View
224
Download
2
Tags:
Embed Size (px)
Citation preview
2
What is BiometricsWhat is Biometrics
Biometrics are automated methods
of recognizing a person based on
a physiological or behavioral
characteristics
3
BiometricBiometric includesincludes
Physiological Characteristics– Fingerprint – Palm print – Face– Iris– Voice
Behavioral Characteristics– Signature
4
FingerprintFingerprint
Strength– Proven Technology Capable of High Level of Accuracy– Range of Deployment Environments– Ergonomic, Easy-to-Use Device– Ability to Enroll Multiple Fingers
Weakness– Inability to Enroll Some Users– Performance Deterioration over Time– Association with Forensic Application– Need to Deploy Specialized Devices
5
Palm printPalm print
Strength– Ability to Operate in Challenging Environment– Established, Reliable Core Technology– General Perception as Non-intrusive– Relatively Stable Physiological Characteristic as Basis– Combination of Convenience and Deterrence
Weakness– Inherently Limited Accuracy– Form Factor That Limits Scope of Potential Applications– Price
6
FaceFace
Strength– Ability to Leverage Existing Equipment and Image Processing– Ability to Operate without Physical Contact or User
Complicity– Ability to Enroll Static Images
Weakness– Acquisition Environment Effect on Matching Accuracy– Changes in Physiological Characteristics That Reduce
Matching Accuracy– Potential for Privacy Abuse Due to Non-cooperative
Enrollment and Identification
7
IrisIris
Strength– Resistance to False Matching– Stability of Characteristic over Lifetime– Suitability for Logical and Physical Access
Weakness– Difficulty of Usage– False Non-matching and Failure-to-Enroll– User Discomfort with Eye-Based Technology– Need for a Proprietary Acquisition Device
8
VoiceVoice
Strength– Ability to Leverage Existing Telephony Infrastructure– Synergy with Speech Recognition and Verbal Account
Authentication– Resistance to Imposters– Lack of Negative Perceptions Associated with Other
Biometrics Weakness
– Effect of Acquisition Devices and Ambient Noise on Accuracy– Perception of Low Accuracy– Lack of Suitability for Today’s PC Usage
9
SignatureSignature
Strength– Resistant to Imposters– Leverages Existing Processes– Perceived as Non-invasive– Users Can Change Signatures
Weakness– Inconsistent Signatures Lead to Increased Error Rates– Users Unaccustomed to Singing on Tablets– Limited Applications
10
Biometric ProcessBiometric Process
Enrollment:Enrollment:
Verification:Verification:
PresentPresent
BiometricBiometricCaptureCapture
ProcessProcess
No MatchNo Match
MatchMatchCaptureCapture
ProcessProcess
PresentPresent
BiometricBiometric
StoreStore
CompareCompare
12
Revenue of Biometrics MarketRevenue of Biometrics Market
Source: International Biometric Industry Association ( IBIA )
13
Biometric Market SizeBiometric Market SizeRevenue:– 2003 revenue: $719M USD– 2006 projected revenue: $2.7B USD– 2008 projected revenue: $4.8B USD
From:– Law enforcement– Public sector identification / Authentication– ID Card / E-passport / Immigration
14
Technology Growth ComparisonTechnology Growth Comparison
2003 2006
Fingerprint $198 $858
Facial Recognition $50 $417
Hand Geometry $43 $137
Middleware $48 $209
Iris Recognition $36 $190
Voice Verification $23 $114
Signature Verification $9 $54
Multi-modal $11 $106
AFIS $312 $705
Total $719 $2,684
Source: IBG’s “Biometrics Market and Industry Report 2004-2008”
x4x8
15
Business ModelBusiness Model
109
1010
1011
1012
1980 1995 2010 2025(year)
Entrance and exit managementPC Login
Information systemauthentication
Network user authentication
Authentication service business
System integration business
Equipment/library business
Market size (in yen)
(千億 )
(100億 )
(10億 )
2005
Source: Biometrics Security consortium
16
Time DivisionTime Division1990-1995: access control & PC login1995-2005: info. system authentication2005-: network user authentication
Japanese market:– 2000: 3M USD (equipment), 30M (system)– 2005: 10M USD(equipment), 100M (system)
17
Market: Access Control (Worldwide)Market: Access Control (Worldwide)
Market scale: 100M USDMarket requirement:
– Repeated use for one device– Severe demand on stability– High quality for services– Professional partner for integration
2004
18
Market: Information System AuthenticationMarket: Information System Authentication
Market scale: 800M USD (ID card, etc.)Market requirements:
– Integrator: multi-workstations, service to citizens, fingerprint database, network connection, secure info. access.
– High quality reader– Entire client-server architecture– Implementation for related standards
19
Market: Network User AuthenticationMarket: Network User Authentication
Market requirement:– M-business: cell phone, PDA, N/B– E-business: smart-card, ATM, P.O.S
20
Drive to MarketDrive to Market
– E-passport with face & fingerprint check at the immigration.– Civil administration & work permit application for fingerprint
verification/identification.– Verification for 3G cell phone with fingerprint.
Since 911 , national security becomes the major consideration. Therefore, a large quantity of biometric solution is in demands.
The growth of biometric market is expected to be over 40% annually.The market scale of 2007 is predicted to be approximate 4 billion USD.
Since 911 , national security becomes the major consideration. Therefore, a large quantity of biometric solution is in demands.
The growth of biometric market is expected to be over 40% annually.The market scale of 2007 is predicted to be approximate 4 billion USD.
22
OverviewOverviewStatus of Consortia Work in
Biometrics StandardizationStatus of Approved Projects in
INCITS M1- Biometrics Status of JTC1 SC37 – BiometricsInteroperability Requirements
23
Interoperability & Data Interchange
Enterprise Web Server
Internet
BiometricAuthentication
E-commerce or Internetbank customer
• Remote access• Transaction security
• Fraud prevention
Internet Security
Client/Server – Different OS
Biometric Standards:What is it necessary to
achieve?
24
美國美國 BiometricsBiometrics 標準化活動標準化活動
ISO
SC17ID Card
X9FInformation
Security
X9金融
ANS美國標準局
X9F8Biometrics
NCITS(ANSI認定機關 )資訊技術標準化委員會
B10ID Card
B10.8Driver License
AAMVA美國自動車連合
美國警察
NIST-ITL標情報技術研究部
NIST標準化技術研究所
美國政府 Bio/API
CBEFFThe Common Biometrics
Exchange File Format
Tele Trust
ISOxxx ANSIxxx
X9.84Interoperability of Biometrics data
on ID Card
BioAPI標準 Biometrics
API
CBEFF標準
Smart Card
CBEFF標準 Data Format完全性驗證
IBIAPrivate Com.
INTEL 及 Biometrics Intel & Biometrics
Vendor
B10.8Data Format Standard
of Driver License
25
Lead, participate and promote the acceleration of standard development efforts.
Promote the adoption of approved standards (e.g., CBEFF, BioAPI, ANSI/NIST).
Conduct related R&D (e.g., evaluation methodologies, evaluation of single-modal and multi-modal authentication architectures).
Develop advanced biometric data interchange structures (e.g., nested CBEFF structures).
Work in harmonization with efforts undertaken by other Gov. agencies (e.g., DoD, intelligence community, TSA, GSA, State).
Respond to legislative requirements (e.g., USA Patriot Act). Leverage from our involvement with the Biometric Consortium
and other forums (e.g., NIST/BC Biometric WG) support user requirements and also support industry.
NIST Approach
26
CBEFFCBEFFA Biometric Data Interchange A Biometric Data Interchange
StandardStandardto Support All Biometric to Support All Biometric
Technologies in a Common WayTechnologies in a Common Way
NISTIR 6529www.nist.gov/cbeff
• Facilitates biometric data interchange between different system components or systems.
• The development was coordinated with industry consortiums (e.g., BioAPI Consortium) and standards Technical Committees (e.g., X9.F4 Working Group).
