You are here: Home page > Tools, instruments, and measurement > Iris scans

The blue LCD screen of a  handheld iris scanner

Iris scans

If you hate having to carry a jangling bunch of jailer's keys wherever you go, imagine how cool it would be if you could unlock your door just by staring at it for a couple of seconds! Iris scanning technology could soon make this kind of thing completely routine. It's already being used in airports and military bases where fast, reliable identification is vitally important. Iris scans are the most accurate form of biometrics (identity checking based on sophisticated body measurements)—far superior as a form of identification to fingerprints (which can wear out in time) or DNA profiling (which isn't instant). What exactly are iris scans and how do they work? Let's take a closer look!

Photo: The eyes have it: computerized security systems can recognize you by decoding the unique patterns in your irises (the colored parts of your eyes). This handheld scanner is made by SecuriMetrics Inc. for the US military. Photo by Michael J. MacLeod courtesy of US Army, published on Flickr under a Creative Commons Licence.

Sponsored links

Contents

  1. Why use biometrics?
  2. What makes an iris scan unique?
  3. How does iris scanning work in practice?
  4. A closer look at iris scanning
  5. Advantages and disadvantages of iris scans
  6. Who invented iris scans?
  7. Find out more

Why use biometrics?

There are more people on Earth than ever before, owning more things, and swapping more information every single day. Security has never been more important but—ironically, thanks to the computing power at everyone's disposal—never easier to crack. Traditionally, security relies on things that are difficult to do quickly: locks are physically difficult to bust open without the correct metal keys, while information secured by encryption (computerized scrambling) is hard to access without the right mathematical keys. But this kind of security has a basic flaw: with the right key, even the wrong person can quickly gain access.

A handheld iris scanner in action

Photo: Scanners can be made handheld and easily portable, like this one being used by the US Army, or wall-mounted for convenience in places like airports. Photo by Lewis Hilburn courtesy of US Army and DVIDS.

Most security experts think biometrics (body measurement) is the answer. Instead of restricting access to things through arbitrary locks and keys, we grant access to people if we can positively identify them by measuring some unique pattern on their body. If you think about it, an ordinary passport photo is a crude example of biometrics. When the border guards look at your face and compare it with your passport photo, what they're doing is intuitively comparing two images. Is one nose bigger than another? Are the eyes further apart? That's simple biometrics. The trouble is that our faces change all the time and lots of people look very similar. Fingerprints are a more reliable form of biometrics, but even they're not infallible: illnesses and injuries, as well as basic wear-and-tear, can alter the pattern of ridges on our fingers in time. Iris scans are a much more reliable way of identifying people—simplying by taking quick photographs of their eyes!

What makes an iris scan unique?

The iris is the colored ring of muscle that opens and shuts the pupil of the eye like a camera shutter. The colored pattern of our irises is determined genetically when we're in the womb but not fully formed until we're aged about two. It comes from a pigment called melanin—more melanin gives you browner eyes and less produces bluer eyes. Although we talk about people having "blue eyes," "green eyes," "brown eyes," or whatever, in reality the color and pattern of people's eyes is extremely complex and completely unique: the patterns of one person's two eyes are quite different from each other and even genetically identical twins have different iris patterns.

Sponsored links

How does iris scanning work in practice?

To get past an iris-scanning system, the unique pattern of your eye has to be recognized so you can be positively identified. That means there have to be two distinct stages involved in iris-scanning: enrollment (the first time you use the system, when it learns to recognize you) and verification/recognition (where you're checked on subsequent occasions).

Identifying more features in a scanned iris using image enhancement algorithms.

Photo: The iris is the colored part of your eye around the dark pupil in the center. A "blue eye" like this has less melanin (brown pigment). If an iris scan can't identify key features clearly, a variety of image enhancement algorithms (mathematical ways of processing a digital image) can be used to make them stand out more clearly.

Enrollment

First, all the people the system needs to know about have to have their eyes scanned. This one-off process is called enrollment. Each person stands in front of a camera and has their eyes digitally photographed with both ordinary light and invisible infrared (a type of light used in night vision systems that has a slightly longer wavelength than ordinary red light). In iris recognition, infrared helps to show up the unique features of darkly colored eyes that do not stand out clearly in ordinary light. These two digital photographs are then analyzed by a computer that removes unnecessary details (such as eyelashes) and identifies around 240 unique features (about five times more "points of comparison" as fingerprint systems use). These features, unique to every eye, are turned into a simple, 512-digit number called an IrisCode® that is stored, alongside your name and other details, in a computer database. The enrollment process is completely automatic and usually takes no more than a couple of minutes.

Capturing an iris code during enrollment.

Photo: Enrollment involves having one or both of your irises scanned, usually up to three times. Photo by Chris Willis courtesy of US Air Force published on Flickr (as a US Government work).

Verification

Once you're stored in the system, it's a simple matter to check your identify. You simply stand in front of another iris scanner and have your eye photographed again. The system quickly processes the image and extracts your IrisCode®, before comparing it against the hundreds, thousands, or millions stored in its database. If your code matches one of the stored ones, you're positively identified; if not, tough luck! It either means you're not known to the system or you're not whom you claim to be.

A closer look at iris scanning

Scanned image of an eye with grid lines superimposed for iris and pupil recognition from US Patent 5,291,560 by John Daugman.

Artwork: Iris scanning superimposes a set of polar coordinates on a scanned image of the eye so that key features can be identified and converted into a robust IrisCode®. From US Patent #5,291,560: Biometric personal identification system based on iris analysis by John Daugman, courtesy of US Patent and Trademark Office.

