Sorry, but your smartphone's camera isn't perfect. Its image sensor contains microscopic manufacturing flaws, which show up in its photos as tiny imperfections known as photo-response non-uniformity (PRNU). Because each phone has its own unique PRNU pattern, scientists from the University at Buffalo have proposed that it could be used as a form of personal identification.

It was already known that stand-alone digital cameras each have a distinct PRNU, which can be used to match photos to the camera that took them. Fifty sample photos are required for the matching process, however, which would prove impractical in an ID-checking scenario.

Because smartphone cameras tend to have significantly smaller image sensors than stand-alones, however, the flaws in those sensors show up much more in the photos. As a result, the U Buffalo team discovered that just a single shot is all that's required to match the PRNU in a smartphone photo to the phone that took it.

In a system proposed by the scientists, users would start off by registering with a bank, retailer or other institution that regularly needed to check their ID. Part of that registration process would involve supplying a photo taken by their smartphone, from which a reference copy of their PRNU could be obtained.

From there, whenever they needed to prove their identity, they would be presented with an image of two QR codes, displayed on the screen of an ATM or cash register. They would take a photo of that display, using their phone, then use an app to send that photo to the bank/retailer/etc. As long as the PRNU in the shot of the QR codes matched the one on file for that user, their identity would be authenticated. For added security, the QR codes would contain information that was specific to each transaction.

The technology has so far proven 99.5 accurate, in tests involving 16,000 photos and 30 different iPhone 6s smartphones and 10 different Galaxy Note 5s smartphones.

Led by Prof. Kui Ren, the research is described in an open-access paper.