.
The only way you can be mugged is either after you got the money out. Or haveing the mugger make you takout the cash at gun point at the cash machine. So nothing has really changed with the exception of not having to remeber a card and a pin number.
Ex-Nt-User
They didn't say how they tested that it works.. just that it does. I figure they did it with animals or something like that. (I know not a pleasant thought)
Ex-Nt-User
OpenLDAP isn't bad at all. Dig up the nss_ldap module and you can store anything that NSS would use in a LDAP directory. LDAP is great!
As a side note, how do these things work with people who wear contacts sometimes and glasses other times. Would they not be able to wear contacts while using the ATM because it would mess up the iris scan? Anyone who knows something about this would be helpful, I don't want to look forward to a life where I have to take out my contacts every time I want to get money.
My Slashdot account is old enough to drink...
Ugh, there's a lot of silly comments in here.
1) The thing requires the eye to be alive. Won't work with a goughed out eye anyway.
2) In comment to the guy talking about now someone will wait until you scan your eye and then shoot you or some such nonsense, WHERE ARE YOU LIVING? That happens all the time anyway.
This is so much more secure than an ATM card... the biggest valid problem I've heard with it was the fact that a parent doesn't have the option of telling their kid "go get me $40" or having a friend do it.
These, BTW, aren't anything new, its just the non-testing installation of it thats new. There've been a bunch of banks around the country doing it for a year or so on a testing basis, or at least so I remember reading last year.
Braile buttons or not, there's not very many ATM machines usable by the blind anyway.
I've never heard one voice prompt me...
I seem to recall reading last year that the visual range the scanners use is not the human-visible range, which is what miniaturized monitors display in.
I think they're into the near infared, so that the image remains contrasty with people whose eye color changes, etc...
Either way, I'd guess if you had a way to get a hires animated image of someone's eye, and fool the machine (which has to be looking for other facial items to even locate the eye -- you don't stick them in front of the camera with these), you're probably clever enough to steal the money from the bank in less easily-catchable ways than stealing from an ATM.
You do know that ATM machines photograph every transaction right? You're gonna look pretty silly holding the display over one of your eyes and hoping it'll work.
It also says an iris contains 266 points of information, a lot more than a fingerprint. Put that in your pipe and smoke it.
In short time, ye old peace pipe can route more than 266 points of information on thee iris! After a night on the town, it might refuse to hand over the dough!
How long will it take for iris roadside checkpoints to catch the drivers that have been hammered and stoned? "We saw your red eyes all the way down the block, step out of the car please!"
- The mugger must knock you out and steal your wallet. This risk is already present.
- The mugger must not immediately leave the scene of the crime, even though he's already got whatever cash and credit cards you were carrying.
- The mugger must now use his scalpel, forceps, grapefruit spoon, melon baller, or whatever else he's got handy to remove your eyeball from the socket and sever the optic nerve and muscles that hold it in place, all without puncturing the eyeball in the process (which would probably result in an unusable iris due to the influx of blood).
- You must not wake up during any of this.
- Because of the $300-per-day limit your bank undoubtedly has on ATM withdrawals, the mugger must now appear on security video at multiple ATM locations over several days holding a severed eyeball, or the whole endeavor is only mildly profitable given the risk. Additionally, the eyeball must maintain its appearance for quite some time with no hydration or blood supply. Formaldehyde may help here; I don't know.
Conclusion: scalpel gangs are not going to rule the streets anytime soon. I'd be more worried about the reliability of the hardware, and the fact that while you can change a PIN, you can't easily change your iris pattern.Dan Wineman
not retina scanning.
Yesterday it worked; today it is not working; Windows is like that...
Think about it - you've just eliminated the current ideal of compartmentalizing your proofs of identity (e.g. passwords, accounts, etc.) by having them all use a single key. Namely your eyeball, which will, sooner or later, not be all that useful once someone figures out how to spoof the scanner.
I'll stick with different passwords for everything important, thanks.
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
I can't imagine why anyone would even _think_ about having one's finger pricked for a drop of blood should be good enough for determining identity anyway.
That must be one of the most insecure ways of identification, except for the From field in e-mail messages or news articles.
