Free Enterprise Staff  | October 24, 2016

The Password of the Future? Your Eye Holds The Key

Anyone with a newer version of the iPhone is familiar with the biometric technology that allows the owner to unlock the phone using his or her fingerprint. Yet a Kansas-based startup is one-upping that technology with its own version of biometric authentication, one that involves the human eye.

Kansas-based EyeVerify was founded by Toby Rush, a serial entrepreneur, who crossed paths with Dr. Reza Derakshani at the University of Missouri-Kansas City in 2011. As Rush tells it, it was a classic entrepreneur meet professor moment. “One day somebody told me about a professor who was doing really cool things with images and eyes,” he says.

“He was literally taking pictures of eyes to create what we call today the Eyeprint. He was essentially doing a biometric match by using regular cameras. I thought the concept was really cool. But at the time, they were really focused on airports, border crossings, and traditional immigration or government-based surveillance types of use-cases. But those are really tough markets to break into. I thought to myself how powerful this could be if we could do this on a smartphone.”

EyeVerify’s technology can recognize a user in roughly a second.

EyeVerify’s technology can recognize a user in roughly a second.

Rush was so taken with the concept and the research that he funded a proof-of-concept study to prove that the fledgling technology could be used in different kinds of business applications on mobile devices. “Coming out of that, I was pretty encouraged, so we decided to launch a company,” recalls Rush. “I was confident that we had something pretty strong to stand on to begin with, and that was really the genesis.”

Fast-forward to 2012, and Rush officially founded EyeVerify, which builds on the nascent technology pioneered in Dr. Derakhshani’s lab dating back to 2006. After experiencing solid growth for its first few years of existence, the company has really taken off thanks to the introduction of Apple’s biometric touch technology, and the growing emphasis on enterprise Cybersecurity measures—especially in the wake of the Sony hack, Apple’s celebrity photo scandal, and Snowden, Rush points out.

We recently sat down with Rush to discuss his company, the technology it’s based on, and what’s in store looking forward.

Describe how the technology works.

The simple one-liner is that we’re using your selfie camera to turn a picture of your eye into a key that protects your digital life. We do that with the eye print, which is a map of the eye vessels in the whites of your eyes. When you take a selfie, we’re able to use those images, extract these very unique biometric features, do pattern-matching, and then generate a key that’s the equivalent of a 50-character complex password.

How has the technology progressed since you first learned about it in 2011?

We have moved light years from where we used to be when we started the company—this was before Apple came out with Touch ID—so it was before any biometrics were on the phone.
When we first imagined it, we assumed that users wouldn’t mind glancing to the side, which then exposes more of the whites of the eyes, giving us enough information to do the pattern match. However, when Apple came out with Touch ID, they really raised the bar of what people expected in terms of user convenience. Even though we made that work really well, we had to start a new development cycle. So, instead of glancing sideways, we’re now able to take an image when a user just looks straight ahead—which is something we spent a lot of time on to make that possible. That’s something we’ve got working over the past four to six months, and things have been taking off since we crossed that usability hurdle.

How long does it take for a user to set up the technology?

One of the cool things about software is that we don’t require additional hardware to work. It takes about 20-30 seconds to enroll the first time, and during verification it’s less than one second to determine if the person is a match. The way the system works is that it looks at one eye, and if it’s a good enough match it’s done. If it’s not, then it looks at the other. If that’s not good enough, it uses both. So, we use whatever we can.

How is the service being used?

It really depends on how people implement it. Our core focus as a company is our biometric authenticator. A lot of folks have implemented it so that if the biometric fails you can fall back to the password. We’re a software development kit, so they can integrate and configure it in a lot of different ways. Some folks are using it as a step-up authentication, as well as a two-step authentication. Some people also just use it as a single layer of protection and replacing the password.

Because it’s a software solution, EyeVerify is easily deployed, says Toby Rush, its founder and CEO.

Because it’s a software solution, EyeVerify is easily deployed, says Toby Rush, its founder and CEO.

What’s your customer base like?

Initially we were used solely for enterprise. We’re getting a lot of traction now with mobile banking, so consumer-facing industries like mobile payments, which is where we’re also getting a lot of interest—doing payments with your phone using biometrics. We also have a couple of smartphone manufacturers who will be applying us on their devices as a screen unlock.

Has your location helped in terms of building your business?

Absolutely. It has been great having the University of Missouri-Kansas City as a partner for us to work with, for starters. And, you know, having a bunch of other startups around makes it easier to find talent and collaborate, not to mention a lot of other things you wouldn’t necessarily think about.

What’s the biggest challenge you face moving forward?

For us, it’s honestly that the biometric market is moving so fast that we’re focused on keeping up with it. Can we have enough resources to make sure we stay as a leading contender for eye-based biometrics? There’s going to be two kinds of biometrics on mobile: One is the finger, and the other is the eye. And we want to win the eye-based biometric.