1、raising standards worldwide NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BSI Standards Publication BS ISO/IEC 24745:2011 Information technology Security techniques Biometric information protectionBS ISO/IEC 24745:2011 BRITISH STANDARD National foreword This British Standard
2、 is the UK implementation of ISO/IEC 24745:2011. The UK participation in its preparation was entrusted to Technical Committee IST/33, IT - Security techniques. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to incl
3、ude all the necessary provisions of a contract. Users are responsible for its correct application. BSI 2011 ISBN 978 0 580 55573 2 ICS 35.040 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Pol
4、icy and Strategy Committee on 31 July 2011. Amendments issued since publication Date Text affectedBS ISO/IEC 24745:2011Reference number ISO/IEC 24745:2011(E) ISO/IEC 2011INTERNATIONAL STANDARD ISO/IEC 24745 First edition 2011-06-15 Information technology Security techniques Biometric information pro
5、tection Technologies de linformation Techniques de scurit Protection des informations biomtriques BS ISO/IEC 24745:2011 ISO/IEC 24745:2011(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2011 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any fo
6、rm or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09
7、 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2011 All rights reservedBS ISO/IEC 24745:2011 ISO/IEC 24745:2011(E) ISO/IEC 2011 All rights reserved iiiContents Page Foreword .v Introductionvi 1 Scope1 2 Terms and definitions .1 3 Abbreviated terms .5 4 Biometric syst
8、ems.6 4.1 Introduction to biometric systems 6 4.2 Biometric system operations .8 4.3 Biometric references and identity references 10 4.4 Biometric systems and identity management systems 10 4.5 Personally identifiable information and universal unique identifiers11 4.6 Societal considerations 11 5 Se
9、curity aspects of a biometric system12 5.1 Security requirements for biometric systems to protect biometric information12 5.2 Security threats and countermeasures in biometric systems13 5.3 Security of data records containing biometric information16 6 Biometric information privacy management 20 6.1
10、Biometric information privacy threats 20 6.2 Biometric information privacy requirements and guidelines .20 6.3 Regulatory and policy requirements .21 6.4 Biometric information lifecycle privacy management.21 6.5 Responsibilities of a biometric system owner .23 7 Biometric system application models a
11、nd security 24 7.1 Biometric system application models.24 7.2 Security in each biometric application model25 Annex A (informative) Secure binding and use of separated DB IRand DB BR .37 A.1 General .37 A.2 Secure Binding between Separated DB IRand DB BR .37 A.3 BR claim for verification .38 A.4 IR c
12、laim for identification39 Annex B (informative) Cryptographic algorithms for security of biometric systems40 B.1 Cryptographic algorithms providing confidentiality .40 B.2 Cryptographic algorithms providing integrity40 B.3 Cryptographic algorithms providing confidentiality and integrity.40 Annex C (
13、informative) Framework for renewable biometric references .41 C.1 Renewable biometric references .41 C.2 Creation 41 C.3 Comparison42 C.4 Expiration .42 C.5 Revocation .42 C.6 Architecture overview.43 Annex D (informative) Technology examples for renewable biometric references.44 D.1 Overview.44 BS
14、ISO/IEC 24745:2011 ISO/IEC 24745:2011(E) iv ISO/IEC 2011 All rights reservedAnnex E (informative) Biometric watermarking .46 E.1 Biometric watermarking46 E.2 Insertion and extraction of a biometric watermark 46 E.3 Application examples47 Bibliography 48 BS ISO/IEC 24745:2011 ISO/IEC 24745:2011(E) IS
15、O/IEC 2011 All rights reserved vForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of Intern
16、ational Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison
17、with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technica
18、l committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is draw
19、n to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 24745 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC
20、 27, IT Security techniques. BS ISO/IEC 24745:2011 ISO/IEC 24745:2011(E) vi ISO/IEC 2011 All rights reservedIntroduction As the Internet becomes a more pervasive part of daily life, various services are being provided via the Internet, such as Internet banking, remote healthcare, etc. In order to pr
21、ovide these services in a secure manner, the need for authentication mechanisms between subjects and the service being provided becomes even more critical. Some of the authentication mechanisms already developed include token based schemes, personal identification and transaction numbers (PIN/TAN),
22、digital signature schemes based on public key cryptosystems, and authentication schemes using biometric techniques. Biometrics the automated recognition of individuals based on their behavioural and physiological characteristics has come of age, and includes recognition technologies based on fingerp
23、rint image, voice patterns, iris image, facial image, and the like. The cost of biometric techniques has been decreasing while their reliability has been increasing, and both are now acceptable and viable for use as an authentication mechanism. Biometric authentication introduces a potential discrep
24、ancy between privacy and authentication assurance. On the one hand, biometric characteristics are ideally an unchanging property associated with and distinct to an individual. This binding of the credential to the person provides strong assurance of authentication. On the other hand, this strong bin
25、ding also underlies the privacy concerns surrounding the use of biometrics, such as unlawful processing of biometric data, and poses challenges to the security of biometric systems to prevent the compromise of biometric references. The usual solution to the compromise of an authentication credential
26、 to change the password or issue a new token is not generally available for biometric authentication because biometric characteristics, being either intrinsic physiological properties or behavioural traits of individuals, are difficult or impossible to change. At most another finger or eye could be
27、enrolled, but the choices are usually limited. Therefore, appropriate countermeasures to safeguard the security of a biometric system and the privacy of data subjects are essential. Biometric systems usually bind a biometric reference with other personally identifiable information (PII) for authenti
