The Eyes Have It

Iris recognition software transformed the Charlotte/Douglas International Airport's process of positively identifying airport personnel.

by / July 29, 2003
Sometimes you don't know what you've been missing until it's in front of your eyes. A few years ago, EyeTicket approached the Charlotte/Douglas International Airport in North Carolina with a pitch to test the company's iris recognition technology and improve the airport's security process.

At that time, the airport used a manual security process to identify individuals. When security is the issue, though, the manual process may not be the most reliable system, said Airport Director Jerry Orr. "At the checkpoint, it was a manual recognition system, and we had ID badges that had your picture on them," Orr said. "So a person would have to look at the ID badge, look at you and make that match."

So when EyeTicket talked to the Charlotte/Douglas airport about using EyePass, the airport was willing to listen. "EyeTicket [was] looking for a place to demonstrate their technology," Orr said. "We're always anxious to look at new things."

The Naked Eye
Iris recognition technology biometrically identifies individuals based on the unique patterns in their irises. Compared to other biometric identification techniques, such as fingerprinting and facial recognition, iris recognition is a more reliable way to identify an individual.

"There's an abundance of detail in the iris," said Stewart Mann, chairman and CEO of EyeTicket. "It provides a much more positive identification than any other human feature."

No two irises are alike, even between one individual's two eyes. Because they remain the same for life, it's the best way to confirm a person's identity, Mann said.

For $20,000, the company installed its new EP-4 iris recognition security portals at four airport gates.

"EP-4 is an automated turnstile arrangement. It's meant to be in unattended locations, meaning there's nothing but a gate there," Mann said. "It's positioned right at the security checkpoint going onto the concourses. So you effectively have a turnstile, camera and very sophisticated software. All of it is networked to a central server."

Airport employees must first be entered into the system via a simple enrollment process. The first step is the enrollment algorithm, which records information from the initial iris scan.

"It captures the detail of the iris," Mann said. "The software analyzes it and assigns a 512-byte binary code. We store it as an iris code and then associate it with whatever permissions the customer wants you to have."

In this case the airport furnished the company with specific permissions for specific employees. "[EyeTicket] maintains the database," Orr said. "We have control of who can do what. We tell [them] this person has this level of access and can go here, here or here."

The second algorithm, the recognition algorithm, functions when someone actually walks through the access point, which then scans the eye and recognizes the employee -- a process that takes only seconds.

"From then on, we generate a new, real-time iris code," said Mann. "It calls the server, the server identifies you, and then we say, 'Well, Catherine is here. Do we print a ticket? Do we charge her money? Do we open the gate? If we can open the gate, is she permitted to go in at this time? And can she go in at this gate?'"

Each time the system recognizes someone, the information is stored in its browser-based application software, which customers can monitor as much as they want.

"Administrators and the client can look at [the data from various] locations on the network," Mann said. "It's all component software, so we can provide certain functionalities for any customer based on need."

A Blind Eye
The system is currently enjoying a successful run at the airport, allowing employees to enter permissible locations separately from passengers, which reduces congestion.

Unfortunately the road to success was a little rough when it began more than three years ago. In spring 2000, EyeTicket met with the Federal Aviation Administration (FAA) for approval of the pilot project. More specifically, the FAA needed to ensure that the technology met legal requirements.

In 2000, EyeTicket met a few times with Rear Admiral Cathal Flynn when he was the associate administrator for civil aviation security at the FAA, said Mann. "We asked him to clear the way for us to do a pilot program."

The purpose was to test the technology as it scanned the irises of airport employees, flight crews and Transportation Security Administration (TSA) personnel, among others, to determine their access permissions.

"The initial program was only scheduled to be one door and maybe 100 people," Mann said. "But as we were ramping up to do it, in April 2000, the GAO [General Accounting Office] came through the airport and found some big gaps in access control -- particularly in the identification of people."

Part of the problem the GAO discovered was "piggybacking" -- when more than one person clears a gate after only one person has permission to do so -- and as a result of the GAO's findings, the pilot was expanded.

"Ultimately we installed three doors at Charlotte/Douglas that were all anti-piggybacking portals, which included not just the cameras and software, but [also] specialized doors," Mann said.

The pilot program ran successfully for about 17 months. The system ran approximately 400,000 transactions with no security breaches or identification faults. It also gained support from Congress, with separate funding requests coming from the House of Representatives in April 2001, and the Senate in May 2001 for $2.75 million each.

"It was very well received, and we had some good champions in the legislative end," Mann said. "[We] had good requests for appropriations to at least designate some money to scale this in Charlotte."

It was at this time, as support for the technology was coming from many different directions and it seemed the system might become a fixture at the airport, that the attacks of Sept. 11 happened. The Charlotte/Douglas airport was forced to end the pilot.

"On about the 13th [of September], they asked us to deactivate the doors the pilots and flight crews used," said Mann. "Of course we agreed to do it. We objected to it, but we agreed to."

Just a few days later, the order came to remove all remaining doors, officially signaling the end of the partnership. Airport officials said they understood the usefulness of the iris-scan security technology, but their hands were tied.

"We were getting almost daily directives from FAA security people, and we just needed to get in step with the FAA," Orr said. "Every time they wanted a change in security procedure, they'd send you a notification that you needed to do place guards here or lock these doors."

Using the iris recognition technology was not explicitly forbidden by the FAA, but the airport was unwilling to continue using the technology because officials said they wanted to comply with FAA security directives.

"It was clear at the time we needed to deal with all FAA directives, and we didn't have the time and resources to deal with another level of stuff, which the iris scan was," said Orr. "So even though it provides an opportunity and it is available technology, it wasn't viewed as that by the FAA."

The Eye of the Beholder
Even though the airport and EyeTicket were forced to end the pilot, the company pursued another relationship with the airport to permanently install the iris-scanning technology.

Any permanent deal would have to be approved by the TSA since the TSA has assumed responsibility for all security aspects of transportation, and the agency was not fully convinced iris recognition is a viable option for airport security. Officials of Charlotte/Douglas and EyeTicket visited the TSA in spring 2002 to lay out their case supporting the use of the technology and sought permission to install the iris-scan technology in the airport. The agency eventually granted that permission, and with full support from the TSA, EyeTicket installed the system at four checkpoints.

Orr said when there's a need to positively identify a person -- a basic tenet of security -- there's an opportunity to use new technologies, and despite the cost to the airport, he said he considers it more of an investment than an expense.

"It's an investment in helping TSA to move more quickly along the technology trail," he said. "The payback for us will be better and quicker service for our customers."

Catherine Pickavet is a freelance writer living and studying in New York City.