The iris, which is the colored or pigmented area of the eye surrounded by the sclera (the white portion of the eye), is a muscular membrane that controls the amount of light entering the eye by contracting or expanding the pupil (the dark center of the eye). The dense, unique patterns of connective tissue in the human iris were first noted in 1936, but it was not until 1994, when algorithms for iris recognition were created and patented, that commercial applications using biometric iris recognition began to be used extensively. There are now two vendors producing iris recognition technology: both the original developer of these algorithms, as well as a second company, which has developed and patented a different set of algorithms for iris recognition.

Use of the Iris for Individual Recognition:The iris is an ideal characteristic for identifying individuals because it is formed in utero, and its unique patterns stabilize around eight months after birth. No two irises are alike; neither an individual’s right or left irises, nor the irises of identical twins. The iris is protected by the cornea (the clear covering over the eye), and therefore it is not subject to the aging or physical changes (and potential variation) that are common to some other biometric measures, such as the hand, fingerprints, and the face. Although some limited changes can occur naturally over time, these changes generally occur in the iris’ melanin and therefore affect only the eye’s color, and not its unique patterns (in addition, because iris scanning uses only black and white images, color changes would not affect the scan anyway). Thus, barring specific injuries or certain rare surgeries directly affecting the iris, the iris’ unique patterns remain relatively unchanged over an individual’s lifetime.

Iris Recognition Systems :Iris recognition systems employ a monochromatic or black and white video camera that uses both visible and near infrared light to take video of an individual’s iris. Video is used rather than still photography as an extra security procedure. The video is used to confirm the normal continuous fluctuations of the pupil as the eye focuses, which ensures that the scan is of a living human being, and not a photograph or some other attempted hoax. A high resolution image of the iris is then captured or extracted from the video, using a device often referred to as a “frame grabber”. The unique characteristics identified in this image are then converted into a numeric code, which is stored as a “template” for that user. Different vendors use codes of either 512 or 1,024 bytes in size, per iris. Further explanation of these codes will be provided below in the Data Capture section.

Enrollment

Enrollment is the process by which an individual has his or her iris information scanned into, and stored with, the iris recognition system so that he or she can use the system to gain access to a protected asset. Individuals must be enrolled in the iris recognition system by a trained individual - usually either a system administrator or a security representative. The system administrator or security representative has several responsibilities in running the system, including setting up new user accounts, facilitating the enrollment process, and training new users in how to use the system.

The enrollment process is typically very straightforward. First, a new user account must be established. The user’s template is established by setting the iris recognition system to “enrollment” mode and recording the new iris template. In some systems, this can be all that is required. Once the user’s iris template is in the system, that user can access all of the assets protected by that system. These types of systems may not even require that the individual user register personal information in the system. For these systems, an individual is either recognized as one of the group of authorized individuals, and is given access, or is not recognized and not given access. Other systems may be more complex, and may allow different users (based on their security clearance) different levels of access within a facility. For example, an iris scanning system may be set up to allow all users to access a certain building at a facility, but may only allow a subgroup of those individuals to access a secure room within that building. Biometric security systems that permit multiple authorization levels require that an administrator open an “account” for a user, under which the user’s iris template is assigned an authorization level(s), which establishes and controls his/her access to certain areas. In this case, the administrator would need to record the user’s name and other pertinent data so the iris template now has an “identity” associated with it. Having this information in the system database also allows the administrator to track other information about that individual, such as the time of day the user accessed the asset, the number of times a user accessed the asset, etc. A more complex system like this will require more time for enrollment, because the administrator will have to establish the account. The time necessary to enroll will vary depending on the system complexity.

As stated above, to enroll in the system, the user must first have his iris scanned by the camera to create his or her iris template. Most cameras can scan the iris at distances between 4 and 40 inches, but they generally have some optimal operating distance specified by the manufacturer. The administrator can provide guidance to users with regard to the proper positioning for an accurate iris scan. Generally one scan is all that is needed to obtain the “baseline” iris template that will be stored and used for subsequent comparisons at the time of access. Once the enrollment photograph is taken, intrinsic algorithms in the system evaluate the image for completeness.

