Electronic Commerce: Move Toward Biometric Standards Under Way

Three of the biggest names in information technology joined with two relative minnows last week in launching an initiative to set standards in biometric security.

The companies are trying to eliminate technological confusion in hopes of encouraging development of cost-effective systems for identifying computer users by bodily attributes.

"These biometric technologies go beyond passwords and raise the bar" for identification, said Bill Perry, senior project manager of London-based Barclays Bank, not a member of the new consortium but an endorser of it. "I need the flexibility to swap out biometric products from different vendors as easily as I am able to exchange my office or banking applications."

"We are ready for prime time now," said Oscar Pieper, president of Identicator Corp., San Bruno, Calif., a fingerprint system vendor that is in the biometric support group. "Getting up some momentum is terribly important."

Identicator shares charter member, or "promoter," status in what has been dubbed the BioAPI Consortium. The others are Miros Inc. of Wellesley, Mass., a facial imaging software company, and the three giants: Compaq Computer Corp., International Business Machines Corp., and Novell Inc.

Led by Compaq and the consortium's designated secretary Tom Koenig, who works for Compaq, they set out to build a membership last week at the Cardtech/Securtech conference in Washington, a major gathering place for the smart card, biometric, and data security communities.

People attending an introductory meeting reportedly raised questions about the stratification of membership. The original members are "promoters"; "contributors" would help draft the desired API, or application programming interface; and "adopters" would support the final specification by incorporating it into products.

Organizational structure aside, people in the biometric industry have been grappling with a handful of different APIs that may complicate system development and purchase decisions. Two IBM officials prepared a Cardtech/Securtech presentation on "A Generic Biometric API" to address the problem.

A standard would "protect customers' application investments and accelerate the biometric industry's growth," said IBM research vice president Caroline Kovac.

The move from proprietary software to standard APIs would be a sign of maturity in the field, said Catherine Tilton, project manager of National Registry Inc., Tampa, a biometric system company that joined with Miros and several others on a steering committee for a generic proposal called the Human Authentication Application Programming Interface.

Known as HA-API, the effort had a "proof of concept" demonstration late last year for the Department of Defense.

"To be viable in the commercial marketplace, some standardization is required in order to leverage investments in the technology and to be competitive with other technologies," Ms. Tilton said.

At the Cardtech/Securtech exposition, TrueTouch Technologies Inc. of Winter Garden, Fla., demonstrated its entry, the Biometric Authentication Application Programmers Interface.

This "BAAPI" was described as "the world's first unified API for Windows 95 or NT that allows all popular biometric hardware and software devices to communicate and successfully interoperate."

Ben Miller, chairman of the Bethesda, Md.-based Cardtech organization and an expert on biometrics, said the BioAPI Consortium is taking on a difficult task, but he called it "a very significant development."

"The APIs have been stimulated by the market for enterprise security," Mr. Miller said, referring to the trend toward corporate intranets that require more reliable user authentication, especially when employees dial in from remote locations.

The BioAPI organizers are thus focusing initially on corporate or business-to-business applications, which could eventually spill over into consumer electronic commerce.

The reasoning is similar to that of an initiative also announced last week by Microsoft Corp. to promote and certify smart card readers on PCs with the Windows operating system. Microsoft said demand is mainly for business use with version 5.0 of Windows NT, but home banking and other consumer uses could follow as PCs with card devices proliferate.

There could eventually be a convergence of PC smart-card readers with fingerprints or other biometric data stored in the cards' integrated- circuit chips.

V-One Corp. of Germantown, Md., added its endorsement Monday, calling BioAPI "a natural fit" with its smart-card-based security system for virtual private networks.

"There is a lot of interest in the smart card," said Mr. Pieper of Identicator. "We see it as the transaction card of the future. The question is, when?"

Partial to his own fingerprint-input device, he asked, "What could be simpler than a keyboard and a mouse?"

Identicator and Miros both have banking and payments industry visibility. Identicator has placed thousands of inkless fingerprint pads at bank offices, designed to deter fraud in check cashing and account openings. It has supplied biometric components for an Army smart card program at Fort Sill, Okla.; for a seven-million-card social services program in Spain; and for a security system at MasterCard International headquarters in Purchase, N.Y.

Miros, which has strategic alliances with Compaq, IBM, Microsoft, Novell, the Cash America check-cashing chain, and others, has adapted its TrueFace Engine for automated teller machine security.

"It is vital to the health of our industry that an independent group has undertaken the establishment of a new, open standard that customers can depend on for biometric technology," said Miros president and chief executive officer Michael Kuperstein.

The BioAPI Consortium described its objective as "making biometric technologies-initially fingerprint, voice, and face recognition-more readily available to the mainstream commercial marketplace, helping to establish broad cross-industry endorsement and support."

It wants standard application programming interfaces that "provide customers access to a wide variety of biometric hardware and software as well as allow them to readily utilize products from different vendors."

MasterCard's testing led it to conclude that "biometrics holds the ultimate security key to future payment systems," said Joel Lisker, the card association's senior vice president for security. "We therefore applaud the efforts by the BioAPI Consortium in developing compatibility standards for biometrics."

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER