Adoption of Iris-Based Authentication S. Mohammadi1, A. Kaldi2 1
Industrial Engineering Department, K. N. Toosi University of Technology, Tehran, Iran,
[email protected] 2 Industrial Engineering Department, K. N. Toosi University of Technology, Tehran, Iran,
[email protected]
Abstract - Even though iris-based systems have proven to be very promising in a world where security is crucial, surprisingly enough, this means of authentication has not been given a very warm welcome from the users. In order to appropriately confront this issue, critical success factors of the deployment of networked-based systems for iris authentication namely technical, human, and implementation aspects, as well as necessary policies and standards - need to be carefully considered. One of the major success factors is the adoption issue concerning this relatively new technology. The decision to adopt iris-based authentication is influenced by many factors, including user characteristics, social factors, and technology characteristics. Addressing these key factors is extremely valuable for the successful implementation of iris-based technology. Keywords - Authentication, biometrics, iris recognition, technology adoption
I. INTRODUCTION Authentication is a fundamental component of human interaction with computers, specifically for e-commerce applications in a networked environment [1], [2]. Currently, many authentication mechanisms are based on users’ PIN, passwords, ID cards or physical key. However, due to their deficiency in providing a high level of security - since they can be copied, inspected and/or stolen - great efforts have been made to find an alternative means for this purpose [1]. In recent years, with the continuous increasing demand for security and the development of information technology, personal authentication/identification based on biometrics has become a very active topic in both research and practical applications [3]. Biometrics identification and recognition systems authenticate a person by analyzing the unique characteristics of human physiological or behavioral biometric traits [4]. Of all the biometrics technologies used for human authentication today, it is generally conceded that iris recognition is the most promising [3]. This is due to its low error rates, nearly null false acceptance rate; also, since the iris is an overt body, iris recognition systems can be noninvasive to their users, which is a very important factor for practical applications [5]. Given that the iris pattern contains much more complex features than any other biometric, the iris recognition technology makes it possible for the user to get reliable performance with relatively vast amount of population [4].
In the following, initially, the basics of an iris-based system and its applications are reviewed. The manner, by which such a system works is then considered, followed by a discussion of critical success factors of nation-wide implementation of the technology. Subsequently, a review of the relevant factors concerning the adoption of biometric technology for means of authentication is presented, and a model is proposed based on these factors to illustrate the adoption of iris-based technology. Finally, in conclusion, suggestions are made to further help, and remedy possible setbacks, with the deployment of irisbased authentication/identification for national, and even international, practice. II. IRIS-BASED SYSTEMS Herein, we present a description of the human iris, along with a background of iris-based systems followed by some of the current and future applications of such systems. A. Background The iris has been historically recognized to possess characteristics unique to each individual. In the mid 1980s, two ophthalmologists, L. Flom and A. Safir, proposed the concept that no two irises are alike. They researched and documented the potential of using the iris for identifying people and were awarded a patent in 1987. Soon after that, J. Daugman developed an intricate and sophisticated algorithm that brought the concept to reality and patented in 1994. [6] Iris is the colored ring of tissue that surrounds the pupil of the eye. More specifically, the iris is a thin, contractile, pigmented diaphragm with a central aperture called the pupil. It is a part of the human eye which acts like a photo-receptor converting information in the form of light energy to nerve activity (electrical spikes). These electrical spikes are subsequently relayed to the optic nerve and the brain, where further information processing occurs, resulting in the identification and recognition of incoming visual information [7]. The potential of the human iris for biometric authentication/identification comes from the anatomy of the eye. The iris is an extraordinary structure that contains abundant textural information which is unique to each individual [8]. Shapes in the iris (such as freckles, coronas, stripes, furrows, and etc.) can be considered as elementary components of the iris texture. Thus, shape information, the location of the
shape, and the general texture can provide valuable information that can be used for iris authentication and identification [7]. Iris recognition uses pattern recognition techniques based on higher-solution images of the iris. A model of the iris is based on shape of the iris as well as its patterns and colors. Responses of the iris to changes in light can provide an important secondary verification that the iris presented belongs to a live subject. The technical performance capability of the iris recognition algorithm far surpasses that of any other biometric technology now available. Objective measures, such as a cross-over error rate, are at levels that cannot be reached by other biometrics. Daugman has developed a method for representing the iris image by iris codes. User authentication and identification is achieved by forming a binary code from a processed image of the iris. The biometric matcher computes the Hamming distance between the input and stored database codes and compares it with a threshold to determine whether the two biometric samples are from the same person or not. The algorithm is designed for rapid (seconds) exhaustive search of very large databases; a distinctive capability required for authentication today. [4], [7] B. Why iris-based authentication? Having an iris-based authentication system can bring us a list of benefits, for instance [5], [1]: • Resistance to false matching and exceptionally high levels of accuracy, due to the unique textures of the iris • Stability of characteristic over lifetime, since the iris is an internal organ that is well protected against damage and wear • Suitability for both physical and logical access (in both verification and identification cases) • Externally visible and noninvasive to the user, unlike the retina scan • Efficient encoding and search speed (Of course, it depends on the algorithm)
C. Applications and Future Forecast Iris technology takes up only 7% of the biometric market [9]. A number of factors that appear to have contributed towards little commercial success of irisbased systems may include [10]: • exaggerated claims or hype of early systems • inadequately developed, expensive or unfriendly user interfaces • a lack of social acceptance (for instance, the misconception of physical harm by scanning or misuse of personal information) Even so, iris technology is predicted to be an important part of a wide range of applications in which a person's identity must be established or confirmed. In general, these cover financial transactions including electronic commerce, information security, entitlements authorization, building entry, automobile ignition, forensic and police applications, computer login, or any other transaction in which personal identification currently relies just on special possessions or secrets [5]. It is imaginable that a large future world wide identification system for individuals will store iris images as unique patterns of persons. III. IRIS RECOGNITION IMPLEMENTATION First, we illustrate how an iris based system works. Then, the critical success factors for nation-wide implementation of such a system are inspected. A. How an Iris-based System Works Before we begin, notice that there is difference between verification and identification. The most common use of biometric is verification. Biometric system verifies user based on the information provided by the user. Identification is used to determine who the subject is without information from the subject. Identification is complicated because the system must perform a one-tomany comparison of images, rather than a one-to-one comparison performs by a verification system. The needs of environment will dictate which system is chosen. [10]
On the other hand, this technology also has its deficiencies, including [1], [2]: • Difficulty of usage, since acquisition of the image requires moderate training and attentiveness in the non-automatic systems • False non-matching and failure to enroll, due to poor image quality of a small moving target, sometimes obscured by eyelashes, lenses, and/or reflections • User discomfort with eye-based technology • Need for a proprietary acquisition device for deployment
Fig. 1. How a biometric system works; Adapted from Ganorkar & Ghatol, 2007
Figure 1, is pretty self-explanatory. It describes the process involved in using a biometrics system for security. A basic biometric system is made up of [5]: • a sensor to record the biometric trait • a computer unit to process and eventually save the biometric trait • an application, for which the user's authentication is necessary The iris identification is basically divided into four steps [5]: 1. 2. 3. 4.
Capturing the image Defining the location of the iris Feature extraction Matching
IV. ADOPTION OF IRIS-BASED AUTHENTICATION Adoption is the stage of technology diffusion in which an individual or organization decides to select a technology for use [13]. Regarding users' adoption (also referred to as acceptance), many theories and models exist in the literature, including Theory of Reasoned Action (TRA), Technology Acceptance Model (TAM), Motivational Model (MM), Theory of Planned Behavior (TPB), Combined TAM and TPB (C-TAM-TPB), Model of PC Utilization (MPCU), Innovation Diffusion Theory (IDT), and Social Cognitive Theory (SCT) [14]. Figure 2 shows the Technology Acceptance Model (TAM), one of the most widely applied models regarding technology acceptance [14]. It considers perceived usefulness and perceived ease of use as the main determinants of technology acceptance. In this paper, the adoption of irisbased technology is based on this model.
