Presentation is loading. Please wait.

Presentation is loading. Please wait.

WG3 report on Biometric Data Format and Related Standards Christoph Busch - ISO/IEC JTC1/SC37 WG3 Convenor - Darmstadt 2014-01-20.

Similar presentations


Presentation on theme: "WG3 report on Biometric Data Format and Related Standards Christoph Busch - ISO/IEC JTC1/SC37 WG3 Convenor - Darmstadt 2014-01-20."— Presentation transcript:

1 WG3 report on Biometric Data Format and Related Standards Christoph Busch - ISO/IEC JTC1/SC37 WG3 Convenor - Darmstadt

2 2 Christoph Busch Meetings Winchester to THANKS to the UK for hosting us Darmstadt to

3 3 Christoph Busch Agenda Context Need for standardization Status of Biometric Data Formats Trends 3

4 4 Christoph Busch Context 4

5 5 Christoph Busch International Organization for Standardisation International Electrotechnical Commission SC 17 Cards & Personal Identification SC 27 IT Security Techniques SC 37 Biometrics TC 68 Banking, Securities Financial services SC 37 Formal Liaisons SC37 to TC68 Joint Technical Committee One Biometric Standardisation International Civil Aviation Organization 5

6 6 Christoph Busch ISO/IEC SC37 Biometrics Established by JTC 1 in June 2002 to ensure a high-priority, focused and comprehensive approach worldwide for the rapid development of formal generic biometric standards Scope of SC37 “Standardization of generic biometric technologies pertaining to human beings to support interoperability and data interchange among applications and systems. Generic human biometric standards include: common file frameworks; biometric application programming interfaces; biometric data interchange formats; related biometric profiles; application of evaluation criteria to biometric technologies; methodologies for performance testing and reporting and cross jurisdictional and societal aspects” Next meeting: July, 2014 registration: 6

7 7 Christoph Busch Working Group 3 Title: Biometric Data Interchange Convenor: Christoph Busch (Germany) Terms of Reference: To consider the standardisation of the content, meaning, and representation of biometric data formats which are specific to a particular biometric technology. To ensure a common look and feel for Biometric Data Structure standards, with notation and transfer formats that provide platform independence and separation of transfer syntax from content definition “Getting equipment to understand each other” 7

8 8 Christoph Busch Biometric Standardisation Onion Layers Layer 1: BDIR ‣ Digital representations of biometric characteristics Layer 2: LDS ‣ CBEFF Meta-data Layer 3+4: System properties ‣ Security ‣ Performance Layer 5: BioAPI, BIP ‣ System Integration 8 SC37 WG3 SC37 WG2 CBEFF SC27 ( Availability, Integrity) SC Card based SC37 WG 2 BioAPI SC37 WG4 Biometric Profiles SC27 Security SC37 WG5 Performance SC37 WG6 Biometric Data Interchange Formats LDS / File Framework Biometric Data Security Attributes Biometric Interfaces Biometric System Properties Societal and Jurisdictional Issues Harmonized Biometric Vocabulary SC37 WG1

9 9 SC37 WG3 SC37 WG2 CBEFF SC27 ( Availability, Integrity) SC Card based SC37 WG 2 BioAPI SC37 WG4 Biometric Profiles SC27 Security SC37 WG5 Performance SC37 WG6 Biometric Data Interchange Formats LDS / File Framework Biometric Data Security Attributes Biometric Interfaces Biometric System Properties Societal and Jurisdictional Issues Harmonized Biometric Vocabulary SC37 WG1 Christoph Busch Biometric Standardisation Onion Layers Layer 1: BDIR ‣ Biometric Data Interchange Record 9 Biometric Data Interchange Formats

10 10 Christoph Busch Levels of Development? Progression levels Working Draft (WD) Committee Draft (CD) Darft International Standard (DIS) Final Draft International Standard (FDIS) International Standard (IS) Issues to consider: Need for mature technology Decisions are made on consensus Commenting periods Potentially multiple loops at one level Need to progress Five year revision cycle 10

