ISO/IEC JTC 1 SC 37 · ISO/IEC JTC 1 SC 37 Fernando L. Podio, ... implementation of a biometric...
Transcript of ISO/IEC JTC 1 SC 37 · ISO/IEC JTC 1 SC 37 Fernando L. Podio, ... implementation of a biometric...
ISO/IEC JTC 1 SC 37
Fernando L. Podio, SC Chair
Lisa Rajchel, SC Secretariat
2012 JTC 1 Plenary
Biometrics – Now and Then
For decades, biometric technologies were used primarily in law enforcement applications. Currently they are used on a number of identification and verification applications (e.g.):
Increasing number of global government projects
Financial/Healthcare/Educational applications/Entertainment
Personal security and convenience
2
3
Now and Then – Same Customers’ Needs
Verification of the users’ identity is one of the critical
issues related to secured IT systems and applications.
Biometrics provides for secure transactions, positive
identification and augmentation to human judgment.
The relationship between a biometric characteristic and
the users of a system or application provides a binding
that is stronger than the binding that can be achieved
between a user and other technologies that are currently
in use for “personal authentication”.
? ? ? ? ?
How many PINs/passwords can you remember?
Work Computers
Desktop
Mail server
Laptop computer
ID Badge
Personnel System
Door Access device
Business ATM card
IT services
Mobile devices
Home/Personal Bank
ATM card(s)
Spouse’s ATM card
Telephone access
Telephone
Cell phone
Internet
Airlines, Travelocity
Amazon.com
Mutual funds
Alarm System
Mobile devices Application markets
Online storage
5
Before SC 37 and 9/11
Before SC 37 and 9/11, biometric standards work was conducted at the national level and by International Consortia (examples):
E.g., ANSI/NIST standards in the USA, Biometric Profiles (e.g. FBI)
NIST/Biometric Consortium Interoperability, Assurance and Performance WG (international participation)
CBEFF (NISTIR 6529)
BioAPI Consortium (international participation) – Now an SC 37 Liaison Organization.
BioAPI Specification
TeleTrust Deutschland (Interoperability, Security)
ANSI X9 (Biometric Manag. & Security – X9.84 -2000)
6
NISTIR 6529
NISTIR 6529-A
ANSI INCITS 398-2005
ISO/IEC 19785-1
Jan 2001
Apr 2004
Feb 2005
May 2006
Workshop – Feb 1999
Rev. 1, 2008
Parts 2,3,4
Common Biometric Exchange Formats Framework (CBEFF) – Evolution*
Defines a common structure and set of metadata elements for exchanging biometric information.
Header (SBH)
Biometric Data Block (BDB)
(e.g. Finger, face, iris image)
Security Block (SB) - optional
CBEFF formats are registered with the Biometric Registration Authority (IBIA). Now an SC 37 Liaison Organization.
* “Biometric Interface Standards – What's New and What's Relevant?”, Catherine J. Tilton, Biometric Consortium conference, September 2012
7 7
Who is Using CBEFF?
ISO/IEC 19785 Parts:
19785-1: Elements
19785-2: Registration
Authority Procedures
19785-3: Patron Formats
19785-4: Security Block
Formats
CBEFF Instantiations
separate from Part 3):
BioAPI
ISO/IEC 7816-11
ICAO 9303 (ePassports)
PIV (SP800-76)
India UID
BIAS
Biometric
Device
Biometric
Device
Biometric
Device
Biometric Data
Structure
Conforming
to CBEFF
Framework Conforming to the BioAPI Standard
Application1
(Conforming to Biometric Application Profiles)
Biometric
Service
Provider (BSP)
Biometric
Service
Provider (BSP)
Biometric
Service
Provider (BSP)
BSP Conforming to
Biometric Data
Interchange Format
Standards
Application2
Layered Set of Standards in Support of Biometric Interoperability & Data Interchange
9
HA-API BioAPI
1.0
BioAPI
1.1
ANSI
INCITS
358
ISO/IEC
19784-1
BioAPI™
Consortium
BioAPI Evolution*
BioAPI defines an open system standard API that allows software applications to communicate with a broad range of biometric technologies in a common way
* “Biometric Interface Standards – What's New and What's Relevant?”, Catherine J. Tilton, Biometric Consortium conference, September 2012
10
ISO version (ISO/IEC 19784, Ver 2.x) – Part 1 was originally
specified in “C” interface
Amd1: BioGUI
Amd2: Frameworkless
Amd3: Security
Part 2: Archive Function Provider Interface (FPI)
Part 4: Sensor FPI