In the Daugman system - based on a study by Vatsa et al. (2004), Daugman's algorithm for iris recognition has the highest accuracy [11] - for iris recognition, the texture of the iris is represented using Gabor wavelet responses and the matcher is an extremely simple and fast Hamming distance measure [7].
Fig. 2. TAM; Adapted from Davis, 1989
B. Critical Success Factors of Deployment
A. Adoption of Biometric Technologies
The critical factors that account to the successful deployment of iris-based authentication/identification systems are as follows [12]:
Researchers have inspected the factors that influence the intention to adopt (accept) biometric technologies and have come up with various findings. Table 1 provides a summary of their work.
Iris-based technology has been mainly used for pointof-access to a secure area (e.g. in a building); however, it also has a great potential for online usage. Networked irisbased access systems should consider the following attributes [10]: • Authorization to occur across a network to centralized access server(s) • A robust biometric capable of use with systems handling large user populations • Greater assurance of the system end-to-end security, using advanced cryptographic methods • Limited access in case of network failure
Theories / Models Used
TABLE I RESEARCH ON THE ADOPTION OF BIOMETRIC TECHNOLOGIES Reference
• Technical factors, including biometric performance, end-to-end performance, designing applications, interoperability, and infrastructural issues. • Human factors including user psychology, individual characteristics (ethnicity, age and gender), scalability, and usability. • Implementation factors including training operational personnel, training users, the enrollment process, the environment, installation and commissioning, and technical support. • Standards and policies for security, data formats, and application development.
[15]
TAM2
[16]
-
[17]
TAM
Influential factors
• • • • • • • • • • • • • • • • • • • • • •
Subjective norm Image Job relevance Output quality Result demonstrability Experience Voluntariness Perceived usefulness Perceived ease of use Perceived relative advantage Perceived risk Ability Technology anxiety Previous experience Demographics Attitude Subjective norms Perceived risk to privacy Perceived usefulness Perceived ease of use Compatibility Trialability
Reference
Theories / Models Used
TABLE I Continued
[18]
-
[19]
TAM
[20]
-
[21]
TAM
[22]
-
[23]
-
Influential factors
• Environment (Authority adoption) • Media intervention • Subjective norms • Facilitating conditions User perceptions: • Perceived usefulness • Perceived ease of use Social factors: • Trust • Security • Privacy Social issues: • Security concerns • Privacy concerns • Cultural & religious stigmas • Health concerns Legal issues Human factors: • Iris individuality • Gender • Age • Ethnicity • Occupation • Percentage of population unable to enroll Technical & implementation issues: • Accuracy (Performance) • History of usage • Cost & availability • Convenience • User training & education • Enrollment process • Sensor placement • Perceived need for security • Perceived need for privacy • Perceived physical invasiveness • Perceived usefulness • Perceived ease of use • Situational characteristics • Attitude toward innovation • New product attributes (value added) • Misuse of the technologies • Privacy • Identity theft • Physical harm
B. Adoption of Iris-based Technology Considering the influential factors based on previous research and the Technology Acceptance Model (TAM), the following model (figure 3) represents the thorough model with all the influential factors regarding the intention to adopt iris-based technology. The influential factors on the decision to adopt iris-based authentication systems is thus, divided into three main categories: user characteristics, social factors, and technology characteristics.
Fig. 3. Adoption model of iris-based authentication
V. CONCLUSIONS The model presented in this paper gives an overview of all the influential factors regarding the intention to adopt iris-based authentication. A few propositions that could help further acceptance of the technology, and in turn, its national practice, are as follows: •
•
• •
Strategic funding of research centers and small and medium sized enterprises working on this field, so as to encourage further development Working on cultural issues and leveraging expectations and resolving misconceptions of the technology, for instance through advertising Establishing enhanced infrastructural conditions as well as policies and regulations Notice that biometrics systems are not 100% reliable, not even iris-based ones; therefore, a combination of methods would further increase security.
