An Eye for Security
IRIS BIOMETRICS haven’t been deployed broadly; implementations have largely been restricted to some major airports, a few sporadic government programs, and certain high-security private sector facilities. But among those familiar with the technology, it’s seen as highly accurate and increasingly simple to deploy and manage.
One company, Oracle Corp., first used iris recognition technology from Korea-based LG Electronics in 2002 for access control in one data center. The goal was to boost security and to “meet and exceed” compliance standards, according to David Stoller, systems administrator of security at the firm’s headquarters in Redwood Shores, California.
Last year, the company upgraded to LG’s IrisAccess 4000 series, which it now uses in three data centers. The new system captures digital pictures of both irises. The user interface is more intuitive, he says, letting employees get into position more quickly for a photograph.
Scanning both irises also boosts accuracy. The odds of being misidentified by a single iris scan are about one in 1.2 million, but they plunge to one in 1.44 trillion when both eyes are photographed, according to the New York-based International Biometric Group (IBG), an independent testing and consulting firm.
Iris recognition in general is one of the most accurate biometric solutions, says Victor Lee, an IBG senior consultant. The only other solution that does as well in IBG tests has been vein recognition, he says. This is partly due to the characteristics analyzed.
Iris scanners record about 250 unique details in each eye, compared to about 25 details that are analyzed by fingerprint readers, according to Lee. Irises are also less likely to be damaged, or to wear down over time, compared to fingerprints, for example. Iris systems are also difficult to fool when compared to some other biometric solutions, he says.
Along with fingerprint and vein recognition, iris technology has some of the most robust, well-tested algorithms, says Lee. Among biometric solutions, these three varieties have the most mature industry standards, he adds, reflected in published papers from bodies such as the Geneva-based International Organization for Standardization.
Oracle also uses vein and fingerprint recognition at several data centers, but the company has found, through independent tests, that the iris readers have fewer false positives, says Stoller.
Out of more than 1,000 successful enrollments, Stoller says, he’s only encountered a handful of difficult cases. Most of these concern racial differences in eyes, he says. Certain ethnic groups have fewer natural differences across their irises. Such problems have significantly diminished, however, since the company began using the 4000 series.
Another challenge to enrollment has been convincing employees that the technology is safe, he says. Some employees have been concerned that the technology could damage their eyesight, he says. Others have feared that the digital pictures could be used to detect signs of drug use or alcohol consumption.
Before any enrollment, Stoller sends employees an e-mail describing the technology and providing the results of safety testing. Oracle also places posters with safety information in public areas; the posters include a number to call for further information. These measures have helped alleviate concerns, says Stoller.
The systems have proven relatively simple for employees to use. The scanners work when users are wearing contact lenses, he says, and with almost all glasses.
IBG predicts that iris technology will be the third most widely employed biometric technology in the next several years. The growth of the industry will stem mainly from national-security-oriented installations, such as at airports and border crossings, followed by smaller private-sector deployments.
By 2012, IBG predicts global annual revenue spent on iris recognition technology will reach $545 million. This projection compares to $1.6 billion in 2012 for fingerprint recognition technology and about $1 billion for facial recognition.