Date: November 28, 2003
Results
of Ballot M1/03-0583 - Approval of Border Management Application
Profile Specification for Public Review
|
Organization |
YES |
NO |
ABSTAIN |
No Response |
Comments |
|
3M/AiT |
X |
|
|
|
1 |
|
Aerospace |
|
X |
|
|
2 |
|
Assa Abloy ITG |
X |
|
|
|
|
|
Atmel |
X |
|
|
|
|
|
AuthenTec |
X |
|
|
|
|
|
Authenti-Corp |
X |
|
|
|
|
|
AWARE Inc. |
X |
|
|
|
|
|
Biocom |
X |
|
|
|
|
|
Bioscrypt Inc. |
X |
|
|
|
|
|
Biometric Foundation |
X |
|
|
|
|
|
Business Solutions |
X |
|
|
|
|
|
Crossmatch Technologies |
X |
|
|
|
|
|
Daon |
|
|
|
X |
|
|
Datacard Group |
|
|
|
X |
|
|
DCTA |
X |
|
|
|
|
|
ID Technology Partners, Inc. |
X |
|
|
|
|
|
Identix |
|
|
|
X |
|
|
Infineon Technologies |
|
|
|
X |
|
|
International Biometric Group |
X |
|
|
|
|
|
Iridian Technologies |
X |
|
|
|
3 |
|
Iritech |
|
|
|
X |
|
|
LaserCard Systems Corp. |
|
|
|
X |
|
|
LockHeed Martin Information Systems |
|
|
|
X |
|
|
Mississippi Valley State University |
X |
|
|
|
|
|
Mitretek Systems |
X |
|
|
|
|
|
National Biometric Security Project |
X |
|
|
|
|
|
National Security Agency |
X |
|
|
|
|
|
NEC Solutions |
|
|
|
X |
|
|
NIST |
X |
|
|
|
4 |
|
OSS Nokalva |
X |
|
|
|
|
|
Purdue University |
|
|
|
X |
|
|
Recognition Systems |
|
X |
|
|
5 |
|
Saflink Corp. |
X |
|
|
|
|
|
Sagem Morpho Inc. |
|
|
|
X |
|
|
Security Industry Association |
|
|
|
X |
|
|
Sony Electronics Inc. |
|
|
|
X |
|
|
STMicroelectronics |
|
|
|
X |
|
|
Transaction Security, Inc. |
X |
|
|
|
|
|
Unisys Corp. |
X |
|
|
|
|
|
US Department of Defense – BMO/BFC |
X |
|
|
|
|
|
US Department of Defense - DISA |
X |
|
|
|
|
|
US Department of Homeland Security – TSA |
X |
|
|
|
|
|
US Department of Justice |
X |
|
|
|
|
|
US Department of State |
X |
|
|
|
|
|
US Department of Transportation/FAA |
|
|
|
X |
|
|
West Virginia High Technology Consortium Foundation |
X |
|
|
|
|
|
TOTALS |
30 |
2 |
|
14 |
|
Comments Received:
1. 3M-AiT Comments:
The following comments are not of a substantive nature and do not prevent
3M-AiT from voting YES on the letter ballot, but may be useful to the editor
during comment resolution.
1 Scope
Considerations such as the
design of port-of-entry booths, camera position and lighting, sensor specifications,
sensor location and orientation, etc., have major impact on the successful
incorporation of biometric technology into the border management realm, but are
not currently subject to normative standards and are thus outside the scope of
this profile.
This paragraph should be
changed to reflect the fact that sensor specifications, lighting and other
similar issues are addressed in the latest revisions of some of the M1 Data
Formats standards such as M1/03-0494 and M1/03-0414.
They may be out of scope, but not because the are not subject to normative
standards.
A.3.1.2
All entries
under Profile Status Identification are optional. It is not clear how this
would work in practice, since if some of the critical features are missing but
others are included, the result will be useless. Either all of the required
features should be optional as a group or the entire column should be not
applicable.
A.3.1.3 and
A.3.1.4
Two of the
columns in each Table are blank. It is not clear what this means.
