US National Body Contribution for the Establishment of a New
JTC 1 Subcommittee for Biometrics and US Offer to Serve as Secretariat for
the New SC
Background
Biometric technologies include those that automatically identify or
verify the identity of a person through measurable physical or behavioral
characteristics, such as fingerprint, facial recognition, or iris recognition.
By comparing a person's presented biometric features to previously registered
biometric data, the person's identity can be verified with a high degree of
confidence. Applications for this technology include computer network access
control, physical access control, credit card holder verification at the point
of sale, and screening at border crossings, airports, etc.
The importance of biometric technologies has dramatically increased
because of the horrific events of September 11, 2001. Homeland defense is now
the highest of priorities for many countries. Many countries are considering or
have already approved new legislation which calls for the investigation and use
of biometric technologies as soon as possible for homeland defense applications.
In the United States, two such laws have already been approved:
Public Law 107-56, Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT
ACT) Act of 2001, October 26, 2001.
Public Law 107-71, Aviation and Transportation Security Act, November 19,
2001.
Rationale for Proposal
The effective use of biometric technologies in high priority homeland
defense applications will take international cooperation. Ensuring international
cooperation is best promoted through the rapid approval of consensus formal
international standards.
The United States National Body to ISO/IEC JTC 1 proposes the formation
of a new ISO/IEC JTC 1 Subcommittee to ensure a very visible, high priority,
focused, coordinated, and comprehensive approach for the rapid development and
approval of formal international generic biometric standards. This new SC would
help ISO/IEC JTC 1 to accelerate this work and permit faster global deployment
of significantly better security solutions.
Critical generic biometric standards include common file formats and
application program interfaces, as well as related application/implementation
profiles. Such standards are necessary to enable interoperability and data
interchange between applications and systems. Approved international biometric
standards are urgently required as soon as possible in order to accelerate the
deployment of significantly better, standards-based security solutions for new
high priority homeland defense requirements, as well as the prevention of
identity theft and other government and commercial applications based on
biometric personal authentication.
The United States National Body to ISO/IEC JTC 1 recognizes that all
biometrics standards work can not and should not be placed into any one ISO TC,
SC, or WG. There are, however, key generic biometric standardization activities
that would benefit greatly from placement in a new ISO/IEC JTC 1 SC. Such an SC
would be charged to effectively coordinate with other JTC 1 SCs and other ISO
TCs and to support the use of fast track processes wherever feasible.
Status of Generic Biometric Standardization within the United
States
There are presently two generic biometric specifications that are
undergoing rapid development/final approval in the United States:
The BioAPI Consortium (www.bioapi.org) submitted their BioAPI
Specification, Version 1.1 to the InterNational Committee for Information
Technology Standards (INCITS) (http://www.ncits.org) for fast track
processing. INCITS 358, BioAPI Specification, Version 1.1, is now undergoing
final approval in the United States.
The NIST/BC Biometric WG (www.nist.gov/bcwg) is developing an augmented
version of the Common Biometric Exchange File Format (CBEFF) NISTIR 6529
(www.nist.gov/cbeff). This is expected to be downward compatible with the
present version of CBEFF. It is anticipated that the augmented version of the
CBEFF will be submitted for INCITS fast track processing after revision and
approval by the NIST/BC Biometric WG.
When these specifications are approved as ANSI INCITS standards, the
United States is planning on submitting these standards for fast track
processing as formal International Standards within ISO/IEC JTC 1 on Information
Technology. The United States recommendation for placement of these standards
would be in a new ISO/IEC JTC 1 Subcommittee for Biometrics Standardization.
Status of Biometric Standardization within ISO/IEC JTC 1 and Other ISO
TCsISO/IEC JTC 1/SC 17 - ISO/IEC JTC 1/SC 17 has standards projects
underway to incorporate biometric data onto media, such as: high coercivity
magnetic stripe cards, smart cards, machine-readable passports and visas, driver
licenses/identification cards. A prospective new SC 17 WG (WG 11) is just now
being started by SC 17 to undertake generic biometric standardization. A new JTC
1 SC for generic biometric standardization would obviate the need for this WG.
ISO TC 68 - The United States National Body to ISO TC 68 recently
submitted X9.84 to ISO TC 68 for fast track processing as ISO/DIS 21352,
Biometric information management and security. This fast track has now failed,
due largely to insistence by the chairman of ISO/IEC JTC 1/SC 17 that all such
biometrics standards work belongs in SC 17.
ISO/IEC JTC 1/SC 27 - The importance of biometrics standards to
the IT security standards work within ISO/IEC JTC 1/SC 27 can be expected to
grow.
Specific Proposal to Form a New ISO/IEC JTC 1 Subcommittee for
Biometrics StandardizationTitle: Biometrics
Scope: Development of generic biometric standards which include
common file formats and application program interfaces, as well as related
application/implementation profiles, to support interoperability and data
interchange between applications and systems.
Initial Liaisons: Active and effective liaison activities will be
needed to provide for interoperability between applications and systems. Initial
liaisons would include:
ISO/IEC JTC 1 SC 17
ISO/IEC JTC 1 SC 27
ISO/IEC JTC 1 SC 29/WG 1
ISO TC 68
Secretariat: The US offers to serve as the Secretariat.
Initial Program of Work:
Application Program Interfaces (APIs) (e.g., INCITS 358, BioAPI
Specification, Version 1.1)
File formats (e.g., augmented version of the CBEFF)