in050380

Annual Report for: INCITS M1

Covering the Period from September 2004 to May 2005

Title of INCITS Subgroup: Biometrics

Links

Link to Website of INCITS M1 (includes all documents, minutes, and organizational member information)
See Executive Summary
Link to INCITS M1 area on the INCITS Projects Database
See Significant Accomplishments
See Significant Challenges
See Expected Challenges
See Committee Activities
See previous year's meetings
See next year's planned meetings
See Liaison Activities
INCITS M1 Membership and Officers
See Future Trends and Related Technical Activities
See Other Administrative Information

Informal Description of Work:

The purpose of INCITS M1 is to ensure a high priority, focused, and comprehensive approach in the United States for the rapid development and approval of formal national and international generic biometric standards. These standards are considered to be critical for U.S. needs, such as homeland defense, the prevention of identity theft and for other government and commercial applications based on biometric personal authentication. The current program of work includes: biometric data interchange formats, exchange format frameworks, Application Programming Interfaces, application profiles, conformance testing methodology standards for the biometric data interchange formats, a conformance testing methodology for the BioAPI standard, and performance testing and reporting standards. INCITS M1 is the U.S. Technical Advisory Group (TAG) to ISO/IEC Joint Technical Commitee 1 (JTC 1) Subcommittee SC 37 - Biometrics which is developing a similar portfolio of biometric standards.

Executive Summary:

Since its establishment in November 2001, INCITS M1 has maintained an accelerated pace of biometric standards development. Biometric standardization is of very high priority for the US. Biometric standards development is essential to support more secure personal authentication solutions for our critical infrastructure.  In particular, the deployment of standards based biometric technologies is anticipated to achieve significantly higher levels of security for critical infrastructure than have been possible to date with other technologies.  Additionally, standards based biometric technologies will offer the possibility of supporting the prevention of identity theft. Since its inception M1 has focused on an ambitious program of work in both national and international standards development.  M1 is successfully accomplishing its work through an aggressive development schedule for its national projects and it is a major contributor to the biometric standards portoflio under development in JTC 1 SC 37. M1 has completed eight documents that became INCITS standards and has maintenance responsibility for two more INCITS standards. Of the eight approved INCITS standards developed by M1, six (five biometric data interchange formats and one biometric application profile) were approved during the previous reporting period and two (one additional biometric data interchange format and one biometric application profile) were approved during this reporting period as shown below:

A brief description of the INCITS M1 Task Groups and their current program of work ("D" projects) follows:

M1.2, the Task Group on Biometric Technical Interfaces, chaired by Fred Herr, ID Technology Partners, covers the standardization of all necessary interfaces and interactions between biometric components and sub-systems, including the possible use of security mechanisms to protect stored data and data transferred between systems. M1.2 will also consider the need for a reference model for the architecture and operation of biometric systems in order to identify the standards that are needed to support multi-vendor systems and their applications. M1.2 serves as the US TAG to the JTC 1 SC 37 Working Group 2 on Biometric Technical Interfaces. M1.2 has twenty-three members. Eighteen are Voting Members and five are Advisory Members. The following "D" projects are under development in M1.2:

    1703-D, Information technology - Conformance Testing Methodology for ANSI INCITS 358-2002, BioAPI Specification.

M1.2 has maintanence responsibility for the following "M" projects:

    1538-M - INCITS 358-2002 American National Standard for Information technology - The BioAPI Specification

    16223-M - INCITS 398-2005 American National Standard for Information technology - Common Biometric Exchange Formats Framework (CBEFF)

M1.3, the Task Group on Biometric Data Interchange Formats, chaired by Dr. Creed Jones, Sagem Morpho Inc, focuses on the standardization of the content, meaning and representation of biometric data interchange formats. It is also addressing the development of conformance testing methodologies for most of the biometric data interchange standards. INCITS M1.3 serves as the US TAG to the JTC 1 SC 37 Working Group 3 Biometric Data Interchange Formats. M1.3 has thirty-one  members. M1.3 had two Ad-Hoc Groups during this period. The Ad-Hoc Group on Biometric Sample Quality chaired by Mr. David Benini, Aware, Inc. is addressing means of quality and ways of expressing and interpreting the quality of a biometric sample. This group has been re-authorized every two meetings of M1.3 and it is expected to conclude the work by presenting a final report at the June 2005 meeting of M1.3. There are twenty-eight Voting Members and three are Advisory Members. The following "D" projects are under development in M1.3:

Part 1 - Generalized Conformance Testing Methodology
Part  3 - Conformance Testing Methodology for INCITS 377, Finger Pattern Based Data Interchange Format
Part 4 - Conformance Testing Methodology for INCITS 381, Finger Image Data Interchange Format
Part 5 - Conformance Testing Methodology for INCITS 385, Face Recognition Format for Data Interchange
Part 6 -Conformance Testing Methodology for INCITS 379, Iris Image Interchange Format

Project 1704-D: Conformance Testing, Finger Minutiae is proposed as Part 2 of the multi-part standard.
The project proposal is for consideration at the June 2005 meeting.

M1.3 has maintenance responsibility for the following "M" projects:

1577-M - INCITS 381-2004 American National Standard for Information technology - Finger Image Based Interchange Format (approval date: May 13, 2004)

1643-M - INCITS 396-2005 American National Standard for Information technology - Hand Geometry Interchange Format (approval date: May 12, 2005)

M1.4, the Task Group on Biometric Profiles, chaired by Mr. Fernando Podio, NIST, covers the standardization of Application Profile projects. M1.4 serves as the US TAG to the JTC 1 SC 37 Working Group 4 Biometric Functional Architecture and Related Profiles. M1.4 has twenty-five members. Twenty-three are Voting Members and two are Advisory Members. As a response to proposals made at the NIST's Workshop on Biometrics and E-Authentication Over Open Networks held March 30-31, 2005, a new INCITS M1.4 Ad-Hoc Group was formed to address the workshop recommendations and to develop a report to INCITS M1describing suitability of biometric architectures, requirements and recommendations for the use of biometrics at each of four authentication levels defined in Office of Management and Budget’s Memorandum OMB M-04-04, E-Authentication Guidance for Federal Agencies (assuming biometrics would be allowed for each of these authentication levels). The Terms of reference for the M1.4 Ad-Hoc Group on Biometrics and E-Authentication are in document M1/05-0274 at the M1 document register: http://www.incits.org/tc_home/m1htm/docs/m1docreg.htm

During this reporting period M1.4 has been developing the following "D" projects:

1566-M INCITS 383 American National Standard for Information technology - Application Profile - Interoperability and Data Interchange - Biometric Based Verification and Identification of  Transportation Workers - Amendment 1

1575-D Information technology - Application Profile for Point-of-Sale Biometric Verification/Identification

1676-D Information technology - Application Profile - Interoperability and Data Interchange - DoD Implementations

1706-D Information technology - Application Profile for Commercial Biometric Physical Access Control

M1.4 has maintenance responsibility for the following "M" projects:

1566-M INCITS 383 American National Standard for Information technology - Application Profile - Interoperability and Data Interchange - Biometric Based Verification and Identification of  Transportation Workers - Amendment 1

1567-D INCITS 394 American National Standard for Information technology  - Application Profile for Interoperability, Data Interchange and Data Integrity of Biometric Based Personal Identification  for Border Management

M1.5 is the Task Group on Biometric Performance Testing and Reporting, chaired by Mr. John Neumann, US Dept. of Homeland Security (DHS/TSA). It handles the standardization of biometric performance metric definitions and calculations, approaches to test performance and requirements for reporting the results of these tests. M1.5 serves as the US TAG to the JTC 1 SC 37 Working Group 5 Biometric Testing and Reporting. M1.5 has twenty-five members. Twenty one are Voting Members and four are Advisory members. M1.5 is responsible for the development of a Multi-Part Standard on Biometric Performance Testing and Reporting ("D" project):

1602-D Information technology - Multi-Part Standard on Biometric Performance Testing and Reporting:

Part 1: Principles and Framework
Part 2: Biometric Testing Methodologies
Part 3: Scenarion Testing Methodologies
Part 4: Operational Testing Methodologies
Part 5:  Framework for Biometric Device Performance Evaluation for Access Control