If you believe that DNA is good enough to identify you, and at the same time think it is scary that virtually anybody can pick up the scraps of your own body you leave behind to _track_ you down, I'm really, really surprised that you can't connect the two to:
The same virtually anybodies can take those scraps of skin, hair, blood remains etc from your garbage, hotel room, car, whatever _and put it somewhere else_, pretending that you were there. But of course you weren't there, just some minor parts of you somebody else stole.
You don't have to see "Conspiracy Theory" and believe in it to think that these things can happen. They can happen because someone has thought about it, and because there tend to be people who abuse every new thing they can come across. That can be your everyday psychopathical specimen, it can be a super-secret government agency (for which government?), it can be organized crime, it can be a prankster, it could be an accident.
So don't go around trusting DNA to be of any help.
What are the alternatives, then, if you don't believe an iris or retina scan is good enough?
Well, you can apply some modern image recognition software. Today, it's possible to recognize a person from her facial features, even through physical changes such as minor injuries (swollen eye, fresh cut across the face, etc), with a precision similar to that of fingerprints (I honestly cannot remember which way is more sure, except for fingerprints having lots of "proven" technology behind it).
This makes it possible to recognize that person's most common facial expressions.
Take this one step further, into recognizing several facial expressions in succession (that is, the way your face changes).
Use cameras from several angles to make sure that it is a real person, and not some face superimposed on a dummy/robot.
Require that your voice is synchronized with (and matches) your facial movements when you say "I want to withdraw some money" (or whatever your not-so-secret passphrase is).
Feel free to combine this with some other method that can be performed simultaneously, such as measuring iris response to varying light level, blood pressure and pulse, perhaps even the fingerprint (but that can be faked more easily).
The bonus for the customer is that this would take less energy and time than remembering a PIN code and punching it in, and/or leaning towards a scanner to measure the exact retina, but would still be at least as secure.
The downer is that this technology has yet to be actually implemented, tested and "proven" in a real user environment, and that it'll probably be a bit expensive for the next five years or so, until technology catches up and becomes really cheap.
This doesn't prevent someone from threatening you or your family to force you to withdraw money, buy a Corvette or whatever, but what does? Maybe sometime in the future, we can actually determine for sure whether someone is under pressure for doing things, and that she shouldn't be doing it. I somehow doubt that, but we'll hopefully live to see.
Being someone who is confined to a wheelchair, I am curious as to where the camera is located. I assume that they are positioned for a standing person of average height, which would be impossible for me to get to.
I hope that they are providing an alternate way of identifing yourself. Like the old-fashioned ATM card with a PIN.
I doubt most people would want to subject themselves to a retina scan given the current state of the art. It requires the scanner to come into direct contact with the eye.
Actually, no.
I had a retinal photo the other day as part of my latest eye exam. The lens does get close-in, but it didn't touch my eye. It does shine a very bright linear light in, and the camera rotates from one side to the other (like a panoramic camera).
The afterimage of the light had very clear tracery of the retinal blood vessels in it.
-- Old Man Kensey
Something like NDS, but it won't do it any good until all the server apps are directory enabled.
... all this stuff needs to be directory enabled. This way one can log on once and have access to all the network resources that are directory-aware.
sendmail, imap, inn, nfs, lpd, apache
We do have Open LDAP but I find it a bitch to set up and use. Don't know much about the Open Group's DCE, it looks expensive.
I guess one could roll one's own (using PAM and such), but that is more work than most people care to do.
support gun control: take guns from cops
Everyone seems to be pointing this out. Can't imagine why. Anyway, I doubt most people would want to subject themselves to a retina scan given the current state of the art. It requires the scanner to come into direct contact with the eye. Not exactly my idea of a good time.
as someone who is not likely to have time to
see the movie, how did they do it?
DNA just wants to be free...
The person who sent in this link makes an excellent point... I wouldn't want to be mugged for my eyes. That's why I find it stupid to only have a single form of authentication. A PIN number or some other code should be used as well, to make eyes less attractive to would-be theives.
:)
1. something you HAVE
2. something you ARE
3. something you KNOW
/me shrugs.
having a PIN should be the customers option when he/she signs up for the account.
Incidentally, my eyes change color, as well. It's kinda fun. My eyes are brown or green or somewhere in between, depending on my mood.
