Systems and Emerging Technologies Security Research Group Biometric Standards and Related Technical Developments
Biometric Standards and Conformance Testing Tools
The marketplace for biometric-based solutions has widened significantly. Homeland defense is the highest priority for the U.S. Federal government and for governments in many countries. Biometric-based solutions play an important role in these applications. Using biometrics for identifying human beings offers some unique advantages because only biometrics can identify you as you. Used alone, or together with other authentication technologies such as tokens, biometric technologies can provide higher degrees of security than other technologies used alone and can also be used to overcome their weaknesses. For decades, biometric technologies were used primarily in law enforcement applications, and they are still a key component of these important applications. Currently, they are increasingly being used in multiple public and private sector applications worldwide to verify a person’s identity, secure national borders, and restrict access to secure sites.
National and International Biometric Standards Development
The success of biometric applications is particularly dependent on the interoperability of biometric systems. Deploying these systems requires both national and international biometric standards. In order to meet these immediate government and private sector needs, ITL has worked in close partnership with other U.S. Government agencies and U.S. industry to help establish standards bodies for accelerating the development of formal national and international biometric standards of high relevance to the Nation.
In the U.S., InterNational Committee for Information Technology Standards (INCITS) established Technical Committee M1 – Biometrics in November 2001. Since its inception INCITS M1 has twenty-six standards have been published as American National Standards. INCITS has also adopted sixteen International biometric standards. INCITS M1 is responsible for the “maintenance” of these twenty-four standards as well as sixteen ongoing standards development projects. In the international arena, ISO/IEC Joint Technical Committee 1 Subcommittee 37- Biometrics was established in June 2002. Twenty-five Member countries, nine Observer countries and nine Liaison organizations participate. Forty-one biometric standards and six Technical Reports developed by JTC 1/SC 37 have been published. The Subcommittee is currently responsible for a portfolio of over one-hundred projects (published and ongoing).
We are responding to government and market requirements for open-system standards by accelerating development of these standards and associated conformity assessments. Supporting the national strategy on biometrics and the development of required standards and related technology developments (e.g., conformance test tools) is the cornerstone of our biometrics standards effort. Our staff leads the national (INCITS M1) and International (JTC 1/SC 37) standards bodies and participates in a number of biometric standards development projects. Our experts work in close collaboration with NIST/ITL Information Access Division biometric experts and the ITL Standards Liaison. NIST/ITL efforts have become a major catalyst for biometric standardization and adoption of biometric standards.
We are an active participant on the National Science and Technology Council’s (NSTC) Subcommittee on Biometrics and Identity Management. NIST/ITL experts also participate in its Standards and Conformity Assessment Working Group (SCA WG). In addition, we participate in working groups established by other U.S. Government agencies, such as the Department of Homeland Security (DHS) and the Department of Defense (DoD), in order to support coordination and harmonization of efforts in biometric standards bodies and conformity assessment activities. Our staff also participates in harmonization efforts between biometric, security and token standards.
These efforts are aligned to and support the goals of NSTC ’s “National Biometrics Challenge” document released in August 2006, as well as the principles and goals of NSTC’s document: “NSTC Policy for Enabling the Development, Adoption and Use of Biometric Standards”. These common goals include support for the continued development of voluntary consensus standards for biometrics vital to the security of the nation and the stability of the U.S.-based community and technology development in support of rigorous testing that is required to ensure vendor and system compliance with biometric standards.
Development of Conformance Test Architectures and Test Suites for Biometric Standard Implementations
The existence of base standards alone (e.g., biometric data interchange standards, technical interface standards) is not enough to demonstrate that products meet the technical requirements specified in the standards. Conformance testing captures the technical description of a specification and measures whether an implementation faithfully implements the specification. A conformance test suite implementation is test software that is used to ascertain conformance to a testing methodology described in a specification or standard. We support the development of biometric conformance testing methodology standards and other conformity assessment efforts through active technical participation in the development of these standards, sponsorship of specific biometric conformance testing methodology standards (e.g., conformance testing methodologies for biometric data interchange formats and biometric technical interfaces), and the development of associated conformance test architectures and Test Suites. We develop these conformance test architectures and Test Suites to support users that require conformance to selected biometric standards and to also support product developers interested in conforming to biometric standards by using the same test tools available to users. These test tools support the possible establishment of conformity assessment programs to validate conformance to biometric standards.
BioAPI Conformance Test Suite
In 2006 we released a BioAPI Conformance Test Suite (CTS) developed to test implementations of ANSI INCITS 358-2002, the BioAPI specification. This software tool was developed to help users verify the conformance of Biometric Service Providers to ANSI INCITS 358-2002, the BioAPI Specification 1.1. The BioAPI CTS and associated documentation can be found here. We also co-sponsored with other members of INCITS M1 a conformance testing methodology standard for BioAPI. This standard was published in 2008 as ANSI INCITS 429-2008, Information technology - Conformance Testing Methodology for ANSI INCITS 358-2002 BioAPI Specification. The BioAPI CTS implementation was developed using concepts and principles specified in the conformance testing methodology standard. This CTS was thoroughly tested with a number of commercially available vendor biometric subsystems for different modalities (e.g., face, iris and fingerprint recognition) claiming conformance to the BioAPI standard. The test results were successfully cross-validated with another similar CTS independently developed by DoD’s Biometric Task Force. The NSTC Subcommittee on Biometrics and Identity Management listed the BioAPI CTS developments as one of the “Technology Successes” of 2006.
Conformance Test Architecture for Biometric Information Records and CBEFF Patron Format A Conformance Test Suite
In August 2008 we released a conformance test architecture for Biometric Information Records and a Conformance Test Suite (CTS) for Patron Format A data structures specified in ANSI INCITS 398-2008, Information technology - Common Biometric Exchange Formats Framework1. The software and documentation can be found here.
The CTS for Patron Format A supported by this conformance testing architecture was developed to help users determine whether binary file implementations of Biometric Information Records (BIRs) based on this Patron Format conform or not to the standard. NIST/ITL CSD sponsored in INCITS M1 development of a conformance testing methodology standard for CBEFF data structures specified in ANSI INCITS 398-2008 and has submitted to INCITS M1 the test assertions and related test cases developed for the Patron Format A Conformance Test Suite as well as test assertions and test cases for other Patron Formats specified in the ANSI INCITS 398-2008 standard.
Advanced Conformance Test Architecture (CTA Beta 2.0) for Biometric Data Interchange Formats and Biometric Information Records
The recently released CTA Beta 2.0 supports Conformance Test Suites designed to test implementations of biometric data interchange data formats and the three components of Biometric Information Records (BIRs) conforming to Common Biometric Exchange Framework Format standards. CTA Beta 2.0 incorporates features designed to improve the confidence and reliability of test results and the usability of the test tools. Software development testing approaches incorporated in this CTA version allow for the potential of cleaner, more trustworthy code.
Conformance Test Suites to test implementations of four American National Standard data interchange formats have been released simultaneously with CTA Beta 2.0. The software and documentation can be found here.
Work has been initiated on the development of CTS for other biometric data interchange formats including selected data formats developed by JTC 1/SC 37. Ongoing work includes improvements to the CTA (e.g., advanced features, usability).