1、American National StandardDeveloped byfor Information Technology Common Biometric ExchangeFormats Framework (CBEFF)ANSI INCITS 398-2008ANSIINCITS398-2008ANSIINCITS 398-2008Revision ofANSI INCITS 398-2005American National Standardfor Information Technology Common Biometric ExchangeFormats Framework (
2、CBEFF)SecretariatInformation Technology Industry CouncilApproved January 23, 2008 American National Standards Institute, Inc.Approval of an American National Standard requires review by ANSI that therequirements for due process, consensus, and other criteria for approval havebeen met by the standard
3、s developer.Consensus is established when, in the judgement of the ANSI Board ofStandards Review, substantial agreement has been reached by directly andmaterially affected interests. Substantial agreement means much more thana simple majority, but not necessarily unanimity. Consensus requires that a
4、llviews and objections be considered, and that a concerted effort be madetowards their resolution.The use of American National Standards is completely voluntary; theirexistence does not in any respect preclude anyone, whether he has approvedthe standards or not, from manufacturing, marketing, purcha
5、sing, or usingproducts, processes, or procedures not conforming to the standards.The American National Standards Institute does not develop standards andwill in no circumstances give an interpretation of any American NationalStandard. Moreover, no person shall have the right or authority to issue an
6、interpretation of an American National Standard in the name of the AmericanNational Standards Institute. Requests for interpretations should beaddressed to the secretariat or sponsor whose name appears on the titlepage of this standard.CAUTION NOTICE: This American National Standard may be revised o
7、rwithdrawn at any time. The procedures of the American National StandardsInstitute require that action be taken periodically to reaffirm, revise, orwithdraw this standard. Purchasers of American National Standards mayreceive current information on all standards by calling or writing the AmericanNati
8、onal Standards Institute.American National StandardPublished byAmerican National Standards Institute, Inc.25 West 43rd Street, New York, NY 10036Copyright 2008 by Information Technology Industry Council (ITI)All rights reserved.No part of this publication may be reproduced in anyform, in an electron
9、ic retrieval system or otherwise,without prior written permission of ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of AmericaCAUTION: The developers of this standard have requested that holders of patents that may berequired for the implementation of the standard disclo
10、se such patents to the publisher. However,neither the developers nor the publisher have undertaken a patent search in order to identifywhich, if any, patents may apply to this standard. As of the date of publication of this standardand following calls for the identification of patents that may be re
11、quired for the implementation ofthe standard, no such claims have been made. No further patent search is conducted by the de-veloper or publisher in respect to any standard it processes. No representation is made or impliedthat licenses are not required to avoid infringement in the use of this stand
12、ard.iContents Page Foreword iv Introduction.xii 1 Scope1 2 Conformance1 3 Normative references2 4 Terms, acronyms, abbreviations and definitions.3 5 CBEFF Data Structures.4 5.1 General .4 5.2 Basic Data Structure .5 5.2.1 Standard Biometric Header (SBH) .5 5.2.1.1 SBH Patron Format Identifier10 5.2.
13、1.2 BDB Format Owner/Type 10 5.2.1.2.1 BDB Format Owner10 5.2.1.2.2 BDB Format Type.10 5.2.1.3 Product Owner/Type10 5.2.1.3.1 Product Owner .11 5.2.1.3.2 Product Type 11 5.2.1.4 Device Owner/Type11 5.2.1.4.1 Device Owner .11 5.2.1.4.2 Device Type 11 5.2.1.5 SBH Security Options11 5.2.1.6 Integrity O
14、ptions 11 5.2.1.7 Length of the SBH, BDB and SB Length Fields12 5.2.1.7.1 Length of the SBH Length.12 5.2.1.7.2 Length of the BDB Length 12 5.2.1.7.3 Length of the SB Length .12 5.2.1.8 SBH Length.13 5.2.1.9 BDB Length 13 5.2.1.10 SB Length .13 5.2.1.11 Security Block Format Owner/Type .13 5.2.1.11.