11 11 Christoph Busch Levels of Development? Technical Report 11

12 12 Christoph Busch Harmonized Biometric Vocabulary ISO/IEC :2012 Information technology - Vocabulary -Part 37: Biometrics: 12

13 13 Christoph Busch Harmonized Biometric Vocabulary ISO/IEC-Vocabulary: 13

14 14 Christoph Busch Need for Standardization 14

15 15 Christoph Busch Deployment of Biometric Passports 489 million ePassports issued by 101 states (ICAO estimate as of February 2013) 15 Source: ICAO

16 16 Christoph Busch Source: BSI Border Control in Frankfurt - EasyPASS 16

17 17 Source: BSI Christoph Busch Border Control in Frankfurt - EasyPASS 17

18 18 Source: BSI Christoph Busch Border Control in Europe 18

19 19 Christoph Busch Biometric Data Interchange Formats 19

20 20 Christoph Busch First Generation Format Standards 20 G : : : : : : : : : : 2007 All parts binary encoding The Family: Biometric data interchange formats

21 21 Christoph Busch Generation 2 of ISO/IEC G : : : : : : : : : : : : : : : 201x -8: : : : 201x -14: :2011 G2 All parts binary encoding the semantic (i.e. general header / structure of representation header) equivalent for binary encoded and XML encoded parts in G AMD2 XML Framework AMD1 Conformance testing methodology -2: 201x -4: 201x -5: 201x -6: 201x -7: 201x -9: 201x

22 22 Christoph Busch Part 1: Framework ISO/IEC :2011 Describes what is commonly applied for biom. data formats Specifies ‣ General aspects for the usage of biometric data records ‣ Processing levels and types of biometric data structures ‣ Naming convention for biometric data structures ‣ Coding scheme for format types 2nd edition (G2) revises ISO/IEC :2006 ‣ G1 not canceled but maintained in the ISO and IEC catalogue ‣ Clause 3 includes terms and definitions that are used in multiple parts of ISO/IEC ‣ Clause 12 is added to describe coding schemes for general headers and representation headers that are harmonized across all parts of ISO/IEC

23 23 Christoph Busch Part 2: Finger minutiae data ISO/IEC :2011 Ridges and valleys, core and delta Ridge bifurcation and ridge endings ‣ finger minutiae Encoded information ‣ Minutia point (coordinates x,y) ‣ Minutia direction (angle θ) How many finger minutiae, and how many ridges between each pair of them? A very mature technology 23 Source: ISO/IEC

24 24 Christoph Busch Part 2: Finger minutiae data Further information that is encoded Number of finger representations in one record Capture device (to identify the equipment and its certification) Size of the scanned image (in pixel) Horizontal and vertical spatial sampling rate (resolution) Finger header: Finger position, Impression type 24 Source: ISO/IEC

25 25 Christoph Busch Part 2: Finger minutiae data New in the 2011 revision (this is version 3.0) Reduction of format types: From 10 to 2 format types ‣ a Record format and a On-Card-Comparison format Record format type ‣ Minutiae record format for 5 or 6 byte (quality) minutia descriptions On-card biometric comparison format type ‣ a revised 0x0005, which is ridge ending as „ridge valley bifurcation“ ‣ a revised 0x0006, which is ridge ending as „ridge skeleton end points“ Fields added for length of representation, time of capture, ridge ending type, minutiae field length, etc. Expanded quality & device certification information blocks Annex containing three image quality specifications ‣ Image quality specification for AFIS systems („FBI“) ‣ Image quality specification for personal verification („PIV“) ‣ Requirements and test procedures for optical fingerprint scanners („BSI“) 25

26 26 Christoph Busch Part 2: Finger minutiae data Extended data Open to placing additional data that may be used by the comparison equipment. ‣ Ridge count data, ‣ Core and delta data (position and angle) or ‣ Zonal quality information (quality within a cell) ‣ Vendor-defined extended data While the extended data area allows for inclusion of proprietary data within the minutiae format, this is not intended to allow for alternate representations of data that can be represented in open manner. 26

