iris – Bredemarket

Daugman

Back in July 2023 I wrote a post about irises that referred to the last name “Daugman” a lot. With reason. The following paragraphs are adapted from that post.

Why use irises rather than, say, fingerprints and faces? The best person to answer this is John Daugman. (At this point several of you are intoning, “John Daugman.” With reason. He’s the inventor of iris recognition.)

Here’s an excerpt from John Daugman’s 2004 paper on iris recognition:

(I)ris patterns become interesting as an alternative approach to reliable visual recognition of persons when imaging can be done at distances of less than a meter, and especially when there is a need to search very large databases without incurring any false matches despite a huge number of possibilities. Although small (11 mm) and sometimes problematic to image, the iris has the great mathematical advantage that its pattern variability among different persons is enormous.

Daugman, John, “How Iris Recognition Works.” IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS FOR VIDEO TECHNOLOGY, VOL. 14, NO. 1, JANUARY 2004. Quoted from page 21. (PDF)

Or in non-scientific speak, one benefit of iris recognition is that you know it is accurate, even when submitting a pair of irises in a one-to-many search against a huge database.

Daugman died the year after I wrote my 2023 post, but his biography and accomplishments are listed here.

Daugman received A.B. and Ph.D. degrees at Harvard University and taught there before joining Cambridge University, where he was Professor of Computer Vision and Pattern Recognition. He also held chairs at universities in Europe and Japan. His honors included the Information Technology Award of the British Computer Society, and the OBE, Order of the British Empire.

When Everyone Goes Multimodal: Iris ID and Faces

I’ve previously discussed the difference between the terms “multimodal” and “multifactor.”

Multimodal is often (though not exclusively) used to discuss the use of different biometric modalities. For example, when Motorola’s Biometric Business Unit was acquired, we joined an organization (Sagem Morpho) that specialized in three biometric modalities: finger, face, and iris.

From Sandeep Kumar, A. Sony, Rahul Hooda, Yashpal Singh, in Journal of Advances and Scholarly Researches in Allied Education | Multidisciplinary Academic Research, “*Multimodal Biometric Authentication System for Automatic Certificate Generation*.”

As you can imagine, the “which biometric is best” wars simply do not apply to the multimodal folks. Unlike someone committed to tongue biometrics because that’s all they do, a multimodal biometric vendor can say “this one’s best here, this other one’s best there.”

So I was a bit surprised to see the recent Biometric Update article, “Iris ID debuts in NIST FRTE 1:1.”

Iris ID is known for…well, irises.
FRTE is a face test.

I had some catching up to do.

After all, I was aware of the history of Iris ID (yet another New Jersey iris company) and its spinoff from LG, and although I don’t think I’ve ever met Mohammad Murad, I’ve certainly heard of him.

But Iris ID has branched off from just irises. Here’s what it exhibited at Identity Week America in September 2025:

“Highlighted in the Iris ID booth are the latest advances in multi-modal biometric technology, where iris and face recognition are combined in fully contactless solutions. These innovations are designed to deliver fast, frictionless throughput while ensuring accuracy and reliability, even in high-throughput environments.”

For what it’s worth, the Iris ID “001” algorithm tested in NIST FRTE 1:1 wasn’t an overwhelming world-beater, not even cracking the top 100 in any of NIST’s many, many categories (the best performance was in BORDER:BORDER).

But everyone has to start somewhere.

Just don’t get eyes and faces confused.

View this post on Instagram

A biometric product marketing writer can help.

On Melanin

If you’re examining a person’s fingerprints, palm prints, face, and irises, you need to understand melanin.

The Cleveland Clinic goes into great detail on melanin, but for now I’m going to concentrate on one item.

There are three types of melanin, two of which affect the skin, eyes, and hair.

Eumelanin. There are two types of eumelanin: black and brown. Eumelanin is responsible for dark colors in skin, eyes and hair. People with brown or black hair have varying amounts of brown and black eumelanin. When there’s no black eumelanin and a small amount of brown eumelanin, it results in blonde hair.

Pheomelanin. This type of melanin pigments your lips, nipples and other pinkish parts of your body. People who have equal parts eumelanin and pheomelanin have red hair.

Melanin obviously affects the coloration of your skin, although some parts of your body (such as your fingertips) may have less melanin than other parts (such as your face).

