Committee Aims To Boost E-Commerce Biometrics

E-business standards consortium OASIS on Thursdayannounced it has formed a committee to specify a standard way to use XML (extensible markup language) in biometrics for e-commerce and other applications.

“Biometrics, in essence ‘what you are,’ are destinedto replace ‘what you know’ items such as PIN numbers,and to augment ‘what you have’ forms ofidentification such as cards,” committee chairPhillip Griffin said.

The new specification, called the XML Common Biometric Format (XCBF),will describe information that verifies identity based on human characteristics, such as DNA, fingerprints, iris scans and hand geometry.

It will be used in biometric applications thatfacilitate authorization processes in e-commerce, measureattendance and control online document access.

Ready or Not?

OASIS is one of many organizations dealing inbiometrics, but the average consumer may not be readyfor usable implementations, according to some analysts.

“September 11th drove this idea high onto the public’sradar,” GartnerG2 analyst Laura Behrens told theE-Commerce Times. “The concept is very appealing, butconsumers are not ready for biometrics at its currentstate of the art or at current deployment conditions.”

Cost Barrier

The problem, Behrens said, is that implementationcosts for biometric applications are prohibitivelyhigh.

“The costs will not come down to the point of ubiquityin the near term,” she said. “The technology is notdeployed widely enough to enjoy economies of scale.”

Even in current systems that work only tolerably, she added, per-user costs can reach US$100, and expenses skyrocket for more sophisticated systems like iris scans.

Work in Progress

What is more, execution details are still largelyundefined, according to analysts. A variety of housing devicesfor biometrics are still in the experimental stage, including smart cards, key chains and implanted computer chips.

“Any one authentication solution is not a perfectpanacea,” Behrens said.

Passwords and PIN numbers are enough for manyapplications, she added, but biometric authenticationcould play a role in e-commerce arenas that requirehigher security, such as prescription medication.

Boosting Biometrics

Toward this end, the committee’s goal is to improve upon current conditions and to streamline theonline transmittal of biometric data.

“The message syntax for transferring informationacross the Internet seems to be focused on XML-baseddialects, and biometric information is no different inthis respect,” said Jeff Stapleton of ANSI (American NationalStandards Institute).

The committee’s charter is to define a set of XMLencodings for the Common Biometric Exchange FileFormat (CBEFF) — drafted by ANSI and managed by the NationalInstitute of Standards Technology (NIST). The CBEFF format describes data elements that are necessary to support biometrictechnologies in a standard way.

Participation in the OASIS committeeremains open to all organizations and individualsinterested in advancing a standard XML schema forbiometrics. The committee’s completed work will be available to the public without licensing fees.