Biometric standards could boost PKI use

Biometric standards could boost PKI use

A decade after the government began seeking biometric authentication products, two interoperability standards have finally taken shape: the Common Biometric Exchange File Format (CBEFF) and the Biometric Application Programming Interface (BioAPI 1.1).

The standards 'are needed and expected by many end users,' said Fernando Podio, co-chairman of the Biometric Consortium and a scientist at the National Institute of Standards and Technology.

Both standards were introduced early last year. In November, the National Committee for Information Technology Standards (NCITS) established a biometrics technical committee to support the 2001 USA Patriot Act, which calls for technology standards to confirm individual identities.

The Biometric Consortium and other groups hope the two standards will win international acceptance. The standards represent a crucial milestone for the Office of Management and Budget's governmentwide public-key infrastructure project, known as e-authentication, Podio said.

'Without open standards, you cannot really achieve interoperability,' Podio said.

The standards would let agencies use more than one type of biometric authentication without building multiple infrastructures.

The nearly 10-year-old consortium, representing six executive departments and all branches of the military, worked with industry, equipment manufacturers and systems integrators to design the CBEFF format for biometric data interchange.

The 'technology-blind' file format is designed to let agencies share biometric information regardless of the technology or vendor. The International Biometric Industry Association is the registration authority for CBEFF format codes.

A good integrator 'will be able to take those standards and integrate them into an effective system,' said Richard Norton, executive director of the association.

The BioAPI Consortium, formed in 1998 by biometrics vendors, developed the other new standard, BioAPI 1.1.

In the near future

NIST and the Biometric Consortium are working on something more ambitious: biometric templates that could use multiple biometric measures.

'Template standardization is an important goal,' Podio said. 'Recognition algorithms use more than one approach, so it is not easy to achieve a common-denominator template.'

Although OMB's e-authentication aims for a uniform federal security infrastructure using public keys, agencies can choose from a variety of biometric modes and vendors.

'To me the perfect marriage is when I can unlock a private key by using a biometric,' said Judith Spencer, who chairs the General Services Administration's public-key infrastructure steering committee. For that, standards 'shouldn't matter, because all you're doing is communicating with your private token.'

Several biometric measures can coexist on a smart card, she said, even without the development and approval of standards.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above