1、BSI Standards Publication BS ISO/IEC 30108-1:2015 Information technology Biometric Identity Assurance Services Part 1: BIAS servicesBS ISO/IEC 30108-1:2015 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 30108-1:2015. The UK participation in its preparati
2、on was entrusted to Technical Committee IST/44, Biometrics. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. T
3、he British Standards Institution 2015. Published by BSI Standards Limited 2015 ISBN 978 0 580 78375 3 ICS 35.040 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on
4、 30 November 2015. Amendments/corrigenda issued since publication Date T e x t a f f e c t e dBS ISO/IEC 30108-1:2015 Information technology Biometric Identity Assurance Services Part 1: BIAS services Technologies de linformation Service dassurance de lidentit biomtrique (BIAS) Partie 1: Services BI
5、AS INTERNATIONAL STANDARD ISO/IEC 30108-1 Reference number ISO/IEC 30108-1:2015(E) First edition 2015-11-01 ISO/IEC 2015 BS ISO/IEC 30108-1:2015ii ISO/IEC 2015 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2015, Published in Switzerland All rights reserved. Unless otherwise specified, no
6、part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member
7、 body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 30108-1:2015(E)BS ISO/IEC 30108-1:2015ISO/IEC 30108-1:2015(E)Foreword v Introduction vi 1 Scope
8、. 1 2 Conformance . 1 3 Normative references 1 4 T erms and definitions . 1 5 Symbols and abbreviated terms . 3 6 System context 3 6.1 Service-oriented architectures 3 6.2 BIAS architecture 5 6.3 Identity models . 6 6.4 Identity databases 8 6.5 BIAS implementation considerations (informative) 9 7 Bi
9、ometric Identity Assurance Services 10 7.1 BIAS interface XML schema 10 7.2 Primitive services 11 7.2.1 Add Subject To Gallery .11 7.2.2 Check Quality .12 7.2.3 Classify Biometric Data .13 7.2.4 Create Encounter 13 7.2.5 Create Subject 14 7.2.6 Delete Biographic Data 14 7.2.7 Delete Biometric Data 1
10、5 7.2.8 Delete Document Data .15 7.2.9 Delete Encounter 16 7.2.10 Delete Subject 16 7.2.11 Delete Subject From Gallery 17 7.2.12 Get Identify Subject Results.17 7.2.13 Identify Subject 18 7.2.14 List Biographic Data .19 7.2.15 List Biometric Data .20 7.2.16 List Document Data 21 7.2.17 Perform Fusio
11、n .21 7.2.18 Query Capabilities22 7.2.19 Retrieve Biographic Data .26 7.2.20 Retrieve Biometric Data .27 7.2.21 Retrieve Document Data 28 7.2.22 Set Biographic Data 28 7.2.23 Set Biometric Data .29 7.2.24 Set Document Data 30 7.2.25 Transform Biometric Data 31 7.2.26 Update Biographic Data 31 7.2.27
12、 Update Biometric Data 32 7.2.28 Update Document Data .32 7.2.29 Verify subject 33 7.3 Aggregate Services 34 7.3.1 Delete 34 7.3.2 Enrol 35 7.3.3 Get Deletion Results .36 7.3.4 Get Enrol Results.36 7.3.5 Get Identify Results.37 7.3.6 Get Update Results 37 ISO/IEC 2015 All rights reserved iii Content
13、s PageBS ISO/IEC 30108-1:2015ISO/IEC 30108-1:2015(E)7.3.7 Get Verify Results .38 7.3.8 Identify 39 7.3.9 Retrieve Data 40 7.3.10 Update 40 7.3.11 Verify .41 8 Data elements and data types 42 8.1 Biographic data 42 8.1.1 Biographic Data Type . .43 8.1.2 Biographic Data Item Type.43 8.1.3 Biographic D
14、ata Set Type 43 8.1.4 Biographic Data List Type .44 8.2 Biometric Data44 8.2.1 CBEFF BIR Type .45 8.2.2 CBEFF BIR List Type 46 8.2.3 Biometric Data Element Type 46 8.2.4 Biometric Data List Type .47 8.3 Document Data 47 8.3.1 Document Data Type .47 8.3.2 Document Data List Type 48 8.4 Candidate List
15、s .48 8.4.1 Candidate Type .49 8.4.2 Candidate List Type 49 8.5 Capabilities 50 8.5.1 Capability Type .50 8.5.2 Capability List Type 50 8.6 Fusion Information .51 8.6.1 Fusion Information Type .51 8.6.2 Fusion Information List Type 51 8.6.3 Fusion Identity List Type .52 8.7 Other Data Types52 8.7.1
16、Encounter Category Type 52 8.7.2 Encounter List Type .52 8.7.3 Information Type 53 8.7.4 List Filter Type 53 8.7.5 Option Type .53 8.7.6 Processing Options Type54 8.7.7 Token Type .54 9 Err or handling and notification .55 9.1 Successful service calls .55 9.2 Error condition codes 55 10 Security57 A
