Mohammed Murad, Iris ID
In recent years, biometric systems have moved from protecting only mission critical government facilities to being used by virtually any organisation that can afford access control, including hospitals, corporate offices, schools and small businesses. Across these sectors, end users typically choose between the top three biometric technologies – iris, facial and fingerprint recognition. However, over the past 18 months, the Covid-19 pandemic has upended the biometrics market, with users rapidly moving toward touchless solutions as part of an overall effort to slow the spread of the deadly virus.
Looking at the impact on each of these modalities, fingerprint technology – long a workhorse biometric used primarily with contact-based platforms – has seen declines in both usage and sales. The same is true for hand geometry readers,with the effectiveness of both modalities further hindered by people’s increased use of gloves. New contactless systems coming to the market create 3D models of a person’s fingerprints by illuminating the finger surfaces to detect shadows between ridges. And as a 2020 study by the US federal National Institute of Standards and Technology (NIST) found, other touchless devices have lacked the same accuracy as contact based fingerprint platforms1.
Meanwhile, facial recognition is touchless, and another NIST study showed that some of these systems can provide a 99.97% accuracy rate (similar to that of iris-based systems). However, personal protective equipment such as masks and goggles can interfere with accuracy: NIST found that when PPE covered 70% or more of a person’s face, errors of up to 50% were reported. However, a follow-up study released this year showed significant improvements in some algorithms,with the error rate dropping to 3% with the best-performing platforms. In comparison, iris recognition systems are generally considered the most accurate of the significant biometric technologies – and they are both touchless and unaffected by PPE wearing. Dirty or scarred fingers, tattoos, facial hair, makeup, glasses or contact lenses have no impact on iris-based technologies. However,one small academic study found that certain ocular diseases, including those related to Type II diabetes, may affect accuracy.
As a result, iris-based systems have been progressively adopted in a number of industry sectors. This article reviews the adoption of iris biometrics in these main markets, by enterprises ranging from the European Organisationf or Nuclear Research and Africa’s Dangote manufacturing group, to the Canadian Border Services Agency and America’s Georgia Southern University.
Access control: CERN
For the past 50 years, organisations large and small have used electronic access control systems, combining door-mounted readers with plastic credentials to protect their facilities. It’s been a good pairing, especially compared to the mechanical key locks they replaced. However, cards can be lost, stolen or loaned to an unauthorised person. The still widely used Wiegand protocol lacks signal encryption between cards and readers, making it easy for hackers to produce a useable clone of a card. And it’s costly for facilities to buy, store and print hundreds –
or thousands – of plastic access cards annually.
Iris-based access control systems are straightforward to use and, unlike plastic cards, cannot be shared with another person. The technology’s accuracy makes it suitable for business critical locations such as data centres, executive offices and areas storing valuable components. Registering a person takes about two minutes and once approved, employees can gain access in under one second.
Using iris recognition, an employee in one facility can also access another company location on the same network without carrying a card or remembering a PIN. Iris readers add two-factor authentication when integrated with a traditional access control system, and the top
iris-based systems already integrate with leading access control platforms.
One example site that uses integrated iris recognition technology for access control is the European Organisation for Nuclear Research (better known by its French acronym of CERN), which operates the world’s largest particle physics laboratory along the French-Swiss border. Integrated technologies have been used for more than a dozen years at two of CERN’s main facilities, the Proton Synchrotron accelerator and the Large Hadron Collider (LHC).The LHC, located 100 metres below ground, is accessed at various points via small airlocks. As employees walk in, infrared beams measure movements and trigger an alarm if more than one person is detected. A pad on the floor also alarms if it senses abnormal weight variations.
Inside the airlock, scientists and other CERN employees look into an iris recognition reader for identity authentication. If there is a match with a registered iris, a second door opens, allowing access into a restricted area. The extra precautions eliminate a process known as ‘piggybacking’, during which multiple people enter a location on a single credential or iris read.
It is unrealistic to expect plastic credentials to disappear any time soon, but it’s apparent that more security directors are looking at iris-based solutions to provide secure protection with convenience and lower costs.
Time & attendance: Dangote Group
Keeping track of the time employees work is a relatively recent use of iris technology. A range of time & attendance providers now supply iris recognition-based platforms that can offer accuracy, speed and simple operation. Employees require one second to authenticate their ID from distances of up to 24 inches. Platforms with open operating systems can accommodate hundreds of current time & attendance applications, while organisations of various sizes design custom apps.
The Nigerian-based Dangote Group, one of Africa’s leading manufacturing conglomerates, currently uses a touchless iris system at five cement manufacturing plants employing more than 35,000 people. A company executive has stated that the iris solution is more accurate than
a previously used facial recognition system.
Via the corporate network, iris-based readers connect these manufacturing sites with Dangote’s human resources department at its headquarters in Lagos, enabling it to compute the payroll. The iris-based readers also eliminate the payroll fraud known as ‘buddy punching’, where one employee punches in or out for an absent friend. Studies show that this practice, which is simple to carry out with written timesheets or many plastic credentials, costs employers millions of dollars annually.
