
Iris scans
by Chris Woodford. Last updated: April 4, 2022.
If you hate having to carry a jangling bunch
of jailer's keys wherever you go, imagine how cool it would be if you
could unlock your door just by staring at it for a couple
of seconds! Iris scanning technology could soon make this kind of
thing completely routine. It's already being used in airports and
military bases where fast, reliable identification is vitally
important. Iris scans are the most accurate form of biometrics
(identity checking based on sophisticated body measurements)—far
superior as a form of identification to fingerprints (which can wear
out in time) or DNA profiling (which isn't instant). What
exactly are iris scans and how do they work? Let's take a closer
look!
Photo: The eyes have it: computerized security systems can recognize you by decoding the unique patterns in your irises (the colored parts of your eyes). This handheld scanner is made by SecuriMetrics Inc. for the US military. Photo by Michael J. MacLeod courtesy of US Army, published on
Flickr
under a Creative Commons Licence.
Why use biometrics?
There are more people on Earth than ever before, owning more things, and
swapping more information every single day. Security has never been
more important but—ironically, thanks to the computing power at
everyone's disposal—never easier to crack. Traditionally, security
relies on things that are difficult to do quickly: locks are
physically difficult to bust open without the correct metal keys,
while information secured by encryption (computerized scrambling) is
hard to access without the right mathematical keys. But this kind of
security has a basic flaw: with the right key, even the wrong
person can quickly gain access.

Photo: Scanners can be made handheld and easily portable, like this one being used by the US Army, or wall-mounted for convenience in places like airports. Photo by Adaecus G. Brooks courtesy of US Army.
Most security experts think biometrics (body measurement) is the
answer. Instead of restricting access to things through
arbitrary locks and keys, we grant access to people if we can
positively identify them by measuring some unique pattern on their
body. If you think about it, an ordinary passport photo is a crude
example of biometrics. When the border guards look at your face and
compare it with your passport photo, what they're doing is intuitively
comparing two images. Is one nose bigger than another? Are the eyes
further apart? That's simple biometrics. The trouble is that
our faces change all the time and lots of people look very similar.
Fingerprints are a more reliable form of biometrics, but even they're
not infallible: illnesses and injuries, as well as basic wear-and-tear, can
alter the pattern of ridges on our fingers in time. Iris scans are a much more reliable way of
identifying people—simplying by taking quick photographs of their
eyes!
What makes an iris scan unique?
The iris is the colored ring of muscle that opens and shuts the pupil of the eye
like a camera shutter. The colored pattern of our irises is
determined genetically when we're in the womb but not fully formed
until we're aged about two. It comes from a pigment called
melanin—more melanin gives you
browner eyes and less produces bluer eyes. Although we talk about people having "blue
eyes," "green eyes," "brown eyes," or whatever, in reality
the color and pattern of people's eyes is extremely complex and
completely unique: the patterns of one person's two eyes are quite different from
each other and even genetically identical twins have different iris patterns.
How does iris scanning work in practice?
To get past an iris-scanning system, the unique pattern of your eye has to be
recognized so you can be positively identified. That means there have
to be two distinct stages involved in iris-scanning: enrollment (the first time
you use the system, when it learns to recognize you) and verification/recognition (where you're checked on
subsequent occasions).

Photo: The iris is the colored part of your eye around the dark pupil in the center. A "blue eye" like this has less melanin (brown pigment). If an iris scan can't identify key features clearly, a variety of image enhancement algorithms (mathematical ways of processing a digital image) can be used to make them stand out more clearly.
Enrollment
First, all the people the system needs to know about have to have their eyes
scanned. This one-off process is called enrollment. Each person stands in front of a camera and has their eyes digitally
photographed with both ordinary light and invisible infrared (a type
of light used in night vision systems that has a slightly longer
wavelength than ordinary red light). In iris recognition, infrared helps to
show up the unique features of darkly colored eyes that do not stand
out clearly in ordinary light. These two digital photographs are
then analyzed by a computer that removes unnecessary details (such as
eyelashes) and identifies around 240 unique features (about five
times more "points of comparison" as fingerprint systems use). These
features, unique to every eye, are turned into a simple, 512-digit
number called an IrisCode® that is stored, alongside your name and
other details, in a computer database. The enrollment process is
completely automatic and usually takes no more than a couple of
minutes.