A host is a host from coast to coast...
Unless it's down, or slow, or fails to POST!
I am sure that there are plenty of pretty high resolution photographs that show details of people's irises. For example, people on magazine covers. How difficult would it be to laser print one on an elastimer sheet, and distort the iris sections mechanically to simulate pupil contraction. A photocell here, a solinoid there, ia bit of circuitry, and boom, a photosenisitve facial fascimle.
Sure magazine could use photoshop or such to replace irises in pictures before publication, but what about the thousands of pictures already out there.
Irises are just too 'out-there' in plain sight. Its like walking around with your pin number tatooed on your face. Anyone with a telephoto camera could steal it.
-- 3 events that reshaped the world in the 20th century: WW1, WW2, and WWW
How do they get around the A.D.A.? (There
are Americans without eyes...)
-fb Everything not expressly forbidden is now mandatory.
Using biometrics on your desktop for securing network access is tempting but it is also very dangerous - there must be a secure path from the reader to the verifier. In the case of an ATM it is physically secured inside the ATM strongbox.
On a network it would have to be a combination of cryptographic authentication and a tamper-resistant reader (no such thing as tamperproof).
Without this it would be ridiculously easy to sniff your iris/finger/hand/face/voice print over the network and impersonate you.
The embedded cryptographic engine inside the tamper resistant reader would use a challenge-response algorithm to ensure that:
1. The scan comes from a real scanner
2. The scan has been performed in the last few seconds.
Without this, it is useless.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
Using biometrics on your desktop for securing network logins is tempting but it is also very dangerous - there must be a secure path from the reader to the verifier. In the case of an ATM it is physically secured inside the ATM strongbox.
On a network it would have to be a combination of cryptographic authentication and a tamper-resistant reader (no such thing as tamperproof).
Without this it would be ridiculously easy to sniff your iris/finger/hand/face/voice print over the network and impersonate you.
The embedded cryptographic engine inside the tamper resistant reader would use a challenge-response algorithm to enable the server to ensure that:
1. The scan comes from a real scanner
2. The scan has been performed in the last few seconds.
Without this, it is useless.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
First off this sounds very insecure. i work on computers 24/7 and i dont trust any computer outside my reach. I think they should implement a more secure method.
:).
My idea would be more like, when applying for the account they have a randomly generated 4096byte key genrated, this would be used to unlock you accound when it needs to be accessed to with draw from an ATM or else ware. Then they could use you iris as the encrypting key using somthing like RSA's RC5-64, or somthing better.
That way when you goto get some money from the ATM machine it just uses you IRIS to decrypt the key to unlock you account. no need to store you iris, execpt in your head
It just seems more secure that way, cause if some one did break into the banks computers, then they would be trying to decrypt keys for a long time, you will probly be dead and have passed you money on in your will befor it gets cracked.
-magister-
Sounds like it might be fairly trivial to get
somebody's retina scan - Don't know anything about
it but the article sounded like you just stand
there - does one have to put there eye up to
something like looking into a microscope to be
verified?
Chuck
try { do() || do_not(); } catch (JediException err) { yoda(err); }
hmmm still wonder if holding a fake eye up to it would work, cloned by, say, a portrait photographer.
Chuck
try { do() || do_not(); } catch (JediException err) { yoda(err); }
The inventor of this technology assures us that photographs of irises will not be distributed outside of the bank. But as we know, accidents (and outright negligence, and occasional criminal behavior) do happen.
It's easy to replace a stolen ATM card, and maybe even to get your ATM number changed. But what if your iris image gets stolen?? Once that cat is out of the bag, how can the bank ever trust your eyes again, and how can you ever prove that it wasn't you who withdrew $700 in Jamaica?
At the very least, they should incorporate a PIN number with this, to ensure that fraud doesn't occur. Even if they have your eyes, they can't get your money without a PIN. In my mind this would be the best solution all around: no card to lose, your eyes become immensely less valuable for a mugger, and if your iris photo is stolen, it only increases their chances of stealing your money to one in ten thousand. I'm not saying iris checking with PIN is crimeproof, but iris checking with no PIN is a rotten idea.