Some systems dedicate a specific iris scanner unit for use in enrollment. Dedicating a specific unit to enrollment is advantageous because units that are being used to guard assets will not be interrupted to enroll new users into the system. Therefore, the number of users in a system may be a prime consideration when determining whether or not a separate dedicated enrollment unit is required. Other systems do not have a separate camera dedicated to enrollment and users simply enroll on the camera located at the access point.

Accessing an asset (through iris recognition) after enrollment is complete typically takes only a few seconds. The iris scanning process is reported to be safe for all users.

As mentioned above, iris recognition is currently based on patented technologies from two companies. The main differences between the two technologies are based on the amount of information initially captured by the algorithms. One vendor selects only a portion of the iris to construct its template, while the other attempts to capture the entire iris to obtain their iris template. While the second vendor’s template is twice as large as that of the first vendor (1024 bytes versus 512 bytes), both files are very small as compared to the file sizes of other biometric recognition technologies. Both technologies also have very high accuracy rates as compared to other biometric technologies.

There are also differences between the two technologies in how the systems can be configured. The first vendor offers a variety of configurations for its iris recognition systems. For instance, one configuration offers a single camera iris recognition system which extracts and stores information from only one iris per individual. A second configuration uses a two camera iris recognition system to capture and store the template from both irises simultaneously. A third configuration offers a bimodal biometric recognition system that combines iris recognition with fingerprint recognition in a single unit. In contrast, systems from the second iris recognition vendor are marketed solely as bimodal biometric units. They are currently configured in a set-up that combines a two camera iris recognition system with facial recognition in a single biometric unit.

Apart from the differences noted above in potential system configuration and file size, there is little difference between the two iris recognition technologies that would be apparent to the user. Both technologies rely on the same types of cameras to capture iris information, use the same incandescent and near infrared lighting for illumination, are able to operate in stand alone or networked modes, and can are able to operate in either verification or identification modes (see below for a discussion). Therefore, choosing one system over the other would be more a function of personal preference or perhaps a requirement to have a specific system configuration.

As mentioned above, both vendors’ patented technologies use a monochrome, or black-and-white video camera (similar in function to a modern video camera) to focus in on the eye(s), while a frame grabber, or similar device, captures a high resolution image of the iris or irises. Algorithms are used to analyze the image and determine the patterns and orientation of selected areas of the iris. This information is combined with the locations of these patterns in a numerical format to form what is called the iris template. This numerical code is stored as one template per iris, and is used to make future comparisons with individuals who attempt to access this security system. The numerical code is far smaller than an actual image of the iris, which facilitates ease of storage and efficiency in searching a large database of files.

Verification vs. Identification

Depending on how they are set up, access control systems, including biometric systems, can function in either “verification” or “identification” mode. “Verification” is the process by which the user identifies himself or herself to the system as a specific person (usually by using a password or some other information that only that user would know), and then the database attempts to match ONLY that stored profile information with the information submitted by user. For example, when a user uses an iris scanner in verification mode, he might enter a password on a keyboard that tells the system that he is John Doe. When he scans his iris, the system will evaluate the scan ONLY against John Doe’s profile in the system. If the scan matches John Doe’s profile, then he is granted access. If the scan does not meet John Doe’s profile, then he is not granted access. In contrast, “identification” is the process by which the user identifies himself to the system only as a member of an authorized group (i.e., the user does not have to tell the system WHICH member of the authorized group he is), and then the database attempts to match ANY of its stored profile information with the information submitted by the user. In this example, the user scans his irises first, and then the system searches all of its files for a match. If there is any match, the user is granted access. If there is no match, then the user is denied access. Iris recognition is well suited to applications that require verification. However, it should be noted that verification necessitates the storage of information other than the iris template in a user profile (i.e., information such as a password, etc.). The technology is also ideally suited for applications that require identification as well, because the uniqueness of the iris and the small size of the template containing the iris information allow the database to be searched quickly.

