ANSI INCITS ISO IEC 24713-2-2008 Information technology - Biometric profiles for interoperability and data interchange - Part 2 Physical access control for employees at airports.pdf

1、 INCITS/ISO/IEC 24713-2:2008 2009 ISO/IEC 24713-2:2008 Information technology Biometric profiles for interoperability and data interchange Part 2: Physical access control for employees at airports INCITS/ISO/IEC 24713-2:2008 2009 PDF disclaimer This PDF file may contain embedded typefaces. In accord

2、ance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes lic

3、ensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printi

4、ng. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Adopted by INCITS (InterNational Committee for Information Technology Standa

5、rds) as an American National Standard. Date of ANSI Approval: 8/27/2009 Published by American National Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2009 by Information Technology Industry Council (ITI). All rights reserved. These materials are subject to copyright cla

6、ims of International Standardization Organization (ISO), International Electrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication may be reproduced in any form, including an electroni

7、c retrieval system, without the prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America ii ITIC 2009 All rights reserved ISO/IEC 24713-2:2008(E) ISO/IEC 2008 All rights res

8、erved iiiContents Page Foreword. v Introduction . vi 1 Scope . 1 2 Conformance. 1 3 Normative references . 2 4 Terms and definitions. 3 5 Environment 6 5.1 Employees in the targeted environment 6 5.2 Architecture. 6 5.3 Token 6 5.4 Token management system. 7 5.5 Command and control system 7 5.6 Comm

9、and and control administration system 8 5.7 Infrastructure system . 8 6 Process 8 6.1 General. 8 6.2 Proofing . 8 6.3 Registration . 8 6.4 Issuance. 9 6.5 Activation to a local access control system 9 6.6 Usage . 9 7 Security Considerations 10 Annex A (normative) Requirements List 12 A.1 General. 12

10、 A.2 Relationship between RL and corresponding ICS proformas . 12 A.3 Profile Specific Implementation Conformance Statement . 13 A.4 Instruction for completing the ICS proforma. 13 A.4.1 General structure of the ICS proforma. 13 A.4.2 Additional Information 13 A.4.3 Exception Information 13 A.5 ICS

11、proforma . 14 A.6 Interchange Formats 15 A.6.1 Finger Image Data (ISO/IEC 19794-4:2005) 15 A.6.2 Finger Minutiae Data (ISO/IEC 19794-2:2005) 16 A.6.3 Finger Pattern Spectral Data (ISO/IEC 19794-3:2006) . 19 A.6.4 Face Image Data (ISO/IEC19794-5:2005) 21 A.6.5 Iris Image Data (ISO/IEC 19794-6:2005) 2

12、4 A.6.6 Signature/Sign Time Series Data (ISO/IEC 19794-7:2007) 25 A.6.7 Finger Pattern Skeletal Data (ISO/IEC 19794-8:2006)27 A.6.8 Vascular Image Data (ISO/IEC 19794-9:2007) 31 A.6.9 Hand Geometry Silhouette Data (ISO/IEC 19794-10:2007) 33 A.7 Technical Interface Standards. 34 A.7.1 BioAPI (ISO/IEC

13、 19784-1:2006) 34 A.7.2 CBEFF (ISO/IEC 19785-1:2006) 39 Annex B (informative) Additional information. 41 ISO/IEC 24713-2:2008(E) iv ISO/IEC 2008 All rights reservedAnnex C (informative) Security Considerations 44 C.1 Approaches 44 C.2 Representative threat list . 44 Bibliography . 46 ISO/IEC 24713-2

14、:2008(E) ISO/IEC 2008 All rights reserved vForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the developmen

15、t of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental,

16、in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joi

17、nt technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attent

18、ion is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/IEC 24713-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommitt

19、ee SC 37, Biometrics. ISO/IEC 24713 consists of the following parts, under the general title Information technology Biometric profiles for interoperability and data interchange: Part 1: Overview of biometric systems and biometric profiles Part 2: Physical access control for employees at airports Par

20、t 3: Biometrics-based verification and identification of seafarers ISO/IEC 24713-2:2008(E) vi ISO/IEC 2008 All rights reservedIntroduction This part of ISO/IEC 24713 is one of a family of International Standards being developed by ISO/IEC JTC 1/SC 37 that support interoperability and data interchang

21、e among biometrics applications and systems.1)This family of standards specifies requirements that solve the complexities of applying biometrics to a wide variety of personal recognition applications, whether such applications operate in an open systems environment or consist of a single, closed sys

22、tem. Biometric data interchange format standards and biometric interface standards are both necessary to achieve full data interchange and interoperability for biometric recognition in an open systems environment. The ISO/IEC JTC 1/SC 37 biometric standards family includes a layered set of standards

23、 consisting of biometric data interchange formats and biometric interfaces, as well as biometric profiles that describe the use of these standards in specific application areas. The biometric data interchange format standards specify biometric data interchange records for different biometric modalit

24、ies. Parties that agree in advance to exchange biometric data interchange records as specified in a subset of the ISO/IEC JTC 1/SC 37 biometric data interchange format standards should be able to perform biometric recognition with each others data. Parties should also be able to perform biometric re

25、cognition even without advance agreement on the specific biometric data interchange format standards to be used, provided they have built their systems on the layered ISO/IEC JTC 1/SC 37 family of biometric standards. The biometric interface standards include ISO/IEC 19785, the Common Biometric Exch

26、ange Formats Framework (CBEFF) and ISO/IEC 19784, the Biometric Application Programming Interface (BioAPI). These standards support exchange of biometric data within a system or among systems. ISO/IEC 19785 specifies the basic structure of a standardized Biometric Information Record (BIR) which incl

27、udes the biometric data interchange record with added metadata, such as when it was captured, its expiry date, whether it is encrypted, etc. ISO/IEC 19784 specifies an open system API that supports communications between software applications and underlying biometric technology services. BioAPI also

28、 specifies a CBEFF BIR format for the storage and transmission of BioAPI-produced data. The biometric profile standards facilitate implementations of the base standards (e.g. the ISO/IEC JTC 1/SC 37 biometric data interchange format and biometric interface standards, and possibly non-biometric stand

29、ards) for defined applications. These profile standards define the functions of an application (e.g. physical access control for employees at airports) and then specify use of options in the base standards to ensure biometric interoperability. 1) Open systems are built on standards-based, publicly d

30、efined data formats, interfaces, and protocols to facilitate data interchange and interoperability with other systems, which may include components of different design or manufacture. A closed system may also be built on publicly defined standards, and may include components of different design or m

31、anufacture, but inherently has no requirement for data interchange and interoperability with any other system. INTERNATIONAL STANDARD ISO/IEC 24713-2:2008(E) ISO/IEC 2008 All rights reserved 1Information technology Biometric profiles for interoperability and data interchange Part 2: Physical access

32、control for employees at airports 1 Scope This part of ISO/IEC 24713 specifies the biometric profile including necessary parameters and interfaces between function modules (i.e. BioAPI based modules and an external interface) in support of token-based biometric identification and verification of emp

33、loyees, at local access points (i.e. doors or other controlled entrances) and across local boundaries within the defined area of control in an airport. The token is expected to contain one or more biometric references. This part of ISO/IEC 24713 does not specify a complete Access Control System for

34、deployment at access points within the secure area of an airport. It is assumed that such systems exist and that a biometric component that is the subject of this part of ISO/IEC 24713 is being added to an existing system. It therefore excludes such things as device features, and exception and incid

35、ent reporting and handling. This information is contained in Annex C for information only. This part of ISO/IEC 24713 includes recommended practices for enrolment, watch list checking, duplicate issuance prevention, and verification of the identity of employees at airports. It also describes archite

36、ctures and business processes appropriate to the support of token-based identity management in the secure environment of an airport. It is recommended that the confidentiality, integrity, and availability of biometric data be safeguarded in accordance with local, regional, or national policy conside

37、rations. This part of ISO/IEC 24713 does not preclude users building applications based on this part of ISO/IEC 24713 from being able to meet such privacy/data protection requirements as may apply to their application. The specification of privacy/data protection requirements that may apply is outsi

38、de the scope of this part of ISO/IEC 24713. 2 Conformance A system conforms to this part of ISO/IEC 24713 if it correctly performs all the mandatory capabilities defined in the requirements list and supplies the profile specific Implementation Conformance Statement (ICS) in Annex A. Note that more c

39、apabilities may be required than in the base standards. ISO/IEC 24713-2:2008(E) 2 ISO/IEC 2008 All rights reserved3 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated refere

40、nces, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 19784-1:2006, Information technology Biometric application programming interface Part 1: BioAPI specification ISO/IEC 19785-1:2006, Information technology Common Biometric Exchange Formats Framework Part

41、1: Data element specification ISO/IEC 19785-3:2007, Information technology Common Biometric Exchange Formats Framework Part 3: Patron format specifications ISO/IEC 19794-2:2005, Information technology Biometric data interchange formats Part 2: Finger minutiae data ISO/IEC 19794-3:2006, Information t

42、echnology Biometric data interchange formats Part 3: Finger pattern spectral data ISO/IEC 19794-4:2005, Information technology Biometric data interchange formats Part 4: Finger image data ISO/IEC 19794-5:2005, Information technology Biometric data interchange formats Part 5: Face image data ISO/IEC

43、19794-6:2005, Information technology Biometric data interchange formats Part 6: Iris image data ISO/IEC 19794-7:2007, Information technology Biometric data interchange formats Part 7: Signature/sign time series data ISO/IEC 19794-8:2006, Information technology Biometric data interchange formats Part

44、 8: Finger pattern skeletal data ISO/IEC 19794-9:2007, Information technology Biometric data interchange formats Part 9: Vascular image data ISO/IEC 19794-10:2007, Information technology Biometric data interchange formats Part 10: Hand geometry silhouette data ISO/IEC 19795-1:2006, Information techn

45、ology Biometric performance testing and reporting Part 1: Principles and framework ISO/IEC 19795-2;2007, Information technology Biometric performance testing and reporting Part 2: Testing methodologies for technology and scenario evaluation ISO/IEC 24713-1:2008, Information technology Biometric prof

46、iles for interoperability and data interchange Part 1: Overview of biometric systems and biometric profiles ISO/IEC 24713-2:2008(E) ISO/IEC 2008 All rights reserved 34 Terms and definitions For the purposes of this document, the following terms and definitions apply. 4.1 application program or piece

47、 of software designed to fulfil a particular purpose 4.2 base standard standard that is part of a profile and from which options, subsets, and parameter values are selected if these choices are left open in the standard 4.3 biometric pertaining to biometrics 4.4 biometrics automated recognition of i

48、ndividuals based on their behavioural and biological characteristics 4.5 biometric characteristic measurable, physical characteristic or personal behavioural trait used to recognize the identity, or verify the claimed identity, of an enrolee 4.6 biometric feature concise representation of informatio

49、n extracted from an acquired or intermediate biometric sample by applying a mathematical transformation 4.7 biometric profile conforming subsets or combinations of base standards used to provide specific functions NOTE Biometric profiles identify the use of particular options available in base standards, and provide a basis for the interchange of data between applications and interoperabil