State of Biometric Standards
Jeff Stapleton, Manager
Information Risk Management
[email protected]
(314) 444-1447
Chair X9F4 www.x9.org
Chair WG10 www.tc68.org
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
Agenda – Biometric Standards
• Standards Bodies
– International Standards Bodies
– USA Domestic Standards Bodies
• State of the Standards
– Past Achievements
– Present Activity
– Future Work in Progress
Who
are
they?
What
Are
they
doing?
1
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
International Standards Bodies
International Organization
for Standardization
TC 68
Banking, Securities and Financial services
SC 2
Security and General Banking Operations
Formal Liaison Relationships
Relative to Biometric Standards
Joint Technical
Committee One
International Electrotechnical
Commission
SC 17
Cards & Personal Identification
SC 27
IT Security Techniques
SC 37
Biometric Technology
2
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
USA Standards Bodies
Informal Bodies
International Organization
for Standardization
Joint Technical
Committee One
International Electrotechnical
Commission
BioAPI
Consortium
USA National Standards Body
Accredited
Standards
Committee
3
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
US Interactive Relationships
Financial Services Industry
TC68
X9A
X9F6
X9F
Retail Banking
SC6
Retail Bank Card Security
WG6
Financial Services Security
SC2
X9F5
WG8
Public Key Infrastructure
X9F4
WG10
Biometric Security
Liaison Relationship
US TAG Relationship
Industry Relationship
incits
B10
SC17
ID Card Technology
T4
SC27
Biometric Technology
M1
SC37
IT Security
June 23-26, 2003 • New York City
www.biometritechexpo.com
4
Hosted by:
ISO Overview
International Organization for Standardization
Established 1946
www.iso.ch
– 146 National Standards Bodies
– 94 Member Bodies
• USA is a Member Body with a National Standards Body –
American National Standards Institute
• Over 200 Technical Committees
– TC 1 Screw Threads …
– TC 68 Banking and Financial Services …
– TC 215 Health Informatics
5
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
TC 68 Overview
International Organization for Standardization
Develops international technical standards
– Financial Services Industry
– Including banking and securities
• Subcommittees
www.tc68.org
– SC 2 Security Management and General Banking Operations
• Biometrics, Public Key Infrastructure (PKI), Security Guidelines
– SC 4 Securities and Related Financial Instruments
– SC 6 Retail Financial Services
• Including PIN management, key management, and cryptographic
hardware devices used in the Retail Financial Services
• Cardholder at ATM and Point-of-Sale (POS) Terminals
6
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
JTC1 Overview
Joint Technical Committee One
Established early 1980’s
www.jtc1.ch
– 38 Liaison Members
– 94 National Member Bodies
• USA is a Member Body with a National Standards Body –
American National Standards Institute
• 18 Active Subcommittees …
– SC 17 Cards & Personal Identification
– SC 27 IT Security Techniques
– SC 37 Biometrics (established 2002)
INCITS/B10
INCITS/T4
INCITS/M1
7
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
JTC1/SC37 Overview
Established June 2002
www.jtc1
– First meeting held December 2002
– Scope is biometric technologies
• File formats, APIs, application profiles, testing…
– Excluded from SC37 scope
• SC17 biometrics for cards and personal identification
• SC27 biometric security and evaluation methodologies
– Formal Liaisons include
• SC37 to SC17
• SC37 to SC27
8
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
Overview
Founded in 1918 as a membership-based, not-forprofit organization, ANSI is …
– A coordinator and facilitator of the U.S. voluntary consensus
standards and conformity assessment system
– An accreditation body for U.S. standards developers, U.S.