27 27 Christoph Busch Part 4: Finger image data ISO/IEC This part specifies image based encoding of one or more finger images or palm image areas Maximum retention of information from the biometric source Highest level of interoperability ‣ No dependability on the comparison algorithm The information consists of a variety of mandatory and optional items, including scanning parameters, compressed or uncompressed images and vendor-specific information Encoded information ‣ Images (JPEG, JPEG2000, WSQ) This format is in use in EU-passports 27

28 28 Christoph Busch 28 Part 5: Face image data ISO/IEC :2011 Tec Corr 1 and 2 as well as AMD 1 and 2 integrated ‣ 3D Face Image Data Interchange Format ‣ Conditions for taking photographs for face image data New in G2 ‣ for records from video sequences ‣ for biometric records at higher spatial sampling rate levels ‣ for specification of post acquisition steps -cropping, down-sampling, in-plan rotation, adjusting white balance not requiring new image types vs. - interpolation, pose correction, age processing etc. requiring a new “post-processed” image type - Support for lossless compression (PNG, JPEG 2000 lossless)

29 29 Christoph Busch Part 6: Iris image data ISO/IEC : new iris image formats, compressible to as little as 2,000 bytes Iris formats are now highly empirically based, thanks to NIST IREX testing results Recommended target record sizes for different applications Recommended compression for different applications Formats differ in their required amount of image pre-processing Original :2005 raw image format retained as one case Iris sample quality ( ) will become normative Annex 2005 StandardAcademic papers: critique and proposals for new data formats (2006 – 2008) NIST: IREX-1 Iris Exchange and Interoperability: test reports 2009, Standard 29

30 30 Christoph Busch Part 6: Iris image data One new data format in :2011 highly compact iris image, compressed to 2,000 bytes ‣ Cropping, and masking non-iris regions, preserves the coding budget ‣ Pixels outside the ROI fixed to constant values, for normal segmentation ‣ Softening the mask boundaries also preserves the coding budget ‣ Interoperability of this vendor-neutral format confirmed by IREX results ‣ At only 2,000 bytes, iris images are now much more compact than fingerprints 30 Source: ISO/IEC

31 31 Christoph Busch Part 6: Iris image data Recommended compression protocols for different applications 31 Source: ISO/IEC

32 32 Christoph Busch Part 7: Signature/Sign Times Series Data Revision of ISO/IEC currently at FDIS stage Now 3 binary formats ‣ Full format: For general use ‣ Compression format (new!): Same amount of information as in full format, but compressed ‣ Compact format: For use with smart cards and other tokens; no compression/decompression needed, but less information than in full format Full and compression format contain the harmonized General Header and Representation Headers 32 Source: ISO/IEC

33 33 Christoph Busch Part 14: DNA Data ISO/IEC DNA Record BDIR Representation #1 (Mandatory) DNA Record General Header Header Type Header Direction Version Sending Party (Party Type) Receiving Party (Party Type) Entity Type Batch IDKit ID Number of Representation Certification Flag Representatio n Representatio n Header DNA Typing Data DNA Profile Sample Category Sample Cellular Type Sample Typing Technology Sample Source Indicator Sample Collection Method Sample Collection Date Sample Collection Location Representatio n Header Date and Time DNA Type Result DNA Type ID Lab Certification DNA Typing Data Data Type STR DNA Type Y-STR DNA Type mtDNA Data DNA Typing Legend RecordBlockField Representation #2…#N (Optional) Format Identifier Request Type Sample Collection Geo-Location Error Message Supplement Message User Defined Electrophero- gram data Party Type Nationality Code Name of the Agency Name of the Sender Source: ISO/IEC

34 34 Christoph Busch Part 15: Palm crease image data 34 ISO/IEC A standard image interchange format for biometric systems that utilize human palm crease pattern images (alias palm lines) The format will contain detailed pixel information, units of measurement, description of imaging area of body, and imaging methods such as transparency or reflectance image

