scope:

The Biometric Open Protocol Standard (BOPS) provides identity assertion, role gathering, multilevel access control, assurance, and auditing. The BOPS implementation includes software running on a client (e.g., web or mobile), a trusted BOPS server, and an intrusion detection system (IDS). The BOPS implementation allows pluggable components to replace existing components' functionality, accepting integration into the current operating environments in a short period of time. The BOPS implementation adheres to the principle of continuous protection in adjudicating access to resources. Accountability is the mechanism that proves a service-level guarantee of security. The BOPS implementation allows the systems to meet security needs by using the application-programming interface (API). The BOPS implementation need not know whether the underlying system is a relational database management system (RDBMS) or a search engine. The BOPS implementation functionality offers a "point-and-cut" mechanism to add the appropriate security to the production systems as well as to the systems in development.

BOPS includes authentication with splitting of the initial biometric vector (IBV), sometimes called the initial template, optionally into one or two pieces. Irrespective of the number of pieces, the IBV is encrypted in a keyless fashion and the subsequent biometric match optionally occurs on the client or on the server, as denoted by an administration parameter.

Purpose

This standard provides a means to gather biometric data using a multi-level security protocol for authentication, identification, and access control and assurance.