1、 American National Standard for Financial Services ANSI X9.84-2018 Biometric Information Management and Security for the Financial Services Industry Accredited Standards Committee X9, Incorporated Financial Industry Standards Date Approved: April 20, 2018 American National Standards Institute Americ
2、an National Standards, Technical Reports and Guides developed through the Accredited Standards Committee X9, Inc., are copyrighted. Copying these documents for personal or commercial use outside X9 membership agreements is prohibited without express written permission of the Accredited Standards Com
3、mittee X9, Inc. For additional information please contact ASC X9, Inc., 275 West Street, Suite 107, Annapolis, MD USA 21401. ANSI X9.84-2018 ASC X9, Inc. 2018 All rights reserved 2 Foreword Approval of an American National Standard requires verification by ANSI that the requirements for due process,
4、 consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review, directly and materially affected interests have reached substantial agreement. Substantial agreement means much more than a simp
5、le majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made toward their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he
6、 has approved the standards or not from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National
7、 Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page o
8、f this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken to reaffirm, revise, or withdraw this standard no later than five years from the date of approval. Publis
9、hed by Accredited Standards Committee X9, Incorporated Financial Industry Standards 275 West Street, Suite 107 Annapolis, MD 21401 www.x9.org Copyright 2018 by Accredited Standards Committee X9, Incorporated All rights reserved. No part of this publication may be reproduced in any form, in an electr
10、onic retrieval system or otherwise, without prior written permission of the publisher. Printed in the United States of America. ANSI X9.84-2018 ASC X9, Inc. 2018 All rights reserved 3 Contents Page 1 Scope 17 2 Normative References 18 3 Terms and Definitions . 19 4 Symbols and Abbreviated Terms 25 5
11、 Biometric Technology Overview . 26 5.1 Basics 26 5.2 Fingerprint Biometrics . 27 5.3 Voice Biometrics . 27 5.4 Iris Biometrics 28 5.5 Retina Biometrics 28 5.6 Face Biometrics 28 5.7 Hand Geometry Biometrics . 29 5.8 Signature Biometrics . 29 5.9 Technology Considerations 29 5.9.1 Biometric System P
12、roperties. 29 5.9.2 Universality 29 5.9.3 Distinctiveness 30 5.9.4 Accuracy . 30 5.9.5 Performance Evaluation 32 5.10 Behavioral Biometrics . 34 6 Basic Principles of Biometric Architectures 35 6.1 Major Components 35 6.2 Data Collection Subsystem . 36 6.3 Transmission Subsystem 37 6.4 Signal Proces
13、sing Subsystem 37 6.5 Matching Subsystem . 38 6.6 Decision Subsystem . 38 6.7 Storage Subsystem . 39 7 Management and Security Requirements 39 7.1 Applications . 39 7.2 Core Security Requirements . 39 7.3 Enrollment . 40 7.3.1 Initial Enrollment . 40 7.3.2 Dynamic Enrollment 41 7.3.3 Re-enrollment 4
14、1 7.4 Verification 42 7.5 Identification 43 7.6 Transmission and Storage 44 7.6.1 Reference Templates 44 7.6.2 Biometric Data 45 7.6.3 Transmission . 45 7.6.4 Central Data Base . 45 7.6.5 Tokens 45 7.7 Termination and Archive . 46 7.7.1 Termination . 46 7.7.2 Archiving . 47 7.8 Compliance and the Ev
15、ent Journal . 47 8 Techniques 47 8.1 Extending Biometric Template Information . 47 8.1.1 Biometric Template Attributes . 47 8.1.2 Required Attribute Support . 49 8.1.3 Recommended Attribute Support 53 ANSI X9.84-2018 ASC X9, Inc. 2018 All rights reserved 4 8.1.4 Compact Template Attributes . 57 8.1.
16、5 Biometric Electronic Signatures 59 8.2 Cryptographic Techniques 64 8.2.1 Security Architecture . 64 8.2.2 Key Management 65 8.2.3 Digital Signatures 66 8.2.4 Encryption for Purposes of Privacy . 67 8.2.5 Encryption for Purposes of Authentication and Confidential Communications 67 8.3 Physical Tech
17、niques . 67 8.3.1 Protection Mechanisms . 67 8.3.2 Types of Attack . 68 8.3.3 Risk Analysis . 68 Annex A (normative) Biometric Information Schema . 69 A.1 Introduction . 69 A.1.1 Transfer Formats 69 A.1.2 XML Namespace 69 A.2 Biometric Schema . 70 A.3 Information Object Identifiers 76 A.4 Biometric
18、Event Journal Schema 78 A.5 Compact Template Attributes . 82 A.6 Biometric Electronic Signatures 84 Annex B (Normative) Security Requirements for Biometric Devices . 88 B.1 Physical Security . 88 B.2 General Physical Security Requirements . 88 B.3 Security Levels 89 B.3.1 Security Level 1 89 B.3.2 S
19、ecurity Level 2 89 B.3.3 Security Level 3 89 Annex C (Normative) Event Journal . 91 C.1 Management Requirements 91 C.2 Content Requirements 92 C.2.1 Enrollment . 92 C.2.2 Verification and Identification 92 C.2.3 Termination . 93 C.2.4 Transmission and Storage 93 Annex D (Normative) Biometric Matchin
20、g Decision Control 95 D.1 Policy Based Matching Decisions . 95 D.2 Decision Control Protocol . 95 Annex E (Normative) Biometric Event Information Management 96 E.1 Biometric Event Journal 96 E.1.1 Event Record Signature Creation . 97 E.1.2 Event Record Signature Verification . 97 E.2 Event Journal R
21、ecords 97 E.2.1 Record Types 97 E.2.2 Common Elements . 98 E.3 Event Types 98 E.3.1 Enrollment Event . 98 E.3.2 Enrollment Failure Event . 99 E.3.3 Authentication Events . 100 E.3.4 Verification Failure Event 101 E.3.5 Identification Failure Event 101 E.3.6 Termination Event . 102 E.3.7 Addition Eve
22、nt . 102 E.3.8 Deletion Event . 102 E.3.9 Modification Event . 103 ANSI X9.84-2018 ASC X9, Inc. 2018 All rights reserved 5 E.3.10 Injection Event 103 E.3.11 Summary Record 104 E.3.12 Archive Event 105 E.3.13 Event Journal Protection . 105 Annex F (Normative) Biometric Validation Control Objectives .
23、 106 F.1 Introduction . 106 F.2 Environmental Controls . 107 F.2.1 Security Policy 107 F.2.2 Security Organization 108 F.2.3 Asset Classification and Management 109 F.2.4 Personnel Security 109 F.2.5 Physical and Environmental Security . 110 F.2.6 Operations Management 111 F.2.7 System Access Manage
24、ment . 112 F.2.8 Systems Development and Maintenance . 113 F.2.9 Business Continuity Management 113 F.2.10 Monitoring and Compliance 114 F.2.11 Event Journaling . 115 F.3 Key Management Life Cycle Controls 117 F.3.1 Key Generation . 117 F.3.2 Key Distribution . 118 F.3.3 Key Loading/Insertion . 118
25、F.3.4 Key Storage 118 F.3.5 Key Usage. 119 F.3.6 Key Renewal . 119 F.3.7 Key Backup and Recovery 119 F.3.8 Key Archival 120 F.3.9 Key Revocation and Destruction 120 F.3.10 Cryptographic Device Life Cycle Controls 121 F.4 Biometric Information Life Cycle Controls . 122 F.4.1 Enrollment . 123 F.4.2 Te
26、mplate Life Cycle 123 F.4.3 Verification and Identification Process Controls . 125 F.4.4 Biometric Device Life Cycle Controls 126 F.4.5 Integrated Circuit Card (ICC) Life Cycle Controls . 127 Annex G (Informative) Biometric Enrollment 131 G.1 Identification Criteria for an Individual . 131 G.2 Quali
27、ty Check and Verification of Matchability 132 Annex H (Informative) Security Considerations and Measurement . 133 H.1 Security Considerations 133 H.1.1 Registration of Individual Using False Identity 133 H.1.2 Fraud Susceptibility within Data Collection “Synthetic Attack” . 133 H.1.3 Protection of t
28、he Data . 134 H.1.4 Modification of Verification Result . 136 H.1.5 False Match versus False Non-Match 136 H.1.6 Scores and Thresholds . 138 H.1.7 Single versus Multi-Factor Authentication 140 H.1.8 Testing 141 H.1.9 Open versus Closed Systems. 142 H.1.10 Compromise/Loss of Biometric Data 144 H.1.11
29、 Data Compression 144 H.1.12 System Circumvention 144 H.2 Security Measurement 145 Bibliography . 147 ANSI X9.84-2018 ASC X9, Inc. 2018 All rights reserved 6 List of Figures Figure 1 Environmental Context for a Biometric System. 35 Figure 2 Enrollment Model 40 Figure 3 Verification Model 42 Figure 4
30、 Identification Model . 44 Figure 5 Distribution Model 45 Figure 6 Token Verification Model . 46 Figure 7 Security Architectures . 64 List of Tables Table J.1 Closed versus Open Systems . 143 ANSI X9.84-2018 ASC X9, Inc. 2018 All rights reserved 7 Introduction NOTE: The users attention is called to
31、the possibility that compliance with this standard may require use of an invention covered by patent rights. By publication of this standard, no position is taken with respect to the validity of this claim or of any patent rights in connection therewith. The patent holder has, however, filed a state
32、ment of willingness to grant a license under these rights on reasonable and nondiscriminatory terms and conditions to applicants desiring to obtain such a license. Details may be obtained from the standards developer. Business practice has changed with the introduction of computer-based technologies
