InfoSecurity

September 21, 2006
An Eye for Details

Runa Mukherjee

INTRO -- The idea of using iris patterns for personal identification originated in 1936 by ophthalmologist Frank Burch. By the 80's, though the idea had appeared in James Bond films, yet it remained science fiction. Two other ophthalmologists, Aran Safir and Leonard Flom, patented this idea by 1987 and in 1989 they asked John Daugman (then Harvard University professor) to create actual algorithms for iris recognition. These algorithms, which Daugman patented, are the basis for all current iris recognition systems and products. Finally, Steven Spielberg's 2002 science fiction film Minority Report made the ultimate impact by showing a society in which iris recognition had been accepted as a regular feature. The lead character has an eye transplant in order to change his identity. Welcome to Circa 2006 where Iris Scan has become a reality!

NEW DELHI -- The era of biometrics has dawned upon us and with that, many special technologies have come to the fore.Iris scan being one of them.

Biometrics covers a wide range of technologies in which unique attributes of people's identities are used for identification and authentication. This includes voice recognition, iris recognition, hand and fingerprint recognition, which are used to validate the identity of individuals who need to gain access to computers, airlines, databases, BPOs and other areas, which need restricted admission.

Iris scan analyses the features that originally exist in the colored tissue surrounding the pupil which has more than 200 points that can be used for comparison, including furrows and freckles. Using a small camera, an iris-recognition system photographs one or both eyes and converts the small details in the iris stromal pattern into a bit pattern that is suitable for unambiguous positive identification of an individual and further helps in recording the data and maintain a log.

The scans use a regular video camera style and can be done from further away than a retinal scan. It will also work through glasses and in fact has the ability to create an accurate measurement to be used for identification purposes, and not only for verification.

The use of iris scan as part of the security along with fingerprints is just beginning to come into existence. Law enforcement, military, state and municipal Governments, national Government, financial services, gaming and hospitality, health care, High-tech and telecom, industrial manufacturing, retail, transportation are just some of the areas that will be looking into the technology . The power of this biometric may make it rival fingerprints for situations where identification and verification are vital.

Following the September 11 attacks, there has been increased emphasis on security while reducing inconvenience to travelers. Iris recognition systems would seem to fit the bill completely. Such systems are now used at several airports in Europe and the United States.

Frankfurt airport is the first place where German Interior Minister Otto Schily started the first high-tech biometric iris-scanning system. It is considered to be the most accurate system in biometrics. The process of identifying people through their unique biological factors, the iris scanning technology is meant to both speed up the pace of passport controls as well as enhance the security procedures. It just goes on to make the travelling smoother and hassle-free.

The system will shorten long waiting lines at airports as the border controls will be partly automated. As per the process, passengers first get their iris photographed. They are required to step up to a special high-resolution digital camera that is fitted with an infra red imager to illuminate the eye even behind glasses or lens.

A computer will then process the digital images with the help of a software, that will be carefully mapping the iris in a spiral form working from the outside to the inside and record the unique spots and pigments. This data will then be transferred to the passenger’s machine-readable passport. Once the iris blueprint is in the system, passengers will simply put in their machine-readable passports and look at the camera. Once the iris scan matches the passport data, the passenger is automatically granted admission.

The whole process will just require 20 seconds and will ensure the most accurate form of security. However, passengers (who are EU citizens and are of 18 years and above) have to agree to a passport check by border guards and have to sign a data security document before they can undergo iris scan.

It is believed that the iris scan remains the most accurate biometric process in today's times. Since iris patterns are extremely complex, with more than 200 unique spots, they are believed to be the most reliable distinguishing feature of a person and thus easy to capture and compare with a database. The iris of the eye has been termed as the ideal part of the human body for biometric identification for several reasons:

• It is an internal organ that is well protected against damage and wear by a highly transparent and sensitive membrane (the cornea);
• The iris is mostly flat and its geometric configuration is only controlled by a single muscle, which controls the diameter of the pupil. This makes the iris shape far more predictable than, for example, that of the face;
• The iris has a fine texture that, like fingerprints is determined randomly during embrionic gestation. Even genetically identical individuals have completely independent iris textures;
• In an iris scan, there is no need for the person to touch any equipment that has recently been touched by a stranger, thereby eliminating an objection that has been raised against finger-print scanners.

Nasscom has recently suggested BPOs to implement iris scan to ensure security after a string of security breaches that took place in some of the most known BPOs. Nasscom sees iris-scan technology as an accurate and efficient method to combat security deceits.

On probing further on how fruitful this implementation will be for the industry in general, some of the industry experts showed that they did not have complete reliance on the technology alone.

“The organisations today deploy cutting edge security techniques but the hackers find a way through them to enter your data by some or the other means, Iris scan in such a situation alone is not enough,” said Vishak Raman, country manager, India, Fortinet Inc.

“Through iris scan, we know what data we are entering, but do we get to know if the data is safe after its put on the network to be accessed by the organisation is one of the key questions that comes to the mind,” he said.

He further emphasised: “It’s equally important to secure your log and monitor it regularly whenever accessed to ensure authorised use. It is important to further assist the network security providers to assist in discovering and addressing network vulnerabilities and provide forensic data for remediation.”

Experts who go by this technology however, say that iris scan is far superior to other technologies like fingerprint-recognition systems. It is so because greasy, dirty or peeling skin on the finger can easily distort fingerprint-recognition, a factor that is irrelevant in iris-recognition. Furthermore, the iris doesn’t just betray the identity of the person, but can also measure possible drug and alcohol consumption.

Limitations

Like with most other biometric identification technologies, an unsatisfactory issue with iris recognition is the problem of 'live tissue verification'. The reliability of any identification depends on ensuring that the signal acquired and compared has actually been recorded from a live body part of the person to be identified, and is not a manufactured template. Many commercially available iris recognition systems are not fool-proof as presenting a high-quality photograph of a face instead of a real face, would make such devices unsuitable for unsupervised applications, such as door access-control systems. It is less of a concern when there is a person supervising the procedure.

Human rights and civil liberties groups have also been critical of this technology, claiming that storage of such information could be subject to abuse and could be used to record people's movements illegally. It can also create a case of mistaken identity if somebody does manage to dupe the system.

“It’s important to implement a mechanism, which would provide network administrators with a comprehensive view of network usage and security information. Such a support can be provided through Identity and Access Management (IAM), also called as Log Analysers,” said Raman of Fortinet giving a suitable alternative for iris scan.

With a well implemented analysing system, businesses achieve stronger management control of their identity resources, robust mechanisms to control network access, and enhanced tools to meet tough compliance reporting, logging, and record retention. Many Fortune 1000 enterprises have implemented IAM solutions to improve IT operational efficiency, boost user productivity, mitigate security risks, and improve authentication and access control.

Future Positive

Nonetheless, the pros go beyond the cons. It indeed is a unique technology that can be applied for many areas that require stringent security and where value of data and information are important above all else. The uniqueness of eyes, even between the left and right eye of the same person, makes iris scanning very powerful for identification purposes. The probability of a false positive is extremely low and its relative speed and ease of use makes it a great potential biometric. It does take up a bit more memory for the data to be stored, but with the advances in this field, it is unlikely to cause any major difficulty.

So, going by the accuracy of the technology, the industry can only look forward to Nasscom's suggestion being taken seriously for a smoother and efficient security system being implemented in all the organisations that contain valuable information and databases.