15、1 Security Block Format Owner.13 5.2.1.12 Optional Data Elements Present Mask 14 5.2.1.13 Sub-Header/Basic Structure Count14 5.2.1.14 Next Level Patron Format Identifier .14 5.2.1.15 Patron Header Version 14 5.2.1.16 CBEFF Header Version15 5.2.1.17 Index15 5.2.1.18 Biometric Creation Date15 5.2.1.19
16、 Validity Period 15 5.2.1.20 Biometric Type .15 5.2.1.21 Biometric Subtype .16 5.2.1.22 Biometric Purpose .18 5.2.1.23 Biometric Data Type 18 5.2.1.24 Biometric Data Quality 19 5.2.1.24.1 Biometric Data Quality Value19 5.2.1.24.2 Biometric Data Quality Algorithm ID19 5.2.1.25 Creator 19 5.2.1.26 Cha
17、llenge-Response .19 ii 5.2.1.27 Payload. 19 5.2.2 The Biometric Data Block (BDB). 20 5.2.3 Security Block. 20 5.3 Nested CBEFF Structures 20 6. CBEFF Patrons and Format Owners. 22 6.1 General. 22 6.2 Adding New CBEFF Patron Formats 23 6.2.1 Conformance of new Patron Formats to the CBEFF standard 23
18、6.2.2 Information to accompany requests to register new Patron Formats 23 Annex A (Normative) Patron Format A 25 A.1 Patron. 25 A.2 Domain of User . 25 A.3 Byte Order . 25 A.4 Requirements on Users of this Patron Format 25 A.5 Patron Format Specification 25 Annex B (Normative) Patron Format B Descri
19、ption . 29 B.1 Patron. 29 B.2 Domain of Use. 29 B.3 Byte Order . 29 B.4 Requirements on Users of this Patron Format 30 B.5 Patron Format Specification 30 Annex C (Normative) Patron Format C The BioAPI Biometric Identification Record (BIR) . 31 C.1 Patron. 31 C.2 Domain of Use. 31 C.3 Byte Order . 31
20、 C.4 Introduction. 31 C.5 Normative References 31 C.6 Biometric Record Header. 32 C.7 BioAPI to CBEFF Translation 32 Annex D (Normative) Patron Format D ICAO LDS (TLV-encoded for use with travel documents, smartcards, or other tokens) . 34 D.1 Patron. 34 D.2 Domain of Use. 34 D.3 Introduction. 34 D.
21、4 Abbreviations and Notations. 34 D.5 Biometric Information Group Template Used in ICAO LDS . 35 D.6 Example Encoding 37 D.7 Field Mappings 38 Annex E (Normative) Patron Format PIV NIST Personal Identity Verification (PIV) . 39 E.1 Patron. 39 E.2 Domain of Use. 39 iii E.3 Introduction39 E.4 Abbrevia
22、tions and Notations39 E.5 NIST Patron Format.40 Annex F (Normative) Patron Format ITL NIST/ITL Type 99 Data Record44 F.1 Patron .44 F.2 Domain of Use44 F.3 Introduction44 F.4 Abbreviations and Notations44 F.5 NIST/ITL Type 99 Data Record .45 F.6 Field Mappings.48 F.7 Bibliography.49 Annex G (Informa
23、tive) Example of CBEFF Utilization Across Domains of Use.50 Annex H (Informative) Contact Information for CBEFF as Specified in ANSI INCITS 398-2008 and IBIA51 Foreword (This foreword is not part of American National Standard ANSI INCITS 398-2008.)This specification, the Common Biometric Exchange Fo
24、rmats Framework, is an aug-mented and revised version of the CBEFF, the Common Biometric Exchange FileFormat, published in 2005 as ANSI INCITS 398-2005, which was originally publishedas NISTIR 6529-A. This version, ANSI INCITS 398-2008, was developed by the TaskGroup M1.2 on Technical Interfaces of
25、INCITS Technical Committee M1, Biometrics.Please note that the current version of this standard is not backwards compatiblewith earlier versions. Normative annexes have been added for existing patron for-mats.Although the patron formats documented in Annexes E and F were originally devel-oped under
26、the 2005 version of INCITS 398, they also conform to the 2007 revision;references in these annexes are to clauses in the 2005 version of INCITS 398.Summary of Changes from the original CBEFF specification (NISTIR 6529) In addition to the name change, which reflects more accurately the scope of thesp
27、ecification, this revised version incorporates the following new features:A CBEFF Nested Structure. This structure consists of a Root Header fol-lowed by optional Subheaders, one or more CBEFF Basic Structures, and an option-al Security Block (SB). A CBEFF nested structure can include: (a) standard
28、or non-standard biometric data; (b) challenge data; and (c) payload. A nested structure hasbeen specified in order to support multiple biometric data types (e.g., finger, face andvoice) and/or multiple biometric data blocks of the same biometric type (e.g., fingerbiometric data blocks from more than
29、 one finger) within a CBEFF data structure.Nesting CBEFF structures accommodate such requirements and avoid having to uti-lize multiple consecutive CBEFF records for one specific operation. A Subheader/Basic Structure Count. The CBEFF nested structure has re-quired defining this new field. This opti
30、onal field specifies the number of nested lev-els below the current level in a CBEFF nested structure. This field has a value of zeroin the lowest level of a nested structure.The following additional and redefined fields:oA Standard Biometric Header (SBH) Patron Format Identifier optional fieldthat
31、is used in nested struc-tures to identify the CBEFF patron format of thenext lower level in the structure.oA Biometric Feature optional field to further define the type of biometric databeing placed in a CBEFF record. oA Validity Period optional field to denote the period (not before - not after)whe
32、n the biometric data block is valid.o A modified definition of the Creator field. In this specification, the Creator(optional field) specifies the organizational entity (e.g., issuer or application) re-sponsible for the generation of the biometric data. o Addition of a Product Identifier (PID) field
