Notre Dame paper suggests federal researchers at NIST produced a flawed study, raising the possibility that changes to iris security protocols are needed.
Around the same time that Alphonse Bertillon argued that fingerprinting was a messy, inexact headache-causing procedure for policeman, the French criminologist had recognized the potential of identifying people based on the unique structure of their eyes. Bertillon, famous for his identification system that included the first applied use of the mug shot, chronicled the subtle differences in the structure of each iris in his 1892 paper Tableau de l'iris Humain.
Of course, there was a serious problem: The modern technology of Bertillon’s day was heavy on the ink and light on iris scanning equipment. Much to Bertillon’s annoyance, fingerprinting became the standard for identification. Even today, iris researchers use fingerprints.
“We use your iris like a fingerprint to identify a person,” said Notre Dame University Researcher Estafan Ortiz. “At least, that’s how I explain to my mom.”
Like this story? If so, subscribe to Government Technology's daily newsletter.
And more than 130 years later, the world is going the way of Bertillon. Iris scanning technology, which locates and then recognizes particular points in an iris, is considered to be one of the most secure ways to identify an individual. Already utilized by many high-end security systems, it’s expected to soon be offered to consumers as a feature on new smartphones, perhaps coming as early as April from Samsung.
But while it’s largely accepted that fingerprints remain constant throughout a lifetime, research by Ortiz and others is raising questions whether an iris can change over time.
“The research has shown the matches … tend to degrade [over a period of time],” Ortiz said.
If that proves true, it would be an important find for the aging American workforce and populace.
In a research paper on the subject released last year, the National Institute of Standards and Technology (NIST) found “no evidence of a widespread iris ageing affect.” The study is called the NIST IREX VI, and it found that pupil-dilation accounted for some variance, but not enough so to suggest an iris cannot be recognized over time.
But Ortiz, along with the chair of Notre Dame’s Department of Computer Science and Engineering, Kevin Bowyer, found three key problems with the NIST IREX IV:
Or, more simply: NIST has a different idea of what iris aging is compared to their colleagues, while their numbers and calculations are flawed.
“So say at 18, someone gets scanned,” Ortiz explained. “The question is whether time is a factor, so that maybe at age 30, that person’s iris’ templates have changed. We know that when we get older, our resting pupil is smaller. And research shows degrading.”
Researchers at NIST (which did not return requests for comment), have reportedly received the information and are studying it. The Notre Dame team also noted in its study that NIST’s Patrick Grother participated in “significant discussion” about the IREX VI study.
Finding the right answer could greatly impact the iris scanning protocol for decades. Established 100 years ago (partially as a response to the scientific advances in Europe at the time), NIST has crafted and legitimized fingerprinting protocols – protocols French criminologist Bertillon had opposed on the grounds they were too cumbersome.