1、BRITISH STANDARD BS ISO/IEC 24713-2:2008 Information technology Biometric profiles for interoperability and data interchange Part 2: Physical access control for employees at airports ICS 35.040 BS ISO/IEC 24713-2:2008 This British Standard was published under the authority of the Standards Policy an
2、d Strategy Committee on 31 July 2008 BSI 2008 ISBN 978 0 580 54247 3 National foreword This British Standard is the UK implementation of ISO/IEC 24713-2:2008. The UK participation in its preparation was entrusted to Technical Committee IST/44, Biometrics. A list of organizations represented on this
3、committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. Compliance with a British Standard cannot confer immunity from legal obligations. Amendments/corrigenda i
4、ssued since publication Date Comments Reference number ISO/IEC 24713-2:2008(E)INTERNATIONAL STANDARD ISO/IEC 24713-2 First edition 2008-06-01 Information technology Biometric profiles for interoperability and data interchange Part 2: Physical access control for employees at airports Technologies de
5、linformation Profils biomtriques pour interoprabilit et change de donnes Partie 2: Contrle daccs physique pour les employs aux aroports BS ISO/IEC 24713-2:2008ii iii Contents Page Foreword. v Introduction . vi 1 Scope. 1 2 Conformance. 1 3 Normative references. 2 4 Terms and definitions. 3 5 Environ
6、ment 6 5.1 Employees in the targeted environment 6 5.2 Architecture. 6 5.3 Token 6 5.4 Token management system. 7 5.5 Command and control system 7 5.6 Command and control administration system 8 5.7 Infrastructure system . 8 6 Process 8 6.1 General. 8 6.2 Proofing. 8 6.3 Registration. 8 6.4 Issuance
7、. 9 6.5 Activation to a local access control system 9 6.6 Usage. 9 7 Security Considerations 10 Annex A (normative) Requirements List 12 A.1 General. 12 A.2 Relationship between RL and corresponding ICS proformas . 12 A.3 Profile Specific Implementation Conformance Statement . 13 A.4 Instruction for
8、 completing the ICS proforma. 13 A.4.1 General structure of the ICS proforma . 13 A.4.2 Additional Information 13 A.4.3 Exception Information 13 A.5 ICS proforma . 14 A.6 Interchange Formats 15 A.6.1 Finger Image Data (ISO/IEC 19794-4:2005) 15 A.6.2 Finger Minutiae Data (ISO/IEC 19794-2:2005) 16 A.6
9、.3 Finger Pattern Spectral Data (ISO/IEC 19794-3:2006) . 19 A.6.4 Face Image Data (ISO/IEC19794-5:2005) 21 A.6.5 Iris Image Data (ISO/IEC 19794-6:2005) 24 A.6.6 Signature/Sign Time Series Data (ISO/IEC 19794-7:2007) 25 A.6.7 Finger Pattern Skeletal Data (ISO/IEC 19794-8:2006)27 A.6.8 Vascular Image
10、Data (ISO/IEC 19794-9:2007) 31 A.6.9 Hand Geometry Silhouette Data (ISO/IEC 19794-10:2007) 33 A.7 Technical Interface Standards. 34 A.7.1 BioAPI (ISO/IEC 19784-1:2006) 34 A.7.2 CBEFF (ISO/IEC 19785-1:2006) 39 Annex B (informative) Additional information. 41 BS ISO/IEC 24713-2:2008iv Annex C (informa
11、tive) Security Considerations 44 C.1 Approaches 44 C.2 Representative threat list . 44 Bibliography . 46 BS ISO/IEC 24713-2:2008v Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standa
12、rdization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of
13、mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in acco
14、rdance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International St
15、andard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/IEC 24713-2 was
16、prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 37, Biometrics. ISO/IEC 24713 consists of the following parts, under the general title Information technology Biometric profiles for interoperability and data interchange: Part 1: Overview of biometric syste
17、ms and biometric profiles Part 2: Physical access control for employees at airports Part 3: Biometrics-based verification and identification of seafarers BS ISO/IEC 24713-2:2008vi Introduction This part of ISO/IEC 24713 is one of a family of International Standards being developed by ISO/IEC JTC 1/S
18、C 37 that support interoperability and data interchange among biometrics applications and systems. 1)This family of standards specifies requirements that solve the complexities of applying biometrics to a wide variety of personal recognition applications, whether such applications operate in an open
19、 systems environment or consist of a single, closed system. Biometric data interchange format standards and biometric interface standards are both necessary to achieve full data interchange and interoperability for biometric recognition in an open systems environment. The ISO/IEC JTC 1/SC 37 biometr
