Future Apple biometric security may include scanning veins in a user's face

Posted:
in General Discussion edited May 15
Apple's Face ID could become even more secure in the future, after the revelation the iPhone X producer has explored the possibility of scanning the pattern of veins in a user's face as another form of biometric authentication, one that could potentially tell identical twins apart.

iPhone X Face ID TrueDepth biometric security


The U.S. Patent and Trademark Office published a patent on Tuesday called "Vein imaging using detection of pulsed radiation," granted to Apple. First applied for on November 12, 2015, the patent describes the use of an infrared emitter and a receiver that can detect blood vessel patterns below the surface of the skin.

The system consists of an optical transmitter that emits multiple pulses of infrared light towards an area of the user's body, such as a hand or a face. The infrared light can pass through the skin and reflect off the user's veins, with returning light received by an image capturing device capable of accepting IR light.

The data generated by the reflected IR light is then processed to generate an image of the blood vessels within the defined area. Based on the time-of-flight of the pulses, this technique could also be used to generate a three-dimensional map of the body surface.

patent apple vein ID authentication


In the patent, Apple notes existing vein-based authentication systems for hands are considered to be very accurate "due to the complexity of the vein patterns in the hand." As said vein patterns are internal to the body, it would be extremely difficult for someone to produce a usable counterfeit, especially when used alongside other biometric systems.

As vein imaging is also contactless, it also "alleviates hygienic concerns" associated with other systems that use fingerprints or handprints.

While Apple does discuss vein authentication in relation to hands, the patent also indicates the possibility of using it in other areas. Supplied prior art images include photographs of a person's face, while a diagram of the system shows it being used on an illustration of a face.

Vein-based authentication would potentially help Face ID from solving its "twin problem" if the two systems were used together. Face ID's facial map creation is thought to have a one-in-a-million false positive rate, with Apple itself suggesting there could be issues with identical twins or family members that are visually similar to each other.

As the structure of veins in the face differ from person to person, even between twins, such a system would help minimize these false positive instances further.

A requirement to read veins in a face would also make attempts to fool Face ID with a mask close to impossible, due to the need to replicate the target user's blood vessels.

The inventors of the patent are listed as Andrew T, Herrington, Jawad Nawasra, and Scott T. Smith.

Apple regularly applies for patents, filing ideas with the USPTO tens or hundreds of times a week, and in many cases the firm does not attempt to commercialize the described idea. As a result, there is no guarantee aspects of applied or granted patents will make an appearance in future Apple products or services.

Due to the emitter and receiver system used in the TrueDepth camera array in the iPhone X, the addition of two more sensors or the repurposing of existing components to implement vein-based authentication does seem to be a plausible addition to a future Apple product.
«1

Comments

  • Reply 1 of 22
    edrededred Posts: 48member
    Vampire Vision ID  ;)
    MplsPwatto_cobraGeorgeBMac
  • Reply 2 of 22
    radarthekatradarthekat Posts: 2,337moderator
    Law enforcement attempts to unlock the iPhone were in vain.  

    Hmm, nope, joke doesn’t work. 


    Rayz2016blastdoorlolliverwatto_cobraGeorgeBMacjony0
  • Reply 3 of 22
    When? When calm or upset? Are you sure these will be face veins?
  • Reply 4 of 22
    78Bandit78Bandit Posts: 167member
    Does it throw an error and then look for the vein bulging in your forehead out of frustration?
  • Reply 5 of 22
    blastdoorblastdoor Posts: 1,807member
    Pfft. Wake me when they have a soul scanner. 
    radarthekatwatto_cobra
  • Reply 6 of 22
    MplsPMplsP Posts: 436member
    Law enforcement attempts to unlock the iPhone were in vain.  

    Hmm, nope, joke doesn’t work. 


