Read these two together…

Read this…

Emotient and iMotions partner for integrated facial expression recognition, bio sensor and eye-tracking solution (Biometric Update)

Emotient, which specializes in facial expression analysis, and iMotions, an eye-tracking and biometric software platform company, have announced that Procter and Gamble, The United States Air Force and Yale University are its first customers for a newly integrated platform that combines facial expressions recognition and analysis, eye-tracking, EEG and GSR technologies.

According to the companies, the new cobmbined solution is designed for usability research, market research, neurogaming as well as academic and scientific research.

Then this…

Google facial password patent aims to boost Android security (BBC)

Google has filed a patent suggesting users stick out their tongue or wrinkle their nose in place of a password.

It says requiring specific gestures could prevent the existing Face Unlock facility being fooled by photos.

…and then think about Google Glass (or something similar offered by another brand) and the things that become knowable as these technologies are combined and others are added. Iris and face for backward-facing and front-facing ID, knowing precisely what (or whom) someone is looking at when a certain change in neurological activity is noted. Or, precise targeting of weaponry controlled by the eye’s movement along with detailed observations of the neurological states of combatants.

Right now, all of it seems like a long way off, and it is. Significant scientific, technological, and organizational barriers exist. The technology of measurement; the science of interpretation; the fact that a lot of small players own small pieces of the puzzle; integrating the pieces: each present significant challenges. But…

“Most people overestimate what they can do in one year and underestimate what they can do in ten years.”

Stay tuned. Ubiquitous multi-modal sensors and the real-time ability to interpret and act on the data they collect would have profound effects.

A look at biometrics and health care fraud

Iris Scans Seen Shrinking $7 Billion Medical Data Breach (Bloomberg)

Iris scanners aren’t just for airport border-control agents and spy movies anymore.

Clinics and hospitals around the world are acquiring technology that identifies people based on physical traits to improve patient safety and stamp out fraud. HCA Holdings Inc. (HCA) hospitals in London, as well as health-care providers across the U.S., are buying so-called biometric technologies.

There’s not an identity management problem hospitals don’t have.

Market Analysis: Iris biometrics

Iris Biometrics – Global Strategic Business Report (Research & Markets)

Prominent among the contactless biometric identification technologies, Iris biometrics identifies an individual by analyzing random colored patterns within human irises, which are unique to each individual and do not easily alter over lifetime. Relatively young in the biometric identification market with commercial availability only since 1995, iris biometrics, thanks to its swift results, low failure to error rates and high accuracy levels, is however fast proving to be a preferred choice of biometric identification in a range of applications.

Growth in the iris biometrics market until now has been largely driven by increased adoption of the technology in travel and immigration segment and physical access control applications.

The summary of the report is very optimistic about the future of iris biometrics.

The challenges confronting any new biometric modality

[ed. This post reflects a substantial rewrite of an earlier post of January 24, 2013: Not the bee’s knees]

Every once in a while a version of the following paragraph finds itself in the news…

Biometrics Using Internal Body Parts: Knobbly Knees in Competition With Fingerprints (Science Daily)

Forget digital fingerprints, iris recognition and voice identification, the next big thing in biometrics could be your knobbly knees. Just as a fingerprints and other body parts are unique to us as individuals and so can be used to prove who we are, so too are our kneecaps. Computer scientist Lior Shamir of Lawrence Technological University in Southfield, Michigan, has now demonstrated how a knee scan could be used to single us out.

Forget digital fingerprints, iris recognition and voice identification, the next big thing in biometrics could be your ______________.

Examples are numerous and fecund:

Heartbeat?
Rear-end?
Ear?
Bone structure or electric conductivity?
Footsteps?
Nose? (ed. Link added later. I forgot about that one.)
Body odor?
Brain prints?
Lip movements?
Kneecap?

While I suspect that any definable aspect of the human anatomy could be used as a biometric identifier — in instances where teeth are all that is known about an individual, they are used for high confidence identification — I’m afraid that, for the foreseeable future, the cards are stacked against any new biometric modality catching on in any big way.

The reasons for this are both scientific (research based) and economic (market based).

On the science side, a good biometric modality must be: unique, durable, and easily measurable. If any of these are missing, widespread use for ID management isn’t in the cards. If something is unique and durable but isn’t easily measurable, it can still be useful but it isn’t going to become ubiquitous in automated (or semi-automated) technology. Teeth and DNA fit this model. Teeth have been used to determine the identity of dead bodies with a high degree of certainty for a long time, but we aren’t going to be biting any sensors to get into our computers any time soon — or ever. Likewise with DNA.

