SANS 24713-1-2009 Information technology - Biometric profiles for interoperability and data interchange Part 1 Overview of biometric systems and biometric profiles《信息技术 互用性和数据交换的生物.pdf

1、 Collection of SANS standards in electronic format (PDF) 1. Copyright This standard is available to staff members of companies that have subscribed to the complete collection of SANS standards in accordance with a formal copyright agreement. This document may reside on a CENTRAL FILE SERVER or INTRA

2、NET SYSTEM only. Unless specific permission has been granted, this document MAY NOT be sent or given to staff members from other companies or organizations. Doing so would constitute a VIOLATION of SABS copyright rules. 2. Indemnity The South African Bureau of Standards accepts no liability for any

3、damage whatsoever than may result from the use of this material or the information contain therein, irrespective of the cause and quantum thereof. ISBN 978-0-626-22347-2 SANS 24713-1:2009 Edition 1 ISO/IEC 24713-1:2008 Edition 1SOUTH AFRICAN NATIONAL STANDARD Information technology Biometric profile

4、s for interoperability and data interchange Part 1: Overview of biometric systems and biometric profiles This national standard is the identical implementation of ISO/IEC 24713-1:2008 and is adopted with the permission of the International Organization for Standardization and the International Elect

5、rotechnical Commission. Published by SABS Standards Division 1 Dr Lategan Road Groenkloof Private Bag X191 Pretoria 0001 Tel: +27 12 428 7911 Fax: +27 12 344 1568 www.sabs.co.za SABS This standard may only be used and printed by approved subscription and freemailing clients of the SABS.SANS 24713-1:

6、2009 Edition 1 ISO/IEC 24713-1:2008 Edition 1 Table of changes Change No. Date Scope National foreword This South African standard was approved by National Committee SABS SC 71J, Information technology Cards and personal identification, in accordance with procedures of the SABS Standards Division, i

7、n compliance with annex 3 of the WTO/TBT agreement. This SANS document was published in March 2009. This standard may only be used and printed by approved subscription and freemailing clients of the SABS. Reference number ISO/IEC 24713-1:2008(E) ISO/IEC 2008INTERNATIONAL STANDARD ISO/IEC 24713-1 Fir

8、st edition 2008-03-01 Information technology Biometric profiles for interoperability and data interchange Part 1: Overview of biometric systems and biometric profiles Technologies de linformation Profils biomtriques pour interoprabilit et change de donnes Partie 1: Expos gnral des systmes biomtrique

9、s et des profils biomtriques SANS 24713-1:2009This standard may only be used and printed by approved subscription and freemailing clients of the SABS.ISO/IEC 24713-1:2008(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be prin

10、ted or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no li

11、ability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is

12、 suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2008 All rights reserved. Unless otherwise specified, no part of this publication may be reprod

13、uced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 74

14、9 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2008 All rights reservedSANS 24713-1:2009This standard may only be used and printed by approved subscription and freemailing clients of the SABS.ISO/IEC 24713-1:2008(E) ISO/IEC 2008 All rights r

15、eserved iii Contents Page Foreword iv Introduction v 1 Scope . 1 2 Normative references . 1 3 Terms and definitions. 1 4 Abbreviated terms 6 5 General biometric system 6 5.1 Conceptual diagram of general biometric system 6 5.2 Conceptual components of a general biometric system 7 5.2.1 Data capture

16、subsystem 7 5.2.2 Transmission subsystem (not portrayed in diagram). 7 5.2.3 Signal processing subsystem . 7 5.2.4 Data storage subsystem 7 5.2.5 Matching subsystem 7 5.2.6 5.2.6 Decision subsystem 7 5.2.7 5.2.7 Administration subsystem (not portrayed in diagram) 8 5.2.8 Interface (not portrayed in

17、diagram). 8 5.3 Functions of general biometric system 8 5.3.1 Enrolment 8 5.3.2 Verification 9 5.3.3 Identification 9 6 Relationship between the biometric system and the application 10 6.1 General. 10 6.2 The ID life-cycle. 10 6.2.1 Proofing . 11 6.2.2 Registration . 11 6.2.3 Issuance. 11 6.2.4 Usag

18、e . 11 6.3 Subject versus end-user 11 6.3.1 6.3.1 Access control example 12 6.3.2 Travel document example 12 6.4 Biometric decision versus authorization .13 7 Interfaces between the biometric system and the application 14 7.1 Application programming interface (API).14 7.2 Protocol interface . 15 7.3

19、 Hardware based electronic input/output interface 15 8 Developing biometric profiles utilising biometrics base standards . 15 8.1 Relationships of biometric base standards and their use in biometric profiles 15 8.2 Classes 16 8.2.1 Application class 16 8.2.2 Data class 16 8.2.3 Interface class . 17

20、8.3 Using biometric base standards to develop biometric profiles. 17 Bibliography . 18 SANS 24713-1:2009This standard may only be used and printed by approved subscription and freemailing clients of the SABS.ISO/IEC 24713-1:2008(E) iv ISO/IEC 2008 All rights reservedForeword ISO (the International O

21、rganization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been estab

22、lished has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardizat

23、ion. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting

24、. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such p

25、atent rights. ISO/IEC 24713-1 was prepared by Technical Committee ISO/TC JTC 1, Information technology, Subcommittee SC 37, Biometrics. ISO/IEC 24713 consists of the following parts, under the general title Information technology Biometric profiles for interoperability and data interchange: Part 1:

26、Overview of biometric systems and biometric profiles Part 2: Physical access control for employees at airports Part 3: Biometric based verification and identification of seafarers SANS 24713-1:2009This standard may only be used and printed by approved subscription and freemailing clients of the SABS

27、.ISO/IEC 24713-1:2008(E) ISO/IEC 2008 All rights reserved v Introduction This part of ISO/IEC 24713 is intended to form the overview part of the multipart standard on biometric profiles for interoperability and data interchange. It describes a schema for the use of a number of biometric standards. T

28、his part of ISO/IEC 24713 is not intended to replace or counter any other part of this International Standard, but rather to be used as a reference guide for the implementation of a generic biometric system or a profile- standardized system. This part of ISO/IEC 24713 provides generic information an

29、d guidance to users about biometric systems and the use of the various base standards within biometric profiles to support interoperability and data interchange among biometrics applications and systems. This part of ISO/IEC 24713 is one of a family of international standards being developed by ISO/

30、IEC JTC 1/SC 37 that support interoperability and data interchange among biometrics applications and systems. This family of standards specifies requirements that solve the complexities of applying biometrics to a wide variety of personal recognition applications, whether such applications operate i

31、n an open systems 1)environment or consist of a single, closed system. Biometric data interchange format standards and biometric interface standards are both necessary to achieve full data interchange and interoperability for biometric recognition in an open systems environment. The ISO/IEC JTC 1/SC

32、 37 biometric standards family includes a layered set of standards consisting of biometric data interchange formats and biometric interfaces, as well as biometric profiles that describe the use of these standards in specific application areas. The biometric data interchange format standards specify

33、biometric data interchange records for different biometric modalities. Parties that agree in advance to exchange biometric data interchange records as specified in a subset of the ISO/IEC JTC 1/SC 37 biometric data interchange format standards should be able to perform biometric recognition with eac

34、h others data. Parties should also be able to perform biometric recognition even without advance agreement on the specific biometric data interchange format standards to be used, provided they have built their systems on the layered ISO/IEC JTC 1/SC 37 family of biometric standards. The biometric in

35、terface standards include the Common Biometric Exchange Formats Framework (CBEFF) and the Biometric Application Programming Interface (BioAPI). These standards support exchange of biometric data within a system or among systems. The CBEFF standard specifies the basic structure of a standardized Biom

36、etric Information Record (BIR) which includes the biometric data interchange record with added metadata, such as when it was captured, its expiry date, whether it is encrypted, etc. The BioAPI standard specifies an open system API that supports communications between software applications and underl

37、ying biometric technology services. BioAPI also specifies a CBEFF BIR format for the storage and transmission of BioAPI-produced data. The biometric profile standards facilitate implementations of the base standards (e.g. the ISO/IEC JTC 1/SC 37 biometric data interchange format and biometric interf

38、ace standards, and possibly non-biometric standards) for defined applications. These profile standards define the functions of an application (e.g. Physical Access Control for Employees at Airports) and then specify use of options in the base standards to ensure biometric interoperability. 1) Open s

39、ystems are built on standards based, publicly defined data formats, interfaces, and protocols to facilitate data interchange and interoperability with other systems, which may include components of different design or manufacture. A closed system may also be built on publicly defined standards, and

40、may include components of different design or manufacture, but inherently has no requirement for data interchange and interoperability with any other system. SANS 24713-1:2009This standard may only be used and printed by approved subscription and freemailing clients of the SABS.SANS 24713-1:2009This

41、 standard may only be used and printed by approved subscription and freemailing clients of the SABS.INTERNATIONAL STANDARD ISO/IEC 24713-1:2008(E) ISO/IEC 2008 All rights reserved 1 Information technology Biometric profiles for interoperability and data interchange Part 1: Overview of biometric syst

42、ems and biometric profiles 1 Scope This part of ISO/IEC 24713 identifies and defines the functional blocks and components of a generic biometric system, and the distinct characteristics of each component. It also defines a generic biometric reference architecture incorporating the relevant biometric

43、-related base standards to support interoperability and data interchange. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenc

44、ed document (including any amendments) applies. ISO/IEC 19794-1:2006, Information technology Biometric data interchange formats Part 1: Framework 3 Terms and definitions For the purpose of this document, the following terms and definitions apply. 3.1 application programming interface API software ba

45、sed interface that can be used for communications and interfacing between an application and the biometric system. NOTE 1 An API is computer code used by an application developer. Any biometric system that is compatible with the API can be added or interchanged by the application developer. NOTE 2 A

46、PIs are often described by the degree to which they are high level or low level. High level means that the interface is proximate to the application and low-level means that the interface is proximate to the device. 3.2 application hardware/software system implemented to satisfy a broad set of requi

47、rements. NOTE In this context, an application incorporates a biometric system to satisfy a subset of requirements related to the verification or identification of an end-users identity so that the end-users identifier can be used to facilitate the end- users interaction with the system. EXAMPLE A bi

48、ometrics-enabled time and attendance system has a broad requirement to record an employees starting and leaving times so the employee can be paid the correct amount of wages. The system uses biometrics to verify SANS 24713-1:2009This standard may only be used and printed by approved subscription and

49、 freemailing clients of the SABS.ISO/IEC 24713-1:2008(E) 2 ISO/IEC 2008 All rights reservedthe employees “end-users” claim that his identity is the one that the system has associated with the employees id- number identifier at the times when the employee interacts with the biometric device as he enters and leaves the work place. 3.3 base standard fundamental standard with elements that contain options. NOTE Base standards can be used in diverse applications, for each of which it may be useful to fix t