NIST Standards for New Biometric ID Card Published

rts008 writes "eWEEK is reporting that NIST has published the biometric data specs on the new Federal ID cards for employees and contractors that will be issued in October. From the article: 'Specifically, the guidelines state that two fingerprints must be stored on the card as "minutia templates," mathematical representations of fingerprint images. [...] Guidelines require that all biometric data to be embedded in the CBEFF (Common Biometric Exchange Formats Framework) structure. This ensures that all biometric data will be digitally signed and uniformly encapsulated. This format will apply not only to PIV cards, but also to any other biometric records kept by federal government agencies.'" The published standards [PDF] are also available from the NIST web site.

Re:New CAC Cards?

[pedestrian crossing]

Current CACs have biometrics. Remember pressing your thumbs on the reader when you got it?

Re:Fingerprints- Come on read the summary at least

[Anonymous Coward]

They don't store the actual fingerprint. They store what ammounts to a hash of your fingerprint.

Minutia Templates

[Epicyon]

What is being stored is the mathmatical representation of the fingerprint, not an image of the fingerprint itself.

It is not possible to recreate the image of a fingerprint from the template. [identix.com]

Re:Fingerprints?

[Reaperducer]

But... fingerprints can be stolen. How does storing someone's fingerprint on these cards make them better than any other form of ID? If the image of your fingerprints is on the card, then anyone who has stolen your card can make fake fingerprints

It doesn't sound like they're storing the actual finger prints, but a mathematical representation of them. Which could mean some kind of one-way mathematical hash, like many computers have for passwords. I'm not saying it's perfect, but I don't see how it's possible to take a set of numbers and create someone else's fingerprints. Sounds like someone's dishing out warm steaming bowls of FUD for breakfast.

You can't get the fingerprint out of the card

[Anonymous Coward]

What is stored for biometric data is not an image of the fingerprint or anything like that. It's actually a hash of your fingerprint. Ideally, it would be a one-way hash (such as a cryptographic hash of your password stored in the .shadow file on a linux box). It should be "hard" (in the CS/math sense of the word) to find an actual fingerprint that will recreate the hash.

Re:Static bad; biodata static :. biodata bad.

[maxume]

Simply, this is better than a card without the fingerprints. See:
http://it.slashdot.org/comments.pl?sid=176330&cid= 14646699 [slashdot.org]

for why it is more 'trustworthy'. As long as the data is signed and the data stored isn't sufficient to generate fingerprints from, a biometric card like this does a pretty good job of ensuring that the card was issued to a person with matching fingerprints.

As far as biometrics providing 'static' versus 'dynamic' keys, if the card stores a salted hash of the actual data, then the keys are dynamic enough to be re-issued. New salt every month or whatever, for newly issued cards. As long as your secret sauce^h^h^lt stays secret, it's fine.

How sure you are that only authorized cards are issued(how secure is your trust mechanism) isn't really part of evaluating the card. It might make the card impractical, but it doesn't change the fact that it is better.

Identity is *hard*. I like to think of my drivers license as a symbol of the fact that the State of Michigan believes I am who I say I am. Other peoples drivers licences are either symbols of the same, or that they were willing and able to pay to fake it. I know I am me, and I know I obtained the license, so I don't have to make the exception for mine being fake. You still do. It is still useful to issue them, as it allows other people to say 'Michigan is careful enough that I can trust that card this much' and use it as my identity with lower risk(probably) than just using whatever I say.

Project website

[Midnight Warrior]

For those seeking to follow the actual PIV program for federal employees/contractors, check out their home page [nist.gov].

Re:Quality of the card is irrelevant

[Intellectual Elitist]

> Why would I try to crack the card when I could just offer a small sum of money to the nice lady working the security desk, and making the cards? Or if she's got too much integrity for that, I suppose I could just kidnap her son/daughter? I'm quite confident she'd make me a card then.

Because the PIV system is designed so that a single corrupt person in the chain can't wind up issuing a valid credential. The person who sponsors your application is different from the person who collects your biometrics, who's different from the person who puts together your physical card, who's different from the person who checks your biometrics against the final card and issues it to you. You'd have to bribe at least a couple of people in that chain in order to get an illicit card that actually worked.

Re:How does this prevent fake IDs?

[Intellectual Elitist]

> What stops me from making a fake ID card, that says I'm somebody else, but with MY fingerprints encoded in the card.

The fingerprint minutiae templates are digitally signed and protected by a PIN, and the cards are only issued by approved PIV Issuers who have to get all of the data used on the card through a secure network that you wouldn't have access to. And even if you did, you'd have to corrupt at least two of the major players in the issuance process in order to create a fake card.