There is also the challenge of proving that a modality is in fact unique, durable and easily measurable which requires a whole lot of experimental data and (especially regarding uniqueness) a healthy dose of statistical analysis. I’m no statistician, and from what I understand, the statistical rules for proving biometric uniqueness aren’t fully developed yet anyway, so let’s just leave things in layman’s terms and say that if you’re wanting to invent a new biometric modality and someone asks you how big a data set of samples of the relevant body part you need, your best answer is “how many can you get me?”

In order to ascertain uniqueness you need samples from as many different people as you can get. For durability you need biometric samples for the same person taken over a period of time and multiplied by a lot of people.

Ease of measure is more experiential and will be discovered during the experimentation process. The scientists charged with collecting the samples from real people will quickly get a feel for the likelihood that people would adapt to a given ID protocol.

For two common biometric modalities, face and fingerprint, huge data repositories have existed since well before there was any such thing as a biometric algorithm. Jails (among others) had been collecting this information for a hundred years and the nature of the jail business means you’ll get several samples from the same subject often enough to test durability, too, over their criminal life. For face, other records such as school year books exist and were readily available to researchers who sought to test the uniqueness and durability of the human face.

The first hurdle for a novel biometric modality is the competition for the attention of scientists and researchers. Getting the attention of science and technology journalists by making a pronouncement that the space between the shoulder blades is the next big thing in biometrics is one thing. Getting academic peers to dedicate the time and research dollars to building the huge database of interscapular scans required for algorithm development is quite another. Any new modality has to offer out-sized advantages over established modaities in order to justify the R&D outlay required to “catch up”. This is highly unlikely.

On the market side, in order to displace established (finger/hand and face/eye) biometric modalities in wide scale deployments, the academic work must be complete and the new technology must produce a return on investment (ROI) in excess of that offered by existing technologies designed to accomplish the same function.

That’s not to say that modalities that didn’t have the advantage of a 100 year head start on data collection are impossible to bring to market. Iris, voice, and the vascular biometrics of the hand (palm, finger) have joined face and fingerprint biometrics in achieving commercial viability despite the lack of historic data repositories. But there were several things recommending them. They either occupy prime real estate on the head and the end of the arm (Iris, vein) making them easy to get at, or they are the only biometric that can be used over a ubiquitous infrastructure that simply isn’t going anywhere (voice/phone), or they offer advantages over similar established modalities. With hand vascular biometrics: they’re harder to spoof than fingerprints; no latency; avoidance of the “fingerprinting = criminality” stigma; can work with gloves; users can avoid touching the sensor, etc. With iris: harder to copy than the face; harder to spoof; easier to measure than retina vasculation; and extremely low/no latency. Yet even despite gaining the required academic attention, iris and voice have had great difficulty overcoming the market (ROI) hurdle, which brings us back to knees.

Is there any database of kneecaps of significant size to allow researchers to skip the time-consuming task of building such a database themselves reducing the cost of development? Is there any deeply embedded ubiquitous infrastructure that is already an ideally suited knee-sensor? Is there any objection to modalities that have a head start on knees that knee biometrics would overcome? Is there any conceivable, repeatable, scalable deployment where a potential end user could save a whole lot of money by being able to identify people by their knees? I’m at a loss but these are exactly the kind of questions any new biometric modality must be able to answer in the affirmative in order to have any hope for wide-scale deployment.

So, it’s pretty clear that knee biometrics are not something the average person will ever come into contact. Does that mean there is no value in exploring the idea of the kneecap as a feature of the human anatomy capable of being used to uniquely identify an individual? Not necessarily.

In order to thrive as high value-added tools in highly specialized deployments a novel modality just needs to help solve a high value problem. This has heretofore been the case with teeth & DNA. The analysis of teeth and DNA is expensive, slow, requires expert interpretation, and is difficult to completely automate, but has been around for a long, long time and isn’t going anywhere anytime soon. That’s because the number of instances where teeth and DNA are the only pieces of identifying information available are frequent enough, the value of making the identification is high enough, and the confidence level of the identification is high enough that people are willing to bear the costs associated with the analysis of teeth and DNA.

Beyond teeth and DNA, any biometric modality can be useful, especially when it is the only piece if information available. The CIA and FBI even invented a completely novel biometric approach in an attempt to link Khalid Shaikh Mohammed to the murder of Daniel Pearl using arm veins. But how likely is something like that ever to be the case for any of these novel modalities, knees included? It’s possible that the situation could arise where a knee bone is discovered and there is an existing x-ray or MRI of a known person’s knee and a comparison would be useful. That, however, is not enough to make anyone forget about any already-deployed biometric modality.

FBI, DHS team up to nab border intruders with iris biometrics

FBI and DHS team up to nab border intruders with iris biometrics (NextGov)

The FBI is partnering with the Homeland Security Department to identify border trespassers by exchanging digital eye scans of booked offenders, bureau officials said.

