A Conversation with Jeff Carter

• Jan 03, 2011

After hearing about the plans Hoyos has to install an iris-scanning device in Madrid’s airport, we sat down with Jeff Carter, the company's chief development officer, to talk about how the device works and how it could possibly bring a paradigm shift to airport security.

Q. You used to work for Bank of America. Why the switch to the security industry?
A. There’s a lot of customer information out there in banking, as well as a huge problem with identity theft –  the numbers are absolutely staggering. I started noticing that the risk profile is so high that usernames, passwords and PINs aren’t going to cut it anymore to keep people’s identities and information safe. I always try to look five to 10 years out, and my sense was that everything’s going to be about identity – your ability to prove and control all your information is going to be the core of that.

Q. How does this iris-scanning technology work?
A. The iris has roughly 2,000 points that are variable from person to person, so it is very stable as a biometric template – its rate of error is one in 100 million squared. Your iris forms in the womb, and so that template stays very stable from the time you’re born until you die. A fingerprint, on the other hand, has 100 points, and courts require only eight to convict, because getting fingerprint data can get tricky depending on how the person rolled their finger, the environment and other factors.

With an iris, though, we capture all 2,000 points in each eye with every scan. So every time we do a scan, we compare all 4,000 of those points. The technology creates a 16,000-point identification template that’s encrypted at a final size of 2kb, and it also verifies that the subject is alive, ensuring that there is actually a live person their, having his or her eye scanned. Even if someone were to compromise the database, they couldn’t simply submit a template because the liveness verifier would see that there is not a live person there and would deny access. The capture itself happens at a distance, and it can happen when the person’s in motion.

Q.So how will this work with airport security?
A. There is a class of devices that provides perimeter security against threats: X-rays, millimeter wave technology and the sniffing technology that detects the scents of narcotics and explosives. Those are all defense mechanisms, not identification mechanisms. There’s a term in airport security called provenance, which refers to maintaining a state of security and history as a traveler makes their way through an airport security, ensuring the right person is at the right place at right time. Scanning people’s irises makes that provenance more secure by linking people’s identities to their irises.

Currently, all the identity checks at airports are manual. At the security checkpoint, someone makes sure you have a ticket and a matching ID. If you pass that, you go in the security zone, which makes sure you don’t have weapons. You pass through that to a waiting provenance area, to board a plane. Officials check when you board the plane that you have a boarding pass that matches the boarding manifest.

The way that iris-scanning technology works is that it handles the provenance from the time you come in until you board the plane. Your ticket and your identity are fused to your iris. Coming through that first stage, if you’re enrolled in the system, it passes you through to boarding. You do go through security X-rays and everything, and it matches you to the manifest as you’re boarding, too. Essentially, the technology handles the chain of custody of a person who is going through the chain of provenance in an airport. And it does it all without documents like boarding passes that can be forged.

It would be possible for a government to create a watch list through this identity management technology. A lot of problems come up now with watch lists because names are so similar. With iris scanning, there are no problems with the misidentification of names because your identity is sealed into your iris.

We’ve done testing and trials on the Mexican border, and officials have given us keen insights as to how to handle the workflow management to handle large volumes of people. The Madrid airport is the 11th-biggest airport in the world. If this technology can work in the Madrid airport, it can work anywhere else.