Authors: Kenrick Mock, Bogdan Hoanca, Justin Weaver, Mikal Milton
The majority of today’s authentication systems, including password and fingerprint scanners, are based on one-time, static authentication methods. A continuous, real-time authentication system opens up the possibility for greater security, but such a system must be unobtrusive and secure. In this work we studied whether a commercial eye tracker can be used for unobtrusive, continuous, real-time user authentication via iris recognition. In a user study, all 37 participants could be authenticated with 11% equal error rate (EER). For 14 of the 37 users, iris occlusion was sufficiently small to authenticate with 9% EER. When classified using a k-nearest neighbors algorithm and only the right iris, the same data set allowed 100% accuracy for k = 3. Although these error rates are too high for standalone use, iris recognition via an eye tracker might enable real-time continuous authentication when combined with other more reliable authentication means (e.g., a password). As eye trackers become widely available their capabilities for multiple factor, continuous authentication will become compelling.