Accuracy in biometric security systems is often determined by measuring false acceptance rates (FAR) and false rejection rates (FRR). False acceptance occurs when a biometric security system incorrectly determines that a match exists between the stored iris template and the one submitted for comparison. False acceptance results in an unauthorized individual gaining access to an asset. False rejection occurs when a biometric security system incorrectly determines that a match does not exist between the stored iris template and the one submitted for comparison. False rejection prevents an authorized individual from gaining access to an asset.

As discussed above, when a user scans his iris into a scanner, the system attempts to match the scan with a previous scan stored in a template, using a series of algorithms that calculate the similarity between the scan and the template. However, there is variability inherit in each submission of a user’s iris for recognition. Slight differences between a user’s stored template scan and subsequent scans are common to all biometric recognition systems and for iris recognition this could be caused by variation in lighting conditions, by a partial reflection from excessive moisture on the eye, by different tilts of an individual’s head relative to the camera, or by any number of reasons relating to slight differences in the environment between the time of the original enrollment scan and subsequent scans. This slight variability between the stored template and subsequent scans will cause a certain percentage of the iris to mismatch during the comparison process. These mismatched parts are known as unmatched “segments.” In order to ensure that a match between a template and a scan is not rejected because of these unmatched segments, a threshold setting, or “decision criteria,” must be applied to the algorithms making the comparison. This threshold setting determines what percentage of the compared segments must match in order to consider the two irises a match, or, alternatively, how many unmatched segments determine a mismatch. This threshold setting must be set to maximize acceptance of real matches (i.e., avoiding the “false rejection” described above), while minimizing acceptance of false matches (the “false acceptance” described above). This balance between false acceptance and false rejection is discussed in more detail below.

Panasonic BM-ET300 Iris Recognition Unit

Some product lines have tried to increase the accuracy of their systems by using two cameras instead of the traditional one. While this combination can statistically produce a higher level of accuracy over the single iris scanner, in practice many of these types of systems produce similar accuracies to one-camera systems.

Combination Iris and Fingerprint Recognition Unit NexgenID, LTD.

 

Anti-Spoofing Countermeasures

Biometric systems have various features designed to mitigate “spoofing” attacks, whereby artificial means are used to trick or “spoof” the system into accepting a forged or faked biometric as a legitimate one. Generally, anti-spoofing countermeasures function by determining whether or not the biometric being presented is actually alive. One method for making this determination is by the system verifying behavioral aspects of the presented biometric, including both voluntary and involuntary responses. For example, a system can be designed to request various responses from the user, such as a voice prompt that requests the user to blink his eye, or move it in a certain direction. However, this type of system would not be useable if the user was hearing impaired. The system could also measure involuntary responses, such as the pupil’s response to light, or the normal continuous fluctuations of the pupil as the eye focuses. Another feature for combating spoofing in iris recognition systems is employing spectrographic countermeasures. Spectrographic countermeasures work by measuring the wavelengths of light reflected from living tissue (for instance melanin, fat, and blood vessels). These wavelengths yield known distinctive values. Therefore, if the selected tissue does not return the expected value, the iris will be considered a fake and the user will be denied access to the protected asset. The spectrographic and involuntary countermeasures are generally transparent to the user (i.e., the user will not know that they are occurring).

Ease of Use and Acceptance

Iris recognition is easy to use and generally has a high level of user acceptance (i.e., users typically do not object to having their irises scanned). Since iris recognition does not involve contact between the user and any of the system components, there is nothing physically invasive about it and there are generally no hygienic or sanitary issues. In addition, most people are comfortable with having their picture taken, and although an infrared light is used to help illuminate the iris, the light is similar in intensity to the infrared light on most remote controls for televisions and is not harmful or invasive.

It may be necessary to give users an initial round of training to facilitate accurate scanning. As noted above, individuals must be in the proper position at the scanner to produce an accurate scan. Guides to ensure that users are properly positioned at the scanner are typically provided by the vendor and come in many forms, including written instructions, guides painted on the floor or wall, and/or computerized voice prompts. This technology does not require a user to be absolutely motionless during scanning, but will require that the user remain still for a moment, and may require the user to tilt his or her head at a specific angle.

