Biometric Standards: Why We Need Them
Biometric-based technologies, such as speaker verification and live-scan fingerprinting, are the only fully automated methods available for verifying that a person is who she or he claims to be. As such, they are powerful tools for security and other operations that require authentication or identification.
There are virtually no standards in place for automated biometrics-including minutiae analysis, the method used by human experts to analyze fingerprints. Minutiae analysis centers around specific features of a fingerprint, such as branching lines. These features become the fingerprint representation in an automated system.
Similarly, speaker verification systems and other automated biometrics represent, codify, and analyze distinguishing features of the biometric rather than the entire image. This enhances accuracy and speed. "While there are ANSI-NIST fingerprint minutiae standards, they don't seem to be of sufficient information density to be usable for all automated biometrics; thus vendors typically use proprietary minutiae algorithms" explains Cynthia Way, Associate Consultant at Higgins & Associates.
Way believes application developers should retain the entire fingerprint image (or voice recording) as well as the features extracted from that image by the vendor "to avoid becoming locked into a single vendor."
This philosophy also underlies efforts by the AFIS Committee of the International Association for Identification (chaired by Peter Higgins of Higgins & Associates) to test whether ANSI-NIST and FBI standards for fingerprint images can be used to analyze digitized fingerprints from multiple vendors. The dearth of standards extends beyond biometric representations. Every facet of biometric-application development uses proprietary operations. If you are an application or product developer using proprietary technology you face the risk of having to gather new data from each registered user, recode application functions, and create new interfaces to systems every time you change vendors. These are not trivial tasks. Yet, there is always a chance that any vendor may go out of business, stop supporting the product version you used to develop your application, fall behind technologically, or otherwise become less attractive than its competitors.
Why should you care about biometrics standards? Standards reduce differences between products. This decreases the risk of using automated biometrics. By reducing the risk of development, standards help grow the market, which benefits vendors. Standards also promote an aura of stability and maturity attractive to investors. These and other benefits should make standards a priority for everyone. Unfortunately, for vendors, porting to a standard requires resources and time. Unless the marketplace (customers and investors) demands compliance with standards, the tendency is to continue with the proprietary status quo. This is the dilemma currently facing vendors deciding whether to port to the (SVAPI) standard. Consequently, if you are a VAR or application developer investigating speaker verification or another biometric, it is worth your while to care about standards like SVAPI.
Why should you care about biometrics standards? Here is how Moshe Yudkowsky of Dialogic answers this question: "Using a proprietary system is like using a chain: if a single link breaks, the entire system fails. "Using a system based on open standards is like traveling down a wide river. The vendors are different streams that feed into the river; if a single stream dries up, the other streams continue to feed the river, and the river keeps on flowing. The solution is inherently more robust. " Storage of biometric images concerns privacy proponents. I will discuss privacy in my next column.
Judith Markowitz is president of J. Markowitz, Consultants, and can be reached at Northwestern University/Evanston Research Park, 1840 North Oak, Evanston, Ill. 60201, or by e-mail at jmarkowitz@pobox.com.