Biometric Security – Roles & Resources Part 2 – BIAS Cathy Tilton – Chair, BIAS Integration TC VP, Standards & Emerging Tech, Daon
www.oasis-open.org Biometric Identity Assurance Services (BIAS) Biometric Applications Biometric Resources ? ANSI/NIST-ITL 1-2000/7 ? BioAPI/BIP ? Other ? � In reviewing the current biometric-related standards portfolio and service oriented architecture (SOA) references, it became apparent that a gap existed in the availability of standards related to biometric services.
www.oasis-open.org Why now ? � Biometric systems and customers are becoming more sophisticated � Increased interest in and utility of biometrics � Government & commercial, but mostly driven by the former at present � Large, complex systems � Enterprise architectures built on the SOA model & standards � Emphasis on data sharing & reuse of resources/services � The need for vendor independence, multiple sources � Departure from custom solutions � Embracing of open systems, standards � New requirements for interoperability and flexibility
www.oasis-open.org BIAS – Driving Requirements Provide ability to remotely invoke biometric operations across an � SOA infrastructure, decoupling the service from the interface (and requester) that calls it. Provide business level operations, without constraining the � application/business logic that implements those operations. Provide basic capabilities that can be used to construct higher � level, aggregate/composite operations. Be as generic as possible – technology, framework, and � application domain independent.
www.oasis-open.org Context Example Applications � � Border management Application � Credentialing � Customer/subscriber identification Example Resources � Service Provider � A fingerprint verification matching server � A 1:N iris search/match engine � A facial biometric watch list Authen. Server � A criminal or civil automated Matcher ID database fingerprint identification system (AFIS) � A name-based biographic identity database � An archive of biometric identifiers � A population of subjects
www.oasis-open.org Person-Centric and Encounter-Centric Systems
www.oasis-open.org INCITS & OASIS Collaboration Development of the BIAS standard requires expertise in two distinct � technology domains to ensure that the final specification provides the right structure, functionality, and technical details: Biometrics, with standards leadership provided by INCITS M1 � Service Architectures (initially focused on Web services), with standards � leadership provided by OASIS Close collaboration between both standards organizations is required: � INCITS M1 OASIS � Define “taxonomy”: � Define Web services bindings: � Schema � Identity assurance operations � Protocol � Data elements Existing standards are available in both domains and many of � these standards will provide the foundation and underlying capabilities upon which the biometric services depend.
www.oasis-open.org Goals BIAS will provide an open framework for deploying and invoking � biometric-based identity assurance capabilities that can be readily accessed using services-based frameworks. BIAS will provide a generic set of biometric (and related) � functions and associated data definitions to allow remote access to biometric services. BIAS will specify a set of patterns and bindings for the � implementation of BIAS operations using Web services within service-oriented architectures.
www.oasis-open.org Scope 2 Primary Needs Generic Integrated Biometric Authentication Services Services BIAS Future
www.oasis-open.org BIAS System Context (INCITS M1) BIAS services are modular and � independent operations which can be assembled in many different ways to support a variety of business processes. BIAS services may be � implemented with differing technologies on multiple platforms. BIAS services can be publicly � exposed directly and/or utilized indirectly in support of a service- provider’s own public services.
www.oasis-open.org BIAS System Context (OASIS) Defines an XML messaging � protocol to implement the “abstract” services specified in INCITS M1. SOAP over HTTP � � WSDL defined Synch & Asynch operations �
www.oasis-open.org Representing biometric data To meet BIAS goals, any type of biometric information needs to � be able to be represented and used in the services. BIAS utilizes the existing CBEFF* standard (ISO/IEC 19785- � 1:2006) to represent biometric data. � BIAS does not require any particular CBEFF patron format. � BIAS implementations may support one or multiple CBEFF patron formats. BIAS specification includes an XML representation of CBEFF � header information. Biometric Information Record (BIR) payload may contain � standardized or proprietary data formats � e.g., standard formats per INCITS 378, 379, 381, 385 … or ISO 19794-x. * Common Biometric Exchange Formats Framework
www.oasis-open.org Representing biographic data BIAS provides flexibility for the amount and types of biographic � data supported by implementing systems. BIAS provides two methods for representing biographic � information: � A set of individual data items (name/type/value combinations) � An existing format, such as: name version source type Biographic Data Format EFTS Type-2 EFTS 7.1 http://www.fbi.gov/ ASCII EBTS Type-2 EBTS 1.2 http://www.biometrics.dod.mil/ ASCII NIEM NIEM 1.0 http://www.niem.gov/ XML 2.0 CIQ xNAL xNAL 2.0 http://www.oasis-open.org/ XML 3.0 HR-XML HR-XML 2.5 http://www.hr-xml.org/ XML
www.oasis-open.org BIAS Services Subject Searching/processing � � Create/delete subject Verify subject � � Add/remove subject from Identify subject � � gallery Check quality � Biographics Classify biometric data � � Set/list biographic data Perform fusion � � Update/delete biographic data Transform biometric data � � Retrieve biographic data Aggregate services � � Biometrics Enroll � � Set/list biometric data Identify � � Update/delete biometric data Verify � � Retrieve biometric data Retrieve information � � Discovery � Query Capabilities �
www.oasis-open.org Services for managing enrollments Create Subject � � creates a new subject record and associates a subject ID to that record Delete Subject � � deletes an existing subject record and, in an encounter-centric model, any associated encounter information from the system Add Subject to Gallery � � registers a subject to a given gallery or population group Delete Subject from Gallery � � removes the registration of a subject from a gallery or population group
www.oasis-open.org Services for managing information about an enrolled individual: Set Biographic Data Set Biometric Data � � associates biographic data with associates biometric data with a � � a given subject record; may given subject record; may either either replace existing data or replace existing data or create a create a new encounter new encounter Update/Delete Biographic Data Update/Delete Biometric Data � � updates/removes biographic updates/removes biometric data � � data from a given subject or from a given subject or encounter encounter List Biographic Data List Biometric Data � � lists the biographic data lists the biometric data elements � � elements stored for a subject or stored for a subject or encounter encounter Retrieve Biographic Data Retrieve Biometric Data � � retrieves the biographic data retrieves the biometric data � � associated with a subject or associated with a subject or encounter encounter
www.oasis-open.org Services for biometric searching and processing Verify Subject Classify Biometric Data � � performs a 1:1 verification classifies a given (input) � � match between a given biometric biometric and either a claim to Perform Fusion � identity in a given gallery or accepts either match score or another given biometric � match decision information and Identify Subject � creates a fused match result performs an identification � Transform Biometric Data � search against a given gallery transforms or processes a given � for a given biometric, returning biometric in one format into a a rank-ordered candidate list of new target format (e.g., feature a given maximum size extraction, center/crop, convert Check Quality � data format) returns a quality score for a � given (input) biometric
www.oasis-open.org Aggregate/composite services Enroll Verify � � adds a new subject or a new performs a 1:1 verification � � encounter to the system function according to system requirements and/or resources may include and be contingent � upon a negative identification may utilize other BIAS services � may utilize other BIAS services Retrieve Information � � Identify retrieves requested information � � about a subject performs an identification � function according to system may include biographic + � requirements and/or resources biometric data, and/or multiple (e.g., search multiple galleries) encounters may utilize other BIAS services may utilize other BIAS services � �
Recommend
More recommend
