1、American National StandardDeveloped byfor Information Technology Biometric Profile Interoperability and Data Interchange Biometrics-Based Verificationand Identification ofTransportation WorkersANSI INCITS 383-2008 (R2013)ANSI INCITS 383-2008(R2013)ANSIINCITS 383-2008 (R2013)Revision ofANSI INCITS 38
2、3-2004American National Standardfor Information Technology Biometric Profile Interoperability and Data Interchange Biometrics-Based Verificationand Identification ofTransportation WorkersSecretariatInformation Technology Industry CouncilApproved January 23, 2008 American National Standards Institute
3、, Inc.Approval of an American National Standard requires review by ANSI that therequirements for due process, consensus, and other criteria for approval havebeen met by the standards developer.Consensus is established when, in the judgement of the ANSI Board ofStandards Review, substantial agreement
4、 has been reached by directly andmaterially affected interests. Substantial agreement means much more thana simple majority, but not necessarily unanimity. Consensus requires that allviews and objections be considered, and that a concerted effort be madetowards their resolution.The use of American N
5、ational Standards is completely voluntary; theirexistence does not in any respect preclude anyone, whether he has approvedthe standards or not, from manufacturing, marketing, purchasing, or usingproducts, processes, or procedures not conforming to the standards.The American National Standards Instit
6、ute does not develop standards andwill in no circumstances give an interpretation of any American NationalStandard. Moreover, no person shall have the right or authority to issue aninterpretation of an American National Standard in the name of the AmericanNational Standards Institute. Requests for i
7、nterpretations should beaddressed to the secretariat or sponsor whose name appears on the titlepage of this standard.CAUTION NOTICE: This American National Standard may be revised orwithdrawn at any time. The procedures of the American National StandardsInstitute require that action be taken periodi
8、cally to reaffirm, revise, orwithdraw this standard. Purchasers of American National Standards mayreceive current information on all standards by calling or writing the AmericanNational Standards Institute.American National StandardPublished byAmerican National Standards Institute, Inc.25 West 43rd
9、Street, New York, NY 10036Copyright 2008 by Information Technology Industry Council (ITI)All rights reserved.No part of this publication may be reproduced in anyform, in an electronic retrieval system or otherwise,without prior written permission of ITI, 1250 Eye Street NW, Washington, DC 20005. Pri
10、nted in the United States of AmericaCAUTION: The developers of this standard have requested that holders of patents that may berequired for the implementation of the standard disclose such patents to the publisher. However,neither the developers nor the publisher have undertaken a patent search in o
11、rder to identifywhich, if any, patents may apply to this standard. As of the date of publication of this standardand following calls for the identification of patents that may be required for the implementation ofthe standard, no such claims have been made. No further patent search is conducted by t
12、he de-veloper or publisher in respect to any standard it processes. No representation is made or impliedthat licenses are not required to avoid infringement in the use of this standard.iContentsPageForeword .iii1 Scope.12 Conformance.13 Normative references.13.1 Approved standards.13.2 Standards und
13、er development.24 Terms and definitions.25 Environment.75.1 Architecture75.2 Token.75.3 Token management system.75.4 Command and control system.75.5 Command and control administration system86 Process86.1 Enrollment86.2 Issuance.86.3 Activation to a local access control system87 General biometric sy
14、stem97.1 Conceptual diagram of general biometric system97.2 Conceptual components of a general biometric system97.2.1 Data capture subsystem97.2.2 Transmission subsystem.107.2.3 Signal processing subsystem107.2.4 Data storage subsystem107.2.5 Matching subsystem107.2.6 Decision subsystem.107.2.7 Admi
15、nistration subsystem117.2.8 Interface.117.3 Functions of general biometric system117.3.1 Enrollment117.3.2 Verification.117.3.3 Identification.128 Privacy.13iiPageFigure1 Components of general biometric system.9AnnexesA Requirements list.14B Bibliography.34iiiForeword (This foreword is not part of A
16、merican National Standard ANSI INCITS 383-2008 (R2013).)This standard specifies a biometric profile for transportation workers. It defines a setof base standards and criteria for applying those standards in applications where to-kens are used for access control and identification of employees. This
17、standard is in-tended for use in the transportation industry and other industries where identificationand verification of employees is necessary to ensure safety and integrity within thework environment. This document contains two annexes that are normative (Annexes A and B), whichare considered par
