Are your biometrics up to snuff? Free suite tests for compliance
A free software test suite available from the National Institute of Standards and Technology can help assure that biometric applications used by military, law enforcement and homeland security agencies conform to NIST standards.
The collection and exchange of biometric data such as fingerprints has been going on for more than a century, but the adoption of digital technology and the increase in the kinds of biometric data being used require standards for implementing these features in applications. The Biometric Conformance Test Software for Data Interchange Formats (BioCTS2012) lets developers, vendors and end users see that the standards have been met, either through in-house testing or through third-party testing laboratories.
“We don’t test for conformance” to the standards, said NIST project manager Fernando L. Podio. “We just develop the tools.”
There are, however, specific limits to what the test suite does and does not do.
Conformance testing captures the technical description of a standard specification and measures whether an implementation faithfully executes the specification. The BioCTS suite checks that the record of an iris image or other piece of biometric data being used has the correct data and in the order called for by the standard, so that it can be sent to and received correctly and filed accurately by any user, from the Homeland Security Department to state and local police departments. The conformance testing provides programmers, users and product purchasers with an increased level of confidence in product compliance and increases the probability of successful interoperability.
The tests do not ensure interoperability of different products, however; only that they adhere to common standards, Podio said. “Conformance increases the probability of interoperability, but cannot ensure it because of all the possible implementations that can be included” in a product. Each developer can implement different profiles from the standard, depending on how the product will be used.
The tests address the biometrics data standard ANSI/NIST-ITL 1-2011, published in 2011, which provides a defined method for digitally encoding and storing biometric data so it can be shared by the various ID systems used by law enforcement, military and homeland security agencies.
They do not apply to biometrics used in the Personal Identity Verification (PIV) card civilian agencies provide to employees and contractors. Biometric standards for the PIV card are spelled out in Federal Information Processing Standard 201, Version 2 of which has been issued in a draft. Specifications for implementing the standards are included in NIST Special Publication 800-76, a revised draft of which also has been released.
The test suit assures proper implementation under the ANSI/NIST standard for data including fingerprints; facial images; scars, marks and tattoos; and iris images.
NIST has plans to extend the test tools to support additional biometric record types included in the standard as well as to other international biometric standards as well.