33、. This field identifies the entity (e.g.,Biometric Service Provider (BSP) or transformation application) that created thebiometric data object. This entity may or may not be the same as the entity thatdefined the format of the created data within the biometric data block.ivoAn Index field. This opti
34、onal field contains a unique value associated with aspecific instance of biometric reference (enrollment) data. It may represent adatabase index. Uniqueness pertains only to a specific database. Use andmanagement of this data is the responsibility of the application. oA Challenge-Response field. Thi
35、s optional field specifies the type of informa-tion used to present a challenge to the user or the system.oA Payload field. This optional field shall contain data (e.g., a person-identifi-cation-number) to be attached in a secure way to biometric reference data andused by a service system (e.g., acc
36、ess control system) in case the biometricverification is positive. Reference data is to be specified by the CBEFF patron.Examples include a filename, database item, or URL.Two new Formats have been added: 1. Biometric Information Data Objects for Use within Smart Cards or Other Tokens.This format ha
37、s been defined with the collaboration of technical experts fromISO/IEC JTC 1 SC 17 WG4 and INCITS Technical Committee B10.2. CBEFF Patron Format B, a simple root header for use in domains where morethan one patron format, simple or nested, may be encountered.In addition, more detailed information on
38、 the concept of CBEFF patrons, the currentlist of patrons and how to apply for a new CBEFF patron have been added.Other changes are:Several field names are changed to clarify that they describe attributes of the Bi-ometric Data Block (BDB) rather than the CBEFF-conformant record header:o “Record Dat
39、a Type“ to “Biometric Data Type“.o “Record Purpose“ to “Biometric Purpose“.o “Record Data Quality“ to “Biometric Data Quality“.o “Creation Date“ to “Biometric Creation Date“.Creator/PID field changed to two separate fields (as described above).In Biometric Type table, changed “Palm Geometry“ to “Pal
40、m Print“.In Biometric Type table, added “Foot Print“.Discussion of Object Identifiers (OIDs) has been removed.NIST Biometric Consortium (BC)/Working Group (WG) Patron Format A was re-specified to accommo-date changes to some field definitions and to make it easier touse.Annex C, describing the BioAP
41、I Biometric Identification Record, has beenaligned with changes in 5.2 (Basic Data Structure).The Annex describing the X9.84 Biometric Object (based on the X9.84-2001 ver-sion) was removed. (X9.84-2001 is superseded by X9.84-2003. This version is beingtransposed to ISO through ISO TC68/SC2. Developm
42、ent of the ISO version is under-way.)The Annex describing an example of embedding a CBEFF object has been re-moved. A report including examples of CBEFF utilizations is planned.vviSummary of Changes from the CBEFF 398-2005 specificationUpdated the forward and extended the summary of changes.Removed
43、the Abstract.Changed “Signature Block“ to “Security Block“ throughout the document.Changed “Format Specification“ to “patron format specification.“Updated the introduction to clarify patron usage and refer to existing patron for-mats.Updated the conformance clause.Updated terms and acronyms.Rearrang
44、ed Table 1, and included clarifying notes.Used the BDB Format Owner/Type model for both the Product Owner/Type andthe Device ID Owner/Type.Renumbered the subclauses under 5.2.1 to reflect the sequence in Table 1.Added Device ID.Made the patron formats document structure more consistent.Annex A - Upd
45、ated Patron A table.Annex B - Updated Patron B Table.Changed Biometric Sub Type clause.Added a subclause with a definition of SBH length.Clarified the use of Universal Coordinated Time (UTC) in the date/time specificclauses.Changed CBEFF Header Version.Changed Clause 6 to reflect updated conformance
46、 and registration.Nested CBEFF Structureso The concept of nested structures was improved by clarifying the use of Sub-header/Basic Structure Count in nested structure Sub-headers.o Added informative notes describing the use of records that conform to differ-ent patron formats within a nested structu
47、re for applications that combinerecords from different sources.o The Subheader/Basic Structure Count is now required for nested CBEFFstructures.o Added the definition of a zero level record in a nested structure.Patron Formatso Added text explaining that new patron formats can include additional fie
48、ldsthat are not specified in the standard.o Clarified that the patrons are responsible for maintenance of patron formats.o Patron A Index has been increased to 16 bytes to accommodate GUIDs.o Clarified the usage of a wrapper format (Patron B) for providing self-identifi-cation of contained pa-tron f
49、ormats.viio Assigned Patron Format Identifiers for all patron formats.o Emphasized endian-ness in Patron A.o Clarified byte order for Patron A and B.o Changed Patron D to International Civil Aviation Organization (ICAO) LogicalData Structure (LDS) Patron Format.o Clarified usage of Universal Coordinated Time (UTC) and Binary Coded Dec-imals in Patron Ao Changed Patron A header version.o Added patron formats for PIV and NIST/ITL 2007 Type 99Miscellaneouso Formatted patron format annexes to be similar to each other.o Fixed an incorrect URL in Annex E.BackgroundOn February 21, 1999
