1、INCITS/ISO/IEC 19785-2 -20062008 (ISO/IEC 19785-2 -2006, IDT) Information technology CommonBiometric Exchange Formats Framework Part 2: Procedures for the operation of the Biometric Registration AuthorityINCITS/ISO/IEC 19785-2 -20062008(ISO/IEC 19785-2 -2006, IDT)INCITS/ISO/IEC 19785-2 -20062008 ii
2、ITIC 2008 All rights reserved PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editi
3、ng. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be f
4、ound in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at t
5、he address given below. Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard. Date of ANSI Approval: 7/1/2008 Published by American National Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2008 by Information T
6、echnology Industry Council (ITI). All rights reserved. These materials are subject to copyright claims of International Standardization Organization (ISO), International Electrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI)
7、. Not for resale. No part of this publication may be reproduced in any form, including an electronic retrieval system, without the prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United Sta
8、tes of America INCITS/ISO/IEC 19785-2 -20062008 ITIC 2008- All rights reserved iiiContents Page Foreword iv Introduction.v 1 Scope1 2 Normative references1 3 Terms and definitions .1 3.1 Terms defined in ISO/IEC 19785-1 .1 3.2 Other terms and definitions .2 4 Symbols and abbreviated terms 2 5 Genera
9、l .2 6 Appointment of the registration authority 5 7 Fees.5 8 Registration procedures for CBEFF biometric organizations and CBEFF patrons .5 8.1 General .5 8.2 Application for registration as a CBEFF biometric organization or as a CBEFF patron .5 8.3 Review of applications6 8.3.1 Procedure.6 8.3.2 R
10、esponse time .6 8.4 Confirmation process .6 8.5 Objection process for CBEFF patron registrations .6 9 Registration procedures for BIR formats, BDB formats, SB formats and biometric products .7 9.1 General .7 9.2 Application for registration of a BIR format, BDB format, SB format, or biometric produc
11、t 7 9.3 Review of applications7 9.3.1 Procedure.7 9.3.2 Response time .7 9.4 Confirmation process .8 9.5 Objection process .8 10 Content of applications.8 10.1 General .8 10.2 Application for registration as a biometric organization or as a CBEFF patron 8 10.3 Application for registration of a BIR f
12、ormat, BDB format, SB format, or biometric product 8 11 Maintenance of a web-based register .9 Annex A (normative) Registration authority 10 Annex B (informative) Sample registration tables.11 INCITS/ISO/IEC 19785-2 -20062008 iv ITIC 2008- All rights reservedForeword ISO (the International Organizat
13、ion for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respect
14、ive organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
15、 technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International St
16、andards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be th
17、e subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 19785-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 37, Biometrics. ISO/IEC 19785 consists of the following parts, under t
18、he general title Information technology Common Biometric Exchange Formats Framework: Part 1: Data element specification Part 2: Procedures for the operation of the Biometric Registration Authority The following part is under preparation: Part 3: Patron Format Specifications INCITS/ISO/IEC 19785-2 -2
19、0062008 ITIC 2008- All rights reserved vIntroduction Biometric-based authentication systems and applications are expected to support multiple biometric devices and multiple biometric data formats. The Common Biometric Exchange Formats Framework (CBEFF) promotes interoperability of biometric-based ap
20、plication programs and systems developed by different vendors by facilitating biometric data interchange. This part of ISO/IEC 19785 supports such exchanges by providing unambiguous identification of biometric organizations, formats and products. This part of ISO/IEC 19785 specifies procedures for a
21、 Registration Authority that is responsible for the assignment of ASN.1 object identifier components to identify biometric organizations, CBEFF patrons, biometric information record formats, biometric data block formats, security block formats, and biometric products, to provide globally unambiguous
22、 identification in the context of the CBEFF ASN.1 object identifier. The registration process is universal, assigns unique and unambiguous identifiers, and avoids changes in identifiers over time. The publication of the registers promotes compatibility in interchange of biometric data and improves i
23、nteroperability of biometric systems. Registration provides an identifier, but registration should not be regarded as a standardization procedure. Nevertheless, as a matter apart from registration, the registered object may, but need not, be the subject of an international, national, or other standa
24、rd. The same registry can be used to register the identification of products which produce or process biometric data whether the biometric organization owning the product is the same as or different from the biometric organization which defined the format of that data. AMERICAN NATIONAL STANDARD INC
25、ITS/ISO/IEC 19785-2 -20062008 ITIC 2008- All rights reserved 1Information technology Common Biometric Exchange Formats Framework Part 2: Procedures for the operation of the Biometric Registration Authority 1 Scope This part of ISO/IEC 19785 specifies the procedures to be followed by the Biometric Re
26、gistration Authority in preparing, maintaining, and publishing registers of identifiers for biometric organizations, CBEFF patron formats, BDB formats, security block formats, and biometric products. 2 Normative references The following referenced documents are indispensable for the application of t
27、his document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 8824-1, Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation ISO/IEC 9834-1, I
28、nformation technology Open Systems Interconnection Procedures for the operation of OSI Registration Authorities: General procedures and top arcs of the ASN.1 Object Identifier tree ISO/IEC 19784-1, Information technology Biometric application programming interface Part 1: BioAPI specification ISO/IE
