New Developments in the Use of Standards to Exchange Biometric Data Brad Wing National Institute of Standards and Technology

Why use Standards? Ensure consistency in data definition – Meaning of the data – Usefulness of the data Transfer relevant information with the biometric sample(s) Enable data to be collected and used by different types of systems using systems from multiple vendors (facilitate interoperability)

An Example: The ANSI/NIST-ITL Standard Focused on law Enforcement, Military, Intelligence, Border Management and Homeland Security applications

Blue: National and International System Use Red: State / Provincial / Local System Use Locations of systems with the ANSI/NIST-ITL standard installed for data transfer (known to NIST)

Biometric Center of Excellence Biometric Center of Excellence The BCOE is the FBI program for exploring new and advanced biometric capabilities to solve crimes and protect national security. FBI Biometrics Today Biometric Interoperability Program The Biometric Interoperability Program establishes interoperability between the FBI IAFIS and other biometric systems. The NGI program will enhance the current IAFIS and offer state- of-the-art biometric identification services. Next Generation Identification

Integrated Biometrics Enterprise Architecture Example: OV-1 (UNCLASSIFIED) 6

DIAGRAMA CONTANDO LA INTERCONECCION DE LA TOTALIDAD DE ORGANISMOS CON CONSULTA BIOMETRICA Jefatura de Gabinete de Ministros - SsTG - ONTI PROYECTO “RED NACIONAL DE INFORMACION BIOMETRICA”

FDLE FALCON Rapid ID 2,655 active devices 75K+ transactions first six months 2010 Two Modes: – Two finger (1:N) search – One finger (1:1) verification Response time target <1m Fingers -- 2,3,7,8 Users – Department of Corrections – Florida Highway Patrol (every patrol Trooper) – Fish & Wildlife Commission – Department of Environmental Protection – Sheriffs Offices & Police Departments

The Existing ANSI/NIST-ITL Standard 1986, 1993, 1997 versions obsolete 2000 version (Traditional format) still used in some applications: fingerprints & palm prints (images and minutiae), face images, scar- mark-tattoo images 2007 version (Traditional format) added iris and some new fingerprint minutiae fields 2008 version (XML format) – same content as 2007 version

The ANSI/NIST-ITL Standard Revision Schedule Under development now – First draft: April, 2010 – Workshop 1 : July, 2010 – Working Groups to refine content: August-November 2010 – New draft available: January, 2011 – Workshop 2 : March 1-3, 2011 – Final Draft: May, 2011 – Voting: July, 2011 – Publication expected in 2011

Proposed Update: ANSI/NIST-ITL New (General): – modalities and data formats : DNA, Voice, Plantar (footprint), Iris compact formats, Images of additional body parts (besides face) – data: geo-positioning location; information assurance features; associated contextual images, audio or visual clips, and data – logs: data handling logs and original representation, audio or visual clips, electropherograms and data (used to prepare the biometric samples)

Proposed Update: ANSI/NIST-ITL Forensics: – Latent friction ridge print Extended Feature Set markups cores, deltas, distinctive characteristics, minutiae, dots, incipient ridges, creases & linear distortions, ridge edge features, pores & ridge edge – Universal latent workstation automated annotation – Images of the body (beyond face, iris and friction ridges) – 3D anthropomorphic facial image markup fields

MORE BIOMETRICS STANDARDS!

 M1 is a Technical Committee of INCITS.  It was established November  The purpose of INCITS M1 is to ensure a high priority, focused, and comprehensive approach in the United States for the rapid development and approval of formal national and international biometric standards.  26 members and Liaison organizations  Twenty biometric standards published as American National Standards. An INCITS technical report was recently published.  U.S. TAG to JTC 1/SC 37 – active contributor to most of the international projects. M1 - Biometrics

 JTC 1/SC 37 scope: “Standardization of generic biometric technologies pertaining to human beings to support interoperability & data interchange”.  Established in June  28 Member countries / 10 Observer countries  SC 37 Working Group meetings every 6 months  Technical expert participation: Average of 120 delegates  Forty-one standards and six technical reports published.  Currently responsible for over 100 subprojects (published and ongoing projects are included). SC 37 - Biometrics

SC 37 / M1 ( e.g., CBEFF) SC 27 / CS1 (e.g., Confidentiality Availability, Integrity) ITU-T/SG 17 (e.g., Authentication Infrastructure) SC 17 / B10 (Token-based) SC 37 / M1 (e.g., APIs, conformance) ITU-T/SG 17 (e.g., BIP) SC 37 / M1 Biometric Profiles SC 27 / CS1 Security Evaluation SC 37 / M1 Performance Evaluation SC 37 Biometric Data Interchange Formats Logical Data Framework Formats Biometric Data Security Biometric Interfaces Biometric System Properties Cross Jurisdictional & Societal Issues Harmonized Biometric Vocabulary Biometric Standards Activities in JTC 1 SCs / INCITS TCs & ITU-T SC 37 / M1 (a number of modalities, sample quality, conformance)

The Biometric Identity Assurance Services (BIAS) project of Committee M1 of INCITS is intended to provide the biometrics and security industries with a documented, open framework for deploying and invoking [biometric] identity assurance capabilities that can be readily accessed as services. A new Technical Committee is being formed to define, enhance, and maintain open standards that facilitate the use of biometrics and biometric operations over a services oriented architecture, such as web services.

For further information: