The Chair of the OASIS XML Common Biometric Format Technical Committee (XCBF TC) has communicated a request that the TC's Committee Specification version 1.1 be considered for approval as an OASIS Standard. The XML Common Biometric Format specification deals with biometrics in the sense of "automated methods of recognizing a person based on physiological (retina, hand geometry, DNA) or behavioral characteristics; they are used to recognize the identity of an individual, or to verify a claimed identity." The OASIS Committee Specification defines "a common set of secure XML encodings for the patron formats specified in CBEFF, the Common Biometric Exchange File Format (NISTIR 6529). These XML encodings are based on the ASN.1 schema defined in ANSI X9.84 Biometric Information Management and Security. For security purposes, they make use of the Canonical XML Encoding Rules (CXER) for ASN.1 defined in ITU-T Rec. X.693, and rely on the security and processing requirements specified in the X9.96 XML Cryptographic Message Syntax (XCMS) and X9.73 Cryptographic Message Syntax (CMS) standards." Section 7 provides the XCBF Schema in the form of ASN.1 modules (X9-84-Biometrics Module, X9-84-CMS Module, X9-84-Identifiers Module). Examples for readers and implementors are supplied in Section 8 with the goal of promoting secure, interoperable biometric applications and systems. Voting by the OASIS membership will take place during the latter half of August 2003.
The document submitted for approval as an OASIS Standard is the June 2003 version 1.1 Committee Specification.
XML Common Biometric Format. Committee Specification, Version 1.1. June 2003. 74 pages. Edited by John Larmouth (Individual Member). Contributors: Tyky Aichelen (TC Chair, IBM), Ed Day (Objective Systems), Dr. Paul Gérôme (Individual Member), Phillip H. Griffin (Individual Member), John Larmouth (Individual Member), Monica Martin (Sun Microsystems), Bancroft Scott (OSS Nokalva), Paul Thorpe (OSS Nokalva), Alessandro Triglia (OSS Nokalva), Rick Randall (Booz Allen Hamilton), John Messing (American Bar Association), Clifford Thompson (Individual Member), John Aerts (LA County Information Systems Advisory Body), and Michael Nguyen (The Infocomm Development Authority of Singapore).
XCBF Specification Overview
Biometrics are automated methods of recognizing a person based on physiological or behavioral characteristics. They are used to recognize the identity of an individual, or to verify a claimed identity. This specification defines a common set of secure XML encodings for the patron formats specified in CBEFF, the Common Biometric Exchange File Format (NISTIR 6529). These CBEFF formats currently include the binary biometric objects and information records in two ANSI standards.
These XML encodings are based on the ASN.1 schema defined in ANSI X9.84:2003 Biometric Information Management and Security. They use, for security purposes, the Canonical XML Encoding Rules (CXER) for ASN.1 defined in ITU-T Rec. X.693, and rely on the same security and processing requirements specified in X9.96 XML Cryptographic Message Syntax (XCMS). Values of the Biometric Information Record (BIR) defined in ANSI/INCITS 358-2002 - Information technology - BioAPI Specification that can be represented in the X9.84 biometric object format can also be represented using XML markup and secured using the techniques in this standard.
This standard defines cryptographic messages represented in XML markup for the secure collection, distribution, and processing, of biometric information. These messages provide the means of achieving data integrity, authentication of origin, and privacy of biometric data in XML based systems and applications. Mechanisms and techniques are described for the secure transmission, storage, and integrity and privacy protection of biometric data.
This document describes the process for translating between an X9.84 BiometricObject and a BioAPI-1.1 Biometric Information Record (BIR). The X9.84 schema is the same as the schema defined in this standard and provides a common means of representing in XML markup the binary values described in the X9.84 and BioAPI-1.1 standards. Once BIR format values are represented as values of type BiometricObject they can be secured using the techniques described in this standard. [adapted from the Introduction]
Three examples are provided in Section 8 of the specification "to assist readers and implementors of this standard, and with the goal of promoting secure, interoperable biometric applications and systems."
The BiometricSyntaxSets (CXER, DER) example "illustrates a value of type BiometricSyntaxSets encoded in XML markup using the basic XML Encoding Rules (BASIC-XER), a canonical variant of the XML Encoding Rules (CXER) and a compact, canonical, binary format using the ASN.1 Distinguished Encoding Rules (DER). The XER, CXER and DER representations use exactly the same abstract values, based on the same XCBF ASN.1 schema. Two representations are well-formed XML markup. The third representation is a compact, binary DER encoding. Both CXER and DER are suitable for use in cryptographic applications involving digital signatures, since these encoding rules provide one and only one way to encode any given value..."
A SignedData example "illustrates how to encode one or more biometric samples or templates for cryptographic enhancement to provide authentication of origin and data integrity services for biometric samples or templates.
An EncryptedData (fixedKey) example "illustrates how to encode a series of one or more biometric samples or templates for cryptographic enhancement. A group of three biometric objects is used, though XCBF allows any number of objects to be included. The optional, cleartext biometric headers are not included in the example message. The group of three biometric objects is encrypted for privacy using a fixed Triple DES key. As shown in this example, XCBF users can create and exchange arbitrary collections of biometric information to suit the needs of their security applications. This capability provides the application designer complete flexibility. The order of the biometric objects is determined in the application by the sender, allowing them to prioritize or order biometric information for purposes such as aging of data, or grouping records by quality or data type or entity..."
Arbitrary collections of biometric information: "Collections of useful biometric information include:
- pairs of iris image templates for an individual; one for each eye
- collections of paired iris image templates for a group of individuals
- collections of finger print image templates, one per digit for an individual
- sets of individual finger print image template collections for a group of persons
- a collection of mixed biometric templates for an individual; say, retina, hand geometry, and DNA
- collections of templates for groups of individuals, such as:
- all employees at work today, or
- all of the passengers on Flight 12, or
- all of the finger print samples collected on Tuesday
XCBF TC Charter
The OASIS XML Common Biometric Format (XCBF) Technical Committee was chartered to define "a common set of secure XML encodings for the patron formats specified in CBEFF, the Common Biometric Exchange File Format (NISTIR 6529). These XML encodings will be based on the ASN.1 schema defined in ANSI X9.84:2003 Biometrics Information Management and Security. They will conform to the XML Encoding Rules (XER) for ASN.1 defined in ITU-T Recommendation X.693, and rely on the security and processing requirements specified in X9.96 XML Cryptographic Message Syntax (XCMS)."
Declarations of Successful Use
One requirement for approval of a Committee Specification as an OASIS Standard is a declaration by at least three OASIS member organizations stating that they are "successfully using the specification consistently with the OASIS IPR Policy." See the statements from:
- XML Common Biometric Format. CS Version 1.1. [source .DOC]
- OASIS XML Common Biometric Format TC website
- Mailing list archives of the XCBF TC
- IPR statements. Statements or declarations regarding IPR related to the work of the TC:
- Approval from the Chair of X9 to create a derivative work. 04-April-2002.
- Approval from SecuGen to create a derivative work. 30-April-2002.
- Comments on the specification: send email to email@example.com
- Contact: Tyky Aichelen (IBM, TC Chair).
- XCBF Specification Submitted for Consideration as an OASIS Standard. Posting from Tyky Aichelen and Karl Best. [source]
- See also: "OASIS XML Common Biometric Format Moves Toward Standardization."
- See also: "OASIS Forms Technical Committee for XML Common Biometric Format (XCBF)." News item 2002-02-11.
- Related: "NIST HumanID Evaluation Framework Uses XML for Biometrics"
- "XML Common Biometric Format (XCBF)" - Main reference page.