3

Background

I'm trying to locate the US government standard for fingerprint readers and mobile devices.

I heard in passing that the iOS fingerprint reader only scans 9 points, where the FBI requirement is 30 points.

The iris scan is reportedly arriving in some Android phones in the future.

Question

  • What are the technical requirements of biometric scanners for NIST and the FBI?

  • What consumer devices (if any) meet those standards?

makerofthings7
  • 50,090
  • 54
  • 250
  • 536

1 Answers1

2

The DHS released HSPD-12 in 2004, which called for a mandatory standard for federal employee identification and verification. NIST responded six months later with FIPS 201, the minimum requirements to meet the objectives of HSPD-12.

FIPS 201 refers to Special Publication 800-76 (SP 800-76) for "the requirements for collection and formatting of biometric information". SP 800-76 goes on to reference the ANSI/NIST Fingerprint Standard AN2011 for the preparation of biometric data suitable for FBI background checks, as well as the FBI's Electronic Biometric Transmission Specification EBTS (download).

Other referenced Special Publications from FIPS 201 are:

  • SP 800-73 Interfaces and card architecture for storing and retrieving identity credentials from a smart card
  • SP 800-78 Requirements for cryptographic algorithms
  • SP 800-79 Requirements for the accreditation of PIV Card issuers
  • SP 800-87 Unique organizational codes for Federal agencies
  • SP 800-96 Requirements for the PIV Card reader
  • SP 800-156 Format for encoding the chain-of-trust for import and export
  • SP 900-157 Requirements for issuing derived PIV credentials

While I don't know of any smartphones that are FIPS 201 compliant, there are many compliant peripherals that can be used with iOS and Android devices.

A searchable list of FIPS 201 compliant devices can be found at https://www.idmanagement.gov/IDM/IDMFicamProductSearchPage

cremefraiche
  • 2,173
  • 12
  • 24