1、BSI Standards Publication BS ISO/IEC 18584:2015 Information technology Identification cards Conformance test requirements for on-card biometric comparison applicationsBS ISO/IEC 18584:2015 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 18584:2015. The UK
2、 participation in its preparation was entrusted to Technical Committee IST/17, Cards and personal identification. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract
3、. Users are responsible for its correct application. The British Standards Institution 2015. Published by BSI Standards Limited 2015 ISBN 978 0 580 82367 1 ICS 35.240.15 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the au
4、thority of the Standards Policy and Strategy Committee on 30 November 2015. Amendments/corrigenda issued since publication Date T e x t a f f e c t e dBS ISO/IEC 18584:2015 Information technology Identification cards Conformance test requirements for on-card biometric comparison applications Technol
5、ogies de linformation Cartes didentification Exigences relatives aux essais de conformit pour les applications de comparaison biomtrique sur carte INTERNATIONAL STANDARD ISO/IEC 18584 Reference number ISO/IEC 18584:2015(E) First edition 2015-11-15 ISO/IEC 2015 BS ISO/IEC 18584:2015ii ISO/IEC 2015 Al
6、l rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2015, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the
7、internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 0
8、9 47 copyrightiso.org www.iso.org ISO/IEC 18584:2015(E)BS ISO/IEC 18584:2015ISO/IEC 18584:2015(E)Foreword iv Introduction v 1 Scope . 1 2 Normative references 1 3 Terms and definitions . 2 4 Abbreviated terms 4 5 Test Methodology . 5 5.1 Test assertion . 5 5.2 Test criteria 5 6 Conformance test requ
9、irements related to data for on-card comparison .5 6.1 Biometric reference object handling 5 6.2 Configuration data (biometric verification) 5 6.2.1 Data objects for configuration data elements . 5 6.2.2 Biometric comparison algorithm parameters 6 6.2.3 Biometric product identifier 8 6.3 Sharable In
10、terface for multiple applications . 8 6.3.1 File control parameter 8 6.3.2 Access rules 8 6.4 Retry counter management . 8 7 Conformance test requirements for standard processes for on-card biometric comparison 9 7.1 Standard Processes . 9 7.1.1 Application identifier (AID) for on-card biometric com
11、parison 9 7.1.2 Read biometric reference data . 9 7.1.3 Enrolment 9 7.1.4 Verification 9 7.1.5 Termination of on-card comparison application . 9 7.2 Comparison process and result output .10 7.2.1 Comparison process and result 10 8 Conformance test requirements for work-sharing mechanism using WSR pr
12、otocol 10 8.1 Biometric reference for work-sharing mechanism.10 8.2 Command and response bytes for work-sharing .10 8.3 Work-sharing management 11 8.3.1 Unique Identifier .11 8.3.2 Work-sharing procedure discovery 11 8.3.3 Work-sharing procedure operation 11 9 Conformance test requirements s for sec
13、urity policies for on-card biometric comparison .12 9.1 Common security policies (CSP) for on-card biometric comparison .12 9.2 Security policies (SP1) for global comparison configuration data12 9.3 Security policies (SP2) for local comparison configuration data .13 Annex A (normative) Checklist for
14、 Biometric Data Template for Working-Sharing Mechanism .15 Annex B (informative) Testing framework 16 ISO/IEC 2015 All rights reserved iii Contents PageBS ISO/IEC 18584:2015ISO/IEC 18584:2015(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechn
15、ical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical act
16、ivity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical comm
17、ittee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in ac
18、cordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rig
19、hts. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not consti
20、tute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT), see the following URL: Foreword Supplementary information. The co
21、mmittee responsible for this document is ISO/IEC JTC1, Information technology, Subcommittee SC 17, Cards and personal identification.iv ISO/IEC 2015 All rights reservedBS ISO/IEC 18584:2015ISO/IEC 18584:2015(E) Introduction On-card biometric comparison provides a more secure biometric authentication
22、 in that the comparison is executed inside the ICC and the biometric reference is never be revealed outside the ICC. ISO/IEC 24787:2010 specifies a set of requirements for implementing biometric comparison inside the ICC. An ICC application that is claimed to be conformant to ISO/IEC 24787:2010, sho
23、uld fulfil a set of requirements that are stated in this International Standard. The requirements established are for both, the ICCs that fully process the on-card biometric comparison, and those using the work-sharing mechanism, as specified in ISO/IEC 24787:2010. ISO/IEC 2015 All rights reserved v
24、BS ISO/IEC 18584:2015BS ISO/IEC 18584:2015Information technology Identification cards Conformance test requirements for on-card biometric comparison applications 1 Scope This International Standard establishes conformance test requirements for using general framework for on-card comparison applicati
25、ons, conformance test requirements for using work-sharing mechanism for on-card comparison applications, and conformance test requirements to check accomplishment of security policies for on-card biometric comparison that are specified in ISO/IEC 24787:2010. This International Standard only covers t
26、he testing of APDU command and response pairs involved for the ICC that has the capability to perform on-card biometric comparison based on ISO/IEC 24787:2010. Measuring the performance of on-card biometric comparison algorithms in terms of error rates is not within the scope of this International S
27、tandard. 2 Normative references ISO/IEC 7816-3, Identification cards Integrated circuit cards Part 3: Cards with contacts Electrical interface and transmission protocols ISO/IEC 7816-4:2013, Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange ISO
28、/IEC 7816-11:2004, Identification cards Integrated circuit cards Part 11: Personal verification through biometric methods ISO/IEC 7816-15, Identification cards Integrated circuit cards Part 15: Cryptographic information application ISO/IEC 19785-1, Information technology Common Biometric Exchange Fo
