If you hate having to carry a jangling bunch
of jailer's keys wherever you go, imagine how cool it would be if you
could unlock your door just by staring at it for a couple
of seconds! Iris scanning technology could soon make this kind of
thing completely routine. It's already being used in airports and
military bases where fast, reliable identification is vitally
important. Iris scans are the most accurate form of biometrics
(identity checking based on sophisticated body measurements)—far
superior as a form of identification to fingerprints (which can wear
out in time) or DNA profiling (which isn't instant). What
exactly are iris scans and how do they work? Let's take a closer
Photo: The eyes have it: computerized security systems can recognize you by decoding the unique patterns in your irises (the colored parts of your eyes). This handheld scanner is made by SecuriMetrics Inc. for the US military. Photo by Michael J. MacLeod courtesy of US Army, published on
under a Creative Commons Licence.
There are more people on Earth than ever before, owning more things, and
swapping more information every single day. Security has never been
more important but—ironically, thanks to the computing power at
everyone's disposal—never easier to crack. Traditionally, security
relies on things that are difficult to do quickly: locks are
physically difficult to bust open without the correct metal keys,
while information secured by encryption (computerized scrambling) is
hard to access without the right mathematical keys. But this kind of
security has a basic flaw: with the right key, even the wrong
person can quickly gain access.
Photo: Scanners can be made handheld and easily portable, like this one being used by the US Army, or wall-mounted for convenience in places like airports. Photo by Lewis Hilburn courtesy of US Army and DVIDS.
Most security experts think biometrics (body measurement) is the
answer. Instead of restricting access to things through
arbitrary locks and keys, we grant access to people if we can
positively identify them by measuring some unique pattern on their
body. If you think about it, an ordinary passport photo is a crude
example of biometrics. When the border guards look at your face and
compare it with your passport photo, what they're doing is intuitively
comparing two images. Is one nose bigger than another? Are the eyes
further apart? That's simple biometrics. The trouble is that
our faces change all the time and lots of people look very similar.
Fingerprints are a more reliable form of biometrics, but even they're
not infallible: illnesses and injuries, as well as basic wear-and-tear, can
alter the pattern of ridges on our fingers in time. Iris scans are a much more reliable way of
identifying people—simplying by taking quick photographs of their
What makes an iris scan unique?
The iris is the colored ring of muscle that opens and shuts the pupil of the eye
like a camera shutter. The colored pattern of our irises is
determined genetically when we're in the womb but not fully formed
until we're aged about two. It comes from a pigment called
melanin—more melanin gives you
browner eyes and less produces bluer eyes. Although we talk about people having "blue
eyes," "green eyes," "brown eyes," or whatever, in reality
the color and pattern of people's eyes is extremely complex and
completely unique: the patterns of one person's two eyes are quite different from
each other and even genetically identical twins have different iris patterns.
How does iris scanning work in practice?
To get past an iris-scanning system, the unique pattern of your eye has to be
recognized so you can be positively identified. That means there have
to be two distinct stages involved in iris-scanning: enrollment (the first time
you use the system, when it learns to recognize you) and verification/recognition (where you're checked on
Photo: The iris is the colored part of your eye around the dark pupil in the center. A "blue eye" like this has less melanin (brown pigment). If an iris scan can't identify key features clearly, a variety of image enhancement algorithms (mathematical ways of processing a digital image) can be used to make them stand out more clearly.
First, all the people the system needs to know about have to have their eyes
scanned. This one-off process is called enrollment. Each person stands in front of a camera and has their eyes digitally
photographed with both ordinary light and invisible infrared (a type
of light used in night vision systems that has a slightly longer
wavelength than ordinary red light). In iris recognition, infrared helps to
show up the unique features of darkly colored eyes that do not stand
out clearly in ordinary light. These two digital photographs are
then analyzed by a computer that removes unnecessary details (such as
eyelashes) and identifies around 240 unique features (about five
times more "points of comparison" as fingerprint systems use). These
features, unique to every eye, are turned into a simple, 512-digit
number called an IrisCode® that is stored, alongside your name and
other details, in a computer database. The enrollment process is
completely automatic and usually takes no more than a couple of
Photo: Enrollment involves having one or both of your irises scanned, usually up to three times.