Conformance Test Methodology (24709, 3 parts)
Tenprint capture using BioAPI (29141)
BioAPI Interworking Protocol (BIP, 24708)
Embedded BioAPI (29164)
Object Oriented BioAPI (30107, 3 parts) – Java/C#
(Part 5: Processing algorithm function provider interface, Part 6: Matching
algorithm function provider interface)
Over 40 companies list compliant products on www.bioapi.org
Example implementation: Japan Border Control System
BioAPI Evolution
• ANSI/NBS & ANSI/NIST Standards
11
• SC 37 was established
Biometric Data Interchange Formats Before (Examples) and After SC 37
• CBEFF Project Initiated
• Potential for fingerprint template
workshop
• American Association for Motor Vehicle
Administration (AAMVA) - AAMVA
DL/ID 2000 (included a format for
fingerprint imaging/minutiae record)
• First ANSI/INCITS biometric data formats
published (finger minutiae/pattern,
finger/iris image data formats)
• First ISO/IEC biometric data
formats published (finger minutiae,
finger/face/iris image data formats)
ISO/IEC 19794-1:2006 – Part 1: Framework
First Generation of ISO/IEC Biometric Data Interchange Formats
and Related Conformance Testing Methodology (CTM) Standards
ISO/IEC 29109-1:2009 – Part 1: Generalized conformance testing methodology (CTM)
AMD: Amendment
WD: Working Draft
CD: Committee Draft
DIS: Draft International Standard
Level 3
(semantic)
CTM
Binary
encoding
CTMs are
separate
standards
ISO/IEC 19794-1:2011 AMD 1 Conformance testing methodology (bin. encoding) – FDAM 1
WD: Working Draft / DIS: Draft International Standard / FDIS: Final Draft International Standard
DAM: Draft Amendment / PDAM: Proposed Draft Amendment/DAM: Draft Amendment/FDAM Final Draft Amendment
Updated from Dr. Busch’s BCC 2010 Presentation: “Status and Trends for Biometric Data Interchange Formats Standardization” and SC 37/WG 3 Roadmap
ISO/IEC 19794-1:2011, Part 1 Framework 19794-1:2011 Framework XML – 2nd PDAM 2
Binary encoding
XML encoding
Second Generation of ISO/IEC Biometric Data Interchange
Formats and Related CTM Standards
Biometric Data
Interchange
Formats
Logical Data
Formats Frameworks
Biometric Data
Security Attributes
Biometric Technical
Interfaces
Biometric System
Properties
Cross Jurisdictional
& Societal Aspects
Harmonized
Biometric Vocabulary
SC 37
SC 17 Token Based
SC 37 (e.g. APIs, Conform.)
SC 37 Biometric Profiles
SC 27 Security Evaluation
SC 37 Performance Evaluation
SC 27 (e.g. Confidentiality,
Integrity)
SC 37 (e.g. CBEFF BIRs)
SC 37 (data formats for a
number of modalities,
sample quality, conformance,
liveness data)
JTC 1 Biometric Standards Activities
What is New
1.37. 29164-AMd. 1: Embedded BioAPI – AMD 1: Security Mechanisms for Embedded BioAPI)
Will add an informative annex that will serve as a guide for developers to implement those security mechanisms.
Two revision projects:
ISO/IEC 24709-1 Rev Conformance testing for the biometric application programming interface (BioAPI) -- Part 1: Methods and procedures
ISO/IEC 24709-2 Conformance testing for the biometric application programming interface (BioAPI) -- Part 2: Test assertions for BSPs
15
1.37.19784-5: Biometric application programming interface – Part 5: Biometric processing algorithm function provider interface
Specifies a low-level interface that enables a BioAPI Biometric Service Provider to interact with a biometric processing algorithm function provider from a different vendor, using only the specification of the standardised interface.
1.37.19784-6: Biometric Application Programming Interface – Part 6: Biometric matching algorithm function provider interface
Specifies a biometric matching algorithm interface for a BioAPI Biometric Service Provider. Will provide an interface that can be used by all types of biometric feature matching algorithms. It will also support fusion on score and decision level.
16
What is New (Cont.)
17
ISO/IEC 19794-4 Amendment 2 – Finger image XML Encoding
This annex defines the schema that shall be used to validate xml finger image records encoded in an xml format. It documents an example xml document and the use of a validating tool for an encoded finger image record.
