1、 INCITS/ISO/IEC 29164:2011 2013 ISO/IEC 29164:2011 Information technology Biometrics Embedded BioAPI INCITS/ISO/IEC 29164:2011 2013 PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unle
2、ss the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark
3、 of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
4、 the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard. Date of ANSI Approval: 2/25/2013 Published by American Nati
5、onal Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2013 by Information Technology Industry Council (ITI). All rights reserved. These materials are subject to copyright claims of International Standardization Organization (ISO), International Electrotechnical Commission
6、 (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication may be reproduced in any form, including an electronic retrieval system, without the prior written permission of ITI. All requests pertaining to this s
7、tandard should be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America ii ITIC 2013 All rights reserved ISO/IEC 29164:2011(E) ISO/IEC 2011 All rights reserved iiiContents Page Foreword iv Introduction . v 1 Scope 1 2 Conformance . 1 3 Normative referenc
8、es 2 4 Terms and definitions . 2 5 Symbols and abbreviated terms 3 6 Embedded BioAPI environment . 4 6.1 Operating environment of Embedded BioAPI 4 6.2 Security in Embedded BioAPI 6 7 Embedded BioAPI general architecture 6 8 Frames structure . 9 9 Patron format for Embedded BioAPI . 10 10 Security b
9、lock format for Embedded BioAPI . 10 10.1 Security Block format owner 10 10.2 Security Block format owner identifier . 10 10.3 Security Block format name . 10 10.4 Security Block format identifier . 10 10.5 ASN.1 object identifier for this security Block format . 11 10.6 Domain of use 11 10.7 Versio
10、n identifier . 11 10.8 CBEFF version . 11 10.9 General . 11 10.10 Specification 11 11 Data types, formats and coding . 12 11.1 Slave ID field S 12 11.2 Command field C . 12 11.3 Status/Error field E 13 11.4 Biometric modalities coding 13 12 Commands definition 14 12.1 Management commands. 15 12.2 Te
11、mplate management commands . 18 12.3 Enrolment commands . 20 12.4 Biometric process commands . 22 Annex A (normative) Conformance Requirements . 29 Annex B (informative) Examples of frame implementations 31 Annex C (informative) Command exchange examples for several scenarios 33 ISO/IEC 29164:2011(E
12、) iv ISO/IEC 2011 All rights reservedForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of I
13、nternational Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in lia
14、ison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint tec
15、hnical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is
16、 drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 29164 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommitt
17、ee SC 37, Biometrics. ISO/IEC 29164:2011(E) ISO/IEC 2011 All rights reserved vIntroduction The environment for embedded systems differs in many ways from that of a more general computing environment. One difference is that the amount of processing power and/or memory/storage can be more limited in t
18、he embedded environment and operating system support and resources can also be more constrained. As a result, implementation of more general purpose interfaces might not be appropriate. In the case of embedded biometric technology, the algorithms and sensors are frequently packaged into hardware/fir
19、mware modules. It can also be the case that the designer of the embedded system is not concerned with details of the biometric technology within its software and firmware and prefers to just integrate an external module that deals with some or all biometric functionalities. This International Standa
20、rd is not meant for applications where the integration of biometric functionality is going to be done within the software or firmware of the application. In such cases BioAPI (ISO/IEC 19784-1) is to be used, or its Frameworkless version (see ISO/IEC 19784-1 with Amd.2). The interface defined in this
21、 International Standard provides a direct connection with such biometric modules. The definition of this interface is given by the services to be provided, as well as the message formats for commands to be sent to biometric modules and responses expected from them. This International Standard is int
22、ended to provide a common interface for all those biometric systems where BioAPI (ISO/IEC 19784-1) cannot be implemented. From the historical point of view, as BioAPI does imply relatively large requirements both in processing power and memory capacity, some different approaches have been developed.