M1.6, the Task Group on Cross Jurisdictional and Societal Issues, chaired by Mr. Steven Yonkers, US Dept. of Homeland Security, addresses the study and standardization of technical solutions to societal aspects of biometric implementations. Excluded from the TG's scope is the specification of policies, the limitation of usage, or imposition of non-technical requirements on the implementations of biometric technologies, applications, or systems. M1.6 serves as the US TAG to the JTC 1 SC 37 Working Group 6 Cross-Jurisdictional and Societal Issues. M1.6 has five voting members. M1.6 has responsibility for a "L" project:

1723-L - Information technology - Multi-part technical Report on Cross Jurisdictional and Socvietal Aspects of Implementations of Biometric Technologies

As a result of these activities, the current  INCITS M1 program of work is as follows:

Significant Accomplishments

As shown above, INCITS M1 and its TGs have completed a number of standards during the previous and this reporting period. A significant achievement  of this Technical Commitee is the adoption of many of the biometrics standards that have been developed by INCITS M1 and JTC 1 SC 37 by large organizations within the US and abroad.  In addition, during the last two reporting periods the INCITS M1 officers received the following awards: 2003 Gene Milligan Award for Effective Committee Management given to the INCITS M1 officers and the INCITS Team Award to the team of editors of INCITS M1 that during 2004 significantly contributed to the publication of  seven biometric standards and assisted INCITS M1 and JTC 1 SC 37 in meeting the requirements of their ambitious programs of work.

National Work

Of the eight approved INCITS standards developed by M1 six (five biometric data interchange formats and one biometric application profile) were approved during the previous reporting period and two (one additional biometric data interchange format and one biometric application profile) were approved during this reporting period as shown above.

Standards developed by INCITS M1 are starting to be required in major government programs. Attachment A of the Transportation Worker Identification Credential (TWIC) - Phase III - Prototype Phase - Requirements Document (DHS/TSA) for example, requires, INCITS biometric standards (as applicable) such as INCITS 383 Information technology - Application Profile - Interoperability and Data Interchange - Biometric Based Verification and Identification of Transportation Workers. This biometric application profile is the first approved biometric profile wordwide. DoD requires conformance to the BioAPI specification and CBEFF, the Common Biometric Exchange Framework Format specification. Both BioAPI and CBEFF were proposed by the US as candidate international standards. Their augmented and revised version reached FDIS status. It is expected that adoption of standards developed by INCITS M1 will significantly increase in the near future. There are still projects in the pipeline that should reap big payoffs. The biometric application profiles are a crucial level of standardization to ensure biometric interoperability. They reflect the base standards approved or under development in INCITS M1 and specify what options and ranges of values in those base standards are necessary and sufficient to ensure biometric interoperability for a particular set of application functions. In addition to the two Biometric Application Profiles already approved, the other application profiles within the INCITS M1 program of work (Application Profiles for Point-of-Sale Biometric Verification/Identification, DoD Implementations, and Commercial Biometric Physical Access Control) will be equally significant in supporting their targeted enterprise systems and applications based upon consensus biometric standards.

In addition to developing the national standards in the INCITS M1 program of work, INCITS M1 is a major technical contributor to the projects in the JTC 1 SC 37 - Biometrics program of work. The accelerated pace imposed on National Bodies in JTC 1 SC 37 has resulted in significant progress in this SC since its inception in June 2002. INCITS M1 has subtantially contributed to many of the SC 37 projects by providing multiple technical contributions and offering experts for a number of positions (e.g., editors, co-editors, Rapporteur Group members, technical expert teams). SC 37 finalized four parts of the biometric data interchange standard (finger minutia and finger image data interchange formats, face and iris data interchange formats). These documents are awaiting publication as International Standards. SC 37 has rapidly advanced three other documents to FDIS status (BioAPI, CBEFF and Part 1 of the Performance Testing and Reporting standard). It is anticipated that these biometric standards will also be published during 2005. Additionally, the completion of three FDIS ballots is anticipated by the end of this year. These accomplishments have been achieved through the dedication of many NB experts including INCITS M1 and Liaison experts.

A measure of the market relevance of JTC 1 SC 37 is that two major international organizations require conformance to some of the standards under development in JTC 1 SC 37:

International Civil Aviation Administration (ICAO)

ICAO adopted a global, harmonized blueprint for the integration of biometric identification information into passports and other Machine Readable Travel Documents (MRTD). Facial recognition was selected as the globally interoperable biometric for machine-assisted identity confirmation with MRTD. ICAO requires conformance to the face recognition standard developed by JTC1 SC 37. Other requirements for JTC 1 SC37 standards are the fingerprint data interchange formats, the iris recognition interchange format, and the Common Biometric Exchange Formats Framework (CBEFF). 

