Feds to use faster, safer fingerprint standard

Biometric manufacturers and most federal agencies could get a long-awaited present this holiday season — the fingerprint storage standard they want for the federal government's new Personal Identity Verification (PIV) cards.

By the end of December, the government is expected to announce that the cards must use a mathematical, minutiae-based template of fingerprint images of cardholders' two index fingers instead of compressed images of the prints themselves, said Kevin Crouch, portfolio manager for Homeland Security Presidential Directive 12 (HSPD-12) implementation at the Homeland Security Department's Joint Office of Identification and Credentialing.

Vendors are excited because the standard would allow faster authentication with less data and more privacy. "This new template will stimulate the industry to have more companies providing products to meet this standard, which is a major step forward for the biometric industry," said Neville Pattinson, director of technology and government affairs at Axalto.

PIV cards are required under HSPD-12, a mandate from President Bush that all federal employees and contractors have secure credentials for physical access to federal facilities and networks.

HSPD-12 requires an interoperable format for storing biometric data on PIV cards. Federal agencies are required to begin issuing the cards to new employees Oct. 27, 2006, and must use them to replace 3.5 million federal credentials by 2009.

The switch breaks a nearly yearlong deadlock over whether the PIV cards should use images or templates, said Walter Hamilton, chairman of the International Biometric Industry Association and vice president and general manager of biometric solutions at Saflink.

The decision marks a victory for the biometric industry over the National Institute of Standards and Technology.

The delay in deciding on a fingerprint storage standard has made it harder for vendors to meet the 2006 deadline because they did not want to waste time and money developing products without knowing what standard those products would have to meet, Hamilton said.

He said he has heard from a number of federal contacts that the policy coordinating committee for the White House's Homeland Security Council, which decides on the standards that NIST implements, met recently and responded favorably to using templates.

The council's meeting is a positive development, even though the Office of Management and Budget has not confirmed that the standard will change, Hamilton said.

Biometric industry leaders have been concerned that NIST would require images on the PIV cards, said Randy Vanderhoof, executive director of the Smart Card Alliance. The 32K chips on most smart cards are too small to hold images along with users' access certificates and personal data, he said. If images were required, vendors would have to upgrade to 64K or even 128K of memory, drastically increasing costs and the time to get compliant products to market, he said.

The template standard means that vendors will be more likely to have their products certified quickly, Vanderhoof said. That in turn increases the chances that vendors can get on the General Services Administration schedule and start selling their products before October, he said.