20、ic standards family includes a layered set of standards consisting of biometric data interchange formats and biometric interfaces, as well as biometric profiles that describe the use of these standards in specific application areas. The biometric data interchange format standards specify biometric d
21、ata interchange records for different biometric modalities. Parties that agree in advance to exchange biometric data interchange records as specified in a subset of the ISO/IEC JTC 1/SC 37 biometric data interchange format standards should be able to perform biometric recognition with each others da
22、ta. Parties should also be able to perform biometric recognition even without advance agreement on the specific biometric data interchange format standards to be used, provided they have built their systems on the layered ISO/IEC JTC 1/SC 37 family of biometric standards. The biometric interface sta
23、ndards include ISO/IEC 19785, the Common Biometric Exchange Formats Framework (CBEFF) and ISO/IEC 19784, the Biometric Application Programming Interface (BioAPI). These standards support exchange of biometric data within a system or among systems. ISO/IEC 19785 specifies the basic structure of a sta
24、ndardized Biometric Information Record (BIR) which includes the biometric data interchange record with added metadata, such as when it was captured, its expiry date, whether it is encrypted, etc. ISO/IEC 19784 specifies an open system API that supports communications between software applications an
25、d underlying biometric technology services. BioAPI also specifies a CBEFF BIR format for the storage and transmission of BioAPI-produced data. The biometric profile standards facilitate implementations of the base standards (e.g. the ISO/IEC JTC 1/SC 37 biometric data interchange format and biometri
26、c interface standards, and possibly non-biometric standards) for defined applications. These profile standards define the functions of an application (e.g. physical access control for employees at airports) and then specify use of options in the base standards to ensure biometric interoperability. 1
27、) Open systems are built on standards-based, publicly defined data formats, interfaces, and protocols to facilitate data interchange and interoperability with other systems, which may include components of different design or manufacture. A closed system may also be built on publicly defined standar
28、ds, and may include components of different design or manufacture, but inherently has no requirement for data interchange and interoperability with any other system. BS ISO/IEC 24713-2:20081 Information technology Biometric profiles for interoperability and data interchange Part 2: Physical access c
29、ontrol for employees at airports 1 Scope This part of ISO/IEC 24713 specifies the biometric profile including necessary parameters and interfaces between function modules (i.e. BioAPI based modules and an external interface) in support of token-based biometric identification and verification of empl
30、oyees, at local access points (i.e. doors or other controlled entrances) and across local boundaries within the defined area of control in an airport. The token is expected to contain one or more biometric references. This part of ISO/IEC 24713 does not specify a complete Access Control System for d
31、eployment at access points within the secure area of an airport. It is assumed that such systems exist and that a biometric component that is the subject of this part of ISO/IEC 24713 is being added to an existing system. It therefore excludes such things as device features, and exception and incide
32、nt reporting and handling. This information is contained in Annex C for information only. This part of ISO/IEC 24713 includes recommended practices for enrolment, watch list checking, duplicate issuance prevention, and verification of the identity of employees at airports. It also describes architec
33、tures and business processes appropriate to the support of token-based identity management in the secure environment of an airport. It is recommended that the confidentiality, integrity, and availability of biometric data be safeguarded in accordance with local, regional, or national policy consider
34、ations. This part of ISO/IEC 24713 does not preclude users building applications based on this part of ISO/IEC 24713 from being able to meet such privacy/data protection requirements as may apply to their application. The specification of privacy/data protection requirements that may apply is outsid
