230 likes | 448 Views
Biometric Standards Developers INCITS M1 and ISO/IEC JTC 1 SC 37. Fernando Podio Chair ISO/IEC JTC 1 SC 37 – Biometrics Chair INCITS M1 – Biometrics Computer Security Division, NIST ITL. ANSI HSSP September 29, 2005. Overview. National and International Biometric Standards Organizations
E N D
Biometric Standards Developers INCITS M1 and ISO/IEC JTC 1 SC 37 Fernando Podio Chair ISO/IEC JTC 1 SC 37 – Biometrics Chair INCITS M1 – Biometrics Computer Security Division, NIST ITL • ANSI HSSP • September 29, 2005
Overview • National and International Biometric Standards Organizations • Status of the Biometric Standards Programs • Market Adoption Examples • Implementations of Conformance Testing Suites
Biometrics Standards Activities ITU-T ICAO ISO IEC • TC 68 • Banking, Securities and Other Financial Services ISO/IEC JTC 1 Information Technology NIST/BC Biometric WG BioAPI Consortium OASIS SC 27 IT Security Techniques SC 37 Biometrics SC 17 Cards & Personal Identification Open Group ANSI NIST/ITL X9 (US TAG ISO TC 68) INCITS (ANSI/NIST ITL-1-2000) CS1 Cyber Security M1 Biometrics • B10 • Identification Cards & Related Devices • X9F • Data & Information Security International National INCITS M1 represents the U.S. in JTC 1 SC 37
M1 Biometrics (US) • INCITS is the major standards organization in the US responsible for the development of Information and Communication Technology (ICT) standards. • M1 is the INCITS committee for biometrics, established November 2001. • Participation in M1 meetings is open to any directly and materially affected parties. • Membership information: http://www.incits.org/
M1 Members • Purdue University • Recognition Systems Inc. • Retica Systems (new) • SAFKINK Corp. • Sagem Morpho Inc. • Security Industry Association (Advisory) • The Aerospace Corporation • Transaction Security Inc. (Advisory) • Underwriters Laboratory Inc. • Unisys Corp. • U.S. DoD – BMO/BFC • U.S. Dept. Homeland Security • U.S. Dept. of Justice • U.S. Dept. of State • U.S. DoD DISA • UPEK • Viisage • West Virginia High Technology Consortium Foundation • West Virginia University • X9F4 (Liaison) • 3M Company • A4vision Inc. • American Biometrics and Security Inc. (Advisory) • ANSI (Liaison) • Apple Computer (Advisory) • Assa Abloy ITG • Atmel Corp. • Authenti-Corp • Aware • Bearing Point Inc. • BioAPI Consortium (Liaison) • Biocom LLC • Biometric Associates Inc. • Biometric Foundation • Biometrics 2000 Corp. (new) • Bioscrypt • Cogent Systems Inc. (new) • Computer Sciences Corp. • Cross Match Technologies • Daon Inc. • DataCard Group (new) • Electronic Data Systems Corp. (new) • Fidelica Microsystems Inc. (new) • GE Global Research (new) • Geometrix Inc. (new) • ID Technology Partners Inc. • Identix Corporation • ImageWare Systems Inc. (new) • Infineon Technologies (Advisory) • International Biometric Group • International Biometric Industry Association (Liaison) • Iridian Technologies • Lasercard Systems Corp. (new) • LG Electronics USA (new) • Lockheed Martin Corp. (new) • Mitretek Systems • Motorola Inc. • National Biometric Security Project • NIST • OKI – Biometric Solutions Group (Advisory) • OSS Nokalva • Passports Australia (Advisory) • Precise Biometrics
INCITS M1 Standards Approved Data Interchange Formats Conformance Testing Methodologies for the Data Interchange Formats (Under Development) INCITS 377* Finger Pattern-Based Interchange Format INCITS 378* Finger Minutiae Format For Data Interchange INCITS 379 Iris Recognition Format for Data Interchange INCITS 381 Finger Image Format for Data Interchange INCITS 385* Face Recognition Format for Data Interchange INCITS 396 Hand Geometry Interchange Format INCITS 395 Signature/Sign Data Related Projects (Under Development) Generalized Testing Methodology - Part 1 Conformance Testing Methodology for: INCITS 378 – Part 2 INCITS 377 – Part 3 INCITS 381 – Part 4 INCITS 385 – Part 5 INCITS 379 – Part 6 INCITS 396 – Part 7 Biometric Sample Quality Standard Technical Report on Evaluating Multibiometric Systems (*) Currently amendments to these three standards are under development