Iris recognition — which matches a digital image of the unique, colored portion of an individual’s eye against archived photos — quickly ensures authorities have fingered the right crook, advocates say. Critics say iris capture invades privacy and wrongfully pulls immigrants into the deportation system.

India: UID going multi-modal

Iris scan to add layer to Aadhaar authentication (Business Standard)

Iris

One of the biggest purported flaws of the Unique Identification Authority of India (UIDAI)’s Aadhaar programme was the risk of deterioration of beneficiaries’ fingerprint quality, especially given the country’s large farm worker population, among the main target groups.

But, almost in sync with the government’s plan of rolling out the ambitious direct benefits transfer (DBT) scheme nationwide, starting with 20 districts from January 1, the UIDAI is finishing work on introducing iris-based authentication in the first quarter of 2013, said a senior UIDAI official.

UAE: Iris border ID system detects 20,000 illegal entry attempts in 9 months…

…and almost 350,000 since 2003.

Iris scan prevented entry of 20,000 deportees into UAE: Director General of Abu Dhabi Police Central Operations (Emirates ID)

H.E. Major General Ahmed Nasser Al Raisi, Director General of Abu Dhabi Police Central Operations and Emirates Identity Authority Board Member, has unveiled that during the first nine months of this year, the iris scan succeeded in preventing the entry of 20,476 deportees and ex-convicts while trying to re-enter the UAE via the different entry points.

In news published in Al Bayan newspaper today, Al Raisi said the iris scan prevented the entry of 347,019 deportees to the UAE since the system was comprehensively put to use in September 2003 up to end of last September.

Bypassing an Iris Scanner? There’s Got To Be a Better Way.

In honor of today’s twitter biometric chat on iris biometrics, here’s a post from July 30 containing thoughts on the implications of a recent iris biometrics hack…

A couple of weeks ago, when the news broke that someone had claimed to have “hacked” iris biometrics by reverse engineering a template into an image of an iris that would be accepted by an iris recognition system, I said: It’s not a real biometric modality until someone hacks it.

That’s because a hacking claim can generate a lot of media publicity even if it doesn’t constitute proof that a technology is fatally flawed. Where’s the publicity value of hacking something that nobody uses, anyway? Claims like this can also be taken as a sign that a new technology, iris biometrics in this case, has crossed some sort of adoption and awareness threshold.

So what about the hack? Now that more information is available and assuming that Wired has things about right, “experiment” is a far better descriptor than “hack” for what actually went down. “Hack” would seem to indicate that a system can be manipulated into behaving unexpectedly and with exploitable consequences in its real world conditions. Think of picking a lock. A doorknob with a key hole can be manipulated by tools that aren’t the proper key to open a locked door in its normal operating environment.

The method that the researchers relied upon to develop the fake iris from the real template bears no resemblance to the lock-picking example. What  the researchers did is known as hill-climbing. In simple terms, it’s like playing the children’s game Cold-Warm-Hot but the feedback is more detailed. A hill-climbing experiment relies upon the system being experimented on giving detailed information back to the experimenter about how well the experimenter is doing. The experimenter presents a sample and the system gives a score (cold, warm, hot). The experimenter refines the sample and hopes the score will improve. Lather, rinse, repeat. A few hundred iterations later, the light turns green.

Technically, you don’t even need to have a sample (template) to start hill climbing. You could just start feeding the system random characters until you hit upon a combination that fit the template’s template(?).

This is one of those exercises that is academically interesting but doesn’t provide much useful information to system engineers or organization managers. Scientific experiments deal with their subjects by isolating and manipulating one variable at a time. Real world security systems are deployed with careful consideration of the value of what is being protected and a dependence upon all sorts of environmental factors.

A person who wanted to bypass an iris scanner using this method in the real world would:

1. Hack into a biometric database to steal a template of an authorized user; pray templates aren’t encrypted
2. Determine which biometric algorithm (which company’s technology) generated the template
3. Buy (or steal) that company’s software development kit
4. Build and successfully run the hill-climbing routine
5. Print the resulting image using a high quality printer
6. Go to the sensor
7. Place print-out in front of iris scanner
8. Cross fingers

Simple, right? Compared to what?

Once you’re talking about hacking into unencrypted biometric template databases (and depending upon your CRUD privileges) almost anything is possible and little of it requires Xeroxing yourself a pair of contact lenses.

Why not just blow away the whole database of iris templates? Problem solved. The scanners, now just locks with no key, would have to be disabled at least temporarily.

If stealth is more your style, just hack into the database, create a credential for yourself by placing your very own iris template in there and dispense with the whole rigmarole of the hill-climbing business. Delete your template (and why not all the others) after the heist.

If your hacking skillz aren’t up to the task, you could stalk someone who is already enrolled with a Nikon D4 and a wildlife photography lens and skip steps one thru four (and eight) on the above list.

You could trick, threaten or bribe someone into letting you in.

Break the door or a window.

The elaborateness of the process undertaken by the researchers pretty much proves that the iris sensor isn’t going to be the weak link in any real world security deployment.

Iris ≠ Retina

In honor of today’s twitter biometric chat on iris biometrics, here’s a brief post from March 22 explaining the difference between the eye’s iris and retina…

Unlike yesterday’s treatment in Voice Recognition ≠ Speech Recognition, the terms, “iris” and “retina” are in no way up for grabs.

The iris (left), which gives people “eye color,” controls how much light enters the eyeball. The retina (right) is the structure laying along the inside, back surface of the eyeball that translates light into nervous impulses for the optic nerve to send to the brain.

In a camera analogy, the iris would be, well, the iris, since cameras have them, too. The retina would be the film, or in an even better digital analogy, the charge-coupled device (CCD) that translates light into ones and zeros for computer chips.

Both iris and retina are used as biometric modalities in identity management applications.

Iris biometrics match the iris’s unique surface features (similar to fingerprints). Retina biometrics use eye’s vascular network for matching.

Retinas have been in use as a biometric identifiers for far longer than iris (1984 vs 1995), but using the iris is far more common today. This is because using the iris makes for cheaper and easier identifications.

For more on the subject, I recommend this. It was written in 2006. Both technologies will have improved since then, but iris technologies have improved faster.

Biometric Chat on Iris Biometrics November 1

When: November 1, 2012 

11:00 am EDT, 8:00 am PDT, 16:00 pm BST, 17:00 pm (CEST), 23:00 pm (SGT), 0:00 (JST) 

Where: tweetchat.com/room/biometricchat (or Twitter hashtag #biometricchat

What: Tweet chat on iris biometrics technology with Jeff Carter, Chief Strategy Officer of @EyeLockCorp

Topics: Differences between iris and retina biometric identification technologies, using iris recognition to identify the unconscious, public acceptance of iris biometrics compared to other biometric modalities, iris biometrics and mobile device user authentication, iris biometrics accuracy compared to other biometric modalities, and more!

More information at the M2SYS blog.

I always enjoy these. 

Tune in, dial up, surf over (or do whatever it is you do to navigate the interwebs) and join in the conversation.

Here’s some background on Jeff’s vision for iris biometrics.

UPDATE: A good time was had by all. In case you missed it and would like to see how it went, the Twitter Biometric Chat transcript on Iris biometrics is up at Storify.

What is the best biometric?

I often get asked what is the best biometric modality.

The article below is a good example of why the answer is always, “That depends; what are you trying to accomplish?”

Eye of the Beholder: How Iris Biometrics Could Help Solve Hospital Patient ID Problems (Becker’s Hospital Review)

One of the other major benefits, according to Mr. Powe, is the hands-off approach — literally. Patients do not have to touch any equipment with an iris scan, which helps hospitals in their infection control efforts.

“Since you don’t have to touch it, it’s an infection control measure,” Mr. Powe says. “A lot of people don’t come to the hospital because they are healthy. With palm scanning, you put your hand down, then sanitize it and clean it to keep someone from passing infections. But that’s not the case here. You just sit in a chair, line your eyes up with a camera, take the picture and you’re done.”

India: UID begins to incorporate iris, improves fingerprint results

UIDAI’s Iris Authentication proof of concept study successful (UIDAI Press Release – pdf)

The UIDAI has successfully conducted the proof of concept Iris authentication study in Mysore district of Karnataka. The study brought out the high accuracy levels (above 99.2%) achieved by iris authentication. A combination of iris and fingerprint authentication can further the goals of universal inclusion and pave the way for successful applications based on Aadhaar authentication.

The study was conducted in semi urban setting in Nanjangudtaluk in Mysore district of Karnataka between May 27th and July 30th 2012. 215,342 iris authentication transactions from 5833 residents were studied. 8 models of iris cameras through 6 different OEMs participated in this study.

This study has also brought out the specific improvement areas that biometric ecosystem needs to work upon to further improve the accuracy and coverage percentage. The detailed findings are documented in a report which is being published on UIDAI’s website. This will be followed by a workshop with the device vendors to guide them on the specific actions to be taken by them to improve algorithms and devices. UIDAI will then take up further field studies. These studies would also lead to formulation of iris device specifications for certification and deployment purposes.

It may also be noted that as a result of feedback to the biometric ecosystem, the performance of fingerprint authentication improved substantially from the time UIDAI conducted its first fingerprint authentication PoC to the last PoC. Same is expected in iris authentication domain too, which points that iris authentication has a scope of providing accuracy levels above 99.5%.

Hop on the Bus, Gus. Drop off the Key, Lee.

Biometric Technology Gets on the School Bus (Press Release via Benzinga)When children board or exit the bus the BlinkSpot iris scanning technology recognizes the child and sends real time reports to the school along with an individual email to each parent verifying the time and location of their child.

The effort combines Verizon, Eye-D, and 3M Cogent capabilities.

I’m curious to see how this works out. An application that provides real-time information on children’s interactions with the school bus system is, obviously, highly desirable.

Will the technology fit the deployment? How well will it work? How passive is the use model (i.e. must the children actively engage the system?). How much training will drivers and children require? How long does each transaction take? Will that cause traffic jams? What are the costs in money and time?

These are the questions that would-be customers and system developers need to ask, answer, and agree upon.

Thinking this one through, my hunch is that from a pure utility point of view, this is a finger app. But in the real world other considerations may apply. If some tech companies want to test their technology, their ability to work together, product design and feasibility, and they find a willing and supportive test environment — in this case a school and community — then that’s what will happen. Lessons will be learned and the state of the art will have been advanced.

Perfect; Good; Tech.; People; etc. It’s a fun landscape in which to participate.

Pro Tip to Journalists: Keep Your Eye on Iris v. Retina

What is it about journalists and the human retina? I’d estimate that at least 95% of the time a journalist uses the term “retina” in association with biometric identity management modalities, they actually mean “iris”. Does anybody know why this is?

After decades, ATMs still play key role in banking (Eagle Tribune – North Andover, MA)

He said tests are being conducted in Brazil on using biometric identification — scanning retinas or fingerprints — for ATMs. In Europe, he said, there are ATMs where customers can apply and be approved for a loan during their ATM sessions. “So the technology is there to do that,” Kerstein said.

You will never see a retina scanner in an ATM. As far as ATM deployments go retina is too expensive, and it takes too much time for people to get used to using it properly. Then there’s the fact that if vascular biometrics are the answer, the hand/finger is cheaper and easier and if eye biometrics are the answer, iris is cheaper and easier. For ATM’s the vascular/eye combo is overkill.

Iris (left) vs. Retina (right)

The iris (left), which gives people “eye color,” controls how much light enters the eyeball. The retina (right) is the structure laying along the inside, back surface of the eyeball that translates light into nervous impulses for the optic nerve to send to the brain.

In a camera analogy, the iris would be, well, the iris, since cameras have them, too. The retina would be the film, or in an even better digital analogy, the charge-coupled device (CCD) that translates light into ones and zeros for computer chips.

Both iris and retina are used as biometric modalities in identity management applications.

Iris biometrics match the iris’s unique surface features (similar to fingerprints). Retina biometrics use eye’s vascular network for matching.

Retinas have been in use as a biometric identifiers for far longer than iris (1984 vs 1995), but using the iris is far more common today. This is because using the iris makes for cheaper and easier identifications.

For more on the subject, I recommend this (If you’re a journalist, I can’t recommend it enough!). It was written in 2006. Both technologies will have improved since then, but iris technologies have improved faster.

Bypassing an Iris Scanner? There’s Got To Be a Better Way.

A couple of weeks ago, when the news broke that someone had claimed to have “hacked” iris biometrics by reverse engineering a template into an image of an iris that would be accepted by an iris recognition system, I said: It’s not a real biometric modality until someone hacks it.

That’s because a hacking claim can generate a lot of media publicity even if it doesn’t constitute proof that a technology is fatally flawed. Where’s the publicity value of hacking something that nobody uses, anyway? Claims like this can also be taken as a sign that a new technology, iris biometrics in this case, has crossed some sort of adoption and awareness threshold.

So what about the hack? Now that more information is available and assuming that Wired has things about right, “experiment” is a far better descriptor than “hack” for what actually went down. “Hack” would seem to indicate that a system can be manipulated into behaving unexpectedly and with exploitable consequences in its real world conditions. Think of picking a lock. A doorknob with a key hole can be manipulated by tools that aren’t the proper key to open a locked door in its normal operating environment.

The method that the researchers relied upon to develop the fake iris from the real template bears no resemblance to the lock-picking example. What  the researchers did is known as hill-climbing. In simple terms, it’s like playing the children’s game Cold-Warm-Hot but the feedback is more detailed. A hill-climbing experiment relies upon the system being experimented on giving detailed information back to the experimenter about how well the experimenter is doing. The experimenter presents a sample and the system gives a score (cold, warm, hot). The experimenter refines the sample and hopes the score will improve. Lather, rinse, repeat. A few hundred iterations later, the light turns green.