• ANSI/ISO Fast Track candidate
Security Options (e.g., plain, or encrypted)Integrity Options (e.g., signed)Patron (e.g., BioAPI) Header Version Biometric Type (e.g., facial features)Record Data Type (e.g., processed)Record Purpose (e.g., enroll)
Record Data QualityCreation Date (of the biometric data)Creator (entity that created the biometric data object)Format Owner (CBEFF Requirement)Format Type
HeaderBiometric Specific
Memory Block Signature
Data Elements and Header Fields
Need a universally recognized registrar for Format Owner/Format Type (www.ibia.org/formats.htm)
• Task Groups/Technical Development Teams: Biometric Template Protection & Usage Task Group (Dr. Soutar, BioScrypt) Biometric Security Task Force (C. Tilton, SAFLINK) Assurance Ad-Hoc Group (M. King, Booz Allen Hamilton) CBEFF Technical Development Team (F. Podio, NIST &
J. Dunn, NSA) – augmented CBEFF under development
Testing Ad-Hoc Group (Dr. Negin, MNEMONICS)
90 organizations
www.nist.gov/bcwg
31
Standard Bio HeaderStandard Bio HeaderStandard Bio Header
Standard Bio Header
Standard Bio Header
Standard Bio Header
Standard Bio Header
Signature
Data
Data
Data
Type=Multi Bio
Type=Finger
Type=Iris
Allows for multiple data types and/or multiple data objects within the CBEFF data structure
CBEFF Nested Structure & Multi-Biometrics
Other Elements of the Revised Other Elements of the Revised CBEFFCBEFF
Data originationProduct Identifier: CBEFF needs to uniquely identify the format
and the originator of every biometric data structure.Validity Period (Valid from, Valid until)
Adopt X9.84 definition: YYYYMMDDHHMMSSZ• Challenge data and payload (specified by the Patron)• Use of biometric data in tokens for machine-readable
documents.• Name change:
ANSI/NIST-ITL-1-2000Approved 2000
Data format for finger/facial/SMT
NIST
Expected to be fully CBEFF compliantLogical Data Structure for Travel Documents
ISO/IEC SC17 & ICAO
NIST/BC WG harmonized format in 7816-11 for CBEFF compliance
ISO/IEC 7816-11 - useof biometric data in SC
ISO/IEC SC17 WG4
Updated to be consistent with BioAPIHuman Recognition Services of CDSAOpen Group
Approved (ANSI) Feb 2001ANSI X9.84X9/Financial/Banking
Released March 2001Approved February 13, 2002
BioAPI V1.1ANSI/INCITS 358
BioAPI Consortium
Being augmented by the NIST/BC Biometric WG
NISTIR 6529 - CBEFFPublished Jan 2001
NIST/BC Biometric WG
StatusStandardOrganization
Biometrics Standards & CBEFF
INCITS M1 - Biometrics
Application profilesData formats
5 approved projects (2 Application Profiles & 3 data formats)
34
CBEFF
Biometric Architecture Biometric Architecture ExampleExample
BiometricServiceProvider
BioAPI Framework
ApplicationApplication
BIR
CryptographicServiceProvider
X9.84 Biometric Security
BiometricObjectBiometric
ValidationControl
Objectives
35
INCITS 358-2002, BioAPI V1.1 INCITS 358-2002, BioAPI V1.1 SpecificationSpecification
An Open Systems Interface An Open Systems Interface StandardStandard
for Biometric Integrationfor Biometric Integration
36
BioAPI - An Open Systems Interface BioAPI - An Open Systems Interface StandardStandard
for Biometric Integrationfor Biometric IntegrationA biometric API standard defines a generic way of interfacing
to a broad range of biometric technologies.
Benefits:
• Easy substitution of biometric technologies
• Use of biometric technology across multiple applications
• Easy integration of multiple biometrics using the same interface
• Rapid application development - increased competition (tends to lower costs)
BiometricDevice
BiometricDevice
BiometricServiceProvider
BiometricServiceProvider
BiometricDevice
BiometricServiceProvider
BioAPI Interface
Application
37
Open SystemsOpen Systems
BioAPI R/T
BSP BSP
Web Browser
Windows PC
BioAPI R/T
BSP BSP
Web App
Linux Server
• BioAPI specification and Win32 reference implementation both available at: www.bioapi.org• Plans underway to port to Unix (IBG) and Linux (NIST)• Conformance test suite for Win32 and Unix/Linux • Seeking sponsors for port efforts
• Fast track candidate to ISO through INCITS & M1 – Biometrics Technical Committee
20001999 2001
Unification of Biometric API development
industry efforts
Common Biometric
Exchange File Format (CBEFF)
development starts
BioAPI Spec. v1.0 released
CBEFF published
NISTIR 6529
BioAPI Reference
implementation released
BioAPI Spec. v1.1 released
Users’ and Developers’
Seminar
A Bit of History
BioAPI Consortium
2002
CBEFF Upward revision starts
Revised CBEFF Ballot (planned)
BioAPI v1.1 approved as ANSI/INCITS 358
39
Status of Approved Projects in INCITS M1- Biometrics
• INCITS Web site: www.incits.org
• M1 – Biometrics: www.ncits.org/tc_home/m1.htm
• M1 Document Register: www.ncits.org/tc_home/m1htm/docs/m1docreg.htm
40
INCITS/M1 Biometrics• Purpose:
Established in November 2001 by the Executive Board of INCITS to accelerate the deployment of significantly better, open systems standard-based security solutions for purposes such as homeland defense and the prevention of ID theft.
Elevate consortia standards to national and international voluntary consensus standards (e.g., BioAPI, CBEFF).
Develop application profiles (e.g., airport security, border crossing), and other biometric generic standards as needed (e.g., data formats).
