ANSI INCITS ISO IEC 24713-1-2008 Information technology - Biometric profiles for interoperability and data interchange - Part 1 Overview of biometric systems and biometric profiles.pdf

1、 INCITS/ISO/IEC 24713-1:2008 2009 ISO/IEC 24713-1:2008 Information technology Biometric profiles for interoperability and data interchange Part 1: Overview of biometric systems and biometric profiles INCITS/ISO/IEC 24713-1:2008 2009 PDF disclaimer This PDF file may contain embedded typefaces. In acc

2、ordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes

3、licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for pri

4、nting. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Adopted by INCITS (InterNational Committee for Information Technology Sta

5、ndards) as an American National Standard. Date of ANSI Approval: 8/27/2009 Published by American National Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2009 by Information Technology Industry Council (ITI). All rights reserved. These materials are subject to copyright

6、claims of International Standardization Organization (ISO), International Electrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication may be reproduced in any form, including an electr

7、onic retrieval system, without the prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America ii ITIC 2009 All rights reserved ISO/IEC 24713-1:2008(E) ISO/IEC 2008 All rights

8、reserved iiiContents Page Foreword iv Introduction v 1 Scope . 1 2 Normative references . 1 3 Terms and definitions. 1 4 Abbreviated terms 6 5 General biometric system 6 5.1 Conceptual diagram of general biometric system 6 5.2 Conceptual components of a general biometric system 7 5.2.1 Data capture

9、subsystem 7 5.2.2 Transmission subsystem (not portrayed in diagram). 7 5.2.3 Signal processing subsystem . 7 5.2.4 Data storage subsystem 7 5.2.5 Matching subsystem 7 5.2.6 5.2.6 Decision subsystem 7 5.2.7 5.2.7 Administration subsystem (not portrayed in diagram) 8 5.2.8 Interface (not portrayed in

10、diagram). 8 5.3 Functions of general biometric system 8 5.3.1 Enrolment 8 5.3.2 Verification 9 5.3.3 Identification 9 6 Relationship between the biometric system and the application 10 6.1 General. 10 6.2 The ID life-cycle. 10 6.2.1 Proofing . 11 6.2.2 Registration . 11 6.2.3 Issuance. 11 6.2.4 Usag

11、e . 11 6.3 Subject versus end-user 11 6.3.1 6.3.1 Access control example 12 6.3.2 Travel document example 12 6.4 Biometric decision versus authorization .13 7 Interfaces between the biometric system and the application 14 7.1 Application programming interface (API).14 7.2 Protocol interface . 15 7.3

12、 Hardware based electronic input/output interface 15 8 Developing biometric profiles utilising biometrics base standards . 15 8.1 Relationships of biometric base standards and their use in biometric profiles 15 8.2 Classes 16 8.2.1 Application class 16 8.2.2 Data class 16 8.2.3 Interface class . 17

13、8.3 Using biometric base standards to develop biometric profiles. 17 Bibliography . 18 ISO/IEC 24713-1:2008(E) iv ISO/IEC 2008 All rights reservedForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of

14、preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental,

15、 in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main t

16、ask of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attent

17、ion is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/IEC 24713-1 was prepared by Technical Committee ISO/TC JTC 1, Information technology, Subcommittee SC 3

18、7, Biometrics. ISO/IEC 24713 consists of the following parts, under the general title Information technology Biometric profiles for interoperability and data interchange: Part 1: Overview of biometric systems and biometric profiles Part 2: Physical access control for employees at airports Part 3: Bi

19、ometric based verification and identification of seafarers ISO/IEC 24713-1:2008(E) ISO/IEC 2008 All rights reserved vIntroduction This part of ISO/IEC 24713 is intended to form the overview part of the multipart standard on biometric profiles for interoperability and data interchange. It describes a

20、 schema for the use of a number of biometric standards. This part of ISO/IEC 24713 is not intended to replace or counter any other part of this International Standard, but rather to be used as a reference guide for the implementation of a generic biometric system or a profile-standardized system. Th

21、is part of ISO/IEC 24713 provides generic information and guidance to users about biometric systems and the use of the various base standards within biometric profiles to support interoperability and data interchange among biometrics applications and systems. This part of ISO/IEC 24713 is one of a f

22、amily of international standards being developed by ISO/IEC JTC 1/SC 37 that support interoperability and data interchange among biometrics applications and systems. This family of standards specifies requirements that solve the complexities of applying biometrics to a wide variety of personal recog

23、nition applications, whether such applications operate in an open systems 1)environment or consist of a single, closed system. Biometric data interchange format standards and biometric interface standards are both necessary to achieve full data interchange and interoperability for biometric recognit

24、ion in an open systems environment. The ISO/IEC JTC 1/SC 37 biometric standards family includes a layered set of standards consisting of biometric data interchange formats and biometric interfaces, as well as biometric profiles that describe the use of these standards in specific application areas.

25、The biometric data interchange format standards specify biometric data interchange records for different biometric modalities. Parties that agree in advance to exchange biometric data interchange records as specified in a subset of the ISO/IEC JTC 1/SC 37 biometric data interchange format standards

26、should be able to perform biometric recognition with each others data. Parties should also be able to perform biometric recognition even without advance agreement on the specific biometric data interchange format standards to be used, provided they have built their systems on the layered ISO/IEC JTC

27、 1/SC 37 family of biometric standards. The biometric interface standards include the Common Biometric Exchange Formats Framework (CBEFF) and the Biometric Application Programming Interface (BioAPI). These standards support exchange of biometric data within a system or among systems. The CBEFF stand

28、ard specifies the basic structure of a standardized Biometric Information Record (BIR) which includes the biometric data interchange record with added metadata, such as when it was captured, its expiry date, whether it is encrypted, etc. The BioAPI standard specifies an open system API that supports

29、 communications between software applications and underlying biometric technology services. BioAPI also specifies a CBEFF BIR format for the storage and transmission of BioAPI-produced data. The biometric profile standards facilitate implementations of the base standards (e.g. the ISO/IEC JTC 1/SC 3

30、7 biometric data interchange format and biometric interface standards, and possibly non-biometric standards) for defined applications. These profile standards define the functions of an application (e.g. Physical Access Control for Employees at Airports) and then specify use of options in the base s

31、tandards to ensure biometric interoperability. 1) Open systems are built on standards based, publicly defined data formats, interfaces, and protocols to facilitate data interchange and interoperability with other systems, which may include components of different design or manufacture. A closed syst

32、em may also be built on publicly defined standards, and may include components of different design or manufacture, but inherently has no requirement for data interchange and interoperability with any other system. INTERNATIONAL STANDARD ISO/IEC 24713-1:2008(E) ISO/IEC 2008 All rights reserved 1Infor

33、mation technology Biometric profiles for interoperability and data interchange Part 1: Overview of biometric systems and biometric profiles 1 Scope This part of ISO/IEC 24713 identifies and defines the functional blocks and components of a generic biometric system, and the distinct characteristics o

34、f each component. It also defines a generic biometric reference architecture incorporating the relevant biometric-related base standards to support interoperability and data interchange. 2 Normative references The following referenced documents are indispensable for the application of this document.

35、 For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 19794-1:2006, Information technology Biometric data interchange formats Part 1: Framework 3 Terms and definitions For the purpose o

36、f this document, the following terms and definitions apply. 3.1 application programming interface API software based interface that can be used for communications and interfacing between an application and the biometric system. NOTE 1 An API is computer code used by an application developer. Any bio

37、metric system that is compatible with the API can be added or interchanged by the application developer. NOTE 2 APIs are often described by the degree to which they are high level or low level. High level means that the interface is proximate to the application and low-level means that the interface

38、 is proximate to the device. 3.2 application hardware/software system implemented to satisfy a broad set of requirements. NOTE In this context, an application incorporates a biometric system to satisfy a subset of requirements related to the verification or identification of an end-users identity so

39、 that the end-users identifier can be used to facilitate the end-users interaction with the system. EXAMPLE A biometrics-enabled time and attendance system has a broad requirement to record an employees starting and leaving times so the employee can be paid the correct amount of wages. The system us

40、es biometrics to verify ISO/IEC 24713-1:2008(E) 2 ISO/IEC 2008 All rights reservedthe employees “end-users” claim that his identity is the one that the system has associated with the employees id-number identifier at the times when the employee interacts with the biometric device as he enters and le

41、aves the work place. 3.3 base standard fundamental standard with elements that contain options. NOTE Base standards can be used in diverse applications, for each of which it may be useful to fix the optional elements in a standardized profile with the aim of achieving interoperability between instan

42、ces of the specific application. 3.4 biometric pertaining to the field of biometrics NOTE “Biometric” is never used as a noun. 3.5 biometrics automated recognition of individuals based on their behavioural and biological characteristics 3.6 biometric data information extracted from the biometric sam

43、ple used to build a template or to compare against a previously created template 3.7 biometric functions procedures or activities of enrolment (3.19), verification (3.40) and/or identification (3.25) within a biometric system 3.8 biometric interchange data BID biometric data formatted according to o

44、ne or more of the data interchange standards as defined by ISO 19794 3.9 biometric profile conforming subsets or combinations of base standards used to effect specific biometric functions NOTE Biometric profiles define specific values or conditions from the range of options described in the relevant

45、 base standards, with the aim of supporting the interchange of data between applications and the interoperability of systems. 3.10 biometric sample raw data representing a biometric characteristic of an end-user as captured by a biometric system 3.11 biometric system (mainly) automated system capabl

46、e of 1) capturing a biometric sample from an end-user or as provided by a forensic technology, 2) extracting biometric data from that sample, or alternatively, deriving biometric features from the biometric data in a form suitable for comparison with one or more reference templates, 3) comparing the

47、 biometric features with those contained in one or more reference templates , 4) determining the level of similarity by a score or other metric, or alternatively, ranking in accordance with the level of similarity as determined by a score or other metric, ISO/IEC 24713-1:2008(E) ISO/IEC 2008 All rig

48、hts reserved 35) returning a result to the application indicating whether the identification and/or verification has been successful or not, and 6) storing and managing biometric data and related system information NOTE The set of biometric systems can be divided in two classes as follows: Single-bi

49、ometric system: biometric system that uses a single biometric modality, algorithm or sensor. Multi-biometric system: biometric system that uses multiple biometric modalities and/or sensors and/or algorithms. 3.12 biometric system components those parts or elements of the system that perform specific tasks that are required by the system in order for it to function. EXAMPLE Examples of biometric system components are captur