35 35 Christoph Busch Part 15: Palm crease image data Darmstadt Decisions The title will be aligned with ANSI/NIST term „palm crease“ Draft must be aligned with Seeking for revised draft 35

36 36 Christoph Busch Framework for XML Encoding FDAM ISO/IEC :2011 AMD2 XML encoding Binary and XML encoding schemes in parallel Clause 12 coding schemes for binary format txpes Clause 13 coding schemes for xml format type Will define common data types (accross several parts) and element names and refer to elements that apply to other SC37 project, which may be promoted to SD16 Mapping between data elements and those of ANSI/NIST ITL standard may be included as informative annex as an aid for translation Conventions on harmonization of ElementTypes Conformance testing of XML-records with schema validation 36

37 37 Christoph Busch Framework for XML Encoding ISO/IEC :2011 AMD2 XML encoding The XML data type and element names shall be mapped to corresponding elements and data types in the binary format specified in the same part of ISO/IEC 19794, if any All parts of ISO/IEC shall identify optional and mandatory elements ‣ An element is optional if the value of the minOccurs attribute is 0 ‣ An element is required to appear if the value of the minOccurs attribute is 1 or more.minOccurs 37

38 38 Christoph Busch Framework for XML Encoding ISO/IEC :2011 AMD2 XML encoding Mapping from common XML elements to binary elements 38 Source: ISO/IEC AMD2: Framework XML Encoding

39 39 Christoph Busch XML Encoding Darmstadt Decisions ISO/IEC :2011 AMD2 - progress: FDAM ISO/IEC :2011 AMD2 - progress: DAM ISO/IEC :2011 AMD2 - progress: DAM ISO/IEC :2011 AMD2 - progress: PDAM ISO/IEC :2011 AMD2 - progress: 2nd PDAM ISO/IEC :2011 AMD2 - progress: DAM ISO/IEC :2011 AMD2 - progress: DAM 39

40 40 Christoph Busch Conformance Testing Methodology G x Part 1, 2, 4, 5, 6, 7, 8. 9 and 10 published 5th WD AMD1 Level 3 Conformance Testing ‣ seeking for empirical studiess 2nd rev to cover defect reports ‣ this revision will NOT cover the 3D-Face amendment G x:2011 AMD1 Part 1, 2 4 and 9 are published Part 5 and 11 are FDAM Part 6 is DAM Part 14 is PDAM tables addressed testing of Binary Encoded Records only adaptation for XML- will be done in AMD2 40

41 41 Christoph Busch Conformance Testing 41 Minutiae Detection Deficiency Vendor A Vendor B Vendor C

42 42 Christoph Busch Conformance Testing 42 ISO/IEC Part2: Finger minutiae data ISO/IEC AMD1: Semantic conformance testing - Part2: Finger minutiae data ‣ Scope: tests of semantic assertions ‣ Type A Level 3 as defined in ISO/IEC :2009

43 43 Christoph Busch Related Standards and Trends 43

44 44 Christoph Busch Biometric Sample Quality Revision running for ISO/IEC Part 1: framework ISO/IEC Part 4: finger image data ‣ upgrade from TR to IS to incorporate NFIQ2.0 findings see: 2nd DIS ISO/IEC Part 6: iris image data 44

45 45 Source: ISO/IEC Christoph Busch Biometric Sample Quality Previous edition ISO/IEC IS :2009 "Information technology - Biometrics sample quality Part 1: Framework" Definitions quality: "the degree to which a biometric sample fulfils specified requirements for a targeted application" quality score: "a quantitative expression of quality" utility: "the observed performance of a biometric sample or set of samples in one or more biometric systems" Quality score from 0 to

46 46 Christoph Busch Biometric Sample Quality Revision ISO/IEC :201x Definitions Same as before, but allow for a vector of quality components Goal: Actionable quality Each element of quality vector has a score from 0 to Source: ISO/IEC

