《ANSI-X9.84-2003.pdf》由会员分享,可在线阅读,更多相关《ANSI-X9.84-2003.pdf(148页珍藏版)》请在三一文库上搜索。
1、National Standard for Financial Services X9.84-2003 Biometric Information Management and Security for the Financial Services Industry Many changes, which may greatly affect its contents, can occur before this document is completed. The X9F4 working group may not be held responsible for the contents
2、of this document. Implementation or design based on this revised draft standard is at the risk of the user. No advertisement or citation implying compliance with a “Standard” should appear, as it is erroneous and misleading to so state. Copies of this revised draft proposed American National Standar
3、d will be available from the X9 Secretariat when the document is finally announced for two months public comment. Notice of this announcement will be in the trade press. Secretariat: Accredited Standards Committee X9, Incorporated Approved July 29, 2003: American National Standards Institute Copyrig
4、ht American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 12:50:35 MDTNo reproduction or networking permitted without license from IHS -,-,- ANS X9.84-2003 Foreword Approval of an American Nati
5、onal Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review, directly and materially affected interests hav
6、e reached substantial agreement. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made toward their resolution. The use of American National Standards is complet
7、ely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop stan
8、dards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests for interpretations should
9、 be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken to reaffirm, revise, or
10、 withdraw this standard no later than five years from the date of approval. Published by Accredited Standards Committee X9, Incorporated Financial Industry Standards P. O. Box 4035 Annapolis, MD 21403 www.x9.org Copyright 2002 by Accredited Standards Committee X9, Incorporated All rights reserved. N
11、o part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Printed in the United States of America 2003 ASC X9, Inc. i Copyright American National Standards Institute Provided by IHS under license with
12、ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 12:50:35 MDTNo reproduction or networking permitted without license from IHS -,-,- ANS X9.84-2003 Contents Forewordi Introduction vi 1 Scope.1 2 Conformance and Organization.1 3 Normative References .2 4 Terms a
13、nd Definitions4 5 Symbols and Abbreviated Terms.9 6 Overview of Biometric Technology 11 6.1 Introduction 11 6.2 Fingerprint Biometrics11 6.3 Voice Biometrics 12 6.4 Iris Biometrics.12 6.5 Retina Biometrics.13 6.6 Face Biometrics .13 6.7 Hand Geometry Biometrics13 6.8 Signature Biometrics14 6.9 Techn
14、ology Considerations .14 6.9.1 Introduction to Consideration.14 6.9.2 Universality.14 6.9.3 Distinctiveness.15 6.9.4 Accuracy 15 6.9.5 Performance Evaluation.17 7 Basic Principles of Biometric Architectures19 7.1 Introduction 19 7.2 The Data Collection Subsystem.20 7.3 The Transmission Subsystem21 7
15、.4 The Signal Processing Subsystem21 7.5 Matching Subsystem22 7.6 The Decision Subsystem .23 7.7 The Storage Subsystem.23 8 Management and Security Requirements24 8.1 Introduction 24 8.2 Core Security Requirements24 8.3 Enrollment24 8.3.1 Initial Enrollment.25 8.3.2 Re-enrollment.26 8.4 Verification
16、 .26 8.5 Identification.28 8.6 Transmission and Storage.29 8.6.1 Transmission29 8.6.2 Central Data Base29 8.6.3 Tokens .30 8.7 Termination and Archive30 8.7.1 Termination30 8.7.2 Archiving 31 8.8 Compliance and the Event Journal31 9 Techniques.31 9.1 Biometric Information Objects31 9.2 ASN.1 Syntax.
17、36 9.2.1 Biometric Object.36 9.2.2 Biometric Header .36 9.2.3 Biometric Objects.39 2003 ASC X9, Inc. ii Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 12:50:35 MDTNo reproduct
18、ion or networking permitted without license from IHS -,-,- ANS X9.84-2003 9.2.4 Integrity Objects.39 9.2.5 Privacy Objects44 9.2.6 Integrity and Privacy Objects .47 9.2.7 Biometric Syntax Sets48 9.3 Cryptographic Techniques.49 9.3.1 Security Architecture49 9.3.2 Key Management.49 9.3.3 Digital Signa
19、tures.50 9.3.4 Message Authentication Codes (MAC)50 9.3.5 Encryption for Purposes of Privacy50 9.4 Physical Techniques51 Annex A: (Normative) Biometrics Syntax and Encoding Rules 52 A.1 Introduction 52 A.2 X9-84-Biometrics ASN.1 Module.52 A.3 X9-84-CMS ASN.1 Module57 A.4 X9-84-ObjectIdentifiers ASN.
