|
|
|
Once a tool primarily used by law enforcement, biometric technologies increasingly are being used by government agencies and private industry to authenticate a person’s identity, secure the nation’s borders, and to restrict access to secure sites including buildings and computer networks. Biometric systems recognize a person based on physiological characteristics, such as fingerprints, hand and facial features, and iris patterns, or behavioral characteristics that are learned or acquired, such as how a person speaks, signs his name or types. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has decades of experience improving human identification systems. A Long History with Fingerprints The successful use of the classic biometric, fingerprints, owes much to NIST research and development. For more than 30 years, NIST computer scientists have helped the Federal Bureau of Investigation (FBI) improve the automation process for matching “rolled” fingerprints taken by law enforcement agencies or “latent” prints found at crime scenes against the FBI’s master file of fingerprints. NIST test data have been used to develop automated systems that can correctly match fingerprints by the minutiae, or tiny details, that investigators previously had to read by hand. In cooperation with the American National Standards Institute (ANSI), NIST also developed a uniform way for fingerprint, facial, scar, mark, and tattoo data to be exchanged between different jurisdictions and between dissimilar systems made by different manufacturers. In conjunction with the FBI, NIST has developed several databases, including one consisting of 258 latent fingerprints and their matching “rolled” file prints. These databases have been used by researchers and commercial developers to create and NIST and Biometrics February 2008 test new fingerprint identification algorithms, test commercial and research systems that conform to International Organization for Standardization (ISO) and NIST/ANSI standards, and assist in training latent fingerprint examiners. The increasing use of specialized “live” fingerprint scanners will help ensure that a high-quality fingerprint can be captured quickly and added to the FBI’s current files. Use of these scanners also should speed up the matching of fingerprints against the FBI database of more than 50 million records. Improved Biometrics Critical to Security Originally initiated under the USA Patriot Act and the Enhanced Border Security and Visa Entry Reform Act, NIST is evaluating the ability of biometrics to enhance border security. These acts called for developing and certifying a technology standard for verifying the identity of individuals and determining the accuracy of biometric technologies, including fingerprints, facial recognition, and iris recognition. NIST continues to test face, fingerprint, and iris recognition technologies using large real-sized sets of biometric images obtained from several federal, state, and county agencies. Testing has shown that fingerprints provide higher accuracy than iris and facial recognition systems. This program is producing standard measurements of accuracy for biometric systems, standard scoring software, and accuracy measurements for specific biometrics required for the system scenarios mandated under the Border Security Act. This work will have wide impact beyond the mandated systems. NIST’s standard test methods have been integrated into international standards and discussions are under way concerning the use of these same standards for airport security. In November 2002, NIST submitted its report on this work to the State and Justice departments for transmittal to the U.S. Congress in February 2003. The report recommended a dual approach that employs both fingerprint and facial recognition technology for a biometrics system to make the nation’s borders more secure. Additional NIST studies evaluated the effectiveness and reliability of computerized facial recognition and fingerprint matching systems. Following NIST’s measurementbased advice, the Department of Homeland Security announced in July 2005 that to ensure the highest levels of accuracy in identifying people entering and exiting the United States, the USVISIT (United States Visitor and Immigrant Status Indicator Technology) program will require a 10- fingerscan capture for all first-time visitors. This step—in use today—promises an enduring ability to accommodate the ever expanding numbers of visitors to the United States. In order to underpin accuracy in such systems, NIST developed and released an open-source fingerprint quality assessment algorithm that allows poor fingerprints to be flagged during the capture process. In addition to fingerprint systems, computer scientists at NIST have extensive experience working with systems that match facial images. While facial recognition systems use different data than fingerprint systems, many of the underlying methods for testing the accuracy of these systems are the same. NIST researchers have designed tests to measure the accuracy and reliability of software programs in matching facial patterns, using both still and video images. Iris recognition has emerged as another potentially valuable biometric, but its adoption was slowed by licensing restrictions, the limited capture devices, and the need for independent confirmation of iris recognition accuracy. NIST responded, in 2007, when it concluded the first large-scale evaluation of the accuracy of the underlying technologies. It is now launching two new measurement-based development programs, one to improve the quality of iris capture, and another to develop interoperable compact yet accurate formats for ISO standardization. As biometric technologies and applications matured, NIST researchers recognized the key role that human factors and usability play in enhancing system performance. Guidelines and standards for interactions with biometric applications increase throughput as well as the quality of the biometric samples taken. NIST has designed usability tests to measure the impact on performance of differences in body size and shape, work surface height and angles of fingerprint scanners, habituation, and instructional materials. Currently under development for ISO standardization is a set of symbols that describe to users how fingerprints are to be collected. NIST Plays Key Role in Biometric Standards Open consensus standards, and associated testing, are critical to providing higher levels of security through biometric identification systems. For decades, NIST has been involved with the law enforcement community in biometric testing and standardization. In the past seven years, NIST has intensified its work in biometric standardization. For example, following the terrorist attacks on Sept. 11, 2001, NIST championed the establishment of formal national and international biometric standards development bodies to support deployment of standards-based solutions and to accelerate the development of voluntary consensus standards. These standards bodies are the Technical Committee M1 on Biometrics, established in November 2001 by the executive board of the International Committee for Information Technology Standards (INCITS) www.ncits.org/tc_home/m1.htm), and the ISO/International Electrotechnical Commission (IEC) Joint Technical Committee 1 Subcommittee on Biometrics, known as JTC 1 SC 37-Biometrics (www.jtc1.org) (see SC 37 “Biometrics”), created in June 2002. NIST chairs both the INCITS and the JTC 1 SC 37-Biometrics committees and contributes to the work of these standard-development bodies with technical expertise. INCITS has approved 20 standards developed by INCITS M1 including biometric data interchange format standards, technical interface standards, four biometric application profiles, and a revised version of the Common Biometric Exchange Formats Framework (CBEFF). Twenty standards developed by JTC 1 SC 37 were approved and published as ISO/IEC standards. These standards are being adopted both in the United States and abroad. In addition, NIST has developed Federal Information Processing Standard (FIPS) 201 for authentication of federal employees and contractors. The result, the Personal Identity Verification (PIV) Card, promises to be both a universally accepted identity credential and a prototype for other identity management applications worldwide. The placement of standardized fingerprint templates on the PIV Card has been supported by an interoperability test and development program at NIST. This has recently been extended with an evaluation of privacy-protecting smart card technology. Consortium Helps Advance Biometric Technologies The Biometric Consortium serves as a focal point for the federal government’s research, development, testing, evaluation, and application of biometric-based personal identification and verification technology. The consortium now has more than 900 members, including 60 government agencies. NIST and the National Security Agency co-chair the consortium. NIST has collaborated with the consortium, the biometrics industry, and other biometric organizations to create the initial version of CBEFF. The format already is part of government requirements for data interchange. Data structures conforming to CBEFF are being used in applications including PIV cards, the Registered Traveler Program in the United States and machine-readable travel document for the International Civil Aviation Organization. NIST is currently developing conformance test suites for biometric technical interfaces. For more information, see fingerprint.nist.gov, face.nist.gov, and iris.nist.gov. Also see NIST’s biometric resource center at www.itl.nist.gov/div893/biometrics/.
|