In the previous article, expert Ravi Das introduced the physiology of the retina and provided background on the development of retinal scanners. Here, he continues the topic of retinal recognition technology by examining its strengths and weaknesses.
All biometric technologies are rated against a set of performance standards. As far as retinal recognition is concerned, there are two performance standards: the False Reject Rate, and the Ability To Verify Rate.
The False Reject Rate (FAR) describes the probability of a legitimate user being denied authorization by the retinal scanning system. Retinal recognition is most affected by the False Reject Rate.
This is because the factors described above have a tangible impact on the quality of the retinal scan, causing a legitimate user to be rejected. Also, the Ability to Verify Rate describes the probability of an entire user group being verified on a given day. For retinal recognition, the relevant percentage has been as low as 85%. This is primarily attributable to user-related concerns and the need to place one’s eye in very close proximity to the scanner lens.
The strengths and weaknesses of retinal recognition
Just like all other biometric technologies, retinal recognition has its own unique strengths and weaknesses.
The strengths of retinal recognition are:
- The blood vessel pattern of the retina rarely changes during a person’s life (unless he or she is afflicted by an eye disease such as glaucoma, cataracts, etc.).
- The size of the actual template is only 96 bytes, which is very small by any standard. In turn, verification and identification processing times are much shorter than they are for larger files.
- The rich, unique structure of the blood vessel pattern of the retina allows up to 400 data points to be created.
- As the retina is located inside the eye, it is not exposed to threats posed by the external environment. For other biometrics, such as fingerprints, hand geometry, etc., the opposite holds true.
The most relevant weaknesses of retinal recognition are:
- The public perceives retinal scanning to be a health threat; some people believe that a retinal scan damages the eye.
- User discomfort about the need to position the eye very close to the scanner lens.
- User motivation: of all biometric technologies, successful retinal scanning demands the highest level of user motivation and patience.
- Retinal scanning technology cannot accommodate people wearing glasses (which must be removed prior to scanning).
- At this stage, retinal scanning devices are very expensive to procure and operate.
As retinal recognition systems are user invasive as well as expensive to install and maintain, retinal recognition has not been as widely deployed as other biometric technologies (particularly fingerprint recognition).
Retinal recognition has primarily been used in combination with access control systems at high security facilities. These include military installations, nuclear facilities, and laboratories. One of the best-documented applications involves the State of Illinois, which used retinal recognition to reduce welfare fraud by identifying welfare recipients (thus preventing multiple benefit payments). This project also made use of fingerprint recognition.
How does retinal recognition rate against accepted criteria of biometric technologies?
Retinal recognition can also be compared to the seven criteria the other technologies have been compared to. But while retinal recognition does possess some very significant advantages, overall, it does not fare as well (meaning the negatives far outweigh the positives) which seriously limits and curtails its adoption rate in the marketplace.
- Universality: Virtually everybody, unless they have some extreme form of blindness, possesses a retina, thus at least on a theoretical level, people can have their retina scanned.
- Uniqueness: As described, every retina is unique, even amongst identical twins. This is probably its greatest strength.
- Permanence: Unlike the other physiological components of our bodies, the biological fundamentals of the retina hardly change in the lifetime of the individual. But it should be noted that if anything affects the iris, then the retina can be subject to degradation as well. Also, it should be noted that the retina is prone to degradation as well via diabetes, glaucoma, high blood pressure, and even heart disease.
- Collectability: The scan area of the retina is very small, and the end user must place their eye in a very user invasive eye receptacle. End users must also remove their contact lenses or eyeglasses in order for a quality scan to be captured. Because of this very constrained environment, the end user must remain cooperative, and the systems administrator must make sure that the retina is scanned in an appropriate time frame. If the latter doesn’t occur, the FTE (Failure to Enroll Rate) will be high.
- Performance: As a flip side to the user invasiveness involved, retinal recognition has extremely high levels of accuracy, in fact, it is claimed that the error rate is as low as one in one million.
- Acceptability: Retinal recognition works best with end users who are absolutely required to use it to perform their required job functions.
- Resistance to circumvention: It is almost impossible to spoof a retinal recognition system, and a live retina is required for either verification or identification to take place.
Because of the high expense and user invasiveness involved, retinal recognition is only used for ultra-high security applications, such as in the government and the military. As a result, there is a high level of preference given to iris recognition over retinal recognition.
The next article in this series will introduce the science of voice recognition, its fascinating history and the factors that can affect it.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.
Visit his website at mltechnologies.io