5 Ways Biometric Security Will Redefine Mobile Phone Authentication

The following is a guest post submitted to M2SYS by Nasrullah Patel

You may be aware of the term “biometrics” – an evolving technology used for identity authentication and access privilege. The word biometrics is derived from the Greek language where bio stands for life and metrics for measure. Biometric security technology was first made commercial in the year 1970. It has become intrinsic for almost all security technologies ranging from government and military standpoints to private organizations, healthcare, and the telecom sector.

Mobile devices play a significant role in everyday life, not only for communicating with others but also used for entertainments and social relationships. Along with the increase in the usage of mobile devices like smartphones, tablet PCs, laptops, and other portable devices, the growth of confidential data like (bank accounts, personal and official e-mails, photographs, video) that these mobile devices store is also increasing. Currently, biometric security is one of the best authentication solutions to raise security within the mobile environment and there are plenty of examples of integrating biometric technology via Mobile App Development that includes; mobile voting, banking, and performing online transactions.

Continue reading →

The Difference between the Iris and the Retina and Why It’s Important In Biometric Identification

Importance of the differences between iris and retina biometrics

Iris recognition is a widely adapted biometric modality for use in border control, national ID, and (shown here) patient identification in healthcare

Iris recognition and retinal scanning are both very reliable modalities for biometric identification. However, both possess different characteristics that have a strong impact on their performance based on the environment and deployment purpose. Both biometric modalities use contactless scanners, but there are notable differences between iris recognition and retinal scanning; one being that iris recognition is considered non-invasive, and retinal scanning as invasive because it beams visible light into the eyes during the scanning process.

These biometric identification technologies are often misunderstood and incorrectly assumed to be one in the same despite their distinct differences. In this post, we will discuss the differences between iris recognition and retinal scanning.

Continue reading →

Iris recognition Vs. Palm Vein Biometrics – How do they compare?

The biometric technology used in iris recognition takes a digital photograph of the iris using safe, non-visible near-infrared technology, capturing more than 250 data points for identification

The biometric technology used in iris recognition takes a digital photograph of the iris using safe, non-visible near-infrared technology, capturing more than 250 data points for identification

If you are somewhat familiar with biometric technology and its use around the world, you probably recognize that iris recognition and palm vein biometrics are two completely different modalities, but did you know that they share some common characteristics? To begin with, both iris recognition and palm vein biometrics are biometric modalities used in identification and authentication of an individual. Iris recognition biometrics uses a detailed photographic image of the iris for identification whereas palm vein biometrics captures an image of the pattern of the veins under the skin of the palm for identification. Both of these biometric modalities are very effective and their implementations are determined by the environments each one is most suitable for.

Let’s take a look at these modalities and how they compare to each other in terms of functionality:
Continue reading →

Common Misunderstandings between Iris Recognition and Retina Scanning

Retinal Scanning and Iris Recognition: Are they different?

The colored section of the eye is known as the iris.

The biometric technology used in iris recognition takes a digital photograph of the iris using safe, non-visible near-infrared technology

Biometric identification management hardware modalities have different characteristics that often have a strong impact on their performance and acceptability by end users. You probably already know about the differences between fingerprint identification and finger-vein biometrics – fingerprint biometrics relying on an external physiological characteristic and finger vein biometrics use the vascular, internal vein patterns of the fingers for individual identification. Continue reading →

Iris Scanners and Recognition: A Biometric Identification Technique for Airport Security Systems

iris biometrics for airport security

Iris recognition for airport security is becoming more prevalent around the globe.

This informative post is brought to you by ADAGOLD, an Australian-based Global Aviation specialist that has been providing market leading aircraft charter solutions.

Iris scanners are used to detect recognition of an individual’s identity by analyzing the random patterns that visibly appear inside a person’s iris from a certain distance. The technology combines optics, statistical conclusions, pattern recognition, and computer vision.

Among virtually every scanner and biometric device that’s available today, it’s agreed that iris recognition technology is by far the most accurate. The technique itself is relatively new, only in existence since 1994.
Continue reading →

NIST Research Suggests Iris Recognition Usable for Decades after Initial Enrollment

iris recognition proved by NIST to be be stable biometric modality

New research from The National Institute of Standards and Technology refutes earlier claims that the human iris ages over time.

