Mobile biometric standards

July 2011 Access Control & Identity Management

The standards applied to the mobile ID devices are put together by international standards committees operating at institutions such as NIST (National Institute of Standards and Technology) and ISO/IEC (International Organisation for Standardisation/International Electrotechnical Commission).

In 2008, an ad hoc work group finalised NIST Special Publication 500-280 as a result of over two years of effort by various stakeholders including government, private sector and academic researchers.

The publication provides guidance and operational requirements for mobile ID devices that can be used for enrolment, identification and verification functions. They address issues concerning specifically non-stationary applications where access to traditional implementations of full-sized live scan fingerprint readers and photo capture stations with setups adhering to standards are not possible.

Substantial amount of standards generated for mobile ID by a special committee at NIST have been incorporated into the current version of the ANSI/NIST-ITL standard. The Information Technology Laboratory (ITL) of the National Institute of Standards and Technology (NIST) sponsored the development of this American National Standards Institute (ANSI) approved the American National Standard using the NIST Canvass method to demonstrate evidence of consensus. Over the past several years, many data interchange and processing applications have converted to an XML format approach.

The latest, third draft ANSI/NIST-ITL 1-2011 standard is expected to be sent out in mid/late July 2011 and will be available for a 45 day ballot period for comments before producing a final copy. Major stakeholders want to carefully check the fourth draft for consistency and accuracy to ensure the fifth draft will be the final draft for letter ballots.

Benefits of mobile ID device standards

Standards creation and development is crucial to the end-user protection of investment in biometric hardware and software solutions. It is important for government and industry to achieve a common interoperability in order to connect and search other systems. There are several applications where only mobile/offsite collection of biometric samples can be achieved for enrolment, identification or verification, and where this information can be shared between different users to achieve better results in the areas of combating crime, enhancing security for access control and any other situations where a quick check against one or more biometric databases is required.

Mobile ID devices and systems have been used for a variety of applications such as identity verification of workers, access control to secured locations and ad hoc checkpoints. Biometric samples acquired from a subject can be compared with other biometric samples on watch lists and in various databases civil or criminal. This can be done in time at remote locations without the need of transporting the subject to a central office.

Another application of mobile ID devices is related to the electronic identity document with contact or contactless chip, fingerprint and facial image (biometric samples). Live fingerprint of a person can be compared with the fingerprint stored in the document chip. Data acquired from a mobile ID device using one system cannot always be processed by another system. Therefore, common interoperability requirements must exist at all levels.

Other tasks performed by mobile ID devices include the addition of contextual data, the formatting of the data (to the ANSI/NIST-ITL standards, FBI or other standard format), physical instantiation of the mobile ID device impacts system requirements and implementation of relevant standards that address how system components are connected (or not), connectivity to other systems (sharing/interoperability) security aspects of interconnected components. Cameras using facial recognition for mobile identification need a focal length that is compatible with 60 to 200 cm or separation between the device and the subject. Minimum image resolution (size) of 480x600 is required according to ANSI/NIST-ITL 1-1007 Type-10 interchange format.

The overall system architecture is based on the application requirements for the mobile ID device. Mobile biometric identification systems accomplish several tasks such as signal or image capture, signal or image processing, matching and output decisions. The device can be implemented either as a self-containing unit with the communication embedded in the device or as a set of interconnected peripherals. In a networked system, factors influencing the operation of functions such as the above data capture, signal processing and matching decisions include location, availability of network connectivity, bandwidth of the network connection and interoperability with the other systems.

Mobile ID fingerprint capture devices

The capture of a high quality fingerprint image is recommended with a NIST fingerprint image quality (NFIQ) value higher than five for enrolment purposes. If more than a single finger then ANSI/NIST-ITL Type-14 record must be used. Initial image quality assessment should be done to provide feedback to the operator preferably on the above using the NFIQ algorithm. Best practice recommendations are to the capture of four fingers for the improvement of accuracy.

Other guidelines concern compression ratio, sensor certification, minutiae extractor certification, fingerprint interchange requirements (image vs. template).