18、t of this standard, and one annex that is informative (Annex C),which is for information only and does not contain information required by this stan-dard.INCITS (The InterNational Committee for Information Technology Standards) is theANSI-recognized Standards Development Organization for information
19、 technologywithin the United States of America. Members of INCITS are drawn from Govern-ment, Corporations, Academia and other organizations with a material interest in thework of INCITS and its Technical Committees. INCITS does not restrict membershipand attracts participants in its technical work
20、from 13 different countries, and oper-ates under the rules of the American National Standards Institute. In the field of Biometrics, INCITS has established the Technical Committee M1. Stan-dards developed by this Technical Committee have reached consensus throughoutthe development process and have b
21、een thoroughly reviewed through several PublicReview processes. In addition, this American National Standard has been approvedby the INCITS Executive Board and ANSI Board of Standards Review for Publicationas an ANSI INCITS Standard.Requests for interpretation, suggestions for improvement or addenda
22、, or defect re-ports are welcome. They should be sent to InterNational Committee for InformationTechnology Standards (INCITS), ITI, 1250 Eye Street, NW, Suite 200, Washington,DC 20005.This standard was processed and approved for submittal to ANSI by INCITS. Com-mittee approval of this standard does
23、not necessarily imply that all committee mem-bers voted for its approval. At the time it approved this standard, INCITS had thefollowing members:Karen Higginbottom, ChairJennifer Garner, SecretaryOrganization Represented Name of RepresentativeAdobe Systems, IncLeslie BixelSteve Ziles (Alt.)AIM Globa
24、l, Inc.Dan MullenCharles Biss (Alt.)Apple Computer, Inc.David MichaelElectronic Industries AllianceEdward Mikoski, Jr.David Thompson (Alt.)EMC CorporationGary RobinsonFarance, IncFrank FaranceTimothy Schoechle (Alt.)GS1 USFrank SharkeyJames Chronowski (Alt.)Mary Wilson (Alt.)Hewlett-Packard Company.
25、Karen HigginbottomSteve Mills (Alt.)Scott Jameson (Alt.)ivOrganization Represented Name of RepresentativeIBM Corporation.Ronald F. SillettiRobert Weir (Alt.)Sandy Block (Alt.)Richard Schwerdtfeger (Alt.)IEEE.Judith GormanTerry DeCourcelle (Alt.)Bill Ash (Alt.)Jodi Haasz (Alt.)Bob Labelle (Alt.)Intel
26、.Philip WennblomDave Thewlis (Alt.)Jesse Walker (Alt.)Grace Wei (Alt.)Lexmark International.Don WrightDwight Lewis (Alt.)Paul Menard (Alt.)Microsoft Corporation.Jim HughesDon Stanwyck (Alt.)Isabelle Valet-Harper (Alt.)National Institute of Standards - extracting biometric data from that sample; - co
27、mparing the biometric data with that contained in one or more reference templates; - deciding how well they match; and - indicating whether or not an identification or verification of identity has been achieved 4.9 biometric template data that represents the biometric measurement of an enrollee. NOT
28、E: Used by a biometric system for comparison against submitted biometric samples 4.10 capture method of taking a biometric sample from an end user. 4.11 comparison process of comparing a biometric sample with a previously stored reference template or templates. NOTE: See also One-To-Many and One-To-
29、One 4.12 claimant person submitting a biometric sample for verification or identification whilst claiming a legitimate or false identity. 4.13 database any storage of biometric templates and related end user information. NOTE: Even if only one biometric template or record is stored, the database wil
30、l simply be “a database of one”. Generally speaking, however, a database will contain a number of biometric records. ANSI INCITS 383-2008 (R2013) 4 4.14 end-user person who interacts with a biometric system to enroll or have his/her identity checked 4.15 enrollee person who has a biometric reference
31、 template on file 4.16 enrollment process of collecting biometric samples from a person and the subsequent preparation and storage of biometric reference templates representing that persons identity. 4.17 extraction process of converting a captured biometric sample into biometric data. 4.18 false ac
32、ceptance when a biometric system incorrectly identifies an individual or incorrectly verifies an impostor against a claimed identity. 4.19 False Acceptance Rate/FAR probability that a biometric system will incorrectly identify an individual or will fail to reject an impostor. NOTE: The rate given no
33、rmally assumes passive impostor attempts. The False Accept Rate may be estimated as FAR = NFA / NIIA or FAR = NFA / NIVA where FAR is the false acceptance rate NFA is the number of false acceptances NIIA is the number of impostor identification attempts NIVA is the number of impostor verification at