17、nnex A (normative) Conformance requirements .58 Annex B (informative) Sample biographic data format references .67 Annex C (informative) Example usage scenarios 68 Annex D (informative) Example encounter scenarios .75 Bibliography .79 iv ISO/IEC 2015 All rights reservedBS ISO/IEC 30108-1:2015ISO/IEC
18、 30108-1:2015(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standar
19、ds through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IE
20、C, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular t
21、he different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document
22、 may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.is
23、o.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the
24、WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee SC 37, Biometrics. ISO/IEC 30108 consists of the following parts, under the general t
25、itle Information technology Biometric Identity Assurance Services: Part 1: BIAS Services ISO/IEC 2015 All rights reserved vBS ISO/IEC 30108-1:2015ISO/IEC 30108-1:2015(E) Introduction This part of ISO/IEC 30108 defines the architecture, operations, data elements, and basic requirements for biometric
26、identity assurance services a framework for the implementation of generic, biometric- based identity services within a services-oriented environment. An identity in the context of BIAS comprises a subject, biographic data, and biometric data. Other parts are intended to define specific BIAS implemen
27、tations (or bindings) within specific environments, for example, SOAP web services. BIAS services are generic in nature, being modality neutral, and not targeted at any particular business application. These services include those related to identity data management, transformation, and biometric co
28、mparison. Services are invoked by a BIAS requester and implemented by a BIAS service provider (responder). It does not prescribe the architecture or business logic of either the requester or service provider. Two categories of identity services are defined primitive and aggregate. Primitive services
29、 are more atomic and well-defined, whereas the aggregate services tend to be higher level and enable more flexibility on the part of the BIAS service provider. Two identity models are also defined person-centric and encounter-based. Person-centric systems maintain a single up-to-date record (set of
30、data) for a given subject, whereas an encounter-based system retains data related to each interaction the subject has with the system. This part of ISO/IEC 30108 represents a version of BIAS subsequent to that previously standardized by INCITS and OASIS, therefore, it is denoted as version 2.0.vi IS
31、O/IEC 2015 All rights reservedBS ISO/IEC 30108-1:2015Information technology Biometric Identity Assurance Services Part 1: BIAS services 1 Scope This part of ISO/IEC 30108 defines biometric services used for identity assurance that are invoked over a services-based framework. It provides a generic se
32、t of biometric and identity-related functions and associated data definitions to allow remote access to biometric services. The binding of these services to specific frameworks is not included in this part of ISO/IEC 30108, but will be the subject of subsequent parts. Although focused on biometrics,
33、 this part of ISO/IEC 30108 will necessarily include support for other related identity assurance mechanisms such as biographic and document capabilities. BIAS is intended to be compatible with and used in conjunction with other biometric standards as described in Clause 3. Specification of biometri
34、c functionality is limited to remote (backend) services. Services between a client-side application and biometric capture devices are not within the scope of this part of ISO/IEC 30108. Integration of biometric services as part of an authentication service or protocol is not within the scope of this
35、 part of ISO/IEC 30108. 2 Conformance Annex A specifies the conformance requirements for systems/components claiming conformance to this part of ISO/IEC 30108. 3 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for i
36、ts application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 19785-1, Information technology Common Biometric Exchange Formats Framework Part 1: Data element specification ISO/I
37、EC 19785-3, Information technology Common Biometric Exchange Formats Framework Part 3: Patron format specifications 4 T erms a nd definiti ons For the purposes of this document, the following terms and definitions apply. 4.1 biometric sample analogue or digital representation of biometric characteri
38、stics prior to biometric feature extraction Note 1 to entry: As an example, a record containing the image of a finger is a biometric sample. INTERNATIONAL ST ANDARD ISO/IEC 30108-1:2015(E) ISO/IEC 2015 All rights reserved 1BS ISO/IEC 30108-1:2015ISO/IEC 30108-1:2015(E) 4.2 claim to identity biometri
39、c claim assertion that an individual is or is not the bodily source of a specified or unspecified biometric reference in an identity assurance system 4.3 encounter event in which the BIAS requester interacts with a subject (4.11) resulting in data being collected during or about the encounter Note 1
40、 to entry: The event may involve collection of biographic, biometric, document, and/or contextual data during an enrolment or recognition interaction. 4.4 encounter-centric system system that supports encounter processing maintaining a one-to-many relationship between subjects (4.11) and encounters
41、(4.3) and which does not necessarily contain a single, unique set of information for each subject 4.5 gallery group of subjects (4.11) related by a common purpose, designation, or status EXAMPLE A watch list or a set of subjects entitled to a certain benefit. 4.6 ide nt i f ic at ion biome t r ic id
42、e nt i f ic at ion process of searching against a biometric enrolment database to find and return the biometric reference identifier(s) attributable to a single individual 4.7 identity assurance process of establishing, determining, and/or confirming a subject identity 4.8 merge combination of biome
43、tric data during the process of updating an enrolment record Note 1 to entry: The “merge” operation is implementation specific, however, it may include either adding a new sample to a multi-sample record or performing some level of biometric fusion, for example, sample or feature level fusion. 4.9 m
44、erge combination of two or more subject records into a single subject record 4.10 person-centric model identity model in which a single master record is maintained on a subject (4.11) which is updated over time when additional, newer, or better biographic, biometric, and/or document information beco
45、mes available and which does not maintain separate historical data records for each system encounter with the subject 4.11 subject person who is known to an identity assurance system Note 1 to entry: The person may also be a biometric capture subject or biometric data subject, but this is not the ca
46、se in all situations.2 ISO/IEC 2015 All rights reservedBS ISO/IEC 30108-1:2015ISO/IEC 30108-1:2015(E) 4.12 ve r i f ic at ion biome t r ic ve r i f ic at ion process of confirming a biometric claim (4.2) through biometric comparison Note 1 to entry: Verification is usually performed through a one-to
47、-one comparison in which a biometric sample (4.1) from one individual (probe) is compared to a biometric reference(s) from one individual to produce a comparison decision (match/no-match) and optionally, a comparison score. 5 Symbols and abbreviated terms AFIS Automated Fingerprint Identification Sy
48、stem BIAS Biometric Identity Assurance Services BIR Biometric Information Record CBEFF Common Biometric Exchange Formats Framework ESB Enterprise Service Bus ID Identity/Identification/Identifier OASIS Organization for the Advancement of Structured Information Standards SOA Service-Oriented Architec
49、ture SOAP Simple Object Access Protocol 6 System context This clause provides an overview of Service-Oriented Architectures, the BIAS architecture, and BIAS implementation considerations. 6.1 Service-oriented architectures Service-Oriented Architectures are software architectures in which reusable services are deployed onto application servers and then consumed by clients in different applications or business processes. They are intended to decouple the implementation of a software