Download - State of Biometric Standards
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
State of Biometric Standards
Jeff Stapleton, Manager
Information Risk [email protected]
(314) 444-1447Chair X9F4 www.x9.org
Chair WG10 www.tc68.org
2
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
Agenda – Biometric Standards
• Standards Bodies– International Standards Bodies– USA Domestic Standards Bodies
• State of the Standards– Past Achievements – Present Activity– Future Work in Progress
Whoare
they?
WhatArethey
doing?
3
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
International Standards Bodies
International Organization for Standardization
International ElectrotechnicalCommission
Joint TechnicalCommittee One
SC 17 Cards & Personal Identification
SC 17 Cards & Personal Identification
SC 27 IT Security Techniques
SC 27 IT Security Techniques
SC 37 Biometric Technology
SC 37 Biometric Technology
TC 68 Banking, Securities and Financial services
TC 68 Banking, Securities and Financial services
SC 2 Security and General Banking Operations
SC 2 Security and General Banking Operations
Formal Liaison RelationshipsRelative to Biometric Standards
4
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
Informal Bodies
USA Standards Bodies
International Organization for Standardization
International ElectrotechnicalCommission
Joint TechnicalCommittee One
AccreditedStandardsCommittee
USA National Standards Body
BioAPIConsortium
5
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
US Interactive Relationships
Financial Services Security
Financial Services Industry
Biometric Security
Retail Banking
Public Key Infrastructure
incits
IT SecurityT4
M1
B10
SC27
SC37
SC17
Biometric Technology
ID Card Technology
X9A
X9F
X9F5
X9F4
X9F6
TC68TC68
SC2
SC6
WG10
WG8
WG6 Retail Bank Card Security
Liaison RelationshipUS TAG RelationshipIndustry Relationship
6
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
ISO Overview
Established 1946
www.iso.ch – 146 National Standards Bodies– 94 Member Bodies
• USA is a Member Body with a National Standards Body – American National Standards Institute
• Over 200 Technical Committees – TC 1 Screw Threads …– TC 68 Banking and Financial Services …– TC 215 Health Informatics
International Organization for Standardization
7
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
TC 68 OverviewInternational Organization for Standardization
Develops international technical standards– Financial Services Industry– Including banking and securities
• Subcommittees www.tc68.org – SC 2 Security Management and General Banking Operations
• Biometrics, Public Key Infrastructure (PKI), Security Guidelines
– SC 4 Securities and Related Financial Instruments – SC 6 Retail Financial Services
• Including PIN management, key management, and cryptographic hardware devices used in the Retail Financial Services
• Cardholder at ATM and Point-of-Sale (POS) Terminals
8
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
JTC1 Overview
Established early 1980’s www.jtc1.ch – 38 Liaison Members– 94 National Member Bodies
• USA is a Member Body with a National Standards Body – American National Standards Institute
• 18 Active Subcommittees … – SC 17 Cards & Personal Identification INCITS/B10
– SC 27 IT Security Techniques INCITS/T4
– SC 37 Biometrics (established 2002) INCITS/M1
Joint Technical Committee One
9
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
JTC1/SC37 Overview
Established June 2002 www.jtc1– First meeting held December 2002– Scope is biometric technologies
• File formats, APIs, application profiles, testing…
– Excluded from SC37 scope• SC17 biometrics for cards and personal identification
• SC27 biometric security and evaluation methodologies
– Formal Liaisons include• SC37 to SC17
• SC37 to SC27
10
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
Overview
Founded in 1918 as a membership-based, not-for-profit organization, ANSI is …– A coordinator and facilitator of the U.S. voluntary consensus standards
and conformity assessment system
– An accreditation body for U.S. standards developers, U.S. Technical Advisory Groups and U.S. certification programs
– The forum for the U.S. standards and conformity assessment communities
• American National Standards (ANS) Developers – Currently more than 270 ANSI accredited standards developers,
representing 200 distinct entities
– Not all standards developed by these organizations are submitted for consideration as ANS
11
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
X9 Overview
