Introduction to Biometrics
2004.9.16
1
What is Biometrics
Biometrics are automated methods
of recognizing a person based on
a physiological or behavioral
characteristics
2
Biometric includes

Physiological Characteristics
–
–
–
–
–

Fingerprint
Palm print
Face
Iris
Voice
Behavioral Characteristics
– Signature
3
Fingerprint

Strength
–
–
–
–

Proven Technology Capable of High Level of Accuracy
Range of Deployment Environments
Ergonomic, Easy-to-Use Device
Ability to Enroll Multiple Fingers
Weakness
–
–
–
–
Inability to Enroll Some Users
Performance Deterioration over Time
Association with Forensic Application
Need to Deploy Specialized Devices
4
Palm print

Strength
–
–
–
–
–

Ability to Operate in Challenging Environment
Established, Reliable Core Technology
General Perception as Non-intrusive
Relatively Stable Physiological Characteristic as Basis
Combination of Convenience and Deterrence
Weakness
– Inherently Limited Accuracy
– Form Factor That Limits Scope of Potential
Applications
– Price
5
Face

Strength
– Ability to Leverage Existing Equipment and Image
Processing
– Ability to Operate without Physical Contact or User
Complicity
– Ability to Enroll Static Images

Weakness
– Acquisition Environment Effect on Matching Accuracy
– Changes in Physiological Characteristics That Reduce
Matching Accuracy
– Potential for Privacy Abuse Due to Non-cooperative
Enrollment and Identification
6
Iris

Strength
– Resistance to False Matching
– Stability of Characteristic over Lifetime
– Suitability for Logical and Physical Access

Weakness
– Difficulty of Usage
– False Non-matching and Failure-to-Enroll
– User Discomfort with Eye-Based Technology
– Need for a Proprietary Acquisition Device
7
Voice

Strength
– Ability to Leverage Existing Telephony Infrastructure
– Synergy with Speech Recognition and Verbal Account
Authentication
– Resistance to Imposters
– Lack of Negative Perceptions Associated with Other
Biometrics

Weakness
– Effect of Acquisition Devices and Ambient Noise on
Accuracy
– Perception of Low Accuracy
– Lack of Suitability for Today’s PC Usage
8
Signature

Strength
– Resistant to Imposters
– Leverages Existing Processes
– Perceived as Non-invasive
– Users Can Change Signatures

Weakness
– Inconsistent Signatures Lead to Increased Error Rates
– Users Unaccustomed to Singing on Tablets
– Limited Applications
9
Biometric Process
Enrollment:
Present
Biometric
Capture
Process
No Match
Compare
Verification:
Present
Biometric
Store
Capture
Process
Match
10
Division of Biometrics Market
11
Revenue of Biometrics Market
Source: International Biometric Industry Association（IBIA）
12
Biometric
Market
Size
 Revenue:
– 2003 revenue: $719M USD
– 2006 projected revenue: $2.7B USD
– 2008 projected revenue: $4.8B USD

From:
– Law enforcement
– Public sector identification / Authentication
– ID Card / E-passport / Immigration
13
Technology Growth Comparison
2003
Fingerprint
$198
2006
x4
x8
$858
Facial Recognition
$50
Hand Geometry
$43
$137
Middleware
$48
$209
Iris Recognition
$36
$190
Voice Verification
$23
$114
$9
$54
$11
$106
AFIS
$312
$705
Total
$719
$2,684
Signature Verification
Multi-modal
$417
Source: IBG’s “Biometrics Market and Industry Report 2004-2008”
14
Market size (in yen)
1012
Business Model
Network user authentication
Information system
authentication
(千億)1011
Entrance and exit
management
PC Login
Authentication
service business
(100億)1010
System integration business
(10億)109
1980
Equipment/library business
1995
2005 2010
2025(year)
Source: Biometrics Security consortium
15

Time Division
1990-1995: access control & PC login
 1995-2005: info. system authentication
 2005-: network user authentication

Japanese market:
– 2000: 3M USD (equipment), 30M (system)
– 2005: 10M USD(equipment), 100M (system)
16
Market: Access Control (Worldwide)
2004

Market scale: 100M USD
 Market requirement:
– Repeated use for one device
– Severe demand on stability
– High quality for services
– Professional partner for integration
17
Market: Information System Authentication

Market scale: 800M USD (ID card, etc.)
 Market requirements:
– Integrator: multi-workstations, service to citizens,
fingerprint database, network connection, secure
info. access.
– High quality reader
– Entire client-server architecture
– Implementation for related standards
18
Market: Network User Authentication

