The iris, like all biometrics, is a feature that uniquely belongs to a single person; thus it can be used as a distinctive identifier. Iris recognition, while not new, has gradually emerged as an effective biometric for ascertaining identity quickly and in a manner that does not have the same criminal connotations, cleanliness issues or quality problems as fingerprinting. For this reason, iris recognition is gaining traction in physical and logical access control systems.
Because of its reliance on very small templates, iris recognition is also attractive from a storage and performance perspective. The confidence in the technology is on the rise, thanks to the successes of large government programs, as well as the fact that iris cameras are now commodity items. In the end, these factors are all contributing to a marked increase in the rate of adoption in markets such as law enforcement and the military, to civil programs such as travel document issuance and border crossing systems, and even commercial applications — especially banking.
The Commercialization of Iris Recognition
The idea of using iris for personal identification is not new. It was originally proposed in 1936 by an ophthalmologist. In 1987, two additional ophthalmologists received a patent for their iris recognition technology. John Daugman, Ph.D., then at Harvard, worked to develop computer algorithms for the concept and patented the algorithm. Later, the three men founded Iridian Technologies, one of the early biometrics companies. In 2008, the Daugman patent expired and the technology continued to advance with R&D efforts by a number of innovative companies, leading to the adoption of iris technology in a wide range of programs and applications.
A typical iris has at least 200 unique, identifying characteristics that can be used for comparison. Iris recognition is basically the matching of those 200 unique identifying characteristics within the iris against other images in a database. Iris recognition begins with capturing a photograph of the eye. No “scanning” is involved; rather, iris images are acquired by taking a photograph in infrared light.
The accuracy afforded by iris recognition, together with its fast search speeds (140+ million eyes per second) and small templates (1 million iris templates can be stored on just one gigabyte), make iris recognition an attractive method for identification — often more so than fingerprint or facial image comparisons. These attributes also make it viable for even the largest identity programs.
Accuracy and Performance
The U.S. government has been involved in biometric vendor testing since the earliest days of the industry, in order to establish objective metrics for comparing technologies and therefore, to support users in making procurement decisions. The objective, non-biased, scientific approach of the National Institute of Standards & Technology (NIST) makes its tests the gold standard of accuracy assessment.
IREX III was the first independent test of one-to-many identification using a large, real-world dataset. The exciting finding of the test was that iris is indeed a viable biometric for large scale identification and an order of magnitude more accurate than face. Not surprisingly, IREX III also concluded that enrollment and search of both eyes offers better accuracy than a single eye.
IREX IV, released on July 11 of this year, compared the performance of iris algorithms from leading commercial and academic providers on operational databases of more than a million iris records. Here are a few quick iris performance statistics that illustrate the power of the technology today:
- The false non-match rate is much less than one percent using two eyes with existing commercial iris capture devices. Using a single eye, results are nearly as good.
- The iris-match speed is 140+ million eyes per second.
- Because of their small size, more than 100 million iris templates can be stored on a single piece of contemporary server hardware (1M templates/1 Gb RAM).
- Two-eye iris recognition is much more accurate than face and is also measurably more accurate than 10-print fingerprint. Furthermore, because of the efficiency of the iris template, 10-print fingerprint level accuracy can be achieved using iris on a mobile device that stores data for a very large population.
In addition to progress in algorithm accuracy and speed, there has been equally impressive progress in biometric platform architecture over the past several years. Today, the best search recognition engines perform multi-modal biometric (face, fingerprint and iris) searches in the same software application, thus reducing system complexity as well as scale with fusion and pipelining techniques. They run on commercial off-the-shelf (COTS) servers and use a mixture of commercial and free and open source (FOSS) noSQL databases for data storage. Scalability has been proven even in identification programs that include hundreds of millions of records. Finally, interfacing with mature COTS search engines is relatively simple due to the open-standards based, service-oriented architectures, making them available to a range of integration languages and technologies.
Rapid Identification for Law Enforcement
For law enforcement and the military, it is often critically important to identify an individual as quickly as possible. For example, police officers need to know if the person standing in front of them poses a high degree of danger. Significant time and effort is wasted when officers fill out forms for arrests of repeat criminals. Additionally, criminals often provide aliases that waste time in the booking process. Another problem is the movement of criminals from one physical location to another (e.g. local precinct, courthouse, prison). Ensuring that only inmates qualified for the work release program exit the facility and get on the bus, for example, is not a trivial problem. Dispensing medications to appropriate individuals is another challenge in a correctional facility.
All of these problems can be addressed by using iris to rapidly identify a person already in the database, such as through a prior arrest and/or conviction. Basically, an iris is quickly captured and searched against a database, with the result is returned within seconds. Fingerprints, the most commonly used ID method, can take several minutes, even as many as 30, to acquire and even longer to return results, depending on the size and location of the identification system. Rapid iris-based identification can be performed at multiple points in the process of moving a person from location to location, as required.
Several law enforcement agencies have successfully used iris matching technology to rapidly and accurately identify criminals in this way. One state deployed 64 multi-biometric booking workstations at major arrest and arraignment locations to begin building an iris identification database that will allow for rapid identification in the criminal arrest, arraignment and incarceration process.
Importantly, this solution provides high-level administrators with a means of ascertaining the total number of criminals in a facility or in the state, during a given time period, which can be a valuable feature in the event of an emergency and numerous other scenarios.
Iris images acquired in challenging environments, or from uncooperative subjects, may impact performance and not provide good match results. In this case, various techniques can be used to enhance the image to make it usable for automated matching.
A number of image enhancement tools for improving iris recognition performance are under development, with the goal of developing techniques for image enhancement, correction and results interpretation that will improve the operational quality of challenging data, similar to those in latent finger examination practice today.
Marketing Iris Recognition
Big consumer technology companies like Apple and Sony, as well as other Industries are looking to biometric technologies to increase security, opening the market for additional applications for iris and other biometric recognition technologies. Organizations looking to add biometrics to their security portfolio should not only understand the benefits and tradeoffs between different types of biometrics, particularly iris, but also take lessons from what governments have done with biometrics to make large programs successful.
Government agencies require security clearances to access the biometric data they have captured, and that access leaves electronic footprints to deter snooping or theft. It is not foolproof, but they have invested billions over the years into securing the information gathered through biometric capture.
People willingly stand for a government photo or fingerprint because they know it will increase their security and convenience — such as protecting them against identity theft, speeding through a security line, or quickly applying for a background check for a job. Private businesses must also show a strong value proposition to consumers/employees in the collection and use of biometrics. Businesses should always give individuals choices and allow them to opt-in, providing full transparency into what is being collected, why and what the person will receive in return.
Businesses must also be open about what they will do with peoples’ data. In government there are strict rules about how an agency can use or share biometrics data. Businesses should set high standards and communicate their practices in a clear way that customers and employees can understand.
Richard Austin Huber is the CTO of MorphoTrust USA, a provider of identity solutions and services, with a deep expertise in multi-modal biometrics, applicant vetting and secure credentialing programs.