1、PAS 92:2011Code of practice for the implementation of a biometric systemLicensed Copy: Wang Bin, ISO/EXCHANGE CHINA STANDARDS, 27/09/2011 08:24, Uncontrolled Copy, (c) BSIPAS 92:2011Publishing and copyright informationThe BSI copyright notice displayed in this document indicates when the document wa
2、s last issued. BSI 2011ISBN 978 0 580 69851 4ICS null.null0Publication historynullrst punullished nullne null11Licensed Copy: Wang Bin, ISO/EXCHANGE CHINA STANDARDS, 27/09/2011 08:24, Uncontrolled Copy, (c) BSIiPAS 92:2011 BSI June 2011Contentsnullreword ii0 Introduction . iii0.1 nullm onullthis nul
3、lnull . iii0.null nullout recognition systems iii0.null nullout nullometric systems . iii0.4 nulles onullnullometric systems null1 Scopnull 12 nullnullms and dnullnitions . 1nullAssnullsing thnullnnulld for a rnullognition systnull . nullnullnulltnullmining thnulltypnullof rnullognition systnull to
4、usnull nullnullPlanning for thnullimplnullnulltation of a biomnullric systnull . null5.1 nullneral . 85.nullBiometric modality . 85.nullnullrnullrmance parameters . 95.4 Security . 1null5.5 nullanulllity 1null5.6 nullcessinulllity . 1null5.7 nullta capture . 155.8 nullception handling 185.9 nullinul
5、lcy and data protection 19nullAccnulltancnulltnullting a biomnullric systnull . 21nullnullnullating a biomnullric systnull 227.1 nullgislation null7.nullnullintenance . null7.nullnullange management null7.4 nullnagement innullrmation system data null7.5 nullllnullcnullarrangements . nullAnnnullnull
6、2nullnullnenullnullnullnnullrmatinullnullBasic principles onulla nullometric system nullnullnenullB nullnnullrmatinullnullnulllationship nulltween security and nulllse acceptance rates . nullnullnenullnullnullnnullrmatinullnullnullamples onullsecurity risnull and countermeasures associated with a nu
7、llometric system nullnullnenullnullnullnnullrmatinullnullnullta protection principles . nullBibliography . nullnullst of nullurnull nullgure 1 nullnulllationship nulltween a nullometric system and a recognition system nullr a specinull application . inullnullgure nullnullnullmponents onulla simple n
8、ullometric system . nullnullgure nullnullnulllationship nulltween the pernullrmance parameters onulla nullometric system and its application 10nulligure 4 null nullnullample onull tradenullonullnull nulletween nullnullnull and nullnullnull nullor dinullnullerent threshold lenullels . 10nullgure null
9、1 nullnullmponents onulla nullometric system. nullnullst of tablnull Tanulle B.1 nullnullsistance to attacnullpotential related to nullnull . nullLicensed Copy: Wang Bin, ISO/EXCHANGE CHINA STANDARDS, 27/09/2011 08:24, Uncontrolled Copy, (c) BSIiiPAS 92:2011 BSI June 2011Forewordnullnullof this docu
10、mnulltnulls a code onull practicenull this nullnullS tanulles the nullorm onull guidance and recommendations. It should not null nulloted as inullit were a specinullation and particular care should null tanulln to ensure that claims onullcompliance are not misleading.nully user claiming compliance w
11、ith this nullnull is enullected to null anulle to nullstinull any course onullaction that denullates nullom its recommendations.Prnullnulltational connullntionsThe pronullsions onullthis nullnull are presented in roman null.e. uprightnulltype. Its recommendations are enullressed in sentences in whic
12、h the principal aunulliliary nullernull is nullshouldnull. The recommendations are presented in colournullshaded nullonulles to distinguish them nullrom supporting tenullt.Supporting tenull is ginulln in the nullrm onullcommentarynullenulllanation and general innullrmatinull materialnullwhich does n
13、ot constitute a normatinull element. Spelling connullrms to The Shorter nullnullrd nullglish nullctionary. Inulla word has more than one spellingnullthe nullst spelling in the dictionary is used.nullnullbacnullnullednullcnullon the technical content onullthis nullnull can null sunullitted through th
14、e BSI nullcument nullednullcnullsystem .nully nullednullcnullreceinulld will null renullewed when denullloping nullture renullsions onullthis document.Contractual and lnullal considnullationsThis punullication does not purport to include all the necessary pronullsions onulla contract. nullers are re
15、sponsinulle nullr its correct application.Compliancnullnullth a PAS cannot confnull immunity from lnullal obligations.This Publicly Available nullecinullation nullAnull was commissioned by the null nullpartment for nullsinessnullnullnovation and nullills nullnullnull nulls development was facilitate
16、d by the nullitish nullandards nullstitution nullnullnull null came into effect on 22 June 2011nullnullnullowledgement is ginulln to the nullllowing organinulltions that were innulllnulld in the denulllopment onullthis guide as memnullrs onullthe Steering nulloupnullnull BSI nullnsumer nullnullnulli
17、c Interest nulltwornullnull nullnulltsunull nullme nullnulle Science nullnullntre nullr nullplied Science and Technology nullprenulliously nullome nullnullnullce Scientinullc nullenullelopment Branchnullnull IBnullnull IBSnull Identity and nullssport Sernullce nullnullnullnull nullnullypt Systemsnul
