1 / 29

State of Biometric Standards

State of Biometric Standards. Jeff Stapleton, Manager Information Risk Management. Jstapleton@kpmg.com (314) 444-1447 Chair X9F4 www.x9.org Chair WG10 www.tc68.org. Agenda – Biometric Standards. Standards Bodies International Standards Bodies USA Domestic Standards Bodies

kgillespie
Download Presentation

State of Biometric Standards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. State of Biometric Standards Jeff Stapleton, Manager Information Risk Management Jstapleton@kpmg.com (314) 444-1447 Chair X9F4 www.x9.org Chair WG10 www.tc68.org

  2. Agenda – Biometric Standards • Standards Bodies • International Standards Bodies • USA Domestic Standards Bodies • State of the Standards • Past Achievements • Present Activity • Future Work in Progress Who are they? What Are they doing?

  3. International Organization for Standardization Joint Technical Committee One TC 68 Banking, Securities and Financial services International Electrotechnical Commission SC 17 Cards & Personal Identification SC 2 Security and General Banking Operations SC 27 IT Security Techniques SC 37 Biometric Technology Formal Liaison Relationships Relative to Biometric Standards International Standards Bodies

  4. International Organization for Standardization Informal Bodies BioAPI Consortium International Electrotechnical Commission Accredited Standards Committee USA National Standards Body USA Standards Bodies Joint Technical Committee One

  5. Financial Services Industry TC68 Retail Banking X9A SC6 Retail Bank Card Security X9F6 WG6 Financial Services Security X9F SC2 Biometric Security X9F5 WG8 Public Key Infrastructure X9F4 WG10 Liaison Relationship Industry Relationship US TAG Relationship ID Card Technology B10 SC17 Biometric Technology T4 SC27 IT Security M1 SC37 US Interactive Relationships incits

  6. International Organization for Standardization ISO Overview Established 1946www.iso.ch • 146 National Standards Bodies • 94 Member Bodies • USA is a Member Body with a National Standards Body – American National Standards Institute • Over 200 Technical Committees • TC 1 Screw Threads … • TC 68 Banking and Financial Services … • TC 215 Health Informatics

  7. International Organization for Standardization TC 68 Overview Develops international technical standards • Financial Services Industry • Including banking and securities • Subcommitteeswww.tc68.org • SC 2 Security Management and General Banking Operations • Biometrics, Public Key Infrastructure (PKI), Security Guidelines • SC 4 Securities and Related Financial Instruments • SC 6 Retail Financial Services • Including PIN management, key management, and cryptographic hardware devices used in the Retail Financial Services • Cardholder at ATM and Point-of-Sale (POS) Terminals

  8. Joint Technical Committee One JTC1 Overview Established early 1980’swww.jtc1.ch • 38 Liaison Members • 94 National Member Bodies • USA is a Member Body with a National Standards Body – American National Standards Institute • 18 Active Subcommittees … • SC 17 Cards & Personal Identification INCITS/B10 • SC 27 IT Security TechniquesINCITS/T4 • SC 37 Biometrics (established 2002) INCITS/M1

  9. JTC1/SC37 Overview Established June 2002 www.jtc1 • First meeting held December 2002 • Scope is biometric technologies • File formats, APIs, application profiles, testing… • Excluded from SC37 scope • SC17 biometrics for cards and personal identification • SC27 biometric security and evaluation methodologies • Formal Liaisons include • SC37 to SC17 • SC37 to SC27

  10. Overview Founded in 1918 as a membership-based, not-for-profit organization, ANSI is … • A coordinator and facilitator of the U.S. voluntary consensus standards and conformity assessment system • An accreditation body for U.S. standards developers, U.S. Technical Advisory Groups and U.S. certification programs • The forum for the U.S. standards and conformity assessment communities • American National Standards (ANS) Developers • Currently more than 270 ANSI accredited standards developers, representing 200 distinct entities • Not all standards developed by these organizations are submitted for consideration as ANS

  11. Accredited Standards Committee X9 Overview Financial Services Industrywww.x9.org • X9A Subcommittee on Retail Banking TC68/SC6 • X9B Subcommittee on Check Processing • X9C Consumer Protection (established 2003) • X9D Subcommittee on Securities TC68/SC4 • X9F Subcommittee on Information Security TC68/SC2 • X9F1 Cryptographic Tools • X9F3 Cryptographic Protocols • X9F4 Cryptographic Applications – X9.84 Biometrics • X9F5 PKI Policy and Practices • X9F6 Management and Security – Retail Banking • X9 WG1 Privacy