Data Storage

Because of the small size of the template, iris recognition technology works well in a variety of configurations. For example, the templates can be stored in the internal memory of the biometric unit itself, allowing the unit to function as a stand-alone system. In contrast, if a large database of users is required, the database could be stored on a separate PC that is networked to single or multiple iris recognition units. The template is also small enough to be stored on a smart-card (for more information on smart-cards, refer to the Card Identification/Access Systems Product Guide). In a system employing smart-cards, no database of users would need to be created and stored. Instead, each user would simply have his or her template recorded to a smart-card during the enrollment process. Each access attempt would begin with the user sliding the smart-card into a reader on the iris recognition unit, and then proceeding to have his or her iris(es) scanned. The iris template obtained during the live scan would be compared with the template stored on the smart-card to determine authorization (this particular case would be an example of a verification process [as identified above under Verification vs. Identification], because the user identifies himself as a particular individual through use of the smart-card). If the card were ever lost or stolen, the user would simply re-enroll using a new smart-card issued by an administrator. The system would not necessarily be compromised because the lost smart-card must be used in conjunction with the correct iris scan to grant access to the protected asset.

 

Other Factors Affecting Iris Recognition

Adequate lighting is essential to capturing an accurate image using iris recognition technology. For this reason, most iris recognition systems employ low-level incandescent light and a low level, or near infrared, light in the 700-900nm bandwidth to properly illuminate the iris. This near infrared range is not harmful to the human eye and is roughly equivalent to the bandwidth used in television remote controls . The lighting used for illuminating the iris may be physically attached to the iris recognition unit or may be installed at key locations near the unit to facilitate proper lighting conditions.

With adequate lighting the algorithms used for iris recognition are sophisticated enough to identify and “ignore” possible obstructions to the iris, such as eyelashes, the eyelid, and slight reflections. Most iris recognition systems are also not affected by glasses or contact lenses. Even the colored lenses generally do not affect most systems because the algorithm does not rely on color. However, the decorative contact lenses with advanced printed patterns (like a cat’s eye) may present problems for users (False Rejection) in some recognition systems, and therefore should not be used for iris recognition.

Combination Iris and Facial Recognition UnitIritech, Inc.

 

Integration/Configuration

Integration of the iris scanner into the user’s security and communication system is a key aspect of designing a successful security system, whether the user is purchasing a new security system or is upgrading an existing access control system. Numerous companies specialize solely in system integration, and these vendors can be contracted to design a control system that meets the purchaser’s specific requirements. For instance, a company may wish to implement different authorization levels for different individuals to control access to multiple locations, while also being able to track the location of individuals in real-time. Other potential buyers may have simpler requirements - for instance, controlling one or two doors without different authorization levels.

Iris recognition functions well in both identification and verification mode, and because the small templates accommodate a large number of potential users, it is easily integrated with most existing biometric and non-biometric access control systems. For instance, iris recognition can be added to an existing biometric security system (such as a fingerprint recognition system), allowing the system to use one biometric as the primary access control system and the second as a back-up. Iris recognition can also be used with existing card based access control systems (for more information, see the Card Identification/Access Systems Product Guide.) Most iris recognition systems can be integrated with a card reader and can communicate information from the card to an existing controller (for instance, via Wiegand protocol). However, depending on the output from the existing card reader, some iris recognition systems may require that the existing controller be upgraded to handle iris recognition output.

Iris recognition is well suited for integrating or upgrading large-scale access control applications characterized by a large database of users. Because the data template is small, it requires very little storage space and can be managed and speedily searched, even with a large database of users, without significantly impacting system performance.

