BS ISO IEC 29164-2011 Information technology Biometrics Embedded BioAPI《信息技术 生物统计学 嵌入式BioAPI》.pdf

1、raising standards worldwide NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BSI Standards Publication Information technology Biometrics Embedded BioAPI BS ISO/IEC 29164:2011National foreword This British Standard is the UK implementation of ISO/IEC 29164:2011. The UK participa

2、tion in its preparation was entrusted to Technical Committee IST/44, Biometrics. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its c

3、orrect application. BSI 2011 ISBN 978 0 580 68458 6 ICS 35.040 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 October 2011. Amendments issued since publicat

4、ion Amd. No. Date Text affected BRITISH STANDARD BS ISO/IEC 29164:2011 Reference number ISO/IEC 29164:2011(E) ISO/IEC 2011INTERNATIONAL STANDARD ISO/IEC 29164 First edition 2011-10-01 Information technology Biometrics Embedded BioAPI Technologies de linformation Biomtrie BioAPI incorpor BS ISO/IEC 2

5、9164:2011ISO/IEC 29164:2011(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2011 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writi

6、ng from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2011 All rights reservedBS ISO/

7、IEC 29164:2011ISO/IEC 29164:2011(E) ISO/IEC 2011 All rights reserved iiiContents Page Foreword iv Introduction . v 1 Scope 1 2 Conformance . 1 3 Normative references 2 4 Terms and definitions . 2 5 Symbols and abbreviated terms 3 6 Embedded BioAPI environment . 4 6.1 Operating environment of Embedde

8、d BioAPI 4 6.2 Security in Embedded BioAPI 6 7 Embedded BioAPI general architecture 6 8 Frames structure . 9 9 Patron format for Embedded BioAPI . 10 10 Security block format for Embedded BioAPI . 10 10.1 Security Block format owner 10 10.2 Security Block format owner identifier . 10 10.3 Security B

9、lock format name . 10 10.4 Security Block format identifier . 10 10.5 ASN.1 object identifier for this security Block format . 11 10.6 Domain of use 11 10.7 Version identifier . 11 10.8 CBEFF version . 11 10.9 General . 11 10.10 Specification 11 11 Data types, formats and coding . 12 11.1 Slave ID f

10、ield S 12 11.2 Command field C . 12 11.3 Status/Error field E 13 11.4 Biometric modalities coding 13 12 Commands definition 14 12.1 Management commands. 15 12.2 Template management commands . 18 12.3 Enrolment commands . 20 12.4 Biometric process commands . 22 Annex A (normative) Conformance Require

11、ments . 29 Annex B (informative) Examples of frame implementations 31 Annex C (informative) Command exchange examples for several scenarios 33 BS ISO/IEC 29164:2011ISO/IEC 29164:2011(E) iv ISO/IEC 2011 All rights reservedForeword ISO (the International Organization for Standardization) and IEC (the

12、International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particul

13、ar fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have establis

14、hed a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical

15、 committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IE

16、C shall not be held responsible for identifying any or all such patent rights. ISO/IEC 29164 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 37, Biometrics. BS ISO/IEC 29164:2011ISO/IEC 29164:2011(E) ISO/IEC 2011 All rights reserved vIntroduction The

17、environment for embedded systems differs in many ways from that of a more general computing environment. One difference is that the amount of processing power and/or memory/storage can be more limited in the embedded environment and operating system support and resources can also be more constrained

18、. As a result, implementation of more general purpose interfaces might not be appropriate. In the case of embedded biometric technology, the algorithms and sensors are frequently packaged into hardware/firmware modules. It can also be the case that the designer of the embedded system is not concerne

19、d with details of the biometric technology within its software and firmware and prefers to just integrate an external module that deals with some or all biometric functionalities. This International Standard is not meant for applications where the integration of biometric functionality is going to b

20、e done within the software or firmware of the application. In such cases BioAPI (ISO/IEC 19784-1) is to be used, or its Frameworkless version (see ISO/IEC 19784-1 with Amd.2). The interface defined in this International Standard provides a direct connection with such biometric modules. The definitio

21、n of this interface is given by the services to be provided, as well as the message formats for commands to be sent to biometric modules and responses expected from them. This International Standard is intended to provide a common interface for all those biometric systems where BioAPI (ISO/IEC 19784

22、-1) cannot be implemented. From the historical point of view, as BioAPI does imply relatively large requirements both in processing power and memory capacity, some different approaches have been developed. One of those approaches is the use of BioAPI without the need of using the BioAPl framework, w

23、hich is one of the most consuming parts of BioAPI. That version is called Framework free BioAPI, and is standardized in the 2 ndAmendment to BioAPI. But even that approach, which can be of great help for several applications, such as Biometric Applets or Biometric services in mobile devices which ru

24、n an Operating System, can be too demanding for embedded systems. Therefore a new approach is standardized in this International Standard, under the name of Embedded BioAPI, which should never be confused with the Framework free version of BioAPI. Examples of applications where Embedded BioAPI might

25、 be used include remote controls, garage door openers, auto ignitions, physical access devices, memory sticks, authentication tokens, and handheld weapons. The utility of a standard interface in this environment is less obvious than for more general purpose processing environments, but addresses two

26、 important situations: It allows a device (unit into which the data capture device is embedded, e.g. a remote control device) manufacturer to use the same code base for multiple devices/units in his product line that differ only in embedded data capture device/biometric technology (e.g. Device A com

27、es with a built-in fingerprint data capture device/algorithm and Device B comes with a built-in facial recognition camera/capability). This is a configuration management (CM) and efficiency issue (the single code base simplifying CM). It allows an OEM data capture device manufacturer who wants to bu

28、ild a single OEM unit/firmware to support multiple device vendors (the same firmware regardless of what device the data capture device unit is embedded within). Throughout the text of this International Standard, devices suitable to be using Embedded BioAPI will be referred as “Embedded BioAPI subco

29、mponents”. Noting that other kind of devices can also use this International Standard, this notation has been used for improving understanding of the standard. This International Standard does not state any requirement for those devices (e.g. Embedded BioAPI subcomponents) but those needed as to imp

30、lement Embedded BioAPI. BS ISO/IEC 29164:2011BS ISO/IEC 29164:2011INTERNATIONAL STANDARD ISO/IEC 29164:2011(E) ISO/IEC 2011 All rights reserved 1Information technology Biometrics Embedded BioAPI 1 Scope This International Standard provides a standard interface to hardware biometric modules designed

31、to be integrated in embedded systems which can be constrained in memory and computational power. This International Standard specifies a full interface for such hardware-based biometric modules. This interface, called Embedded BioAPI, is defined by the specification of commands to be implemented by

32、these modules. Such a specification is done in two levels: For low level implementations, a frame definition is provided, as well as the coding of all commands and their relevant responses. Being defined as a single-master/multiple-slave half-duplex protocol, these messages can be implemented over a

33、ny communication interface at the physical and link layers. The definition of such communication interfaces is outside of the scope of this International Standard. A C-based function header description, for those manufacturers that want to provide a C-library for integration as a Software Developmen

34、t Kit for the overall embedded system. Regarding security, this International Standard defines two kinds of devices: Type A: devices that, due to lack of processing capabilities, do not implement any kind of security mechanism. Type B: devices that implement security mechanisms for achieving confide

35、ntiality, integrity and/or authenticity. Use of the Type B kind of devices is recommended. For Type B devices a set of minimum requirements is defined, but the security mechanisms to be used are out of the scope of this International Standard. Low level implementation is outside of the scope of the

36、normative part of this International Standard, although an informative annex (see Annex B) is provided. Security mechanisms, although considered in this International Standard, are outside of the scope of this International Standard, and are referred to other relevant standards. In particular, key m

37、anagement is outside of the scope of this International Standard, and is expected to be done prior to the application of this International Standard. Specifications and requirements for Embedded BioAPI subcomponents, or any kind of devices suitable to implement Embedded BioAPI, are outside of the sc

38、ope of this International Standard. 2 Conformance A biometric module conforms to this International Standard by covering all mandatory items in the normative parts. A biometric module conformant to this International Standard can provide additional functionality as long as it does not modify the beh

39、aviour stated in this International Standard. A more detailed list of all conformance requirements can be found in Annex A. BS ISO/IEC 29164:2011ISO/IEC 29164:2011(E) 2 ISO/IEC 2011 All rights reserved3 Normative references The following referenced documents are indispensable for the application of

40、this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 19784-1:2006, Information Technology Biometric application programming interface Part 1: BioAPI specification ISO/IEC

41、 19784-1/Amd.3:2010, Information technology Biometric application programming interface Part 1: BioAPI specification Amendment 3: Support for interchange of certificates and security assertions, and other security aspects ISO/IEC 19785-1:2006, Information Technology Common Biometric Exchange Formats

42、 Framework Part 1: Data Element Specification ISO/IEC 19785-3:2007, Information Technology Common Biometric Exchange Formats Framework Part 3: Patron format specifications ISO/IEC 19794 (all parts), Information Technology Biometric data interchange formats ISO/IEC 24761:2009, Information technology

43、Security techniques Authentication context for biometrics 4 Terms and definitions For the purposes of this document, the following terms and definitions apply. NOTE Function names and data element names are not included here, but are defined within the body of this International Standard. 4.1 biomet

44、ric module hardware-based module that implements some or all biometric functions related to a biometric modality, i.e. capture, sample processing, comparison, storage, enrolment, or any logical combination of them NOTE The Biometric module might provide other functionalities, such as sending signals

45、 for the activation of external services, but such functionality is outside of the scope of this International Standard. 4.2 biometric sample information obtained from a biometric sensor, either directly or after further processing NOTE See also raw biometric sample, intermediate biometric sample, a

46、nd processed biometric sample in ISO/IEC 19784-1:2006. 4.3 biometric template biometric sample or combination of biometric samples that is suitable for storage as a reference for future comparison 4.4 Embedded BioAPI subcomponent subcomponent provided to system integrators for integration into a mor

47、e complex system or device NOTE 1 Subcomponents might be provided by third-parties or the manufacturer itself. NOTE 2 This International Standard does not state any requirement for such subcomponents, but those needed to implement Embedded BioAPI. BS ISO/IEC 29164:2011ISO/IEC 29164:2011(E) ISO/IEC 2

48、011 All rights reserved 34.5 embedded system special-purpose computer system designed to perform one or a few dedicated functions, sometimes with real- time computing constraints NOTE It is usually embedded as part of a complete device including hardware, firmware and mechanical parts. In contrast,

49、a general-purpose computer, such as a personal computer, can do many different tasks depending on programming. 4.6 frame set of bytes that conform a command or a response message within a communication between two devices 4.7 general processing unit element in a digital system in charge of the control of part or all of the information processing, which is usually a microprocessor, microcontroller or a microprocessor-based subsystem 4.8 host processing unit of the embedded system that is