Financial Services Industry www.x9.org – X9A Subcommittee on Retail Banking TC68/SC6– X9B Subcommittee on Check Processing– X9C Consumer Protection (established 2003)– X9D Subcommittee on Securities TC68/SC4– X9F Subcommittee on Information Security TC68/SC2
• X9F1 Cryptographic Tools• X9F3 Cryptographic Protocols• X9F4 Cryptographic Applications – X9.84 Biometrics• X9F5 PKI Policy and Practices• X9F6 Management and Security – Retail Banking
– X9 WG1 Privacy
Accredited Standards Committee
12
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
Overview
Information Technology Standards www.incits.org – Formerly X3 Committee– 36+ Technical Committees
• B10 Identification Cards and Related Devices SC17– AAMVA Driver License / Identification Standard
• J16 Programming Language C++ …• L3 Audio, Picture, Multimedia, and Hypermedia …• M1 Biometrics (established 2002) SC37
– ANS INCITS 358-2002 BioAPI, NISTIR 6529-A Common Biometric Exchange File Format (CBEFF)
• T4 Security Techniques … SC27– ASN.1 Extended Encoding Rules (XER)
incitsInternational Committee for IT Standards
13
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
INCITS/M1 Overview
Established 2001– 55+ Companies and organizations membership– US TAG to JTC1/SC37
• Task Groups (current organization)– M1.1 Biometric Data Interchange Formats– M1.2 Biometric Technical Interfaces – M1.3 Biometric Profiles – M1.4 Biometric Performance Testing and Reporting
14
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
Overview
Established 1993 www.oasis-open.org – Originally founded as SGML
• Standard Generalized Markup Language (SGML)
• Renamed in 1998 – Extensible Markup Language (XML)
– 600+ Corporate and Individual Members – 100+ Countries including United Nations (ebXML) – XML Common Biometric Format (XCBF) Technical Committee
• Established February 2002
• XCBF patron format of NISTIR 6529-A CBEFF
• XCBF based on ASN.1 schema in X9.84-2003
• XCBF conforms to XML Encoding Rule (XER) in X.693
• XCBF relies on X9.96-draft Cryptographic Message Syntax (CMS)
Organization for the Advancement of Structured Information Standards
15
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
Overview
Established 1995
www.biometrics.org – Co-hosted by NIST and NSA
• Focal point for biometric research…
• Operate discuss group [email protected]
• Operate information line 1-866-BIOMETRics (866-246-6387)
– Working Groups• Common Biometric Exchange File Format (CBEFF)
• Biometrics Interoperability, Performance, and Assurance
– NISTIR 6529-2001 CBEFF – NISTIR 6529-A-2002 CBEFF
16
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
Overview
Established 1998
www.bioapi.org – Focus was to harmonize the various biometric APIs
• BioAPI Specification version 1.0 – March 2000
• Reference implementation version 1.0 – September 2000
• BioAPI Specification & implementation version 1.1 – March 2001
• Working Groups– Applications (AWG) – top level interface of the BioAPI– External (XWG) – transition to other standards bodies– Reference Implementation (RWG) – reference implementation – Conformance Test (CTWG) – conformance test suite
BioAPI Consortium
17
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
ISO/IEC JTC1/SC17 FDIS 7816 Part 11
- - -
Existing StandardsUS StandardsISO/IEC JTC1 US SpecificationsISO TC68
OASIS XCBF ANS X9.84-2003 Biometric Security
ISO TC68/SC2 CD 19092 ballot
-
NISTIR 6529-A CBEFF 2002
ISO/IEC JTC1/SC37 CD ballot
--
ANS INCITS 358-2002 BioAPI
ISO/IEC JTC1/SC37 CD 19785 ballot
BioAPI 2001Version 1.1
-
AAMVA DL/ID 2000 -- -
WSQ 1993 FBI Fingerprint Compression
-- -
18
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
CBEFF
Biometric Architecture
BiometricServiceProvider
BioAPI Framework
ApplicationApplication
BIR
XCBF
Extended Markup Language (XML)
CryptographicServiceProvider
X9.84 Biometric Security
ASN.1
BiometricValidation
ControlObjectives
ICC
19
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
INCITS/M1 Work in Progress
M1.1 Task Group – Biometric Data Formats– Finger Pattern Based Interchange Format– Finger Minutiae Format for Data Interchange – Finger Image Based Interchange Format– Face Recognition Format for Data Interchange – Iris Interchange Format – Signature / Sign Image Based Interchange Format
• Digitized signature (not PKI digital signature)
• Low level data interoperability – Vendor “A” format captured by vendor “B” device– Vendor “A” format processed by vendor “C” system
20
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
INCITS/M1 Work in Progress
M1.2 Task Group – Biometric Interfaces– INCITS 358-2002 BioAPI, NISTIR 6529-A CBEFF – Interoperability between biometric components & subsystems – Security mechanisms for stored and transmitted data