23、 One of those approaches is the use of BioAPI without the need of using the BioAPl framework, which is one of the most consuming parts of BioAPI. That version is called Framework free BioAPI, and is standardized in the 2ndAmendment to BioAPI. But even that approach, which can be of great help for se
24、veral applications, such as Biometric Applets or Biometric services in mobile devices which run an Operating System, can be too demanding for embedded systems. Therefore a new approach is standardized in this International Standard, under the name of Embedded BioAPI, which should never be confused w
25、ith the Framework free version of BioAPI. Examples of applications where Embedded BioAPI might be used include remote controls, garage door openers, auto ignitions, physical access devices, memory sticks, authentication tokens, and handheld weapons. The utility of a standard interface in this enviro
26、nment is less obvious than for more general purpose processing environments, but addresses two important situations: It allows a device (unit into which the data captur e device is embedded, e.g. a remote control device) manufacturer to use the same code base for multiple devices/units in his produc
27、t line that differ only in embedded data capture device/biometric technology (e.g. Device A comes with a built-in fingerprint data capture device/algorithm and Device B comes with a built-in facial recognition camera/capability). This is a configuration management (CM) and efficiency issue (the sing
28、le code base simplifying CM). It allows an OEM data capture device manufacturer who wants to build a single OEM unit/firmware to support multiple device vendors (the same firmware regardless of what device the data capture device unit is embedded within). Throughout the text of this International St
29、andard, devices suitable to be using Embedded BioAPI will be referred as “Embedded BioAPI subcomponents”. Noting that other kind of devices can also use this International Standard, this notation has been used for improving understanding of the standard. This International Standard does not state an
30、y requirement for those devices (e.g. Embedded BioAPI subcomponents) but those needed as to implement Embedded BioAPI. INTERNATIONAL STANDARD ISO/IEC 29164:2011(E) ISO/IEC 2011 All rights reserved 1Information technology Biometrics Embedded BioAPI 1 Scope This International Standard provides a stand
31、ard interface to hardware biometric modules designed to be integrated in embedded systems which can be constrained in memory and computational power. This International Standard specifies a full interface for such hardware-based biometric modules. This interface, called Embedded BioAPI, is defined b
32、y the specification of commands to be implemented by these modules. Such a specification is done in two levels: For low level implementations, a frame definition is provided, as well as the coding of all commands and their relevant responses. Being defined as a single-master/multiple-slave half-dupl
33、ex protocol, these messages can be implemented over any communication interface at the physical and link layers. The definition of such communication interfaces is outside of the scope of this International Standard. A C-based function header description, for those manufacturers that want to provide
34、 a C-library for integration as a Software Development Kit for the overall embedded system. Regarding security, this International Standard defines two kinds of devices: Type A: devices that, due to lack of processing capabilities, do not implement any kind of security mechanism. Type B: devices tha
35、t implement security mechanisms for achieving confidentiality, integrity and/or authenticity. Use of the Type B kind of devices is recommended. For Type B devices a set of minimum requirements is defined, but the security mechanisms to be used are out of the scope of this International Standard. Low
36、 level implementation is outside of the scope of the normative part of this International Standard, although an informative annex (see Annex B) is provided. Security mechanisms, although considered in this International Standard, are outside of the scope of this International Standard, and are refer
37、red to other relevant standards. In particular, key management is outside of the scope of this International Standard, and is expected to be done prior to the application of this International Standard. Specifications and requirements for Embedded BioAPI subcomponents, or any kind of devices suitabl
38、e to implement Embedded BioAPI, are outside of the scope of this International Standard. 2 Conformance A biometric module conforms to this International Standard by covering all mandatory items in the normative parts. A biometric module conformant to this International Standard can provide additiona
39、l functionality as long as it does not modify the behaviour stated in this International Standard. A more detailed list of all conformance requirements can be found in Annex A. ISO/IEC 29164:2011(E) 2 ISO/IEC 2011 All rights reserved3 Normative references The following referenced documents are indis
40、pensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 19784-1:2006, Information Technology Biometric application programming interface Part
41、 1: BioAPI specification ISO/IEC 19784-1/Amd.3:2010, Information technology Biometric application programming interface Part 1: BioAPI specification Amendment 3: Support for interchange of certificates and security assertions, and other security aspects ISO/IEC 19785-1:2006, Information Technology C
42、ommon Biometric Exchange Formats Framework Part 1: Data Element Specification ISO/IEC 19785-3:2007, Information Technology Common Biometric Exchange Formats Framework Part 3: Patron format specifications ISO/IEC 19794 (all parts), Information Technology Biometric data interchange formats ISO/IEC 247
43、61:2009, Information technology Security techniques Authentication context for biometrics 4 Terms and definitions For the purposes of this document, the following terms and definitions apply. NOTE Function names and data element names are not included here, but are defined within the body of this In
44、ternational Standard. 4.1 biometric module hardware-based module that implements some or all biometric functions related to a biometric modality, i.e. capture, sample processing, comparison, storage, enrolment, or any logical combination of them NOTE The Biometric module might provide other function
45、alities, such as sending signals for the activation of external services, but such functionality is outside of the scope of this International Standard. 4.2 biometric sample information obtained from a biometric sensor, either directly or after further processing NOTE See also raw biometric sample,
46、intermediate biometric sample, and processed biometric sample in ISO/IEC 19784-1:2006. 4.3 biometric template biometric sample or combination of biometric samples that is suitable for storage as a reference for future comparison 4.4 Embedded BioAPI subcomponent subcomponent provided to system integr
47、ators for integration into a more complex system or device NOTE 1 Subcomponents might be provided by third-parties or the manufacturer itself. NOTE 2 This International Standard does not state any requirement for such subcomponents, but those needed to implement Embedded BioAPI. ISO/IEC 29164:2011(E
48、) ISO/IEC 2011 All rights reserved 34.5 embedded system special-purpose computer system designed to perform one or a few dedicated functions, sometimes with real-time computing constraints NOTE It is usually embedded as part of a complete device including hardware, firmware and mechanical parts. In
49、contrast, a general-purpose computer, such as a personal computer, can do many different tasks depending on programming. 4.6 frame set of bytes that conform a command or a response message within a communication between two devices 4.7 general processing unit element in a digital system in charge of the control of part or all of the information processing, which is usually a microprocessor, microcontroller or