Standardization Issues in Biometrics

by Fran Howarth - Bloor Research // February 14, 2005

NORTHAMPTONSHIRE, U.K.—Governments and businesses around the world are trialing biometric technologies in the hope of improving the security and convenience of identifying and authenticating individuals. Schemes proposed vary from the inclusion of biometrics in identification documents, to their use in remote authentication for government-to-citizen purposes and for corporate networks, to their use to provide authentication for physical access to premises.

But the various schemes being put in place will not work if the technologies and devices used cannot interoperate with each other. To ensure that such issues are adequately resolved, the European BioSec consortium is working on developing a number of standards for biometric technologies in cooperation with a number of other standards bodies worldwide. The goal is to develop a comprehensive approach for the development of international biometrics standards, which should help to increase the take-up of these technologies to improve security.

Specific issues that need to be addressed include standards for storing and transmitting biometric data, for representing biometric data, and for ensuring that legal requirements such as data protection, privacy, accessibility and health and safety are met.

As biometric technologies are still relatively underdeveloped, BioSec has much work to do. However, in cooperation with international standards boards, it has identified the most pressing issues to be resolved and is showing considerable progress in areas that will boost interoperability of biometrics systems, paving the way for their widespread international use.

The key standardization issues involved in the development of biometric technologies have been divided into six areas:

• Harmonized biometric vocabulary and definitions: it seems obvious that everyone involved in the field of biometrics should be reading from the same page, but the meaning of the words on that page may vary widely owing to differences in culture and language. BioSec participants are working on a harmonized vocabulary in the hope that this will form part of the ISO standard SC37 for biometrics.
• Biometric technical interfaces: since multiple vendors will be involved in the provision of biometric technology systems, a reference model needs to be developed to standardize the necessary application interfaces and interactions. Standards being developed include those for security, conformance testing and data exchange to ensure that biometric information can be transferred among networks, and hence used in remote access scenarios for such things as securing transactions.
• Biometric data interchange formats: standards need to be developed for how all the different types of biometric identifiers in use are encoded and represented. This involves defining a common data structure, including notation and transfer formats, so that data can be presented in a common format worldwide.
• Biometric functional architecture and related profiles: here, work is being done to develop a functional architecture that incorporates standards being developed in biometrics. The aim is to ensure that the various standards are bound together in a way that actually aids the functional operation of biometrics systems in real-life scenarios, making certain that the right options in the standards are selected for a specific application.
• Biometric testing and reporting: the emphasis in this area is on the development of standard methodologies and metrics for testing biometric systems to check that they perform as they should. Standards being developed include those for security and smart cards.
• Cross-jurisdictional and societal aspects: in this area, standards are being developed to ensure that all legal and societal requirements involved in the use of biometrics are adequately met. Although BioSec and standards groups including CEN/ISSS and ISO/IEC are mainly charged with developing technological standards, there is common agreement that success in biometrics deployments depend heavily on the willingness of people to use them. Standards need to be developed to ease such concerns as privacy, data protection, and health and safety issues, such as the ability to deduce the state of a person's health from biometric information.

This article originally appeared on the News Analysis pages of IT-Analysis.com, a publication of Bloor Research.