Technically, you don’t even need to have a sample (template) to start hill climbing. You could just start feeding the system random characters until you hit upon a combination that fit the template’s template(?).

This is one of those exercises that is academically interesting but doesn’t provide much useful information to system engineers or organization managers. Scientific experiments deal with their subjects by isolating and manipulating one variable at a time. Real world security systems are deployed with careful consideration of the value of what is being protected and a dependence upon all sorts of environmental factors.

A person who wanted to bypass an iris scanner using this method in the real world would:

1. Hack into a biometric database to steal a template of an authorized user; pray templates aren’t encrypted
2. Determine which biometric algorithm (which company’s technology) generated the template
3. Buy (or steal) that company’s software development kit
4. Build and successfully run the hill-climbing routine
5. Print the resulting image using a high quality printer
6. Go to the sensor
7. Place print-out in front of iris scanner
8. Cross fingers

Simple, right? Compared to what?

Once you’re talking about hacking into unencrypted biometric template databases (and depending upon your CRUD privileges) almost anything is possible and little of it requires Xeroxing yourself a pair of contact lenses.

Why not just blow away the whole database of iris templates? Problem solved. The scanners, now just locks with no key, would have to be disabled at least temporarily.

If stealth is more your style, just hack into the database, create a credential for yourself by placing your very own iris template in there and dispense with the whole rigmarole of the hill-climbing business. Delete your template (and why not all the others) after the heist.

If your hacking skillz aren’t up to the task, you could stalk someone who is already enrolled with a Nikon D4 and a wildlife photography lens and skip steps one thru four (and eight) on the above list.

You could trick, threaten or bribe someone into letting you in.

Break the door or a window.

The elaborateness of the process undertaken by the researchers pretty much proves that the iris sensor isn’t going to be the weak link in any real world security deployment.

The Challenge of Establishing a Biometric Modality

Future Eye Scanners Must Combat Aging Eyes (Live Science)

The iris — the colored part of the eye that eye-scanners analyze — changes as people age, making the scanners more likely to wrongly lock out people with every passing year, according to a new study.

The finding goes against the established, yet never-proven notion that eye scanners can accurately identify people throughout their lives, said Kevin Bowyer, a computer scientist at the University of Notre Dame who performed the study.

Read the whole thing. It’s an article that gets at an interesting aspect of the algorithm end of the biometric ID management problem. It also has input from two of the speakers at the recent TechConnectWV event: Marios Savvides (Carnegie Mellon) and Bojan Cukic (W. Va. Univ.).

A good biometric modality must be: unique, durable, and easily measurable. If any of these are missing, widespread use for ID management isn’t in the cards. If something is unique and durable but isn’t easily measurable, it can still be useful but it isn’t going to become ubiquitous in automated (or semi-automated) technology. Teeth and DNA fit this model. Teeth have been used to determine the identity of dead bodies with a high degree of certainty for a long time, but we aren’t going to be biting any sensors to get into our computers any time soon — or ever. Likewise with DNA.

There is also the challenge of proving that a modality is in fact unique, durable and easily measurable which requires a whole lot of experimental data, and especially regarding uniqueness, a healthy dose of statistical analysis. I’m no statistician, and from what I understand, the statistical rules for proving biometric uniqueness aren’t fully developed yet anyway, so let’s just leave things in layman’s terms and say that if you’re wanting to invent a new biometric modality and someone asks you how big a data set of samples of the relevant body part you need, your best answer is “how much can you get me?”

In order to ascertain uniqueness you need samples from as many different people as you can get. For durability you biometric samples for the same person taken over a period of time and multiplied by a lot of people. 


Ease of measure is more experiential and will be discovered during the experimentation process. The scientists charged with collecting the samples from real people will quickly get a feel for the likelihood that people would adapt to a given ID protocol.

For two of the “big three” biometric modalities, face and fingerprint, huge data repositories have existed since well before there was any such thing as a biometric algorithm. Jails (among others) had been collecting this information for a hundred years and the nature of the jail business means you’ll get several samples from the same subject often enough to test durability, too, over their criminal life. These data could be selected such that they were as good as they could be to assess both uniqueness and durability. For face, other records such as school year books exist and were readily available to researchers who sought to measure uniqueness and durability.

Which brings us to iris.

Where do you look to find a database of several million high-resolution images of human irises collected by professionals who took good notes? Well there’s your problem.

