Systems for identifying persons through intrinsic human traits have been developed. These systems operate by taking images of a physiological trait of a person and comparing information stored in the image to image data corresponding to the imaged trait for a particular person. Since these systems take the measure, or “metric” of a portion of a person or other biological being from the image data, they are commonly referred to as “biometric” systems. When the information stored in the image has a high degree of correlation to the relevant data previously obtained for a particular person's trait, positive identification of the person may be obtained. These biometric systems obtain and compare data for physical features, such as fingerprints, voice, facial characteristics, iris patterns, hand geometry, retina patterns, and hand/palm vein structure. Different traits impose different constraints on the identification processes of these systems. For example, fingerprint recognition systems require the person to be identified to contact an object directly for the purpose of obtaining fingerprint data from the object. Similarly, retina pattern identification systems require a person to allow an imaging system to scan the retinal pattern within one's eye for an image capture of the pattern that identifies a person. Facial feature recognition systems, however, do not require direct contact with a person and these biometric systems are capable of capturing identification data without the cooperation of the person to be identified.
One trait especially suited for non-cooperative identification is an iris pattern in a person's eye. The human eye iris provides a unique trait that changes little over a person's lifetime. For cooperative iris recognition, the person to be identified is aware of an image being taken and the captured image is a frontal view of the eye. Non-cooperative iris image capture systems, on the other hand, obtain an iris image without a person's knowledge of the data capture. Thus, the subject's head is likely moving and his or her eyes are probably blinking during iris image acquisition. Consequently, the captured image is not necessarily a frontal view of the eye.
While current biometric systems, including systems using the iris, are already used modern society, they also have drawbacks. One such drawback is the danger that a biometric parameter may be compromised or “stolen” by a malicious party. For example, hypothetical person Alice may have an image of her iris registered with a current biometric identification system. Alice's iris is not a secret as any photograph of Alice's face likely shows her eyes, and any party with a camera could take a photograph of her eyes as well. If Bob is a malicious party, he could acquire a valid image of one or both of Alice's eyes and use those images to convince a biometric system that Bob is in fact Alice. With a convincing enough model of Alice's iris, Bob could fool the camera of a biometric system into thinking that he is in fact Alice. This problem is compounded by the fact that some modern biometric identification systems use computer networks such as the Internet to transmit images to remote databases, allowing Bob to bypass the camera and submit false image data directly to the biometric system.
The above scenario presents grave problems for Alice. Once Alice's relevant biometrics such as images of her eyes are known, any attacker that can produce a reasonable facsimile of Alice's biometrics may spoof a biometric system. Alice's irises are not secrets, and they cannot be changed in any practical manner if an attacker duplicates them. Thus, in current biometric systems it is practically impossible to tell the difference between Alice and Bob, if Bob is able to make a duplicate of Alice's biometrics convincing enough to spoof an automated system. Recent proposals to improve the security of these biometric systems describe “cancelable biometrics” wherein a non-invertible or one-way transformation is applied to the biometric image data using cryptographic techniques (see N. K. Ratha et al., Enhancing Security and Privacy in Biometrics-Based Authentication Systems. IBM Systems Journal, 40(3):614-634, 2001). These methods employ a non-invertible transformation to hide the true biometric pattern and produce many different unique patterns that may be replaced or “canceled” if one unique pattern were to be compromised by an attacker (see also M. Savvides et al., Cancellable Biometrics Filters for Face Recognition, Proc. Int'l Conf. Pattern Recognition, vol. 3, pp. 922-925, 2005; J. Zuo. et al. Cancelable Iris Biometric Pattern Recognition, 2008. 19th International Conference on Pattern Recognition, 2008) However, all these systems have the negative side-effect of making identification less accurate. A method of biometric identification that allows for both cooperative and non-cooperative imaging, improves the accuracy of identification, and allows for the cancellation of a compromised biometric signature would be beneficial.