Meta’s Eye Authentication System Keeps Metaverse Data Safe

Meta wants to make sure it’s actually you who’s wearing your mixed reality headset.

Photo of a Meta patent
Photo via U.S. Patent and Trademark Office

Sign up to uncover the latest in emerging technology.

Meta wants to make sure its headsets can’t be hacked. 

The company is seeking to patent a way to provide “user authentication for a near-eye display.” Meta’s patent lays out a system that may use a host of biological data to authenticate the users of its headsets, whether that be eye-scanning, gesture recognition or voice data. 

Meta notes that artificial reality headsets can be used to access a lot of personal data, including private content or communication sessions. “Without any security measures, any wearer of a near-eye display device may have access to content or communication session(s) available through that near-eye display device,” Meta said in its filing. 

When a user wants to access certain restricted data – such as calls, messages, access to social media accounts, or mobile payments – via a Meta headset, they would need to pass biometric authentication. 

Using both sensors in the headset and devices “communicatively coupled” with it, Meta’s system can choose from a long list of biological information to authenticate a user, including iris and retina scans, facial recognition, finger and palm scanning, heartbeat, or movements. 

Meta’s system dynamically chooses how to authenticate a user for access based on environmental conditions, such as noise or light level. For example, if the system requests a thumbprint authentication, but the user is wearing gloves, it would automatically make another kind of authentication available, such as facial or voice detection. Authentication techniques may also be based on the sensitivity of the data, Meta noted. 

If a user is continuously wearing their headset but was either inactive or switched between activities that require authentication, Meta’s system would renew the authentication without requiring the user to re-verify.

Meta’s system uses identity security in a way that may offer protection in the case of theft. For example, if someone steals your Meta Quest, while the thief would make off with an expensive gadget, they at least wouldn’t have access to any of your accounts or personal data. 

Though opportunities for someone to steal a mixed reality headset seem limited to breaking-and-entering, Meta’s goal has long been to make these devices more appropriate to wear outside of the house. The company already has a pair of smart glasses on the market in partnership with Ray-Ban, and a recent patent detailed its plans to make a lightweight reconfigurable headset that lasts 8 to 12 hours. 

Making these headsets lighter and more portable would make theft as easy as someone taking a pair of glasses out of another person’s purse on the subway. To that end, the kind of security that this patent suggests may become more important. 

Another reason that Meta may want to boost its identity protection is the emergence of Apple as a competitor, since one of the iPhone maker’s biggest selling points is privacy. Meta Implementing these safety features could be a way for the company to make its offering more appealing to the privacy-concerned buyer. 

That said, Meta has a shaky history with its handling of consumer data. Biometric data is particularly sensitive: Once it’s stolen, it can’t be easily replaced. But to the company’s credit, the patent does specifically cover this, noting that for “personal information protection and privacy purposes, a default setting may be not storing the information.”