    Careful - you’ll get yourself banned with posts like those!
    watto_cobra
  • Reply 7 of 22
    SoliSoli Posts: 7,098member
    I'm reminded of when people found out that they could use their penis to authenticate with Touch ID. It looks like Face ID will allow that again in the future.
    watto_cobra
  • Reply 8 of 22
    quinneyquinney Posts: 2,501member
    blastdoor said:
    Pfft. Wake me when they have a soul scanner. 
    I don't think that would work.  How would it distinguish between the many people with null souls?
    watto_cobra
  • Reply 9 of 22
    kimberlykimberly Posts: 81member
    Soli said:
    I'm reminded of when people found out that they could use their penis to authenticate with Touch ID. It looks like Face ID will allow that again in the future.
     :D so that's what the guy on the train was doing :D
    fastasleeplolliverwatto_cobra
  • Reply 10 of 22
    kimberlykimberly Posts: 81member
    78Bandit said:
    Does it throw an error and then look for the vein bulging in your forehead out of frustration?
    Of course.  Stops you sending that email you instantly regret.  :D
    fastasleepradarthekatwatto_cobra
  • Reply 11 of 22
    fastasleepfastasleep Posts: 1,295member
    When? When calm or upset? Are you sure these will be face veins?
    It’s not like your veins change locations based on your mood. The illustration literally has a face in it, but it does mention hands. Did you even read the article or look at the picture?
    watto_cobra
  • Reply 12 of 22
    M68000M68000 Posts: 2member
    Let's just hope that this face-id stuff is physically safe for eyes and skin over the long term.   I know that infrared light is all around us everyday and is invisible and different levels of it...  But,  I'm not thrilled with the idea of a phone directly beaming it into my eyes and face over and over many times a day.   Have tried to do research on this and can't get to the bottom of it yet...  Personally,  i have no interest in face-id anyway so I went with the iPhone 8.
  • Reply 13 of 22
    mac_dogmac_dog Posts: 530member
    blastdoor said:
    Pfft. Wake me when they have a soul scanner. 
    FAIL:  A majority of users would return—then deman—new ones, claiming they were malfunctioning due to their inability to unlock.
    watto_cobra
  • Reply 14 of 22
    GeorgeBMacGeorgeBMac Posts: 2,112member
    Personally, I would like to see Apple provide the option of replacing both touchid and FaceId with the Apple Watch.   If its on your wrist, the phone unlocks when you raise it.   No touching it.  No looking at it....

    The Apple Watch is already secure enough to enable ApplePay without any unlocking.  Even without a phone present, you simply get it near the scanner and BLIP! -- the payment is complete.

    Most people with Apple Watches wear them all day every day.   This would  be a great enhancement.
  • Reply 15 of 22
    SoliSoli Posts: 7,098member
    Personally, I would like to see Apple provide the option of replacing both touchid and FaceId with the Apple Watch.   If its on your wrist, the phone unlocks when you raise it.   No touching it.  No looking at it....

    The Apple Watch is already secure enough to enable ApplePay without any unlocking.  Even without a phone present, you simply get it near the scanner and BLIP! -- the payment is complete.

    Most people with Apple Watches wear them all day every day.   This would  be a great enhancement.
    1) I'm confused by your statement. Your Apple Watch has to be unlocked for Apple Pay to be accessible. Same fro your iPhone. In all cases, the device that contains the Apple Pay data requires that the PIN or passcode to have been authenticated, that a certain time hasn't passed, and that there wasn't some kill switch sent to disable that service.

    2) There are lots of reasons why an unlocking mechanism on the device is better than requiring a tether to another device that you may or may not have with you and may or may not be powered up. Even if the number of Apple Watches sold equaled the number of iPhones sold it still wouldn't be a good idea.

