As interest in biometrics grows, industry standards and related activities are emerging from the National Institute of Standards and Technology's (NIST) Information Technology Laboratory (ITL).
The ITL helps end-users and the industry speed the adoption of much-needed standards-based solutions in response to critical infrastructure protection and Homeland defense/security requirements. The creation and deployment of standards, the ITL says, will support the expansion of the biometrics marketplace.
Interest in biometrics standards spiked after the events of Sept. 11, as application developers and government implementers realized that interoperability across devices and operating platforms is available — and necessary. The creation of biometrics standards enables technology that supports multiple biometric devices and biometric data, allowing a common biometric data interchange among technologies developed by different vendors.
In order to coordinate the exchange efforts among application programmers and biometric solution vendors, a common framework must be included — an Application Programming Interface, or API. BioAPI is compatible with a range of biometric applications programs and a spectrum of biometrics technologies, and was created by the BioAPI Consortium, a group of more than 90 organizations whose membership is comprised of government organizations, biometric vendors, systems integrators and application developers with a common interest in promoting the growth of the biometrics market.
“The acceptance of the BioAPI as an American National Standards Institute (ANSI) standard indicates the maturity of the biometrics industry,” says Colin Soutar, a work group chairman in the BioAPI consortium and chief technology officer of Bioscrypt Inc., Mississauga, Ontario, Canada. The standard, Soutar says, was developed over a three-year period by the BioAPI Consortium.
The BioAPI framework is a specification required to communicate between biometric devices. In order for an application or product to be compatible with the BioAPI framework, a common file format must be used.
Currently, an exchange format is in place to accept common biometric files and promote interoperability of biometric-based application systems. According to the ITL, a Common Biometric Exchange File Format (CBEFF), allows a system or application to identify different biometric structures (public or proprietary data) while supporting multiple biometric types within a system or application. The CBEFF was developed under the Biometrics Interoperability, Performance, and Assurance Working Group of the U.S. Biometric Consortium, which serves as the government's focal point for research, development, test, evaluation, and application of biometric-based personal identification/verification technology.
“The CBEFF specification describes how software applications can be written so that other applications can read them,” Soutar says. To become CBEFF-compliant, files must pass through the hands of the International Biometrics Industry Association (IBIA), which according to Soutar acts as a “custodian” for file formats. “As a result of becoming CBEFF-compliant,” he says, “the file also becomes BioAPI-compliant — and BioAPI chooses the CBEFF as it's ‘file of choice’ for that reason,” thus creating a standard for communication of biometric applications.
There is an overlap of membership between both the BioAPI Consortium and the Biometrics Consortium by approximately 80 percent says Soutar. “BioAPI has a very close relationship with the Biometric Consortium, and both groups have co-shared the development of exercises,” Soutar says. “For example, the Biometric Consortium participated in the development of the BioAPI, and the BioAPI Consortium is actively involved in the CBEFF that is developed by the Biometrics Consortium.”
Still, some say a biometrics standard is easier said than done.
“Biometric standardization, by necessity, is a touchy subject, and really, an impossibility,” says Bob Turbeville, president and COO of Biometric Solutions Group, Charleston, S.C. “Before you can create a meaningful standard,” he says “you have to have a commonality at the data level and not the device level, which BioAPI is focused around.” Turbeville explains that standardization should revolve around how to store data most effectively, not necessarily how to read it most effectively.
For this reason, recent standard activities have included trying to define storage limitations and how they relate to the CBEFF.
“CBEFF describes the file format and how it stores the information,” says Soutar. “It defines the inside details of how the information is stored which will allow much more interoperability” — something Turbeville says is the government's biggest obstacle, as it strives to remain vendor-agnostic.
So, can a common standard be achieved at the data level? “In some cases, a data level interchange is required,” says Soutar. “This can be accomplished either through the definition of a published standard, or through proprietary partnerships — commercial factors will determine the extent and form of data exchange that will be dominant.”
In the end, standards offer a myriad of benefits, contends the Biometric Consortium. “They reduce differences between products and promote an aura of stability, maturity and quality to both consumers and potential investors.” And Soutar agrees: “Standardizing biometrics is helping to promote the industry in general and allows more choices and more freedom to system integrators and end-users.”