INCITS M1 Standards Approved Biometric Application Profiles Performance Testing & Reporting Standards (Under Development) Approved Interface Standards INCITS 383 Verification & Identification of Transportation Workers INCITS 394 Biometric-Based Personal Identification for Border Management INCITS 358 BioAPI Specification V1.1 INCITS 398 Common Biometric Exchange Formats Framework (CBEFF) – NISTIR 6529-A Part 1 – Framework Part 2 – Technology Testing and Reporting Part 3 – Scenario Testing and Reporting Part 4 – Operational Testing and Reporting Part 5 – Framework for Biometric Device Performance Evaluation for Access Control Other Biometric Application Profiles (Under Development) Conformance Testing Methodology (Under Development) • Point of Sale Biometric • Identification • DoD Implementations (Red Force) • Commercial Biometric • Physical Access Control Conformance Testing Methodology for INCITS 358 (BioAPI Specification V1.1)
INCITS M1 Standards New Projects • Amendment to the BioAPI Specification (INCITS 358) – Support for Biometric Fusion • Biometric Fusion Data Format – Part 1: Fusion Information Format • Amendment to CBEFF (INCITS 398) to address implementers’ new requirements • Biometric Performance Testing and Reporting Part 6 – Performance and Interoperability Testing of Biometric Data Interchange Formats
The Role of Standards in Biometric Interoperability & Data Interchange Application (Conforming to Biometric Application Profile Standards) Biometric Data Structure Conforming to INCITS 398 (NISTIR 6529-A) • Framework Conforming to the BioAPI Standard Standardized biometric data is embedded in the CBEFF structure • Biometric • Service • Provider • Biometric • Service • Provider • Biometric • Service • Provider Standard Data Interchange Formats • Biometric • Device • Biometric • Device • Biometric • Device
SC 37 - Biometrics • Responsible for the standardization of generic biometric technologies pertaining to human beings to support interoperability & data interchange. • Established in June 2002. • Since SC 37 was established, it has maintained an accelerated pace of biometric standards development (meetings approximately every 6 months) • Concurrently developing about 30 draft standards/technical reports • 22 Member countries – 5 Observer countries – 11 Liaison Organizations
International Standard IS Final Draft International Standard FDIS Final Committee Draft FCD Committee Draft CD Working Draft WD New Project NP International Standard Development Stages
SC 37 - Biometrics Final Draft International Standard Status Approved International Standards Final Committee Drafts FCD 24709-1 BioAPI Conformance Testing – Part 1 – Methods & Procedures FCD 19784-2, BioAPI, Part 2 – Biometric Archive Function Provider Interface FCD 19794-7 Biometric Data Interchange Format - Part 7, Signature/Sign Time Series FCD 19794-8 Biometric Data Interchange Format - Part 8, Finger Pattern Skeletal Data FCD 24713-1 Biometric Profiles – Part 1, Biometric Reference Architecture FDIS 19785 Common Biometric Exchange Formats Framework - Part 1, Data Element Specification & Part 2, Procedures for the Operation of the Biometrics Registration Authority FDIS 19784-1 BioAPI Specification – Part 1 FDIS 19794-1 Biometric Data Interchange Format – Part 1, Framework FDIS 19794-3 Biometric Data Interchange Format – Part 3, Finger Pattern Spectral Data FDIS 19795-1 Performance Testing & Reporting – Principles and Framework ISO/IEC19794-2 Biometric Data Interchange Format - Part 2, Finger Minutiae Data ISO/IEC 19794-4 Biometric Data Interchange Format - Part 4, Finger Image Data ISO/IEC 19794-5 Biometric Data Interchange Format - Part 5, Face Image Data ISO/IEC 19794-6 Biometric Data Interchange Format - Part 6, Iris Image Data
SC 37 - Biometrics Working Drafts & Other Documents Committee Drafts WD 24709-2 ,BioAPI Conformance Testing, Part 2 – Test Assertions 2nd WD 24722, Technical Report on Multi-Modal Biometric Fusion 4th WD 24708, Biometric Interworking Protocol (BIP) WD 24741, Technical report on a Biometrics Tutorial WD 19784-1 Amendment, BioAPI GUI 2nd WD 19794-11, Biometric Data Interchange Format – Part 11,Signature/Sign Processed Dynamic Data WD 19794-5 Amendment, Conditions for Taking Photographs for Face Image Data WD 19795-5 , Biometric Performance Testing & Reporting – Part 5, Performance of Biometric Access Control Systems WD 24713-3, Biometric Profile for Seafarers (editors draft) WD 19795-3, Technical report, Biometric Performance Testing & Reporting – PartModality Specific Testing 2nd WD 24714, Technical Report on Cross Jurisdictional and Societal Aspects of Implementations of Biometric Technologies SD 2 - Standing Document on Biometric Vocabulary CD 19794-9, Biometric Data Interchange Format – Part 9, Vascular Image Data CD 19794-10, Biometric Data Interchange Format – Part 10, Hand Geometry Silhouette Data CD 19785-3, CBEFF Part 3: Patron Format Specifications 3rd CD 24713-2 Biometric Profiles – Part 2, Physical Access Control for Employees at Airports 2nd CD 19795-2 Biometric Performance Testing & Reporting – Part 2, Testing Methodologies for Technology & Scenario Evaluation 2nd CD 19795-4 Biometric Performance Testing & Reporting – Part 4, Performance & Interoperability Testing of Data Interchange Formats
SC 37 - Biometrics New Projects • BioAPI “Lite” • Biometric Sample Quality Standard (ballot) • Amendment to 19794-5, 3D • Face template based on MPEG-7
Market Adoption Examples (1) • International Civil Aviation Administration (ICAO): • Adopted a global, harmonized blueprint for the integration of biometric identification information into passports and other Machine Readable Travel Documents (MRTD). • Requires conformance to JTC 1 SC 37 standards. • Facial recognitionwas selected as the globally interoperable biometric for machine-assisted identity confirmation with MRTD. • Other requirements: • Common Biometric Exchange Framework Format (CBEFF) • Finger Interchange Formats and Iris Interchange Format
Market Adoption Examples (2) • International Labor Office of the United Nations – Requirements for a Seafarer’s ID Card: • ISO and JTC 1 are assisting ILO regarding the use of biometrics for a Seafarer’s ID card. • Two fingerprint templates will be stored in a barcode which will be placed in the area indicated by ICAO 9303. • ILO Technical Report SID-002 (Approved March 2004) specifies the use of some of the standards under development in JTC 1 SC37: • Finger minutiae, finger image and Common Biometric Exchange Formats Framework (CBEFF)
Market Adoption Examples (3) • DHS / TSA - Transportation Worker Identification Credential (TWIC) Program : • System-wide common credential to be used for all personnel requiring unescorted physical and/or logical access. • Phase III - Prototype Phase – Biometric Requirements - INCITS M1 biometric standards, as applicable, such as: • INCITS 383 Information technology - Application Profile - Interoperability and Data Interchange - Biometric Based Verification and Identification of Transportation Workers