Finding God in a Dog
Some years ago (3 or 4 years), I was shown a tour of a highly secured U.S. Air Force base. There was some talk about some of the security measures. I never observed this particular one, but to enter certain areas, one had to stand in a small phone booth size compartment (so only one person could enter) and then would have to submit to a retinal scan before the person would be allowed through.
It was discovered, using these devices, that a woman's retina changes slightly during a pregnancy. I guess more than a few times the poor trapped woman trying to get into the secured area would set off the alarm and immediately be surrounded by armed security guards. Supposedly, this was how some women first learned they were pregnant.
I wonder if this is true for modern retinal scanners? Either that or your money is safe if your wife is pregnant.
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
Richard von Weizs
I'm actually sure if it was a retinal or an iris scan. If it was retinal, perhaps the iris scan is immune from changes during a pregnancy.
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
Richard von Weizs
I hate to be picky, but these machines scan the details of your iris (the color in your eyes around the pupil), not the retina (which requires, IIRC, bright light and a close-in lens).
Other-n-that, pretty darned cool. Though I'd still like to have a code of some sort (might be nice to have an "emergency" code that'd provide money, but call the cops, too...or something like that...)
No need to worry, even evil twin brothers have different fingerprints. Fingerprints are influenced by your development in the womb rather
than your genetics. (Warning this information was retrived from an unreliable source, my memory).
So you have a larger central light source that brightens and dims randomly. You have a series of LEDs around it's border. These LEDs turn on one at a time in a random fashion. The combination of these two random events, coupled with your iris's reponse to them should provide a pretty compelling security arrangement.
But I don't think that this is sufficient. It would be nice to have a brainwave recognition complement to the iris ID. When you are getting your iris scan, you think of something in particular and don't tell anyone. So your iris pattern is recognized in conjunction with how your eye responds to what you are thinking of, combined with the particular pattern of your brainwaves upon thinking of this something. Even if everyone thought of Sex with the same person in the same position in the same setting, etc., everyone would think of it in different ways, would have different brainwave patterns, and different iris reactions. It'd be interesting to see a spoof that circumvented this.
Work is for people who lack the imagination to play.
I dunno. Mug you afterwards?
pooptruck
If this doesn't get shot down, 10 years from now you won't have any cards, you'll just get your eye scanned everywhere. That gives crackers way more power, because once the system is breached your whole identity can be stolen. If someone steals your drivers license, you can get a new one and invalidate the old. If someone replaces your iris scan with thier own, how do you prove you were ever you?
Besides which, are PIN's really that insecure? The people who get thier accounts raided are the ones SMRT enough to write it on the card, or use 1111. Do we really need to give away all our privacy to protect morons from themselves?
Bite the hand.
One of the primary tenents of a good auth system is revocation. The system will eventually be hacked, count on it; and when it is, how does the unfortunate viction go about getting a new "password".
A pithy quotation of someone I've never met.
Wasn't this already tried in the UK? I'm sure one of the banks over here ran a trial with a few machines. It was very popular IIRC. People loved being able to do without their cards.
My Journal
I'm curious as to how crooks/con artists are going to try and bypass this kind of security. Maybe we'll see a black market pop up for glass eyes that are replicas of legitimate bank customers' eyes. :-)
Seems to me that all one must do is get a high resolution photograph of someone elses irises and print these out to the aprox real size onto contact lenses. There's many methods by which this could be done.
I've even seen some movies in which spies were protrayed using such a method to defeat iris security. So it's certainly not a new idea, but one most people wouldn't think of.
Wonder how they will prevent people from bypassing IRIS security via this method?? I bet they really can't unless they also still require a PIN...but then what's the point of the whole IRIS scanning thing if one still needs a PIN anyways?? DUMB!!
Ron Bennett
Yes, I'd feel very safe with a voice prompt like...
"Enter YES to verify $1000 withdrawal"
Eh?
that's how a retina scan would be; iris scans just use a regular video image of the front of your eye, so really you're only limited to the quality of the image that a video camera can produce at distance. i think that current systems can recognize you at a distance of a foot or so.