Photo by Chris Willis courtesy of US Air Force published on
(as a US Government work).
Once you're stored in the system, it's a simple matter to check your identify.
You simply stand in front of another iris scanner and have your eye
photographed again. The system quickly processes the image and
extracts your IrisCode®, before comparing it against the hundreds,
thousands, or millions stored in its database. If your code matches
one of the stored ones, you're positively identified; if not, tough
luck! It either means you're not known to the system or you're not
whom you claim to be.
Enrollment and verification both involve photographing a person's iris and extracting its key features. Here's a simple outline
of the scanning process developed in the 1990s by computer scientist John Daugman:
A camera scans the person's eye and produces a digital image.
Image processing software attempts to isolate the iris by drawing two circles, one at its inner boundary (between the pupil and the iris) and the other at its outer boundary (known as the limbus, between the iris and the white, outer sclera). The inner boundary is relatively easy to detect, because it's generally a circle with a sudden change in brightness where the pupil gives way to the iris. A broadly similar process is used to find the outer boundary, though it has to allow for the likelihood of the eyelids blocking part of the iris.
Polar coordinates (concentric circles and radial lines from their origin) are then added to the image to define separate "zones of analysis," so that key features of the iris can be accurately located and compared in two-dimensional space. This system cleverly allows for the way the iris changes as the pupil grows (dilates) and shrinks (constricts) in different light conditions.
The pattern of light and dark areas in the iris is then converted into digital form using bandpass filters (crudely speaking, if the brightness in a given area is more than a certain amount, the filters might register a 1, otherwise they would register a 0), and, with a bit of mathematical juggling, this generates the unique, digital IrisCode®. A particular eye will generate roughly the same code whether its pupil is dilated or not.
Advantages and disadvantages of iris scans
The biggest advantage of iris scanning is its accuracy and reliability: it's
estimated to be at least ten times more accurate than fingerprinting (claimed to
produce around 1 in 1–2 million false matches, compared to fingerprints, which produce around 1 in 100,000,
according to a 2003 study by Britain's National Physical Laboratory),
though SRI (one developer of the technology) claims it can be "more than 1,000 times more accurate."
While fingerprints are constantly exposed and susceptible to damage, the iris is naturally protected
by the cornea (the eye's transparent front coating) and its
pattern seems to remain reliably unchanged for decades
(though not necessarily for life). Unlike fingerprint
scanners, which need direct contact and have to be kept spotlessly
clean, iris scans can be performed safely and hygienically at some
distance from the eye.
Photo: Enrollment using another handheld iris scanner, the HID SEEK (Secure Electronic Enrollment Kit), which combines iris and face recognition with a fingerprint scanner. Photo by Matthew Smith courtesy of Air Force and DVIDS.
The drawbacks of iris scanning include greater initial cost and the fact
that it's still a relatively untried technology (some trials, for
example, have found a much greater rate of false matches than
originally claimed). Although iris scanning works with people of all ages, it's notably
less accurate with very young children
(ages 1–4) than with adults. Civil liberties campaigners have also voiced
privacy concerns—that future iris-scanning technology could be developed that
will allow people to be tracked covertly (at a distance of some
meters) without either their knowledge or cooperation.
Privacy and security are also concerns. Supporters of biometric technology claim
that it automatically makes things like computer and ATM access more secure than traditional,
very vulnerable technologies, such as simple passwords and PIN numbers.
But critics have highlighted the risks of criminals compromising iris scanning security,
either by using high-resolution photographs of eyes or even (horrible though it sounds)
a person's dead eyeballs. The latest iris-scanning systems attempt to get around this by detecting
eye movements or seeing how a person's eyes change in different lighting conditions.
There's also the matter of hacking and data breaches, which are potentially more serious if the stolen information is biometric. If your fingerprints are stolen, and can then be used to access any other systems that use fingerprint access, what can you possibly do about it? You can't change your fingers the way you can change your house keys or your computer passwords. On the other hand, it's important to remember that biometric systems don't generally store raw biometric information. Iris scans, for example, are using an encoded pattern derived from your iris, not your iris itself, and even if this gets stolen, it's possible to generate a different iris code for the same person, which would be equivalent to changing the locks on your home after a burglary.
