State of Biometric Standards

spotlessstareSecurity

Nov 29, 2013 (3 years and 8 months ago)

78 views

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

State of Biometric Standards

Jeff Stapleton, Manager

Information Risk Management

Jstapleton@kpmg.com


(314) 444
-
1447

Chair X9F4
www.x9.org


Chair WG10
www.tc68.org


Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

1

Agenda


Biometric Standards


Standards Bodies


International Standards Bodies


USA Domestic Standards Bodies



State of the Standards


Past Achievements


Present Activity


Future Work in Progress

Who

are

they?

What

Are

they

doing?

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

2

International Standards Bodies

International Organization

for Standardization

International Electrotechnical

Commission

Joint Technical

Committee One

SC 17

Cards & Personal Identification

SC 27

IT Security Techniques

SC 37

Biometric Technology

TC 68

Banking, Securities and Financial services

SC 2

Security and General Banking Operations


Formal Liaison Relationships

Relative to Biometric Standards

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

3

Informal Bodies

USA Standards Bodies

International Organization

for Standardization

International Electrotechnical

Commission

Joint Technical

Committee One

A
ccredited

S
tandards

C
ommittee

USA National Standards Body

BioAPI

Consortium

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

4

US Interactive Relationships

Financial Services Security

Financial Services Industry

Biometric Security

Retail Banking

Public Key Infrastructure

incits

IT Security

M1

T4

B10

SC27

SC37

SC17

Biometric Technology

ID Card Technology

X9A

X9F

X9F5

X9F4

X9F6

TC68

SC2

SC6

WG10

WG8

WG6

Retail Bank Card Security

Liaison Relationship

US TAG Relationship

Industry Relationship

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

5

ISO Overview

Established 1946

www.iso.ch



146 National Standards Bodies


94 Member Bodies


USA is a Member Body with a National Standards Body


American National Standards Institute


Over 200 Technical Committees


TC 1 Screw Threads …


TC 68 Banking and Financial Services …


TC 215
Health Informatics

International Organization for Standardization

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

6

TC 68 Overview

International Organization for Standardization

Develops international technical standards


Financial Services Industry


Including banking and securities


Subcommittees

www.tc68.org



SC 2
Security Management and General Banking Operations


Biometrics
, Public Key Infrastructure (PKI), Security Guidelines


SC 4
Securities and Related Financial Instruments



SC 6
Retail Financial Services


Including PIN management, key management, and cryptographic
hardware devices used in the Retail Financial Services


Cardholder at ATM and Point
-
of
-
Sale (POS) Terminals

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

7

JTC1 Overview

Established early 1980’s

www.jtc1.ch



38 Liaison Members


94 National Member Bodies


USA is a Member Body with a National Standards Body


American National Standards Institute


18 Active Subcommittees …



SC 17
Cards & Personal Identification

INCITS/B10


SC 27
IT Security Techniques

INCITS/T4


SC 37
Biometrics (established 2002)

INCITS/M1

Joint Technical Committee One

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

8

JTC1/SC37 Overview

Established June 2002

www.jtc1


First meeting held December 2002


Scope is biometric technologies


File formats, APIs, application profiles, testing…


Excluded from SC37 scope


SC17 biometrics for cards and personal identification


SC27 biometric security and evaluation methodologies


Formal Liaisons include


SC37 to SC17


SC37 to SC27

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

9


Overview

Founded in 1918 as a membership
-
based, not
-
for
-
profit organization, ANSI is …


A coordinator and facilitator of the U.S. voluntary consensus
standards and conformity assessment system


An accreditation body for U.S. standards developers, U.S.
Technical Advisory Groups and U.S. certification programs


The forum for the U.S. standards and conformity assessment
communities


American National Standards (ANS) Developers


Currently more than 270 ANSI accredited standards developers,
representing 200 distinct entities


Not all standards developed by these organizations are
submitted for consideration as ANS

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

10

X9 Overview

Financial Services Industry


www.x9.org



X9A Subcommittee on Retail Banking

TC68/SC6


X9B Subcommittee on Check Processing


X9C Consumer Protection (established 2003)


X9D Subcommittee on Securities

TC68/SC4


X9F Subcommittee on Information Security

TC68/SC2


X9F1 Cryptographic Tools


X9F3 Cryptographic Protocols


X9F4 Cryptographic Applications


X9.84 Biometrics


X9F5 PKI Policy and Practices


X9F6 Management and Security


Retail Banking


X9 WG1 Privacy


Accredited Standards Committee

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

11


Overview

Information Technology Standards

www.incits.org



Formerly X3 Committee


36+ Technical Committees


B10 Identification Cards and Related Devices

SC17


AAMVA Driver License / Identification Standard


J16 Programming Language C++ …


L3 Audio, Picture, Multimedia, and Hypermedia …


M1 Biometrics (established 2002)


