ANSI INCITS 442-2010 Information Technology C Biometric Identity Assurance Services (BIAS).pdf

1、American National StandardDeveloped byfor Information Technology Biometric IdentityAssurance Services (BIAS)INCITS 442-2010INCITS 442-2010Reaffirmed as INCITS 442:2010 R2015INCITS 442-2010Revision ofINCITS 442-2008American National Standardfor Information Technology Biometric IdentityAssurance Servi

2、ces (BIAS)SecretariatInformation Technology Industry CouncilApproved July 20, 2010American National Standards Institute, Inc.Approval of an American National Standard requires review by ANSI that therequirements for due process, consensus, and other criteria for approval havebeen met by the standard

3、s developer.Consensus is established when, in the judgement of the ANSI Board ofStandards Review, substantial agreement has been reached by directly andmaterially affected interests. Substantial agreement means much more thana simple majority, but not necessarily unanimity. Consensus requires that a

4、llviews and objections be considered, and that a concerted effort be madetowards their resolution.The use of American National Standards is completely voluntary; theirexistence does not in any respect preclude anyone, whether he has approvedthe standards or not, from manufacturing, marketing, purcha

5、sing, or usingproducts, processes, or procedures not conforming to the standards.The American National Standards Institute does not develop standards andwill in no circumstances give an interpretation of any American NationalStandard. Moreover, no person shall have the right or authority to issue an

6、interpretation of an American National Standard in the name of the AmericanNational Standards Institute. Requests for interpretations should beaddressed to the secretariat or sponsor whose name appears on the titlepage of this standard.CAUTION NOTICE: This American National Standard may be revised o

7、rwithdrawn at any time. The procedures of the American National StandardsInstitute require that action be taken periodically to reaffirm, revise, orwithdraw this standard. Purchasers of American National Standards mayreceive current information on all standards by calling or writing the AmericanNati

8、onal Standards Institute.American National StandardPublished byAmerican National Standards Institute, Inc.25 West 43rd Street, New York, NY 10036Copyright 2010 by Information Technology Industry Council (ITI)All rights reserved.No part of this publication may be reproduced in anyform, in an electron

9、ic retrieval system or otherwise,without prior written permission of ITI, 1101 K Street NW, Suite 610Washington, DC 20005. Printed in the United States of AmericaCAUTION: The developers of this standard have requested that holders of patents that may berequired for the implementation of the standard

10、 disclose such patents to the publisher. However,neither the developers nor the publisher have undertaken a patent search in order to identifywhich, if any, patents may apply to this standard. As of the date of publication of this standardand following calls for the identification of patents that ma

11、y be required for the implementation ofthe standard, no such claims have been made. No further patent search is conducted by the de-veloper or publisher in respect to any standard it processes. No representation is made or impliedthat licenses are not required to avoid infringement in the use of thi

12、s standard.iContentsPageForeword .iv1 Scope. 12 Conformance . 13 Normative References . 24 Terms and Definitions 24.1 Biometric Sample. 24.2 Claim to Identity . 24.3 Encounter. 24.4 Encounter-Centric 34.5 Gallery 34.6 Identification. 34.7 Identity Assurance . 34.8 Person-Centric. 34.9 Subject. 34.10

13、 Verification . 35 Symbols and Abbreviated Terms. 46 System Context 46.1 Service-Oriented Architectures 46.2 BIAS Architecture. 66.3 BIAS Implementation Considerations 77 Biometric Identity Assurance Services. 97.1 BIAS Interface XML Schema . 97.2 Primitive Services 107.2.1 Add Subject To Gallery 10

14、7.2.2 Check Quality. 117.2.3 Classify Biometric Data 127.2.4 Create Subject . 147.2.5 Delete Biographic Data 147.2.6 Delete Biometric Data 157.2.7 Delete Subject 167.2.8 Delete Subject From Gallery 177.2.9 Get Identify Subject Results. 187.2.10 Identify Subject 197.2.11 List Biographic Data. 207.2.1

15、2 List Biometric Data. 227.2.13 Perform Fusion 237.2.14 Query Capabilities 247.2.15 Retrieve Biographic Information. 307.2.16 Retrieve Biometric Information. 31iiPage7.2.17 Set Biographic Data. 327.2.18 Set Biometric Data. 337.2.19 Transform Biometric Data 357.2.20 Update Biographic Data. 367.2.21 U

16、pdate Biometric Data. 377.2.22 Verify Subject. 387.3 Aggregate Services . 397.3.1 Enroll 407.3.2 Get Enroll Results 417.3.3 Get Identify Results . 417.3.4 Get Verify Results 427.3.5 Identify . 437.3.6 Retrieve Information 447.3.7 Verify 458 Data Elements and Data Types. 468.1 Biographic Data . 468.1

