At the entrance to "The Vault," the most secure room within the most protected building operated by security services provider Symantec, an iris recognition system stands guard as the last line of defense.
Employees who make it this far have already swiped access cards and entered PINs at the building's main door, and then placed their fingers in a biometric reader to move beyond the lobby. But the high accuracy rate of iris recognition technology, which uses near-infrared cameras to take a picture of a subject's iris and then applies specialized algorithms to encode the image and match it to an existing record on file, makes it an ideal access control choice at this point. After all, this high-security area holds the cryptographic keys to Symantec's certificate authority business, which provides e-commerce security services to many organizations.
[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
"We have to make sure that no individual can compromise those cryptographic tokens, [and] iris recognition has higher accuracy and less likelihood of false positives," says Paul Meijer, senior director of infrastructure operations at Symantec's identity and authentication division.
Symantec's use of iris recognition technology for an access control system in a setting where security requirements are high and cost is no object represents a classic application of the technology. But as prices have come down and the systems have become easier to use, the technology has been slowly gaining ground in more ordinary business settings in industries such as banking and healthcare.
"Cost has perennially been an issue with iris, but this trend is quickly changing," as cameras, recognition algorithms and software have all improved, says Ram Ravi, a research analyst at Frost & Sullivan.
One reason for the rise in innovation that led to those improvements: the 2005 expiration of a key patent on the mathematical representation of the iris that previously limited what competitors could do. Since that time, open standards have been developed, says Patrick Grother, director of biometric standards and testing at the National Institute of Standards and Technology (NIST).
Until relatively recently, iris recognition systems were mostly deployed by governments, not by businesses, partly because they're so expensive. The largest use of iris recognition today is the Unique Identification Authority of India (UIDAI) project. That initiative, recently recognized by the Computerworld Honors Program, includes iris recognition as part of a national ID system designed to help provide social services for 400 million citizens.
The technology is now making its way to the consumer end of the spectrum. "The use of iris recognition in mobile phones is expected to see a considerable uptake," Ravi says.