|
|
|
Once a tool primarily used by law enforcement, biometric technologies increasingly are being used by government agencies and private industry to authenticate a person’s identity, secure the nation’s borders, and to restrict access to secure sites including buildings and computer networks. Biometric systems recognize a person based on physiological characteristics, such as fingerprints, hand and facial features, and iris patterns, or behavioral characteristics that are learned or acquired, such as how a person signs his name, types, or even walks. The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) has decades of experience improving human identification systems. A Long History with Fingerprints The successful use of the classic biometric, fingerprints, owes much to NIST research and development. For more than 30 years, NIST computer scientists have helped the Federal Bureau of Investigation (FBI) improve the automation process for matching “rolled” fingerprints taken by law enforcement agencies or “latent” prints found at crime scenes against the FBI’s master file of fingerprints. NIST test data have been used to develop automated systems that can correctly match fingerprints by the minutiae, or tiny details, that investigators previously had to read by hand. In cooperation with the American National Standards Institute (ANSI), NIST also developed a uniform way for fingerprint, facial, scar, mark, and tattoo data to be exchanged between different jurisdictions and between dissimilar systems made by different manufacturers. In conjunction with the FBI, NIST has developed several databases, including one consisting of 258 latent fingerprints and their matching “rolled” file prints. This database can be used by researchers and commercial developers to create and test new fingerprint identification algorithms, test commercial and research systems that conform to the NIST/ANSI standard, and assist in training latent fingerprint examiners. The increasing use of specialized “live” fingerprint scanners will help ensure that a high-quality fingerprint can be captured quickly and added to the FBI’s current files. Use of these scanners also should speed up the matching of fingerprints against the FBI database of more than 40 million prints. Improved Biometrics Critical to Security Under the USA Patriot Act and the Enhanced Border Security and Visa Entry Reform Act, NIST is evaluating the ability of biometrics to enhance border security. These acts called for developing and certifying a technology standard for verifying the identity of individuals and determining the accuracy of biometric technologies, including fingerprints, facial recognition, and iris recognition. NIST recently tested both face and fingerprint recognition technologies using large realistic samples of biometric images obtained from several federal, state, and county agencies. Testing showed that fingerprints provide higher accuracy than facial recognition systems. This program is producing standard measurements of accuracy for biometric systems, standard scoring software, and accuracy measurements for specific biometrics required for the system scenarios mandated under the Border Security Act. This work will have wide impact beyond the mandated systems. Standard test methods are likely to be accepted as international standards, and discussions are under way concerning the use of these same standards for airport security. In November 2002, NIST submitted its report on this work to the State and Justice departments for transmittal to the U.S. Congress in February 2003. The report recommended a dual approach that employs both fingerprint and facial recognition technology for a biometrics system to make the nation’s borders more secure. Additional NIST studies evaluated the effectiveness and reliability of computerized facial recognition and fingerprint matching systems. The Department of Homeland Security announced in July 2005 that to ensure the highest levels of accuracy in identifying people entering and exiting the United States, the US-VISIT (United States Visitor and Immigrant Status Indicator Technology) program will require a one-time 10-fingerscan capture for all first-time visitors. Subsequent entries will require two-print verification. In addition to fingerprint systems, computer scientists at NIST have extensive experience working with systems that match facial images. While facial recognition systems employ different algorithms than fingerprint systems, many of the underlying methods for testing the accuracy of these systems are the same. NIST researchers have designed tests to measure the accuracy and reliabil-ity of software programs in matching facial patterns, using both still and video images. Iris recognition is another potentially valuable biometric, but before its use is widespread, more testing is needed to determine its accuracy in operation. NIST recently began the first large-scale evaluation to measure the accuracy of the underlying technology that makes iris recognition possible. NIST Plays Key Role in Biometric Standards Open consensus standards, and associated testing, are critical to providing higher levels of security through biometric identification systems. For decades, NIST has been involved with the law enforcement community in biometric testing and standardization. In the past seven years, NIST has intensified its work in biometric standardization. For example, following the terrorist attacks on Sept. 11, 2001, NIST championed the establishment of formal national and international biometric standards development bodies to support deployment of standards-based solutions and to accelerate the development of voluntary consensus standards. These standards bodies are the Technical Committee M1 on Biometrics, established in November 2001 by the executive board of the International Committee for Information Technology Standards (INCITS), and the International Organization for Standardization (ISO)/ International Electrotechnical Commission (IEC) Joint Technical Committee 1 Subcommittee on biometrics, known as JTC 1 SC 37-Biometrics, created in June 2002. NIST chairs both the INCITS committee and the JTC 1 SC 37-Biometrics and contributes to the work of these standard development bodies with technical exper-tise. INCITS has approved seven standards for the exchange of biometric data, two biometric application profiles, two biometric interface standards, and the Common Biometric Exchange Formats Framework (see below). In 2005, ISO approved four biometric data interchange standards developed by the JTC 1 SC 37-Biometrics. These standards are being adopted both in the United States and abroad. Also, NIST has been charged with developing a Personal Identity Verification standard for secure and reliable forms of identification issued by the federal government to its employees and contractors.
The Biometric Consortium serves as a focal point for the federal government’s research, development, testing, evaluation, and application of biometric-based personal identification and verifi-cation technology. The consortium now has more than 900 members, including 60 government agencies. NIST and the National Security Agency co-chair the consortium. NIST has collaborated with the consortium, the biometric industry, and other biometric organizations to create a Common Biometric Exchange Formats Framework (CBEFF). The format already is part of government requirements for data interchange and is being adopted by the biometric industry. The specification defines biometric data structures that allow for exchange of many types of biometric data files, including data on fingerprints, faces, palm prints, retinas, and iris and voice patterns. NIST co-chaired the CBEFF Technical Development Team. For more information,
see NIST’s biometric resource center at www.itl.nist.gov/div893/biometrics/.
|