    3) Even now, you're required to own an iPhone to setup an Apple Watch, yet the Watch has its own secure element for Apple Pay purchases. You don't have to have your iPhone with you to use Apple Pay. It's an offline system once the initial authentication with your financial institution occurs per card per device.
  • Reply 16 of 22
    GeorgeBMacGeorgeBMac Posts: 2,112member
    Soli said:
    Personally, I would like to see Apple provide the option of replacing both touchid and FaceId with the Apple Watch.   If its on your wrist, the phone unlocks when you raise it.   No touching it.  No looking at it....

    The Apple Watch is already secure enough to enable ApplePay without any unlocking.  Even without a phone present, you simply get it near the scanner and BLIP! -- the payment is complete.

    Most people with Apple Watches wear them all day every day.   This would  be a great enhancement.
    1) I'm confused by your statement. Your Apple Watch has to be unlocked for Apple Pay to be accessible. Same fro your iPhone. In all cases, the device that contains the Apple Pay data requires that the PIN or passcode to have been authenticated, that a certain time hasn't passed, and that there wasn't some kill switch sent to disable that service.

    2) There are lots of reasons why an unlocking mechanism on the device is better than requiring a tether to another device that you may or may not have with you and may or may not be powered up. Even if the number of Apple Watches sold equaled the number of iPhones sold it still wouldn't be a good idea.

    3) Even now, you're required to own an iPhone to setup an Apple Watch, yet the Watch has its own secure element for Apple Pay purchases. You don't have to have your iPhone with you to use Apple Pay. It's an offline system once the initial authentication with your financial institution occurs per card per device.
    1)  You only unlock it once a day -- when you put it on.   Not every time you use it.
    2)  It doesn't have to be either/or -- just as entering a PIN or TouchId/FaceId is not either or.
    3)  Yeh.   What's your point?

    Admittedly some may not like it.  For instance those who tend to leave their phones laying around as they do other things -- or those who fear the police unlocking their phone.  

    But for those of us with an Apple  Watch and who keep our phones in our pockets, this would be a nice convenience instead of having to unlock your phone every time you use it. 

    The analogy is the watch itself.  You unlock once when you put it on.  After that, it doesn't need to be unlocked again till you take it off no matter how many times you use it or what you use it for:   Time, exercise tracking, Apple Pay, timer, weather, messages, email, etc...   The phone could just feed off of that  so if the watch is unlocked so is the phone as long as it stays connected.
  • Reply 17 of 22
    SoliSoli Posts: 7,098member
    Soli said:
    Personally, I would like to see Apple provide the option of replacing both touchid and FaceId with the Apple Watch.   If its on your wrist, the phone unlocks when you raise it.   No touching it.  No looking at it....

    The Apple Watch is already secure enough to enable ApplePay without any unlocking.  Even without a phone present, you simply get it near the scanner and BLIP! -- the payment is complete.

    Most people with Apple Watches wear them all day every day.   This would  be a great enhancement.
    1) I'm confused by your statement. Your Apple Watch has to be unlocked for Apple Pay to be accessible. Same fro your iPhone. In all cases, the device that contains the Apple Pay data requires that the PIN or passcode to have been authenticated, that a certain time hasn't passed, and that there wasn't some kill switch sent to disable that service.

    2) There are lots of reasons why an unlocking mechanism on the device is better than requiring a tether to another device that you may or may not have with you and may or may not be powered up. Even if the number of Apple Watches sold equaled the number of iPhones sold it still wouldn't be a good idea.

    3) Even now, you're required to own an iPhone to setup an Apple Watch, yet the Watch has its own secure element for Apple Pay purchases. You don't have to have your iPhone with you to use Apple Pay. It's an offline system once the initial authentication with your financial institution occurs per card per device.
    1)  You only unlock it once a day -- when you put it on.   Not every time you use it.
    2)  It doesn't have to be either/or -- just as entering a PIN or TouchId/FaceId is not either or.
    3)  Yeh.   What's your point?

    Admittedly some may not like it.  For instance those who tend to leave their phones laying around as they do other things -- or those who fear the police unlocking their phone.  