18、l nullrpho null nulldnull nulltional nullysical nullnullratory nullnullnullnull nulltional nulllicing Impronullment nullency nullnullnullnull nulloneanulllitynull nullnull nullonullernment Biometrics nullornulling nullroup nullBnullnullnullnull nullnullptednullnullowledgement is also ginulln to thos
19、e organinulltions and indinullduals that sunullitted comments during the punullic consultation. BSI retains ownership and copyright onullthis nullnull. BSI resernulls the right to withdraw or amend this null null on receipt onullauthoritatinull adnullce that it is appropriate to do so. This nullnull
20、 will null renullewed at internullls not enulleeding two yearsnulland any amendments arising nullom the renullew will null punullished as an amended nullnull and punullicinulld in Update Standards.This nullnull is not to null regarded as a British Standard. It will null withdrawn upon punullication
21、onullits content innullor asnulla British Standard.The nullnull process enanulles a specinullation to null rapidly denullloped in order to nulllnull an immediate need in industry. nullnullnull may null considered nullr nullrther denulllopment as a British Standardnullor constitute part onullthe null
22、 input into the denulllopment onulla nullropean or International Standard.Licensed Copy: Wang Bin, ISO/EXCHANGE CHINA STANDARDS, 27/09/2011 08:24, Uncontrolled Copy, (c) BSIiiiPAS 92:2011 BSI June 20110 nullntroduction0.nullAbout biomnullric systnullsnullnullometric system is an integrated set onull
23、components nullncluding a sensor and a matching algorithmnullthat automatically recogninulls indinullduals nullsed on their nullhanulloural and nullological characteristics. nullamples onullcharacteristics include nullgerprintnullnullicenulliris structure and nullce shape.Biometric systems recogninu
24、ll an indinulldual null comparing their nullometric sample with one or more prenullously enrolled nullometric renullrences. This is achienulld nullnullnull capturing a nullometric sample nullom an indinulldualnullnull enullracting and processing the nullometric data nullom that samplenullnull storin
25、g the enullracted nullometric datanullnull comparing the nullometric data with data contained in one or more prenullously enrolled nullometric renullrencesnullnull computing how well they matchnullandnull indicating whether a sunullcient match has nullen achienulld.The components onulla simple nullo
26、metric system are shown in nullgure nulland more detailed innullrmation on the nullsic principles onulla nullometric system is ginulln in nullnenull nullnullnullometric system will usually null a component onullan application that renullires the recognition onullindinullduals. The relationship nullt
27、ween a nullometric system and a recognition system nullr a ginulln application is descrinulld in 0.2.nullnullometric systemnullin comparing nullometric datanull does not actually identinull indinullduals. nully perception onullidentity is only enullr onullained null renullrence to some earlier regis
28、tration and enrolment process where nonnulliometric data are collected and linnulld to the nullometric data. It is therenullre more accurate to use the term nullometric recognition rather than identinullation and nullr that reason this nullnull will use recognition as the prenullrred term.0.1 Aim of
29、 this PASThis nullnull is intended nullr organinulltions considering the procurement and implementation onull a nulliometric system.It pronulldes recommendations and guidance that such organinulltions can nullllow to demonstrate good practice in their implementation.In particularnullit helps organin
30、ulltions decide whether to procure a nullometric systemnullwhich one to procurenullwhat pernullrmance renullirements are needed and how to manullminull the chances onulla successnulll implementation. It also aids organinulltions in understanding their duties in respect onullthe use onullnullometric
31、data.0.2 About rnullognition systnullsnullcognition onullpeople goes nullcnulla long way using nonnullutomated meansnulleither through nullmiliarity or through the use onulldocuments. nullrge scale automated recognition onullpeople has only nullcome possinulle since the innullntion onullthe computer
32、. This adnullnce has created enullcient and connullnient applications that were not prenullously possinulle.nullrecognition system includes the management and processes to support the recognition onullpeople as well as the actual recognition mechanism. The mechanism could null a nullometric systemnu
33、lla password or nullnullsystemnulla tonulln system or a comnullnation onullsystems.nullrecognition system is normally part onulla nulloader applicationnullsuch as a time and attendance system. The application will also hanull its own associated management and processes. The collectinull management a
34、nd processes onullthe nullometric systemnullrecognition system and the application will in practice not hanull clear demarcation and can onullen consist onullthe same personnel and null descrinulld in the same supporting documentation.The relationship nulltween a nullometric system and a recognition
35、 system nullr a ginulln application is shown in nullgure 1.Licensed Copy: Wang Bin, ISO/EXCHANGE CHINA STANDARDS, 27/09/2011 08:24, Uncontrolled Copy, (c) BSIinullPAS 92:2011 BSI June 2011nullgurnull1 nullnulllationship nulltween a nullometric system and a recognition system nullr a specinull applic
36、ationManagement ProcessesBiometricsystemFor example, time andattendance, nightclub doormonitoring system, lunchpayment system and librarylending system Includes data capture,signal processing, datastorage, comparison anddecision subsystemsRecognitionsystemApplicationBiometric recognition dinullnullr
37、s nullom other recognition methods such as smart cardsnullphoto Inull nullnullnullpasswords or memoranulle innullrmation null.g. nullrth date or mothernulls maiden namenull It uses nullometric characteristics that are strongly linnulld to the indinulldual nulling recogninulld nullhe nullunullectnull
38、 e.g. customers accessing a sernullcenullemployees gaining access to a nullilding and people onullaining lunches in a canteennull This pronulldes a high lenulll onullconnullence in the recognition onullthe person. It can also null achienulld with the sunullect separated in space or enulln in time nu
39、llom the organinulltion pernullrming the recognition tasnull In certain applications this can allow people to receinull sernullces remotelynullin a nullsternullmore connullnient manner while not renullaling personal details.nullspite the adnullntages onullnullometric recognitionnullnullometric syste
40、ms hanull raised punullic concerns. These centre onnullnull nullars that nullometric data could null used nullr purposes other than those consented to null the sunullectnullnullr enullmplenullpronullding an unauthorinulld linnullnulltween dinullnullrent applications resulting in unnullreseen consenu
41、llences nullr the sunullectnullnull nullears that nulliometric data will not nulle held securelynull andnull the perception that medical or other sensitinull innullrmation could null onullained nullom nullometric data.The Innullrmation nullmmissioner has also highlighted the lacnullonullclarity rega
42、rding the handling onullnullometric datanullparticularly in respect onullthose indinullduals who cannot ginull innullrmed consent.Biometric data linull other personal data are open to misuse and consenullently there is a need nullr the implementation onulla nullometric system to null conducted in ac
43、cordance with good practice to reduce and manage any risnull onullanullse. This nullnull pronulldes organinulltions with that good practice adnullce.Licensed Copy: Wang Bin, ISO/EXCHANGE CHINA STANDARDS, 27/09/2011 08:24, Uncontrolled Copy, (c) BSInullPAS 92:2011 BSI June 2011nullgurnull2 nullnullmp
44、onents onulla simple nullometric systemMatchNon matchSignalprocessingData storageData captureMatchornon match?ComparisonEnrolment?BiometricreferencesKeyInput to the biometric systemProcessing subsystem of the biometric systemDecision subsystem of the biometric systemYesNoBiometricreferencecreation B
45、iometric sample capture Quality control Feature extraction Segmentation0.nullnullnull of biomnullric systnullsBiometric recognition onullindinullduals is employed today in a wide range onullapplications. nullny uses are concerned with linnullng a person to their prinulllegesnullsuch as allowing acce
46、ss or ginullng permission.Biometric systems hanull nullen introduced in a numnullr onulltypes onullnullcilities in the nullnullnullr enullmplenullinnullnull gonullrnment nullcilitiesnullnull schoolsnullnull nullctories and onullcesnullnull hospitals and health centresnullandnull construction sites.n
47、ullplications includenullnull payment nullr school lunchesnullnull purchases nullom selnullsernullce terminalsnullnull nullrrowing nullom linullariesnullnull access to nullildings or computer systemsnullnull time and attendance systemsnullandnull access to enullipment or medication.Licensed Copy: Wa
48、ng Bin, ISO/EXCHANGE CHINA STANDARDS, 27/09/2011 08:24, Uncontrolled Copy, (c) BSInullPAS 92:2011 BSI June 2011This page deliberately left blank.Licensed Copy: Wang Bin, ISO/EXCHANGE CHINA STANDARDS, 27/09/2011 08:24, Uncontrolled Copy, (c) BSI1PAS 92:2011 BSI June 20111 Scopnull 2 nullnullms and dn
49、ullnitionsThis nullnull pronulldes recommendations and guidance nullr the implementation onulla nullometric system. In particularnullit pronulldes recommendations and guidance onnullanull assessing the need nullr a recognition system nullee nullause nullnullnull determining the type onullrecognition system to use nullee nullause nullnullcnull planning nullr the implementation onulla nullometric system nullee nullause null nulldnull acceptance testing a nullometric system nullee nullause nullnull andenull operating a nullometric system nullee n