SC37


ANS INCITS 358
-
2002 BioAPI, NISTIR 6529
-
A Common
Biometric Exchange File Format (CBEFF)


T4 Security Techniques



SC27


ASN.1 Extended Encoding Rules (XER)

incits

International Committee for IT Standards

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

12

INCITS/M1 Overview

Established 2001


55+ Companies and organizations membership


US TAG to JTC1/SC37


Task Groups (
current organization
)


M1.1 Biometric Data Interchange Formats


M1.2 Biometric Technical Interfaces


M1.3 Biometric Profiles


M1.4 Biometric Performance Testing and Reporting

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

13


Overview

Established 1993


www.oasis
-
open.org



Originally founded as SGML


Standard Generalized Markup Language (SGML)


Renamed in 1998


Extensible Markup Language (XML)


600+ Corporate and Individual Members


100+ Countries including United Nations (ebXML)


XML Common Biometric Format (XCBF) Technical Committee


Established February 2002


XCBF patron format of NISTIR 6529
-
A CBEFF


XCBF based on ASN.1 schema in X9.84
-
2003


XCBF conforms to XML Encoding Rule (XER) in X.693


XCBF relies on X9.96
-
draft Cryptographic Message Syntax (CMS)

Organization for the Advancement of Structured Information Standards

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

14



Overview

Established 1992


www.biometrics.org



Co
-
hosted by NIST and NSA


Focal point for biometric research…


Operate discuss group
info@biometrics.org



Operate information line 1
-
866
-
BIOMETRics (866
-
246
-
6387)


Working Groups


Common Biometric Exchange File Format (CBEFF)


Biometrics Interoperability, Performance, and Assurance


NISTIR 6529
-
2001 CBEFF


NISTIR 6529
-
A
-
2002 CBEFF

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

15


Overview

Established 1998


www.bioapi.org



Focus was to harmonize the various biometric APIs


BioAPI Specification version 1.0


March 2000


Reference implementation version 1.0


September 2000


BioAPI Specification & implementation version 1.1


March 2001


Working Groups


Applications (AWG)


top level interface of the BioAPI


External (XWG)


transition to other standards bodies


Reference Implementation (RWG)


reference implementation


Conformance Test (CTWG)


conformance test suite

BioAPI Consortium

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

16

ISO/IEC JTC1/SC17

FDIS 7816 Part 11

-

-

-

Existing Standards *

US Standards

ISO/IEC JTC1

US Specifications

ISO TC68

OASIS XCBF

ANS X9.84
-
2003

Biometric Security

ISO TC68/SC2

NP 19092 ballot

-

NISTIR 6529
-
A

CBEFF 2002

ISO/IEC JTC1/SC37

NP 19785 ballot

-

-

ANS INCITS

358
-
2002 BioAPI

ISO/IEC JTC1/SC37

NP 19784 ballot

BioAPI 2001

Version 1.1

-

AAMVA DL/ID 2000

-

-

ISO/IEC JTC1/SC17

NP 18013 ballot

WSQ 1993 FBI

Fingerprint Compression


-

-

-

ANS

American National Standard

FCD

Final Committee Draft

NP

New Project

* Updated

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

17

CBEFF

Biometric Architecture

B
iometric

S
ervice

P
rovider

BioAPI Framework

Application

BIR

XCBF

Extended Markup Language (XML)

C
ryptographic

S
ervice

P
rovider

X9.84 Biometric Security

ASN.1

Biometric

Validation

Control

Objectives

ICC

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

18

INCITS/M1 Work in Progress

M1.1 Task Group


Biometric Data Formats


Finger Pattern Based Interchange Format


Finger Minutiae Format for Data Interchange


Finger Image Based Interchange Format


Face Recognition Format for Data Interchange


Iris Interchange Format


Signature / Sign Image Based Interchange Format


Digitized signature (not PKI digital signature)


Low level data interoperability


Vendor “A” format captured by vendor “B” device


Vendor “A” format processed by vendor “C” system

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

19

INCITS/M1 Work in Progress

M1.2 Task Group


Biometric Interfaces


INCITS 358
-
2002 BioAPI, NISTIR 6529
-
A CBEFF


Interoperability between biometric components & subsystems


Security mechanisms for stored and transmitted data


X9.84
-
2003 Biometric Information Management and Security


Reference model for multi
-
vendor systems


High level process interoperability


Functional calls


Fetch sample, Create template, Matching …


Application calls


Enroll, Identify, Verify …

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

20

INCITS/M1 Work in Progress

M1.3 Task Group


Biometric Profiles


Interoperability and Data Interchange, Biometric Based
Verification and Identification of…


