NIST Standards for New Biometric ID Card Published

rts008 writes "eWEEK is reporting that NIST has published the biometric data specs on the new Federal ID cards for employees and contractors that will be issued in October. From the article: 'Specifically, the guidelines state that two fingerprints must be stored on the card as "minutia templates," mathematical representations of fingerprint images. [...] Guidelines require that all biometric data to be embedded in the CBEFF (Common Biometric Exchange Formats Framework) structure. This ensures that all biometric data will be digitally signed and uniformly encapsulated. This format will apply not only to PIV cards, but also to any other biometric records kept by federal government agencies.'" The published standards [PDF] are also available from the NIST web site.

Fingerprints?

[Old+Spider]

But... fingerprints can be stolen. How does storing someone's fingerprint on these cards make them better than any other form of ID? If the image of your fingerprints is on the card, then anyone who has stolen your card can make fake fingerprints... and likely a fake card with thier photo on it and with your fingerprint data. I mean, if they stored your retina patterns and maybe even a snapshot of your brain structure, then I could believe these cards are worth the trouble, but something tells me these new cards are nothing more than a way for whomever is making them to get some government cash by way of a false sense of security. What a joke.

Re:Fingerprints?

[cdrguru]

Making "fake" fingerprints isn't all that simple.

Sure, if you need a fingerprint that withstands some sort of cursory optical examination, that can be done without too much trouble.

But, if they are actually using any of the better techniques, like a guy with an ink roller or a sensor that isn't optically based, you can forget about faking it.

Actually, even just having someone watching as your fingerprint is read is going to deter about 90% (maybe 99%) of fake attempts. You don't get to use a fake finger or most things on your finger if someone is actually watching and looking for that. Not 100% certain, for sure, but nowhere near as weak as you seem to think.

India's richest temple has already implmented this

[ravee]

Biometrics is widely used in India's richest temple at Tirupati(which is also worlds richest one). Infact, if the devotees have to get into the temple, they have to get their finger print copied to a database using biometrics and they are alloted a time to enter the temple. This is because over quarter million people daily visit the temple and crowd control is a big job for the administration.

I am more concerned

[binkzz]

That one day these will be mandatory, and that they will be placed as a chip under the skin of the hand or the forehead. If you don't have one of these chips, you won't be able to pay for anything or even buy food.

Because you cannot forget it.

[khasim]

The only advantage biometric data has is that the user cannot lose it or forget it.

Other than that, if someone is watching you authenticate, it might be possible for them to see you using a fake finger or something.

Re:No thank you

Well that's great if you dont work for the government or work as a contractor. But if you do, like me, it puts you in a terrible predicament. I've been a contractor for several years now, and have talked with my contracting officer about this extensively in the past. He said he won't make me do it,and that he'll resist doing it himself (he's a fed, I'm a contractor). If worse comes to worse, I'll just quit. My job has nothing to do with national security or defense, there's no need for them to have this data about me any more than they would need it from any old citizen. I don't get it, and I won't play.