In October, the government will start issuing Personal Identity Verification cards to all federal employees and contractors. This week, the National Institute of Standards and Technology issued the final guidelines defining how biometrics should be stored on these identity cards.
In August 2004, the President issued Homeland Security Presidential Directive 12 calling for a mandatory, governmentwide personal identification card that all federal departments and agencies will issue to their employees and any contractors requiring access to federal facilities and systems.
The NIST publication, available here as a PDF, contains specifications for acquiring, formatting and storing fingerprint images and templates; for collecting and formatting facial images; and for the biometric devices used to collect and read fingerprint images.
Specifically, the guidelines state that two fingerprints must be stored on the card as “minutia templates,” mathematical representations of fingerprint images.
These standards are intended to ensure interoperability and standardization across a number of federal departments and agencies issuing the cards and vendors providing the biometric technology.
Guidelines require that all biometric data to be embedded in the CBEFF (Common Biometric Exchange Formats Framework) structure. This ensures that all biometric data will be digitally signed and uniformly encapsulated. This format will apply not only to PIV cards, but also to any other biometric records kept by federal government agencies.