1、BRITISH STANDARDBS ISO/IEC 24713-2:2008Information technology Biometric profiles for interoperability and data interchange Part 2: Physical access control for employees at airportsICS 35.040g49g50g3g38g50g51g60g44g49g42g3g58g44g55g43g50g56g55g3g37g54g44g3g51g40g53g48g44g54g54g44g50g49g3g40g59g38g40g
2、51g55g3g36g54g3g51g40g53g48g44g55g55g40g39g3g37g60g3g38g50g51g60g53g44g42g43g55g3g47g36g58BS ISO/IEC 24713-2:2008This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 July 2008 BSI 2008ISBN 978 0 580 54247 3National forewordThis British Standard
3、 is the UK implementation of ISO/IEC 24713-2:2008.The UK participation in its preparation was entrusted to Technical Committee IST/44, Biometrics.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the nec
4、essary provisions of a contract. Users are responsible for its correct application.Compliance with a British Standard cannot confer immunity from legal obligations.Amendments/corrigenda issued since publicationDate CommentsReference numberISO/IEC 24713-2:2008(E)INTERNATIONAL STANDARD ISO/IEC24713-2F
5、irst edition2008-06-01Information technology Biometric profiles for interoperability and data interchange Part 2: Physical access control for employees at airports Technologies de linformation Profils biomtriques pour interoprabilit et change de donnes Partie 2: Contrle daccs physique pour les emplo
6、ys aux aroports BS ISO/IEC 24713-2:2008ii iiiContents Page Foreword. v Introduction . vi 1 Scope . 1 2 Conformance. 1 3 Normative references . 2 4 Terms and definitions. 3 5 Environment 6 5.1 Employees in the targeted environment 6 5.2 Architecture. 6 5.3 Token 6 5.4 Token management system. 7 5.5 C
7、ommand and control system 7 5.6 Command and control administration system 8 5.7 Infrastructure system . 8 6 Process 8 6.1 General. 8 6.2 Proofing . 8 6.3 Registration . 8 6.4 Issuance. 9 6.5 Activation to a local access control system 9 6.6 Usage . 9 7 Security Considerations 10 Annex A (normative)
8、Requirements List 12 A.1 General. 12 A.2 Relationship between RL and corresponding ICS proformas . 12 A.3 Profile Specific Implementation Conformance Statement . 13 A.4 Instruction for completing the ICS proforma. 13 A.4.1 General structure of the ICS proforma. 13 A.4.2 Additional Information 13 A.4
9、.3 Exception Information 13 A.5 ICS proforma . 14 A.6 Interchange Formats 15 A.6.1 Finger Image Data (ISO/IEC 19794-4:2005) 15 A.6.2 Finger Minutiae Data (ISO/IEC 19794-2:2005) 16 A.6.3 Finger Pattern Spectral Data (ISO/IEC 19794-3:2006) . 19 A.6.4 Face Image Data (ISO/IEC19794-5:2005) 21 A.6.5 Iris
10、 Image Data (ISO/IEC 19794-6:2005) 24 A.6.6 Signature/Sign Time Series Data (ISO/IEC 19794-7:2007) 25 A.6.7 Finger Pattern Skeletal Data (ISO/IEC 19794-8:2006)27 A.6.8 Vascular Image Data (ISO/IEC 19794-9:2007) 31 A.6.9 Hand Geometry Silhouette Data (ISO/IEC 19794-10:2007) 33 A.7 Technical Interface
11、 Standards. 34 A.7.1 BioAPI (ISO/IEC 19784-1:2006) 34 A.7.2 CBEFF (ISO/IEC 19785-1:2006) 39 Annex B (informative) Additional information. 41 BS ISO/IEC 24713-2:2008iv Annex C (informative) Security Considerations 44 C.1 Approaches 44 C.2 Representative threat list . 44 Bibliography . 46 BS ISO/IEC 2
12、4713-2:2008vForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards th
13、rough technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, al
14、so take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to pr
15、epare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility
16、 that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/IEC 24713-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 37, Biometrics. ISO/IEC 2
17、4713 consists of the following parts, under the general title Information technology Biometric profiles for interoperability and data interchange: Part 1: Overview of biometric systems and biometric profiles Part 2: Physical access control for employees at airports Part 3: Biometrics-based verificat
18、ion and identification of seafarers BS ISO/IEC 24713-2:2008vi Introduction This part of ISO/IEC 24713 is one of a family of International Standards being developed by ISO/IEC JTC 1/SC 37 that support interoperability and data interchange among biometrics applications and systems.1)This family of sta
19、ndards specifies requirements that solve the complexities of applying biometrics to a wide variety of personal recognition applications, whether such applications operate in an open systems environment or consist of a single, closed system. Biometric data interchange format standards and biometric i
