220 likes | 540 Views
Introduction to Biometrics. Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #23 Biometrics Standards - II November 14, 2005. Outline. BioAPI Standard Reference: Chapter 17 http://www.bioapi.org/DownloadsPage1.html. BioAPI.
E N D
Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #23 Biometrics Standards - II November 14, 2005
Outline • BioAPI Standard • Reference: • Chapter 17 • http://www.bioapi.org/DownloadsPage1.html
BioAPI • This specification defines the Application Programming Interface and Service Provider Interface for a standard biometric technology interface. • BioAPI V1.1 defines an open system standard API that allows software applications to communicate with a broad range of biometric technologies in a common way. • As an “open systems” specification, the BioAPI is intended for use across a broad spectrum of computing environments to insure cross-platform support. • BioAPI V1.1 was developed by the BioAPI Consortium and specifies standard functions and a biometric data format which is an instantiation of CBEFF.
BioAPI • BioAPI creates a modular framework allowing programmers to develop once for a biometric device the easily make their work compatible with other devices • Capabilities addressed by the API include: • Enrollment, verification, identification, capture, process, match, and store • The goal is to hide as much as possible the unique aspects of individual biometric technologies and vendor implementations • Attempts to provide a high level of abstraction that an be used within a number of potential software applications
BioAPI Specification, Version 1, March 2001 • Concepts • BioAPI Definitions • E.g., BioAPI data structures, Registry schema, Error handling, Framework operations, Streaming I/O, - - - • BioAPI Service Provide Interface • Data structures for the interface, service provider operations, Database operations
Concepts • BSP: Biometric Service provider • BIR: Biometric Identification Template • API Model • Client/Server Processing Methods • Other Concepts
Match Capture Process Match Process Capture Capture Match (Process is a NO-OP) BIR Biometric Service Provider Verification User Interface Verification Algorithm Result Enrollment User Interface Quality Enhancement Raw Sample Feature Extraction Process Sample Construct BIR Input Scanning Result List Identification Algorithm Identification User Interface Intermediate BIR Processed BIR Intermediate BIR Set of BIRs Biometric Service Provider (BSP)
Signature Header Opaque Biometric Data Format BIR Data Type Length (Header + Opaque Data) Header Version Purpose Mask Factors Mask Quality Owner ID 4 1 1 2 2 1 1 4 Biometric Identification Record (BIR) t
API Model • There are three principal high-level abstraction functions in the API: • Enroll: Samples are captured from a device, processed into a usable form from which a template is constructed, and returned to the application. • Verify: One or more samples are captured, processed into a usable form, and then matched against an input template. The results of the comparison are returned. • Identify: One or more samples are captured, processed into a usable form, and matched against a set of templates. A list is returned showing how close the samples compare against the top candidates in the set.
Supporting Client Server Processing: Two approaches • Use Primitive Functions • Capture, process, Match, Create Template • Using streaming callback • The client/server application decides whether the authentication should be driven by the client or the server component. • The application calls the appropriate high-level function, and the BSP calls the Streaming Callback to initiate the BSP-to-BSP protocol. • The StreamInputOutput function is used by the partner application to deliver messages to the partner BSP, and to obtain a return message to send to the driving BSP.
App. Provides a communication channel for the BSPs Authentication Server Application Authentication Client Application Identify Verify Enroll BioAPI Framework BioAPI Framework Streaming Callback StreamInputOutput Process and Match algorithms Client BSP Server BSP BSP-to-BSP protocol Capture Device Using Streaming Callback: Server Initiation
App. Provides a communication channel for the BSPs Authentication Server Application Authentication Client Application Identify Verify Enroll BioAPI Framework BioAPI Framework Streaming Callback StreamInputOutput Client BSP Server BSP Process and Match algorithms BSP-to-BSP protocol Device Using Streaming Callback: Client Initiation
Other Concepts • There are two possible criteria for the results of a match: False Accept Rate (FAR) and False Reject Rate (FRR). • FAR is the probability that samples falsely match the presented template, • FRR is the probability that the samples are falsely rejected (i.e., should match, but don’t). • The BioAPI functions allow the application to request a match threshold in terms of maximum FAR value (i.e., a limit on the probability of a false match,) and an optional maximum FRR value. • If both are provided, the application must tell the BSP which one should take precedence.
Other Concepts • BIR Database: The BioAPI allows a BSP to manage a database of BIRs • To optimize the performance of the Identification operation over large populations • To provide access to the BIRs that may be stored on a self-contained sensing device. • User Interface: Most biometric service providers come with a built-in user interface • The API allows the application to control the “look and feel” of this user interface • Module Registry: Upon installation, BioAPI components (framework and BSPs) post information about themselves in the BioAPI module registry. • This information is used by the application to determine if the BioAPI framework has been installed.
Example BioAPI API Definitions • BioAPI_BIR: A container for biometric data. • typedef struct bioapi_bir { BioAPI_BIR_HEADER Header; BioAPI_BIR_BIOMETRIC_DATA_PTR BiometricData; /* length indicated in header */ BioAPI_DATA_PTR Signature; /* NULL if no signature; length is inherent in this type */ } BioAPI_BIR, *BioAPI_BIR_PTR;
Example BioAPI API Definitions • A BSP schema entry as posted to the BioAPI module registry. • typedef struct _bioapi_bsp_schema { BioAPI_UUID ModuleId; BioAPI_DEVICE_ID DeviceId; BioAPI_STRING BSPName; BioAPI_VERSION SpecVersion; BioAPI_VERSION ProductVersion; BioAPI_STRING Vendor; BioAPI_BIR_BIOMETRIC_DATA_FORMAT BspSupportedFormats; uint32 NumSupportedFormats; uint32 FactorsMask; uint32 Operations; uint32 Options;
Example BioAPI API Definitions • A BSP schema entry (CONTINUED) uint32 PayloadPolicy; uint32 MaxPayloadSize; sint32 DefaultVerifyTimeout; sint32 DefaultIdentifyTimeout; sint32 DefaultCaptureTimeout; sint32 DefaultEnrollTimeout; uint32 MaxBspDbSize; uint32 MaxIdentify; BioAPI_STRING Description; char Path; }BioAPI_BSP_SCHEMA, *BioAPI_BSP_SCHEMA_PTR;
Example BioAPI Service Provier Specifications BioSPI_ModuleEventHandler • This defines the event handler interface that the BioAPI framework defines and implements to receive asynchronous notification of events of type BioAPI_MODULE_EVENT from a service provider module. Example events include insertion or removal of a hardware service module, or fault detection. • typedef BioAPI_RETURN (*BioSPI_ModuleEventHandler) ( const BioAPI_UUID *BSPUuid, void* BioAPINotifyCallbackCtx, BioAPI_DEVICE_ID DeviceID, uint32 Reserved, BioAPI_MODULE_EVENT EventType);
Directions • Development of the Standards • Development of the Products • Evaluation of the products • What are the criteria used to evaluate the products? • How do the products conform to the standards? • Are there ratings? • Is there a list of evaluated products • Similar to the National Computer Security Center's list of evaluated securer system products