Slashdot Mirror

← Back to Stories (view on slashdot.org)

NIST Standards for New Biometric ID Card Published

Posted by ScuttleMonkey on from the new-face-theft-ring dept.

rts008 writes "eWEEK is reporting that NIST has published the biometric data specs on the new Federal ID cards for employees and contractors that will be issued in October. From the article: 'Specifically, the guidelines state that two fingerprints must be stored on the card as "minutia templates," mathematical representations of fingerprint images. [...] Guidelines require that all biometric data to be embedded in the CBEFF (Common Biometric Exchange Formats Framework) structure. This ensures that all biometric data will be digitally signed and uniformly encapsulated. This format will apply not only to PIV cards, but also to any other biometric records kept by federal government agencies.'" The published standards [PDF] are also available from the NIST web site.

4 of 129 comments (clear)

  1. India's richest temple has already implmented this by ravee · · Score: 5, Interesting

    Biometrics is widely used in India's richest temple at Tirupati(which is also worlds richest one). Infact, if the devotees have to get into the temple, they have to get their finger print copied to a database using biometrics and they are alloted a time to enter the temple. This is because over quarter million people daily visit the temple and crowd control is a big job for the administration.

    --
    Linux Help
    for all things on Linux
  2. Re:No thank you by mcheu · · Score: 5, Insightful

    According to the description, this card is for a new government employee ID. I'm Canadian, so I don't know for sure how this is for the US, but up here, if you work for the government, your government department is already going to have a lot of your personal information. While it's not required for all public service jobs, some positions require to get at least a minimal security clearance, and depending on how high a clearance you need to get, you might get fingerprinted. The only thing new here is that they're encoding all that digitally onto your staff ID card.

    It should be rediculously easy to avoid getting one of these cards: Just don't apply for a government job.

  3. Re:Why store them on the card? by Agelmar · · Score: 5, Insightful

    You're missing the fact that the biometric data (actually, likely all data on the card) is signed. Think of it this way:

    The issuer of the card has a certificate issued for that purpose. When the card issuer creates your card, they store your biometric information and a signature of that information on the card. If anyone tries to change the biometric information, the signature is no longer valid. Assuming that the certificate uses strong encryption and that the private part of the certificate's signing key is protected (which are both reasonable assumptions), then the data integrity is ensured.

    This makes a lot of practical sense. If you want to pull everything from a centralized database, then your readers all have to be networked. This means that each reader next to every door in the building must be networked, and while that's fine for many situations, in some areas it's not practical. With the signed data on the card, the user can present their card which contains their biometrics and access credentials, the reader can verify this locally, and then act accordingly. Of course you still need to have a way to publish the root certificate and CRLs from time to time, but it does give you more flexibility.

  4. Minutia Templates by Epicyon · · Score: 5, Informative
    What is being stored is the mathmatical representation of the fingerprint, not an image of the fingerprint itself.

    It is not possible to recreate the image of a fingerprint from the template.