  12. incits International Committee for IT Standards Overview Information Technology Standardswww.incits.org • Formerly X3 Committee • 36+ Technical Committees • B10 Identification Cards and Related Devices SC17 • AAMVA Driver License / Identification Standard • J16 Programming Language C++ … • L3 Audio, Picture, Multimedia, and Hypermedia … • M1 Biometrics (established 2002) SC37 • ANS INCITS 358-2002 BioAPI, NISTIR 6529-A Common Biometric Exchange File Format (CBEFF) • T4 Security Techniques … SC27 • ASN.1 Extended Encoding Rules (XER)

  13. INCITS/M1 Overview Established 2001 • 55+ Companies and organizations membership • US TAG to JTC1/SC37 • Task Groups (current organization) • M1.1 Biometric Data Interchange Formats • M1.2 Biometric Technical Interfaces • M1.3 Biometric Profiles • M1.4 Biometric Performance Testing and Reporting

  14. Organization for the Advancement of Structured Information Standards Overview Established 1993www.oasis-open.org • Originally founded as SGML • Standard Generalized Markup Language (SGML) • Renamed in 1998 – Extensible Markup Language (XML) • 600+ Corporate and Individual Members • 100+ Countries including United Nations (ebXML) • XML Common Biometric Format (XCBF) Technical Committee • Established February 2002 • XCBF patron format of NISTIR 6529-A CBEFF • XCBF based on ASN.1 schema in X9.84-2003 • XCBF conforms to XML Encoding Rule (XER) in X.693 • XCBF relies on X9.96-draft Cryptographic Message Syntax (CMS)

  15. Overview Established 1992www.biometrics.org • Co-hosted by NIST and NSA • Focal point for biometric research… • Operate discuss group info@biometrics.org • Operate information line 1-866-BIOMETRics (866-246-6387) • Working Groups • Common Biometric Exchange File Format (CBEFF) • Biometrics Interoperability, Performance, and Assurance • NISTIR 6529-2001 CBEFF • NISTIR 6529-A-2002 CBEFF

  16. BioAPI Consortium Overview Established 1998www.bioapi.org • Focus was to harmonize the various biometric APIs • BioAPI Specification version 1.0 – March 2000 • Reference implementation version 1.0 – September 2000 • BioAPI Specification & implementation version 1.1 – March 2001 • Working Groups • Applications (AWG) – top level interface of the BioAPI • External (XWG) – transition to other standards bodies • Reference Implementation (RWG) – reference implementation • Conformance Test (CTWG) – conformance test suite

  17. - - - WSQ 1993 FBI Fingerprint Compression - ISO/IEC JTC1/SC17 NP 18013 ballot - AAMVA DL/ID 2000 - ISO/IEC JTC1/SC37 NP 19784 ballot ANS INCITS 358-2002 BioAPI BioAPI 2001 Version 1.1 - ISO/IEC JTC1/SC37 NP 19785 ballot - NISTIR 6529-A CBEFF 2002 - ISO/IEC JTC1/SC17 FDIS 7816 Part 11 - - ISO TC68/SC2 NP 19092 ballot - ANS X9.84-2003 Biometric Security OASIS XCBF Existing Standards * ISO TC68 ISO/IEC JTC1 US Standards US Specifications ANS American National Standard FCD Final Committee Draft NP New Project * Updated

  18. Extended Markup Language (XML) XCBF ASN.1 X9.84 Biometric Security Biometric Validation Control Objectives Cryptographic Service Provider ICC Biometric Architecture CBEFF Application BioAPI Framework BIR Biometric Service Provider

  19. INCITS/M1 Work in Progress M1.1 Task Group – Biometric Data Formats • Finger Pattern Based Interchange Format • Finger Minutiae Format for Data Interchange • Finger Image Based Interchange Format • Face Recognition Format for Data Interchange • Iris Interchange Format • Signature / Sign Image Based Interchange Format • Digitized signature (not PKI digital signature) • Low level data interoperability • Vendor “A” format captured by vendor “B” device • Vendor “A” format processed by vendor “C” system

  20. INCITS/M1 Work in Progress M1.2 Task Group – Biometric Interfaces • INCITS 358-2002 BioAPI, NISTIR 6529-A CBEFF • Interoperability between biometric components & subsystems • Security mechanisms for stored and transmitted data • X9.84-2003 Biometric Information Management and Security • Reference model for multi-vendor systems • High level process interoperability • Functional calls • Fetch sample, Create template, Matching … • Application calls • Enroll, Identify, Verify …