-- in china, chinese food is just called food.
if the system was looking for pupillatory oscillations it wouldn't find them, unless you were playing high-resolution video of a real eyeball. if it was generating different light levels and observing the response of the iris, the static / prerecorded video image wouldn't be up to par.
and if you were smart enough to develop an interactive, real-time, high-resolution, realistic computer-generated iris image that can behave just like a real eye and respond instantaneously to external stimuli, why the fuck would you waste your time trying to get fifty bucks out of an ATM?
-- in china, chinese food is just called food.
the human pupil naturally oscillates and responds to changes in light level; a particularly secure iris recognition system could make use of this by, for example, providing a variable light source over the course of a few seconds to ensure that the iris is 'live' and not somehow simulated.
this is similar to the capabilities of that desktop face-recognition software that was going around a couple years ago - you could put it in a mode where it asked you to blink or smile or something during the recognition process. a bit less convenient but a bit more secure.
http://www.iriscan.com/ has some good information about iris scanning, particularly this page.
-- in china, chinese food is just called food.
Except thumbscanning sucks when you have an evil twin brother. I think irises are supposed to be different between twins.
And me? I'm for all deniability a person can get!
Blar.
What's MORE frightening is that five years from now everyone will be getting email chain letters that talk about some guy who goes to a party, gets a drink, and wakes up in a bathtub full of ice without his eyeballs.
-Chris
The story I saw on channel 4 was funny. They said this technology was only seen in the movies... I saw this about a couple months ago in Electronics Now.. But the military uses retna scanning on classified project and has been using that technology since the early 80's.
"Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
I ate my tag line.
-=Ellis (D)25=-
I saw a thumb-scanner for using to access computers at Fry Electronics.
"Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
I ate my tag line.
-=Ellis (D)25=-
What about having both?? =>
"Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
I ate my tag line.
-=Ellis (D)25=-
find out that? Did they have a live person test it, then kill them and take his eye?
"Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
I ate my tag line.
-=Ellis (D)25=-
It could be worse.. Blood dna match.. Or Sperm style system.. Haha..
"Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
I ate my tag line.
-=Ellis (D)25=-
Nope..Just Worms and frogs.. => I made the statement to be a smart ass..
"Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
I ate my tag line.
-=Ellis (D)25=-
It's funny that the article mentions James Bond and says how this technology is like out of those movies. Well does any one remember that James Bond movie (I forget the name) when the bad guys remove someone's eye and surgically place into someone else's socket to unlock the iris reading lock.? I would think that today's medicine is not too far from being able to do this (if not already). Not that you'd do this to get money from ATM but if this technology becomes pervasive for other more important things...
Call me backwards, but I don't buy it. Reading Hackernews on a daily basis makes me suspicious about statements like this. I wonder how hard it would be to make a 'replica eye' or some such. I think I'll stick to my ATM for now, thanks.
-- 'As it all washes away you know -- as it all is one, no one is alone.' -Cosmic Disorder
I believe that very small very high-rez displays are already available (to be used behind a magnifying glass in e.g. PDAs and cell phones). Make appropriate software to drive it and you probably (IMHO, I'm not even close to an expert) fool at least some of the iris scanning systems.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
The standard problem with the biometric systems: what happens if your body changes? What if I got conjuctivitis (eye inflammation)? or something happened to my brow and I have to have my eye bandaged? or I developed a temporary light sensitivity and have to wear a patch today? What about colored contact lenses?
The idea is good, but I'd like to have an alternative system available as well.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
What about contact lenses, especially the colored ones that cover up the iris? Will the blind, or those with otherwise funky eyes, have some alternate way to get cash from these machines? (I didn't see anything on the page about this.)
If these things were cheap, they'd make sweet peripherals. No chance of people finding out your password when all passwords are replaced by eye scans.
"Whatever happened to fair use?"
-- Duff-Man
This is already fairly common with regular ATM cards. The robber takes the victim to the nearest ATM machine and forces the victim to withdraw cash.
But we're making their lives even easier now...
I know there are only 3 such ATMs yet... But
we are talking about the future - where presumable this would replace the current card model.
Do you only use your ATM card at your own bank??? I can use my Bank card (which is a Visa logo on it) pretty any ATM in the world. I have yet to find an ATM in the U.S. that won't take it, and so far I have also used it in Belgium, France, UK, Italy, Taiwan, Japan and Hong-Kong (I know I am missing a few country, but you get the point)...
