Dreaming of persistent, ambient authentication... for iPhone 11
People don't want Touch ID on the front of iPhone — they want ambient, persistent authentication everywhere.
Now that it seems likely that Apple will ship an iPhone with an "edge-to-edge" display — as I predicted back in January of 2015 — we're already seeing preemptive controversy over what that means for Touch ID, Apple's fingerprint authentication system. The hope is to have it on the front, where it's always been, albeit slipped elegantly beneath the display. The reality, though, might mean moving it to the back, where it can keep its current, hyper-reliable, implementation.
The arguments are over the relative convenience of hitting the sensor as your phone lies flat on a table or in a charger vs. hitting it as you slide your phone from your pocket or bag. But is either really an argument for Touch ID convenience or an argument that we need even more convenient authentication than Touch ID?
Touch ID, especially with Apple's second-generation sensor and the changes made with iOS 10, has become so fast and so reliable that I barely, if ever, think about it anymore. I simply pick up my iPhone 7 Plus, press the Home button with my finger, it unlocks, and I'm in.
There are a few times, though, where my finger is wet, I'm carrying something and the easier finger to use isn't one that's registered with the system, or I'm wearing gloves, and I'm reminded that Touch ID is still an active process. I still have to do something and, no matter how fast it feels these days, I still have to wait for it to respond.
Imagine a future where iPhone is continuously grabbing snippets of biometric and other data and using it to maintain a state of trust.
Imagine a future iPhone where authentication is ambient and perpetual, not requiring a specific fingerprint or biometric challenge/response but continuously grabbing snippets of biometric and other data. And imagine it would use that data to maintain a state of "trust" where your iPhone is simply unlocked for as long as it can be reasonably (or strictly, depending on settings) certain it's in your possession, challenging only when that state becomes uncertain.
There are already rumors of Apple incorporating Touch ID into the capacitive display, rather than a discrete capacitive home button, in this year's iPhone. There are also patents for microLCD technology that further enhances screen-as-fingerprint reading. Is the idea that parts, areas, or even the entire iPhone display being able to read at least partial fingerprint data really that far off?
iPhone cameras are already doing face and object detection for photographic effects and tagging. Microsoft is using them for facial recognition-based authentication. We look at our screens often and it's more than possible they could not only start looking but constantly authenticating back.
The same is true for infrared-based iris scanning. Samsung has recently introduced both facial recognition and iris scanning into its Galaxy phones. Unfortunately, you can't use them at the same time, with the system intelligently switching between facial recognition in daylight and iris scanning in low light, but that can't be far off either.
Siri began doing the basics of voice printing a couple years ago. Now, when you use setup buddy on a new iPhone, it has you say a few simple phrases so it can distinguish your voice — and your voice queries and commands — from those of others. I don't believe it's robust enough for authentication yet, but companies like Nuance have been offering just those kinds of "my voice is my passport, authorize me" services for a while. It's not tough to see Apple using the multiple, beam-forming mics on iPhones and AirPods to constantly check for your voice either.
It's the co-processor in iPhone that allows for low-power "Hey, Siri", the same co-processor that serves as the sensor fusion hub for accelerometer, manometer, barometer, and other data. Right now that's used for things like health and fitness apps and games. Taken further, though, could gait-analysis be used to record and check your walking and motion patterns, so as you move around your iPhone can know it's you that's doing the moving?
Biometric data could also be supplemented by other factors, like trusted objects. Previously, trusted objects were dumb — grab someone's dongle and you got into their phone. With Apple Watch, though, trusted objects got smarter. Auto Unlock on macOS, which uses the proximity of your Apple Watch to authenticate you for your Mac, feels downright magical. You authenticate on the watch via passcode or Touch ID on iPhone, then that authentication is further projected from Watch to Mac.
So could environmental data. For example, if you're in a certain place at a certain time that fits your existing patterns, that could add to the trust weighting.
Taken separately, each of these authentication methods either requires user action or doesn't provide enough security to be useful. Taken together though, every touch of the display provides a partial print, every glance at the camera provides a partial face or iris scan, every word a partial voice print, every step a partial gait analysis, and if a paired Apple Watch is proximate and you're in a place, at a time, that fits your pattern, enough factors pass authentication and the moment your iPhone senses any engagement, it's already unlocked and ready to be of service.
Touch ID doesn't exist for the sake of Touch ID. It's there to solve a problem — a problem that can also be solved in other ways.
Conversely, any time enough factors fail authentication, your phone goes into lockdown and challenges for a proper fingerprint, iris scan, or passcode/password to make sure you're really you. And it could escalate for situations that warrant it. That's what happens today, for example, after a reboot, timeouts, software updates, etc. For secure enterprise or government use, it could do so more often and require multiple factors to resume a trusted state.
To me, arguing about whether or not Touch ID would be good or bad on the front, back, or sides of iPhone 8 is too much in the now. Touch ID isn't there for Touch ID's sake. It was a way to solve a problem and, in the future, there will either be better, faster, and easier ways to solve the same problem or things that make the problem disappear so it no longer needs solving.
Historically, that seems like the approach Apple takes.
from iMore - The #1 iPhone, iPad, and iPod touch blog http://ift.tt/2qiNTQl
via IFTTT
No comments: