Government Technology

Iris-Scan Authentication Cuts Fraud in Connecticut Vehicle Emissions Testing

June 17, 2005 By

With the help of increasingly sophisticated digital imaging techniques, advanced software processing algorithms and faster computing speeds, the measurement of human biometrics has become a practical tool applicable to everyday system user authentication. This article examines one such application where user authentication via iris scan has successfully migrated out of the clean and controlled office environment into the less friendly realm of automotive repair shops. An iris-scanning application provides the Connecticut Department of Motor Vehicles with certainty and traceability regarding the identity of some 1,300 licensed inspectors performing government-mandated emissions tests in hundreds of private enterprises throughout the state.

In the post-911 environment of increased emphasis on security, biometric authentication of system users has received considerable focus as more business and government agencies seek to overcome the shortcomings of badge-and-pass code identification. Those shortcomings include high administrative costs as well as reduced certainty of authentication due to pass code and card sharing or theft.

Biometrics is synonymous with "biometry," the statistical study of biological phenomena. In our case biometrics more specifically refers to measuring unique physical characteristics for verification of personal identity. A number of biometric measurement techniques have been developed and are commercially available, including analysis and characterization of the human iris, fingerprints, hand, voice, face and even vein patterns.

In March of 2001 the National Physical Laboratory (NPL) in Middlesex, U.K. -- the UK's national standards laboratory -- published a study evaluating the efficacy of all six of these biometric authentication methods.(1)

The biometric study was conducted by NPL's Centre for Mathematics and Scientific Computing and it rigorously evaluated various biometric authentication devices using 200 volunteer subjects. NPL found that, when compared to the other five biometric identification methods, the iris-scanning method was the most accurate. Test subjects were "enrolled" onto the iris scan system by sitting before a small, special purpose digital camera and waiting a few seconds for the associated computer and software to characterize and memorize the unique patterns within the detail of one of their irises. From there the subject was invited back for multiple attempts at iris identification over a period averaging 55 days. The procedure on the follow up visits involved seeing whether the iris-scan system would accept or reject the subject's claimed identity based on comparing the current iris scan with the iris scan stored during enrollment. It also involved seeing if the system would accept them under a falsely claimed identity.

An inspector logs in. The iris scanner is the small tilted object on the table, below and to the left of the Vehicle Identification Number bar-code scanner. The inspector's eye appears on the top left of the monitor.

NPL found that the iris scan system had an impressive zero false acceptance rate, meaning that it never accepted a person claiming a false identity. Its false rejection rate -- meaning the frequency with which it denied access unfairly -- was only 1.8 percent for single tries and less than 0.2 percent when a legitimately enrolled subject tried as many as three times to get system access. All of the other biometric methods had false acceptance rates dramatically higher.

In general, where the sensitivity of a biometric measurement system is adjustable, there is a trade off between false rejection rates (legitimate user denied access) and false acceptance rate (illegitimate user allowed access). As the machine is adjusted to reduce the probability of letting an illegitimate user gain access, the number of legitimate users denied access tends to go up. For example, according to the NPL study, when the various systems tested operate so as to achieve a false acceptance rate of 0.01 percent (1 in 10,000 illegitimates gain access) the percentage of legitimate users that would be denied access is shown in

| More


Anonymous    |    Commented February 13, 2007

I've been in this program 24 years -- give me a car and I'll get past the iris scan in 15 mins.

Anonymous    |    Commented February 13, 2007

I've been in this program 24 years -- give me a car and I'll get past the iris scan in 15 mins.

Anonymous    |    Commented February 13, 2007

I've been in this program 24 years -- give me a car and I'll get past the iris scan in 15 mins.

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
McAfee Enterprise Security Manager and Threat Intelligence Exchange
As a part of the Intel® Security product offering, McAfee® Enterprise Security Manager and McAfee Threat Intelligence Exchange work together to provide organizations with exactly what they need to fight advanced threats. You get the situational awareness, actionable intelligence, and instantaneous speed to immediately identify, respond to, and proactively neutralize threats in just milliseconds.
Better security. Better government.
Powering security at all levels of government with simpler, more connected IT.
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
View All

Featured Papers