  21. INCITS/M1 Work in Progress M1.3 Task Group – Biometric Profiles • Interoperability and Data Interchange, Biometric Based Verification and Identification of… • Transportation Workers • Border Crossing • Point-of-Sale (POS) • X9.84-2003 for the Financial Services Industry • Industry specific needs • To be determined, initial meeting June 9-11 in Seattle WA

  22. INCITS/M1 Work in Progress M1.4 Task Group – Performance and Testing • Biometric metric definitions and calculations • Testing performance • Test reporting • Ongoing biometric technology issue… • False Match Rate (a.k.a., False Acceptance Rate) • False Non-Match Rate (a.k.a., False Reject Rate) • Failure to Enroll Rate • To be determined, initial meeting June 11 in Seattle WA

  23. JTC1/SC37 Work in Progress Work sorted by Study Group / Special Group: • SG 01 Harmonized Biometric Vocabulary • No specific M1 correlation • AWI 19792 Framework for Security Evaluation and Testing • SG 02 Biometric Technical Interfaces M1.2 TG • US submission NP 19784 ballot comments BioAPI • US submission NP 19785 ballot comments CBEFF • SG 03 Biometric Data Interchange Formats M1.1 TG • AWI 19794 Biometric Data Interchange Formats AWI Active Work Item

  24. JTC1/SC37 Work in Progress Work sorted by Study Group / Special Group: • SG 04 Biometric Application Profiles M1.3 TG • No Active Work Item Listed • SG 05 Biometric Testing and Reporting M1.4 TG • AWI 19795 Biometric Performance Testing and Reporting • SG 06 Cross-Jurisdictional and Societal Aspects • No specific M1 correlation AWI Active Work Item

  25. Other Work in Progress TC68/SC2/WG10 • CD 19092 in ballot (X9.84-2003) due August 2003 JTC1/SC27 • Biometric security in cooperation with TC68/SC2 JTC1/SC17 • ISO 7816 Information Technology – Identification Cards – Integrated Circuit(s) Cards with Contacts • Part 11: Personal verification through biometric methods International Civil Aviation Organization (ICAO) • Global Biometric Initiative with JTC1/SC17

  26. Chronology Summary Pre-2000 • June 1993 – FBI Fingerprint Compression WSQ published • October 1992 – Biometric Consortium established • April 1998 – BioAPI Consortium established • January 1999 – X9F4 assigned NWI X9.84 Year 2000 • March 2000 – BioAPI Specification v1.0 published • June 2000 – AAMVA Drivers License / Identification published • December 2000 – ISO/IEC CD 7816 ICC Part 11 Biometrics ballot

  27. Chronology Summary Year 2001 • January 2001 – NISTR 6529 CBEFF published • March 2001 – ANS X9.84-2001 published (BioAPI v1.0) • March 2001 – BioAPI Specification v1.1 published • March 2001 – NIST 6529 CBEFF published • November 2001 – INCITS/M1 established • December 2000 – ISO/IEC DIS 7816 ICC Part 11 Biometrics ballot Year 2002 • February 2002 – NISTR 6529-A CBEFF published • March 2002 – ANS INCITS 358-2002 (BioAPI v1.1) published • March 2002 – CTST Linden Award presented to Cathy Tilton • June 2002 – JTC1/SC37 established • December 2002 – ISO/IEC FDIS 7816 ICC Part 11 Biometrics ballot

  28. Chronology Summary Year June 2003 (so far) • February 2003 – JTC1/SC37 CD 19785 ballot comments BioAPI • February 2003 – JTC1/SC37 CD ballot comments CBEFF • February 2003 – XCBF 1.0 Committee Specification published • June 2003 – ANS X9.84-2003 Biometric Security published • June 2003 – TC68 CD 19092 in ballot (X9.84-2003) Year July 2003 and beyond… • ISO 7816 ICC Part 11 Biometrics • ISO Standards on Biometric Technology • ISO Standards on Biometric Security • ISO Standards on Industry Applications • Financial Services Industry • Transportation Industry and government Immigration Services

  29. Standards Conclusion * Significant advances in the last 36 months • ANS INCITS 358-2002 BioAPI • ANS X9.84-2003 Biometric Security • ISO FDIS 7816 ICC Part 11 Biometrics • NISTIR 6529-A CBEFF Further work in the next 36 months • ISO Biometric Technology Standards • ISO Biometric Security Standards • ISO Biometric Application Standards Missing topics for biometric technology • Standardized testing for error rates (e.g., FM, FNM, FTE) • Device evaluation criteria (e.g., Common Criteria / PP) * Updated

More Related