BioAPI Consortium
Home
About the Consortium
Specificaton
Standards Projects
Relation to CBEFF
Members
Support
Upcoming Events
Contact Us
Legal Notice

History of the API and Relationship To Other Standards

Introduction

The BioAPI Consortium first announced its formation and intent to develop a biometric API standard in April of 1998. By the end of the year, this group had developed a multi-level API architecture and begun defining the associated components.

In March of 1999, the Information Technology Laboratory of the National Institute of Standards and Technology (NIST) and the US Biometric Consortium sponsored a unification meeting in which the Human Authentication API (HA-API) working group (which had published a high level biometric API in 1997) agreed to merge their activities with the BioAPI Consortium. As part of this agreement, the BioAPI Consortium agreed to restructure their organization.

The reconstituted BioAPI Consortium completed its efforts to define the biometric API architecture and to solidify its organizational structure and operations by mid 1999. Version 1.0 of the Specification was released in March, 2000, and the Reference Implementation was released in September 2000. Version 1.1 of both the Specification and Reference Implementation was released in March, 2001. Work continues on the Conformance Test Suite.

Although BioAPI itself is an industry standard for a Biometric Application Programming Interface; there are other organizations that have created related standards which interact in order to provide full functionality.

Organizations

International Organization for Standardization (ISO)

ISO is a network of the national standards institutes of 146 countries, on the basis of one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system. Although ISO standards are voluntary, the fact that they are developed in response to market demand, and are based on consensus among the interested parties, ensures widespread applicability of the standards. Consensus, like technology, evolves and ISO takes account both of evolving technology and of evolving interests by requiring a review of its standards at least every five years to decide whether they should be maintained, updated or withdrawn. In this way, ISO standards retain their position as the state of the art, as agreed by an international cross-section of experts in the field.

JTC 1/SC 37

Established in June, 2002, ISO/IEC Joint Technical Committee 1 (JTC 1)/SC 37 is the international technical committee within ISO responsible for creating and maintaining standards in biometrics. SC 37 is comprised of 26 participating countries with numerous others observing. SC 37 works in conjunction with SC 17 which is the international technical committee for cards and personal identification and SC27 which is responsible for IT security for ISO.

American National Standards Institute (ANSI)

ANSI is a private, non-profit organization (501(c)3) that administers and coordinates the U.S. voluntary standardization and conformity assessment system. The Institute's mission is to enhance both the global competitiveness of U.S. business and the U.S. quality of life by promoting and facilitating voluntary consensus standards and conformity assessment systems, and safeguarding their integrity.

National Institute of Standards and Technology (NIST)

Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Commerce Department's Technology Administration. NIST's mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life.

InterNational Committee for Information Technology Standards (INCITS)

INCITS is the forum of choice for information technology developers, producers and users for the creation and maintenance of formal de jure IT standards. INCITS is accredited by, and operates under rules approved by, the American National Standards Institute (ANSI). These rules are designed to ensure that voluntary standards are developed by the consensus of directly and materially affected interests.

M1

M1 is the technical committee with in INCITS responsible for creating and maintaining standards in biometrics. M1 also serves as the U.S. Technical Advisory Group (U.S. TAG) for the international organization ISO/IEC JTC 1/SC 37 on Biometrics. As the U.S. TAG to SC 37, M1 is responsible for establishing U.S. positions and contributions to SC 37, as well as representing the U.S. at SC 37 meetings.

Note:

In February of 2002, BioAPI Version 1.1 was approved as an American National Standard through INCITS (ANSI/INCITS 358-2002). BioAPI Version 2.0 is currently progressing through ISO/IEC JTC1 SC37. The BioAPI Consortium is a formal Category C liaison to SC37.

Specific Standards

The purpose of any standard is to create a common ground in which interoperability and interchangeability exist between separate entities. This level playing field increases competition between vendors while also reducing risk to the consumer.

CBEFF

In order to accomplish the tasks of interoperability and interchangeability, BioAPI uses an instantiation of the Common Biometric Exchange Formats Framework (CBEFF). The current version is defined in NISTIR 6529A as the standard data structure/format for communicating biometric data. Before discussing the specifics of the BioAPI data format, the foundations of CBEFF should be understood.

features:

CBEFF file standard sections:

Each section contains a number of fields that contain detailed information about the CBEFF file. Some of these fields are required while some remain optional.

The Standard Biometric Header (SBH):

SBH is the first section of the file. The SBH has three required fields and 17 optional fields.

Required:

Optional:

* Used in BioAPI 1.1.

Biometric Data Block(BDB):

This block identifies the specific detailed format of the succeeding biometric data:

Biometric Identification Record (BIR)

The BioAPI variation of CBEFF is defined as a Biometric Identification Record (BIR). (In later versions, BIR is used more generically and stands for Biometric Information Record.) BIR refers to any biometric data that is returned to the application; including raw data, intermediate data, processed sample(s) ready for verification or identification, as well as enrollment data. Typically, the only data stored persistently by the application is the BIR generated for enrollment (i.e., the template). The 'purpose' field is used to i ndicate this. This distinction can be helpful in preventing replay attacks in case the template is compromised.

The BIR inherits the standard structure of CBEFF and inserts detailed information into the SBH which makes it possible to be interpreted by BioAPI devices. The structure of the BIR is shown below.

Specific fields which contain unique information based on the specific characteristic:

Format Owner:

This field denotes the Vendor, Standards Body, Working Group, or Industry Consortium that has defined the format of the Biometric Data (in the BDB). A CBEFF requirement is that Format Owners register with the International Biometric Industry Association (IBIA). For an assigned value of the Format Owner, the number is guaranteed to be unique. The Format Owner code for M1 is a sixteen-bit value 0x001B (hexadecimal 1B or 27 decimal).