29、C 19785-1, Information technology Common Biometric Exchange Formats Framework Part 1: Data element specification ISO/IEC 19794 (all parts), Information technology Biometric data interchange formats 3 Terms and definitions 3.1 Terms defined in ISO/IEC 19785-1 For the purposes of this document, the fo
30、llowing terms defined in ISO/IEC 19785-1 apply: BDB format; BDB format identifier; biometric; biometrics; biometric data block (BDB); biometric information record (BIR); biometric product; biometric product identifier; biometric product owner; biometric sample; CBEFF biometric organization identifie
31、r; CBEFF patron; CBEFF patron format; CBEFF patron format identifier; CBEFF patron identifier; security block; security block format; security block format identifier. INCITS/ISO/IEC 19785-2 -20062008 2 ITIC 2008- All rights reserved3.2 Other terms and definitions For the purposes of this document,
32、the following terms and definitions apply. 3.2.1 applicant organization requesting registration as a CBEFF biometric organization, or registered CBEFF biometric organization requesting registration of a CBEFF patron format, BDB format, SB format or biometric product 3.2.2 register record of assigned
33、 identifiers for CBEFF biometric organizations, CBEFF patron formats, BDB formats, SB formats, or biometric products 3.2.3 registrar person or organization appointed by a Registration Authority, responsible for preparing and maintaining the register(s) 3.2.4 registration authority organization nomin
34、ated and appointed by the ISO/IEC Council to prepare and maintain registers 3.2.5 relevant ISO/IEC subcommittee ISO/IEC subcommittee responsible for the maintenance of this part of ISO/IEC 19785 NOTE The relevant subcommittee is currently ISO/IEC JTC 1/SC 37. 4 Symbols and abbreviated terms ASN.1 Ab
35、stract Syntax Notation One (see ISO/IEC 8824-1) BDB biometric data block BIR biometric information record CBEFF common biometric exchange formats framework (see ISO/IEC 19785-1) RA registration authority SB security block 5 General 5.1 This part of ISO/IEC 19785 defines procedures for registration b
36、y which ASN.1 object identifier components are assigned to a) organizations concerned with the specification of biometric formats or with biometric products that either directly, or through the data that they produce, claim conformance to or can be used in conjunction with ISO/IEC 19785, ISO/IEC 197
37、84, or one of the parts of ISO/IEC 19794; b) BIR formats specified by a CBEFF patron; c) BDB formats specified by a registered biometric organization; d) SB formats specified by a registered biometric organization; and e) biometric products supported by a registered biometric organization. INCITS/IS
38、O/IEC 19785-2 -20062008 ITIC 2008- All rights reserved 3NOTE International Standards do not require the registration of BIR formats, BDB formats, SB formats, or biometric products, but registration is possible if a CBEFF patron or biometric organization considers that registration would be beneficia
39、l. 5.2 ASN.1 object identifiers are a form of worldwide unambiguous identification based on a hierarchical tree structure, and independent hierarchical registration authorities (see ISO/IEC 9834-1 and ISO/IEC 8824-1). The ASN.1 object identifier tree has a root arc, arcs beneath that root arc, arcs
40、beneath each of those arcs, and so on, to any depth. Arcs are identified by positive integer values (zero upwards) that provide unambiguous identification of an arc within the superior arc. Arcs can also be given names (all in lower case, letters and hyphens only), but these are subsidiary to the nu
41、merical values and are not required. An object is identified by the sequence of arc values (numerical, or for early arcs, arc names) from the root to the object. 5.3 It is possible in representations of an object identifier to imply (by the context of that representation) identification of part of t
42、he path from the root to a node in the object identifier tree. In the extreme case, only a single object identifier component from that implied node need be represented. This is the approach taken by ISO/IEC 19785-1 and by ISO/IEC 19784-1. These use a sixteen-bit field to provide the identification
43、of an object identifier arc beneath an arc that is implied by the context. In other contexts, the full object identifier value should be given. 5.4 Components of ASN.1 object identifiers are positive integers (including zero) of unlimited magnitude. However, there are standards, for example ISO/IEC
44、19784-1, using the components allocated by this RA that use a simple 16-bit positive integer encoding for such components. The RA is therefore required to allocate values for arcs that can be represented as a 16-bit positive integer, and to alert the relevant ISO/IEC subcommittee before making alloc
45、ations with any of the top three bits set to one. NOTE It is expected that allocations will normally start at zero and proceed incrementally upwards except under exceptional requirements. 5.5 Successful registration as a biometric organization provides that biometric organization with a CBEFF biomet
46、ric organization identifier. This is a sixteen-bit binary value (that can be interpreted as a positive integer) for an ASN.1 object identifier arc under iso registration-authority cbeff(19785) organizations(0) The allocated object identifier value is worldwide unambiguous, but the CBEFF biometric or
47、ganization identifier can also be used alone in contexts where the preceding arcs are implied. Arcs identified by CBEFF biometric organization identifiers do not have arc names. The syntax of the notation used in this subclause and subsequent subclauses for the value of ASN.1 Object Identifiers is s
48、pecified in ISO/IEC 8824-1 and the semantics is specified in ISO/IEC 9834-1 and the standards it references. 5.6 A biometric organization that is recognized by the RA as the producer of open standards (standards that are subject to vetting procedures that ensure that they are technically correct and
49、 accurate and have wide-spread approval) will be recorded as having open standardization privileges, and is then called a CBEFF patron, and its CBEFF biometric organization identifier is called a CBEFF patron identifier. Any registered biometric organization can register BDB formats (see 5.8), SB formats (see 5.9), and biometric products (see 5.10), but only a CBEFF patron can register a BIR format - a CBEFF patron format (see 5.7). INCITS/ISO/IEC 19785-2 -20062008 4 ITIC 2008- All rights reserved5.7 Successful registra