Transportation Workers


Border Crossing


Point
-
of
-
Sale (POS)


X9.84
-
2003 for the Financial Services Industry


Industry specific needs


To be determined, initial meeting June 9
-
11 in Seattle WA

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

21

INCITS/M1 Work in Progress

M1.4 Task Group


Performance and Testing


Biometric metric definitions and calculations


Testing performance


Test reporting


Ongoing biometric technology issue…


False Match Rate (a.k.a., False Acceptance Rate)


False Non
-
Match Rate (a.k.a., False Reject Rate)


Failure to Enroll Rate


To be determined, initial meeting June 11 in Seattle WA

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

22

JTC1/SC37 Work in Progress


SG 01 Harmonized Biometric Vocabulary



No specific M1 correlation


AWI 19792 Framework for Security Evaluation and Testing


SG 02 Biometric Technical Interfaces

M1.2 TG


US submission NP 19784 ballot comments BioAPI


US submission NP 19785 ballot comments CBEFF


SG 03 Biometric Data Interchange Formats

M1.1 TG


AWI 19794 Biometric Data Interchange Formats

Work sorted by Study Group / Special Group:

AWI

Active Work Item

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

23

JTC1/SC37 Work in Progress


SG 04 Biometric Application Profiles

M1.3 TG


No Active Work Item Listed


SG 05 Biometric Testing and Reporting

M1.4 TG


AWI 19795 Biometric Performance Testing and Reporting


SG 06 Cross
-
Jurisdictional and Societal Aspects


No specific M1 correlation

Work sorted by Study Group / Special Group:

AWI

Active Work Item

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

24

Other Work in Progress

TC68/SC2/WG10


CD 19092 in ballot (X9.84
-
2003) due August 2003

JTC1/SC27


Biometric security in cooperation with TC68/SC2

JTC1/SC17


ISO 7816 Information Technology


Identification Cards


Integrated Circuit(s) Cards with Contacts


Part 11: Personal verification through biometric methods

International Civil Aviation Organization (ICAO)


Global Biometric Initiative with JTC1/SC17

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

25

Chronology Summary

Pre
-
2000


June 1993


FBI Fingerprint Compression WSQ published


October 1992


Biometric Consortium established


April 1998


BioAPI Consortium established


January 1999


X9F4 assigned NWI X9.84

Year 2000


March 2000


BioAPI Specification v1.0 published


June 2000


AAMVA Drivers License / Identification published


December 2000


ISO/IEC CD 7816 ICC Part 11 Biometrics ballot


Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

26

Chronology Summary

Year 2001


January 2001


NISTR 6529 CBEFF published


March 2001


ANS X9.84
-
2001 published (BioAPI v1.0)


March 2001


BioAPI Specification v1.1 published


March 2001


NIST 6529 CBEFF published


November 2001


INCITS/M1 established


December 2000


ISO/IEC DIS 7816 ICC Part 11 Biometrics ballot

Year 2002


February 2002


NISTR 6529
-
A CBEFF published


March 2002


ANS INCITS 358
-
2002 (BioAPI v1.1) published


March 2002


CTST Linden Award presented to Cathy Tilton


June 2002


JTC1/SC37 established


December 2002


ISO/IEC FDIS 7816 ICC Part 11 Biometrics ballot

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

27

Chronology Summary

Year June 2003 (so far)


February 2003


JTC1/SC37 CD 19785 ballot comments BioAPI


February 2003


JTC1/SC37 CD ballot comments CBEFF


February 2003


XCBF 1.0 Committee Specification published


June 2003


ANS X9.84
-
2003 Biometric Security published


June 2003


TC68 CD 19092 in ballot (X9.84
-
2003)

Year July 2003 and beyond…


ISO 7816 ICC Part 11 Biometrics


ISO Standards on Biometric Technology


ISO Standards on Biometric Security


ISO Standards on Industry Applications


Financial Services Industry


Transportation Industry and government Immigration Services

Hosted by:

June 23
-
26, 2003 • New York City

www.biometritechexpo.com

28

Standards Conclusion *

Significant advances in the last 36 months


ANS INCITS 358
-
2002 BioAPI


ANS X9.84
-
2003 Biometric Security


ISO FDIS 7816 ICC Part 11 Biometrics


NISTIR 6529
-
A CBEFF

Further work in the next 36 months


ISO Biometric Technology Standards


ISO Biometric Security Standards


ISO Biometric Application Standards

Missing topics for biometric technology


Standardized testing for error rates (e.g., FM, FNM, FTE)


Device evaluation criteria (e.g., Common Criteria / PP)

* Updated