1、Guidance for biometric enrolment Directives pour linscription biomtrique TECHNICAL REPORT ISO/IEC TR 29196 First edition 2015-08-15 Reference number ISO/IEC TR 29196:2015(E) ISO/IEC 2015 ii ISO/IEC 2015 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2015, Published in Switzerland All right
2、s reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from eit
3、her ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC TR 29196:2015(E) ISO/IEC TR 29196:2015(E)Foreword v I
4、ntroduction vi 1 Scope . 1 2 T erms and definitions . 1 3 Abbreviated terms 2 4 Role of Enrolment in a Biometric System . 3 5 Stakeholders and approaches for enrolment . 5 5.1 Enrolment Stakeholders . 5 5.2 Enrolment Approaches 8 6 Key Stakeholder perspectives. 9 6.1 Summary of key observations 9 6.
5、2 Meeting the requirements of Stakeholders .10 6.2.1 Supporting the interests of the Subject .10 6.2.2 Information provided to the Applicant11 6.2.3 Legal implications of the enrolment service .11 6.2.4 Issues related to inclusivity .12 6.2.5 Usability 12 6.2.6 Usability aspects Effectiveness 12 6.2
6、7 Usability aspects Efficiency 12 6.2.8 Usability aspects Satisfaction with the enrolment process 12 6.2.9 Supporting the interests of the Enrolment Authority.13 6.2.10 Establishing the legal framework for enrolment 13 6.2.11 Independent review of the operation of the Service .14 6.2.12 Metrics of
7、a successful biometric enrolment .14 6.2.13 Failure to Enrol and related failure rates .15 6.2.14 Analysis of enrolment failures 16 6.2.15 Analysis of poor quality enrolments 18 6.2.16 Strategy for corrective actions 19 6.2.17 Use of data for research 19 6.2.18 End-of-contract or contract reassignme
8、nt actions19 6.2.19 Supporting the interests of the Operator of the enrolment service .19 6.2.20 Development and maintenance of training programmes for personnel 20 6.2.21 System performance monitoring and correction actions 21 6.2.22 Service Improvement Actions .21 6.2.24 Participation in end-of-se
9、rvice or contract reassignment activities 22 6.2.25 Supporting the interests of Relying Parties .22 6.2.26 System Design and Developers perspective.23 6.2.27 Pre-enrolment and scheduling processes .23 6.2.28 Confirmation of the biographic identity of the Applicant .24 6.2.29 Requirements of the veri
10、fication system(s) which will depend on this enrolment .24 6.2.30 Selection of enrolment system 24 6.2.31 Physical design of the enrolment environment .24 6.2.32 Interfacing with the Applicant 24 6.2.33 Appropriate training of the Enrolment Officer and Attendants .25 6.2.34 Support Staff Training 25
11、 6.2.35 Security .25 6.2.36 Number of attempts at collection of a biometric feature or maximum duration of collection time before timeout 26 6.2.37 Exception handling: enrolment and/or registration procedure for secure and effective fallback .26 6.2.38 Post enrolment verification session .27 ISO/IEC
12、 2015 All rights reserved iii Contents Page ISO/IEC TR 29196:2015(E)6.2.39 System maintenance procedures 27 6.2.40 Token production and secure delivery 27 6.2.41 System performance monitoring 27 6.2.42 Effective system level performance through testing and piloting 28 6.3 Regulators perspective 28 6
13、3.1 Regulation .28 6.3.2 Completeness of the governance processes 28 6.3.3 Integrity of the logging and audit processes .28 6.4 Auditors perspective 29 7 Process for the development of biometric enrolment capability .29 7.1 General 29 7.2 Architectural considerations in enrolment station design 29
14、7.3 System definition .30 8 Guidanc e r elating t o specific modalities 30 8.1 General 30 8.2 Facial Biometrics 31 8.3 Fingerprint biometric systems .32 8.3.1 General.32 8.3.2 Fingerprint image optimization 33 8.3.3 Single finger systems .33 8.3.4 Tenprint systems 34 8.4 Vascular (Vein) authenticati
15、on systems .36 8.4.1 General.36 8.4.2 Palm vein technology 36 8.4.3 Finger Vein technology 37 9 Guidance relating to enrolment for mobile biometric applications 37 9.1 Best practice guidelines .37 9.2 Fingerprint systems .38 9.3 Facial image Systems 39 9.4 Iris systems .40 Annex A (informative) Chec
16、klist of Activities related to biometric enrolment .42 Bibliography .46 iv ISO/IEC 2015 All rights reserved ISO/IEC TR 29196:2015(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide sta
17、ndardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields
18、of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this docu
19、ment and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, P
20、art 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the develo
21、pment of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO
22、specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT), see the following URL: Foreword Supplementary information. The committee responsible for this document is ISO/IEC JTC 1, Inform
23、ation technology, Subcommitee SC 37, Biometrics. ISO/IEC 2015 All rights reserved v ISO/IEC TR 29196:2015(E) Introduction One of the most important contributions to a successful biometric-based recognition system is a consistent enrolment service that generates the biometric data required for subseq
24、uent recognition of individuals. Subsequent verifications or identifications will be compared with the biometric data collected at enrolment. If the quality of capture at enrolment is not maintained consistently, the operators of a recognition system which depends on a good enrolment are likely to e
25、xperience unreliable performance. For those who are enrolled in a verification system, a poor quality enrolment will result in inconvenience should they fail to be recognized. (Readers of this report should note that quality has a specific meaning when applied to biometric systems; a high quality ca
26、pture is one that results in biometric data that provides good match scores when compared with other high quality images from the same biometric feature.) By analysing the requirements for a good enrolment from the perspectives of a range of stakeholders, it is possible to derive a set of principles
27、 to guide the development of a biometric enrolment policy and the deployment of a service. Where enrolment is outsourced to a third party, it is extremely important to be able to measure quality metrics rather than quantity metrics, since the technical and business objectives of the two organisation
28、s (the Relying Party and the Enrolment Authority as defined in this document) may, in general, not be aligned. Although the recommendations and guidelines in this report are directed in the main at the parties responsible for the enrolment itself and for management of the enrolment service (noting t
