1、 American National Standard for Financial Services ANSI X9.84-2010 (R2017) Biometric Information Management and Security for the Financial Services Industry Accredited Standards Committee X9, Incorporated Financial Industry Standards Date Approved: March 31, 2010 Date Reaffirmed: February 14, 2017 A
2、merican National Standards Institute American National Standards, Technical Reports and Guides developed through the Accredited Standards Committee X9, Inc., are copyrighted. Copying these documents for personal or commercial use outside X9 membership agreements is prohibited without express written
3、 permission of the Accredited Standards Committee X9, Inc. For additional information please contact ASC X9, Inc., 275 West Street, Suite 107, Annapolis, MD 21401. NOTE: Only a document which is an American National Standard may use the special logos and may use the moniker “American National Standa
4、rd”. If this is a DSTU, simply state it as such. ANSI X9.84-2010 (R2017) ii 2017 ASC X9, Inc. All rights reserved Foreword Approval of an American National Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the st
5、andards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review, directly and materially affected interests have reached substantial agreement. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that
6、 all views and objections be considered, and that a concerted effort be made toward their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturing, marketing, p
7、urchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to
8、 issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard ma
9、y be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken to reaffirm, revise, or withdraw this standard no later than five years from the date of approval. Published by Accredited Standards Committee X9, Incorporated Financial In
10、dustry Standards 275 West Street, Suite 107 Annapolis, MD 21401 www.x9.org Copyright 2017 by Accredited Standards Committee X9, Incorporated All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permissio
11、n of the publisher. Printed in the United States of America ANSI X9.84-2010 (R2017) 2017 ASC X9, Inc. All rights reserved iii Contents Page 1 Scope 17 2 Conformance . 17 3 Normative References 18 4 Terms and Definitions . 19 5 Symbols and Abbreviated Terms 24 6 Biometric Technology Overview . 26 6.1
12、 Basics 26 6.2 Fingerprint Biometrics . 26 6.3 Voice Biometrics . 27 6.4 Iris Biometrics 27 6.5 Retina Biometrics 28 6.6 Face Biometrics 28 6.7 Hand Geometry Biometrics . 28 6.8 Signature Biometrics . 29 6.9 Technology Considerations 29 6.9.1 Biometric System Properties . 29 6.9.2 Universality 29 6.
13、9.3 Distinctiveness 30 6.9.4 Accuracy . 30 6.9.5 Performance Evaluation 32 7 Basic Principles of Biometric Architectures 34 7.1 Major Components 34 7.2 Data Collection Subsystem . 35 7.3 Transmission Subsystem 36 7.4 Signal Processing Subsystem 36 7.5 Matching Subsystem . 37 7.6 Decision Subsystem .
14、 38 7.7 Storage Subsystem . 38 8 Management and Security Requirements 39 8.1 Applications . 39 8.2 Core Security Requirements . 39 8.3 Enrollment . 39 8.3.1 Initial Enrollment 40 8.3.2 Re-enrollment 41 8.4 Verification 41 8.5 Identification 43 8.6 Transmission and Storage 44 8.6.1 Transmission . 44
15、8.6.2 Central Data Base . 44 8.6.3 Tokens 45 8.7 Termination and Archive . 45 8.7.1 Termination . 45 8.7.2 Archiving . 46 8.8 Compliance and the Event Journal . 46 9 Techniques 47 9.1 Extending Biometric Template Information . 47 9.1.1 Biometric Template Attributes . 47 9.1.2 Required Attribute Supp
16、ort . 48 9.1.3 Recommended Attribute Support 52 9.1.4 Compact Template Attributes . 56 ANSI X9.84-2010 (R2017) iv 2017 ASC X9, Inc. All rights reserved 9.2 Cryptographic Techniques 58 9.2.1 Security Architecture . 58 9.2.2 Key Management 59 9.2.3 Digital Signatures 60 9.2.4 Encryption for Purposes o
17、f Privacy . 60 9.3 Physical Techniques 61 9.3.1 Protection Mechanisms . 61 9.3.2 Types of Attack 61 9.3.3 Risk Analysis . 61 Annex A (normative) Biometric Information Schema 63 A.1 Introduction 63 A.1.1 Transfer Formats . 63 A.1.2 XML Namespace . 63 A.2 Biometric Schema . 64 A.3 Information Object I
18、dentifiers 69 A.4 Biometric Event Journal Schema 71 A.5 Compact Template Attributes 74 Annex B (Normative) Security Requirements for Biometric Devices 77 B.1 Physical Security . 77 B.2 General Physical Security Requirements 77 B.3 Security Levels 78 B.3.1 Security Level 1 . 78 B.3.2 Security Level 2
19、 . 78 B.3.3 Security Level 3 . 78 Annex C (Normative) Event Journal . 80 C.1 Management Requirements 80 C.2 Content Requirements 81 C.2.1 Enrollment . 81 C.2.2 Verification and Identification 81 C.2.3 Termination 81 C.2.4 Transmission and Storage 82 Annex D (Normative) Biometric Matching Decision Co
