1. Introduction to Biometrics

2. What is Biometrics
Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristics

3. Biometric includes Physiological Characteristics
Fingerprint
Palm print
Face
Iris
Voice
Behavioral Characteristics
Signature

4. Fingerprint Strength Weakness
Proven Technology Capable of High Level of Accuracy
Range of Deployment Environments
Ergonomic, Easy-to-Use Device
Ability to Enroll Multiple Fingers
Weakness
Inability to Enroll Some Users
Performance Deterioration over Time
Association with Forensic Application
Need to Deploy Specialized Devices

5. Palm print Strength Weakness
Ability to Operate in Challenging Environment
Established, Reliable Core Technology
General Perception as Non-intrusive
Relatively Stable Physiological Characteristic as Basis
Combination of Convenience and Deterrence
Weakness
Inherently Limited Accuracy
Form Factor That Limits Scope of Potential Applications
Price

6. Face Strength Weakness
Ability to Leverage Existing Equipment and Image Processing
Ability to Operate without Physical Contact or User Complicity
Ability to Enroll Static Images
Weakness
Acquisition Environment Effect on Matching Accuracy
Changes in Physiological Characteristics That Reduce Matching Accuracy
Potential for Privacy Abuse Due to Non-cooperative Enrollment and Identification

7. Iris Strength Weakness Resistance to False Matching
Stability of Characteristic over Lifetime
Suitability for Logical and Physical Access
Weakness
Difficulty of Usage
False Non-matching and Failure-to-Enroll
User Discomfort with Eye-Based Technology
Need for a Proprietary Acquisition Device

8. Voice Strength Weakness
Ability to Leverage Existing Telephony Infrastructure
Synergy with Speech Recognition and Verbal Account Authentication
Resistance to Imposters
Lack of Negative Perceptions Associated with Other Biometrics
Weakness
Effect of Acquisition Devices and Ambient Noise on Accuracy
Perception of Low Accuracy
Lack of Suitability for Today’s PC Usage

9. Signature Strength Weakness Resistant to Imposters
Leverages Existing Processes
Perceived as Non-invasive
Users Can Change Signatures
Weakness
Inconsistent Signatures Lead to Increased Error Rates
Users Unaccustomed to Singing on Tablets
Limited Applications

10. Biometric Process Enrollment: No Match Verification: Match Store
Present
Biometric
Store
No Match
Capture
Process
Compare
Verification:
Present
Biometric
Capture
Process
Match

11. Division of Biometrics Market

12. Revenue of Biometrics Market
Source: International Biometric Industry Association（IBIA）

13. Biometric Market Size Revenue: From: 2003 revenue: $719M USD
2006 projected revenue: $2.7B USD
2008 projected revenue: $4.8B USD
From:
Law enforcement
Public sector identification / Authentication
ID Card / E-passport / Immigration

14. Technology Growth Comparison
2003
2006
Fingerprint
$198
$858
Facial Recognition
$50
$417
Hand Geometry
$43
$137
Middleware
$48
$209
Iris Recognition
$36
$190
Voice Verification
$23
$114
Signature Verification $9
$54
Multi-modal
$11
$106
AFIS
$312
$705
Total
$719
$2,684 x4 x8
Source: IBG’s “Biometrics Market and Industry Report ”

15. Business Model
109
1010
1011
1012
1980
1995
2010
2025
(year)
Entrance and exit management
PC Login
Information system
authentication
Network user authentication
Authentication service business
System integration business
Equipment/library business
Market size (in yen)
(千億)
(100億)
(10億)
2005
Source: Biometrics Security consortium

16. Time Division 1990-1995: access control & PC login
: info. system authentication
2005-: network user authentication
Japanese market:
2000: 3M USD (equipment), 30M (system)
2005: 10M USD(equipment), 100M (system)

17. Market: Access Control (Worldwide)
2004
Market scale: 100M USD
Market requirement:
Repeated use for one device
Severe demand on stability
High quality for services
Professional partner for integration

18. Market: Information System Authentication
Market scale: 800M USD (ID card, etc.)
Market requirements:
Integrator: multi-workstations, service to citizens, fingerprint database, network connection, secure info. access.
High quality reader
Entire client-server architecture
Implementation for related standards

19. Market: Network User Authentication
Market requirement:
M-business: cell phone, PDA, N/B
E-business: smart-card, ATM, P.O.S

20. Drive to Market
Since 911，national security becomes the major consideration.
Therefore, a large quantity of biometric solution is in demands.
The growth of biometric market is expected to be over 40% annually.
The market scale of 2007 is predicted to be approximate 4 billion USD.
E-passport with face & fingerprint check at the immigration.
Civil administration & work permit application for fingerprint verification/identification.
Verification for 3G cell phone with fingerprint.

21. Status of Biometric Standardization
(Updated)

22. Overview Status of Consortia Work in Biometrics Standardization
Status of Approved Projects in INCITS M1- Biometrics
Status of JTC1 SC37 – Biometrics
Interoperability Requirements

23. Interoperability & Data Interchange
Biometric Standards: What is it necessary to achieve?
Client/Server – Different OS
Enterprise Web Server
Internet
Biometric
Authentication
E-commerce or Internet
bank customer
Remote access
Transaction security
Fraud prevention
Internet Security

24. 美國Biometrics標準化活動 NIST 標準化技術研究所 ISO ANS 美國標準局 NCITS(ANSI認定機關)
資訊技術標準化委員會
NIST
標準化技術研究所 X9 金融
B10
ID Card
NIST-ITL
標情報技術研究部
X9F
Information
Security
B10.8
Driver License
美國政府Bio/API
AAMVA
美國自動車連合
SC17
ID Card
X9F8
Biometrics
B10.8
Data Format Standard
of Driver License
BioAPI
標準Biometrics
API
美國警察
X9.84
Interoperability of
Biometrics data
on ID Card
CBEFF
The Common Biometrics
Exchange File Format
IBIA
Private Com.
CBEFF
標準Data Format
完全性驗證
CBEFF 標準
Smart Card
ISOxxx
ANSIxxx
Tele Trust
INTEL及Biometrics
Intel & Biometrics
Vendor

25. NIST Approach
Lead, participate and promote the acceleration of standard development efforts.
Promote the adoption of approved standards (e.g., CBEFF, BioAPI, ANSI/NIST).
Conduct related R&D (e.g., evaluation methodologies, evaluation of single-modal and multi-modal authentication architectures).
Develop advanced biometric data interchange structures (e.g., nested CBEFF structures).
Work in harmonization with efforts undertaken by other Gov. agencies (e.g., DoD, intelligence community, TSA, GSA, State).
Respond to legislative requirements (e.g., USA Patriot Act).
Leverage from our involvement with the Biometric Consortium and other forums (e.g., NIST/BC Biometric WG) support user requirements and also support industry.

26. CBEFF A Biometric Data Interchange Standard to Support All Biometric Technologies in a Common Way

27. NISTIR 6529
Facilitates biometric data interchange between different system components or systems.
The development was coordinated with industry consortiums (e.g., BioAPI Consortium) and standards Technical Committees (e.g., X9.F4 Working Group).
ANSI/ISO Fast Track candidate

28. Data Elements and Header Fields
Biometric Specific Memory Block
Header
Signature
Security Options (e.g., plain, or encrypted)
Integrity Options (e.g., signed)
Patron (e.g., BioAPI) Header Version
Biometric Type (e.g., facial features)
Record Data Type (e.g., processed)
Record Purpose (e.g., enroll)
Record Data Quality
Creation Date (of the biometric data)
Creator (entity that created the biometric data object)
Format Owner (CBEFF Requirement)
Format Type
Need a universally recognized registrar for Format Owner/Format Type (

29. NIST/Biometric Consortium Biometric Interoperability, Performance and Assurance Working Group

30. www.nist.gov/bcwg Task Groups/Technical Development Teams:
90 organizations
Task Groups/Technical Development Teams:
Biometric Template Protection & Usage Task Group (Dr. Soutar, BioScrypt)
Biometric Security Task Force (C. Tilton, SAFLINK)
Assurance Ad-Hoc Group (M. King, Booz Allen Hamilton)
CBEFF Technical Development Team (F. Podio, NIST & J. Dunn, NSA) – augmented CBEFF under development
Testing Ad-Hoc Group (Dr. Negin, MNEMONICS)

31. CBEFF Nested Structure & Multi-Biometrics
Allows for multiple data types and/or multiple data objects within the CBEFF data structure
Standard Bio Header
Standard Bio Header
Standard Bio Header
Type=Multi Bio
Standard Bio Header
Type=Finger
Data
Data
Data
Type=Iris
Signature

32. Other Elements of the Revised CBEFF
Data origination
Product Identifier: CBEFF needs to uniquely identify the format and the originator of every biometric data structure.
Validity Period (Valid from, Valid until)
Adopt X9.84 definition: YYYYMMDDHHMMSSZ
Challenge data and payload (specified by the Patron)
Use of biometric data in tokens for machine-readable documents.
Name change:

33. Biometrics Standards & CBEFF
Organization
Standard
Status
NIST/BC Biometric WG
NISTIR CBEFF
Published Jan 2001
Being augmented by the NIST/BC Biometric WG
BioAPI Consortium
BioAPI V1.1
ANSI/INCITS 358
Released March 2001
Approved February 13, 2002
X9/Financial/Banking
ANSI X9.84
Approved (ANSI) Feb 2001
Human Recognition Services of CDSA
Updated to be consistent with BioAPI
Open Group
Data format for finger/facial/SMT
ANSI/NIST-ITL
Approved 2000
NIST
ISO/IEC use
of biometric data in SC
ISO/IEC SC17 WG4
NIST/BC WG harmonized format in for CBEFF compliance
INCITS
M1 - Biometrics
Application profiles
Data formats
5 approved projects (2 Application Profiles & 3 data formats)
ISO/IEC SC17 & ICAO
Logical Data Structure for Travel Documents
Expected to be fully CBEFF compliant

34. Biometric Architecture Example
Application
CBEFF
Cryptographic
Service
Provider
X9.84 Biometric Security
Biometric
Object
Validation
Control
Objectives
BIR
BioAPI Framework
Biometric
Service
Provider

35. INCITS , BioAPI V1.1 Specification An Open Systems Interface Standard for Biometric Integration

36. BioAPI - An Open Systems Interface Standard for Biometric Integration
A biometric API standard defines a generic way of interfacing to a broad range of biometric technologies.
Benefits:
Easy substitution of biometric technologies
Use of biometric technology across multiple applications
Easy integration of multiple biometrics using the same interface
Rapid application development - increased competition (tends to lower costs)
Biometric
Device
Service
Provider
BioAPI Interface
Application

37. Open Systems
BioAPI specification and Win32 reference implementation both available at:
Plans underway to port to Unix (IBG) and Linux (NIST)
Conformance test suite for Win32 and Unix/Linux
Seeking sponsors for port efforts
BSP
Web Browser
Windows PC
BioAPI R/T
Web App
Linux Server
BioAPI R/T
Fast track candidate to ISO through INCITS & M1 – Biometrics Technical Committee

38. A Bit of History BioAPI Consortium 1999 2000 2001 2002
BioAPI Spec. v1.1 released
BioAPI Spec. v1.0 released
Unification of Biometric API development industry efforts
BioAPI Reference implementation released
BioAPI v1.1 approved as ANSI/INCITS 358
1999
2000
2001
2002
Common Biometric Exchange File Format (CBEFF) development starts
CBEFF published
NISTIR 6529
Revised CBEFF Ballot (planned)
Users’ and Developers’ Seminar
CBEFF Upward revision starts

39. Status of Approved Projects in INCITS M1- Biometrics
INCITS Web site:
M1 – Biometrics:
M1 Document Register:

40. INCITS/M1 Biometrics Purpose: Legislative accelerants such as:
Established in November 2001 by the Executive Board of INCITS to accelerate the deployment of significantly better, open systems standard-based security solutions for purposes such as homeland defense and the prevention of ID theft.
Elevate consortia standards to national and international voluntary consensus standards (e.g., BioAPI, CBEFF).
Develop application profiles (e.g., airport security, border crossing), and other biometric generic standards as needed (e.g., data formats).
Legislative accelerants such as:
Public Law Aviation and Transportation Security
Public Law “The USA Patriot Act”
Public Law – “Border Security Act”

41. INCITS M1 Biometrics - Status
Meetings:
January/May/August/December 2002
Officers:
F. Podio, Chairman
C. Tilton, IR
C. Soutar, Vice Chairman
S. Elliot, Secretary
M1 is the US TAG to JTC 1 SC 37
Five Approved Development Projects
INCITS 358 BioAPI: JTC 1 SC 37 Fast Track candidate
Revised CBEFF: INCITS/JTC 1 SC37 Fast Track candidate