Ever since researchers at the University of Notre Dame released a report that raised questions about iris recognition systems and the integrity of the iris itself over time, the biometrics industry and pundits have been in a bit of a tizzy over whether the modality truly lives up to it’s reputation as a stable physiological biometric characteristic. In July of 2012, Notre Dame researchers claimed that:

“The biometric community has long accepted that there is no ‘template aging effect’ for iris recognition, meaning that once you are enrolled in an iris recognition system, your chances of experiencing a false non-match error remain constant over time. This was sometimes expressed as ‘a single enrollment for life.’ Our experimental results show that, in fact, the false non-match rate increases over time, which means that the single enrollment for life idea is wrong. The false match rate is how often the system says that two images are a match when in truth they are from different persons. The false non-match rate is how often the system says that two images are not a match when in truth they are from the same person.”

Although the researchers went on to say that they “don’t foresee this again effect as a major problem for security systems moving forward,” it nonetheless sent a jolt through the biometrics industry and triggered iris recognition vendors to scramble with a response, many questioning the validity of the researchers’ claims.

Fast forward to August 2013 when a new report by researchers at The National Institute of Standards and Technology (NIST) said, “not so fast.” Using data from thousands of frequent travelers enrolled in an iris recognition program, they determined that no consistent change occurs in the distinguishing texture of their irises for at least a decade. These findings inform identity program administrators on how often iris images need to be recaptured to maintain accuracy.

Using anonymous data from millions of transactions from NEXUS, a joint Canadian and American program used by frequent travelers to move quickly across the Canadian border as well as a mixed effects regression model for its ability to capture population-wide aging and individual-specific aging and to estimate the aging rate over decades, NIST identified pupil dilation, not aging irises, as the primary cause behind the false rejection rates. When NIST researchers accounted for the dilation effect, they did not observe a change in the texture or aging effect. Some iris cameras normalize dilation by using shielding or by varying the illumination.

This new research should provide somewhat of a relief for iris recognition biometric vendors who have long claimed that the iris provides one of the most stable biometric identifiers and the technology as one of the most accurate modalities in the industry. Thanks to the NIST team for pursuing this issue and putting forth the time and the effort to examine it more thoroughly.

What are your thoughts on the accuracy and aging of the iris? Do you agree with the NIST research results?

Iris Biometrics to Replace Magnetic Stripe College Student ID Cards

iris biometrics are used to replace magnetic stripe ID cards, PINS and passwords

Iris biometrics are an increasingly popular biometric modality to replace magnetic stripe ID cards, PINS, and passwords.

We’ve seen it happen again and again in the identification industry. More employers and educational institutions are adopting biometric identification technology to replace antiquated mag stripe ID cards, PINS, and passwords which are susceptible to being swapped or stolen, and incur an expense if they need to be replaced or reset.

The latest story comes to us from Winthrop University who has embarked on a project to, “replace existing identification cards issued with magnetic stripes” with iris biometrics which requires only a quick scan to grant access to a building or room. University officials were inspired to investigate using iris biometrics after seeing a local school using the technology to authorize parents picking up their kids from day care.

In addition, University officials opted not to use biometric fingerprint technology, which requires physical contact with a hardware device leaving open the possibility of spreading germs and illness. Iris biometrics is well known in the industry as a clean, hygienic biometric modality that does not require any physical contact to scan and read an individual. This is a very important characteristic to recognize for iris biometrics, particularly in environments where germs and illness are easily spread such as health care.

It’s also important to note that although iris biometrics readers are more expensive than magnetic stripe readers, the return on investment over the long term is higher when you factor in the expense of producing and replacing mag stripe cards, plus the expenses and risks incurred due to fraud and waste from swapping and sharing these cards. Not to mention the proven accuracy of iris biometrics, where the chances of two irides being the same are 10⁷⁸.

If you are investigating using biometrics for identificaiton to replace mag stripe cards, PINS, or passwords, take the time to learn more about iris biometrics as a viable modality for your next deployment.

What other advantages do you feel that iris biometrics offers?


Black Hat Iris Biometrics Attacks Don’t Tell The Whole Story

An iris biometrics expert clarifies the truth behind the technology in response to the Black Hat conference paper claiming to have hacked an iris template, recreated the image and fooled a recognition system

Is it really that easy to re-engineer an iris image? Not so fast…

Planet Biometrics released an article today “Iris attacks no surprise to iris recognition inventor” which details an interview with John Daugman, Professor of Computer Vision and pattern Recognition at Cambridge in response to the recent Black Hat conference paper that hacked into an iris system and re-engineered images to fool a recognition device.  Professor Daugman is credited with developing and patenting the first algorithm for iris recognition which is still widely used across the world.

Professor Daugman acknowledges in the article:

“This is a classic ‘hill-climbing’ attack that is a known vulnerability for all biometrics….the vulnerability in question, which involves using an iterative process to relatively quickly reconstruct a workable iris image from an iris template, is a classic “hill-climbing” attack that is a known vulnerability for all biometrics.”