35、e the scope of this part of ISO/IEC 24713. 2 Conformance A system conforms to this part of ISO/IEC 24713 if it correctly performs all the mandatory capabilities defined in the requirements list and supplies the profile specific Implementation Conformance Statement (ICS) in Annex A. Note that more ca
36、pabilities may be required than in the base standards. BS ISO/IEC 24713-2:20082 3 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the re
37、ferenced document (including any amendments) applies. ISO/IEC 19784-1:2006, Information technology Biometric application programming interface Part 1: BioAPI specification ISO/IEC 19785-1:2006, Information technology Common Biometric Exchange Formats Framework Part 1: Data element specification ISO/
38、IEC 19785-3:2007, Information technology Common Biometric Exchange Formats Framework Part 3: Patron format specifications ISO/IEC 19794-2:2005, Information technology Biometric data interchange formats Part 2: Finger minutiae data ISO/IEC 19794-3:2006, Information technology Biometric data interchan
39、ge formats Part 3: Finger pattern spectral data ISO/IEC 19794-4:2005, Information technology Biometric data interchange formats Part 4: Finger image data ISO/IEC 19794-5:2005, Information technology Biometric data interchange formats Part 5: Face image data ISO/IEC 19794-6:2005, Information technolo
40、gy Biometric data interchange formats Part 6: Iris image data ISO/IEC 19794-7:2007, Information technology Biometric data interchange formats Part 7: Signature/sign time series data ISO/IEC 19794-8:2006, Information technology Biometric data interchange formats Part 8: Finger pattern skeletal data I
41、SO/IEC 19794-9:2007, Information technology Biometric data interchange formats Part 9: Vascular image data ISO/IEC 19794-10:2007, Information technology Biometric data interchange formats Part 10: Hand geometry silhouette data ISO/IEC 19795-1:2006, Information technology Biometric performance testin
42、g and reporting Part 1: Principles and framework ISO/IEC 19795-2;2007, Information technology Biometric performance testing and reporting Part 2: Testing methodologies for technology and scenario evaluation ISO/IEC 24713-1:2008, Information technology Biometric profiles for interoperability and data
43、 interchange Part 1: Overview of biometric systems and biometric profiles BS ISO/IEC 24713-2:20083 4 Terms and definitions For the purposes of this document, the following terms and definitions apply. 4.1 application program or piece of software designed to fulfil a particular purpose 4.2 base stand
44、ard standard that is part of a profile and from which options, subsets, and parameter values are selected if these choices are left open in the standard 4.3 biometric pertaining to biometrics 4.4 biometrics automated recognition of individuals based on their behavioural and biological characteristic
45、s 4.5 biometric characteristic measurable, physical characteristic or personal behavioural trait used to recognize the identity, or verify the claimed identity, of an enrolee 4.6 biometric feature concise representation of information extracted from an acquired or intermediate biometric sample by ap
46、plying a mathematical transformation 4.7 biometric profile conforming subsets or combinations of base standards used to provide specific functions NOTE Biometric profiles identify the use of particular options available in base standards, and provide a basis for the interchange of data between appli
47、cations and interoperability of systems. 4.8 biometric reference one or more stored biometric samples, biometric templates or biometric models attributed to an individual and used for comparison 4.9 biometric sample raw data representing a biometric characteristic of an end-user as captured by a bio
48、metric system (for example, the image of a fingerprint) 4.10 biometric system automated system capable of: capturing a biometric sample from an end-user; extracting biometric data from that sample; comparing the biometric data with that contained in one or more reference templates; deciding how well
49、 they match, and indicating whether or not an identification or verification of identity has been achieved BS ISO/IEC 24713-2:20084 4.11 biometric template data that represents the biometric measurement of an enrolee NOTE Used by a biometric system for comparison against submitted biometric samples. 4.12 capture method of taking a biometric sample from an end-user 4.13 comparis