Technical Advisory Groups and U.S. certification programs
– The forum for the U.S. standards and conformity assessment
communities
• American National Standards (ANS) Developers
– Currently more than 270 ANSI accredited standards developers,
representing 200 distinct entities
– Not all standards developed by these organizations are
submitted for consideration as ANS
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
9
X9 Overview
Accredited Standards Committee
Financial Services Industry
–
–
–
–
–
www.x9.org
X9A Subcommittee on Retail Banking
X9B Subcommittee on Check Processing
X9C Consumer Protection (established 2003)
X9D Subcommittee on Securities
X9F Subcommittee on Information Security
•
•
•
•
•
TC68/SC6
TC68/SC4
TC68/SC2
X9F1 Cryptographic Tools
X9F3 Cryptographic Protocols
X9F4 Cryptographic Applications – X9.84 Biometrics
X9F5 PKI Policy and Practices
X9F6 Management and Security – Retail Banking
– X9 WG1 Privacy
10
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
incits Overview
International Committee for IT Standards
Information Technology Standards
www.incits.org
– Formerly X3 Committee
– 36+ Technical Committees
• B10 Identification Cards and Related Devices
SC17
– AAMVA Driver License / Identification Standard
• J16 Programming Language C++ …
• L3 Audio, Picture, Multimedia, and Hypermedia …
• M1 Biometrics (established 2002)
SC37
– ANS INCITS 358-2002 BioAPI, NISTIR 6529-A Common
Biometric Exchange File Format (CBEFF)
• T4 Security Techniques …
– ASN.1 Extended Encoding Rules (XER)
June 23-26, 2003 • New York City
www.biometritechexpo.com
SC27
11
Hosted by:
INCITS/M1 Overview
Established 2001
– 55+ Companies and organizations membership
– US TAG to JTC1/SC37
• Task Groups (current organization)
–
–
–
–
M1.1 Biometric Data Interchange Formats
M1.2 Biometric Technical Interfaces
M1.3 Biometric Profiles
M1.4 Biometric Performance Testing and Reporting
12
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
Overview
Organization for the Advancement of Structured Information Standards
Established 1993
www.oasis-open.org
– Originally founded as SGML
• Standard Generalized Markup Language (SGML)
• Renamed in 1998 – Extensible Markup Language (XML)
– 600+ Corporate and Individual Members
– 100+ Countries including United Nations (ebXML)
– XML Common Biometric Format (XCBF) Technical Committee
•
•
•
•
•
Established February 2002
XCBF patron format of NISTIR 6529-A CBEFF
XCBF based on ASN.1 schema in X9.84-2003
XCBF conforms to XML Encoding Rule (XER) in X.693
XCBF relies on X9.96-draft Cryptographic Message Syntax (CMS)
13
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
Overview
Established 1992
www.biometrics.org
– Co-hosted by NIST and NSA
• Focal point for biometric research…
• Operate discuss group [email protected]
• Operate information line 1-866-BIOMETRics (866-246-6387)
– Working Groups
• Common Biometric Exchange File Format (CBEFF)
• Biometrics Interoperability, Performance, and Assurance
– NISTIR 6529-2001 CBEFF
– NISTIR 6529-A-2002 CBEFF
14
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
Overview
BioAPI Consortium
Established 1998
www.bioapi.org
– Focus was to harmonize the various biometric APIs
• BioAPI Specification version 1.0 – March 2000
• Reference implementation version 1.0 – September 2000
• BioAPI Specification & implementation version 1.1 – March 2001
• Working Groups
–
–
–
–
Applications (AWG) – top level interface of the BioAPI
External (XWG) – transition to other standards bodies
Reference Implementation (RWG) – reference implementation
Conformance Test (CTWG) – conformance test suite
15
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
Existing Standards *
ISO TC68
ISO/IEC JTC1
US Standards
-
-
-
-
ISO/IEC JTC1/SC17
NP 18013 ballot
-
AAMVA DL/ID 2000
-
ISO/IEC JTC1/SC37
NP 19784 ballot
ANS INCITS
358-2002 BioAPI
BioAPI 2001
Version 1.1
-
ISO/IEC JTC1/SC37
NP 19785 ballot
-
NISTIR 6529-A
CBEFF 2002
-
ISO/IEC JTC1/SC17
FDIS 7816 Part 11
-
-
ISO TC68/SC2
NP 19092 ballot
-
ANS X9.84-2003
Biometric Security
OASIS XCBF
ANS
FCD
NP
US Specifications
WSQ 1993 FBI
Fingerprint Compression
American National Standard
Final Committee Draft
New Project
* Updated
June 23-26, 2003 • New York City
www.biometritechexpo.com
16
Hosted by:
Biometric Architecture
Extended Markup Language (XML)
XCBF
Application
ASN.1
X9.84 Biometric Security
Biometric
Validation
Control
Objectives
CBEFF
BioAPI Framework
Cryptographic
Service
Provider
Biometric
Service
Provider
BIR
ICC
17
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
INCITS/M1 Work in Progress
M1.1 Task Group – Biometric Data Formats
–
–
–
–
–
–
Finger Pattern Based Interchange Format
Finger Minutiae Format for Data Interchange
Finger Image Based Interchange Format
Face Recognition Format for Data Interchange
Iris Interchange Format
Signature / Sign Image Based Interchange Format
• Digitized signature (not PKI digital signature)
• Low level data interoperability
– Vendor “A” format captured by vendor “B” device
– Vendor “A” format processed by vendor “C” system
18
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
INCITS/M1 Work in Progress
M1.2 Task Group – Biometric Interfaces
