Feature Company

Interview with Cathy Tilton, VP of Standards and Emerging Technologies, Daon
May 2006

FB

First of all, congratulations on your new position at Daon!

CT

Thank you very much!

FB

What areas will you be focusing on at Daon?

CT

I am going to be the focus for Standards participation, but that is not going to be my only responsibility. I continue to work on specific projects that my services are required on. In the future, as I learn more about our product line-up, I will also be able to help with things like proposals and consulting work.

FB

What Standards bodies are you currently involved with?

CT

The main ones are the INCITS M1 Group, the International Committee on Information Technology Standards; that's the focal point. Even though it's international, it's considered a "national body" in terms of the international Biometric Standards focus, as it feeds up into SC 37, which is also biometrics. I head the US Delegation to that group at ISO - ISO/IEC JTC1 SC 37. And then the other group that I have been working with is OASIS, Organization for the Advancement of Structured Information Standards, which is the group that does a lot of the web services standards. There is a new project we are working on which is a collaborative effort between INCITS and OASIS.

FB

When we completed our recent Year in Review where we spoke with about 40 companies around the world in the Biometrics area, what came across clearly was that Standards was one of the most important developments that had occurred in 2005 in a positive manner. Could you review for us some of the positive gains for the industry on the Standards front in 2005?

CT

I think the number one thing is that SC 37 approved its first ISO standards for Biometrics. Four Standards were approved, all in the area of data interchange formats. That has its own significance because many of those are in turn called out by the ICAO documents for the e-passport programs. That was something that was done internationally, had international participation and co-operation, and is a real success story considering that SC 37 met for the very first time in December of 2002 and then in 2005 the first standards came out the door from that group.

FB

That is a very positive turn-around time!

CT

It is, and at the international level I know some people get frustrated because it can take a while. You can't decide one day you are going to do it and the next month out pops the standard. It takes time, there are procedures for doing it. It's a consensus process and there are about 21 countries that are key members of SC 37, so trying to get countries to agree on anything that quickly is pretty amazing!

FB

Trying just to find time to meet with that many participants is difficult enough.

CT

SC 37 meets about every 6 months. Different countries host the meetings so, for example, the meeting in January was hosted by Japan in Kyoto. The next one is going to be in July in London.

FB

The National Institute of Standards and Technology, NIST, issued the final publication describing how Biometrics should be stored on personal identification verification- PIV cards. Can you describe the significance of that for us?

CT

I think the two things I find most significant about it are, first of all, it represents an endorsement of the standard fingerprint minutia template, which in this case is the INCITS 378 version of that template for one-to-one applications - so this is pretty much a first (though that template was actually used on the TWIC phase 3 prototype as well). But since the PIV program is so huge and having so much focus, and the fact that it did change from the initial draft which had finger images on the card and this final version that has minutia templates on it, I think is very significant. To me it serves as an endorsement for that Standard. The second thing in the PIV SP 800-76 specification is that it incorporates several ANSI (American National Standards Institute) standards and clearly delineates where these will be used and where traditional law enforcement standards apply.

FB

Another comment that came up in our Year in Review was the fact that the European Union wants a 5-Year action plan requiring interoperable Biometric identifiers in Europe. Can you elaborate a little bit on that for us?

CT

My understanding of what the Europeans are doing is not that they are attempting to develop something different than what SC 37 is doing, but they will be more co-ordinated in how those standards are used and applied.

FB

Are there any other areas in terms of Standards development in the past year you would like to cover off for us?

CT

Well I have a couple of statistics for you. Coming out of the Kyoto meeting, and there has been an update subsequent to this since then, I mentioned that the number of approved standards at that point was 4. Those were approved in 2005, but there are a number of other projects at different levels of progression. From highest to lowest - at FDIS level, which is Final Draft International Standard, the level that gets balloted just before the document is approved, there are 9 projects. At the FCD level, which is Final Committee Draft, there are 7 projects. At CD level, which is Committee Draft, there are 8 projects. And at the working draft stage, there are 6 projects. So there is a lot going on in the Standards space!

FB

Wow, that is over 30 different projects!

CT

And there are new projects coming along as well that aren't included in those statistics because they haven't made it to working draft level, and there are also a couple of amendment projects. There is just an awfully lot going on because there are 6 working groups within SC 37 and each one of them has its own program of work. Now since Kyoto, three of those projects at the FDIS level were approved. So they are at the stage where FDIS has been approved and there are probably a couple of little minor editorial things that have to be done to them before they are published. They are considered approved at this point.