29、rmats Framework Part 1: Data element specification ISO/IEC 19785-2, Information technology Common Biometric Exchange Formats Framework Part 2: Procedures for the operation of the Biometric Registration Authority ISO/IEC 19785-3:2007, Information technology Common Biometric Exchange Formats Framework
30、 Part 3: Patron format specifications ISO/IEC 19794 (all parts), Information technology Biometric data interchange formats ISO/IEC 24761:2009, Information technology Security techniques Authentication context for biometrics ISO/IEC 24787:2010, Information technology Identification cards On-card biom
31、etric comparison ISO/IEC 29794-1:2009, Information technology Biometric sample quality Part 1: Framework INTERNATIONAL ST ANDARD ISO/IEC 18584:2015(E) ISO/IEC 2015 All rights reserved 1BS ISO/IEC 18584:2015ISO/IEC 18584:2015(E) 3 Terms and definitions For the purposes of this document, the following
32、 terms and definitions apply. 3.1 auxiliary data data that is dependent on biometric modality and related to the biometric reference but does not include the biometric reference or a biometric sample EXAMPLE Data such as orientation, scaling, etc. 3.2 biometric (adj.) of or having to do with biometr
33、ics Note 1 to entry: “biometric” should never be used as a noun. Note 2 to entry: This definition is derived from SC37 SD2 Harmonized biometric vocabulary. 3.3 biometrics automated recognition of individuals based on their behavioral and biological characteristics Note 1 to entry: This definition is
34、 derived from SC37 SD2 Harmonized biometric vocabulary. 3.4 biometric claim claim that a biometric capture subject is the bodily source of a specified biometric reference 3.5 biometric data biometric sample or aggregations of biometric samples at any stage of processing, biometric reference, biometr
35、ic feature or biometric property Note 1 to entry: This definition is derived from SC37 SD2 Harmonized biometric vocabulary. 3.6 biometric data format structure for representing biometric data 3.7 biometric Information Template descriptive information regarding the associated biometric data Note 1 to
36、 entry: This definition is derived from ISO/IEC 7816-11:2004. 3.8 biometric product identifier unique identifier registered with the registration authority in accordance with ISO/IEC 19785-1 3.9 biometric property descriptive attributes of the biometric data subject estimated or derived from the bio
37、metric sample by automated means Note 1 to entry: This definition is derived from SC37 SD2 Harmonized biometric vocabulary. 3.10 biometric reference one or more stored biometric samples, biometric templates or biometric models attributed to a biometric data subject and used for comparison Note 1 to
38、entry: This definition is derived from SC37 SD2 Harmonized biometric vocabulary.2 ISO/IEC 2015 All rights reservedBS ISO/IEC 18584:2015ISO/IEC 18584:2015(E) 3.11 biometric verification system system that aims to perform the process of confirming a biometric claim 3.12 client application software exe
39、cuted in the biometric sample acquisition terminal to process a request for comparison that uses the decision obtained from the on-card comparison process 3.13 installation writing of the required parameters into the non-volatile memory inside the ICC by the card OS executing the installation proced
40、ure after the application has been uploaded to the ICC 3.14 integrated circuit(s) cards interface devices requirements and specifications for USB devices that interface with Integrated Circuit(s) Cards or act as interfaces with Integrated Circuit(s) Cards Note 1 to entry: This definition is derived
41、from USB Implementers Forum. 3.15 on-card comparison performing comparison and decision making on an IC card where the biometric reference data is retained on-card in order to enhance security and privacy 3.16 off-card comparison biometric comparison performed outside the card by the biometric verif
42、ication system against the biometric reference data stored on the card 3.17 pre-comparison computation computation procedure executed outside the ICC that requires the (open) on-card auxiliary data to compute meta-data that can be used to speed up the subsequent on-card biometric data comparison pro
43、cess 3.18 work-sharing splitting the work load of computation of the pre-comparison process between the card and the biometric interfacing device Note 1 to entry: Work-sharing on-card comparison is one type of on-card comparison. 3.19 system-on-card complete biometric verification system on a card,
44、including data acquisition, processing and comparison Note 1 to entry: System-on-card comparison is one type of on-card comparison 3.20 zeroize data electronically stored data that have been degaussed, erased, or over-written device Note 1 to entry: This definition is derived from ANSI X9.17 Financi
45、al Institution Key Management (Wholesale). ISO/IEC 2015 All rights reserved 3BS ISO/IEC 18584:2015ISO/IEC 18584:2015(E) 4 Abbreviated terms AID application identifier ADF application dedicated file APDU application protocol data unit API application programme interface AUT authenticate BER basic enc
46、oding rules BIT biometric information template CCID Integrated Circuit(s) Cards Interface Devices CRT control reference template CPU central processing unit DF dedicated file DF.CIA dedicated file, cryptographic information application EF elementary file FCI file control information FCP file control
47、 parameter FMR false match rate FNMR false non-match rate ICC integrated circuit card IFD interface device MAC message authentication code MSE manage security environment OID object Identifier OS operating system RFU reserved for future use SW1-SW2 status bytes TLV tag length value UQ usage qualifie
48、r USB Universal Serial Bus WSCP work-sharing computation protocol WSR work-sharing request4 ISO/IEC 2015 All rights reservedBS ISO/IEC 18584:2015ISO/IEC 18584:2015(E) 5 Test Methodology 5.1 Test assertion Test assertion is a function to check a given parameter whether can meet the requirement of spe
49、cification. If the parameter cannot satisfy the criteria of the original specification, the assertion function shall return a negative condition (e.g. Boolean false) indicating “assertion failed” with specific error message. Otherwise, the assertion function shall return a positive condition (e.g. Boolean true) and continue to test for the next criteria. All test results shall be consolidated to generate a report to notify the outcome of the te