The primary vulnerability in the Black Hat conference paper was the full disclosure and access to the Iris Code template, as well as having the ability “to generate an IrisCode template from an image, and to do so repeatedly and iteratively.” In other words, without access to the encoding algorithm or to a hardware device that implements it, the “attack” would not have been possible. Be that as it may, the Black Hat scientists did have access to the encoding algorithm but not all iris biometrics algorithm research and developers give access to the Software Development Kit (SDK) that is needed in order to perform the “attack.”

According to Daugman, this should be a sign, “to maintain cryptographic security on IrisCode templates” to maintain the highest level of security and thwart would be system attacks. Daugman went on to say that in addition to cryptographic security, there is also the issue of iris hardware detecting an artificial iris vs. a real one. Most of the higher quality iris biometrics recognition systems on the market are equipped with sophisticated technology to detect the presence of an artificial eye and tell when they are being spoofed. The bottom line is that a quality, modern iris biometrics recognition system would not have been fooled by the re-engineered iris image used in the Black Hat conference paper .

What is rather unfortunate about the content of this article is that virtually no one who was exposed to the Black Hat Conference paper will have the opportunity to hear the points brought out by Daugman and will automatically deduce that iris biometrics systems should be avoided at all costs since they can be easily hacked and your iris template stolen. Daugman’s view will be known by few, fueled in large part by organizations like the Electronic Frontier Foundation who immediately pounced on the Black Hat conference paper and began their mission to spread the word that iris biometrics are just as susceptible to attacks as any other biometric modality, without reporting both sides of the issue.

We hope that you will take the time to educate yourself on the entire issue so you can formulate your own intelligent opinion when presented with all of the facts. Please share your thoughts with us on where you stand on the issue and why in the comments section below.

Iris Recognition vs. Retina Scanning – What are the Differences?



In biometrics, iris and retinal scanning are known as “ocular-based” identification technologies, meaning they rely on unique physiological characteristics of the eye to identify an individual. Even though they both share part of the eye for identification purposes, these biometric modalities are quite different in how they work. Let’s take a closer look at both and then explain the similarities and differences in detail:

Retinal Scanning: The human retina is a thin tissue composed of neuralcells that is located in the posterior portion of the eye. Because of the complex structure of the capillaries that supply the retina with blood, each person’s retina is unique. The network of blood vessels in the retina is so complex that even identical twins do not share a similar pattern. Although retinal patterns may be altered in cases of diabetes, glaucoma or retinal degenerative disorders, the retina typically remains unchanged from birth until death. (Source: Wikipedia)

In biometrics, are iris recognition and retinal scanning the same thing and does the technology work the same way?

The Retina

A biometric identifier known as a retinal scan is used to map the unique patterns of a person’s retina. The blood vessels within the retina absorb light more readily than the surrounding tissue and are easily identified with appropriate lighting. A retinal scan is performed by casting an unperceived beam of low-energy infrared light into a person’s eye as they look through the scanner’s eyepiece. This beam of light traces a standardized path on the retina. Because retinal blood vessels are more absorbent of this light than the rest of the eye, the amount of reflection varies during the scan. The pattern of variations is converted to computer code and stored in a database. Retinal scanning also has medical applications. Communicable illnesses such as AIDS, syphilis, malaria, chicken pox well as hereditary diseases like leukemia, lymphoma, and sickle cell anemia impact the eyes. Pregnancy also affects the eyes. Likewise, indications of chronic health conditions such as congestive heart failure, atherosclerosis, and cholesterol issues first appear in the eyes.

What is iris scan? Iris recognition and retinal scanning are two different biometric identification technologies

The Iris

Iris Scanning: The iris (plural: irides or irises) is a thin, circular structure in the eye, responsible for controlling the diameter and size of the pupils and thus the amount of light reaching the retina. “Eye color” is the color of the iris, which can be green, blue, or brown. In some cases it can be hazel (a combination of light brown, green and gold), grey, violet, or even pink. In response to the amount of light entering the eye, muscles attached to the iris expand or contract the aperture at the center of the iris, known as the pupil. The larger the pupil, the more light can enter. Iris recognition is an automated method of biometric identification that uses mathematical pattern-recognition techniques on video images of the irides of an individual’s eyes, whose complex random patterns are unique and can be seen from some distance.

biometric sdk

Unlike retina scanning, iris recognition uses camera technology with subtle infrared illumination to acquire images of the detail-rich, intricate structures of the iris. Digital templates encoded from these patterns by mathematical and statistical algorithms allow unambiguous positive identification of an individual. Databases of enrolled templates are searched by matcher engines at speeds measured in the millions of templates per second per (single-core) CPU, and with infinitesimally small False Match rates. Hundreds of millions of persons in countries around the world have been enrolled in iris recognition systems, for convenience purposes such as passport-free automated border-crossings, and some national ID systems based on this technology are being deployed. A key advantage of iris recognition, besides its speed of matching and its extreme resistance to False Matches, is the stability of the iris as an internal, protected, yet externally visible organ of the eye.

Advantage of iris #biometrics is stability of iris as internal, protected, externally visible organ. Click To Tweet

Similarities and Differences: While both iris and retina scanning are ocular based biometric technologies, there are distinct similarities and differences that differentiate the two modalities. Iris Recognition uses a camera, which is similar to any digital camera, to capture an image of the Iris. The Iris is the colored ring around the pupil of the eye and is the only internal organ visible from outside the body. This allows for a non-intrusive method of capturing an image since you can simply take a picture of the iris from a distance of 3 to 10 inches away.

Retinal Scanning requires a very close encounter with a scanning device that sends a beam of light deep inside the eye to capture an image of the Retina. Since the Retina is located on the back of the eye, retinal scanning was not widely accepted due to the intrusive process required to capture an image.

Here is an overview of some similarities and differences between iris and retina scanning:


  • Low occurrence of false positives
  • Extremely low (almost 0%) false negative rates
  • Highly reliable because no two people have the same iris or retinal pattern
  • Speedy results: Identity of the subject is verified very quickly
  • The capillaries in the iris and retina decompose too rapidly to use a amputated eye to gain access


  • Retinal scan measurement accuracy can be affected by disease; iris fine texture remains remarkably stable
  • An iris scan is no different than taking a normal photograph of a person and can be performed at a distance; for retinal scanning the eye must be brought very close to an eyepiece (like looking into a microscope)
  • Iris scanning is more widely accepted as a commercial modality than retinal scanning
  • Retinal scanning is considered to be invasive, iris is not
Retinal scanning is considered to be invasive, iris recognition is not. Click To Tweet

Chart: Iris vs. Retinal Scanning: What are the similarities and differences?

Category Iris Retina
Extremely fast and reliable search results Yes Yes
Uses safe, low energy-infrared light for scanning
(same as what is used in TV remote controls)
Yes No
Uses a digital camera to capture the image Yes No
Has absolutely no negative impact on human health Yes No
Ability to save biometric images for auditing purposes Yes Yes
Ideal for large databases Yes Yes
Completely contactless Yes Yes
Measurement accuracy affected by disease No Yes
Requires close proximity to camera for successful scan No Yes
Works with all ages – no patient re-enrollment required Yes Yes

biometric system

Avoiding Patient Identification Problems with Biometrics

Using biometrics to identify unconscious patients or those with Alzheimers or dementia

Photo courtesy of elefanterosado

Two stories in the news caught our eye over the past week where hospitals appealed for the public’s help to identify patients who were admitted under different circumstances. Occasionally, a person will enter a hospital or medical center without any patient identification and due to their medical condition (unconsciousness, dementia, Alzheimer’s, etc.) the facility is unable to determine their identity.

The first case happened when officials and police in Shreveport, LA asked for the public’s help to identify the victim of an automobile accident when the unidentified patient was brought to the hospital without an ID. The only information that police and hospital officials had to go on was a possible first name and a theory on where the victim was from.

The second case comes from Los Angeles, CA where a man was brought to Memorial Medical Center by ambulance without any documentation or evidence of his identity. The article did not elaborate on why there was a problem identifying the patient since he appeared to be conscious but perhaps he was unable to speak or may have been suffering from Alzheimer’s or another type of dementia.

Both of these cases demonstrate the periodic problems that hospitals and medical centers can experience when attempting to positively identifying a patient in the absence of a relative or friend or any type of insurance card or picture ID. To circumvent these types of problems in the future, healthcare facilities can deploy biometric patient identification to ID any patients who may have an existing medical record linked with a biometric template. If the patient arrives without the ability to confirm their identity, the healthcare facility can take a picture of their iris or scan their palm and quickly scan the master patient index (MPI) to determine if they have visited in the past.

In times of emergency (especially if someone arrives without the ability to identify themselves) a patient may have a special medical condition that would affect the care they receive and could die if a proper identification tool did not exist. Biometric patient ID can help to quickly identify that patient if their information has previously been established and is on file. Just another example of how biometric patient identification is a great fit for healthcare.