42. M1 Projects and ISO SC37 INCITS/M1 ISO/IEC JTC 1 SC37
INCITS Fast Track
INCITS/M1
Five projects under development
Application Profile
Verification & Identification
of Transportation Workers (01/03)
BioAPI V1.1
ANSI/INCITS 358
INCITS Fast Track
(Planned)
Application Profile
Personal identification for
Border Crossing (01/03)
Proposed to M1
Revised CBEFF
NISTIR 6529-A
Finger Image
Interchange Format
Finger Minutiae Format
For Data Interchange (01/03)
Face Image
Interchange Format
JTC 1 Fast Track
(Planned)
Finger Pattern-Based
Interchange Format (04/03)
Iris Recognition
Interchange Format
ISO/IEC JTC 1
SC37
Face Recognition Format
for Data Interchange (07/03)
Application Profile
Biometric Verification in POS Systems

43. M1 Biometrics Standards Incubators

44. Status of JTC 1 SC 37 - Biometrics

45. Current Scope of Work (SC 37 and INCITS M1)
Transportation Workers, Border Crossing, Point of Sale
Fingerprint Minutiae Finger Pattern-Based Face Landmarks
Biometric Interchange Data Formats
Common Biometric Exchange Framework Format
Biometric Application Programming Interfaces
Application Profiles for ID and Verification
CBEFF (NISTIR 6529), NISTIR 6529-A under development
INCITS 358 (BioAPI V1.1 Spec)
Derived from Colin Soutar’s Onion view on Biometrics standardization

46. Status of JTC 1 SC 37 – Biometrics
Call for P Members (countries) closes September 2002.
US funding of SC 37 Secretariat
NIST & M1 are pursuing funding at $150K/year
$50K secured (NIST) – PO being processed.
ANSI will perform Secretariat duties
Initial SC 37 Plenary Meeting:
Meeting planned for December 11 – 13, 2002
Hosted by US (M1) in Orlando, FL.
M1 anticipates submitting at least seven contributions.

47. Smart Cards and Biometrics Interoperability Requirements
Can BioAPI fully satisfy the requirements or is further work required?
Possible approach:
Form an M1-Biometrics Ad-Hoc Group:
Work would be coordinated with the BioAPI Consortium, INCITS B10 and other smart card experts.
Review BioAPI’s capability to fully provide the required level of interoperability for different architectures (e.g., different biometric data matching and storage locations)
BioAPI extension required (e.g., another parameter in the Verify function)?
Is a layer on top on BioAPI needed?
Coordinate work with possible augmentation of BioAPI when it goes for ISO Fast Track.
Coordination with international efforts (e.g., SC37).
Possible funding required.

48. 美國Biometrics標準化活動 NIST 標準化技術研究所 ISO ANS 美國標準局 NCITS(ANSI認定機關)
資訊技術標準化委員會
NIST
標準化技術研究所 X9 金融
B10
ID Card
NIST-ITL
標情報技術研究部
X9F
Information
Security
B10.8
Driver License
美國政府Bio/API
AAMVA
美國自動車連合
SC17
ID Card
X9F8
Biometrics
B10.8
Data Format Standard
of Driver License
BioAPI
標準Biometrics
API
美國警察
X9.84
Interoperability of
Biometrics data
on ID Card
CBEFF
The Common Biometrics
Exchange File Format
IBIA
Private Com.
CBEFF
標準Data Format
完全性驗證
CBEFF 標準
Smart Card
ISOxxx
ANSIxxx
Tele Trust
INTEL及Biometrics
Intel & Biometrics
Vendor

49. Summary
Base generic standards (e.g., CBEFF, BioAPI) developed in the last few years set the foundation for achieving system interoperability and biometric data interchange.
NIST, the BC, the IT industry and end-users are leveraging from these base generic standards to accelerate the deployment of open systems standard-based security solutions for different applications (e.g., Prevention of ID Theft, Homeland Security, Heath Care, Enterprise Networks, Multi-OS Architectures).
The end goal is the approval of formal - generic national and international standards necessary to enable interoperability and data interchange between applications and systems.