• Legislative accelerants such as: Public Law 107-71 - Aviation and Transportation Security Public Law 107-56 - “The USA Patriot Act” Public Law 107-173 – “Border Security Act”
41
INCITS M1 Biometrics - Status• Meetings:
January/May/August/December 2002
• Officers:F. Podio, ChairmanC. Tilton, IRC. Soutar, Vice ChairmanS. Elliot, Secretary
• M1 is the US TAG to JTC 1 SC 37• Five Approved Development Projects
• INCITS 358 BioAPI: JTC 1 SC 37 Fast Track candidate
• Revised CBEFF: INCITS/JTC 1 SC37 Fast Track candidate
42
INCITS Fast Track
INCITS/M1
Finger Minutiae FormatFor Data Interchange (01/03)
Iris Recognition Interchange Format
BioAPI V1.1ANSI/INCITS 358
Revised CBEFFNISTIR 6529-A
Application ProfileVerification & Identification
of Transportation Workers (01/03)
Application ProfilePersonal identification forBorder Crossing (01/03)
Finger Pattern-BasedInterchange Format (04/03)
Face Recognition Formatfor Data Interchange (07/03)
ISO/IEC JTC 1SC37
INCITS Fast Track(Planned)
JTC 1 Fast Track(Planned)
Five projects under development
Proposed to M1
M1 Projects and ISO SC37
Application ProfileBiometric Verification
in POS Systems
Face Image Interchange Format
Finger Image Interchange Format
43
www.biometrics.org www.nist.gov/bcwg
www.bioapi.org
www.ibia.orgwww.biometricfoundation.org
www.nist.gov/cbeff
www.itl.nist.org
M1 Biometrics Standards Incubators
45
INCITS 358 (BioAPI V1.1 Spec)
Transportation Workers, Border Crossing, Point of
Sale
Fingerprint MinutiaeFinger Pattern-Based
Face LandmarksBiometric
Interchange Data
Formats
Common Biometric Exchange Framework
Format
Biometric Application Programming Interfaces
Application Profiles for ID
and Verification
CBEFF (NISTIR 6529), NISTIR 6529-A under
development
Current Scope of Work (SC 37 and INCITS M1)
Derived from Colin Soutar’s Onion view on Biometrics standardization
46
Status of JTC 1 SC 37 – Biometrics
• Call for P Members (countries) closes September 2002.
• US funding of SC 37 Secretariat NIST & M1 are pursuing funding at $150K/year $50K secured (NIST) – PO being processed. ANSI will perform Secretariat duties
• Initial SC 37 Plenary Meeting:
Meeting planned for December 11 – 13, 2002 Hosted by US (M1) in Orlando, FL.
• M1 anticipates submitting at least seven contributions.
47
Smart Cards and Biometrics Smart Cards and Biometrics Interoperability RequirementsInteroperability Requirements
Can BioAPI fully satisfy the requirements or is further work required?
Possible approach: Form an M1-Biometrics Ad-Hoc Group: Work would be coordinated with the BioAPI Consortium, INCITS B10
and other smart card experts. Review BioAPI’s capability to fully provide the required level of interoperability for
different architectures (e.g., different biometric data matching and storage locations) BioAPI extension required (e.g., another parameter in the Verify function)? Is a layer on top on BioAPI needed? Coordinate work with possible augmentation of BioAPI when it goes for ISO Fast
Track. Coordination with international efforts (e.g., SC37). Possible funding required.
48
美國美國 BiometricsBiometrics 標準化活動標準化活動
ISO
SC17ID Card
X9FInformation
Security
X9金融
ANS美國標準局
X9F8Biometrics
NCITS(ANSI認定機關 )資訊技術標準化委員會
B10ID Card
B10.8Driver License
AAMVA美國自動車連合
美國警察
NIST-ITL標情報技術研究部
NIST標準化技術研究所
美國政府 Bio/API
CBEFFThe Common Biometrics
Exchange File Format
Tele Trust
ISOxxx ANSIxxx
X9.84Interoperability of Biometrics data
on ID Card
BioAPI標準 Biometrics
API
CBEFF標準
Smart Card
CBEFF標準 Data Format完全性驗證
IBIAPrivate Com.
INTEL 及 Biometrics Intel & Biometrics
Vendor
B10.8Data Format Standard
of Driver License
49
SummarySummary Base generic standards (e.g., CBEFF, BioAPI) developed in the last
few years set the foundation for achieving system interoperability and biometric data interchange.
NIST, the BC, the IT industry and end-users are leveraging from these base generic standards to accelerate the deployment of open systems standard-based security solutions for different applications (e.g., Prevention of ID Theft, Homeland Security, Heath Care, Enterprise Networks, Multi-OS Architectures).
The end goal is the approval of formal - generic national and international standards necessary to enable interoperability and data interchange between applications and systems.