Applying Iris Images to PIV Cards

New Guidance from NIST Details Biometric Advances
Applying Iris Images to PIV Cards

New guidance from the National Institute of Standards and Technology should help organizations incorporate iris images as biometric identifiers on personal identity verification cards.

See Also: Rethinking Enterprise Authentication, A Better Way to Handle Authentication

NIST Special Publication 800-76-2: Biometric Data Specifications for Personal Identity Verification also incorporates on-card fingerprint comparison as options for federal government-issued smart cards.

Organizations could choose to add iris images as an alternate biometric over fingerprints, because, for some users, fingerprint collection can be difficult. At times, NIST says, the fingerprints are too dry to yield a good image, and lotions, wounds or illness also can make for poor images. The guidance shows how agencies could opt to use two biometric sources to avoid such circumstances.

NIST researchers determined that an iris image compressed to 3 kilobytes provides enough detail to accurately recognize an individual iris. "More importantly, this iris standard ensures that the iris data is interoperable, that is, it can be exchanged easily between cameras and readers from different makers and across the world," says Patrick Grother, NIST biometric testing project leader.

The iris standard, ISO/IEC 19795-6, was published in late 2011.

Interoperability Across Agencies

NIST explains that standardized compact images of one or both irises can be loaded on the PIV card for compact on-card storage and fast reading times.

The document provides performance specifications for iris biometrics to assure high accuracy and provides specifications for iris cameras to guide implementers on camera selection. These standards-based elements support interoperability within and across agencies using iris recognition technology.

The on-card comparison for fingerprints is aimed to improve privacy. The NIST specifications describe how to place one or two compact fingerprint templates and a recognition algorithm on the card. When users want to sign a document digitally or open a secure file, for example, they can place their fingers on a reader attached to the keyboard to verify their identity. Employees now must type in a personal identification number for matching, which is subject to error and misuse.

NIST also says its scientists are working on another project to evaluate how quickly irises age. Using two data sets with hundreds of thousands of iris images collected from frequent travelers in airports, the scientists found no significant deterioration in recognition over nearly a decade. NIST says its measurement suggests that irises would meet the PIV requirement that biometric data should be viable over a 12-year period.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.