System Requirements

The bulk of the document above has focused specifically on the iris scanning unit and its capabilities. However, the iris scanner unit is only one component of an overall security system. A complete iris recognition security system must include the following components:

• A sensor, which measures/records a biometric characteristic or trait. In an iris scanner biometric security system, the iris scanner itself is the sensor. Discussions of the iris scanning sensor have been presented in depth above;
• A control panel, which serves as the connection point between various system components, communicates information back and forth between the biometric sensor and the host computer, and in most cases contains the logic that makes the determination to grant or deny access to an asset – typically by engaging or disengaging some sort of lock on the protected asset, either by using its own internal logic or by following commands issued by the host computer;
• A host computer, which facilitates enrollment and stores the iris templates, and in some cases can make the determination to grant or deny access to an asset;
• Specialized software, which compares an individual image taken by the sensor with a stored profile or profiles and facilitates communication between system components;
• A locking mechanism (i.e. a magnetic door lock) which is controlled by the biometric system and protects the asset being controlled; and
• A power source to operate the system.

Each of these components is described in more detail below.

Sensor

The sensor in an iris recognition system is the monochromatic or black-and-white video camera which captures a high resolution image of an individual's iris. Discussion of the sensor is provided in the sections above.

Control Panel

A control panel is an electronic panel that is the main connection point for the iris recognition sensor(s), lock(s), host computer, and other wired inputs and outputs of the system. The control panel is the primary location for the access decisions in most biometric security systems. This decision is made based on access permission data which can be stored in the control panel or the host computer. The control panel typically runs the algorithms that compare the iris template (sent from the sensor) with the stored iris template(s). Using the algorithms and internal logic, the control panel determines whether there is a match, grants or denies access to the user based on that decision, and the sends a signal to the electronic lock to either remain engaged (if access is denied) or to disengage (if access is granted). In some systems the host computer runs the decision algorithms and the control panel serves to communicate information between the sensor and the host computer.

Depending on the sophistication of the system, the control panel can also store data on "transactions" that occur within the system, which can later be downloaded to the host computer or a separate PC. For example, the system could be set up to record the number of times that an individual accesses a door using the iris recognition system. These transactions are typically stored in a history buffer until the control panel communicates this information to the host computer. The control panel is typically housed in a secured location to prohibit unauthorized personnel from accessing it.

Note: The term "control panel" is generic as it is used in this document. Some manufacturers may refer to control panels by other names (for example, "controller," "smart remote box," “control unit,” “door interface board,” and/or "door commander").

Host Computer

The host computer holds the central database for the system and is connected (through wires, communication cables, and/or other electronic circuitry) to the control panel, which is in turn connected to the biometric sensor. The main purpose of the host computer is to facilitate enrollment and to store iris templates, associated permission levels, and tracking information (i.e. who accessed an asset at a particular time). In some systems the host computer can run the algorithms that make the access decisions for the security system. However, in most cases the host computer supplies the stored iris template(s) to the control panel for comparison with new access requests.

Depending on the needs and complexity of the networked access control system, the host computer can vary from a standard PC to a more complex system such as a Windows NT server or a Unix-based reduced instruction set computer (RISC) platform. For instance, a small-scale biometric iris recognition system that controls access to a single room or facility and has a small number of potential users may be able to utilize a standard PC to store all necessary iris templates and access logic. More sophisticated security systems with large numbers of potential users, complex tracking, and multiple permission levels and access points will typically require higher-powered host computers. Cyber security issues and the physical protection of the host computer should be considered an integral part of evaluation of any security system.

Software

Specialized software is required to create an initial iris template, to compare this stored iris template with one sent from the sensor to the control panel during an access request, and to communicate with all the other system components. Software applications will typically include a database to store the templates. Many iris recognition systems offer software to establish permission levels, which can include permissions to access certain areas of the system, and/or permission to change access for different users. Depending on the sophistication of the system, the software may allow multiple numbers and types of permission levels. A system administrator will typically manage this database, and can add and delete users or change permissions as necessary.

Basic software can be pre-programmed and housed within the iris recognition unit (in some stand-alone units), or can be purchased off-the-shelf. The off-the-shelf software, which may provides a higher level of functionality and sophistication than does the software included with some stand-alone unit, generally can be configured by the purchaser’s in-house computer programming staff. Depending on the user’s system and requirements, this software can be run from a standard PC that is tied into a dedicated security network, or on an existing computer network. However, most vendors of iris recognition security systems typically offer products that require custom configuration by professional system integrators. This often includes custom software development and the use of proprietary code. When using custom configuration it is prudent to choose an integrator with a proven track record to ensure that the system is installed properly. Vendors will generally have a preferred list of integrators that they can recommend.

