NIST Standards for New Biometric ID Card Published

rts008 writes "eWEEK is reporting that NIST has published the biometric data specs on the new Federal ID cards for employees and contractors that will be issued in October. From the article: 'Specifically, the guidelines state that two fingerprints must be stored on the card as "minutia templates," mathematical representations of fingerprint images. [...] Guidelines require that all biometric data to be embedded in the CBEFF (Common Biometric Exchange Formats Framework) structure. This ensures that all biometric data will be digitally signed and uniformly encapsulated. This format will apply not only to PIV cards, but also to any other biometric records kept by federal government agencies.'" The published standards [PDF] are also available from the NIST web site.

Fingerprints?

[Old+Spider]

But... fingerprints can be stolen. How does storing someone's fingerprint on these cards make them better than any other form of ID? If the image of your fingerprints is on the card, then anyone who has stolen your card can make fake fingerprints... and likely a fake card with thier photo on it and with your fingerprint data. I mean, if they stored your retina patterns and maybe even a snapshot of your brain structure, then I could believe these cards are worth the trouble, but something tells me these new cards are nothing more than a way for whomever is making them to get some government cash by way of a false sense of security. What a joke.

Re:Fingerprints?

[cdrguru]

Making "fake" fingerprints isn't all that simple.

Sure, if you need a fingerprint that withstands some sort of cursory optical examination, that can be done without too much trouble.

But, if they are actually using any of the better techniques, like a guy with an ink roller or a sensor that isn't optically based, you can forget about faking it.

Actually, even just having someone watching as your fingerprint is read is going to deter about 90% (maybe 99%) of fake attempts. You don't get to use a fake finger or most things on your finger if someone is actually watching and looking for that. Not 100% certain, for sure, but nowhere near as weak as you seem to think.

India's richest temple has already implmented this

[ravee]

Biometrics is widely used in India's richest temple at Tirupati(which is also worlds richest one). Infact, if the devotees have to get into the temple, they have to get their finger print copied to a database using biometrics and they are alloted a time to enter the temple. This is because over quarter million people daily visit the temple and crowd control is a big job for the administration.