In the hypothetical case where the Iris-thing becomes the worldwide standard on ATM (where are many many years away from that) a thief would just have to wait around an ATM, grab any random person (whether that person was just passing by, or actually intended to use the ATM is irrelevant - pretty much every living person in the western world has a bank account and an ATM card of some sort), force him to look in the camera to widthraw his cash.
It will be extremely easy to steal money.
As I said, the iris thing is definetely convienient (no need to remember to bring a card or remember a code), but as far as safety, i am not comfortable with it. At least not without a secret code of some sort in conjunction with it.
even if it did affected the iris scan, who cares - just go to your bank and get another picture taken. not like you're gonna get laser surgery every week or anything
here is the scenario i am imagining...
Think about it! at least with a card or a pin, if you don't carry the card with you, there is nothing the criminal can do. And if you do carry it with you(I suspect most of us do), at least you have the option not to give the pin. or give a wrong pin, or something! With the eye thing, you can't leaves your eyes home, and you can't lie. Seems like a criminals' perfect situation.
Well there are many way one could easly set up a secure connection for sending the password.. Or even create somelike like a public key where its password is your eyescan. That way the server could send you random characters you could then digitally sign those caracters with your scan then send it back where it can be verified with your public key. Or something crazy like that that way both your private key and your retna would have to be stolen to break your security.. The private key could easily be changed if there is a break. And it could be carried around on a smart card.
The number of passwords that a busy Net user (like me) has to remember is getting silly. I have a system for passwords which works most of the time, but I'd much rather get rid of the silly things.
What we need, and which may well happen within a few years, is a system like this for the desktop. It might work something like this: you'd run an iris scan server on each machine on the network. When authenication is required, the remote host connects to your iris scan server which gets the little camera mounted on your monitor to ID you using your iris pattern and send the data back just like a password.
Heh, this means that breaking ATM security will :-)
be easier than ever. Just catch some assh*le. Take
of his eye with a fork and go to ATM to collect your well earned money
While this sounds cool, I do have one question about it. If your picture isn't released outside the bank and you don't have a ATM card and PIN then you couldn't use other banks ATMs even if they had eye scanners. Also at the moment you can't the this any on the other point of sale location that you can use an ATM card, like a gas station. You would be stuck using only the couple of eye-scanning ATMs at your banks' locations.
Currently I guess you would also need a normal ATM card and memorized PIN for times when you couldn't use your own banks ATMs, so it is more of a cute tech than anything really useful.
- Jon
I happen to have a copy of the "Proceedings of the IEEE", Sept 97 (vol 85, no. 9) edition on my desktop. It's a special issue on Automated Biometrics. The first paper is on Iris Recognition (the technology used here, not retina scans as the poster suggested). Some quotes from it might help clarify some of the issues raised here.
Addressing uniqueness of irises "Claims that the structure of the iris is unique to an individual and is stable with age comes from two main sources. The first source of evidence is clinical observations. During the course of examining large numbers of eyes, opthamologists and anatomists have noted that the detailed pattern of an iris, even the left and right iris of a single person, seems to be highly distinctive. Further in cases with repeated observations, the patterns seem to vary little, at least past childhood. The second source of evidence is developmental biology. There, one finds that while the general structure of the iris is genetically determined, the particulars of its minutiae are critically dependent on circumstances (e.g. the initial conditions in the embryonic precursor to the iris)." Note: this should even prevent people from cloning eyeballs from someone's DNA. Addressing using an eye plucked out of someone's head, or using a dead body's eye "Due to the complex interplay of the iris' muscles, the diameter of the pupil is in a constant state of small oscillation. Potentially, this movement could be monitored to make sure that a live specimen is being evaluated. Further, since the iris reacts very quickly to changes in impinging illumination (e.g., on the order of hundreds of milliseconds for contraction), monitoring the reaction to a controlled illuminant could provide similar evidence." Regarding having to put your eye up to an eyepiece "The Daugman system captures images with the iris diameter typically between 100 and 200 pixels from a distance of 15-46 cm using a 330-mm lens. Similarly the Wildes et al. system images the iris with approximately 256 pixels across the diameter from 20cm using an 80-mm lens." Regarding glasses / contacts "Further, by careful positioning of the light source below the operator, reflections of the point source off eyeglasses can be avoided in the imaged iris." Regarding eye color / colored contacts "Further, both systems essentially eschew color information in their use of monochrome cameras with 8-b gray-level resolution. Presumably, color information could provide additional discriminatory power."I happen to have a copy of the "Proceedings of the IEEE", Sept 97 (vol 85, no. 9) edition on my desktop. It's a special issue on Automated Biometrics. The first paper is on Iris Recognition (the technology used here, not retina scans as the poster suggested). Some quotes from it might help clarify some of the issues raised here.