It will refer to requirements of 19794-4 (Biometric data interchange formats – Part 4: Finger image format) except for encoding details, and 19794-1 Amd. 2 (Framework for XML encoding).
The project was extended to Parts -2 (finger minutiae), -5 (face image), -6 (iris image), -7 (signature/sign time series) and -9 (Vascular image)
17
What is New (Cont.)
1.37.24779-4 (IS) on Pictograms, Icons and symbols for use with Biometrics Systems – Part 4: Face
Will describe a set of symbols, icons and pictograms to help the general public understand the concepts and procedures for using electronic systems that collect and/or evaluate facial images.
ISO/IEC 19795-2 Biometric performance testing and reporting – Part 2: Testing methodologies for technology and scenario Evaluation Amendment 1: Testing of multi-modal biometric
Specifies how to evaluate and report performance of multi-modal biometric expanding and complimenting ISO/IEC 19795-Part 2, Testing methodologies for technology and scenario evaluation.
18
What is New (Cont.)
19
1.37.30124 (IS) on Code of practice for the implementation of a biometric system
Will specify provision of recommendations and guidance for the implementation of a biometric system (e.g. assessing the need, planning for the implementation of a biometric system, acceptance testing operation).
1.37.30125 (TR) Use of Mobile Biometrics for Personalization and Authentication
Will provide guidance as to the elements required in developing frameworks for the platforms to ensure a consistent and secure method of biometric authentication in a mobile environment.
The frameworks (considered to operate across a variety of platforms) will address methods and approaches to remote and unsupervised enrolment, storage & communication of biometric data, for a variety of online connected and offline modes.
19
What is New (Cont.)
20
Participants 28 P-Members and 13 O-members
Standards published Nineteen standards (including amendments and corrigendum)
SC’s PoW Twenty-nine projects subdivided into one-hundred and thirty-
three subprojects (published and ongoing projects included).
SC 37 approved reactivating the liaison relationship with JTC 1 SWG on Accessibility. SC 37 forwarded “Guidance on the inclusive design and
operation of biometric systems” to SWG-A.
What is New (Cont.)
SC 37’s Participation in JTC 1’s activities SWG-Planning
AHG on Enabling Tools
AHG on Incubator Function
AHG on JTC 1 Structure
Re-established SGs to address Liaison activities with SC 17 and SC 27
Established a new SC 37 SG To prepare and coordinate SC 37 contributions and responses to
JTC 1 Subgroups and address SC 37 strategic issues between SC
37 Plenary meetings.
21
What is New (Cont.)
CEN/TC 224/WG 18 agreed at its 2012 Plenary to a liaison relationship
with SC 37 (proposed by SC 37 in 2011). CEN/TC 224/WG 18,
Interoperability of biometric recorded data. Projects:
Harmonisation and interoperability of slap-ten print capture for Biometrics
& Application profiles of international standards to satisfy European
biometrics requirements for automatic cross-boarding equipment).
SC 37 forwarded a report of its activities to CEN/TC 224/WG 18 for
information.
SC 37 approved a resolution to establish a Category C liaison
relationship between SC 37/WG4 and Frontex pending JTC1 approval.
Frontex* is interested in work related to ISO/IEC TR 29195 “Guidance for
Traveller Processes for Biometric Recognition in Automated Border
Crossing Systems” . * European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union.
22
New Liaisons
23
Noting the lack of activity between SC 37 and ISO/SCIT and SC 37
and SC 29 at its 2011 Plenary, SC 37 approved discontinuing these
liaison relationships.
However, SC 37 requested SC 29 to review draft conformance testing
methodologies for finger, face and iris image data formats,
specifically on test assertions related to JPEG2000 encoding in
biometric samples.
At it’s July 2012 Plenary, after hearing a report from the Liaison
Officer to SC 36, SC 37 concluded that the relationship between
SC 37 and SC 36 is no longer necessary.
Discontinued Liaison Relationships
User Engagement
Participation: Over 80 delegates from 15 NBs and Liaison organizations
participated in the SC 37 WG meetings held in January & July 2012.
Over 50 from 14 NBs and Liaison organizations participated in SC 37 Plenary meeting held in July 2012.
Required 50% voting participation is met or exceeded in every ballot.
Representation: System integrators
Biometric industry
Representatives from government organizations
Representatives from research and national testing laboratories
Representatives from Universities
Experts from other JTC 1/SCs and other liaison organizations
24
User Engagement (Cont.)