A range of healthcare organisations use iris identity authentication systems to control access to critical areas such as pharmacies, records rooms and nuclear medicine departments. Hospitals use mounted and handheld contactless devices in a highly regulated industry, to ensure patients receive the correct treatments and drugs. Iris biometric systems enable faster identification when time is of the essence and a patient can’t provide documentation. Iris biometrics also offers a reliable way to identify which patients and visitors have completed vaccines.
The use of iris checks can also help block insurance fraud and reduce clerical errors such as duplicate files or mistakes based on common names. It’s easy to see how mistakes can happen when identification is based solely on a person’s name and birth date: one large Houston-area
healthcare system reported having 138,000 patients with the same names and birthdates. Of those, 2,833 were named Maria Garcia – with 528 sharing the exact date of birth.
One current project, in one significantly under-served part of an African country, is using iris recognition to link medical professionals and clinics to provide healthcare services. Here, many young citizens lack government identification, share similar names and/or have uncertain birthdays. Proper medical attention is complicated as these young people receive treatments and vaccinations at multiple clinics, leading to redundant, although incomplete, medical records.
The use of portable iris-based systems has allowed patients to register at most remote clinics. A permanent identity record is created for each patient, eliminating duplicate medical records. Patient health is improved and the project saves money and lives by not having to repeat tests or administer inaccurate dosages due to incomplete records. The system works equally well for young children and adults.
Law enforcement: Nexus
Law enforcement agencies have used iris-based biometrics for a number of daily operations. In the US, for example, iris readers integrated into modular electronic asset lockers have been used to ensure that only authorised personnel can access weapons, evidence and other valuable property. Readers have also been deployed to manage the suspect intake procedure – by accurately establishing who is being booked and later transported to a court or released from jail. Submitting a suspect’s iris patterns to state and federal criminal databases enables a local agency to discover if the person has outstanding warrants in other locations.
Other applications include national police organisations using handheld iris-based biometric devices to identify people in areas such as airports and train stations. Self-service kiosks, with embedded iris cameras, are also being used at international border crossings to enable authorised non-residents to enter a country.
Airports commonly use iris biometrics to move passengers more quickly through security and customs checkpoints. A good example is Nexus, a joint programme between the Canadian Border Services Agency and the US Customs and Border Protection, which provides self-service kiosks to check airline passengers through customs at nine major Canadian airports. Biometric tech firm CLEAR manages the expedited security clearances for enrolled passengers using iris-based technology. Similar systems are in use at major airports in Europe and the Middle East.
Voter registration: Somaliland
A number of countries and territories are using iris biometrics to register voters and later confirm citizen identity during elections. One example is Somaliland, an autonomous region of Somalia on the Horn of Africa, which regarded free and fair elections as a key element
in gaining international recognition as an independent country. The territory initially tried fingerprint technology but this did not provide a good-quality image for a sizable number of residents who had scarred fingers from life in a rural economy.
Somaliland instead tested an iris-based system by enrolling a list of 1,062 potential voters and intentionally seeding it with 457 duplicates. The software correctly identified each duplicate record. Somaliland’s National Elections Commission purchased 350 portable kits, including an iris scanner, flash and a tripod. In many cases, the commission’s personnel met citizens in the very remote, rural areas where they live. This June, Somaliland completed its first parliamentary elections in 16 years.
One key factor in comparing biometric modalities is the level of privacy they offer. Among the top three biometric technologies, iris recognition is the only one that requires a person to opt-in. People can leave fingerprints on hard surfaces that police and others can collect and compare to existing law enforcement, corporate or other databases. Facial recognition systems too can use sources such as social media or public records to identify people seen in live and recorded surveillance video – again unknown to those involved. A number of major US cities and counties have now banned law enforcement use of this technology.
By comparison, people are aware when they have enrolled in an iris-based biometric system. This technology can also heighten privacy when used to positively identify a person’s request to access sensitive online personal data.
Biometrics have changed our lives, from the way we enter office buildings, record the hours we work, receive medical care or buy lunch on a college campus. And while most attention is paid to fingerprint, facial and iris recognition, other biometric technologies are used daily,
though most offer niche solutions.
Voice biometrics authenticate a person’s identity for telephone and internet transactions, such as remote access to websites and networks. A handwriting biometric can authenticate signatures on business transactions, while workstations can use typing rhythms to ensure only authorised people gain access. Vein recognition often serves as a part of employee time & attendance systems.
DNA, found in blood, saliva, skin, tissue and hair, is used by law enforcement to connect suspects to a crime, or by healthcare professionals checking for disease markers. The technology has the unique ability to detect familial relationships. But while it is the most accurate at
identifying people, except for genetic twins, the time it takes to get results is a significant roadblock to mainstream adoption. Today’s fastest systems need 90 minutes to confirm or denyidentity, which is too slow for many needs.
Ultimately, the choice of a biometric technology should rest on accuracy, speed, convenience and versatility. These benefits are all offered by iris-based identity authentication systems.