Market requirement:
– M-business: cell phone, PDA, N/B
– E-business: smart-card, ATM, P.O.S
19
Drive to Market
Since 911，national security becomes the major consideration.
Therefore, a large quantity of biometric solution is in demands.
The growth of biometric market is expected to be over 40% annually.
The market scale of 2007 is predicted to be approximate 4 billion USD.
– E-passport with face & fingerprint check at the immigration.
– Civil administration & work permit application for fingerprint
verification/identification.
– Verification for 3G cell phone with fingerprint.
20
Status of Biometric
Standardization
(Updated)
21
Overview
 Status
of Consortia Work in
Biometrics Standardization
 Status of Approved Projects in
INCITS M1- Biometrics
 Status of JTC1 SC37 – Biometrics
 Interoperability Requirements
22
Biometric Standards:
Interoperability &
Data Interchange
What is it necessary to
achieve?
Client/Server – Different OS
•
Biometric
Authentication
Fraud prevention
E-commerce or Internet
bank customer
Internet
Enterprise Web Server
•
Remote access
•
Transaction security
Internet Security
23
美國Biometrics標準化活動
ISO
SC17
ID Card
ANS
美國標準局
NCITS(ANSI認定機關)
資訊技術標準化委員會
NIST
標準化技術研究所
X9
金融
B10
ID Card
NIST-ITL
標情報技術研究部
X9F
Information
Security
B10.8
Driver License
X9F8
Biometrics
B10.8
美國政府Bio/API
AAMVA
美國自動車連合
BioAPI
標準Biometrics
API
Data Format Standard
of Driver License
美國警察
X9.84
Interoperability of
Biometrics data
on ID Card
CBEFF
IBIA
Private Com.
ISOxxx
ANSIxxx
The Common Biometrics
Exchange File Format
CBEFF
標準Data Format
完全性驗證
Tele Trust
INTEL及Biometrics
Intel & Biometrics
Vendor
CBEFF
標準
Smart Card
24
NIST Approach
 Lead, participate and promote the acceleration of standard






development efforts.
Promote the adoption of approved standards (e.g., CBEFF,
BioAPI, ANSI/NIST).
Conduct related R&D (e.g., evaluation methodologies, evaluation
of single-modal and multi-modal authentication architectures).
Develop advanced biometric data interchange structures (e.g.,
nested CBEFF structures).
Work in harmonization with efforts undertaken by other Gov.
agencies (e.g., DoD, intelligence community, TSA, GSA, State).
Respond to legislative requirements (e.g., USA Patriot Act).
Leverage from our involvement with the Biometric Consortium
and other forums (e.g., NIST/BC Biometric WG) support user
requirements and also support industry.
25
CBEFF
A Biometric Data Interchange
Standard
to Support All Biometric
Technologies in a Common Way
26
NISTIR 6529
www.nist.gov/cbeff
•
Facilitates biometric data interchange between
different system components or systems.
• The development was coordinated with industry
consortiums (e.g., BioAPI Consortium) and
standards Technical Committees (e.g., X9.F4
Working Group).
• ANSI/ISO Fast Track candidate
Data Elements and
Header Fields
Header
Biometric Specific
Memory Block
Security Options (e.g., plain, or
encrypted)
Integrity Options (e.g., signed)
Patron (e.g., BioAPI) Header Version
Biometric Type (e.g., facial features)
Record Data Type (e.g., processed)
Record Purpose (e.g., enroll)
Signature
Record Data Quality
Creation Date (of the biometric
data)
Creator (entity that created the
biometric data object)
Format Owner (CBEFF
Requirement)
Format Type
Need a universally recognized registrar for Format
Owner/Format Type (www.ibia.org/formats.htm)
NIST/Biometric Consortium
Biometric Interoperability, Performance
and Assurance Working Group
29
90 organizations
www.nist.gov/bcwg
• Task
Groups/Technical Development Teams:

Biometric Template Protection & Usage Task Group
(Dr. Soutar, BioScrypt)

Biometric Security Task Force (C. Tilton, SAFLINK)

Assurance Ad-Hoc Group (M. King, Booz Allen
Hamilton)

CBEFF Technical Development Team (F. Podio, NIST &
J. Dunn, NSA) – augmented CBEFF under
development

Testing Ad-Hoc Group (Dr. Negin, MNEMONICS)
CBEFF Nested Structure & Multi-Biometrics
Allows for multiple data types and/or multiple data
objects within the CBEFF data structure
Standard Bio Header
Type=Multi Bio
Standard Bio Header
Type=Finger
Standard Bio Header
Data
Standard Bio Header
Data
Standard Bio Header
Signature
Data
Type=Iris
31

Other Elements of the Revised
CBEFF
Data origination
 Product Identifier: CBEFF needs to uniquely identify
the format and the originator of every biometric data
structure.

