biometric interface standards what's new and what's relevant?€¦ · new kids on the...
TRANSCRIPT
Catherine J. Tilton
18 September 2012
Biometric Interface Standards –
What's New and What's Relevant?
Types of Standards
2
Data Formats
Comms/ Interfaces
Profiles
History
3
1986
NIST-ITL standard published
1995
FBI EFTS
2010 2000 2005
BioAPI 1.0
ANSI INCITS
358
SVAPI
ISO/IEC 19784-1 19785-1 NIST
workshop spawns CBEFF
HA-API
2012
ANSI INCITS
398
ANSI INCITS
442
NIST SP 500-288
OASIS BIAS SOAP Profile
ITU-T X.1084
Where are biometric interface
standards being defined?
4
U.S.
INCITS M1
NIST
US Government*
• FBI
• DoD
• DHS
ROW
ISO/IEC JTC1
• SC37
• SC17
• SC27
OASIS
ITU-T
Interpol*
Nations*
*Profiles/specifications
Oldies but Goodies
5
6
The BioAPI Specification defines an open system
standard application program interface (API) that allows
software applications to communicate with a broad range
of biometric technologies in a common way
What is a BioAPI?
Biometric Application
BioAPI Framework
BSP
Device
SPI SPI SPI
API
BSP BSP
Device Device
1 Device
N
Biometric Application
API
BioAPI Evolution
7
HA-API BioAPI
1.0
BioAPI
1.1
ANSI
INCITS
358
ISO/IEC
19784-1
BioAPI™ Consortium
8
9
Ch-ch-ch-Changes …
(Ver 1.x/2.x)
Embedded BioAPI (ISO/IEC 29164)
Java/C# (ISO/IEC 30106)
BioAPI Related Projects
10
US version (ANSI INCITS 358, Ver1.1)
• Fusion amendment
• Conformance Test Methodology
ISO version (ISO/IEC 19784, Ver 2.x)
• Amd1: BioGUI
• Amd2: Frameworkless
• Amd3: Security
• Part 2: Archive Function Provider Interface (FPI)
• Part 4: Sensor FPI
• Conformance Test Methodology (24709, 3 parts)
• Tenprint capture using BioAPI (29141)
• BioAPI Interworking Protocol (BIP, 24708)
• Embedded BioAPI (29164)
• Object Oriented BioAPI (30107, 3 parts)
Is anyone using this thing?
11
Products
• 47 companies list compliant products on bioapi.org
Example implementation
• Japan Border System
Procurements
• Inquiries from companies bidding on RFPs where BioAPI compliance
is required
Most applicable for local client applications (though not exclusively)
Advantages: Ease of integration, plug-and-play, interchangeability
Disadvantages: Access to lower level & vendor specific functions
12
The Common Biometric Exchange Formats Framework
(CBEFF) defines a common structure and set of
metadata elements for exchanging biometric information.
CBEFF ‘Patrons’ publish specifications which are specific
instantiations of CBEFF.
CBEFF formats are registered with the Biometric
Registration Authority (IBIA).
What is a CBEFF?
HEADER BIOMETRIC DATA BLOCK SECURITY
BLOCK* *Optional
HEADER
(SBH)
BIOMETRIC DATA BLOCK
(BDB)
SECURITY
BLK (SB)*
CBEFF Evolution
13
NISTIR 6529
NISTIR 6529-A
ANSI INCITS 398-2005
ISO/IEC 19785-1
Jan 2001
Apr 2004
Feb 2005
May 2006
Workshop – Feb 1999
Rev. 1, 2008
Parts 2,3,4
14
Is anyone using this thing?
15
ISO/IEC 19785 Parts:
19785-1: Elements
19785-2: Registration
Authority Procedures
19785-3: Patron Formats
19785-4: Security Block
Formats
CBEFF Patrons (Examples,
separate from Part 3):
BioAPI
ISO/IEC 7816-11
ICAO 9303 (ePassports)
PIV (SP800-76)
India UID
BIAS
The Legacy
16
Though still in use today, BioAPI and CBEFF also led the
way in many areas of biometric standardization –
• Quality values
• Normalized scoring & threshholding
• Biometric object registration
• Multimodality / modality independence
• Basic operations and data element identification
to name a few.
