: The Eye Lies"> Biometric applications that make use for access control purposes of individual features of a persons eyes, such as those of his or her retina or iris, are somewhat tainted by their cliché association with secret service activities in high-security bunkers. Even though a handy iris scanner for the home already exists: Panasonics Authenticam BM-ET100, which with its separately operating webcam is not much lager than a pocket-size edition of Shakespeares sonnets. The bottom section of the scanners casing contains three infrared light sources. The two outer and somewhat weaker ones illuminate the iris while the user adjusts his or her distance to the device. When the user gazes straight into the camera from a distance of about half a meter (48 to 53 cm), a mark detectable in the opening of the lens changes from orange to green, at the same time the infrared light source in the middle begins to shine brightly and a sufficiently high quality picture of the iris is taken by the camera. At first the Authenticam presented us with quite a challenge. During our first attempts at trickery we offered digitally-shot iris images via the notebook display as well as via a head-mounted display (HMD) to the black and white video camera of the scanner; owing to the too intense reflection of light on the displays without success, however. Due to the overexposure that resulted, the system was also unable to recognize the features of iris images that had been printed on normal paper.It quickly became apparent that this would be the way to success. As an opening to its calculations the PrivateID software by Iridian that comes with the device requires the in-depth aperture of the pupil, upon the center of which it bases its computations of the iris. By doing the deed we had at least initiated the taking of images by the system. The only thing that was still missing was a printed picture of an iris with an appropriate degree of quality. Hence we presented to the Authenticam a digital image of a human eye that had been sprayed onto mat inkjet paper with a resolution of 2400 x 1200 dpi and into which we had previously cut a miniature hole. This was enough to overcome Authenticams resistance: We were granted access to the system under the assumed identity of Master False Eye. It was also possible to enroll with the aid of the artificial eye. From that point onwards anyone in possession of the eye pattern was able to log on to the system. Moreover, the person whose eye had been used to create the pattern was also able to acquire authentication in relation to the picture-generated reference data set with his own live iris. Panasonic, on account of these results, as was to be expected, proved to be not amused. We were told that the product made available to us for our tests was a prototype which would be redesigned prior to its introduction to the German market. As the system has been marketed in the USA for some time now, we suspect that without our tests no such redesigning would have been contemplated. It has to be said in favor of the iris scanner, however, that under real life conditions it would not be easy to obtain iris images of authorized persons. With such images at ones disposal, however, creating a deceptive eye-patch can no longer be thought of as much of a problem as high resolution inkjet printers and mat paper cannot today be considered high-tech equipment.
What was interesting, though, was that all iris images taken by the system showed a bright spot in the middle of the pupil. This fact gave us the idea that - besides fulfilling the requirement of acquiring a green light by the system - we might in our next attempt at outwitting it show the systems camera human digital iris images printed on paper that had a small hole cut into the middle and behind which were placed the hidden pupils of actual human beings. A sight for sore eyes perhaps, but very effective: achieving authentication with someone elses iris by hiding your own pupil behind it.