Addressing uniqueness of irises
Addressing using an eye plucked out of someone's head, or using a dead body's eye
Regarding having to put your eye up to an eyepiece
Regarding glasses / contacts
Regarding eye color / colored contacts
Just the other week I happened to be looking through the Sept. 1997 "Proceedings of the IEEE", which was a special issue on Automated Biometric Systems.
They mention that it is possible to tell whether the eye is alive or not:
This article even mentions Never Say Never Again as a way iris recognition came to popular attention. My guess is that people who have worked on iris recognition are familliar with its use in movies and books and have tried to overcome potential deficiencies that have been suggested there.
So if these guys did their homework you won't have to worry about being mugged for your eyes.
Q: isnt it bad to use bodypart identification as security - once your eye/finger/... is compromised once, youre insecure for LIFE --? corect?
-- your knees hurt, don't they?
I'm not worried about people being able to spoof my eyeball, but I don't like the idea of a bank recording a unique physical characteristic. I don't let anyone fingerprint me. I don't give out my SSN just because someone asks for it. So I'll be danged if I'm going to let someone record the characteristics of my iris.
This is a slippery slope, folks. PINs are a pain, but they at least are optional.
Hate to be picky, but Simon Felix didn't use the warden's eye to get his money, but instead to get out of the corrections facility.
:-)
At least it tracked just a computer around the Internet. This tracks you! Not an employee who checked out the company laptop after you or your brother who borrowed it. Also, this is like having one user id and password for all your accounts. When someone figures out how to spoof it, look out. Melissa is a warning about monoculture systems. Bio-diversity and techo-diversity make for more robust systems.
I don't know if it would work...but couldn't you just vary the brightness of a light to see if the pupil even reacts to to it? I would think that making the iris move appropriately for a dead eye would be a bigger pain than its worth ;-)
Ok, so I knew this girl whose iris-color changes according to her mood. She had brilliant blue eyes when feeling normal, but when excited or very relaxed, would turn an amazing shade of green.
Also, how does it handle pupil dilation (iris contraction)?
Plus, I understand that someone who smokes pot regularly will get a sort of tan "flare" to the iris around the pupil.
How do they take into account such things?
Anybody know if getting your eyes lasered to correct poor vision would affect this? I would guess not, since AFAIK the laser only vaporizes part of the cornea, which is transparent, but I'm no opthamologist. Plus, this might be a way to spoof it if a sufficiently advanced technique for modifying the iris (dye injection, combined with various color lasers at absorption spectra of the dye, to repaint the patterns) were ever developed (I'm sure NSA/CIA/etc. are working on it now.... ;-).
#include "disclaim.h"
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
The article says the machines use pictures of the iris, not the retina.
Molly.
Sometimes I am very relieved to live in backwards old England... it'll be 20 years til that technology gets implemented here.
I was relieved to see that many slashdotters quickly grokked the difference between iris scanning and retinal scanning but alarmed at many totally clueless misconceptions about what goes where in eye-land. C'mon folks, this is the kind of uninformed blathering for which we love to bash the non-geek world. If it's not worth the effort to get the facts before posting, it's not worth the rest of our eyeball-time for reading. At the risk of slashdotting this great site, check out the interactive cow's eye dissection at the San Francisco Exploratorium (URL deleted to slow down the slashdot effect). As a bonus, here's an experiment to impress you about the amazing active control of the eye: Stand in front of a mirror close enough to see the patterns in your iris. Now, tip your head slowly left and right and watch what happens to the eyeball. Tres Cool, I think. I knew all those years in med school must've been good for something.
