Common Biometric Exchange File Format (CBEFF)

Common Biometric Exchange File Format (CBEFF) or Common Biometric Exchange Formats Framework describes a set of data elements necessary to support biometric technologies in a common way. These data can be placed in a single file used to exchange biometric information between different system components or between systems. The result promotes interoperability of biometric-based application programs and systems developed by different vendors by allowing biometric data interchange. CBEFF provides a standardized set of definitions and procedures that support the interchange of biometric data in standard data structures called CBEFF biometric information records (BIRs). BIRs are well-defined data structures that consist of two or three parts: the standard biometric header (SBH), the biometric data block (BDB), and possibly the optional security block (SB). CBEFF permits considerable flexibility regarding BIR structures and BDB content, but does so in a way that makes it easy for biometric applications to evaluate their interest in processing a particular BIR. CBEFF imposes no restrictions on the contents of a BDB, which can conform to a standardized biometric data interchange format or can be completely proprietary. CBEFF standardizes a set of SBH data element definitions and their abstract values. A few of these data elements are mandatory in all SBHs (such as identifying the BDB format) and the rest are optional or conditional. Most of the data elements support description of various attributes of the BDB within the BIR. The optional SB provides a container for integrity and/or encryption related data that must be available to validate or process the BIR and/or BDB (such as integrity signatures and encryption algorithm identity).

CBEFF defines abstract data elements used to construct Biometric Information Record (BIRs). A BIR consists of:

• at least one Standard Biometric Header (SBH),
• at least one Biometric Data Block (BDB),
• and an optional Security Block (SB).

The Biometric Data Block (BDB) format requirements are not defined by CBEFF. Instead, the root header (SBH) identifies the remaining BIR data elements, such as the BDB type and information related to any child or sibling BIRs. If included, the optional Security Block (SB) specifies encryption and integrity information for the entire structure.

CBEFF defines the following types of CBEFF BIR structures:

• simple CBEFF BIR structure
• complex CBEFF BIR structure
• self-identifying simple CBEFF BIR structure
• multiple CBEFF BIR structure

These CBEFF BIR structures allow different BIR contents and configurations, including single BIRs, child BIRs, and multiple linked BIRs to meet the demands of a given domain of use. A CBEFF patron format is then defined using one of the CBEFF BIR structures. The CBEFF patron format definition will specify the required and optional CBEFF data elements, any patron-specific data elements, and any abstract values. A specific CBEFF patron format can then be used by one or more entities to exchange biometric data. CBEFF BIR structures and data elements can be seen as the building blocks for the CBEFF patron formats used for biometric data exchange.

CBEFF was developed through a series of workshops from 1999 to 2000 by the CBEFF Development Team composed of the National Institute of Standards and Technology (NIST) and the BioAPI Consortium. From 2001 until 2006 CBEFF was maintained as the NISTIR 6529 standard, until February 2005 when it was adopted as the ANSI INCITS 398-2005 standard. In May 2006, it was adopted as an international standard ISO/IEC 19785 by ISO IEC. CBEFF is presently maintained within ISO by Sub Committee 37 (SC37) Working Group 2 (WG2). ISO/IEC 19785 is a multipart standard consisting of:

• Part 1: Data Element Specification
• Part 2: Procedures for the Operation of the Biometric Registration Authority
• Part 3: Patron Format Specifications
• Part 4: Security block format specification

Applications CBEFF is used:

• ICAO – E-Passports (Logical Data Structure, LDS)
• PIV (Personal Identity Verification) (FIPS-201) Federal employee credentials
• Transportation Worker Identification Credential (TWIC)
• Registered Traveler (RT) cards
• Other standards:
  – ANSI/NIST-ITL 1-2007 (Type-99 records)
  – BioAPI (ANSI INCITS 358, ISO/IEC 19794-1)
  – ANSI X9.84
  – ISO/IEC 7816-11

History

Since 1995 the International Civil Aviation Organization (ICAO) has been working to develop technology for machine readable travel documents (MRTDs or “electronic passports”). One key objective is to facilitate the border-crossing process through automation, and an important part of that is tightening the linkage between the electronic passport and its rightful holder using biometrics. The CBEFF standards provided the foundation for the many international ICAO participants to carefully and comprehensively specify the MRTD Logical Data Structure (LDS) over a period of several years. The LDS in turn supports the flexible use of one or more of the ICAO-adopted biometric modalities: face image, fingerprint image and iris image. ICAO estimates that as of December 2012 more than 430 million ePassports had been issued by 108 states in what is one of the world’s largest implementation of standardized biometric technology, with conforming participation by vendors and integrators from many countries leading to successful interoperation of ePasssports from any country at the ports-of-entry of any other country.

The US Federal Government, recognizing that there was a wide variation of non-standardized identity-confirmation techniques and processes adopted Homeland Security Presidential Directive 12 (HSPD12), entitled “Policy for a Common Identification Standard for Federal Employees and Contractors” by signature of the President on August 27, 2004. The successful implementation of this Policy has resulted in the government-wide Personal Identity Verification Card (PIV Card), of which more than five million had been issued as of September, 2012. The PIV smart card stores the user’s biometric data in the card’s memory using standardized biometric data formats for fingerprints, face and iris within the CBEFF data structure specified in Annex E of ANSI INCITS 398:2008, thereby insuring interoperability between any user’s card and any identity-verifying system, regardless of the implementing vendor, controlling access to physical government facilities or logical systems.

The government of India, seeking to provide each of its 1.2 billion citizens, regardless of economic status or location of residence, with a unique and secure identification, in 2009 chartered the Unique Identity Authority of India (UIDAI), to establish identification for all of the country’s residents who want it and need it, so that they would no longer be disenfranchised and excluded from the financial and medical systems. The agency is developing the Aadhaar (“ Foundation ”) system, which will allow registrars (such as benefits agencies, banks and tax authorities) to collect basic biographic information plus fingerprint, iris, and facial images from residents. The ISO/IEC 19794 biometric data interchange formats play a major role in this program. In addition to leveraging from the same iris, fingerprint and face image standards used in ePassports (ISO/IEC 19794-4, -5 and -6), Aadhaar also utilizes the ISO/IEC 19794-2 fingerprint minutiae standard for authentication purposes, and the ISO/IEC 19785 CBEFF (Common Biometric Exchange Formats Framework) standard for packaging and structuring the biometric data and metadata and protecting it via the security block. Over sixty registrar organizations, including state governments, banks, India’s postal system and financial Institutions are currently enrolling users. More than 200 million citizens covering almost all the states have already been enrolled in the system using the above biometrics. The program projects that over six hundred million citizens will be enrolled by 2014.