IEEE 2410-2015 en Biometric Open Protocol《生物特征开放协议》.pdf

1、 IEEE Standard for Biometric Open Protocol Sponsored by the Standards Development Board IEEE 3 Park Avenue New York, NY 10016-5997 USA IEEE Communications SocietyIEEE Std 2410-2015Technical Committee on RFIDSponsored by the IEEE Technical Activities Board IEEE Std 2410-2015 IEEE Standard for Biometr

2、ic Open Protocol Sponsor Standards Development Board of the IEEE Communications Society and the Technical Committee on RFID of the IEEE Technical Activities Board Approved 3 September 2015 IEEE-SA Standards Board 1 Copyright 2015 IEEE. All rights reserved. Abstract: Identity assertion, role gatherin

3、g, multilevel access control, assurance, and auditing are provided by the Biometric Open Protocol Standard (BOPS). The BOPS implementation includes software running on a client device (smartphone or mobile device), a trusted BOPS server, and an intrusion detection system. The BOPS implementation all

4、ows pluggable components to replace existing components functionality, accepting integration into current operating environments in a short period of time. The BOPS implementation provides continuous protection to the resources and assurance of the placement and viability of adjudication and other k

5、ey features. Accountability is the mechanism that proves a service-level guarantee of security. The BOPS implementation allows the systems to meet security needs by using the application programming interface. The BOPS implementation need not know whether the underlying system is a relational databa

6、se management system or a search engine. The BOPS implementation functionality offers a “point-and-cut” mechanism to add the appropriate security to the production systems as well as to the systems in development. The architecture is language neutral, allowing Representational State Transfer (REST),

7、 JavaScript Object Notation (JSON), and Secure Sockets Layer (SSL) or Transport Layer Security to provide the communication interface. The architecture is built on the servlet specification, open SSLs, Java, JSON, REST, and an open persistent store. All tools adhere to open standards, allowing maxim

8、um interoperability. Keywords: admin console, application, BOPS admin, BOPS cluster, BOPS server, BOPS IDS, client device IDS, Jena Rules, IDS cluster, IEEE 2410, liveness, original site admin, site admin, trusted adjudicated data, user, user device The Institute of Electrical and Electronics Engine

9、ers, Inc. 3 Park Avenue, New York, NY 10016-5997, USA Copyright 2015 by The Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Published 20 November 2015. Printed in the United States of America. IEEE is a registered trademark in the U.S. Patent fitness for a particular pur

10、pose; non-infringement; and quality, accuracy, effectiveness, currency, or completeness of material. In addition, IEEE disclaims any and all conditions relating to: results; and workmanlike effort. IEEE standards documents are supplied “AS IS” and “WITH ALL FAULTS.” Use of an IEEE standard is wholly

11、 voluntary. The existence of an IEEE standard does not imply that there are no other ways to produce, test, measure, purchase, market, or provide other goods and services related to the scope of the IEEE standard. Furthermore, the viewpoint expressed at the time a standard is approved and issued is

12、subject to change brought about through developments in the state of the art and comments received from users of the standard. In publishing and making its standards available, IEEE is not suggesting or rendering professional or other services for, or on behalf of, any person or entity nor is IEEE u

13、ndertaking to perform any duty owed by any other person or entity to another. Any person utilizing any IEEE Standards document, should rely upon his or her own independent judgment in the exercise of reasonable care in any given circumstances or, as appropriate, seek the advice of a competent profes

14、sional in determining the appropriateness of a given IEEE standard. IN NO EVENT SHALL IEEE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO: PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSIN

15、ESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE PUBLICATION, USE OF, OR RELIANCE UPON ANY STANDARD, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE AND REGARDLESS OF WH

16、ETHER SUCH DAMAGE WAS FORESEEABLE. Translations The IEEE consensus development process involves the review of documents in English only. In the event that an IEEE standard is translated, only the English version published by IEEE should be considered the approved IEEE standard. 3 Copyright 2015 IEEE

