Looking for commonality

The British Standards division of the British Standards Institution (BSI) is producing new international standards for biometric technology – ie the science of using biological properties such as fingerprints, iris scanning and facial recognition – which are set to be used in all new passports and the UK Government’s proposed ID cards.

While the fight against terrorist activity has been the catalyst behind the new standards (seven of which could be published as early as May next year), the BSI is also striving to protect individuals against ID inaccuracies, as well as UK commercial interests operating in the biometrics sphere.

First, let’s step back for a moment and examine the history behind these current moves. With the USA Patriot Act and the Enhanced Border Security and Visa Entry Reform Act 2002 having been passed into law, US officials asked the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC) to create a new international committee. ISO/IEC JTC1 created a new sub-committee SC37 (while the UK formed a shadow SC37 committee through BSI IST/44).

The goal would be to focus on the rapid yet obviously comprehensive development and approval of formal international standards.

The first meeting of the international committee was held in December 2002 in Orlando, Florida, and was attended by delegates from the new technical committee in Britain. Since then, the UK delegation’s input has helped to keep the international work on track. After the Americans, Britain is the second largest contingent attending the ISO’s meetings. Committee chairman Bob Carter takes up the story.

“This standardisation work is important because it will support the rapid deployment of open system, standards-based security solutions for areas like Homeland security and the prevention of ID theft,” states Carter.

“Consequently, the BSI delegation is working closely with industry specialists around the world to collate data and negotiate a global consensus on how this technology should be designed to interface effectively and safely with fingerprints, faces, voices and eyes.”

Terrorism threat in the US

Worried by the threat of further terrorist attacks, and in the wake of new laws (ie the US Visit programme), the US Federal Government recently announced that all visitors would be fingerprinted and photographed on entry into the country. The US also introduced legislation that mandated the use of biometrics as a counter to international terrorism. The driver used was the US Waiver programme coupled with the introduction of biometric-enabled passport books. Since the legislation stipulated using ISO standards, these are now being created. Rapidly, but also comprehensively and in a collaborative manner.

Indeed, the challenge before global Governments and private organisations alike is to work collectively in presiding over an infrastructure of biometric systems that not only protects societies from attack but also safeguards individuals from any unwanted and unnecessary invasion of privacy.

“If the technology is to be successfully understood, deployed and integrated across any jurisdiction, the international standards are crucial,” continues Bob Carter. “It really all started before 9/11. The International Civil Aviation Authority was already trying to find a way of improving immigration control by processing passengers quickly thanks to biometrics.”

The aim of these standards is to make the implementation and application of biometric technology and its associated data that bit easier for the commercial and industrial communities. The specifiers of such equipment will then have a clear benchmark to work towards, while manufacturers will be able to use the specifications to trade with greater confidence.

After all, it’s essential to understand the reliability of a particular biometric system and to know how one can trust the claims made by suppliers. This is a standardisation that will create business opportunities for UK industry.

Biometrics: the main headings

The four main headings for biometric standards are: raw processed data and data interchange, program interfaces, independent certification and industry conduct.

The raw processed data covers such issues as the basic biometric templates. For example, examining exactly what data is collected from the finger image, the facial image or the iris, and how that data is then processed and stored. Meantime, the data interchange deals with how the collected data is presented to other parts of the system.

Program interfaces cover how the collected data and/or results of searches are communicated (or interchange) with other sections of the overall system. Perhaps one of the prime reasons for standards is to facilitate interoperability between systems. It’s equally sensible for system integrators not to have to rely on a single proprietary source for a particular technology. Thus for the end user, being able to deploy one supplier’s technology and mix-and-match with another supplier not only enables increased competition but also reduces the commercial risk in having to rely solely on one particular supplier.

For its part, the British Government will benefit from maintaining a biometrics knowledge base since UK scientists have helped lead the way in developing the technology. For example, biometric applications are being proposed for immigration/ asylum and border crossing processes.

Developing a technology to international standards also increases the potential market for a supplier, as not only will their systems solutions be suitable for the domestic market, they’ll also be applicable on the global stage.

The standardised approach

Achieving a standardised approach to biometrics not only involves technologies but also recognised procedures. As many Security Management Today readers will be aware, there are numerous ways of capturing and recording an image, but there has always been a tendency to rush the initial template. For its part, the British committee believes in spending more time to develop a better quality image.

In 2005, several new ISO biometric standards will be published and cover biometric data interchange formats for iris, facial and fingerprint data. These are as follows:

• ISO 19784 – BioAPI
• ISO 19785:1 – CBEFF: Data Element Specification
• ISO 19785:2 – Procedures for the Operation of the Biometric Registration Authority
• ISO 19794:2 – Biometric Data Interchange Formats (Finger Minutiae Data)
• ISO 19794:4 – Biometric Data Interchange Formats (Finger Image Data)
• ISO 19794:5 – Biometric Data Interchange Formats (Face Image Data)
• ISO 19794:6 – Biometric Data Interchange Formats (Iris Image Data).

These standards will be closely followed by standards on signatures, profiles for specialised workers, testing and reporting and a technical report covering cross-jurisdictional and societal aspects. A further standard on biometric vocabulary should also be formalised.

The initial potential market for these standards may be limited to Governments and, in particular, the suppliers of border management and passport solutions. However, commercial interest in biometric solutions will increase as ISO standards are developed, and as compliance with them is stipulated by commercial customers.