The wide-spread use of the internet and computing/communications devices has led to an explosive growth in the electronic dissemination of information. However, verifiable control over the recipient(s) of secure information remains an important issue in the field of cyber security. Moreover, recipients of information can also become sources of sensitive information where real time knowledge of the identity of such a source can be an important security issue.
An example of this situation is knowledge of the identity of an individual entering credit card (or other account) information during the process of making an online purchase. Present-day techniques commonly used to remotely identify the recipients or sources of secure information are readily susceptible to deception. In the United States, identity theft affects approximately fifteen million individuals each year with an estimated financial impact of $50 billion.
A computer or telecommunications device receiving information from the internet is commonly identified by a so-called IP (i.e., internet protocol) address and/or identification codes typically embedded within central processing units (CPUs) or firmware. Although the IP address and/or embedded device identification can be used to identify the apparatus receiving or sending information, the IP address does not verifiably identify the user(s) of the device.
Schemes that attempt to relate a device with an individual user commonly employ passwords, security questions, and/or historical records (referred to by terms such as “trackers” or “cookies”). However, these schemes can easily be circumvented once a user has, for example, “logged in.” This can become a particularly critical issue when a device is lost or stolen, or if access to the device is gained by someone other than the intended recipient of information. Furthermore, schemes exist to mask or hide the true identity and/or location of a particular machine's IP and/or hardware embedded address.
The most common cyber security methods that attempt to verify the identity of a user employ passwords and/or security questions. Once passwords have been entered and/or security questions answered, it is possible to switch users; defeating the role of the security scheme. Furthermore, there are a large number of methods employed to surreptitiously acquire passwords and/or answers to security questions. These include intercepting keystrokes during password entry; “guessing” passwords based on factors such as family names, locations, pets, or simple alphanumeric sequences; deciphering information embedded in packets as they are transmitted throughout the internet (where public, wireless transmission is a particularly vulnerable access point); automated sequencing through series of commonly used passwords; acquiring passwords via embedded malware; posing as legitimate websites that require password entry; and other forms of so-called “phishing.”
Biometric schemes for user identification are becoming increasingly commonplace as a machine-based method to uniquely identify an individual. Biometric identification involves the sensing of physical, genetic, physiological, and/or behavioral attributes that are unique to an individual. Substantially continuous, real-time biometric identification demands a technique that is rapid, non-intrusive, and non-invasive.
As an example of a biometric identification technique, U.S. Pat. No. 8,432,252 describes a device that optically scans a finger to identify an individual and subsequently enables or disrupts secure communications based on recognition of the finger print. A number of patents that make use of identification techniques based on finger scans have been issued to the assignee of U.S. Pat. No. 8,432,252. Automated face recognition, voice recognition, and signature recognition are the basis for other biometric authentication methods. However, these techniques generally do not provide substantially continuous user identification in an unobtrusive manner and are susceptible to relatively simple methods to defeat security features.
For example, in most cases, such biometric devices can positively identify an individual at the time of a scan. However, it is subsequently possible to have a separate individual receive, or be the source of, secure information. Even at the time of a scan, devices used to display and/or enter secure information are generally not directly coupled to those for user identification. For example, automated face recognition can be occurring while a separate individual is performing keyboard entries. These relatively simple methods to defeat a user's true identity are particularly an issue when there is potential benefit to an individual who has been identified biometrically to deliberately hide or transfer his or her identity.
An example of an instance in which the recipient of information may wish to deliberately disguise a true identity is the remote administration of online scholastic examinations. In this case, it is possible for the ultimate recipient of an examination grade to address all security challenges while a separate individual addresses actual examination questions. Sophisticated identity swapping schemes are routinely reported during administration of GRE (Graduate Record Examination), GMAT (Graduate Management Admissions Test), LSAT (Law School Admissions Test), MCAT (Medical College Admissions Test), and other professional career advancement examinations. Security issues associated with remote administration of scholastic and other forms of examination are predicted to become increasingly important as education and other information-based service providers move toward an increasing use of MOOC (massive open online course), distance-learning, and assessment formats.
Iris recognition is currently regarded as being one of the most secure biometric identification techniques. The iris displays a fine structure that is an epigenetic phenotypic feature, developing with random components during embryonic gestation. Thus, unlike DNA fingerprinting, even genetically identical twins (comprising approximately 1% of the population) have completely unique iris pigments and structures. Further proof of the epigenetic nature of the iris is the fact that, although the left and right (genetically identical) eyes of an individual possess a similar structure and color, textural details of an individual's left and right eyes are highly distinctive.
Even though an iris can be viewed non-invasively, it is within a well-protected organ (i.e., the eye) that, unlike fingerprints, is generally protected from damage and wear. Although there are a few medical procedures that can change the fine structure and pigment within the eye, iris texture generally remains remarkably stable (unlike, for example, facial features) over periods of decades.
John Daugman originally developed iris recognition algorithms while he was at the University of Cambridge. Most commercially deployed iris-recognition systems in use today utilize Daugman's algorithms (e.g., as disclosed in U.S. Pat. No. 5,291,560). Commercially available iris recognition systems (e.g., Iris ID Systems Inc., BI2 Technologies, IrisGuard Inc., Eyelock Corp.) generally use hand-held or pedestal-mounted devices, and operate at distances between an iris and a camera from 10 centimeters up to a few meters.
Daugman developed and applied two-dimensional Gabor wavelet (i.e., a special case of short-sampled Fourier transform) coefficients based on iris images collected using real-time video conditions. By converting Cartesian-coordinate based images into polar coordinates and applying 2-D Gabor filters to small regions, a complex dot product can be computed that is primarily reflective of phase angle. The lack of sensitivity to overall light amplitude (i.e., image brightness, contrast, etc.) helps to discount variations in video recording conditions.
The most significant bits of the dot products from different regions are assembled into a so-called code of the iris or herein after “irisCode.” The original and most commonly implemented irisCode utilizes 2 bits from each region to generate a 2048-bit (i.e., 256-byte) value that can identify a unique individual from among millions. Algorithms to compute irisCodes have been coded as both software within CPU-based devices and hardware-embedded firmware.
Today, there are more than sixty million individuals in 170 nations registered for identification based on iris patterns. The government of India is currently recording iris scans and finger prints of its entire population of more than a billion individuals. Companies and government agencies that utilize these technologies include IBM, Panasonic, LG, Sarnoff, London Heathrow Airport (as well as Birmingham, Gatwick and Manchester), IrisAccess (Korea), IrisPass (Japan), CanPass (Canadian Nexus system), the Afghan repatriation program, and the United States Department of Defense detainee population management program.
The iris has a well-defined geometry that changes only as a result of the contraction of two opposing muscles (sphincter papillae and dilator papillae) that control the diameter of the pupil. It is this uniformity and stability that has led to an unprecedented false match rate as low as (depending on stringency selection) 1 in 109.6 (i.e., about one in four billion) with typical image quality, and including provisions for head tilt and movement.