logging in or signing up DI 4 Standards Stapleton Jeff Janelle Download Post to : URL : Related Presentations : Let's Connect Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Copy embed code: Embed: Flash iPad Dynamic Copy Does not support media & animations Automatically changes to Flash or non-Flash embed WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 136 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: September 27, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript State of Biometric Standards: State of Biometric Standards Jeff Stapleton, Manager Information Risk Management Jstapleton@kpmg.com (314) 444-1447 Chair X9F4 www.x9.org Chair WG10 www.tc68.org Agenda – Biometric Standards: Agenda – Biometric Standards Standards Bodies International Standards Bodies USA Domestic Standards Bodies State of the Standards Past Achievements Present Activity Future Work in Progress Who are they? What Are they doing?International Standards Bodies: International Standards Bodies USA Standards Bodies: USA Standards Bodies Joint Technical Committee OneUS Interactive Relationships: US Interactive Relationships incits ISO Overview: ISO Overview Established 1946 www.iso.ch 146 National Standards Bodies 94 Member Bodies USA is a Member Body with a National Standards Body – American National Standards Institute Over 200 Technical Committees TC 1 Screw Threads … TC 68 Banking and Financial Services … TC 215 Health InformaticsTC 68 Overview: TC 68 Overview Develops international technical standards Financial Services Industry Including banking and securities Subcommittees www.tc68.org SC 2 Security Management and General Banking Operations Biometrics, Public Key Infrastructure (PKI), Security Guidelines SC 4 Securities and Related Financial Instruments SC 6 Retail Financial Services Including PIN management, key management, and cryptographic hardware devices used in the Retail Financial Services Cardholder at ATM and Point-of-Sale (POS) TerminalsJTC1 Overview: JTC1 Overview Established early 1980’s www.jtc1.ch 38 Liaison Members 94 National Member Bodies USA is a Member Body with a National Standards Body – American National Standards Institute 18 Active Subcommittees … SC 17 Cards & Personal Identification INCITS/B10 SC 27 IT Security Techniques INCITS/T4 SC 37 Biometrics (established 2002) INCITS/M1JTC1/SC37 Overview: JTC1/SC37 Overview Established June 2002 www.jtc1 First meeting held December 2002 Scope is biometric technologies File formats, APIs, application profiles, testing… Excluded from SC37 scope SC17 biometrics for cards and personal identification SC27 biometric security and evaluation methodologies Formal Liaisons include SC37 to SC17 SC37 to SC27 Overview: Overview Founded in 1918 as a membership-based, not-for-profit organization, ANSI is … A coordinator and facilitator of the U.S. voluntary consensus standards and conformity assessment system An accreditation body for U.S. standards developers, U.S. Technical Advisory Groups and U.S. certification programs The forum for the U.S. standards and conformity assessment communities American National Standards (ANS) Developers Currently more than 270 ANSI accredited standards developers, representing 200 distinct entities Not all standards developed by these organizations are submitted for consideration as ANSX9 Overview: X9 Overview Financial Services Industry www.x9.org X9A Subcommittee on Retail Banking TC68/SC6 X9B Subcommittee on Check Processing X9C Consumer Protection (established 2003) X9D Subcommittee on Securities TC68/SC4 X9F Subcommittee on Information Security TC68/SC2 X9F1 Cryptographic Tools X9F3 Cryptographic Protocols X9F4 Cryptographic Applications – X9.84 Biometrics X9F5 PKI Policy and Practices X9F6 Management and Security – Retail Banking X9 WG1 Privacy Overview: Overview