Validity Period (Valid from, Valid until)
 Adopt X9.84 definition: YYYYMMDDHHMMSSZ
•
•
•
Challenge data and payload (specified by the
Patron)
Use of biometric data in tokens for machinereadable documents.
Name change:
Biometrics Standards & CBEFF
Organization
Standard
Status
NIST/BC Biometric
WG
NISTIR 6529 - CBEFF
Published Jan 2001
Being augmented by the NIST/BC
Biometric WG
BioAPI Consortium
BioAPI V1.1
ANSI/INCITS 358
Released March 2001
Approved February 13, 2002
X9/Financial/Banking
ANSI X9.84
Approved (ANSI) Feb 2001
Open Group
Human Recognition
Services of CDSA
Updated to be consistent with BioAPI
NIST
Data format for
finger/facial/SMT
ANSI/NIST-ITL-1-2000
Approved 2000
ISO/IEC SC17 WG4
ISO/IEC 7816-11 - use
of biometric data in SC
NIST/BC WG harmonized format in
7816-11 for CBEFF compliance
INCITS
M1 - Biometrics
Application profiles
Data formats
5 approved projects (2 Application
Profiles & 3 data formats)
Logical Data Structure for
Travel Documents
Expected to be fully CBEFF compliant
ISO/IEC SC17
& ICAO
Biometric Architecture
Example
Application
Biometric
Validation
Control
Objectives
Biometric
Object
X9.84 Biometric Security
BIR
BioAPI Framework
CBEFF
Cryptographic
Service
Provider
Biometric
Service
Provider
34
INCITS 358-2002, BioAPI V1.1
Specification
An Open Systems Interface
Standard
for Biometric Integration
35
BioAPI - An Open Systems Interface Standard
for Biometric Integration
A biometric API standard defines a generic way of interfacing
to a broad range of biometric technologies.
Benefits:
• Easy substitution of biometric
technologies
Application
BioAPI Interface
Biometric
Service
Provider
Biometric
Service
Provider
Biometric
Service
Provider
Biometric
Device
Biometric
Device
Biometric
Device
• Use of biometric technology
across multiple applications
• Easy integration of multiple
biometrics using the same
interface
• Rapid application
development - increased
competition (tends to lower
36
costs)
Open Systems
• BioAPI specification and Win32 reference implementation both
available at: www.bioapi.org
• Plans underway to port to Unix (IBG) and Linux (NIST)
• Conformance test suite for Win32 and Unix/Linux
• Seeking sponsors for port efforts
Windows PC
Web Browser
Linux Server
BioAPI R/T
BioAPI R/T
BSP
BSP
Web App
BSP
BSP
• Fast track candidate to ISO through INCITS & M1 –
Biometrics Technical Committee
37
BioAPI
Consortium
A Bit of History
Unification of
Biometric API
development
industry efforts
1999
Common
Biometric
Exchange File
Format (CBEFF)
development
starts
BioAPI
Spec. v1.0
released
BioAPI Spec. v1.1
released
BioAPI
Reference
implementation
released
2000
BioAPI v1.1 approved as
ANSI/INCITS 358
2001
CBEFF
published
NISTIR 6529
Users’ and
Developers’
Seminar
CBEFF Upward
revision starts
2002
Revised CBEFF
Ballot (planned)
Status of Approved Projects in
INCITS M1- Biometrics
• INCITS Web site:
www.incits.org
• M1 – Biometrics:
www.ncits.org/tc_home/m1.htm
• M1 Document Register:
www.ncits.org/tc_home/m1htm/docs/m1docreg.htm
39
INCITS/M1 Biometrics
• Purpose:
 Established in November 2001 by the Executive Board of
INCITS to accelerate the deployment of significantly
better, open systems standard-based security solutions
for purposes such as homeland defense and the prevention
of ID theft.
 Elevate consortia standards to national and international
voluntary consensus standards (e.g., BioAPI, CBEFF).
 Develop application profiles (e.g., airport security, border
crossing), and other biometric generic standards as
needed (e.g., data formats).
• Legislative accelerants such as:
 Public Law 107-71 - Aviation and Transportation Security
 Public Law 107-56 - “The USA Patriot Act”
 Public Law 107-173 – “Border Security Act”
40
INCITS M1 Biometrics - Status
• Meetings:
 January/May/August/December 2002
• Officers:
 F. Podio, Chairman
 C. Tilton, IR
 C. Soutar, Vice Chairman
 S. Elliot, Secretary
• M1 is the US TAG to JTC 1 SC 37
• Five Approved Development Projects
• INCITS 358 BioAPI: JTC 1 SC 37 Fast Track candidate
• Revised CBEFF: INCITS/JTC 1 SC37 Fast Track
candidate
41
M1 Projects and ISO SC37
INCITS/M1
Five projects under development
Application Profile
Verification & Identification
of Transportation Workers (01/03)
Proposed
to M1
Finger Image
Interchange Format
Application Profile
Personal identification for
Border Crossing (01/03)
Application Profile
Biometric Verification
in POS Systems
BioAPI V1.1
ANSI/INCITS 358
INCITS
Fast Track
(Planned)
Revised CBEFF
NISTIR 6529-A
Finger Minutiae Format
For Data Interchange (01/03)
Face Image
Interchange Format
Iris Recognition
Interchange Format
INCITS
Fast Track
Finger Pattern-Based
Interchange Format (04/03)
Face Recognition Format
for Data Interchange (07/03)
JTC 1
Fast Track
(Planned)
ISO/IEC JTC 1
SC37
42
M1 Biometrics Standards Incubators
www.biometrics.org
www.nist.gov/bcwg
www.itl.nist.org
www.nist.gov/cbeff
www.ibia.org
www.bioapi.org
www.biometricfoundation.org
43
Status of JTC 1 SC 37 - Biometrics
44
Current Scope of Work
(SC 37 and INCITS M1)
Application
Profiles for ID
and Verification
Transportation Workers,
Border Crossing, Point of
Sale
INCITS 358 (BioAPI V1.1 Spec)
Biometric Application
Programming Interfaces
Common Biometric
Exchange Framework
Format
Biometric
Interchange
Data
Formats
CBEFF (NISTIR 6529),
NISTIR 6529-A under
development
Fingerprint Minutiae
Finger Pattern-Based
Face Landmarks
Derived from Colin Soutar’s Onion
view on Biometrics standardization
45
Status of JTC 1 SC 37 – Biometrics
• Call for P Members (countries) closes
September 2002.
• US funding of SC 37 Secretariat
 NIST & M1 are pursuing funding at $150K/year
 $50K secured (NIST) – PO being processed.
 ANSI will perform Secretariat duties
• Initial SC 37 Plenary Meeting:
 Meeting planned for December 11 – 13, 2002
 Hosted by US (M1) in Orlando, FL.
• M1 anticipates submitting at least seven
contributions.
46
Smart Cards and Biometrics
Interoperability Requirements