47 47 Christoph Busch Biometric Sample Quality Revision ISO/IEC :201x Darmstadt Decisions shall support both BIN and XML No 250 multi-QualityBlock encoding A QualityVector must be transcoded to n-quality blocks, in order to maintain compatibility with :2011 QualityVector in a container structure should be supported do not progress: 2nd CD 47

48 48 Christoph Busch Biometric Sample Quality - Iris DIS ISO/IEC iris image data Scope: ‣ methods used to quantify the quality of iris images, ‣ normative requirements on software and hardware producing iris images, ‣ normative requirements on software and hardware measuring the utility of iris images, ‣ terms and definitions for quantifying iris image quality, and ‣ a standardized encoded iris image quality data record. 48

49 49 Christoph Busch Biometric Sample Quality - Iris DIS ISO/IEC :201x Sample quality - Iris image Metrics based on an empirical study Iris Quality Calibration and Evaluation (IQCE): E. Tabassi, P. Grother, and W. Salamon, “Performance of Iris Image Quality Assessment Algorithms”, NIST Interagency Report 7820, September 30, elements proposed for quality vector ‣ Metrics: Usable iris area, Iris-sclera contrast, Iris-pupil contrast, Pupil boundary circularity, Grey scale utilisation, Iris radius, Pupil to iris ratio, Iris pupil concentricity, Margin adequacy, Sharpness, Frontal gaze – elevation, Frontal gaze - azimuth, Motion blur ‣ Enumerated flag for presence of anomalies 49

50 50 Christoph Busch Biometric Sample Quality - Iris Revision ISO/IEC :201x Darmstadt Decisions Computational method for PUPIL_BOUNDARY_CIRCULARITY is fixed clarification on human iris sizes introduce measures from PL to calcurlate sharpness do not progress: 2nd DIS 50

51 51 Christoph Busch Biometric Sample Quality - Finger Revision ISO/IEC :201x Darmstadt Decisions Limit to one single Gabor method More examples will be included Not compute area of overlap for image-pairs due to lack of quantative measure do not progress: 3rd WD 51

52 52 Christoph Busch Liveness Detection 52 CD ISO/IEC Presentation Attack Detection Attacks on Biometric Systems Source: ISO/IEC inspired by N.K. Ratha, J.H. Connell, R.M. Bolle, “Enhancing security and privacy in biometrics-based authentication systems,” IBM Systems Journal, Vol 40. NO 3, 2001.

53 53 Christoph Busch Presentation Attack Detection 53 ISO/IEC Scope terms and definitions that are useful in the specification, characterization and evaluation of presentation attack detection methods; a common data format for conveying the type of approach used and the assessment of presentation attack in data formats; principles and methods for performance assessment of presentation attack detection algorithms or mechanisms; and a classification of known attacks types (in an informative annex). Outside the scope are standardization of specific PAD detection methods; detailed information about countermeasures (i.e. anti-spoofing techniques), algorithms, or sensors; overall system-level security or vulnerability assessment.

54 54 Christoph Busch Presentation Attack Detection 54 ISO/IEC Definitions artefact: „artificial object or representation presenting a copy of biometric characteristics or synthetic biometric patterns“ spoof: „to subvert a system by presentation of an artefact.“ change of term: Suspicios presentation detection became biometric Presentation Attack Detection (bPAD) Types of presentation attacks Source: ISO/IEC 30107

55 55 Christoph Busch Presentation Attack Detection 55 ISO/IEC Suspicious versus Subversive Presentation The grey box covers bPAD Source: ISO/IEC rd WD (not contained any longer)

56 56 Christoph Busch Presentation Attack Detection 56 ISO/IEC Examples of Artificial and Human Attack Presentation Source: ISO/IEC 30107

57 57 Christoph Busch 57 Presentation Attack Detection Error Rates in ISO/IEC Detection might result in errors ‣ presentation attack detection rate (PADR) „proportion of presentation attacks with a defined level of difficulty detected by a system.“ ‣ presentation attack non-detection rate (PA-NDR) „proportion of presentation attacks with a defined level of difficulty not detected by a system.“ Note of caution: For security assessment rates are irrelevant, if there exists a single artefact that can break the system ‣ presentation attack detection-power level: „level of difficulty of biometric presentation attacks above which the biometric system is not able to detect them.“