28、cating individuals. In this case, the binding is needed to assure the security of the data record containing biometric information. The increasing linkage of biometric references with other PII and the sharing of biometric information across legal jurisdictions make it extremely difficult for organi
29、zations to assure the protection of biometric information and to achieve compliance with various privacy regulations. BS ISO/IEC 24745:2011 INTERNATIONAL STANDARD ISO/IEC 24745:2011(E) ISO/IEC 2011 All rights reserved 1Information technology Security techniques Biometric information protection 1 Sco
30、pe This International Standard provides guidance for the protection of biometric information under various requirements for confidentiality, integrity and renewability/revocability during storage and transfer. Additionally, this International Standard provides requirements and guidelines for the sec
31、ure and privacy-compliant management and processing of biometric information. This International Standard specifies the following: analysis of the threats to and countermeasures inherent in a biometric and biometric system application models; security requirements for securely binding between a biom
32、etric reference and an identity reference; biometric system application models with different scenarios for the storage and comparison of biometric references; and guidance on the protection of an individuals privacy during the processing of biometric information. This International Standard does no
33、t include general management issues related to physical security, environmental security and key management for cryptographic techniques. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply. 2.1 authentication process of establishing an understood lev
34、el of confidence that a specific entity or claimed identity is genuine NOTE 1 Authentication includes the process of ascertaining an understood level of confidence of the truth of a claimed identity before the entity can be registered and recognized in a domain. NOTE 2 Although this definition is ge
35、neric, its use within this International Standard is limited to the biometric authentication of human subjects. ISO 19092:2008 2.2 auxiliary data AD subject-dependent data that is part of a renewable biometric reference and may be required to reconstruct pseudonymous identifiers during verification,
36、 or for verification in general NOTE 1 If auxiliary data is part of a renewable biometric reference, it is not necessarily stored in the same place as the corresponding pseudonymous identifiers. BS ISO/IEC 24745:2011 ISO/IEC 24745:2011(E) 2 ISO/IEC 2011 All rights reservedNOTE 2 Auxiliary data may c
37、ontain data elements for diversification (i.e. diversification data). NOTE 3 Auxiliary data is not the element for comparison during biometric reference verification. NOTE 4 Auxiliary data are generated by the biometric system during enrolment. EXAMPLE Secret number encrypted by a key derived from a
38、 biometric sample using a helper data approach, fuzzy commitment scheme, or fuzzy vault. See Annex D, Table D.1 for concrete examples of PI and AD. 2.3 biometric characteristic physiological or behavioural characteristic of an individual that can be detected and from which distinguishing, repeatable
39、 biometric features can be extracted for the purpose of automated recognition of individuals ISO/IEC JTC 1/SC 37 SD2 (v.11) 2.4 biometric data biometric sample, biometric feature, biometric model, biometric property, other description data for the original biometric characteristics, or aggregation o
40、f above data ISO/IEC JTC 1/SC 37 SD2 (v.11) 2.5 biometric data subject subject individual whose biometric reference is within the biometric system 2.6 biometric feature numbers or labels extracted from biometric samples and used for comparison ISO/IEC JTC 1/SC 37 SD2 (v.11) 2.7 biometric information
41、 privacy right to control the collection, transfer, use, storage, archiving, disposal and renewal of ones own biometric information throughout its lifecycle 2.8 biometric model stored function (dependent on the biometric data subject) generated from a biometric feature or features NOTE Comparison ap
42、plies the stored function to the biometric features of a probe biometric sample to give a comparison score. EXAMPLE Examples of stored functions include Hidden Markov Models, Gaussian Mixture Models or Artificial Neural Networks. ISO/IEC JTC 1/SC 37 SD2 (v.11) 2.9 biometric property descriptive attr
43、ibutes of the biometric data subject estimated or derived from the biometric sample by automated means EXAMPLE Fingerprints can be classified by the biometric properties of ridge-flow (i.e. arch, whorl, and loop types); face images can be used for estimating age or gender. ISO/IEC JTC 1/SC 37 SD2 (v
44、.11) BS ISO/IEC 24745:2011 ISO/IEC 24745:2011(E) ISO/IEC 2011 All rights reserved 32.10 biometric reference BR one or more stored biometric samples, biometric templates or biometric models attributed to a biometric data subject and used for comparison NOTE A biometric reference that can be renewed i
45、s referred to as a renewable biometric reference. EXAMPLE Face image on a passport; fingerprint minutiae template on a National ID card; Gaussian Mixture Model, for speaker recognition, in a database. ISO/IEC JTC 1/SC 37 SD2 (v.11) 2.11 biometric sample analog or digital representation of biometric
46、characteristics obtained from a biometric capture device or biometric capture subsystem prior to biometric feature extraction ISO/IEC JTC 1/SC 37 SD2 (v.11) 2.12 biometric system system for the purpose of the automated recognition of individuals based on their behavioural and physiological character
47、istics 2.13 biometric template set of stored biometric features comparable directly to probe biometric features 2.14 claim assertion of identity 2.15 claimant individual making a claim of identity NOTE Claims can be verified in a number of ways, some of which may be based on biometrics. 2.16 common
48、identifier identifier for correlating identity references and biometric references in physically or logically separated databases 2.17 diversification deliberate creation of multiple, independent, transformed biometric references from one or more biometric samples obtained from one data subject for
49、the purposes of security and privacy enhancement 2.18 identification biometrics process of performing a biometric search against an enrolment database to find and return the identity reference attributable to a single individual 2.19 identifier one or more attributes that uniquely characterize an entity in a specific domain EXAMPLES The name of a club with a club-membership number, a health insurance card number together with the name of the insurance company, an IP address, and a universal uniq