A.3.4
It might be
beneficial to differentiate between different functions of the border
management application profile when referring to the X9.84-2003 standard. As an
example, a comparison of a BIDR stored on a travel document with one captured
at the time of arrival may not allow mutual authentication between components
because in most cases the travel document will not support authentication of
the receiving state’s equipment.
2.
The Aerospace Corporation Comments
General
Comments
|
Number |
Comment |
|
1. |
This document
is still in Draft form, I’d thought that we had approved the revision of this
document filling in missing holes in annexes and removal of change bars, as
the document to be forwarded to INCITS for public review, not M1/03-0557.
Satisfactory resolution of my following specific comments will allow me to my
vote to yes. |
|
Number |
Section |
Item of Interest |
Comment |
|
1. |
Header
on even and odd pages |
When printed,
the document header indicates different documents on even and odd pages.
INCITS/M1-03-0557 or INCITS/M1-03-00384 |
Header
should consistently reference the correct document number. |
|
2. |
Section
1 |
Change
bars displayed to the left of first and third paragraphs. |
Disable
revision history highlighting in the editor. |
|
3. |
Section
4 terms |
Some
terms contain the following text: “(ISO/IEC JTC 1 SC 37 harmonized
definition)” |
Remove
this text from the document. |
|
4. |
Section
4.2 |
“Pertaining
to the field of biometrics (see 0).” |
What
is 0? Shouldn’t this be (see 4.7)? |
|
5. |
Section
4.3 |
Biometric
data block should be defined here as BDB where BDB is used in the definition
of a BIR. |
Change
title of 4.3 to read Biometric data block (BDB) |
|
6. |
Section
4.12 |
Definition
for Privacy |
The definition provided here is not a
definition for privacy but sounds more like data protection and use. In general
privacy in the context of this is something like from dictionary.com 1. a. The quality or condition of being secluded from the presence or view of others. b. The state of being free from unsanctioned
intrusion: a person's right to privacy. 2. The state of being concealed; secrecy. Loss
of privacy could be from unsanctioned processing by computer programs with
out the knowledge or consent of the individual, to the unsanctioned sale of
personal information. This term and the concepts surrounding it need to be
revised. |
|
7. |
Section
5 |
Remove
this section, by consolidating it with section 4. Where items are not defined
(for example API) add a definition. |
|
|
8. |
Section
6 first paragraph |
“At
bottom, biometric technologies are only able to …” |
Remove
the term At bottom so the sentence reads … “Biometric technologies are only
able to …” |
|
9. |
Section
6 first paragraph last sentence |
The following sentence doesn’t parse well. It is
important, then, to understand the boundaries of biometric capability both to
grasp the applicability of biometrics to the entire border management system,
and to appreciate the limited scope of this application profile. |
How about changing it to
the following? It is important, then, to understand the boundaries of biometrics capabilities by
grasping the applicability of biometrics to the entire border
management system, and to appreciate the limited scope of this application
profile. |
|
10. |
Section
6.1.2 item 5 in the list |
Use
BIDR for both occurrences of Biometric Interchange Data Record. |
|
|
11. |
Section
6.1.4 3rd paragraph |
Sentence
has two periods: “…possible comparison
against watch lists..” |
|
|
12. |
Section 6.3 |
Remove
tbd in the following sentence, replacing it with the appropriate information:
“… conform with the corresponding part
of ANSI (tbd), as specified in Annex
A.” |
|
|
13. |
Section
6.3 |
Indent
list of biometric technologies. |
|
|
14. |
Section
6.3 |
IBIA
(International Biometric Industry Association) is not defined previously that
I can find; please include the definition for IBIA in the last sentence of
this section. |
|
|
15. |
Section
A.3.1.3, A.3.1.4 |
These
tables are incomplete. Please fill in the remainder of the mandatory
information. |
|
|
16. |
Section
A3.2 |
Where
the table specifies “See note d” and the note d text “Return of
scores is not optional; however, the
BSP has the option of returning continuous or stepwise/incremental scores.