33、. The substitution of electronic transactions for their paper-based predecessors has reduced costs and improved efficiency. Trillions of dollars in funds and securities are transferred daily by telephone, wire services, and other electronic communication mechanisms. The high value or sheer volume of
34、 such transactions within an open environment exposes the financial community and its customers to potentially severe risks from accidental or deliberate alteration, substitution or destruction of data. Interconnected networks, and the increased number and sophistication of malicious adversaries com
35、pound this risk. The inevitable advent of electronic communications across uncontrolled public networks, such as the Internet, is also increasing risk to the financial industry. The necessity to expand business operations onto these environments has elevated the awareness for strong identification a
36、nd authentication and created the need for alternate forms of identification and authentication. The financial community is responding to these needs. Biometrics, the “something you are” identity factor, has come of age, and includes such technologies as finger image, voice identification, eye scan,
37、 facial image, and the like. The cost of biometric technology has been decreasing while the reliability has been increasing, and both are now acceptable and viable for the financial industry. This standard, ANSI X9.84, Biometrics Management and Security, describes the cryptographic requirements, tec
38、hniques, protocols and syntax for storage and transfer of biometric information, and for using biometrics as an identification mechanism and authentication mechanism for secure remote electronic access or local physical access controls for the financial services, or other industries. Biometrics can
39、be used for human identification and authentication for physical and logical access. Logical access can include access to applications, services, or entitlements. This standard promotes the integration of biometrics into the financial industry. It positions biometric technology to strengthen public
40、key infrastructures (PKI) 19 for higher levels of identification and authentication by providing stronger methods as well as multi-factor authentication. In addition, this Standard allows continuous reassurance that the entity about to generate a digital signature is, in fact, the person authorized
41、to access the private key. The success of a biometric system with the public is based on a number of factors: Convenience and ease of use Level of apparent security Performance Non-invasiveness ANSI X9.84-2018 ASC X9, Inc. 2018 All rights reserved 8 These factors differ among the available biometric
42、 technologies. Fingerprint, face identification, speech identification, and verification of written signatures all appear to be well accepted, with only a smaller number of people appearing to be concerned about abuse by law enforcement or other organizations. Privacy considerations regarding the us
43、e of biometrics are an important issue and the reader is encouraged to investigate if any relevant statutes govern the use of biometrics in the locale(s) of the deployment. For example, state privacy laws address three basic categories1: 1) privacy laws (Arizona, California, Colorado, Delaware, Flor
44、ida, Illinois, Kansas, Louisiana, North Carolina, West Virginia, and Wisconsin) with respect to the collection and use of biometric information belonging to students; 2) privacy laws (Maine, Missouri, and New Hampshire) dealing with collection by government agencies; and 3) privacy laws (Illinois, T
45、exas) targeting the collection and use of biometric information by businesses. In addition to state privacy laws, the Federal Trade Commission (FTC)2 recommends best practices for companies that use facial recognition, and the Gramm-Leach-Bliley Act (GLBA)3 includes disclosure of nonpublic personal
46、information as defined in Title 15 Commerce and Trade of the United States Code 6801 Protection of Nonpublic Personal Information4. Biometrics are arguably included within nonpublic personal information as although biometrics are publicly available information, they cannot be obtained without overt
47、action and authentication is depended on identities and associated data derived from nonpublic personal information such as customer profiles and account numbers. Hence, if biometric information is collected, processed or stored, user agreements may be needed preceding or during enrollment or authen
48、tication. Further, a biometric protection policy may be disclosed to address privacy or other legal concerns. The authentication systems discussed in this standard are those for closed user groups in which the group members have agreed to use biometric identification or perform identification themse
49、lves. Such agreements might be explicit (e.g., service agreement) or implicit (e.g., entering a facility indicating a clear intent to conduct a transaction). Such systems that will be used to monitor an indefinite number of people are excluded from the scope of this standard. The techniques specified in this standard are designed to maintain the origin authenticity, integrity and confidentiality of biometric information and to provide authentication. However, this standard does not guarantee that a particular implementation is secure. It is the respon