Information Technology Standards www.incits.org Formerly X3 Committee 36+ Technical Committees B10 Identification Cards and Related Devices SC17 AAMVA Driver License / Identification Standard J16 Programming Language C++ … L3 Audio, Picture, Multimedia, and Hypermedia … M1 Biometrics (established 2002) SC37 ANS INCITS 358-2002 BioAPI, NISTIR 6529-A Common Biometric Exchange File Format (CBEFF) T4 Security Techniques … SC27 ASN.1 Extended Encoding Rules (XER) INCITS/M1 Overview: INCITS/M1 Overview Established 2001 55+ Companies and organizations membership US TAG to JTC1/SC37 Task Groups (current organization) M1.1 Biometric Data Interchange Formats M1.2 Biometric Technical Interfaces M1.3 Biometric Profiles M1.4 Biometric Performance Testing and Reporting Overview: Overview Established 1993 www.oasis-open.org Originally founded as SGML Standard Generalized Markup Language (SGML) Renamed in 1998 – Extensible Markup Language (XML) 600+ Corporate and Individual Members 100+ Countries including United Nations (ebXML) XML Common Biometric Format (XCBF) Technical Committee Established February 2002 XCBF patron format of NISTIR 6529-A CBEFF XCBF based on ASN.1 schema in X9.84-2003 XCBF conforms to XML Encoding Rule (XER) in X.693 XCBF relies on X9.96-draft Cryptographic Message Syntax (CMS) Overview: Overview Established 1992 www.biometrics.org Co-hosted by NIST and NSA Focal point for biometric research… Operate discuss group firstname.lastname@example.org Operate information line 1-866-BIOMETRics (866-246-6387) Working Groups Common Biometric Exchange File Format (CBEFF) Biometrics Interoperability, Performance, and Assurance NISTIR 6529-2001 CBEFF NISTIR 6529-A-2002 CBEFF Overview: Overview Established 1998 www.bioapi.org Focus was to harmonize the various biometric APIs BioAPI Specification version 1.0 – March 2000 Reference implementation version 1.0 – September 2000 BioAPI Specification & implementation version 1.1 – March 2001 Working Groups Applications (AWG) – top level interface of the BioAPI External (XWG) – transition to other standards bodies Reference Implementation (RWG) – reference implementation Conformance Test (CTWG) – conformance test suite Existing Standards *: Existing Standards * US Standards ISO/IEC JTC1 US Specifications ISO TC68 ANS American National Standard FCD Final Committee Draft NP New Project * UpdatedBiometric Architecture: CBEFF Biometric Architecture Biometric Service Provider BioAPI Framework BIRINCITS/M1 Work in Progress: INCITS/M1 Work in Progress M1.1 Task Group – Biometric Data Formats Finger Pattern Based Interchange Format Finger Minutiae Format for Data Interchange Finger Image Based Interchange Format Face Recognition Format for Data Interchange Iris Interchange Format Signature / Sign Image Based Interchange Format Digitized signature (not PKI digital signature) Low level data interoperability Vendor “A” format captured by vendor “B” device Vendor “A” format processed by vendor “C” systemINCITS/M1 Work in Progress: INCITS/M1 Work in Progress M1.2 Task Group – Biometric Interfaces INCITS 358-2002 BioAPI, NISTIR 6529-A CBEFF Interoperability between biometric components & subsystems Security mechanisms for stored and transmitted data X9.84-2003 Biometric Information Management and Security Reference model for multi-vendor systems High level process interoperability Functional calls Fetch sample, Create template, Matching … Application calls Enroll, Identify, Verify …INCITS/M1 Work in Progress: INCITS/M1 Work in Progress M1.3 Task Group – Biometric Profiles Interoperability and Data Interchange, Biometric Based Verification and Identification of… Transportation Workers Border Crossing Point-of-Sale (POS) X9.84-2003 for the Financial Services Industry Industry specific needs To be determined, initial meeting June 9-11 in Seattle