17、. All rights reserved. Official statements A statement, written or oral, that is not processed in accordance with the IEEE-SA Standards Board Operations Manual shall not be considered or inferred to be the official position of IEEE or any of its committees and shall not be considered to be, or be re

18、lied upon as, a formal position of IEEE. At lectures, symposia, seminars, or educational courses, an individual presenting information on IEEE standards shall make it clear that his or her views should be considered the personal views of that individual rather than the formal position of IEEE. Comme

19、nts on standards Comments for revision of IEEE Standards documents are welcome from any interested party, regardless of membership affiliation with IEEE. However, IEEE does not provide consulting information or advice pertaining to IEEE Standards documents. Suggestions for changes in documents shoul

20、d be in the form of a proposed change of text, together with appropriate supporting comments. Since IEEE standards represent a consensus of concerned interests, it is important that any responses to comments and questions also receive the concurrence of a balance of interests. For this reason, IEEE

21、and the members of its societies and Standards Coordinating Committees are not able to provide an instant response to comments or questions except in those cases where the matter has previously been addressed. For the same reason, IEEE does not respond to interpretation requests. Any person who woul

22、d like to participate in revisions to an IEEE standard is welcome to join the relevant IEEE working group. Comments on standards should be submitted to the following address: Secretary, IEEE-SA Standards Board 445 Hoes Lane Piscataway, NJ 08854 USA Laws and regulations Users of IEEE Standards docume

23、nts should consult all applicable laws and regulations. Compliance with the provisions of any IEEE Standards document does not imply compliance to any applicable regulatory requirements. Implementers of the standard are responsible for observing or referring to the applicable regulatory requirements

24、. IEEE does not, by the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be construed as doing so. Copyrights IEEE draft and approved standards are copyrighted by IEEE under U.S. and international copyright laws. They are

25、 made available by IEEE and are adopted for a wide variety of both public and private uses. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering practices and methods. By making these documents available

26、for use and adoption by public authorities and private users, IEEE does not waive any rights in copyright to the documents. Photocopies Subject to payment of the appropriate fee, IEEE will grant users a limited, non-exclusive license to photocopy portions of any individual standard for company or or

27、ganizational internal use or individual, non-commercial use only. To arrange for payment of licensing fees, please contact Copyright Clearance Center, Customer Service, 222 Rosewood Drive, Danvers, MA 01923 USA; +1 978 750 8400. Permission to photocopy portions of any individual standard for educati

28、onal classroom use can also be obtained through the Copyright Clearance Center. 4 Copyright 2015 IEEE. All rights reserved. Updating of IEEE Standards documents Users of IEEE Standards documents should be aware that these documents may be superseded at any time by the issuance of new editions or may

29、 be amended from time to time through the issuance of amendments, corrigenda, or errata. An official IEEE document at any point in time consists of the current edition of the document together with any amendments, corrigenda, or errata then in effect. Every IEEE standard is subjected to review at le

30、ast every ten years. When a document is more than ten years old and has not undergone a revision process, it is reasonable to conclude that its contents, although still of some value, do not wholly reflect the present state of the art. Users are cautioned to check to determine that they have the lat

31、est edition of any IEEE standard. In order to determine whether a given document is the current edition and whether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE-SA Website at http:/ieeexplore.ieee.org/xpl/standards.jsp or contact IEEE at the address l

32、isted previously. For more information about the IEEE SA or IEEEs standards development process, visit the IEEE-SA Website at http:/standards.ieee.org. Errata Errata, if any, for all IEEE standards can be accessed on the IEEE-SA Website at the following URL: http:/standards.ieee.org/findstds/errata/

33、index.html. Users are encouraged to check this URL for errata periodically. Patents Attention is called to the possibility that implementation of this standard may require use of subject matter covered by patent rights. By publication of this standard, no position is taken by the IEEE with respect t

34、o the existence or validity of any patent rights in connection therewith. If a patent holder or patent applicant has filed a statement of assurance via an Accepted Letter of Assurance, then the statement is listed on the IEEE-SA Website at http:/standards.ieee.org/about/sasb/patcom/patents.html. Let

