NIST releases iris biometric ID specification

Agency says Notre Dame study on iris aging overstated effect

A long-awaited specification for biometrics--including iris images--on federal identity cards saw light on July 12 after its release by the National Institute for Standards and Technology.

The specification (.pdf), NIST Special Publication 800-76-2, recommends that iris records on federal identity cards include just a single iris, since "a single eye will be read faster and its digital signature can be accessed and verified faster."

NIST says that iris biometrics are an alternative to fingerprint biometrics. "At times, the fingerprints are too dry to yield a good image, and lotions, wounds or illness also can make for poor images," it notes.

The suitability of iris scans as a biometric came under some question following the July 2012 publication of a Notre Dame University study that found aging produces changes in irises over time. The study concluded that as little as 3 years' worth of aging can negatively affect the false positive rate of a state-of-the art iris matcher.

But a NIST review of the Notre Dame study and analysis of separate data encompassing 9 years' worth of samples finds that the university overstated the effect of aging, says Patrick Grother, a primary author of SP 800-76-2.

Notre Dame overlooked the effect that pupil dilation had on its three-semester-sized sample, Grother said, so it misconstrued the data to find an aging effect.

Iris recognition algorithms are sensitive to dilation, Grother said, but normalize pupil size when presented with typical ranges of variation. NIST published its findings in an interagency report (.pdf) also released July 12.

NIST data implies that iris samples would match individuals for decades without aging effecting the sample, Grother said.

Even so, another NIST document that binds agency identity card practices, Federal Information Processing Standard Publication 201, is about to be re-published under a new revision, and it will require agencies to refresh biometric samples for identity card use at least once every 12 years, Grother said.

For more:
- download NIST 800-76-2 (.pdf)
- download the NIST interagency report, "Temporal Stability of Iris Recognition Accuracy" (.pdf)
- go to the NIST statement about the release of the special publication
- go to the NIST iris homepage

Related Articles:
Iris biometric susceptible to error over time
NIST promises iris biometric ID standard soon
DHS seeks to upgrade ID system to include facial and iris scans