Researchers at the NIST have developed and published a new
protocol for communicating with biometric sensors over wired and wireless
networks—using some of the same technologies that underpin the Web.
The new protocol, called WS-Biometric Devices (WS-BD),
allows desktops, laptops, tablets, and smartphones to access sensors that
capture biometric data such as fingerprints, iris images, and face images using
Web services. Web services themselves are not new; for example, video-on-demand
services use Web services to stream videos to mobile devices and televisions.
The WS-Biometric Devices protocol will greatly simplify
setting up and maintaining secure biometric systems for verifying identity
because such biometric systems will be easier to assemble with interoperable
components compared to current biometrics systems that generally have
proprietary device-specific drivers and cables. WS-BD enables interoperability
by adding a device-independent web-services layer in the communication protocol
between biometric devices and systems.
Remember the last time you bought a new computer only to
learn that you then had to upgrade your printer and find the appropriate
drivers? For system owners, the difficulty of upgrading devices on a biometric
system can mean significant costs. Using the WS-BD protocol eliminates that
problem.
“This would be useful to many organizations that house
biometric systems, including border control and customs agencies,”
explained computer scientist Kevin Mangold. Using current biometric systems,
when one biometric sensor breaks, it can be expensive and time-consuming to
find a replacement because manufacturers often change product lines and phase
out previous generation devices. A few broken devices could entail having to
rebuild the entire system, upgrade devices and drivers that may be incompatible
with host operating systems, and retrain personnel, he said.
Biometrics are playing an increasing role in security,
access control and identity management. And their use is expanding—for example,
some theme parks use biometrics for access control. Fingerprints are used in
conjunction with passwords for computer security. Many jobs require employees
to provide biometrics; using WS-BD equipment could potentially reduce costs by
facilitating interoperability in biometrics devices.
A 2010 National Academies study, Biometric Recognition:
Challenges and Opportunities, recognized that “Biometric systems
should be designed to anticipate the development and adoption of new advances
and standards, modularizing components that are likely to become obsolete, such
as biometric sensors, and matcher systems, so that they can be easily
replaced.”
NIST researchers recognized this need several years ago and
developed a solution with the support of the Department of Homeland Security
Science and Technology Directorate, the Federal Bureau of Investigation’s
Biometric Center of Excellence and NIST’s Comprehensive National Cybersecurity
Initiative. NIST also is working with industry through the Small Business
Innovation Research Program to help bring these plug-and-play biometric devices
to market.
Two NIST researchers recently demonstrated the
NIST-developed WS-BD system in their laboratory using a tablet and two
biometric sensors. A tap on the tablet signals the Web-enabled fingerprint
sensor to capture four fingerprints from the individual whose hand is on the
scanner and send it back to the tablet. A tap on another button controls a
camera to take a photo for facial recognition.