Many of the basic building blocks of biometrics are now, or soon will be, standardized. Yet according to a transcript from International Biometric Group's (IBG's) January teleconference, the slow standards approval process is creating headaches: "Standards development and approval is a slow \[process\], and the biometric industry is notable for rapid changes in market demand, technology capabilities, and corporate structure," the group says.
Specifically, the report says the technology is being deployed in various products "exclusive of biometric standards." Also, "It is possible that de facto standards will emerge based simply on the content of large databases or widely deployed biometric devices. As a standard is only as strong as the level of adoption on the part of developers and deployers, there is some risk that delay in standards development will result in obsolete or irrelevant standards."
Those delays have already created problems. According to Technical Insights, an international technology analysis business, more than 150 separate biometric hardware and software vendors exist, each with its own proprietary interfaces, algorithms, and data structures.
Unfortunately, there are just about as many companies and government agencies involved in writing biometric standards as there are vendors trying to sell their products as the de facto standard.
In the U.S., a group formed by the International Committee for IT Stan-dards, called the INCITS Technology Committee M1-Biometrics, has be-come the central hub of domestic standards. About 50 organizations, including industry vendors and government agencies, have joined the M1 committee. Also, the National Institute of Standards and Technology (NIST), an agency of the U.S. Commerce Department, is heavily involved in developing biometric standards, mainly for fingerprinting and biometric imaging.
Globally, the International Standards Organization (ISO) Joint Technical Committee has formed a biometric standards subcommittee. Known as Subcommittee 37 (SC37), it first met in December. About 20 countries have joined SC37 through their national standards bodies. Another group, the Organization for the Ad-vancement of Structured Information Standards (OASIS), is developing XML-based biometric standards.
Present biometric standards are relatively new, and not without issues. BioAPI, an open system standard for a biometric application programming interface, was approved as an official American National Standards Institute (ANSI) standard in February 2002. But as it was only recently submitted to SC37, it lacks international status. Also, according to the IBG, technologies can be BioAPI-compliant while not complying with one another. In addition, says IBG, BioAPI doesn't provide a great deal of utility in terms of biometric matching accuracy. Levels are left to the vendor's discretion.
Unfortunately, the existence of other biometric subcommittees has narrowed the scope of SC37. SC27 has already begun working on data protection and security techniques. Another subcommittee focuses on personal identification. As a result, SC37 will consider only those issues not already covered by the other ISO biometric subcommittees, which the IBG says "may delay the development and approval of certain standards."