20、nterface standards are both necessary to achieve full data interchange and interoperability for biometric recognition in an open systems environment. The ISO/IEC JTC 1/SC 37 biometric standards family includes a layered set of standards consisting of biometric data interchange formats and biometric
21、interfaces, as well as biometric profiles that describe the use of these standards in specific application areas. The biometric data interchange format standards specify biometric data interchange records for different biometric modalities. Parties that agree in advance to exchange biometric data in
22、terchange records as specified in a subset of the ISO/IEC JTC 1/SC 37 biometric data interchange format standards should be able to perform biometric recognition with each others data. Parties should also be able to perform biometric recognition even without advance agreement on the specific biometr
23、ic data interchange format standards to be used, provided they have built their systems on the layered ISO/IEC JTC 1/SC 37 family of biometric standards. The biometric interface standards include ISO/IEC 19785, the Common Biometric Exchange Formats Framework (CBEFF) and ISO/IEC 19784, the Biometric
24、Application Programming Interface (BioAPI). These standards support exchange of biometric data within a system or among systems. ISO/IEC 19785 specifies the basic structure of a standardized Biometric Information Record (BIR) which includes the biometric data interchange record with added metadata,
25、such as when it was captured, its expiry date, whether it is encrypted, etc. ISO/IEC 19784 specifies an open system API that supports communications between software applications and underlying biometric technology services. BioAPI also specifies a CBEFF BIR format for the storage and transmission o
26、f BioAPI-produced data. The biometric profile standards facilitate implementations of the base standards (e.g. the ISO/IEC JTC 1/SC 37 biometric data interchange format and biometric interface standards, and possibly non-biometric standards) for defined applications. These profile standards define t
27、he functions of an application (e.g. physical access control for employees at airports) and then specify use of options in the base standards to ensure biometric interoperability. 1) Open systems are built on standards-based, publicly defined data formats, interfaces, and protocols to facilitate dat
28、a interchange and interoperability with other systems, which may include components of different design or manufacture. A closed system may also be built on publicly defined standards, and may include components of different design or manufacture, but inherently has no requirement for data interchan
29、ge and interoperability with any other system. BS ISO/IEC 24713-2:20081Information technology Biometric profiles for interoperability and data interchange Part 2: Physical access control for employees at airports 1 Scope This part of ISO/IEC 24713 specifies the biometric profile including necessary
30、parameters and interfaces between function modules (i.e. BioAPI based modules and an external interface) in support of token-based biometric identification and verification of employees, at local access points (i.e. doors or other controlled entrances) and across local boundaries within the defined
31、area of control in an airport. The token is expected to contain one or more biometric references. This part of ISO/IEC 24713 does not specify a complete Access Control System for deployment at access points within the secure area of an airport. It is assumed that such systems exist and that a biomet
32、ric component that is the subject of this part of ISO/IEC 24713 is being added to an existing system. It therefore excludes such things as device features, and exception and incident reporting and handling. This information is contained in Annex C for information only. This part of ISO/IEC 24713 inc
33、ludes recommended practices for enrolment, watch list checking, duplicate issuance prevention, and verification of the identity of employees at airports. It also describes architectures and business processes appropriate to the support of token-based identity management in the secure environment of
34、an airport. It is recommended that the confidentiality, integrity, and availability of biometric data be safeguarded in accordance with local, regional, or national policy considerations. This part of ISO/IEC 24713 does not preclude users building applications based on this part of ISO/IEC 24713 fro