WAINCITS/M1 Work in Progress: INCITS/M1 Work in Progress M1.4 Task Group – Performance and Testing Biometric metric definitions and calculations Testing performance Test reporting Ongoing biometric technology issue… False Match Rate (a.k.a., False Acceptance Rate) False Non-Match Rate (a.k.a., False Reject Rate) Failure to Enroll Rate To be determined, initial meeting June 11 in Seattle WAJTC1/SC37 Work in Progress: JTC1/SC37 Work in Progress SG 01 Harmonized Biometric Vocabulary No specific M1 correlation AWI 19792 Framework for Security Evaluation and Testing SG 02 Biometric Technical Interfaces M1.2 TG US submission NP 19784 ballot comments BioAPI US submission NP 19785 ballot comments CBEFF SG 03 Biometric Data Interchange Formats M1.1 TG AWI 19794 Biometric Data Interchange Formats Work sorted by Study Group / Special Group: AWI Active Work ItemJTC1/SC37 Work in Progress: JTC1/SC37 Work in Progress SG 04 Biometric Application Profiles M1.3 TG No Active Work Item Listed SG 05 Biometric Testing and Reporting M1.4 TG AWI 19795 Biometric Performance Testing and Reporting SG 06 Cross-Jurisdictional and Societal Aspects No specific M1 correlation Work sorted by Study Group / Special Group: AWI Active Work ItemOther Work in Progress: Other Work in Progress TC68/SC2/WG10 CD 19092 in ballot (X9.84-2003) due August 2003 JTC1/SC27 Biometric security in cooperation with TC68/SC2 JTC1/SC17 ISO 7816 Information Technology – Identification Cards – Integrated Circuit(s) Cards with Contacts Part 11: Personal verification through biometric methods International Civil Aviation Organization (ICAO) Global Biometric Initiative with JTC1/SC17Chronology Summary: Chronology Summary Pre-2000 June 1993 – FBI Fingerprint Compression WSQ published October 1992 – Biometric Consortium established April 1998 – BioAPI Consortium established January 1999 – X9F4 assigned NWI X9.84 Year 2000 March 2000 – BioAPI Specification v1.0 published June 2000 – AAMVA Drivers License / Identification published December 2000 – ISO/IEC CD 7816 ICC Part 11 Biometrics ballot Chronology Summary: Chronology Summary Year 2001 January 2001 – NISTR 6529 CBEFF published March 2001 – ANS X9.84-2001 published (BioAPI v1.0) March 2001 – BioAPI Specification v1.1 published March 2001 – NIST 6529 CBEFF published November 2001 – INCITS/M1 established December 2000 – ISO/IEC DIS 7816 ICC Part 11 Biometrics ballot Year 2002 February 2002 – NISTR 6529-A CBEFF published March 2002 – ANS INCITS 358-2002 (BioAPI v1.1) published March 2002 – CTST Linden Award presented to Cathy Tilton June 2002 – JTC1/SC37 established December 2002 – ISO/IEC FDIS 7816 ICC Part 11 Biometrics ballotChronology Summary: Chronology Summary Year June 2003 (so far) February 2003 – JTC1/SC37 CD 19785 ballot comments BioAPI February 2003 – JTC1/SC37 CD ballot comments CBEFF February 2003 – XCBF 1.0 Committee Specification published June 2003 – ANS X9.84-2003 Biometric Security published June 2003 – TC68 CD 19092 in ballot (X9.84-2003) Year July 2003 and beyond… ISO 7816 ICC Part 11 Biometrics ISO Standards on Biometric Technology ISO Standards on Biometric Security ISO Standards on Industry Applications Financial Services Industry Transportation Industry and government Immigration ServicesStandards Conclusion *: Standards Conclusion * Significant advances in the last 36 months ANS INCITS 358-2002 BioAPI ANS X9.84-2003 Biometric Security ISO FDIS 7816 ICC Part 11 Biometrics NISTIR 6529-A CBEFF Further work in the next 36 months ISO Biometric Technology Standards ISO Biometric Security Standards ISO Biometric Application Standards Missing topics for biometric technology Standardized testing for error rates (e.g., FM, FNM, FTE) Device evaluation criteria (e.g., Common Criteria / PP) * Updated You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.