20、ntrol 84 D.1 Policy Based Matching Decisions . 84 D.2 Decision Control Protocol 84 Annex E (Normative) Biometric Event Information Management 85 E.1 Biometric Event Journal 85 E.1.1 Event Record Signature Creation 86 E.1.2 Event Record Signature Verification . 86 E.2 Event Journal Records 86 E.2.1 R
21、ecord Types 86 E.2.2 Common Elements 87 E.3 Event Types . 87 E.3.1 Enrollment Event . 87 E.3.2 Enrollment Failure Event . 88 E.3.3 Authentication Events 89 E.3.4 Verification Failure Event 90 E.3.5 Identification Failure Event 90 E.3.6 Termination Event . 91 E.3.7 Addition Event . 91 E.3.8 Deletion
22、Event . 91 E.3.9 Modification Event . 92 E.3.10 Injection Event . 92 E.3.11 Summary Record . 93 E.3.12 Archive Event 93 E.3.13 Event Journal Protection . 94 Annex F (Normative) Biometric Validation Control Objectives . 95 ANSI X9.84-2010 (R2017) 2017 ASC X9, Inc. All rights reserved v F.1 Introducti
23、on . 95 F.2 Environmental Controls . 96 F.2.1 Security Policy. 96 F.2.2 Security Organization 97 F.2.3 Asset Classification and Management 97 F.2.4 Personnel Security 98 F.2.5 Physical and Environmental Security . 98 F.2.6 Operations Management 99 F.2.7 System Access Management . 100 F.2.8 Systems D
24、evelopment and Maintenance . 101 F.2.9 Business Continuity Management 102 F.2.10 Monitoring and Compliance 103 F.2.11 Event Journaling . 104 F.3 Key Management Life Cycle Controls 106 F.3.1 Key Generation . 106 F.3.2 Key Distribution . 106 F.3.3 Key Loading/Insertion . 107 F.3.4 Key Storage 107 F.3.
25、5 Key Usage . 108 F.3.6 Key Renewal . 108 F.3.7 Key Backup and Recovery 108 F.3.8 Key Archival 108 F.3.9 Key Revocation and Destruction. 109 F.3.10 Cryptographic Device Life Cycle Controls 109 F.4 Biometric Information Life Cycle Controls . 111 F.4.1 Enrollment . 111 F.4.2 Template Life Cycle 112 F.
26、4.3 Verification and Identification Process Controls . 113 F.4.4 Biometric Device Life Cycle Controls 114 F.4.5 Integrated Circuit Card (ICC) Life Cycle Controls . 116 Annex G (Normative) ISO 8583 Messages 119 G.1 Background . 119 G.2 Biometric Authentication . 120 G.2.1 Authentication Request . 120
27、 G.2.2 Authentication Response 120 G.3 Composite Data Elements 122 G.3.1 Structure 122 G.3.2 Dataset Identifiers . 122 G.3.3 Dataset Length 123 G.3.4 Dataset Bit Maps (DBM) . 123 G.3.5 Sub-elements 123 G.4 Data Elements. 124 G.4.1 Data Element Directory . 124 G.4.2 Verification Data (bit 49) . 124 G
28、.5 Message Protocol . 125 G.5.1 General . 125 G.5.2 Mandatory and Conditional Data Elements 125 G.6 Verification Messages . 126 G.6.1 Verification Description . 126 G.6.2 Verification Message Rules 126 G.6.3 Verification Message Type Identifiers . 127 G.6.4 Verification Mandatory and Conditional Dat
29、a Elements . 127 G.6.5 Verification Message Flows 129 G.7 Code Listings 129 G.7.1 Composite Data Element Dataset Identifier Allocations . 129 G.7.2 Function Codes (bit 24) . 129 G.7.3 Address Verification Result Codes (bits 49-72) 130 G.8 Data Elements In Bit Number Order . 131 ANSI X9.84-2010 (R201
30、7) vi 2017 ASC X9, Inc. All rights reserved Annex H (Informative) Data Flow Diagrams . 133 H.1 Local Process, Remote Match 133 H.2 Remote Process, Remote Match 133 H.3 Optional Adaptation . 133 H.4 Local Enrollment, Store Raw Biometric Data 134 H.5 Local Enrollment, Store Processed Biometric Data 13
31、4 H.6 Optional Distribution of Templates 134 H.7 Optional Distribution to Token . 134 H.8 Remote Enrollment, Store Raw Biometric Data 134 H.9 Remote Enrollment, Store Processed Biometric Data 134 H.10 Remote Enrollment, Process and Store Biometric Data . 134 H.11 Token-based Verification . 135 H.12
32、Optional Token-based Adaptation . 135 H.13 Personal Authentication, Self-contained System 135 Annex I (Informative) Biometric Enrollment 136 I.1 Identification Criteria for an Individual . 136 I.2 Quality Check and Verification of Matchability 137 Annex J (Informative) Security Considerations . 138
33、J.1 Registration of Individual Using False Identity 138 J.2 Fraud Susceptibility within Data Collection “Synthetic Attack” 138 J.3 Protection of the Data 139 J.3.1 Injection of False/Replayed Biometric Data 139 J.3.2 Search for Match Between Chosen Sample And Templates 140 J.3.3 Search for Match Bet
34、ween Pairs Of Templates 140 J.4 Modification of Verification Result . 141 J.5 False Match versus False Non-Match . 141 J.5.1 Improper Threshold Settings . 143 J.5.2 Improper Device Calibration 143 J.5.3 Illicit Device or System Performance . 143 J.6 Scores and Thresholds . 143 J.6.1 Hillclimbing Att