Photo: Enrollment involves having one or both of your irises scanned, usually up to three times.
Photo by Chris Willis courtesy of US Air Force published on
Flickr
(as a US Government work).
Verification
Once you're stored in the system, it's a simple matter to check your identify.
You simply stand in front of another iris scanner and have your eye
photographed again. The system quickly processes the image and
extracts your IrisCode®, before comparing it against the hundreds,
thousands, or millions stored in its database. If your code matches
one of the stored ones, you're positively identified; if not, tough
luck! It either means you're not known to the system or you're not
whom you claim to be.
Advantages and disadvantages of iris scans
The biggest advantage of iris scanning is its accuracy and reliability: it's
estimated to be at least ten times more accurate than fingerprinting (claimed to
produce around 1 in 1–2 million false matches, compared to fingerprints, which produce around 1 in 100,000,
according to a 2003 study by Britain's National Physical Laboratory),
though SRI (one developer of the technology) claims it can be "more than 1,000 times more accurate."
[1]
While fingerprints are constantly exposed and susceptible to damage, the iris is naturally protected
by the cornea (the eye's transparent front coating) and its
pattern seems to remain reliably unchanged for decades
(though not necessarily for life). Unlike fingerprint
scanners, which need direct contact and have to be kept spotlessly
clean, iris scans can be performed safely and hygienically at some
distance from the eye.

Photo: Another view of the US Army's handheld iris scanner, made by SecuriMetrics Inc. Photo by Jason T. Bailey courtesy of US Army.
The drawbacks of iris scanning include greater initial cost and the fact
that it's still a relatively untried technology (some trials, for
example, have found a much greater rate of false matches than
originally claimed). Although iris scanning works with people of all ages, it's notably
less accurate with very young children
(ages 1–4) than with adults. Civil liberties campaigners have also voiced
privacy concerns—that future iris-scanning technology could be developed that
will allow people to be tracked covertly (at a distance of some
meters) without either their knowledge or cooperation.
Privacy and security are also concerns. Supporters of biometric technology claim
that it automatically makes things like computer and ATM access more secure than traditional,
very vulnerable technologies, such as simple passwords and PIN numbers.
But critics have highlighted the risks of criminals compromising iris scanning security,
either by using high-resolution photographs of eyes or even (horrible though it sounds)
a person's dead eyeballs. The latest iris-scanning systems attempt to get around this by detecting
eye movements or seeing how a person's eyes change in different lighting conditions.
There's also the matter of hacking and data breaches, which are potentially more serious if the stolen information is biometric. If your fingerprints are stolen, and can then be used to access any other systems that use fingerprint access, what can you possibly do about it? You can't change your fingers the way you can change your house keys or your computer passwords. On the other hand, it's important to remember that biometric systems don't generally store raw biometric information. Iris scans, for example, are using an encoded pattern derived from your iris, not your iris itself, and even if this gets stolen, it's possible to generate a different iris code for the same person, which would be equivalent to changing the locks on your home after a burglary.
In summary, iris scans score highly for accuracy and security, reasonably highly for long-term effectiveness,
and moderately for ease of use and how happy users feel about them.
Who invented iris scans?
Here's a quick history of how iris scanning technology has developed.
- 1936: US opthalmologist Frank Burch suggests the idea of recognizing people
from their iris patterns long before technology for doing so is
feasible.
- 1981: American opthalmologists Leonard Flom and Aran Safir discuss the idea
of using iris recognition as a form of biometric security, though
technology is still not yet advanced enough.
- 1987: Leonard Flom and Aran Safir gain US patent #4,641,349 for the basic concept of an
iris recognition system.
- 1994: US-born mathematician John Daugman (currently a professor of
computer science at Cambridge University, England) works with Flom
and Safir to develop the algorithms (mathematical processes) that
can turn photographs of irises into unique numeric codes. He is granted US
patent #5,291,560 for a "biometric personal identification system
based on iris analysis" the same year. Daugman is widely credited
as the inventor of practical iris recognition since his algorithm is used in
most iris-scanning systems.
- 1996: Lancaster County Prison, Pennsylvania begins testing iris
recognition as a way of checking prisoner identities.
- 1999: Bank United Corporation of Houston, Texas converts supermarket ATMs
to iris-recognition technology.
- 2000: Charlotte/Douglas International Airport in North Carolina and
Flughafen Frankfurt Airport in Germany become two of the first airports to
use iris scanning in routine passenger checks.
- 2006: Iris-scanning systems are installed at British airports, including
Heathrow, Gatwick, Birmingham, and Stansted. Privacy concerns notwithstanding, hundreds of thousands
of travelers voluntarily opt to use the machines to avoid lengthy passport-checking queues.
- 2017: Samsung offers iris scan security on its S8 Galaxy phone but, just two months
after its introduction,
German hackers
discover how to crack it.
Please do NOT copy our articles onto blogs and other websites
Articles from this website are registered at the US Copyright Office. Copying or otherwise using registered works without permission, removing this or other copyright notices, and/or infringing related rights could make you liable to severe civil or criminal penalties.
Text copyright © Chris Woodford 2009, 2019. All rights reserved. Full copyright notice and terms of use.