To understand Biometric Standards, you should understand the basics of standards, including their advantages and disadvantages, and who develops them. Section 1 provides this foundation, while Section 2 offers an overview of biometric standards in particular. If you are already familiar with technology standardization and its benefits, feel free to jump to section 2.
Standardization is critical to creating consistent user experience across various products and industries. For instance, Target stores ensure customer loyalty with standardized store layouts, Starbucks's coffee tastes the same throughout the world, and socket manufacturers benefit from standardized electric sockets. This emphasis on consistency through standardization is crucial for instilling confidence and achieving interoperability, scalability, and security, even in biometrics.
Need for Standards
When an industry lacks standardization, it's seen as immature. Companies are hesitant to rely on unstable or developmental solutions from third parties, which can stunt technological growth. This creates difficulties for both international and local companies looking to create products that can work seamlessly across borders. National and international standards are thus needed to provide guidelines for designing, manufacturing, and testing products and services that provide people with a frictionless experience.
Pros and Cons of Standardization
Businesses face a tradeoff with their products, processes, and services regarding standardization versus customization. Each approach has its own set of advantages and disadvantages.
Standardization offers numerous benefits to companies, including lower costs by using the same production methods and bulk ordering of raw materials to reduce waste. Standardized and well-known brands also create customer loyalty, as consumers prefer to shop with familiar names. Additionally, manufacturing and building stores for the same product lines is easier and faster than designing new ones every time. Finally, large companies can improve their performance and throughput with newer technologies and vendors while maintaining flexibility with data interoperability across systems.
However, companies must also differentiate themselves from their competition by offering unique products and services. By doing so, consumers have more choices between products, which can lead to more satisfied customers and increased market share. Failure to do so can result in startups catering to niche consumers, eventually eating into the market share of larger companies.
In conclusion, standards allow companies to simplify operations, achieve significant scale, reduce vendor lock-ins, and attain business goals.
The landscape of Standards Internationally
The hierarchy of standards has four levels, which are categorized as follows:
International Standards: These standards are recognized and utilized by countries worldwide. The organizations responsible for international standardization include ISO (International Organization for Standardization) and IEC. (International Electrotechnical Commission), and ITU (International Telecommunication Union).
Regional Standards: These standards are specific to a particular region, such as the EN standards used by EU member states.
National Standards: The national standards are customized according to the requirements of a specific government or industry. Examples of national standards are ANSI (American National Standards Institute) for NA and other selected regions, BSI (British Standards Institution) for the UK, DIN (Deutsches Institut fur Normung) for Germany, and JIS. (Japanese Industrial Standards) for Japan. The primary difference between international and national standards is their scope.
Group Standards: These standards are used and established at the level of ministries, industries, companies, and factories in a country. Standards defined within a particular industry are called "group standards," while those within a company are called "internal standards."
The group standards are generally aligned with the national standards that are further closely linked to regional and international standards, either contributing to creating the international standard or repeating an already established one.
Differences between ISO, IEC, and ITU
The ISO and IEC are international non-governmental organizations responsible for standardization in various fields.
The ISO covers many topics, including healthcare, environment, and technology in electrical engineering, electronics, agriculture, etc. ISO standard numbers begin with "ISO" followed by a number and the year of publication.
Meanwhile, the IEC focuses on standardization in the electrical and electronic fields only, with standards covering safety, interference, and energy efficiency. IEC standard numbers start with "IEC," followed by numbers using the same rules as the ISO. Products that follow IEC standards include consumer electronics, batteries, semiconductors, solar energy products, and fiber optics.
Lastly, the International Telecommunication Union (ITU) issues international standards for information and communications.
History of biometric standards
After the tragic events of September 11, 2001, various US government agencies such as DoD, FBI, DHS, border control, and others realized the importance of communication and data exchange between their systems. Consequently, national and international standard organizations began to prioritize biometric standardization activities previously limited to the forensics community. To facilitate the exchange of biometric data between devices and solutions developed by different application vendors, the American National Standards Institute (ANSI), which is a nonprofit organization that oversees the development of voluntary consensus standards for products, services, processes, systems, and personnel in the United States, proposed the creation of biometric standards to the joint technical committee 1 (JTC 1) of ISO and IEC. In 2002, the proposal was approved to establish a subcommittee on biometrics, known as ISO/IEC JTC 1/SC 37. There are around 40+ other subcommittees (SCs) across other Information Technology areas in JTC 1.
SC 37 - Biometrics
The main goal of the SC37 subcommittee was to provide an international platform that would enhance and expedite formal international biometric standardization, leading to better interoperability, reliability, usability, and security for future standards-based systems and applications.
ISO/IEC JTC 1/SC 37 comprises six Working Groups (WGs), each responsible for specific standards development tasks within the biometric industry.
Here are some common acronyms used above: TC (Technical Committee), JTC (Joint Technical Committee), AG (Advisory Group), SC (Subcommittee), and WG (Working Group).
Current areas of biometrics standardization
The SC37 organization has released a multitude of biometric standards across various domains. These include
technical interfaces such as BioAPI
data interchange formats for almost all modalities
performance and application profiles for biometrics
presentation attack detection testing standards
biometric sample quality quantification standards
biometric data interchange standards (for DNA typing information)
Generic technical best practices, guidance, and implementation requirements.
Over the last ten years, dozens of global standards have been created and accepted. These include but are not limited to:
This standard specifies the API and SPI for standard interfaces in a biometric system that allows the use of components from different vendors. It ensures interoperability between these features by complying with this and other international standards.
Common Biometric Exchange Formats Framework (CBEFF)
CBEFF helps different biometric-based applications and systems work together by defining standard formats for biometric information records (BIRs). A BIR stores biometric and descriptive data in a database or transfers it between systems.
This standard defines how to represent fingerprints using minutiae and outlines basic data elements for automated fingerprint recognition.
Finger image data
This standard specifies a format for recording, storing, and transmitting finger or palm images in ISO/IEC 19785-1 structure. It allows for sharing and comparing finger image data.
Face image data
This standard specifies a format for storing, recording, and sharing information from one or multiple facial images, as well as short video streams of facial images.
Iris image data
This standard specifies a format for exchanging iris image data between biometric systems. The image data can be saved as intensity values, compressed or not, or cropped with a region-of-interest mask to exclude non-iris areas.
Signature series data
This standard specifies data exchange formats for multi-dimensional time series data of signatures or sign behavior captured with digitizing tablets or advanced pen systems. The formats are adaptable for various fields involving handwritten signatures.
Finger pattern skeletal data
This standard defines the aspects of a fingerprint that can be included in a small data record, accommodating transformations like translation and rotation. It supports low-cost (limited coverage) commercial fingerprint sensors and allows for easy storage and retrieval of biometric information.
Vascular image data
This standard specifies a format for exchanging data that can be used for storing, recording, and transmitting vascular (blood vessels) biometric information from various areas of the human body.
This standard specifies a format for sharing hand silhouette data between systems for verifying or identifying individuals. It includes guidelines for content, format, and units of measurement.
This standard specifies a format for exchanging data that can be used for storing, recording, and transmitting digitally processed human speech.
Testing and reporting fundamentals
This standard evaluates biometric system performance using error and throughput rates. It serves to measure, predict, compare, and verify compliance with performance requirements.
The biometrics industry must foster collaboration between the public and private sectors. The public/government segment of biometrics is well-established and has adopted standards due to the urgent needs of law enforcement agencies. According to John Splain, a subject matter expert in the biometric standards space, these agencies enforce biometric standards' requirements in government RFPs, and third-party technology providers must comply with these standards to win long-term government contracts.
On the other hand, the private (commercial) biometrics segment needs to be developed, with most biometric applications being proprietary and siloed, as there are no financial incentives for technology providers to make their systems interoperable and compliant with biometric standards. As a result, vendors believe their unique designs can provide more differentiated value to their customers. However, companies are hesitant to lock themselves up with one vendor and are wary of immature or developmental technology.
Therefore, standardization is a sign of technology maturity. Here's a podcast featuring John Splain discussing biometric standards. Check out the link attached.
In the next blog, I will explore specific biometric standards like BioAPI, PAD, and others in-depth. If you enjoyed this blog and want to learn more about biometrics topics, please sign up and click the like button.