Format Type:

This field value is assigned by the Format Owner and represents the specific BDB Format as specified by the Format Owner. This may be a non-standard, unpublished data format or a data format that has been standardized by an industry group, consortium, or standards body. The registration of the Format Type value is recommended but not required. For an updated listing of the M1 Format Type codes, please visit: http://www.incits.org/tc_home/m1htm/docs/m1050246.htm.

Data Interchange Formats

Within the BDB, data format standards for the interchange of data between system/components exist for several biometric types. These standards are developed and maintained by M1 and may be purchased by the public.

Finger Pattern-Based Interchange Format

Associated Standard: ANSI/INCITS 377-2004 (Purchase)
Format Identifier: FPR

Finger Minutiae Format for Data Interchange

Associated Standard: ANSI/INCITS 378-2004 (Purchase)
Format Identifier: FMR

Iris Image Format for Data Interchange

Associated Standard: ANSI/INCITS 379-2004 (Purchase)
Format Identifier: IIR

Finger Image Interchange Format

Associated Standard: ANSI/INCITS 381-2004 (Purchase)
Format Identifier: FIR

Face Recognition Format for Data Interchange

Associated Standard: ANSI/INCITS 385-2004 (Purchase)
Format Identifier: FAC

Signature/Sign Data Interchange Format

Associated Standard: ANSI/INCITS 395-2005 (In Progress)
Format Identifier: SDI

Hand Geometry Data Interchange Format

Associated Standard: ANSI/INCITS 396-2005 (Purchase)
Format Identifier: HND

Security

There are different approaches to implementing security within the BioAPI architecture. The original form of security is built into the CBEFF structure itself in the form of a Signature Block. It should be noted that the signature block itself only provides integrity of the data. The BDB can be optionally encrypted (as indicated in the 'security options' field) for privacy purposes; however, key management is outside the scope of the original 1.1 version of BioAPI.

Signature Block or MAC

This field can contain Algorithm Identifier information and or any parameters needed to perform the Signature and or the Message authentication code function (MAC). A MAC is a form of a hash function which is preformed on the SBH and BDB as a whole. The Signature block exists only if the CBEFF Integrity Options field (in the SBH) is 0x01 or 0x02.

In BioAPI 2.0, the signature block has the ability to more specifically address both privacy and integrity, thus the name of the block is changed to the “Security Block.”

ANSI X9.84 – Biometric Information Management and Security

ANSI X9.84 is developed by ANSI to provide guidance on the use of biometrics in transaction-based systems. It also defines a method for disparate systems to communicate biometric information in a common format.

X9.84 uses a CBEFF data structure called a 'Biometric Object' which contains all of the BioAPI BIR fields, along with a few others, but uses a different encoding scheme (see below). It is important to note that it is possible to translate between these 2 CBEFF data structures (i.e., a BioAPI BIR and an X9.84 Biometric Object).

ANSI X9.84-2001was the first release of X9.84 which defined a format to exchange biometric data in compliance with the Abstract Syntax Notation 1 (ASN.1).

ASN.1: encoding rules are sets of rules used to transform data specified in the ASN.1 language into a standard format that can be decoded on any system that has a decoder based on the same set of rules. ASN.1 and its encoding rules were once part of the same standard. They have since been separated, but it is still common for the terms ASN.1 and BER (Basic Encoding Rules) to be used to mean the same thing, though this is not the case. Different encoding rules can be applied to a given ASN.1 definition. The choice of encoding rules used is an option of the protocol designer.

The ASN.1 encoding rules currently standardized are: Basic Encoding Rules (BER), Distinguished Encoding Rules (DER), Canonical Encoding Rules (CER), Packed Encoding Rules (PER), XML Encoding Rules (XER) and Extended XML Encoding Rules (E-XER).

BER: was created in the early 1980s and is used in a wide range of applications, such as Simple Network Management Protocol (SNMP) for management of the Internet; Message Handling Services (MHS) for exchange of electronic mail and TSAPI for control of telephone/computer interactions.

DER: is a specialized form of BER that is used in security-conscious applications. These applications, such as electronic commerce, typically involve cryptography, and require that there be one and only one way to encode and decode a message.

CER: is another specialized form of BER that is similar to DER, but is meant for use with messages so huge that it is easiest to start encoding them before their entire value is fully available. CER is rarely used, as the industry has locked onto DER as the preferred means of encoding values for use in secure exchanges.

PER: is more recent than the above sets of encoding rules and is noted for its efficient algorithms that result in faster and more compact encodings than BER. PER is used in applications that are bandwidth or CPU starved, such as air traffic control and audiovisual telecommunications.

XER: (XML Encoding Rules) allow you to encode a message that has been defined via ASN.1 using XML. You can now add visibility to your ASN.1-described messages via XML.

E-XER: (Extended XML Encoding Rules) is an amendment to the ITU-T Rec. X.693 (23002) ASN.1 Encoding Rules: Specification of XML Encoding Rules (XER). Extended-XER encoding makes ASN.1 an XML schema notation as powerful as XSD, with the simplicity of ASN.1.

ANSI X9.84-2003 is the latest release of X9.84 which implements an XML format to closely operate with BioAPI’s CBEFF format. X9.84-2003 brought about the creation of XML common biometric format (XCBF) created by the Organization for the Advancement of Structured Information Standards (OASIS). XCBF focuses on converting between the BiometricObject data container with in X9.84 and BIR within CBEFF as well as the cryptographic methodologies in providing integrity and security of the biometric data being transmitted.

Contributed by Matthew Young, Purdue University in conjunction with SAFLINK Corporation, June 2005