1. Biometric Standards Organizations
Although a lot has been written about the lack of standards and testing for biometric technologies, much has changed in recent years with a surging interest in defining interoperability requirements for biometric applications. Recent standards efforts aimed at creating application programming interfaces (APIs) will allow for simple substitution of biometric technologies within a given network environment along with streamlined integration of biometric technologies across various software applications.
1.1 NIST-ITL and CBEFF Standard
A division of NIST, the ITL performs testing, testing methods, and proof-of-concept implementations in an effort to help end-users and the biometric industry accelerate the deployment of standards-based security solutions based in part on the Government’s Homeland Defense Initiative. In conjunction with the Biometric Consortium, the NIST-ITL initiated the Common Biometric Exchange File Format (CBEFF) project to establish a universal biometric template, which allows different systems to access and exchange diverse types of biometric data in a standardized format. To date, CBEFF has been finalized and exists as a file header format with fields that define common elements for exchange between biometric devices and systems. CBEFF also provides forward compatibility for technology improvements. CBEFF does not, however, provide device or matching interoperability. On January 1, 2001, the NIST published the CBEFF specification as NISTIR 6529.
1.2 BioAPI Consortium
First introduced in 1998, the BioAPI Consortium developed a widely accepted API for biometric technologies. Derived from various biometric industry leaders as well as non-biometric companies like IBM, HP, and Compaq, the BioAPI Consortium works with biometric solution developers, software developers, and systems integrators to leverage existing standards and develop an OS-independent standard that can serve various biometric technologies. Unlike the CBEFF, BioAPI does not define how the biometric device captures the data, but rather, how applications communicate with biometric devices and how the data is manipulated and stored. Written in the C programming language, BioAPI defines the application programming interface and service provider interface that define capabilities such as enrollment, verification, identification, capture, process, match, and store. The Consortium published Version 1 of the BioAPI Specification in March 2000. BioAPI Version 1.1 of the Specification and Reference Implementation was released in March 2001. Recently, the U.S. Army announced that future Army procurements of biometric devices will require BioAPI compliance.
Unlike the consortium-based BioAPI, BAPI was developed and owned by I/O Software, a biometric middleware vendor. I/O Software has licensed BAPI to Microsoft, who plans to incorporate biometric authentication as a core component of its future OS. I/O Software has also licensed elements of BAPI to Intel for inclusion into Intel’s PC security platform. At present, BAPI remains a competing element against BioAPI but looks to be more prevalent in the Windows/Intel market than in U.S. Government applications, which have established BioAPI as their API of choice.
1.4 INCITS Technical Committee M1
In November 2001, the Executive Board of INCITS established the Technical Committee M1 to ensure a high priority, focused, and comprehensive approach in the U.S. for the rapid development and approval of formal national and international generic biometric standards. M1’s mission involves accelerating the deployment of significantly better standards-based security solutions for purposes such as homeland defense and other government and commercial applications based on biometric personal authentication. At present, the BioAPI Specification Version 1.1 has successfully completed INCITS fast track processing and attained approval for maintenance under Technical Committee M1 on February 13, 2002. An augmented version of CBEFF is next on the list for fast-track processing in the near future. In addition, the Technical Committee M1 is reviewing contributions of draft project proposals for the standardization of biometric templates while seeking to develop active liaisons with other INCITS Technical Committees such as B10 – Identification Cards and Related Devices, L3 – Coding of Audio, Picture, Multimedia, and Hypermedia Information, and T4 – Security Techniques.
Additional standards currently under development by Technical Committee M1 include:
- Application Profile: Verification and Identification of Transportation Workers;
- Application Profile: Personal Identification for Border Crossing;
- Application Profile: Biometric Verification in Point-of-Sale Systems;
- Finger Pattern-Based Interchange Format;
- Finger Minutiae Format for Data Interchange;
- Face Recognition Format for Data Interchange;
- Finger Image Interchange Format;
- Iris Image Format for Data Interchange.
1.5 ANSI ASC X9
The ANSI Accredited Standards Committee (ASC) X9 develops, establishes, publishes, maintains, and promotes standards for the financial services industry in order to facilitate delivery of financial products and services. The development of X9.84 Biometric Information Management and Security stemmed from the need to maintain confidentiality with biometric data. X9.84 ensures the integrity and authenticity of biometric data by defining requirements for integrating biometric information such as fingerprint, iris scan, or voice print in a financial services environment where customer identification and employee verification are of paramount importance.
2. Industry Associations
2.1 Biometric Consortium
The Biometric Consortium was established in 1992 by the U.S. Department of Defense and aims to create standards which can be used to test biometric technologies for the benefit of all government agencies. The goals of the Biometric Consortium include:
- Promote the science and performance of biometrics;
- Create standardized testing and establish the National Biometric Evaluation Laboratory;
- Promote information exchange between government, industry, and academia;
- Address the safety, performance, legal, and ethical issues of biometric technologies;
- Advise agencies on the selection and application of biometric devices.
The Biometric Consortium sponsors two working groups: one concerning CBEFF and another co-sponsored by the NIST known as the Biometrics Interoperability, Performance, and Assurance Working Group. This latter group seeks to broaden the utilization, acceptance, and information sharing of biometric technologies among users and private industry supporters. This group also supports the advancement of technically efficient and compatible biometrics technology solutions on a national and international basis by addressing required issues and efforts beyond the scope of current and on-going developments already undertaken by other national or international organizations.
2.2 BioSEC Alliance
Founded in 1999 by BioNetrix, the BioSEC Alliance forms a multi-vendor initiative dedicated to promoting enterprise authentication solutions. The BioSEC Alliance promotes a range of biometric and non-biometric authentication technologies to suit various organizations’ requirements.
2.3 International Biometric Industry Association (IBIA)
The IBIA is a nonprofit trade association founded in 1998 to advance, advocate, defend, and support the collective international interests of the biometric industry. Though not directly involved in standards development, the IBIA’s group of biometric developers, vendors, and integrators has used its influence to alter several pieces of recent government legislation, including the Identity Theft and Deterrence Act and the Electronic Signatures in Global and National Commerce Act.