• X9.84-2003 Biometric Information Management and Security
– Reference model for multi-vendor systems
• High level process interoperability – Functional calls
• Fetch sample, Create template, Matching …
– Application calls • Enroll, Identify, Verify …
21
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
INCITS/M1 Work in Progress
M1.3 Task Group – Biometric Profiles– Interoperability and Data Interchange, Biometric Based
Verification and Identification of…– Transportation Workers – Border Crossing – Point-of-Sale (POS)
• X9.84-2003 for the Financial Services Industry
• Industry specific needs– To be determined, initial meeting June 9-11 in Seattle WA
22
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
INCITS/M1 Work in Progress
M1.4 Task Group – Performance and Testing– Biometric metric definitions and calculations – Testing performance – Test reporting
• Ongoing biometric technology issue…– False Match Rate (a.k.a., False Acceptance Rate)– False Non-Match Rate (a.k.a., False Reject Rate) – Failure to Enroll Rate– To be determined, initial meeting June 11 in Seattle WA
23
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
JTC1/SC37 Work in Progress
• SG 01 Harmonized Biometric Vocabulary– No specific M1 correlation
• SG 02 Biometric Technical Interfaces – M1.2 Task Group – Biometric Interfaces– US submission CD 19785 ballot comments BioAPI – US submission CD ballot comments CBEFF
• SG 03 Biometric Data Interchange Formats – M1.1 Task Group – Biometric Data Formats
Work sorted by Study Group / Special Group:
24
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
JTC1/SC37 Work in Progress
• SG 04 Biometric Application Profiles– M1.3 Task Group – Biometric Profiles
• SG 05 Biometric Testing and Reporting – M1.4 Task Group – Performance and Testing
• SG 06 Cross-Jurisdictional and Societal Aspects– No specific M1 correlation
Work sorted by Study Group / Special Group:
25
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
Other Work in Progress
TC68/SC2/WG10– CD 19092 in ballot (X9.84-2003) due August 2003
JTC1/SC27– Biometric security in cooperation with TC68/SC2
JTC1/SC17– ISO 7816 Information Technology – Identification Cards –
Integrated Circuit(s) Cards with Contacts • Part 11: Personal verification through biometric methods
International Civil Aviation Organization (ICAO)– Global Biometric Initiative with JTC1/SC17
26
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
Chronology SummaryPre-2000
– June 1993 – FBI Fingerprint Compression WSQ published
– November 1995 – Biometric Consortium established
– April 1998 – BioAPI Consortium established
– January 1999 – X9F4 assigned NWI X9.84
Year 2000– March 2000 – BioAPI Specification v1.0 published
– June 2000 – AAMVA Drivers License / Identification published
– December 2000 – ISO/IEC CD 7816 ICC Part 11 Biometrics ballot
27
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
Chronology Summary
Year 2001– January 2001 – NISTR 6529 CBEFF published
– March 2001 – ANS X9.84-2001 published (BioAPI v1.0)
– March 2001 – BioAPI Specification v1.1 published
– March 2001 – NIST 6529 CBEFF published
– November 2001 – INCITS/M1 established
– December 2000 – ISO/IEC DIS 7816 ICC Part 11 Biometrics ballot
Year 2002– February 2002 – NISTR 6529-A CBEFF published
– March 2002 – ANS INCITS 358-2002 (BioAPI v1.1) published
– March 2002 – CTST Linden Award presented to Cathy Tilton
– June 2002 – JTC1/SC37 established
– December 2002 – ISO/IEC FDIS 7816 ICC Part 11 Biometrics ballot
28
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
Chronology Summary
Year June 2003 (so far)– February 2003 – JTC1/SC37 CD 19785 ballot comments BioAPI
– February 2003 – JTC1/SC37 CD ballot comments CBEFF
– February 2003 – XCBF 1.0 Committee Specification published
– June 2003 – ANS X9.84-2003 Biometric Security published
– June 2003 – TC68 CD 19092 in ballot (X9.84-2003)
Year July 2003 and beyond…– ISO 7816 ICC Part 11 Biometrics
– ISO Standards on Biometric Technology
– ISO Standards on Biometric Security
– ISO Standards on Industry Applications
• Financial Services Industry
• Transportation Industry and government Immigration Services
29
Hosted by:June 23-26, 2003 • New York City
www.biometritechexpo.com
Standards Conclusion
Significant advances in the last 36 months– ANS INCITS 358-2002 BioAPI– ANS X9.84-2003 Biometric Security– ISO FDIS 7816 ICC Part 11 Biometrics– NISTIR 6529-A CBEFF
Further work in the next 36 months– ISO Biometric Technology Standards– ISO Biometric Security Standards – ISO Biometric Application Standards