– INCITS 358-2002 BioAPI, NISTIR 6529-A CBEFF
– Interoperability between biometric components & subsystems
– Security mechanisms for stored and transmitted data
• X9.84-2003 Biometric Information Management and Security
– Reference model for multi-vendor systems
• High level process interoperability
– Functional calls
• Fetch sample, Create template, Matching …
– Application calls
• Enroll, Identify, Verify …
19
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
INCITS/M1 Work in Progress
M1.3 Task Group – Biometric Profiles
– Interoperability and Data Interchange, Biometric Based
Verification and Identification of…
– Transportation Workers
– Border Crossing
– Point-of-Sale (POS)
• X9.84-2003 for the Financial Services Industry
• Industry specific needs
– To be determined, initial meeting June 9-11 in Seattle WA
20
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
INCITS/M1 Work in Progress
M1.4 Task Group – Performance and Testing
– Biometric metric definitions and calculations
– Testing performance
– Test reporting
• Ongoing biometric technology issue…
–
–
–
–
False Match Rate (a.k.a., False Acceptance Rate)
False Non-Match Rate (a.k.a., False Reject Rate)
Failure to Enroll Rate
To be determined, initial meeting June 11 in Seattle WA
21
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
JTC1/SC37 Work in Progress
Work sorted by Study Group / Special Group:
• SG 01 Harmonized Biometric Vocabulary
– No specific M1 correlation
– AWI 19792 Framework for Security Evaluation and Testing
• SG 02 Biometric Technical Interfaces
M1.2 TG
– US submission NP 19784 ballot comments BioAPI
– US submission NP 19785 ballot comments CBEFF
• SG 03 Biometric Data Interchange Formats
M1.1 TG
– AWI 19794 Biometric Data Interchange Formats
AWI
22
Active Work Item
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
JTC1/SC37 Work in Progress
Work sorted by Study Group / Special Group:
• SG 04 Biometric Application Profiles
M1.3 TG
– No Active Work Item Listed
• SG 05 Biometric Testing and Reporting
M1.4 TG
– AWI 19795 Biometric Performance Testing and Reporting
• SG 06 Cross-Jurisdictional and Societal Aspects
– No specific M1 correlation
AWI
23
Active Work Item
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
Other Work in Progress
TC68/SC2/WG10
– CD 19092 in ballot (X9.84-2003) due August 2003
JTC1/SC27
– Biometric security in cooperation with TC68/SC2
JTC1/SC17
– ISO 7816 Information Technology – Identification Cards –
Integrated Circuit(s) Cards with Contacts
• Part 11: Personal verification through biometric methods
International Civil Aviation Organization (ICAO)
– Global Biometric Initiative with JTC1/SC17
24
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
Chronology Summary
Pre-2000
–
–
–
–
June 1993 – FBI Fingerprint Compression WSQ published
October 1992 – Biometric Consortium established
April 1998 – BioAPI Consortium established
January 1999 – X9F4 assigned NWI X9.84
Year 2000
– March 2000 – BioAPI Specification v1.0 published
– June 2000 – AAMVA Drivers License / Identification published
– December 2000 – ISO/IEC CD 7816 ICC Part 11 Biometrics ballot
25
June 23-26, 2003 • New York City
www.biometritechexpo.com
Hosted by:
Chronology Summary
Year 2001
–
–
–
–
–
–
January 2001 – NISTR 6529 CBEFF published
March 2001 – ANS X9.84-2001 published (BioAPI v1.0)
March 2001 – BioAPI Specification v1.1 published
March 2001 – NIST 6529 CBEFF published
November 2001 – INCITS/M1 established
December 2000 – ISO/IEC DIS 7816 ICC Part 11 Biometrics ballot
Year 2002
–
–
–
–
–
February 2002 – NISTR 6529-A CBEFF published
March 2002 – ANS INCITS 358-2002 (BioAPI v1.1) published
March 2002 – CTST Linden Award presented to Cathy Tilton
June 2002 – JTC1/SC37 established
December 2002 – ISO/IEC FDIS 7816 ICC Part 11 Biometrics ballot
June 23-26, 2003 • New York City
www.biometritechexpo.com
26
Hosted by:
Chronology Summary
Year June 2003 (so far)
–
–
–
–
–
February 2003 – JTC1/SC37 CD 19785 ballot comments BioAPI
February 2003 – JTC1/SC37 CD ballot comments CBEFF
February 2003 – XCBF 1.0 Committee Specification published
June 2003 – ANS X9.84-2003 Biometric Security published
June 2003 – TC68 CD 19092 in ballot (X9.84-2003)
Year July 2003 and beyond…
–
–
–
–
ISO 7816 ICC Part 11 Biometrics
ISO Standards on Biometric Technology
ISO Standards on Biometric Security
ISO Standards on Industry Applications
• Financial Services Industry
• Transportation Industry and government Immigration Services
June 23-26, 2003 • New York City
www.biometritechexpo.com
27
Hosted by:
Standards Conclusion *
Significant advances in the last 36 months
–
–
–
–
ANS INCITS 358-2002 BioAPI
ANS X9.84-2003 Biometric Security
ISO FDIS 7816 ICC Part 11 Biometrics
NISTIR 6529-A CBEFF
Further work in the next 36 months
– ISO Biometric Technology Standards
– ISO Biometric Security Standards
– ISO Biometric Application Standards
Missing topics for biometric technology
– Standardized testing for error rates (e.g., FM, FNM, FTE)
– Device evaluation criteria (e.g., Common Criteria / PP)
* Updated
June 23-26, 2003 • New York City
www.biometritechexpo.com
28
Hosted by:
Descargar

State of Biometric Standards