Locking Mechanism

The locking mechanism is the part of the security system that prevents the asset from being accessed until the biometric trait is accepted and access is granted. The default setting for an iris recognition system is locked or engaged. The "key" to disengage the lock is the individuals' biometric trait (the iris), which must match his or her stored profile. These locks may be physical, such as an electric bolt or an electromagnetic field locking a doorway, or they may be logical, such as the log-on requirements for a computer system. Further discussion on physical locking mechanisms can be found in the Product Guide on Locks. Discussions of logic locks and log-on requirements for computer systems are not discussed here because they are inherent in the design of computer systems.

Iris recognition security systems are typically associated with electronic locks, and thus they typically have the same emergency-related safety protocols inherent in electronic locks - such as emergency releases from the inside of a protected area and automatic disengaging of the lock after a power outage of a certain length of time.

Power

Iris recognition security sensors require a hardwired power source from standard AC 100-240V lines. It is important that these locks have power back-up so that they do not fail during power outages. Most hardwired units are backed up either by some form of battery back-up, an Uninterruptible Power Supply (UPS), or an emergency power generator.

Stand-Alone Units

Some iris recognition security systems combine all of the components described above into a single unit, which is most often referred to as a “stand-alone” unit. Stand-alone iris recognition units operate at a single location, such as an entryway, where an individual would both enroll and later attempt access. Stand-alone units are sold with all the hardware and software required to operate independently. The unit contains a camera; an integrated computer chip that performs the functions of a host computer; and an onboard memory that holds the database of users. The integrated software signals an onboard door controller to open or close existing strike plates or magnetic locks on doors. Some vendors offer sophisticated stand-alone units that allow permissions to be granted for specific times of day, and will maintain an event log that can be downloaded to a PC for tracking purposes. Some stand-alone units can be networked together with other stand-alone units, and this may work well in certain smaller applications. However, in larger applications where multiple doors require controlled access and real-time tracking may be necessary, the networked (non-stand-alone) system may be the better choice.

These units are generally less expensive to purchase, install, maintain, and operate than are the networked (non-stand-alone) systems. Because controlling access through iris recognition is often associated with higher-end security requirements, stand-alone units are not quite as common as are fingerprint scanners or hand recognition devices. However, they are available, and as technology continues to refine the components and as costs continue to decrease, stand-alone iris recognition systems may become more common.

Networked Systems

Networked iris recognition systems are more common than are stand-alone units. These systems are composed of separate pieces of hardware and software that are networked or linked together by communication cables and wires, much in the same manner a computer system is networked. Many networked iris recognition security systems contain a minimum of two separate cameras. One is located at the point of entry and is used to obtain access to a location or facility. The other camera is dedicated solely to enrollment and is located near the PC that runs the iris recognition software. The separate enrollment camera permits continuous operation of the camera used to control access.

 

Iris recognition is more costly than most other common biometric security systems, in part because it is a fairly new technology, but also because of the requirements and sophistication of the system. A single stand-alone unit can run anywhere from $220 to $10,000, depending on the vendor, model, and the quantity purchased. Prices tend toward the middle to upper end of this range. Fully networked (multi-component) system prices generally start at around $15,000, and will typically include a remote sensor (camera for one access point), a separate enrollment unit, a separate control panel, and a license to operate the system. Again, costs vary by vendor, type of system, system components, and quantity ordered. Some vendors also offer basic software to enable enrollment and run the security system in the basic package. However, most multi-component iris recognition security systems require special software that must be designed and developed by a professional integrator for an additional fee. Integrators can create a custom application to suit the specific needs of the buyer and can provide additional cost information.

A host computer, the door locking mechanism, and the cabling to connect the various hardware parts are also generally sold separately. Pricing for these materials will vary according to type and quantity selected.