New kids on the block
17
18
Biometric Identity Assurance Services (BIAS) defines a
framework for deploying and invoking biometrics-based
identity assurance capabilities that can be readily
accessed using services-based frameworks (e.g. web
services).
Collaborative project between INCITS and OASIS:
• INCITS 442, BIAS, defines requirements, operations, and
data elements.
• OASIS BIAS SOAP Profile is a specific instantiation
(binding).
What is BIAS?
Subject Client
(Requester) System/
Application A
BIAS Messages
BIAS Service
Provider
Administrator
Biometric Resources
Subject Client
(Requester) System/
Application B
BIAS Operations
19
Subject
• Create/delete subject
• Add/remove subject from gallery
Biographics
• Set/list biographic data
• Update/delete biographic data
• Retrieve biographic data
Biometrics
• Set/list biometric data
• Update/delete biometric data
• Retrieve biometric data
Searching/processing
• Verify subject
• Identify subject
• Check quality
• Classify biometric data
• Perform fusion
• Transform biometric data
Aggregate services
• Enroll
• Identify
• Verify
• Retrieve information
Asynchronous results retrieval
Query Capabilities
BIAS at ISO
20
In progress – ISO/IEC 30108-1
• International version of INCITS 442
• Clarifications
• Introduces some new functionality
– e.g., document functions
21
Web Services for Biometric Devices (WS-BD) specifies a
web services interface for command and control of
biometric devices.
Provides for remote/mobile, device independent
communication
Published as NIST SP 500-288.
What is WS-BD?
WS-BD Video
22
WS-BD Implementations
23
Physically separated WS-BD implementation
Physically integrated WS-BD implementation
WS-BD News
24
Congratulations to Fulcrum Biometrics, LLC and SBG Labs for
each winning a NIST SBIR Phase I award for the topic WS-
Biometric Devices (WS-BD) Conformant Handheld Fingerprint
Sensor.
At the NIST booth, see a reference application that uses WS-
Biometric Devices and the NIST WS-BD reference
implementation to command and control biometric sensors from
a tablet device.
Wednesday: Come to the OASIS Biometric TC Kickstart
meeting which aims to establish a new technical committee (TC)
in OASIS that is focused on developing interoperable
specifications for biometrics within service oriented
environments.
The .NET WS-BD reference implementation has been updated
with a minor bug fix (removal of source repository bindings).
The Big Picture (circa 2011)
25
BIAS WS-BD
Capture devices Capture application/platform
Backend services
26
“Telebiometrics applies biometrics to telecommunications
and telecommunications to remote biometric sensing.”
Usage of biometrics in telecommunication applications
such as tele-medicine, tele-health and e-health.
Addressed by ITU-T Study Group 17:
• Question 9, “Telebiometrics”
What is Telebiometrics?
Telebiometric Projects
27
X.1081: The telebiometric multimodal model – A framework for the specification of security
and safety aspects of telebiometrics
X.1082: Telebiometrics related to human physiology
X.1083: Information technology – Biometrics – BioAPI interworking protocol (Common text
with SC37)
X.1084: Telebiometrics system mechanism - Part 1: General biometric
authentication protocol and system model profiles for telecommunications systems
X.1085(X.bhsm) - Telebiometric authentication framework using biometric hardware
security module (Common text with SC27 – In progress)
X.1086: Telebiometrics protection procedures - Part1: A guideline to technical and
managerial countermeasures for biometric data security
X.1087(X.tam) – A guideline for technical and operational countermeasures for
telebiometric applications using mobile devices (NWI)
X.1088: Telebiometrics digital key framework (TDK) - A framework for biometric digital key
generation and protection
X.1089: Telebiometrics authentication infrastructure (TAI)
X.1090: Authentication framework with one-time telebiometric templates
X.1091: A guideline for evaluating telebiometric template protection techniques
X.1092: Integrated framework for telebiometric data protection in e-health and word-wide
medicines.(In progress)
28
Interface standards facilitate interoperability.
These may leverage underlying data format standards.
A number of SDOs and agencies are involved.
There is a movement towards:
• Object oriented
• Services based
• Wireless
• Security
Conclusion
29
Contact Info: Catherine Tilton, CBP VP, Stds & Tech, Daon 11955 Freedom Dr, Suite 16000 Reston, VA 20190 703-984-4080 [email protected]