29、hat these two entities may be one and the same), they will also be of value to the designers and developers of enrolment systems.vi ISO/IEC 2015 All rights reserved Guidance for biometric enrolment 1 Scope This report consolidates information relating to successful, secure and usable implementation
30、of biometric enrolment processes, while indicating areas of uncertainty that organisations proposing to use biometric technologies will need to address during procurement, design, deployment and operation. Much of the information is generic to many types of application e.g. from national scale comme
31、rcial and government applications, through to closed user group systems for in-house operations, and to consumer applications where convenience rather than security is the primary driver for adoption of biometric technologies. The report points out the differences in operation relating to specific t
32、ypes of application, e.g. where self-enrolment is more appropriate than attended operation. This report will focus in the main on fixed location enrolments at a number of sites in an organization, where there is an attendant who supports the biometric applicant in effecting a successful enrolment, a
33、nd where enrolment is a mandatory requirement. In summary, this report consolidates information relating to better practice implementation of biometric enrolment capability in various business contexts including considerations of legislation, policy, process, function (system) and technology. The re
34、port provides guidance as to the collection and storage of biometric enrolment data and the impact on dependent processes of verification and identification. This report will not aim to include material specific to forensic and law enforcement applications. The recommendations contained in the repor
35、t are not mandatory. 2 T erms a nd definiti ons For the purposes of this document, the terms and definitions given in ISO/IEC 2382-37 and the following apply. 2.1 biometric applicant individual seeking to be enrolled in a biometric enrolment database 2.2 designers and developers organization or indi
36、viduals responsible for the design, development, (and deployment, if applicable) of the enrolment system 2.3 d ut y o f f i c er individual acting on behalf of either the enrolment authority or operator either present in the vicinity of one or more enrolment stations, or available on line or by tele
37、phone, trained to provide advice and guidance to an enrolment officer in case of difficulty Note 1 to entry: The duty officer may also have a role in determining exception handling routines. 2.4 enrolment authority organisation (or other entity) with legal and contractual responsibilities for the co
38、mpletion of enrolment processes TECHNICAL REPORT ISO/IEC TR 29196:2015(E) ISO/IEC 2015 All rights reserved 1 ISO/IEC TR 29196:2015(E) 2.5 e n r o l m en t o f f i c er agent of the operator responsible for the secure and effective enrolment service at one or more enrolment points 2.6 identity provid
39、er entity storing and managing the biometric data obtained directly or indirectly from the biometric enrolment 2.7 operator organization (or other entity) responsible for delivering the enrolment service on behalf of the enrolment authority 2.8 performance manager person responsible for managing the
40、 enrolment service to ensure it meets its specified enrolment performance criteria Note 1 to entry: This will typically include actions such as monitoring enrolment performance (quality as well as quantity metrics), applying corrective measures where necessary and reporting enrolment performance ach
41、ievement to the enrolment authority. 2.9 personal assistant individual accompanying the biometric applicant at the enrolment session for one or more purposes Note 1 to entry: Such purposes might include: translation of instructions from the enrolment officer into the native language of the applicant
42、 support for a disabled applicant to enable the applicant to undertake an enrolment successfully; to fulfil a legal requirement such as a parent present at the enrolment of a child. 2.10 relying party entity operating a biometrically-enabled application for which the enrolment process provides biom
43、etric references 2.11 specialist support staff trained attendant(s) present at the enrolment session on behalf of the enrolment authority or operator to assist with the enrolment of applicants with disabilities, or to fulfil service or legal requirements in respect of gender, religious observance, o
44、r age of the applicant 2.12 vendor entity providing hardware and/or software biometric functionality 3 Abbreviated terms KPI Key Performance Indicator. A metric quantifying one or more aspects of the successful operation of a process NFIQ NIST Fingerprint Image Quality SLA Service Level Agreement. A
45、n agreement between a service provider and a customer defining a target level of service, mutual responsibilities of service provider and customer, together with other requirements for the delivery of a service2 ISO/IEC 2015 All rights reserved ISO/IEC TR 29196:2015(E) 4 Role of Enrolment in a Biome
46、tric System Given the variety of applications and technologies, it might seem difficult to draw any generalizations about biometric systems. All such systems, however, have many elements in common. Captured biometric samples are acquired from a subject by a sensor. The sensor output is sent to a pro
47、cessor that extracts the distinctive but repeatable measures of the sample (the biometric features), discarding all other components. The resulting features can be stored in the biometric enrolment database as a biometric reference or (in this case) a biometric template. In other cases the sample it
48、self (without feature extraction) may be stored as the reference. A subsequent probe biometric sample can be compared to a specific reference, to many references or to all references already in the database to determine if there is a match. A decision regarding the biometric claim is made based upon
49、 the similarities or dissimilarities between the features of the biometric probe and those of the reference or references compared. Figure 1 Components of general biometric system Figure 1 (which is functional in nature and has no implications for physical location) illustrates the information flow within a general biometric system, showing a general biometric system consisting of data capture, signal processing, data storage, comparison and decision subsystems. This diagram illustrates both enrolment, a