35、ters of Assurance may indicate whether the Submitter is willing or unwilling to grant licenses under patent rights without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination to applicants desiring to obtain such licens

36、es. Essential Patent Claims may exist for which a Letter of Assurance has not been received. The IEEE is not responsible for identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity or scope of Patents Claims, or determining whether an

37、y licensing terms or conditions provided in connection with submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and the risk of infringe

38、ment of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE Standards Association. 5 Copyright 2015 IEEE. All rights reserved. Participants At the time this IEEE standard was completed, the Biometrics Open Protocol Working Group had the following memb

39、ership: Scott Streit, Chair Jack Callahan, Vice Chair Bradley Boyer William Lumpkins Stephen Suffian The following members of the individual balloting committee voted on this standard. Balloters may have voted for approval, disapproval, or abstention. Bradley Boyer Susan Burgess John Callahan Keith

40、Chow Thomas Coughlin Grazia DEelia Sourav Dutta Randall Groves Marco Hernandez Werner Hoelzl Noriyuki Ikeuchi Akio Iso Piotr Karocki Bruce Kraemer Paul Lambert William Lumpkins Nick S. A. Nikjoo Paul Nikolich Benjamin Rolfe Osman Sakr Thomas Starai Scott Streit Walter Struppler Stephen Suffian Mitsu

41、toshi Sugawara Michael Swearingen David Tepen John Vergis Hung-Yu Wei Forrest Wright Oren Yuen Daidi ZhongWhen the IEEE-SA Standards Board approved this standard on 3 September 2015, it had the following membership: John D. Kulick, Chair Jon Walter Rosdahl, Vice Chair Richard H. Hulett, Past Chair K

42、onstantinos Karachalios, Secretary Masayuki Ariyoshi Ted Burse Stephen Dukes Jean-Philippe Faure J. Travis Griffith Gary Hoffman Michael Janezic Joseph L. Koepfinger* David J. Law Hung Ling Andrew Myles T. W. Olsen Glenn Parsons Ronald C. Petersen Annette D. Reilly Stephen J. Shellhammer Adrian P. S

43、tephens Yatin Trivedi Philip Winston Don Wright Yu Yuan Daidi Zhong *Member Emeritus 6 Copyright 2015 IEEE. All rights reserved. Introduction This introduction is not part of IEEE Std 2410-2015, IEEE Standard for Biometric Open Protocol. Convenience drives consumers toward the biometrics-based acces

44、s management solutions, say studies from Ericsson, PayPal, IBM, and Microsoft. According to the Ericsson study “Your body is the new password,” 52% of smartphone users want to use their fingerprints instead of a password, a further 61% want to use fingerprints to unlock their phones, and 48% want to

45、 use eye recognition. The study conducted by PayPal says that consumers approve biometrics for access management. In terms of readiness to switch from traditional password protection to the new technology, 53% of the surveyed population would be comfortable replacing passwords with fingerprints, and

46、 45% would choose a “retinal scan,” which is presumably an iris scan (the misplaced terminology points to the lack of consumer education). IBM Fellow and Speech Chief Technology Officer David Nahamoo states that, over the next five years, your unique biological identity and biometric datafacial defi

47、nitions, iris scans, voice files, even your DNAwill become the key to safeguarding your personal identity and information and will replace the current user-ID-and-password system. A Microsoft Research-funded study titled “The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web

48、Authentication Schemes,” concluded that the vast password-replacement transition should conform to the following criteria: nothing to carry, efficient to use, and easy recovery from a loss. The Microsoft study goes as far as concluding that such criteria could be achieved mostly through the biometri

49、c schemes. Biometric technologies provide consumers with a long-awaited convenience to securely enter cyberspace on the front end. The Biometric Open Protocol Standard (BOPS), developed by Hoyos Labs, protects digital assets and digital identities on the backend. BOPS is a biometrics-agnostic standard that opens an application programming interface for registered developers. Entering as a game-changer, BOPS communication architecture enables two-way Secure Sockets Layer or Transport Layer Security connection over the encryption mechanism to the server, which employs