    But for those of us with an Apple  Watch and who keep our phones in our pockets, this would be a nice convenience instead of having to unlock your phone every time you use it. 

    The analogy is the watch itself.  You unlock once when you put it on.  After that, it doesn't need to be unlocked again till you take it off no matter how many times you use it or what you use it for:   Time, exercise tracking, Apple Pay, timer, weather, messages, email, etc...   The phone could just feed off of that  so if the watch is unlocked so is the phone as long as it stays connected.
    1) You said you don't have to unlock it. You have to unlock all these devices to use those services. It's a false statement to say otherwise. And, no, I personally don't unlock it only just once a day because I take it off at least 2 or 3x a day to charge; usually for shower/getting ready and sometimes for exercising if it requires it not to be worn. I wear mine during sleep to record my sleep patterns.

    2) I don't understand what you're getting at here. The number of Apple Watches doesn't even come close to the number of iPhones sold so this idea that biometrics should be removed completely from the iPhone lineup because some people have an Apple Watch doesn't make any sense.

    3) The point is that have Apple Pay on both systems and each systems locally authenticating a purchase is good for the product. The same goes for the iPad and Mac. If my iPhone is lost or stolen I can dissolve all the pseudonymbers® that each of my financial institutions created and tied to my physical card number fore each device without affecting any of the other pseudonymbers tied to other devices for my accounts. With your setup that everything is pushed through the Apple Watch I risk 1) a slower transaction (see Mike W's comments about his issues unlocking his Mac with his Apple Watch), and 2) having no way to make a payment if not having one device means that the chain is broken and authentication to unlock the device no longer works.

    4) Is this about the notch? Are you looking for ways to get rid of the notch? The camera and other sensors would still be there if they removed Face ID and while the notch could be smaller, it may not be better. Just look at the ironically-named Essential phone.

    5) I'd much rather see more independent features come to the Watch at WWDC so I can reduce my use of the iPhone more, not a way to lessen the iPhone's capabilities, slow down my access to it as it verifies that the Watch is still tethered via BT, or for it to be more anchored to the iPhone than it is already.
  • Reply 18 of 22
    crowleycrowley Posts: 5,375member
    I don't think he means removing the hardware of Face/Touch Id, just offering users (those that have an Apple Watch) the additional ability to authenticate and unlock using the presence of an unlocked Apple Watch, in the exact same way that the presence of an unlocked Apple Watch can unlock a Mac.
    edited May 16 GeorgeBMac
  • Reply 19 of 22
    SoliSoli Posts: 7,098member
    crowley said:
    I don't think he means removing the hardware of Face/Touch Id, just offering users (those that have an Apple Watch) the additional ability to authenticate and unlock using the presence of an unlocked Apple Watch, in the exact same way that the presence of an unlocked Apple Watch can unlock a Mac.
    Reading your comment I concede that that is probably what he meant despite using the word replace instead of referencing the addition of an optional feature. For non-Watch users, that feature that already exists in the other direction for the Apple Watch when you place it upon your wrist (without using your PIN) and then unlock your iPhone while both are connected via BT.

    That said, the current setup makes sense since the authentication of the Watch only occurs when you place it on the wrist. If Touch ID or Face ID isn't instant enough then I don't see how the encrypted communication to verify that the Watch is still tethered to the current wrist would be instant enough, it wouldn't be good for battery life to have it constantly sending authentication credentials to verify it's still authenticated on a wrist, and I don't think it would be a good security to have to just assume the Watch is still connected per the last time it checked.

    While using Apple Watch to authenticate my MBP was faster than typing in my password it's not faster than putting a finger on the Touch ID sensor, and I'm certain Face ID will be even faster if and when that feature comes to the Mac.
    edited May 16
  • Reply 20 of 22
    evilutionevilution Posts: 1,263member
    blastdoor said:
    Pfft. Wake me when they have a soul scanner. 
    Ginger people wouldn't be able to unlock their phones.

Sign In or Register to comment.