35、m being able to meet such privacy/data protection requirements as may apply to their application. The specification of privacy/data protection requirements that may apply is outside the scope of this part of ISO/IEC 24713. 2 Conformance A system conforms to this part of ISO/IEC 24713 if it correctly
36、 performs all the mandatory capabilities defined in the requirements list and supplies the profile specific Implementation Conformance Statement (ICS) in Annex A. Note that more capabilities may be required than in the base standards. BS ISO/IEC 24713-2:20082 3 Normative references The following ref
37、erenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 19784-1:2006, Information technology Biometric application
38、 programming interface Part 1: BioAPI specification ISO/IEC 19785-1:2006, Information technology Common Biometric Exchange Formats Framework Part 1: Data element specification ISO/IEC 19785-3:2007, Information technology Common Biometric Exchange Formats Framework Part 3: Patron format specification
39、s ISO/IEC 19794-2:2005, Information technology Biometric data interchange formats Part 2: Finger minutiae data ISO/IEC 19794-3:2006, Information technology Biometric data interchange formats Part 3: Finger pattern spectral data ISO/IEC 19794-4:2005, Information technology Biometric data interchange
40、formats Part 4: Finger image data ISO/IEC 19794-5:2005, Information technology Biometric data interchange formats Part 5: Face image data ISO/IEC 19794-6:2005, Information technology Biometric data interchange formats Part 6: Iris image data ISO/IEC 19794-7:2007, Information technology Biometric dat
41、a interchange formats Part 7: Signature/sign time series data ISO/IEC 19794-8:2006, Information technology Biometric data interchange formats Part 8: Finger pattern skeletal data ISO/IEC 19794-9:2007, Information technology Biometric data interchange formats Part 9: Vascular image data ISO/IEC 19794
42、-10:2007, Information technology Biometric data interchange formats Part 10: Hand geometry silhouette data ISO/IEC 19795-1:2006, Information technology Biometric performance testing and reporting Part 1: Principles and framework ISO/IEC 19795-2;2007, Information technology Biometric performance test
43、ing and reporting Part 2: Testing methodologies for technology and scenario evaluation ISO/IEC 24713-1:2008, Information technology Biometric profiles for interoperability and data interchange Part 1: Overview of biometric systems and biometric profiles BS ISO/IEC 24713-2:200834 Terms and definition
44、s For the purposes of this document, the following terms and definitions apply. 4.1 application program or piece of software designed to fulfil a particular purpose 4.2 base standard standard that is part of a profile and from which options, subsets, and parameter values are selected if these choice
45、s are left open in the standard 4.3 biometric pertaining to biometrics 4.4 biometrics automated recognition of individuals based on their behavioural and biological characteristics 4.5 biometric characteristic measurable, physical characteristic or personal behavioural trait used to recognize the id
46、entity, or verify the claimed identity, of an enrolee 4.6 biometric feature concise representation of information extracted from an acquired or intermediate biometric sample by applying a mathematical transformation 4.7 biometric profile conforming subsets or combinations of base standards used to p
47、rovide specific functions NOTE Biometric profiles identify the use of particular options available in base standards, and provide a basis for the interchange of data between applications and interoperability of systems. 4.8 biometric reference one or more stored biometric samples, biometric template
48、s or biometric models attributed to an individual and used for comparison 4.9 biometric sample raw data representing a biometric characteristic of an end-user as captured by a biometric system (for example, the image of a fingerprint) 4.10 biometric system automated system capable of: capturing a bi
49、ometric sample from an end-user; extracting biometric data from that sample; comparing the biometric data with that contained in one or more reference templates; deciding how well they match, and indicating whether or not an identification or verification of identity has been achieved BS ISO/IEC 24713-2:20084 4.11 biometric template data that represents the biometric measurement of an enrolee NOTE Used by a biometric system for comparison against submitted biometric samples. 4.12 capture