34、tempts 4.20 False Match Rate/FMR alternative to False Acceptance Rate. NOTE: Used to avoid confusion in applications that reject the claimant if their biometric data matches that of an enrollee. In such applications, the concepts of acceptance and rejection are reversed, thus reversing the meaning o
35、f False Acceptance and False Rejection. See also False Non-Match Rate 4.21 False Non Match Rate/FNMR alternative to False Rejection Rate. NOTE: Used to avoid confusion in applications that reject the claimant if their biometric data matches that of an enrollee. In such applications, the concepts of
36、acceptance and rejection are reversed, thus reversing the meaning of False Acceptance and False Rejection. See also False Match Rate 4.22 false rejection when a biometric system fails to identify an enrollee or fails to verify the legitimate claimed identity of an enrolee. ANSI INCITS 383-2008 (R201
37、3) 5 4.23 False Rejection Rate/FRR probability that a biometric system will fail to identify an enrollee, or verify the legitimate claimed identity of an enrollee. NOTE: The False Rejection Rate may be estimated as follows: FRR = NFR / NEIA or FRR = NFR / NEVA where FRR is the false rejection rate N
38、FR is the number of false rejections NEIA is the number of enrollee identification attempts NEVA is the number of enrollee verification attempts This estimate assumes that the enrollee identification/verification attempts are representative of those for the whole population of end-users. The False R
39、ejection Rate normally excludes Failure to Acquire errors. 4.24 identifier unique data string used as a key in the biometric system to name a persons identity and its associated attributes. NOTE: An example of an identifier would be a passport number. 4.25 identity common sense notion of personal id
40、entity. NOTE: A persons name, personality, physical body, and history, including such attributes as nationality, educational achievements, employer, security clearances, financial and credit history, etc. In a biometric system, identity is typically established when the person is registered in the s
41、ystem through the use of so-called “breeder documents” such as birth certificate, passport, etc. 4.26 identification/identify one-to-many process of comparing a submitted biometric sample against all of the biometric reference templates on file to determine whether it matches any of the templates an
42、d, if so, the identity of the enrollee whose template was matched. NOTE: The biometric system using the one-to-many approach is seeking to find an identity amongst a database rather than verify a claimed identity. Contrast with Verification. 4.27 match/matching process of comparing a biometric sampl
43、e(s) against a previously stored template(s) and scoring the level of similarity. 4.28 multiple biometric biometric system that includes more than one biometric technology. ANSI INCITS 383-2008 (R2013) 6 4.29 one-to-few hybrid of one-to-many identification and one-to-one verification. NOTE: Typicall
44、y, the one-to-a-few process involves comparing a submitted biometric sample against a small number of biometric reference templates on file. 4.30 one-to-many synonym for Identification 4.31 one-to-one synonym for Verification 4.32 Personal identification number (PIN) security method whereby a (usual
45、ly) four-digit number is entered by an individual to gain access to a particular system or area, or to claim an identity population (set of end-users for the application). 4.33 record template and other information about the end-user (e.g. access permissions). 4.34 registration process of making a p
46、ersons identity known to a biometric system, associating a unique identifier with that identity, and collecting and recording the persons relevant attributes into the system. 4.35 template biometric image data record. 4.36 token physical device that contains information specific to the user or beare
47、r. 4.37 user client to any biometric vendor. NOTE: The user must be differentiated from the end user and is responsible for managing and implementing the biometric application rather than actually interacting with the biometric system. 4.38 validation process of demonstrating that the system under c
48、onsideration meets in all respects the specification of that system ANSI INCITS 383-2008 (R2013) 7 4.39 verification/verify process of comparing a submitted biometric sample against the biometric reference template of a single enrollee whose identity is being claimed, to determine whether it matches
49、 the enrollees template. NOTE: Contrast with Identification. 5 Environment 5.1 Architecture The architecture of the employee profile can be broken down into four subsystems. The first is the token, which is the physical component, used by the individual worker to gain physical and/or logical access to secure areas of the place of employment. The second is a Token Management System (TMS) to manage the inventory, distribution, and revocation of the token. The third is the Command and Control System, which is the central database and security