Market Adoption Examples (4) • DHS – Facial Recognition Standard: • Uses INCITS / M1 approved facial biometric standard(INCITS 385) as the basis for the DHS standard. • Extracted portions of INCITS 385 to provide guidelines for specific users: • Derivative 001: “Terms, Reference, and Guidelines for Project Managers” • Derivative 002: “Guidelines for Software and System Developers” • Derivative 003: “Guidelines for Photographers and Subjects” • Best practices for producing uniform photographs (posters)
Market Adoption Examples (5 & 6) • Sub-Pilot of the DHS / TSA Registered Traveler Program: • Greater Orlando Aviation Authority (GOAA) as with TSA RFP requires: • INCITS 358-2002, the BioAPI Specification • INCITS 377-2004 (finger-pattern) & INCITS 381-2004 (finger image) • INCITS 385-2005 (face image) • NISTIR 6529-A, Common Biometric Exchange Framework Format (INCITS 398-2005) - CBEFF • References in the DoD IT Standards Registry (DISR): • INCITS 358-2002, the BioAPI Specification • CBEFF
Conformance Testing in Support of Documentary Standards • Conformance testing • Standards based, high quality conformance testing leads to greatly increased levels of confidence in product conformance claims for developers & users. It can also help ensure interoperability between standards-based products and systems. • Summary of documentary standards under development: • Multi-part standard - Conformance Testing Methodologies for the Data Interchange Formats (INCITS M1) • Conformance Testing Methodology for INCITS 358, BioAPI Specification V1.1 (INCITS M1) • Conformance Testing Methodology for ISO/IEC 19784-1, BioAPI Specification (JTC 1 SC 37). • JTC 1 SC 37 and INCITS M1 are reviewing next steps in conformance testing standards development.
BioAPI Conformance Test Suites (CTSs) • For over a year NIST ITL and DoD Biometric Management Office have been independently developing implementations of the BioAPI CTS. • They were developed using concepts and principles specified in the draft conformance testing methodology standard for the BioAPI standard (INCITS 358-2002) under development in INCITS M1 - Biometrics. • This standard projectwas sponsored by NIST, DoD BMO, the National Biometric Security Project (NBSP), Saflink Corp., and The Biometric Foundation (TBF). • NIST ITL and DoD BMO are performing intensive testing of the initial versions of these CTSs in order to cross - validate the test results using a number of vendor BSPs claiming conformance to the BioAPI standard.
BioAPI Conformance Test Suite (CTS) • These test tools are being developed in support of: • users already requiring, or interested in requiring in the near future, that Biometric Service Providers (BSPs) conform to the BioAPI standard. • product developers interested in developing products conforming to voluntary consensus biometric standards by using the same test tools available to users. • possible establishment of conformity assessment programs to validate conformance to the BioAPI standard and other emerging standards. • NIST ITL CTS implementation development • Co-sponsored by the National Biometric Security Project • Testing: NIST ITL / The Biometric Foundation • Main Developer: Saflink Corp • DoD BMO CTS implementation development and test: • DoD BMO Support Contractors (Booz Allen Hamilton and OSS Nokalva) • The tool was also tested by the DoD Biometrics Fusion Center
Contact Information & Web Sites • Fernando Podio Computer Security Division, NIST/ITL 1 (301) 975 - 2947 fernando.podio@nist.gov • ISO/IEC JTC 1 SC 37 – Biometrics: http://www.jtc1.org (select SC 37 “Biometrics”) • INCITS: http://www.incits.org/ • INCITS M1: http://www.incits.org/tc_home/m1.htm • Biometric INCITS standards can be obtained (for a fee) at: http://www.techstreet.com/incitsgate.tmpl or at: http://webstore.ansi.org/ansidocstore/default.asp • ISO standards can be obtained (for a fee) at: http://www.iso.org/iso/en/prods-services/ISOstore/store.html