The International Labor Office of the UN (ILO)

ILO’s requirements for the Seafarers’ ID Card include the use of two fingerprint templates to be stored in a barcode which will be placed in the area indicated by the ICAO’s 9303 standard. ILO requirements also specify the use of some of the standards under development in JTC 1 SC37, specifically finger minutiae and finger image data interchange formats and CBEFF. Both the finger minutiae and finger image data interchange formats successfully completed FDIS ballots and are expected to be published as ISs before year end.

Level of Effort

The significant progress made during this period, both nationally and internationally,  represents thousands of hours of work by dedicated volunteer officers, editors, and contributors to both the national and international projects. Over 500 national documents have been prepared by INCITS M1 members during this period supporting the technical and administrative activities of the INCITS M1 committee. The work of INCITS and INCITS M1 and its related counterpart (JTC 1 SC 37) has been publicized in many technical conferences through talks given by INCITS M1 officers and other members. Members from other JTC 1 SC 37 NBs have also given talks that included discussion of aspects of the JTC 1 SC 37's program of work. Recent publications on JTC 1 SC 37 work include an article in ISO Management Systems magazine within the magazine's Business Standards section: "Security concerns fuel boom in biometric technologies", written by Elizabeth Gasiorowski-Denis (July-August 2004) and an article in ISO Focus, “International Biometric Standards - Addressing Customer Needs for Personal Authentication” published November 2004.

Significant Challenges

Adoption of biometric-based high performance, interoperable systems will depend, in part, on the timely availability of a portfolio of biometric standards that are required by end-users, the IT personal authentication industry and other standards bodies within INCITS such as INCITS B10 and CS1 and other outside standards organizations. INCITS M1 and its Task Groups mitigate this risk through the use of IT tools, cooperation with users and other standards committees, an excellent group of officers and experts, team work and tight program management. The challenge presented by the accelerated development pace has been met by the INCITS M1 membership. INCITS M1 needs to further increase its membership, however, to address different aspects of its program of work (e.g., performance and confromance testing methology standards and possible future standards work in multi-biometric systems, the amednments of some of the data interchange standards and the development of new biometric application profiles that would meet the needs of specific user communities). User's participation has significantly increased. This led to the rapid completion of the second Biometric Application Profile (Border Management). Gaps in the program of work include work related to speaker recognition technology and other conformance testing methodology standards.

Expected Challenges

The accelerated pace of INCITS M1 activities has extended in part to liaison efforts as well.  The biometric experts in INCITS M1 are contributing to related work in other national and international activities. Internationally, JTC 1 SC 37 has requested participation in a collaborative effort between JTC 1 SC 27 and ISO TC 68 in the development of the international standard equivalent to X9.84 (ISO/IEC CD 19092). Technical contributions were developed by JTC 1 SC 37 experts and sent to TC 68. Although a formal collaborative effort was not achieved, the SC 37 experts have still contributed to the work of 19092 through liaison contributions. JTC 1 SC 37 technical experts are also contributing with two projects under development in JTC 1 SC 27: 19790 “Information technology – Security techniques – Security requirements for cryptographic modules” and 19792 “Information technology – A Framework for security evaluation and testing of biometric technologies”. INCITS M1 experts are collaborating in these efforts together with experts from other NBs represented in JTC 1 SC 37. Further harmonization of biometric and related technology standards between the INCITS M1 program of work and developments in other standards bodies will also require major efforts from the INCITS M1 experts. INCITS M1 members are expected to contribute with their expertise in supporting other biometric-related projects within SC27 directly through a strong and close liaisonship with INCITS CS1 and through member's participation in experts teams within JTC 1 SC 37. The initial accelerated pace of international biometric standards development in JTC 1 SC 37 also presents a major challenge. JTC 1 SC 37 was operating on a 5 month cycle (5 months between SG/WG meeetings and 10 months between Plenaries). Now the schedule has been relaxed to 6 - 7 months between WG meetings. The JTC 1 SC 37 schedule imposes great demands on INCITS M1 member organizations, editors, technical contributors and officers (as well as imposing great demands on experts from other NBs represented in JTC 1 SC 37).