58 58 Christoph Busch Presentation Attack Detection Darmstadt Decisions Encoding of PAD data is not depended on G2-G3 discussion. A PAD data record will be agnostic about in which structure it is incorporated PAD sub-results should be collected in a vector - thus extended data will be included in a PAD record ‣ extended data can be either proprietary or standardized (i.e. vendor-ID = 0101, which is „ISO/IEC JTC 1 SC 37-Biometrics“) PAD data record definition ‣ Tags are defined starting with 8 indicating a compund data New PAD metrics 3-part split as some parts are ready to move to CD 58

59 59 Christoph Busch Presentation Attack Detection Darmstadt Decisions on New parts Part 1 (IS) - Framework ‣ Elaine Newton ‣ Cl ‣ progress: CD Part 2 (IS) - Data formats ‣ Olaf Henniger ‣ Cl. 7 ‣ do not progress: WD Part 3 (IS) Testing, Reporting and Classification of Attacks ‣ (Michael Thieme) ‣ Annex A+C ‣ Annex C will be promoted to a Clause ‣ do not progress: WD 59

60 60 Christoph Busch WG3 Roadmap 60 G :201x Generation 3: - The common semantics amongst all parts will continue to form the Framework of Generation 3 - All parts will exist in a XML and/or binary version with a (revised) harmonized semantic - PAD data will be encoded - Again Conformance testing will be included in Annex A of each part

61 61 Christoph Busch New project CCTV DRAFT RESOLUTION G.6 – Work on CCTV As Australia has changed its vote on SC 37 N5630, the Proposal for a New Work Item on Use of operator-assisted automated face recognition in CCTV systems – Part 1: Recommendations on design and specification and Part 2: Recommendations on testing and reporting practice has now passed and will be added to the SC 37 program of work.WorkProposal for a New Work Item on Use of operator-assisted automated face recognition in CCTV systems – Part 1: Recommendations on design and specification and Part 2: Recommendations on testing and reporting practice SC 37 reviewed... As a result of this review, SC 37 resolves that SC 37 N5629 and N5630 be merged into one multipart project (30137) with the following structure and placement: Part 1, Design and specification (WG 4) Part 2, Performance testing and reporting (WG 5) Part 3, Data formats (WG 3) 61

62 62 Christoph Busch G3 road Data Interchange Format Widely adopted and deployed in large number Reflecting need for distributed systems with XML encoding Reflecting need for actionalbe feedback wtih quality vectors Reflecting need for secure system with PAD encoding Preliminary Discussion with SC17 WG3 Definition on transition period from G1 to G2 in ICAO 9393 Suitable revision cycles for definition in ICAO 9303 Forward and backwards compatibility Transcodability from XML to BIN and vice versa Working on concepts in a Special group 62

63 63 Christoph Busch Conclusion Thank you for your support 63

64 64 Christoph Busch Conclusion Thank you for your support 64

65 65 Christoph Busch References Web Convenors website with latest news and slides ISO/IEC JTC SC37 ion=browse&sort=name ion=browse&sort=name Published ISO/IEC Standards browse.htm?commid=313770&published=on browse.htm?commid=313770&published=on 65

66 66 Christoph Busch References Information on WG3 status and a ppt-copy of theses slides are available at: 66

67 67 Christoph Busch References List of projects and a ppt-copy of theses slides are available at: 67

68 68 Christoph Busch 68 Christoph Busch Contact Fraunhoferstrasse Darmstadt, Germany Phone: Prof. Dr. Christoph Busch Department Security Technology


Download ppt "WG3 report on Biometric Data Format and Related Standards Christoph Busch - ISO/IEC JTC1/SC37 WG3 Convenor - Darmstadt 2014-01-20."

Similar presentations


Ads by Google