Enrollment and verification both involve photographing a person's iris and extracting its key features. Here's a simple outline of the scanning process developed in the 1990s by computer scientist John Daugman:

  1. A camera scans the person's eye and produces a digital image.
  2. Image processing software attempts to isolate the iris by drawing two circles, one at its inner boundary (between the pupil and the iris) and the other at its outer boundary (known as the limbus, between the iris and the white, outer sclera). The inner boundary is relatively easy to detect, because it's generally a circle with a sudden change in brightness where the pupil gives way to the iris. A broadly similar process is used to find the outer boundary, though it has to allow for the likelihood of the eyelids blocking part of the iris.
  3. Polar coordinates (concentric circles and radial lines from their origin) are then added to the image to define separate "zones of analysis," so that key features of the iris can be accurately located and compared in two-dimensional space. This system cleverly allows for the way the iris changes as the pupil grows (dilates) and shrinks (constricts) in different light conditions.
  4. The pattern of light and dark areas in the iris is then converted into digital form using bandpass filters (crudely speaking, if the brightness in a given area is more than a certain amount, the filters might register a 1, otherwise they would register a 0), and, with a bit of mathematical juggling, this generates the unique, digital IrisCode®. A particular eye will generate roughly the same code whether its pupil is dilated or not.

Advantages and disadvantages of iris scans

The biggest advantage of iris scanning is its accuracy and reliability: it's estimated to be at least ten times more accurate than fingerprinting (claimed to produce around 1 in 1–2 million false matches, compared to fingerprints, which produce around 1 in 100,000, according to a 2003 study by Britain's National Physical Laboratory), though SRI (one developer of the technology) claims it can be "more than 1,000 times more accurate." [1] While fingerprints are constantly exposed and susceptible to damage, the iris is naturally protected by the cornea (the eye's transparent front coating) and its pattern seems to remain reliably unchanged for decades (though not necessarily for life). Unlike fingerprint scanners, which need direct contact and have to be kept spotlessly clean, iris scans can be performed safely and hygienically at some distance from the eye.

A HID SEEK handheld iris scanner being used for enrollment

Photo: Enrollment using another handheld iris scanner, the HID SEEK (Secure Electronic Enrollment Kit), which combines iris and face recognition with a fingerprint scanner. Photo by Matthew Smith courtesy of Air Force and DVIDS.

The drawbacks of iris scanning include greater initial cost and the fact that it's still a relatively untried technology (some trials, for example, have found a much greater rate of false matches than originally claimed). Although iris scanning works with people of all ages, it's notably less accurate with very young children (ages 1–4) than with adults. Civil liberties campaigners have also voiced privacy concerns—that future iris-scanning technology could be developed that will allow people to be tracked covertly (at a distance of some meters) without either their knowledge or cooperation.

Privacy and security are also concerns. Supporters of biometric technology claim that it automatically makes things like computer and ATM access more secure than traditional, very vulnerable technologies, such as simple passwords and PIN numbers. But critics have highlighted the risks of criminals compromising iris scanning security, either by using high-resolution photographs of eyes or even (horrible though it sounds) a person's dead eyeballs. The latest iris-scanning systems attempt to get around this by detecting eye movements or seeing how a person's eyes change in different lighting conditions. There's also the matter of hacking and data breaches, which are potentially more serious if the stolen information is biometric. If your fingerprints are stolen, and can then be used to access any other systems that use fingerprint access, what can you possibly do about it? You can't change your fingers the way you can change your house keys or your computer passwords. On the other hand, it's important to remember that biometric systems don't generally store raw biometric information. Iris scans, for example, are using an encoded pattern derived from your iris, not your iris itself, and even if this gets stolen, it's possible to generate a different iris code for the same person, which would be equivalent to changing the locks on your home after a burglary.

In summary, iris scans score highly for accuracy and security, reasonably highly for long-term effectiveness, and moderately for ease of use and how happy users feel about them.

Who invented iris scans?

Here's a quick history of how iris scanning technology has developed.

Sponsored links

Find out more

On this website

On other websites

Articles

Scientific/technical

News

Books

Patents

References

  1.     [PDF] Feasibility study on the use of biometrics in an entitlement scheme by Tony Mansfield, National Physical Laboratory, and Marek Rejman-Greene, BTexact Technologies, 2003, p14. This comparison is between the false match rate (the probability that your iris scan matches someone else's). The false non-match rate (the probability that you're not recognized from your own iris scan) was found to be roughly similar, 1 in 100, (though slightly better with iris scans). In this study, face recognition performed significantly worse than either fingerprints or iris scans (a false match rate of 1 in 1000 and a false non-match rate of 1 in 10). "Tests have shown this purely iris-based solution to be more than 1,000 times more accurate than published fingerprint data." quoted in SRI International to Offer Iris Biometric-Embedded Products for Mobile B2B Applications, SRI Press Release, March 25, 2015 [Archived via the Wayback Machine].

Please do NOT copy our articles onto blogs and other websites

Articles from this website are registered at the US Copyright Office. Copying or otherwise using registered works without permission, removing this or other copyright notices, and/or infringing related rights could make you liable to severe civil or criminal penalties.

Text copyright © Chris Woodford 2009, 2019. All rights reserved. Full copyright notice and terms of use.

Follow us

Rate this page

Please rate or give feedback on this page and I will make a donation to WaterAid.

Tell your friends

If you've enjoyed this website, please kindly tell your friends about us on your favorite social sites.

Press CTRL + D to bookmark this page for later, or email the link to a friend.

Cite this page

Woodford, Chris. (2009/2019) Iris Scans. Retrieved from https://www.explainthatstuff.com/how-iris-scans-work.html. [Accessed (Insert date here)]

More to explore on our website...

Back to top