Biology class? Our room had about 30 so I think a comp company can scrounge up a few for testing.
Live Cows are not all that hard to find either.
RB
ATM's are hooked to the branches computer which in turn, is hooked up to the banks main computer. That computer at the central location, is hooked into the PULSE, MAC, Cirrus, or similar system. Those groups already know your bank and account numbers along with the pin.
You slide the card in, punch the pin, do your transaction, the ATM goes up the chain where the clearing house to verify if all the numbers add up (Correct Pin, Acct, balance..). If yes, the money gets dispensed and the transaction gets recorded. The only thing that changes is instead of the card activating that, the encoded scan gets fed into the data stream.
RB
An iris scan, not a retina scan, so for this to work, we've got to stick our eye up against some camera, while we have a really bright light shone directly into it so that it can check our iris?
Sounds to me like that would hurt, a lot. Don't mind me, I'm just light sensitive.
Then again, what about people that have cataracts? Are they not going to be able to use those ATM's or are they still going to have to carry around a card and remember a PIN? Dear me, what's the next step to get around this, DNA scanners? Sounds like Gataga now *shiver*
Course to use a DNA scanner we'd be needing some source of DNA... they would probably want blood. There is now way that I'm walking up to a machine to get my finger pricked just so I can take money out. I'd rather carry a card and remember a PIN.
-tykeal-
Just cause I wanna
This technology could easily die on the vine due to the "Hindenberg" effect. Dirigibles (sp?) and Hydrogen as a power source were effectively killed, or at least seriously damaged by the crash of the Hindenberg. Despite the fact that helium-based dirigibles should be totally safe from the accident that happened to the Hindenberg, and that advances in Hydrogen -absorbing and -releasing alloys that render it basically safe have shown promise of making hydrogen safe for awhile.
Regardless of whether or not stealing an eyeball would actually work, the various published forms of "Stupid Criminal Tricks" convinces me that someone will try it. The first time that happens, our wonderful sensationalist media will probably scare everyone away from the technology forever.
Maybe PIN's in addition to iris-recognition will keep this from happening.
Don't believe me? Try wearing a trench coat to your local high school.
:-) couldn't resist. Automatic Banking Machines. I remember that from when I was a kid, now they're all ATMs. Or maybe it's just an American/Canadian thing? :-) I worry about the language barrier sometimes, eh? ;-) ;-)
If I was an evil genius who could hack together a device that would spoof the ATMs, no, I wouldn't waste my time trying to get fifty bucks out of one. I'd sell them on the black market to gansters, drug kingpins, and other criminals with street-level organizations, and let them worry about the actual thefts.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Eye i.d.,I see.If feminine changes to eyecolor are easily accomplished with lenses,how long before this innovation gets outfoxed?A breathalizer might work.
icey
Is this technology based on any open standards like Interac? If several banks start implementing iris scanners, will people be able to use a different brand of bank machine? And if so - doesn't that make the whole thing even more insecure? ;)
# Tech Knight #
The technology used for DNA matching is not fast enough or cheap enough for use in applications like ATM machines.
As far as needing blood to run a sample goes, them days are long over. I hate to sound like a conspiracy nut, but I am becoming uneasy about how powerful PCR technology is getting. These days DNA can be analyzed from samples as small as a couple dozen cells. The upshot of that you are leaving a trail of DNA breadcrumbs everywhere you go (mostly from the skin cells that are shed constantly).
Short of wrapping yourself in tyvek suit, there is really no way of preventing someone determined enough to do it from tracking your every move. With prosecutors like the diligent Mr. Starr on the loose, I find that to be an unpleasant thought.
...disciplining the ronkeys since 3/2000...
In addition to the problems mentioned by others (like changing irises &c), this is bad news because it either reduces interoperability or kills privacy. If I want to use an ATM of another bank, I will not be able to use this iris sacn thing since only my bank has it, or, if they share the DBs, the privacy essentially disappears.
This is scary - remember the part in Demolition Man when an eye was removed in order to get access to an ATM?
d =2559539149-e10
This article didn't indicate whether or not a dead eye could still be read.
There's more info at the following news blurb from infobeat:
http://www.infobeat.com/stories/cgi/story.cgi?i