Iris Recognition Readers Protect CERN

By Mohammed Murad

Since 1954, scientists at the European Organization for Nuclear Research (better known by its French acronym of CERN), have made significant discoveries seeking to understand the fundamental structure of the universe. CERN’s people, equipment and work are virtually irreplaceable, making security a very high priority.

The organization, located near Geneva, along the French-Swiss border, is a truly international effort. CERN has 21 member states and maintains scientific contacts with more than 50 other countries around the world. Among its achievements are two Noble Prizes for physics. CEERN scientists recently discovered the Higgs Boson, an elementary particle of crucial importance to particle physics theory. Today’s ubiquitous World Wide Web resulted from a CERN project to facilitate sharing of information among its far-flung scientific community.

Since 2008, iris biometric technology from Iris ID has played a vital role in helping to secure two of CERN’s major facilities. Last year, 25 new biometrically controlled, security access points were added to the radiological area of CERN’s Proton Synchrotron (PS) accelerator area. Another 55 readers have been used since 2008 to access the Large Hadron Collider (LHC), CERN’s main underground particle collider, which hosts most of the organization’s experiments.

The LHC is a 27-kilometer circular tunnel. Particles gain velocity as they speed around the tunnel – nearing the speed of light – before eventually colliding with one another or a stationary target. The results of these collisions are detected, recorded and shared with scientists via the Internet.

Located 100 meters underground, the LHC is accessed at various points via small airlocks. As employees walk in, infrared beams measure movements and trigger an alarm if more than one person is detected. A pad in the floor also sets off an alarm if it senses abnormal weight variations.

Inside the airlock, scientists and other CERN employees stand in front of the iris recognition reader for identity authentication. If there is a match with a registered iris, a second door opens allowing access into the restricted area. The extra precautions eliminate a process known as “piggybacking,” during which multiple people enter an area on a single credential.

Not every area is open to all employees. They are only allowed access to those areas required for them to complete their work. The iris-recognition system maintains an audit trail allowing CERN administrators to check who has entered certain areas and when.

Peter Ninin, CERN’s head of safety systems and engineering, said about 10,000 scientists, technicians and long-term visitors are registered in the iris recognition database. Each day, about 3,000 people access the LHC or the Proton Synchrotron (PS) accelerator complex that feeds the circular tunnel. One reader protects the main entry into the accelerator; the rest are located outside specific work areas.

“The LHC access control systems are state-of-the-art,” said Ninin. “These systems also provide personnel with automatic protection by limiting access to hazardous areas and by ensuring that nobody is present in the areas when the accelerator is in operation. With the increased automation, the security systems enable us to reduce losses in running time by limiting the number of our patrols.”

The security project required laying tens of kilometers of cables to connect the new devices to the main control center located at ground level nearby. Commissioning tests for each area assured the systems worked before being opened to employees.

Ninin said the large-scale project required a complete rethinking of how to integrate the disparate parts. His group worked with CERN’s radiation protection teams to create a buffer zone around the PS to enable the radiological monitoring of materials and equipment being removed from the accelerators and experimental areas. The density of facilities in the accelerator buildings made it difficult to find room for the new access air locks.

The team created three-dimensional models of the PS complex to help design the new infrastructure. That helped make it all fit and the models are now available for other CERN services to use.

Ninin said fingerprint identity verification was originally used at CERN. But employees and administrators objected to the physical contact with readers and requested something more hygienic. Hand geometry readers were considered, but dismissed for the same reason, along with the technology not being judged ready for a large-scale application.

The iris identification process is safe as it involves no contact, lasers or bright lights. During enrollment. CERN employees stand 10 to 14 inches away from the iris camera. That camera automatically accommodates for employees wearing glasses or contact lenses without compromising system accuracy. Also during registration, a person’s work permit and access authorizations are checked and noted in the stored record.

CERN

The iris, the colored part of the human eye surrounding the pupil, is like a snowflake – every one is unique. A subject’s left and right iris are as different from each other as they are from any other individual’s. Even identical twins have different iris patterns. The structure of the iris is stable by about one year in age and remains constant (barring significant trauma, or some ophthalmologic surgical procedures) over a person’s life.

As a result, iris recognition has the smallest outlier population of all biometric technologies. Few people can’t use an iris-based system as most people have at least one eye. In a few instances even a blind person has successfully used iris recognition as the technology is iris pattern-dependent, not sight dependent.

The camera captures more than 240 unique characteristics to create a template of each employee’s iris. The resulting 512-byte templates are encrypted and can’t be reverse engineered or reconstituted to produce any sort of image. Yet these small templates contain more robust data than what is collected in creating templates for a finger, face and hand combined. This is one reason why iris recognition can accurately authenticate identities even when significantly less than the entire eye is visible.

Speed and accuracy were also part of CERN’s decision to choose an iris recognition system. CERN’s iris-based system provides an unmatched false accept rate of 1 in 1.2 million events. Other electronic authentication technologies can return templates representing “possible” matches — requiring human interpretation and less accuracy. And a study conducted by the U.K.’s National Physical Laboratory found iris technology was capable of nearly 20 times more matches per minute than its closest biometric competitor.

Authentication in the airlocks takes less than a second. Proximity sensors activate the equipment, which incorporates mirror-assisted alignment functionality and audio auto-positioning prompts. Once the authentication is completed, a 4.3-inch color LCD displays the date and time, employee name and ID number. CERN uses temporary badges and escorts for short-term visitors. However, longer-term scientists and vendors assigned to the organization may be registered into the iris-recognition system.

Initially, the iris-based system required some fine tuning to overcome interference with the highly electromagnetic environments of the LCH and PS.  But now the system works consistently well, Ninin said.

Also, when the system was first put into service, “some people needed a couple of passes to understand how far away to stand from the reader,” said Ninin. “But it didn’t take long for everyone to see how easy they are to use. They are now very well accepted.”

He said about 20 more iris-recognition readers will be installed at another CERN accelerator currently being refurbished and due to reopen in 2019.

As scientists continue their quest to determine what the universe is made of and how it began, they conduct their work knowing they are being protected by one of the tightest security systems.

CERN

(Mohammed Murad is vice president, global development and sales for Cranbury, N.J.-based Iris ID, the world leader in iris recognition platform deployment. For more information visit www.irisid.com.)