Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #23 Biometrics Standards - II November 14, 2005

Outline l BioAPI Standard l Reference: - Chapter

BioAPI l This specification defines the Application Programming Interface and Service Provider Interface for a standard biometric technology interface. l BioAPI V1.1 defines an open system standard API that allows software applications to communicate with a broad range of biometric technologies in a common way. l As an “open systems” specification, the BioAPI is intended for use across a broad spectrum of computing environments to insure cross-platform support. l BioAPI V1.1 was developed by the BioAPI Consortium and specifies standard functions and a biometric data format which is an instantiation of CBEFF.BioAPI Consortium

BioAPI l BioAPI creates a modular framework allowing programmers to develop once for a biometric device the easily make their work compatible with other devices l Capabilities addressed by the API include: - Enrollment, verification, identification, capture, process, match, and store l The goal is to hide as much as possible the unique aspects of individual biometric technologies and vendor implementations l Attempts to provide a high level of abstraction that an be used within a number of potential software applications

BioAPI Specification, Version 1, March 2001 l Concepts l BioAPI Definitions - E.g., BioAPI data structures, Registry schema, Error handling, Framework operations, Streaming I/O, l BioAPI Service Provide Interface - Data structures for the interface, service provider operations, Database operations

Concepts l BSP: Biometric Service provider l BIR: Biometric Identification Template l API Model l Client/Server Processing Methods l Other Concepts

Biometric Service Provider (BSP) Biometric Service Provider Identification User Interface Input Scanning Quality Enhancement Feature Extraction Process Sample Raw Sample Construct BIR Verification User Interface Enrollment User Interface Result BIR Result List Set of BIRs Verification Algorithm Identification Algorithm Intermediate BIR Intermediate BIR Processed BIR Capture (Process is a NO-OP) Match CaptureProcess Match Capture Process Match

Biometric Identification Record (BIR) t HeaderOpaque Biometric Data Signature Factors Mask BIR Data Type Length (Header + Opaque Data) Header Version Quality Purpose Mask OwnerID Format

API Model l There are three principal high-level abstraction functions in the API: - Enroll: Samples are captured from a device, processed into a usable form from which a template is constructed, and returned to the application. - Verify: One or more samples are captured, processed into a usable form, and then matched against an input template. The results of the comparison are returned. - Identify: One or more samples are captured, processed into a usable form, and matched against a set of templates. A list is returned showing how close the samples compare against the top candidates in the set.

Supporting Client Server Processing: Two approaches l Use Primitive Functions - Capture, process, Match, Create Template l Using streaming callback - The client/server application decides whether the authentication should be driven by the client or the server component. - The application calls the appropriate high-level function, and the BSP calls the Streaming Callback to initiate the BSP-to-BSP protocol. - The StreamInputOutput function is used by the partner application to deliver messages to the partner BSP, and to obtain a return message to send to the driving BSP.

Primitive Functions

Using Streaming Callback: Server Initiation Authentication Client Application Client BSP BioAPI Framework Authentication Server Application Server BSP BioAPI Framework Device Identify Verify Enroll BSP-to-BSP protocol Process and Match algorithms Streaming Callback StreamInputOutput App. Provides a communication channel for the BSPs Capture

Using Streaming Callback: Client Initiation Authentication Client Application Client BSP BioAPI Framework Authentication Server Application Server BSP BioAPI Framework Device Identify Verify Enroll BSP-to-BSP protocol Process and Match algorithms Streaming Callback StreamInputOutput App. Provides a communication channel for the BSPs

Other Concepts l There are two possible criteria for the results of a match: False Accept Rate (FAR) and False Reject Rate (FRR). - FAR is the probability that samples falsely match the presented template, - FRR is the probability that the samples are falsely rejected (i.e., should match, but don’t). l The BioAPI functions allow the application to request a match threshold in terms of maximum FAR value (i.e., a limit on the probability of a false match,) and an optional maximum FRR value. l If both are provided, the application must tell the BSP which one should take precedence.

Other Concepts l BIR Database: The BioAPI allows a BSP to manage a database of BIRs - To optimize the performance of the Identification operation over large populations - To provide access to the BIRs that may be stored on a self- contained sensing device. l User Interface: Most biometric service providers come with a built-in user interface - The API allows the application to control the “look and feel” of this user interface l Module Registry: Upon installation, BioAPI components (framework and BSPs) post information about themselves in the BioAPI module registry. - This information is used by the application to determine if the BioAPI framework has been installed.

Example BioAPI API Definitions l BioAPI_BIR: A container for biometric data. l typedef struct bioapi_bir { BioAPI_BIR_HEADER Header; BioAPI_BIR_BIOMETRIC_DATA_PTR BiometricData; /* length indicated in header */ BioAPI_DATA_PTR Signature;/* NULL if no signature; length is inherent in this type */ } BioAPI_BIR, *BioAPI_BIR_PTR;

Example BioAPI API Definitions l A BSP schema entry as posted to the BioAPI module registry. l typedef struct _bioapi_bsp_schema{ BioAPI_UUID ModuleId; BioAPI_DEVICE_ID DeviceId; BioAPI_STRING BSPName; BioAPI_VERSION SpecVersion; BioAPI_VERSION ProductVersion; BioAPI_STRING Vendor; BioAPI_BIR_BIOMETRIC_DATA_FORMAT BspSupportedFormats; uint32 NumSupportedFormats; uint32 FactorsMask; uint32 Operations; uint32 Options;

Example BioAPI API Definitions l A BSP schema entry (CONTINUED) uint32 PayloadPolicy; uint32 MaxPayloadSize; sint32 DefaultVerifyTimeout; sint32 DefaultIdentifyTimeout; sint32 DefaultCaptureTimeout; sint32 DefaultEnrollTimeout; uint32 MaxBspDbSize; uint32 MaxIdentify; BioAPI_STRING Description; char Path; }BioAPI_BSP_SCHEMA, *BioAPI_BSP_SCHEMA_PTR;

Example BioAPI Service Provier Specifications BioSPI_ModuleEventHandler l This defines the event handler interface that the BioAPI framework defines and implements to receive asynchronous notification of events of type BioAPI_MODULE_EVENT from a service provider module. Example events include insertion or removal of a hardware service module, or fault detection. l typedef BioAPI_RETURN (*BioSPI_ModuleEventHandler) ( const BioAPI_UUID *BSPUuid, void* BioAPINotifyCallbackCtx, BioAPI_DEVICE_ID DeviceID, uint32 Reserved, BioAPI_MODULE_EVENT EventType);

Directions l Development of the Standards l Development of the Products l Evaluation of the products - What are the criteria used to evaluate the products? - How do the products conform to the standards? - Are there ratings? - Is there a list of evaluated products l Similar to the National Computer Security Center's list of evaluated securer system products