In summary, iris scans score highly for accuracy and security, reasonably highly for long-term effectiveness,
and moderately for ease of use and how happy users feel about them.
Who invented iris scans?
Here's a quick history of how iris scanning technology has developed.
1936: US opthalmologist Frank Burch suggests the idea of recognizing people
from their iris patterns long before technology for doing so is
1981: American opthalmologists Leonard Flom and Aran Safir discuss the idea
of using iris recognition as a form of biometric security, though
technology is still not yet advanced enough.
1987: Leonard Flom and Aran Safir gain US patent #4,641,349 for the basic concept of an
iris recognition system.
1994: US-born mathematician John Daugman (currently a professor of
computer science at Cambridge University, England) works with Flom
and Safir to develop the algorithms (mathematical processes) that
can turn photographs of irises into unique numeric codes. He is granted US
patent #5,291,560 for a "biometric personal identification system
based on iris analysis" the same year. Daugman is widely credited
as the inventor of practical iris recognition since his algorithm is used in
most iris-scanning systems.
1996: Lancaster County Prison, Pennsylvania begins testing iris
recognition as a way of checking prisoner identities.
1999: Bank United Corporation of Houston, Texas converts supermarket ATMs
to iris-recognition technology.
2000: Charlotte/Douglas International Airport in North Carolina and
Flughafen Frankfurt Airport in Germany become two of the first airports to
use iris scanning in routine passenger checks.
2006: Iris-scanning systems are installed at British airports, including
Heathrow, Gatwick, Birmingham, and Stansted. Privacy concerns notwithstanding, hundreds of thousands
of travelers voluntarily opt to use the machines to avoid lengthy passport-checking queues.
[PDF] Biometric Comparison Guide: A good introduction to iris recognition, face recognition, fingerprint, and other biometrics from leading manufacturer Iridian Technologies.
by John Daugman, American Scientist, Vol. 89, No. 4 (July-August 2001), pp. 326–333. A detailed but easy-to-understand, non-mathematical introduction.
[PDF] How iris recognition works by John Daugman, IEEE Transactions on Circuits and Systems for Video Technology, Vol. 14, No. 1, January 2004, pp. 21–30. A more detailed (and more mathematical) introduction.
Ageing eyes hinder biometric scans by Duncan Graham-Rowe. Nature, 25 May 2012. Research suggests iris patterns do change slowly over time, potentially undermining the security of iris scanning systems.
New York City Police Photograph Irises of Suspects by Ray Rivera and Al Baker. The New York Times, 15 November 2010. Police are now using iris scans to check the identity of suspects when they appear in court, but critics are concerned about the privacy and civil liberties issues this raises.
Biometrics For Dummies by Peter Gregory and Michael Simon. Dummies, 2009. A good overview to different types of biometrics with a practical feel (one part of the book is devoted to "getting started with biometrics").
↑ [PDF] Feasibility study on the use of biometrics in an entitlement scheme by Tony Mansfield, National Physical Laboratory, and Marek Rejman-Greene, BTexact Technologies, 2003, p14. This comparison is between the false match rate (the probability that your iris scan matches someone else's). The false non-match rate (the probability that you're not recognized from your own iris scan) was found to be roughly similar, 1 in 100, (though slightly better with iris scans). In this study, face recognition performed significantly worse than either fingerprints or iris scans (a false match rate of 1 in 1000 and a false non-match rate of 1 in 10).
"Tests have shown this purely iris-based solution to be more than 1,000 times more accurate than published fingerprint data." quoted in SRI International to Offer Iris Biometric-Embedded Products for Mobile B2B Applications, SRI Press Release, March 25, 2015 [Archived via the Wayback Machine].
Please do NOT copy our articles onto blogs and other websites
Articles from this website are registered at the US Copyright Office. Copying or otherwise using registered works without permission, removing this or other copyright notices, and/or infringing related rights could make you liable to severe civil or criminal penalties.