Can BioAPI fully satisfy the requirements
or is further work required?
 Possible approach:
 Form an M1-Biometrics Ad-Hoc Group:
 Work would be coordinated with the BioAPI
Consortium, INCITS B10 and other smart card experts.




Review BioAPI’s capability to fully provide the required level
of interoperability for different architectures (e.g., different
biometric data matching and storage locations)
BioAPI extension required (e.g., another parameter in the
Verify function)?
Is a layer on top on BioAPI needed?
Coordinate work with possible augmentation of BioAPI when it
47
goes for ISO Fast Track.
美國Biometrics標準化活動
ISO
SC17
ID Card
ANS
美國標準局
NCITS(ANSI認定機關)
資訊技術標準化委員會
NIST
標準化技術研究所
X9
金融
B10
ID Card
NIST-ITL
標情報技術研究部
X9F
Information
Security
B10.8
Driver License
X9F8
Biometrics
B10.8
美國政府Bio/API
AAMVA
美國自動車連合
BioAPI
標準Biometrics
API
Data Format Standard
of Driver License
美國警察
X9.84
Interoperability of
Biometrics data
on ID Card
CBEFF
IBIA
Private Com.
ISOxxx
ANSIxxx
The Common Biometrics
Exchange File Format
CBEFF
標準Data Format
完全性驗證
Tele Trust
INTEL及Biometrics
Intel & Biometrics
Vendor
CBEFF
標準
Smart Card
48
Summary

Base generic standards (e.g., CBEFF, BioAPI) developed in
the last few years set the foundation for achieving system
interoperability and biometric data interchange.

NIST, the BC, the IT industry and end-users are leveraging
from these base generic standards to accelerate the
deployment of open systems standard-based security
solutions for different applications (e.g., Prevention of ID
Theft, Homeland Security, Heath Care, Enterprise Networks,
Multi-OS Architectures).

The end goal is the approval of formal - generic national and
international standards necessary to enable interoperability
and data interchange between applications and systems. 49