This is described but not specified by the BioAPI.” |
General
categories in section A.1 are i (irrelevant), m (mandatory), n/a (Not
Applicable), o (optional), o.i (qualified optional) and x (eXcluded or
prohibitied). Hence, what is meant by “not optional”? Does this mean
mandatory? If so change the first part of the text to state, “Return of scores is mandatory;
…” |
|
17. |
Section
A.3.4 |
Table
contains terms “Recommends” and “May be necessary” |
|
|
18. |
Section
A.3.5 |
It
is difficult to vote yes on something that we can’t review until after the
fact. |
|
|
19 |
Annex
B. |
Where
are the tables? |
|
3. Iridian Technologies Comments:
1. Clause 6 (editorial) -
seems to imply that biometric match functions should return a conditional
probability as a match score. Clarification should be provided.
2. Clause 6.1.1(2) through
6.1.1.(5) (editorial) - correct inconsistency in font selection.
3. Clause A.3.1.5 Iris
Recognition Format - Normative clauses 5.1 through 5.6 should be referenced
first, followed by informative annex A, for consistency with other standards.
Also, titles of normative clauses should be consistent with those in public
review version currently being balloted for 2nd public review.
These are
5.1 Iris image format
- general
5.2 Image compression
5.3 Iris image
pre-processing
5.4 Iris image data
record
5.5 Iris header
structures
5.6 Data values in CBEFF
header
4. NIST Comments
Introduction
First time that ICAO appears in the document it must be
spelled out.
BioAPI “standard”
Include
a reference to the ANSI number: ANSI INCITS 358-2002 (third and last
paragraph).
The fact that clause 3.1.2
includes data interchange format standards defined as “function-dependent
standards” should be pointed out in the introduction.
The ANSI approved document
can be obtained from INCITS. That reference should be included. M1.4 –
Application Profiles Task Group of M1 should discuss whether the reference to
downloading the version from the BioAPI Consortium web site should be left in.
Clause 3.1.2
Some of the draft standards
have already an INCITS number. These numbers should be used
INCITS 378 (finger minutia)
INCITS 377 (finger pattern)
INCITS 379 (iris)
INCITS 381 (finger image)
M1 document numbers could
be used for the other draft standard as a reference (requiring conformance to
the current draft or “latest version”).
Standard (m) has reached FDIS status. The standard number is: ISO/IEC FCD 7816-11
Clause 3.2 “Standards that need to be
developed”
Perhaps
a note or discussion should be included explaining why this sub-clause is
included in this standard.
Task Group is now TG 5.
A reference to ISO/IEC
9646-7 should be included (perhaps in another sub-clause).
Clause 4. “Terms and
Definitions”
Before
including references to “ISO/IEC JTC 1 SC 37” a comment should be included
explaining what this SC is and why their definitions are used. The proper place
to include this information is in the introduction.
Clause
6.3: “Biometric data interchange formats”
First paragraph: no “tdb”
should be included.
The discussion proposed for
3.12 could also be included here.
Information on how to (and where) to
obtain IBIA registration for the format owner and format type should be
included. It should be noted that this is registration for CBEFF format owner
and format types.
Information on the Format
owner (M1) and format types for the existing draft standards listed in the
sub-clause should be included.
Annex A
Tables A.3.1.3 and A.3.1.4
must be completed before the draft standard is submitted for Initial Public
Review
A.3.2
The M1.4 – Application
Profiles Task Group of M1 should discuss during disposition of comments
associated with this ballot whether BIR encryption should be excluded or
“prohibited” as currently shown in the document instead
of listing them as
“O”. If left as “X”, an
explanation (rational) should be
included in the document.
Whether “N/As” status for
signature of the BIR should be maintained should be discussed by M1.4. If they
are left in “N/A” status instead in “O” status, a discussion (rational) should
be included in the document.
Use of “payload” (item 38)
in the BIR (BDB) in conjunction with “standard” biometric data (conforming to
draft standards listed in clause 3.1.2) should be addressed by M1.4/discussed
in the draft standard.
A.3.3
At least some of the
“standard” data formats in clause 3.1.2 include a CBEFF feature, the CBEFF PID
(see A.3.1.1 and A.3.1.2). The value is carried in the biometric data record.
However, some of the other lists do not include this
value. Proprietary data formats may not include this data either. M1.4 should discuss during disposition of comments whether all the features in CBEFF that are optional should remain in “O” status under “Profile Status Id