Mobile ID facial image capture devices

Capturing facial images may be of more value than taking fingerprints when suspected terrorist databases or other watch lists contain facial images and not fingerprints. The best practice recommendation does not recommend that all of the ANSI/NIST-ITL 1-2007 standard best practices are applicable to mobile ID facial image devices. -

SAP (subject acquisition profile) levels of 40 or higher require 18% grey backdrop with appropriate lighting, which is not easily achieved with a handheld device. Mobile ID facial image capture devices must adhere to the face image quality standards during the capture process. Face capture requirements address capture distance, capture device controls, capture device frame rate, photo image format, image size and aspect ratio and facial image compression. There are ANSI/NIST – ITL standards for transmission and seamless exchange of biometric data captured from mobile ID devices.

The mobile ID face capture device must be able to measure the face image quality of the captured image. No standardised quality algorithm is available to aid system interoperability. If the captured face image is of insufficient quality, the device should alert the operator.

Cameras using facial recognition for mobile identification need a focal length that is compatible with 60 cm to 200 cm of separation between the device and the subject. Minimum image resolution of 480x600 is required according to ANSI/NIST-ITL 1-2007 Type-10 interchange format.

Several US government agencies are working together on mobile device deployment and the focus is to standardise the way to test and evaluate such devices. Manufacturing of mobile biometric terminals is ruled by international standards so that the minimum requirements are met. These standards address communication interfaces such as GSM/GPRS/GPS/EDGE for WWAN or 802.11 b/g Wi-Fi for WLAN. Other specifications concern types of fingerprint reader platens such as optical, capacitive or other that should be a minimum of 500DPI.

Other standards would address elements of the mobile ID devices such as cameras, operating systems, card readers (ISO 15693 vicinity card reader, ISO 7816 contact card) Bar code readers (1D and 2D bar code).

Participation of all countries in standards creation is crucial to successful deployment of mobile biometric devices. South African industry participates through SABS (South African Bureau of Standards) Biometrics Standards Committee. Private companies as well as government organisations provide their free time and effort to discuss international standards as well as provide information and input based on their South African experience and expertise.

For more information contact Interoptic Networks, +27 (0)11 805 1075, basia@interoptic.co.za, www.interoptic.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Defending against SIM swap fraud
Access Control & Identity Management
Mobile networks must not be complacent about SIM swap fraud, and they need to prioritise the protection of customers, according to Gur Geva, Founder and CEO of iiDENTIFii.

Read more...
Access Selection Guide 2024
Access Control & Identity Management
The Access Selection Guide 2024 includes a range of devices geared specifically for the access control and identity management market.

Read more...
Biometrics Selection Guide 2024
Access Control & Identity Management
The Biometrics Selection Guide 2024 incorporates a number of hardware and software biometric identification systems aimed at the access and identity management market of today.

Read more...
Smart intercoms for Sky House Projects
Nology Access Control & Identity Management Residential Estate (Industry)
DNAKE’s easy and smart intercom solution has everything in place for modern residential buildings. Hence, the developer selected DNAKE video intercoms to round out upmarket apartment complexes, supported by the mobile app.

Read more...
Authentic identity
HID Global Access Control & Identity Management
As the world has become global and digital, traditional means for confirming authentic identity, and understanding what is real and what is fake have become impractical.

Read more...
Research labs secured with STid Mobile ID
Access Control & Identity Management
When NTT opened its research centre in Silicon Valley, it was looking for a high-security expert capable of protecting the company’s sensitive data. STid readers and mobile ID solutions formed part of the solution.

Read more...
Is voice biometrics in banking secure enough?
Access Control & Identity Management AI & Data Analytics
As incidents of banking fraud grow exponentially and become increasingly sophisticated, it is time to question whether voice banking is a safe option for consumers.

Read more...
Unlocking efficiency and convenience
OPTEX Access Control & Identity Management Transport (Industry)
The OVS-02GT vehicle detection sensor is the newest member of Optex’s vehicle sensor range, also known as ‘virtual loop’, and offers reliable motion detection of cars, trucks, vans, and other motorised vehicles using microwave technology.

Read more...
Protecting our most vulnerable
NEC XON Access Control & Identity Management Products & Solutions
In a nation grappling with the distressing rise in child kidnappings, the need for innovative solutions to protect our infants has never been more critical. South Africa finds itself in the throes of a child abduction pandemic.

Read more...
Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

Read more...