FB

That sounds like a full agenda!

CT

It is very full! Another statistic is that currently M1 has 14 approved standards. They started a little prior to the SC 37 group.

FB

So it sounds as if everything has really moved into high gear.

CT

It really has. Since 9/11 a lot of things have accelerated with regard to standards and it is not a coincidence at all. There is recognition that Biometrics needed to play a role in some of the security programs that resulted from the legislation that came out of 9/11, and so then people asked themselves, "Where are the standards that go with these technologies that we are needing to deploy?" So the recognition of the need occurred at that point.

FB

In summary, again from our Year in Review one of the questions we asked was Ð what's the most pressing issue facing the industry? Interesting, although we received very positive feedback about standards with regard to the progress made in 2005, it also still appears as one of the greatest challenges facing the industry as we move into 2006, along with testing, certification and implementation of Biometrics in accordance with these standards.

CT

It is interesting that you say that because when it comes to challenges facing the industry, that is one of the things that I noted as a need. First of all, there are still some gaps that exist and the gaps are surely but slowly being filled. Two of the gaps that were identified, and for which new projects have been started, are in the area of biometric web services (and that is the collaboration between INCITS and OASIS that I mentioned earlier) and the other is for a voice data interchange format. If you look at all the data interchange formats in M1 and SC 37 you don't see Voice anywhere, because that group has typically worked with the telephony community and has not been as tied in with the biometrics community in the past. So that is changing and that gap is in the process of being filled. The Voice XML group is working on this with M1.

Second on my list is adoption. Adoption is always problematic. Many times it requires that customers demand conformance from the vendors because many vendors, especially biometrics vendors, are small. They are watching their resources and they are not going to do it unless somebody makes them do it. Plus they have this tendency, and this applies to any technology not just biometrics, to stay proprietary as long as they can because then they can have this lock-in effect. So sometimes there can be a little bit of resistance from the vendors, but when the customers demand it, then the vendors do it.

The last area is conformance testing. In addition to the base standards, there is a need for standards for conformance. Each standard usually has a conformance clause, however, what is happening now is that there are separate standards being developed for conformance testing methodologies In some cases, conformance test suites are also being developed. For example, there is a conformance test suite, which should be released soon for BioAPI. Okay, now you have the conformance test standards and suites but what is this conformance testing program that is put in place? Sometimes it may be a certification or a qualification program. In other instances it's vendor's self claim of conformance, but because some of these standards are being called out in large government programs, I think you may see those type of qualification requirements coming into existence.

FB

Thank you very much for providing an update on the Standards area. I think it is good that Daon is applying focus in this direction because when we talk with folks in the industry it is clearly one of the most important areas.

CT

You are most welcome, Peter.

back
RSS News Feed
RSS Biometrics Industry Events

Showcases
Fingerprint
Iris Recognition
Hand & Finger
Facial Recognition
Voice/Speaker
Consultants
Smart Cards/Multimodal
Signature/Keystroke
2D Barcodes
Sensors
Middleware/Software
Vascular Pattern Recognition

Applications



Site Search



Sponsor Links

BIO-key
 BIO-key develops and licenses advanced biometric finger identification technologies that are cost effective, scalable and easy to deploy.

Identica Corp.
Is the exclusive provider of the Techsphere Hand Vascular Pattern Recognition biometric solution in the USA, Canada, Mexico and the Caribbean Islands.

ZK Software
 ZKSoftware Inc. is a leading OEM/ODM manufacturer offering Fingerprint Time & Attendance and Access Control, Fingerprint Door Locks and IT products.

Ceelox
Ceelox is a developer and marketer of biometric authentication and biometric file security software products.

Datastrip
Datastrip is the leading provider of biometric verification devices in today's mobile arena, enabling fast, accurate identity verification.


Guides

What are "Biometrics"?
Biometrics Glossary
How Well Do Biometrics Work?
Identification vs Verification


Articles & Research

US VISIT Fact Sheet
The Anatomy Lesson
Smile: You're On Scan Camera
Privacy - Friend or Foe?
New Opportunities for Biometrics
Let Me In!
Archived Q & A's
Videos & Product Demos



Biometrics Events | Biometrics Links | Biometrics Press Releases
Biometrics Feature Articles | Biometrics Company Q&A's | Biometrics Product Videos/Demos
About Us | Contact Us | Advertising Info | Privacy Policy | Terms of Use