35、ack . 143 J.6.2 Update and Adaptation 144 J.7 Single versus Multi-Factor Authentication . 145 J.8 Testing . 146 J.9 Open versus Closed Systems . 147 J.10 Compromise/Loss of Biometric Data . 149 J.11 Data Compression . 149 J.12 System Circumvention 149 Annex K (Informative) Public Acceptance and Poli
36、cy Considerations 150 Annex L (Informative) Comparison of Other Biometric Standards . 151 L.1 Overview 151 L.2 Organizations 151 L.2.1 ISO 152 L.2.2 JTC1 152 L.2.3 ANSI 153 L.2.4 ASC X9 153 L.2.5 INCITS . 154 L.2.6 IETF . 155 L.2.7 OASIS 155 L.2.8 BioAPI 156 L.2.9 Biometric Consortium 156 L.2.10 NIS
37、T 156 L.3 Biometric Applications . 157 L.4 Security Requirements 159 L.5 Biometric Security 159 L.6 Validation Control Objectives 160 ANSI X9.84-2010 (R2017) 2017 ASC X9, Inc. All rights reserved vii L.7 Security and Interoperability . 161 Annex M (Informative) Business Cases 163 M.1 Cash Desks, Dra
38、wers, and Safes . 163 M.2 Check Fraud Detection . 163 M.3 Check Fraud Prevention . 164 M.4 Branch Crime Prevention 164 M.5 Credit Card Activation . 164 M.6 Cardless ATM and POS 164 Bibliography . 166 List of Figures Figure 1 Major Components of a Generalized Biometric Architecture 35 Figure 2 Enviro
39、nmental Context for a Biometric System . 35 Figure 3 Enrollment Model 40 Figure 4 Verification Model 42 Figure 5 Identification Model . 43 Figure 6 Distribution Model 44 Figure 7 Token Verification Model . 45 Figure 8 Security Architectures . 58 Figure G. 1 Dataset identifiers 01- 70 . 123 Figure G.
40、 2 Dataset identifiers 71- FE 123 Figure G. 3 Verification message flow . 129 Figure L. 1- Standards Organizations 151 Figure L. 2- BioAPI Specification . 158 Figure L. 3 Biometric Object 160 Figure L. 4- Biometric Architecture 161 List of Tables Table G. 1 Biometric verification request . 120 Table
41、 G. 2 Biometric identification request 120 Table G. 3 Example biometric authentication request . 120 Table G. 4 Response code 121 Table G. 5 Identification response with data 121 Table G. 6 Biometric authentication result codes 121 Table G. 7 Data element directory . 124 Table G. 8 Verification requ
42、est data 124 Table G. 9 Verification results data 125 Table G. 10 Data element condition codes 126 Table G. 11 Verification message type identifiers . 127 Table G. 12 Verification mandatory and conditional data elements 127 Table G. 13 Composite dataset identifier allocations 129 Table G. 14 Functio
43、n codes . 129 Table G. 15 Address verification result codes . 131 Table G. 16 Data elements in bit number order . 131 Table J.1 Closed versus Open Systems . 148 ANSI X9.84-2010 (R2017) viii 2017 ASC X9, Inc. All rights reserved Introduction Business practice has changed with the introduction of comp
44、uter-based technologies. The substitution of electronic transactions for their paper-based predecessors has reduced costs and improved efficiency. Trillions of dollars in funds and securities are transferred daily by telephone, wire services, and other electronic communication mechanisms. The high v
45、alue or sheer volume of such transactions within an open environment exposes the financial community and its customers to potentially severe risks from accidental or deliberate alteration, substitution or destruction of data. Interconnected networks, and the increased number and sophistication of ma
46、licious adversaries compound this risk. The inevitable advent of electronic communications across uncontrolled public networks, such as the Internet, is also increasing risk to the financial industry. The necessity to expand business operations onto these environments has elevated the awareness for
47、strong identification and authentication and created the need for alternate forms of identification and authentication. The financial community is responding to these needs. Biometrics, the “something you are” identity factor, has come of age, and includes such technologies as finger image, voice id
48、entification, eye scan, facial image, and the like. The cost of biometric technology has been decreasing while the reliability has been increasing, and both are now acceptable and viable for the financial industry. This Standard, ANSI X9.84-2010, Biometrics Management and Security, describes the cry
49、ptographic requirements, techniques, protocols and syntax for storage and transfer of biometric information, and for using biometrics as an identification mechanism and authentication mechanism for secure remote electronic access or local physical access controls for the financial services, or other industries. Biometrics can be used for human identification and authentication for physical and logical access. Logical access can include access to applications, services, or entitlements. This standard promotes the integration of biometrics int