Regarding the research at hand, future research is required to validate the soundness of the proposed model, and also the correspondence between the influential factors. Hopefully this paper will inspire further investigation of all aspects of the matter, such as infrastructure, standards, and many issues of the online application; and eventually, lead to the deployment of national iris-based authentication, also identification, systems so as to exploit their many advantages. REFERENCES [1] S. Nanavati, M. Thieme, & R. Nanavati. Biometrics: identity verification in a networked world. Wiley Computer Publishing, John Wiley & Sons Inc, 2002. [2] N. K. Ratha, J. H. Connell, & R. M. Bolle. Biometrics break-ins and band-aids. Pattern Recognition Letters, Vol. 24, 2003, pp. 2105-2113. [3] C. S. Chin, A. T. B. Jin, & D. N. C. Ling. High security iris verification system based on random secret integration.
[4]
[5]
[6] [7]
[8]
[9] [10]
[11]
[12] [13] [14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
[22] [23]
Computer Vision and Image Understanding, Vol. 102, 2006, pp. 169-177. J. H. Park, & M. G. Kang. Iris recognition against counterfeit attack using gradient based fusion of multispectral images. LNCS, Springer-Verlag, 3781, 2005, pp. 150-156. S. R. Ganorkar, & A. A. Ghatol. Iris Recognition: An Emerging Biometric Technology. International Conference on Signal Processing, Robotics and Automation, Corfu Island, Greece, 2007, pp. 91-96. Iridian Technologies. Iris Recognition Basics, science behind the technology. S. N. Yanushkevich, A. Stoica, V. P. Shmerko, & D. V. Popel. Biometric Inverse Problems. CRC Press, Taylor & Francis Group, 2005. S. Yoon, S. S. Choi, S. H. Cha, Y. Lee, & C. C. Tappert. On the individuality of the iris biometric. LNCS, SpringerVerlag, 3656, 2005, pp. 1118-1124. International Biometric Group, 2006. Biometric market by technology. M. M. Gifford, D. J. McCartney, & C. H. Seal. Networked biometrics systems: requirements based on iris recognition. British Telecommunications Technology Journal, Vol. 17, No. 2, 1999, pp. 163-169. M. Vatsa, S. Richa, & P. Gupta. Comparison of Iris recognition algorithms. Intelligent Sensing and Information Processing, 2004, pp. 354-358. J. Ashbourn. Practical Biometrics: from aspiration to implementation. Springer Professional Computing, 2004. M. Khosrow-Pour. Encyclopedia of information science and technology. Idea Group Reference, 2005. V. Venkatesh, M. G. Morris, G. B. Davis, & F. D. Davis. User acceptance of information technology: Toward a unified view. MIS Quarterly, Vol. 27, No. 3, 2003, pp. 425478. P. Faulkner. Consumer Acceptance of Biometric Technology within the UK National ID Card Scheme. Masters thesis, Business Administration program, Portsmouth Business School, 2005. M. Koller, & E. Judt. Consumers’ Acceptance of Biometric Identification Technology in Financial Services –First Findings and Implications. Taneja, A. Wang, & M. K. Raja. Assessing the Impact of Concern for Privacy and Innovation Characteristics in the Adoption of Biometric Technologies. Biometrics and e-Identity (e-Passport) in the European Union: End-user Perspectives on the Adoption of a Controversial Innovation. Giesing. User Perceptions related to identification through biometrics within electronic business. M. Com (Informatics), University of Pretoria, 2003. N. A. Green. Establishing Public Confidence in the Viability of Fingerprint Biometric Technology. Masters thesis, Brigham Young University, 2005. T. James, T. Pirim, K. Boswell, B. Reithel, & R. Barkhi. Determining the Intention to Use Biometric Devices: An Application and Extension of the Technology Acceptance Model. Journal of Organizational and End User Computing, Vol. 18, No. 3, 2006, pp. 1-24. D. Laux, L. S. E. Tao, & J. Triplett. Customer Acceptance of Biometric Technology in the Hotel Industry. 2007. C. Roberts. Biometrics. 2005.
