Four data centers in Egypt are deploying a hybrid system that leverages iris identity authentication, along with RFID, to enable an access-control reader to identify an individual’s biometrics without storing any personal information in a database. The system, known as the Portal Template, was provided by EyeLock and consists of an iris biomeric template that is stored on a user’s smart ID card and is sent via an EyeLock proprietary smart card reader via 13.56 MHz HF RFID.
Because the template is never stored on the reader or on a database or server, the company explains, the system ensures the privacy of those using the system. The Portable Template can be stored on a user’s mobile device. EyeLock provides Bluetooth Low Energy (BLE) functionality for encoding EyeLock smart cards, as well as for transmission between a mobile phone (if it is storing the template) and the iris reader.
Egypt’s new capital city, known as New Administrative Capital, is currently under construction. An ambitious urban-planning effort located 28 miles east of Cairo, the burgeoning city is planned to become the country’s new administrative and financial capital. Covering a 270-square-mile area, it will house a population of 6.5 million people. The smart city will leverage technology to enable greater efficiency and convenience for those working or living there. Included in the city are data centers employing thousands of workers, whose access is tightly controlled for security reasons.
EyeLock, an iris identity authentication solutions provider, is a subsidiary of VOXX International. Based in New York, the company was launched in 2006. It provides iris biometrics by capturing 240 eye characteristics unique to each individual, according to Christopher Jahnke, EyeLock’s VP of sales and marketing. The technology is being used at healthcare centers, banks, schools, correctional facilities, border-control sites and other locations.
Primarily, EyeLock provides physical access-control biometric authentication devices that exclusively rely on iris measurements. The access-control reader can retrieve the template data at the time of the iris scan, and the template is then confirmed as a match, thereby authenticating an individual entering a secured area. Traditionally, that information is stored in a database.
The Egyptian government had strict requirements at its data center sites, and it wanted to provide physical access to personnel without having a database store personal information. Therefore, EyeLock provided Egypt with its Portable Template dual-factor authentication system, with which a user’s iris template is stored on an 8K 56-bit DESFire EV1 or EV2 smart access card in the user’s possession.
Prior to adopting the EyeLock system, the New Administrative Capitol’s data centers already in operation had used fingerprint biometric technology. Other facilities were newly constructed. At all four sites, Jahnke says, “The critical piece was protecting individuals’ identities by putting their template in their own possession, as opposed to anywhere else.” Privacy protection is increasingly being regulated as technology proliferates, he explains. According to the European Union’s General Data Protection Regulation (GDPR), for instance, individuals have specific rights when it comes to identifying data used to secure access, as well as where that information is stored.
“Deploying EyeLock’s Portable Template solution is the only way to fully ensure a user’s privacy,” Jahnke says. The Egyptian government conducted 120 days of piloting to test the dual iris authentication used by the Portable Template on RFID-enabled smart cards, and it is now deploying the system at four data centers, with plans to expand to other sites in the future.
Users are input into the system by their employer via an EyeLock scanner. Once the scan of their iris has been completed, the template is stored on a dedicated, RFID-enabled smart card. If users store the template on their phone, they must download the EyeLock app. The template is created by using up to 240 distinct characteristics found in each iris, and this is secured using AES 256 encryption, either on a smart card or the user’s mobile device.
When users present their smart card to the EyeLock portable template reader, it reads the template from the card and transmits it to the EyeLock iris scanner. The iris scanner is then activated to start scanning for the user’s iris. If a mobile device is used, there are three modes available: a user can walk up and be detected automatically, or the system can require a phone tap or a PIN to transmit the iris template to the portable template reader via BLE. The reader compares the actual scan with the template and confirms the match, after which it forwards the data to the access-control system and erases the template. “The entire process takes place in a matter of seconds,” Jahnke states.
According to Marco Emrich, EyeLock’s VP of international business development, Portable Template enables two-factor authentication for organizations that require the highest levels of security. “All matching is done in real time in a highly secure and accurate environment,” he explains, “with no requirement for a centralized database of iris images or templates nor network infrastructure.” The user template is not stored permanently on EyeLock’s biometric readers, but is removed from memory shortly after authentication is completed.
EyeLock has provided more than 50 of its iris scanners for the four data centers since the Administrative Capital for Urban Development (ACUD) approved the technology’s use, and the company says it has received leads for implementing the Portable Templates in other Middle Eastern countries as well. “The absolute security of the privacy via Portable Templates was the reason we were selected” in Egypt, Jahnke says. In the long term, he predicts, “Privacy requirements are going to gain more traction in the United States.”