Concentrating on fingertips and faces (and ignoring irises for the moment), let’s look at a situation where we use an optical mechanism (such as an optical fingerprint reader or a camera), along with available illumination, to photograph fingers and faces of people with varying skin tones.

But what if your entire photographic system is based upon reference materials optimized for light melanin levels? As late as the 1970s, Kodak’s reference materials, called “Shirley cards” after the first model, used to exclusively white people.

In the 1970s, photographer Jim Lyon joined Kodak’s first photo tech division and research laboratories. He says the company recognized there was a problem with the all-white Shirley cards.

“I started incorporating black models pretty heavily in our testing, and it caught on very quickly,” he says. “It wasn’t a big deal, it just seemed like this is the right thing to do. I wasn’t attempting to be politically correct. I was just trying to give us a chance of making a better film, one that reproduced everybody’s skin tone in an appropriate way.”

So hopefully today optical devices are properly capturing fingers, faces, and irises of people at all melanin levels.

Or is this wishful thinking?

The Biometric Product Marketing Expert For…Which Biometrics?

My professional experience spans DNA, face, friction ridge, iris, and voice.

But I’ve looked at many other modalities.

Biometric product marketing expert.

See the full list here.

An Iris is Bidirectional

A human looks out from an iris to see things.

A biometric reader looks toward an iris to identify an individual.

Retinal Identification

First, the iris and the retina are not synonymous.

NIH National Eye Institute, Public Domain. Link.

Second, while the iris can be used for biometric identification, so can the retina. People are identified by their blood vessels in their eyes. But there are complications, according to the Biometrics Institute:

“Retina recognition is one of the most accurate biometric applications but a number of common eye conditions and diseases (for example, cataracts, diabetes, glaucoma) can affect the arrangement of the blood vessels and consequently alter the pattern used for biometric recognition.”

Another Type of Interception: the Iris Template Replay Attack

While much of the world continues to play football, American “football” wrapped up this month at the professional level with the “Commercials, Concerts, And a Sports Show”(tm).

During the game, New England Patriots quarterback Drake Maye threw two interceptions, or throws that were received by players on the opposing them (the Seattle Seahawks).

But what if Maye were throwing iris templates? And what if the defending Seahawks used the intercepted data in injection attacks?

Bet you didn’t think I was going there.

Iris template replay attacks

Facial data (from companies such as FaceTec and iProov) isn’t the only type of data that can be protected by injection attack detection. You can inject data from any type of biometric to bypass the capture device.

One type of injection attack is a template replay attack. It works something like this:

For this example assume that I am a legitimate subject and an authorized user, and the biometric workstation captures my iris.
Rather than sending the entire iris image to the server, it converts the image into a template, or a much smaller mathematical representation.
The biometric workstation transmits this template to the server. BUT…
The evil fraudsters use some type of malware to intercept my iris template and save it for future mischief. Unfortunately, unlike a football interception seen by over 100 million people, no one realizes that this iris “interception” happened.
Later, when a fraudster wants to gain access to the biometric system, they perform an injection attack. Rather than capturing the fraudster’s iris at a workstation and sending that template to the server, the fraudster performs a “replay” and “injects” my intercepted iris template into the workflow.
The server receives my iris template, thinks I am accessing the system, and authorizes access.
The fraudster does bad things.

Iris template replay attack detection

How do you prevent an iris template replay attack?

First you have to detect it. Perhaps the system can detect that the template is not from a current iris capture, or that the template originated somewhere other than an iris workstation.

Once you detect it, you can reject it. Fraudster denied.

Of course this applies to any biometric template: fingerprint, face, whatever.

Injection attack detection, when implemented, is just another tool embedded in the biometric product.

Biometric product marketing expert. Look at his eyes.

The Orb At The Gap

I missed this January story. Apparently World installed an iris-reading Orb inside a San Francisco Gap store…for better visibility.

“At Gap, we believe in originality, authenticity — what makes us human,” the plaque reads. “That’s why we’re partnering with World, to bridge the gap between humans and technology.”

However, it seems to be a visibility stunt. Gap doesn’t care whether its clothing is purchased by humans, and it would be delighted to sell individuals multiple pairs of jeans, even if they had previously purchased a pair.