17、.1 Biographic Data Type 478.1.2 Biographic Data Item Type 478.1.3 Biographic Data Set Type 488.2 Biometric Data . 498.2.1 CBEFF BIR Type . 498.2.2 CBEFF BIR List Type 518.2.3 Biometric Data Element Type 518.2.4 Biometric Data List Type 538.3 Candidate Lists 538.3.1 Candidate Type . 538.3.2 Candidate

18、 List Type. 548.4 Capabilities 548.4.1 Capability Type 558.4.2 Capability List Type . 568.5 Fusion Information . 568.5.1 Fusion Information Type 568.5.2 Fusion Information List Type . 578.6 Other Data Types 578.6.1 Encounter List Type. 578.6.2 Information Type 588.6.3 List Filter Type . 588.6.4 Proc

19、essing Options Type. 598.6.5 Token Type 599 Error Handling and Notification 609.1 Successful Service Calls . 609.2 Error Condition Codes . 6110 Security 62iiiPageAnnexesA Conformance Requirements 63B Bibliography . 70C Example Usage Scenarios. 71ivForeword (This foreword is not part of American Nati

20、onal Standard INCITS 442-2010.)INCITS (The InterNational Committee for Information Technology Standards) is theANSI recognized Standards Development Organization for information technologywithin the United States of America. Members of INCITS are drawn from Govern-ment, Corporations, Academia and ot

21、her organizations with a material interest in thework of INCITS and its Technical Committees. INCITS does not restrict membershipand attracts participants in its technical work from 13 different countries, and oper-ates under the rules of the American National Standards Institute.In the field of Bio

22、metrics, INCITS has established the Technical Committee M1. Stan-dards developed by this Technical Committee have reached consensus throughoutthe development process and have been thoroughly reviewed through several PublicReview processes. In addition, the INCITS Executive Board and the ANSI Board o

23、fStandards Review have approved this American National Standard for publication asan INCITS Standard.This standard contains three annexes. Annex A is normative and is considered partof the standard. Annexes B and C are informative and are not considered part of thestandard.Requests for interpretatio

24、n, suggestions for improvement or addenda, or defect re-ports are welcome. They should be sent to InterNational Committee for InformationTechnology Standards (INCITS), ITI, 1101 K Street, NW, Suite 610, Washington, DC20005.This standard was processed and approved for submittal to ANSI by INCITS. Com

25、-mittee approval of this standard does not necessarily imply that all committee mem-bers voted for its approval. At the time it approved this standard, INCITS had thefollowing members:Don Wright, ChairJennifer Garner, SecretaryOrganization Represented Name of RepresentativeAdobe Systems, Inc. Scott

26、FosheeSteve Zilles (Alt.)AIM Global, Inc. Dan MullenCharles Biss (Alt.)Apple Computer, Inc. Kwok LauHelene Workman (Alt.)David Singer (Alt.)Distributed Managment Task Force . John CrandallJeff Hilland (Alt.)Electronic Industries Alliance . Edward Mikoski, Jr.Henry Cuschieri (Alt.)EMC Corporation Gar

27、y RobinsonFarance, Inc. Frank FaranceTimothy Schoechle (Alt.)Google Zaheda BhoratGS1 US Ray DelnickiFrank Sharkey (Alt.)James Chronowski (Alt.)Mary Wilson (Alt.)Hewlett-Packard Company. Karen HigginbottomPaul Jeran (Alt.)IBM Corporation . Gerald LaneRobert Weir (Alt.)IEEE . Bill AshTerry DeCourcelle

28、 (Alt.)Jodie Haasz (Alt.)Bob Labelle (Alt.)vOrganization Represented Name of RepresentativeIntel .Philip WennblomGrace Wei (Alt.)Stephen Balogh (Alt.)Lexmark InternationalDon WrightDwight Lewis (Alt.)Paul Menard (Alt.)Microsoft CorporationJim HughesDave Welsh (Alt.)Mark Ryland (Alt.)John Calhoun (Al

29、t.)National Institute of Standards however, it is possible that some of the basic biometric services defined herein may be used by such an implementation in the future. 2 Conformance Annex A specifies the conformance requirements for systems/components claiming conformance to this standard. INCITS 4

30、42-2010 3 Normative References The following standards contain provisions which, through reference in this text, constitute provisions of this American National Standard. All standards are subject to revision, and parties to agreements based on this American National Standard are encouraged to inves

31、tigate the possibility of applying the most recent editions of the standards indicated below. OASIS BIAS SOAP Profile ANSI INCITS 398-2008 Information Technology Common Biometric Exchange Formats Framework (CBEFF) ISO/IEC 19784-1:2006, Information Technology Biometric Application Programming Interfa

32、ce Part 1: BioAPI Specification ISO/IEC 19785-1:2006, Information Technology Common Biometric Exchange Formats Framework Part 1: Data Element Specification ISO/IEC 19785-2:2006, Information Technology Common Biometric Exchange Formats Framework Part 2: Procedures for the Operation of the Biometric R

33、egistration Authority ISO/IEC 19785-3:2007, Information technology Common Biometric Exchange Formats Framework Part 3: Patron format specifications 4 Terms and Definitions For the purposes of this document, the following terms and definitions apply. 4.1 Biometric Sample Analog or digital representat

34、ion of biometric characteristics (prior to biometric feature extraction process and obtained from a biometric capture device or biometric capture subsystem) 4.2 Claim to Identity Assertion that an individual is or is not the source of a specified or unspecified biometric reference in an identity ass

35、urance system; also called “biometric claim”. 4.3 Encounter An interaction with a subject. Each encounter may contain unique information collected during the encounter and/or describing the encounter. 2 INCITS 442-2010 4.4 Encounter-Centric A system that supports encounter processing, maintaining a

36、one-to-many relationship between subjects and encounters, and which does not necessarily contain a single, unique set of information for each subject. 4.5 Gallery A group of subjects, related by a common purpose, designation, or status. For example: a watch list, or a set of subjects entitled to a c

37、ertain benefit. 4.6 Identification A biometric system function that performs a one-to-many search, in which a biometric sample(s) from one individual is compared against the biometric references of many individuals to return the identifiers of those with a specified degree of similarity. 4.7 Identit

38、y Assurance The process of establishing, determining, and/or confirming a subject identity. 4.8 Person-Centric A system that maintains a single, unique view of a subject, and which does not support encounter processing. 4.9 Subject A person who is known to an identity assurance system. 4.10 Verifica

39、tion A biometric system function that performs a one-to-one comparison, in which a biometric sample(s) from one individual is compared to biometric reference(s) from one individual to produce a comparison score 3 INCITS 442-2010 5 Symbols and Abbreviated Terms AFIS Automated Fingerprint Identificati

40、on System BIAS Biometric Identity Assurance Services BIR Biometric Information Record CBEFF Common Biometric Exchange Formats Framework ESB Enterprise Service Bus ID Identity/Identification/Identifier OASIS Organization for the Advancement of Structured Information Standards SOA Service-Oriented Arc

41、hitecture URI Uniform Resource Identifier 6 System Context This clause provides an overview of Service-Oriented Architectures, the BIAS architecture, and BIAS implementation considerations. 6.1 Service-Oriented Architectures Service-Oriented Architectures are software architectures in which reusable

42、 services are deployed onto application servers and then consumed by clients in different applications or business processes. They are intended to decouple the implementation of a software service from the interface that calls that service. This allows clients of a service to rely on a consistent in

43、terface regardless of the implementation technology of the service JDJ (see annex B). Biometric services are one of the types of services that can be provided over such a remote interface in a distributed information system across a collection of networks. This can occur in a 2-tier, 3-tier, or N-ti

44、er environment. A diagram of a simple N-tier architecture is shown in Figure 1. 4 INCITS 442-2010 Figure 1 Simple N-Tier Architecture In this simple diagram, BIAS services are defined between the application logic layer and the resource management layer. Examples of biometric resources that are of i

45、nterest may include one or more of the following: A fingerprint verification matching server A 1:N iris search/match engine A facial biometric watch list A criminal or civil automated fingerprint identification system (AFIS) A name-based biographic identity database An archive of biometric identifie

46、rs A population of subjects. It is desired that a generic set of services be defined that allows clients to remotely access and manage these capabilities. To the extent possible, domain-specific implementations are to be avoided. NOTE: This standard is intended to support a wide variety of applicati

47、on domains which may include government (e.g., background checking, border management, and criminal justice), enterprise (e.g., logical access control), and commercial biometric identity management implementations (e.g., employee databases). Services are well-defined, self-contained modules that pro

48、vide standard business functionality and are independent of the state or context of other services and that can be assembled easily to form a collection of autonomous and loosely coupled business processes. 5 INCITS 442-2010 It is not the intention that specific business logic be instantiated within

49、 the service definitions this logic is more appropriate within the application logic layer either in the higher level system initiating the series of requests, or within the middleware (e.g., an enterprise service bus ESB, workflow manager, or biometric middleware) as appropriate. To do so would of necessity make the interface less generic, modular, and flexible and require that the interface be updated each time the logic changed, defeating one of the primary purposes of the services architecture. The services to be defined are not t