Requirements addressed 2G of biometric data interchange formats (e.g. XML encoding)
2G technical interfaces (e.g. BIAS, BioAPI for OO programming) reflects technology innovations and new customers’ needs.
Sample quality standards: support the path to “zero error” biometrics
New projects reflect users’ needs (e.g. standardized liveness data format – support e-applications/presentation attack detection).
Challenges Continuous support for biometric ID trends around the world (e.g.,
multi-modal, multi-applications, increased scale, data exchange, anti-spoofing, Web Services, mobile biometrics).
25
Legitimate User Fraudster ?
26
Adoption Examples - ICAO*
ICAO TAG-MRTD
ISO/IEC JTC 1/SC 17 Cards and Personal Identification
ISO/IEC JTC 1/SC 27 IT Security Techniques
ISO/IEC JTC 1/SC 37 Biometrics
ISO/IEC 7816
ISO/IEC 10373
ISO/IEC 9796
ISO/IEC 19785
ISO/IEC 9797
ISO/IEC 11770
ISO/IEC 19794
ISO/IEC 14443
* “SC 27 Business Plan for the Period October 2010 – September 2011”, presented by Dr. Fumy, SC 27 Chair at the JTC 1 Plenary meeting, San Diego, CA, USA, November 2011.
27 27
Adoption Examples – UID (INDIA)*
*
Secure Database
UID Middleware
Multi-modal ABIS Vendor
Multi-modal ABIS Vendor
Multi-modal ABIS Vendor
CBEFF Instantiation (ISO/IEC 19785-3)
Biometric Capture (ISO/IEC 19794-x) – Finger/Face/Iris
Data Standards: ISO/IEC 19794-2, -4, -5 and -6
Aadhaar: Creating
Identities for 1.2 Billion Indians
• Common platform which can be used across all applications
• E.g. Social services, micropayments, banking
http://www.ilo.org/global/lang--en/index.htm Seafarers ID Card
Other Adoption Examples
SPAIN - Requirements for two official documents
• USA – National Science and Technology Council’s Registry of
U.S. Government Recommended Biometric Standards”)
• Biometric requirements for PIV cards
Other SDOs (e.g. SC 17/SC 27, ITU-T)
28
Japan – Border Control System - BioAPI
Outreach (Ongoing)
Press releases
Articles and Books
Citing by External Sources
Conferences
University Seminars and Courses
IEEE Certified Biometrics Professional Program (CBP)
Significant Contributions from SC 37 Officers and NB experts
29
Recurrent Challenges 2002 - On
Impediments to success Adoption of biometric-based high performance,
interoperable systems depends, in part, on the timely availability of a portfolio of technically-sound biometric standards required by:
End-users and industry
Other standards bodies within JTC 1, ISO TCs, external standards organizations and other customers
SC 37 mitigates the risk through the use of IT tools, international cooperation and team work, the establishment of OWG to work in-between WG meetings, and tight program management.
30
Technical Contributions to other ongoing standards activities:
Biometric standards for verification of users’ identity in many areas (e.g., cloud computing, sensor networks, transportation, health care)
New projects Semantic conformance testing (e.g., can profit from still wider
participation from national testing laboratories, researchers).
Application profiles (e.g. more end-user participation is always welcome).
XML encoding for data interchange format standards (still more experts in this area would be beneficial).
Multi-biometric systems (have more complex performance and decision criteria).
Recurrent Challenges (Cont.)
31
Issues or Needs
Help Continuous additional help advertising SC 37’s work via the JTC 1
web site, JTC 1 meetings with other standards organizations, press releases and other means is always welcome.
Training Periodically Editors’ Training is offered – Next planned to be
collocated with the SC 37/WG meetings in Winchester, UK, April 2013.
32
Program priorities Will continue to seek information from customers on how to further
support users’ communities interested in the use of biometrics for personal verification and identification applications.
2013
New directions – Examples: Development of data interchange formats using XML encoding
Semantic conformance testing for biometric data interchange formats
Requirements for performance testing methodology standards for multi-biometric systems
Ongoing BioAPI for Object Oriented Programming Languages
Biometric Identity Assurance Services (BIAS)
Mobile Biometrics for Personalization and Authentication
Date/location of next SC WG/Plenary 22 - 26 April 2013 (WGs only) – Winchester, UK
13 – 21 January 2014 (WGs + Plenary) – Darmstadt, Germany
33