The solution is to go about building such a data set yourself and several organizations have been doing just that. One can make considerable progress on in the question of uniqueness with a big push, collecting more data quickly. Assessing durability, however, takes time no matter how much money and effort can be applied. Some processes can be sped up with more resources; some can’t (nine women can’t make a baby in a month) and the real bummer with determining biometric durability is that you can’t really know in advance how much time it’s going to take to prove it to a satisfactory degree. 

So it’s not a surprise that the uniqueness of the human iris was determined before its durability, and it may come about that the iris is, like the face, “durable enough.” We are all too aware that the face changes, but certain aspects of it don’t change so much that facial recognition is pointless. The same may be true of the iris. It, too, may be durable enough.

It may also turn out to be the case that irises change in a predictable way and that those changes can be accounted for on the software side, so all this isn’t to say that iris isn’t among, or won’t solidify its position among the “big three”; it’s just had a harder road to get there.

Biometrics & the FBI’s Criminal Justice Information Services (CJIS)

Here’s a Storify transcript of this morning’s Tweet Chat about biometrics (#biometricchat).

I offer many thanks to John at M2SYS for asking me to fill in for him and Mike Kirkpatrick for taking time out of his busy schedule to lend his experience to our understanding of the FBI’s use of biometrics for law enforcement and civilian purposes.

Background for the conversation is here.

July, 19 2012 Biometric Chat with Mike Kirkpatrick : Assistant Director in Charge of the Bureau’s Criminal Justice Information Services (CJIS) Division from April 2001 – August 2004.

Powered by Storify

  1. SecurLinx
    Good morning and welcome to this month’s chat on#biometric technology! #biometricchat
  2. SecurLinx
    I’m honored to be filling in for John @m2sys as this month’s host. Thanks for asking me, John!#biometricchat
  3. m2sys
    Good morning to you and thanks for taking over this month’s chat – we really are appreciative of your guest hosting skills! #biometricchat
  4. SecurLinx
    @m2sys The pleasure is mine. AND Thank you, and welcome to Mike @MDKConsulting, for joining us.#biometricchat
  5. SecurLinx
    Today, we will be discussing #biometrics in Law Enforcement (esp. FBI). Our guest is Michael Kirkpatrick. @MDKConsulting #biometricchat
  6. MDKConsulting
    Thanks for the invite! I’m looking forward to this morning’s chat #biometricchat
  7. SecurLinx
    @MDKConsulting Mike finished his FBI career as Asst. Dir. in charge of the FBI’s CJIS center (Apr. 2001 – Aug. 2004) #biometricchat
  8. SecurLinx
    Those dates should give you some idea of the challenges at the FBI’s CJIS. #biometricchat
  9. m2sys
    @SecurLinx Quite a tumultuous time at the FBI’s CJIS…anxious to hear some of Mike’s feedback and insight. #biometricchat
  10. SecurLinx
    Feel free to chip in with your own answers – answer each question (Q1, Q2, Q3, etc.) with A1, A2, A3, etc.#biometricchat
  11. SecurLinx
    Also feel free to submit your own questions during chat or ask other questions of the group. #biometricchat
  12. SecurLinx
    Q1: What was the biggest challenge CJIS faced in the transition from a paper fingerprint system to a fully fledged IAFIS? #biometricchat
  13. MDKConsulting
    A1:There were several challenges. Building the world’s largest #AFIS; IdM had never been done on that scale before… #biometricchat
  14. Note: IdM = Identity Management
  15. MDKConsulting
    A1…Getting the budget to build it ($640M); there were no #fingerprint electronic transmission standards so they had to be.. #biometricchat
  16. MDKConsulting
    A1:…developed (EFTS); Most #fingerprints were still being captured on paper so had to be converted to digital images:… #biometricchat
  17. MDKConsulting
    A1:…Major #FBI workforce retraining; IAFIS didn’t always work as advertised in the early days so alot of downtime #biometricchat
  18. m2sys
    Q1: Were lawmakers at the time reluctant to fund this or was it generally accepted that this was natural maturation? #biometricchat
  19. MDKConsulting
    m2sys A1: Overall, congress was very supportive but this was a high profile project, the only one of its peer projects… #biometricchat
  20. MDKConsulting
    m2sys A1:…(e.g., FAA & IRS modernizations) to succeed. It turned out to be a high risk/high reward project #biometricchat
  21. SecurLinx
    Q2: CJIS is a key part of US ID infrastructure. What is the breakdown between Law Enforcement vs civilian/licensing queries? #biometricchat
  22. SecurLinx
    FBI CJIS is used for firearm background checks, child care workers, financial services employment and more…#biometricchat
  23. BiometricUpdate
    Often wondered about this breakdown myself, actually#biometricchat #biometricchat
  24. MDKConsulting
    A2: #FBI has 2 #fingerprint streams-criminal and civil (licensing & employment checks). Currently ~55% are criminal… #biometricchat
  25. MDKConsulting
    A2:…and 45% are civil. The original IAFIS was designed to process 60K prints/day. #FBI Next Generation Identification… #biometricchat
  26. MDKConsulting
    A2: …(NGI) now easily processes more than 185K/day. Quite a leap forward! #biometricchat
  27. MDKConsulting
    Firearm pre-sale checks (NICS) are name-based, not fingerprint-based. #biometricchat
  28. SecurLinx
    @mdkconsulting Good catch re firearms… done thru the FBI but no fingerprints involved. #biometricchat
  29. SecurLinx
    Q3: What is the next biometric modality CJIS would like to incorporate into IAFIS? #biometricchat
  30. MDKConsulting
    A3: In order of priority, palm prints, face, and iris capabilities will be added to NGI. #biometricchat
  31. BiometricUpdate
    We just wrote about the B12 MORIS system being adopted by FBI. How much time can apps like this save?bit.ly/LYXvug #biometricchat
  32. SecurLinx
    Let’s go quickly to Q4 and then deal with Q3 & Q4 together… #BiometricChat
  33. SecurLinx
    Q4: Then, if the Big Three of #biometrics are Face, Finger/palm print & Iris – Where does DNA fit in?#BiometricChat
  34. MDKConsulting
    A4: There’s an ongoing multi-agency effort on rapid#DNA, which will put a “quick” DNA capability at the …#biometricchat
  35. SecurLinx
    @mdkconsulting Love the quotes around quick. Definitely quick compared to earlier DNA analysis!#BiometricChat
  36. MDKConsulting
    A4:…booking stations. We should see this in the market within the next couple of years. It’ll help solve alot of cases. #biometricchat
  37. MDKConsulting
    A4: #DNA in many ways is the ultimate #biometric but still has many privacy issues associated with it as well as the past… #biometricchat
  38. MDKConsulting
    A4:…relative slowness in getting results. It can prove someone innocent as easily as proving someone guilty, which is… #biometricchat
  39. MDKConsulting
    A4:…good as all in criminal justice should be searching for the truth. #biometricchat
  40. SecurLinx
    @MDKConsulting Excellent point. Biometrics can be evidence of either innocence and guilt. #biometricchat
  41. m2sys
    @MDKConsulting Q4: So DNA quick checks will be at booking stations to circumvent lab analysis in as little as a few years? #biometricchat
  42. MDKConsulting
    @m2sys A4: These are envisioned as a “quick” check as an investigative lead rather than a full-on forensic lab exam #biometricchat
  43. m2sys
    @MDKConsulting Thank you, truly amazing advances in science for DNA processing! #biometricchat
  44. MDKConsulting
    Currently, #FBI is processing criminal fingerprints in just a few minutes. Rapid DNA is envisioned to be more like an hour. #biometricchat
  45. SecurLinx
    Q3/4b: Which (palm, face, iris, DNA) advancement in CJIS capabilities is furthest along? #BiometricChat
  46. SecurLinx
    Last question Q5: What are some near future capabilities related to #biometrics that the FBI would really like to add? #biometricchat
  47. MDKConsulting
    A5: #FBI & law enforcement are looking for smaller, faster, cheaper mobile #biometric collection devices; capability for … #biometricchat
  48. MDKConsulting
    A5:…collection at a distance for fingerprints and iris; implementation of a national palm print capability (a high % of … #biometricchat
  49. MDKConsulting
    A5:…crime scene latents are palm prints); and greater accuracy in facial recognition technology for large databases. #biometricchat
  50. BiometricUpdate
    @MDKConsulting is palm a priority for any particular reason, or is it just an indication of technological advancement? #biometricchat
  51. MDKConsulting
    @biometricupdate: Palm print capability will help to solve many crimes which are unsolved without it. Countries, such … #biometricchat
  52. MDKConsulting
    @biometricupdate: …as Australia, which have implemented palms have reported significant increases in latent matches. #biometricchat
  53. SecurLinx
    That’s all folks. Our sincere thanks to @MDKConcultingMike Kirkpartick for taking the time to talk with us: FBI#biometricchat
  54. SecurLinx
    We kept him a little late but hopefully @MDKConsulting(and you) enjoyed our conversation as much as I did.#BiometricChat
  55. MDKConsulting
    Thanks! I’ve appreciated the opportunity to chat about one of my passions! #biometricchat
  56. m2sys
    @MDKConsulting Thank you for sharing your knowledge with us, it was extremely informative!#biometricchat
  57. SecurLinx
    Thanks @MDKConsulting! Thanks @m2sys for lending me the #BiometricChat hashtag! & to@BiometricUpdate for the questions!
Translate »