Committee Activities

Previous meetings for the reporting period

AHGEMS: INCITS M1 Ad-Hoc Group on Evaluating Multi-Biometric Systems

(*) These AHGs have been re-authorized every 2 meetings of M1.

Next Year's Planned Meetings:

Meeting Number	Date	Location
INCITS M1 and TG meetings collocated     INCITS M1 (15th)         AHGEMS (8th)*      INCITS M1.1 (4th)     INCITS M1.2  (10th)     INCITS M1.3  (12th)     INCITS M1.4 (10th) AHGBEA (1st)     INCITS M1.5 (9th)     INCITS M1.6 (5th)	June 9-10, 2005 June 6, 2005 June 7, 2005 June 7-8, 2005 June 8-9, 2005 June 6, 2005 June 7-8, 2005 June 7-8, 2005	Cherry Hill, NJ
INCITS M1.4  AHGBEA (2nd)	September 21, 2005 (Colocated with the Biometric Consortium Conference)	Crystal City, VA
INCITS M1 and TG meetings collocated     INCITS M1 (16th)         AHGEMS (9th)      INCITS M1.1     INCITS M1.2     INCITS M1.3     INCITS M1.4     INCITS M1.5     INCITS M1.6	Week of October 3-7, 2005
INCITS M1 and TG meetings collocated     INCITS M1 (17th)     INCITS M1.1     INCITS M1.2     INCITS M1.3     INCITS M1.4 AHGBEA (3rd)     INCITS M1.5     INCITS M1.6	Week of December 12-16, 2005

AHGEMS: INCITS M1 Ad-Hoc Group on Evaluating Multi-Biometric Systems
(*) This AHG has been re-authorized every 2 meetings of M1.

6. Liaison Activities

INCITS M1 maintains liaison with the following organizations to keep them abreast of INCITS M1 products, developments and positions and to address, as applicable, biometric-related issues within their national and international activities:

The technologies addressed by INCITS B10 and INCITS M1 are, for some applications, complementary in nature. The potential contribution of INCITS M1 to the JTC 1 SC 17 projects (through INCITS B10) is apparent. In particular is the utilization of biometric data within travel documents and ID cards. Close and timely collaboration between these two INCITS TCs is maintained. For more information about INCITS B10 see http://www.incits.org/tc_home/b10.htm

INCITS T4

Strong synergy exists between biometrics and IT security.  The complementary nature of both programs of work led to close collaboration between experts from both TCs.  INCITS M1 maintains an active collaboration wtih  INCITS T4. For more information about INCITS T4 see http://www.incits.org/tc_home/t4.htm

INCITS V2

Current INCITS V2 activities may lead to collaboration opportunities with INCITS M1. Potential contributions of INCITS M1 to INCITS V2 work are  possible in the next period. In particular, related to the utilization of biometric technologies and biometric data within the applications of interest to INCITS V2. For more information about INCITS V2 see http://www.incits.org/tc_home/v2.htm

X9F4

BioAPI Consortium

The BioAPI Consortium was formed to develop a widely available and widely accepted Application Programming Interface to serve any type of biometric technology. It has over 100 members from industry and other organizations. Additional information about the BioAPI Consortium can be found at http://www.bioapi.org/

IBIA

CS1

Membership and Officers

The membership lists for INCITS M1 and its TGs are available on the INCITS M1 website under "members". The officers of INCITS M1 and its TGs are shown below.

a.

b. Membership:

INCITS M1 Task Groups:

http://www.incits.org/tc_home/m1mem.htm

Future Trends and Related Technical Activities

Deploying new information technology systems for homeland security will require a comprehensive set of both national and international technically sound standards for biometrics that meet the U.S. needs. Biometric technologies are already playing a crucial role in a wide range of applications. Standardized biometric-based solutions are becoming a mandatory requirement in many of these applications. In addition to supporting homeland security and preventing ID fraud, biometric-based solutions are able to provide for confidential financial transactions and personal data privacy. Enterprise-wide network security infrastructures, the protection of buildings from unauthorized individuals, employee IDs, secure electronic banking, investing and other financial transactions, retail sales, law enforcement, and health and social services are already benefiting from these technologies. A range of new applications can be found in such diverse environments as amusement parks, banks, mobile devices, passport programs and driver licenses, colleges, and school lunch programs. Biometric technologies are being required in multiple government and commercial applications.

The importance of biometric technologies has dramatically increased because of the events of September 11, 2001. Homeland defense is now the highest of priorities for many countries. These countries are now seriously considering or have already approved new legislation that calls for the investigation and use of biometric technologies as soon as possible for homeland defense applications. The prevention of ID theft will also become a significant market for biometrics in the future. A project for  the development of an INCITS Technical Report on how biometrics (and biometrcis standards-based solutions) can support the prevention of ID Theft is being proposed for consideration at the June meeting of M1.

Accounting for systems developers, resellers and the influence that biometrics will have in other industries and the IT industry (i.e., security industry), biometric technologies are expected to be a substantial catalyst for the global IT market in these applications. The expected growth of the biometrics market, however, is placing a greater demand on the national and international biometric industry, biometric system developers, researchers and end-users to work together to address in cooperation a number of issues including privacy, testing and evaluation, infrastructure, cost, scalability, open system interoperability and data interchange and conformance to existing standards. INCITS M1 and JTC 1 SC 37’s efforts are helping in ensuring that standards-based systems and applications that require conformance to the biometric standards (approved or under development) would be more interoperable, scalable, reliable, and secure.

INCITS M1 is completing the development of the first generation of formal biometric data interchange standards. New projects have been initiated to develop conformance testing methodologies for the data interchange formats and industry developers and testing laboratories are providing useful feedback to INCITS M1. Advances in biometric technology research and development are expected to require a second generation of standards (e..g,  3-D face, biometric application profiles). The INCITS M1 portofolio is expected to grow. INCITS M1's current work in multi-biometrics is expected to lead to new standards projects related to this important area. A new biometric data interchange format for keystroke dynamics is being proposed for consideration. The demand for enhanced data structures and interfaces to support multimodal/multibiometrics and secure authentication is expected to led to new projects within INCITS M1.

Industry consortia remain an important source of new standards activities. INCITS M1 will continue to rely on standards incubators such as the Biometric Consortium as a source of guidance and specifications. We have seen at least one case recently that elected to use INCITS fast-track standardization as the primary mechanism for carrying the documents forward into the standards world. The augmented version of CBEFF (NISTIR 6529-A), as discussed above,  has been sucessfully fast tracked through INCITS and became an INCITS standard during 2005.

The heavy workload and highly technical environments associated with our activities led to the establishment of Ad-Hocs to respond to specific needs required to meet the international agenda within JTC 1 SC 37 and to address aspects of the national program (e.g., INCITS M1 Ad-Hoc Group on Issues for Harmonizing Conformity Assessment to Biometric Standards, INCITS M1.3 Ad Hoc Committee on Generalized Conformance Testing Methodologies and INCITS M1.3 Ad-Hoc Group on Biometric Sample Quality). These required activities have also led to some electronic meetings (this approach has mainly been used for some of the Ad-Hoc meetings). However, most of the TG meetings and all of the INCITS M1 meetings, have been physical meetings.

Other Administrative Information

Financial Statement:

INCITS M1 meeting activities are financed and hosted by volunteer organizations. The individual participants and their member organizations finance all travel, room, and related business expenses. INCITS M1 has no direct financial activities.

Web-based/electronic document distribution procedures:

From its inception in November 2001 INCITS M1 has operated through electronic document distribution (INCITS M1 reflector for members). All INCITS M1 documents are posted in a web-based document register. Documents are posted in the document register by INCITS personnel. INCITS M1 and INCITS M1 TG officers have access to an automated document numbering system. 

The full details (company, address, phone, e-mail etc.) of INCITS M1 and INCITS M1 TG officers are available on-line through the INCITS web site. At the present time INCITS M1 does not have a web-based Letter Ballot scheme in place.  The INCITS M1 officers are responsible for issuing the INCITS M1 letter ballots electronically through the INCITS M1 email reflector.

Documents for each meeting (INCITS M1 and its TGs) are posted in advance according to the INCITS rules and offered to the INCITS M1 membership in ZIPPED files posted in the INCITS M1 web site before the meetings. JTC 1 SC 37 documents can be downloaded through Livelink.

Recommendations: