“The nice thing about standards is that you have so many to choose from.” -Andrew Tanenbaum.
As the biometrics market continues to mature, two phenomena become increasingly apparent. First, more and more institutions choose to adopt biometrics as an enhancement to their business. Secondly, these institutions seek to make use of existing standards for data exchange and communication, as opposed to relying upon closed, non-extensible, proprietary mechanisms.
While most data exchange standards are designed with very specific and limited use cases in mind (e.g. NITF satellite image specification, DICOM medical image and information exchange), standards are increasingly designed to allow for extension. This extensibility provides for wider adoption and usage. But in cases where there is no governing certification body, there can be room for varying interpretation on the details of the standards, and a divergence of implementations.
Within the biometrics industry, one such standard is the “Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information (ANSI/NIST-ITL 1-2011).” ANSI/NIST ITL 1-2011 defines the packaging and exchange of biometric data including: fingerprints, face, iris, signatures, voice, etc. ANSI and NIST have chosen to standardize the core biometric information (e.g. records to store fingerprints, what parameters are used to define a fingerprint, etc.), while leaving room for expansion and personalization (inclusion of biographic data). This extension allows individual agencies to add their own color to the final version.
The representation of biographic data makes up the majority of these activities. For example, one agency may prefer family name followed by given name in a single string, while a second may prefer each name component in its own field. These extensions have often included the support of emerging biometrics (iris, then voice and DNA). As the ANSI/NIST ITL 1-2011 standard evolves, these emerging technologies are included; however this process often takes one to two years. Meanwhile, increasing numbers of agencies extend the core specifications to their own needs. The result is multiple variations on the original theme. While a static standard provides fewer challenges for design, development, and deployment, integrating to a moving target—or multiple moving targets—introduces significant challenges.
Case in point, an Aware customer required a solution for a biometric data interoperability issue. Their AFIS was designed to interfaced other systems using only a specific variant of the US DoD’s EBTS standard. The limitation of the design was exposed with the agency needed to exchange data with other regional and foreign agencies. The new requirement to interface additional agencies was complicated by the fact that the external agencies each supported—and therefore exchanged—several generations of data, each with its own variation. To achieve a complete integration, Aware provided its Biometric Services Platform (BioSP) to manage the conversion between the native formats of the external systems and the native format of the agency’s AFIS system.
In another case, a customer developed a large, complex system that included several subsystems, with each requiring a different specification for data exchange. The subsystems included a local AFIS, multiple external AFIS, an identity management system, and an ID card personalization system. The final Aware design enabled interface using three different EBTS variants, two proprietary formats, and ANSI ISO formats for fingerprint minutiae and facial images. It was able to achieve the interoperability between the systems via the BioSP installation.
Interoperability issues have received a lot of attention, especially within the European Union. Member countries rely upon regional standards for INTERPOL and EuroPol, while still requiring interoperability with US FBI and DoD databases. This does not include any local variants that may exist whether these are standards based or proprietary.
The need to exchange data has also increased as security threats increase. At a recent EU conference in Estonia there was a lengthy discussion around the Paris attacks of 2015. As the investigation matured, it was discovered that each of the attackers was known to various agencies and entities throughout the EU, but due to data exchange barriers (both technical and political), the dots were not connected until it was too late.
Representatives from countries throughout the world are working to solve the political barriers of data exchange. And as these barriers come down it will be up to industry to provide the solutions to the technical barriers of data exchange.