Applying Technical Standards to Biometric Systems

Applying Technical Standards to Biometric Systems

Milorad Milinković (Faculty of Organizational Sciences, University of Belgrade, Belgrade, Serbia), Miroslav Minović (Faculty of Organizational Sciences, University of Belgrade, Belgrade, Serbia) and Miloš Milovanović (Faculty of Organizational Sciences, University of Belgrade, Belgrade, Serbia)
Copyright: © 2016 |Pages: 10
DOI: 10.4018/IJDSST.2016040104
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Nowadays, the development and the application of biometric systems on one hand, and the large number of hardware and software manufacturers on the other, caused two the most common problems of biometric systems: a problem of interoperability between system's components as well as between different biometric systems and a problem of biometric data security and privacy protection, both in storage and exchange. Specifications and standards, such as BioAPI and CBEFF, registered and published as multiple standards by ISO (International Organization for Standardization), propose the establishment of single platform (BioAPI) to facilitate the functioning of the biometric systems regardless of hardware or software manufacturers, and unique format for data exchange (CBEFF) to secure biometric data. In this paper, these standards are analyzed in detail and considered as possible solutions to aforementioned problems.
Article Preview

Introduction

At the beginning, the term of interoperability should be defined. Li and Jain (2009, p. 27) state that “interoperability in the field of ICT includes the use of the same format or protocol without disrupting the performances of the system”. According to Wayman, Jain and Maltoni (2005) this is related to the functioning and communication between parts of the same system, as well as cooperation and communication between various systems.

Since Biometrics is increasingly presented on the market (for example, according to Ryan (2009) enterprise-wide network security infrastructures, employee IDs, secure electronic banking, investing and other financial transactions, retail sales, law enforcement, and health and social services are already benefiting from biometric technologies), and as Li and Jain (2009, p. 18) point out that “Biometrics uses physical or behavioral characteristics of an individual to uniquely identify the user during authentication”, the security of information as well as communication between the parts of a biometric system must be at the highest level. Deravi (2008, p. 34) discusses that “due to the fact that the development of biometric technologies and devices, as well as software applications, gained the momentum, there was the problem of large number of manufacturers and the problem of communication between software and devices from different manufacturers (so-called “vendor lock-in”)”. Considering those facts, lack of unique platform as well as a unique format for information exchange between components of one biometric system, or between different biometric systems has become the big problem.

Barrera, Alcántara, Alegría, Ávila and Esparza (2009) discuss that compliance with international standards allows bridging the gaps between the different data sources and allows transparent access to the information of the dissimilar sources to enable their joint exploitation (in our case sources are: databases, system’s components, systems). So, as it stands in The BioAPI Consortium report (“BioAPI Specification Version 1.1”, 2001), in 1998 BioAPI Consortium has been formed with the main aim to create BioAPI specification and define a unique platform for communication between applications and biometric technologies regardless of the manufacturer. Subsequently, BioAPI with the status of an international standard should accelerate the acceptance of biometric technologies and a large number of commercial applications at the international level.

On the other hand, as Deravi (2008) points out, since there was no single format that would facilitate the exchange of biometric information, cooperation between NIST Institute and BioAPI Consortium has formed CBEFF (Common Biometric Exchange Formats Framework) as an idea to establish a unique format for the exchange of biometric information between different systems with an emphasis on data security. Primarily, the format for the exchange of fingerprints was established, followed by NISTIR 6529 specification, which applies to all biometric modalities, today now known as CBEFF. The current version NISTIR 6529-A is an extended version of CBEFF which, unlike previous versions, may contain information of various biometric modalities at the same time or more information of a single modality. According to Matyas and Stapleton (2009), this standard establishes appropriate security requirements that will allow different biometric solutions to co-exist in the marketplace. Also, this standard views biometric systems within a global user community and it assures that the security of any one biometric system will be unaffected by the security of any other biometric system.

Lockie (2002) highlights that BioAPI and CBEFF were originally designed to help integrate biometrics in client-server scenarios, in particular, to introduce biometric identification in the internet applications. The significance of BioAPI and following CBEFF is that more than 90 worldwide companies and organizations took a place in their designing. According to Sanchez-Reillo, Alonso-Moreno, Fernandez-Saavedra, and Kwon Y-B (2012) standardized biometric technology is able to provide for developers in biometrics and third parties with a way to perform comprehensive evaluations remotely and with 24/7 availability without compromising the privacy of the individuals included in the test crew.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing