1、 Collection of SANS standards in electronic format (PDF) 1. Copyright This standard is available to staff members of companies that have subscribed to the complete collection of SANS standards in accordance with a formal copyright agreement. This document may reside on a CENTRAL FILE SERVER or INTRA
2、NET SYSTEM only. Unless specific permission has been granted, this document MAY NOT be sent or given to staff members from other companies or organizations. Doing so would constitute a VIOLATION of SABS copyright rules. 2. Indemnity The South African Bureau of Standards accepts no liability for any
3、damage whatsoever than may result from the use of this material or the information contain therein, irrespective of the cause and quantum thereof. ISBN 978-0-626-22346-5 SANS 24713-2:2009 Edition 1 ISO/IEC 24713-2:2008 Edition 1SOUTH AFRICAN NATIONAL STANDARD Information technology Biometric profile
4、s for interoperability and data interchange Part 2: Physical access control for employees at airports This national standard is the identical implementation of ISO/IEC 24713-2:2008 and is adopted with the permission of the International Organization for Standardization and the International Electrot
5、echnical Commission. Published by SABS Standards Division 1 Dr Lategan Road Groenkloof Private Bag X191 Pretoria 0001 Tel: +27 12 428 7911 Fax: +27 12 344 1568 www.sabs.co.za SABS This standard may only be used and printed by approved subscription and freemailing clients of the SABS.SANS 24713-2:200
6、9 Edition 1 ISO/IEC 24713-2:2008 Edition 1 Table of changes Change No. Date Scope National foreword This South African standard was approved by National Committee SABS SC 71J, Information technology Cards and personal identification, in accordance with procedures of the SABS Standards Division, in c
7、ompliance with annex 3 of the WTO/TBT agreement. This SANS document was published in March 2009. This standard may only be used and printed by approved subscription and freemailing clients of the SABS. Reference number ISO/IEC 24713-2:2008(E) ISO/IEC 2008INTERNATIONAL STANDARD ISO/IEC 24713-2 First
8、edition 2008-06-01 Information technology Biometric profiles for interoperability and data interchange Part 2: Physical access control for employees at airports Technologies de linformation Profils biomtriques pour interoprabilit et change de donnes Partie 2: Contrle daccs physique pour les employs
9、aux aroports SANS 24713-2:2009This standard may only be used and printed by approved subscription and freemailing clients of the SABS.ISO/IEC 24713-2:2008(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed bu
10、t shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this
11、area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for us
12、e by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2008 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized
13、 in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41
14、 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2008 All rights reservedSANS 24713-2:2009This standard may only be used and printed by approved subscription and freemailing clients of the SABS.ISO/IEC 24713-2:2008(E) ISO/IEC 2008 All rights reserved iii Cont
15、ents Page Foreword. v Introduction . vi 1 Scope. 1 2 Conformance. 1 3 Normative references. 2 4 Terms and definitions. 3 5 Environment 6 5.1 Employees in the targeted environment 6 5.2 Architecture. 6 5.3 Token 6 5.4 Token management system. 7 5.5 Command and control system 7 5.6 Command and control
16、 administration system 8 5.7 Infrastructure system . 8 6 Process 8 6.1 General. 8 6.2 Proofing. 8 6.3 Registration. 8 6.4 Issuance. 9 6.5 Activation to a local access control system 9 6.6 Usage. 9 7 Security Considerations 10 Annex A (normative) Requirements List 12 A.1 General. 12 A.2 Relationship
17、between RL and corresponding ICS proformas . 12 A.3 Profile Specific Implementation Conformance Statement . 13 A.4 Instruction for completing the ICS proforma. 13 A.4.1 General structure of the ICS proforma . 13 A.4.2 Additional Information 13 A.4.3 Exception Information 13 A.5 ICS proforma . 14 A.6
18、 Interchange Formats 15 A.6.1 Finger Image Data (ISO/IEC 19794-4:2005) 15 A.6.2 Finger Minutiae Data (ISO/IEC 19794-2:2005) 16 A.6.3 Finger Pattern Spectral Data (ISO/IEC 19794-3:2006) . 19 A.6.4 Face Image Data (ISO/IEC19794-5:2005) 21 A.6.5 Iris Image Data (ISO/IEC 19794-6:2005) 24 A.6.6 Signature
19、/Sign Time Series Data (ISO/IEC 19794-7:2007) 25 A.6.7 Finger Pattern Skeletal Data (ISO/IEC 19794-8:2006)27 A.6.8 Vascular Image Data (ISO/IEC 19794-9:2007) 31 A.6.9 Hand Geometry Silhouette Data (ISO/IEC 19794-10:2007) 33 A.7 Technical Interface Standards. 34 A.7.1 BioAPI (ISO/IEC 19784-1:2006) 34
20、 A.7.2 CBEFF (ISO/IEC 19785-1:2006) 39 Annex B (informative) Additional information. 41 SANS 24713-2:2009This standard may only be used and printed by approved subscription and freemailing clients of the SABS.ISO/IEC 24713-2:2008(E) iv ISO/IEC 2008 All rights reservedAnnex C (informative) Security C
21、onsiderations 44 C.1 Approaches 44 C.2 Representative threat list . 44 Bibliography . 46 SANS 24713-2:2009This standard may only be used and printed by approved subscription and freemailing clients of the SABS.ISO/IEC 24713-2:2008(E) ISO/IEC 2008 All rights reserved v Foreword ISO (the International
22、 Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by t
23、he respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of i
24、nformation technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft Intern
25、ational Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document
26、 may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/IEC 24713-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 37, Biometrics. ISO/IEC 24713 consists of the following parts, under
27、 the general title Information technology Biometric profiles for interoperability and data interchange: Part 1: Overview of biometric systems and biometric profiles Part 2: Physical access control for employees at airports Part 3: Biometrics-based verification and identification of seafarers SANS 24
28、713-2:2009This standard may only be used and printed by approved subscription and freemailing clients of the SABS.ISO/IEC 24713-2:2008(E) vi ISO/IEC 2008 All rights reservedIntroduction This part of ISO/IEC 24713 is one of a family of International Standards being developed by ISO/IEC JTC 1/SC 37 th
29、at support interoperability and data interchange among biometrics applications and systems. 1)This family of standards specifies requirements that solve the complexities of applying biometrics to a wide variety of personal recognition applications, whether such applications operate in an open system
30、s environment or consist of a single, closed system. Biometric data interchange format standards and biometric interface standards are both necessary to achieve full data interchange and interoperability for biometric recognition in an open systems environment. The ISO/IEC JTC 1/SC 37 biometric stan
31、dards family includes a layered set of standards consisting of biometric data interchange formats and biometric interfaces, as well as biometric profiles that describe the use of these standards in specific application areas. The biometric data interchange format standards specify biometric data int
32、erchange records for different biometric modalities. Parties that agree in advance to exchange biometric data interchange records as specified in a subset of the ISO/IEC JTC 1/SC 37 biometric data interchange format standards should be able to perform biometric recognition with each others data. Par
33、ties should also be able to perform biometric recognition even without advance agreement on the specific biometric data interchange format standards to be used, provided they have built their systems on the layered ISO/IEC JTC 1/SC 37 family of biometric standards. The biometric interface standards
34、include ISO/IEC 19785, the Common Biometric Exchange Formats Framework (CBEFF) and ISO/IEC 19784, the Biometric Application Programming Interface (BioAPI). These standards support exchange of biometric data within a system or among systems. ISO/IEC 19785 specifies the basic structure of a standardiz
35、ed Biometric Information Record (BIR) which includes the biometric data interchange record with added metadata, such as when it was captured, its expiry date, whether it is encrypted, etc. ISO/IEC 19784 specifies an open system API that supports communications between software applications and under
36、lying biometric technology services. BioAPI also specifies a CBEFF BIR format for the storage and transmission of BioAPI-produced data. The biometric profile standards facilitate implementations of the base standards (e.g. the ISO/IEC JTC 1/SC 37 biometric data interchange format and biometric inter
37、face standards, and possibly non-biometric standards) for defined applications. These profile standards define the functions of an application (e.g. physical access control for employees at airports) and then specify use of options in the base standards to ensure biometric interoperability. 1) Open
38、systems are built on standards-based, publicly defined data formats, interfaces, and protocols to facilitate data interchange and interoperability with other systems, which may include components of different design or manufacture. A closed system may also be built on publicly defined standards, and
39、 may include components of different design or manufacture, but inherently has no requirement for data interchange and interoperability with any other system. SANS 24713-2:2009This standard may only be used and printed by approved subscription and freemailing clients of the SABS.INTERNATIONAL STANDA
40、RD ISO/IEC 24713-2:2008(E) ISO/IEC 2008 All rights reserved 1 Information technology Biometric profiles for interoperability and data interchange Part 2: Physical access control for employees at airports 1 Scope This part of ISO/IEC 24713 specifies the biometric profile including necessary parameter
41、s and interfaces between function modules (i.e. BioAPI based modules and an external interface) in support of token-based biometric identification and verification of employees, at local access points (i.e. doors or other controlled entrances) and across local boundaries within the defined area of c
42、ontrol in an airport. The token is expected to contain one or more biometric references. This part of ISO/IEC 24713 does not specify a complete Access Control System for deployment at access points within the secure area of an airport. It is assumed that such systems exist and that a biometric compo
43、nent that is the subject of this part of ISO/IEC 24713 is being added to an existing system. It therefore excludes such things as device features, and exception and incident reporting and handling. This information is contained in Annex C for information only. This part of ISO/IEC 24713 includes rec
44、ommended practices for enrolment, watch list checking, duplicate issuance prevention, and verification of the identity of employees at airports. It also describes architectures and business processes appropriate to the support of token-based identity management in the secure environment of an airpor
45、t. It is recommended that the confidentiality, integrity, and availability of biometric data be safeguarded in accordance with local, regional, or national policy considerations. This part of ISO/IEC 24713 does not preclude users building applications based on this part of ISO/IEC 24713 from being a
46、ble to meet such privacy/data protection requirements as may apply to their application. The specification of privacy/data protection requirements that may apply is outside the scope of this part of ISO/IEC 24713. 2 Conformance A system conforms to this part of ISO/IEC 24713 if it correctly performs
47、 all the mandatory capabilities defined in the requirements list and supplies the profile specific Implementation Conformance Statement (ICS) in Annex A. Note that more capabilities may be required than in the base standards. SANS 24713-2:2009This standard may only be used and printed by approved su
48、bscription and freemailing clients of the SABS.ISO/IEC 24713-2:2008(E) 2 ISO/IEC 2008 All rights reserved3 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the
49、 latest edition of the referenced document (including any amendments) applies. ISO/IEC 19784-1:2006, Information technology Biometric application programming interface Part 1: BioAPI specification ISO/IEC 19785-1:2006, Information technology Common Biometric Exchange Formats Framework Part 1: Data element specification ISO/IEC 19785-3:2007, Information technology Common Biometric Exchange Formats Framework Part 3: Patron format specifications ISO/IEC 19794-2:2005, Information technology Biometric da