20、1 Module60 A.5 Object Identifiers70 Annex B: (Informative) Bibliography .72 Annex C: (Informative) Data Flow Diagrams 73 Annex D: (Informative) Biometric Enrollment76 D.1 Identification Criteria for an Individual76 D.2 Quality Check and Verification of Matchability.76 Annex E: (informative) Security
21、 Considerations .78 E.1 Registration of individual using false identity78 E.2 Fraud Susceptibility within Data Collection “Synthetic Attack”.78 E.3 Protection of the data79 E.3.1 Injection of false/replayed biometric data79 E.3.2 Search for match between chosen sample and templates79 E.3.3 Search fo
22、r match between pairs of templates.80 E.4 Modification of verification result 80 E.5 False Match versus False Non-Match81 E.5.1 Improper Threshold Settings .82 E.5.2 Improper Device Calibration82 E.5.3 Illicit Device or System Performance.82 E.6 Scores and Thresholds.82 E.6.1 Hillclimbing Attack83 E
23、.6.2 Update and Adaptation83 E.7 Single versus Multi-Factor Authentication84 E.8 Testing85 E.9 Open Versus Closed Systems86 E.10 Compromise/loss of biometric data87 E.11 Data compression.88 E.12 System circumvention.88 Annex F: (Informative) Biometric Validation Control Objectives.89 F.1 Introductio
24、n 89 F.2 Environmental Controls89 F.2.1 Security Policy90 F.2.2 Security Organization.90 F.2.3 Asset Classification and Management.91 F.2.4 Personnel Security.91 F.2.5 Physical and Environmental Security.93 F.2.6 Operations Management94 F.2.7 System Access Management 95 F.2.8 Systems Development and
25、 Maintenance 96 F.2.9 Business Continuity Management .96 F.2.10 Monitoring and Compliance .97 2003 ASC X9, Inc. iii Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 12:50:35 MDT
26、No reproduction or networking permitted without license from IHS -,-,- ANS X9.84-2003 F.2.11 Event Journaling 98 F.3 Key Management Life Cycle Controls100 F.3.1 Key Generation101 F.3.2 Key Storage, Backup and Recovery101 F.3.3 Key Distribution102 F.3.4 Key Usage102 F.3.5 Key Destruction and Archival
27、.103 F.3.6 Cryptographic Device Life Cycle Controls .103 F.4 Biometric Information Life Cycle Controls105 F.4.1 Enrollment105 F.4.2 Template Life Cycle .106 F.4.3 Verification and Identification Process Controls 107 F.4.4 Biometric Device Life Cycle Controls.109 F.4.5 Integrated Circuit Card (ICC) L
28、ife Cycle Controls110 Annex G: (Informative) Public Acceptance and Policy Considerations 114 Annex H: (Informative) Encoding Examples.115 H.1 Introduction.115 H.1 Unprotected Biometric Object 115 H.1.1 Examples: Reduced Biometric Header .115 H.1.2 Examples: Complete Biometric Header 116 H.2 Biometri
29、c Objects with Integrity117 H.3 Biometric Objects with Privacy.121 Annex I: (Informative) Event Journal.125 I.1 Management Requirements.125 I.2 Content Requirements.125 I.2.1 Enrollment125 I.2.2 Verification and Identification.126 I.2.4 Transmission and Storage.126 Annex J: (Informative) Biometric I
30、dentification Record (BIR) .128 Annex K: (Informative) X9.84 Relationship to X9.73 132 K.1 Signed Data.132 K.2 Authenticated Data133 K.3 Enveloped Data.133 K.4 Other Types.134 2003 ASC X9, Inc. iv Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Em
31、ployees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 12:50:35 MDTNo reproduction or networking permitted without license from IHS -,-,- ANS X9.84-2003 List of Figures Figure 1 Major Components of a Generalized Biometric Architecture .20 Figure 2 Environmental Context for a Biometric
32、System20 Figure 3 Enrollment Model25 Figure 4 Verification Model .27 Figure 5 Identification Model.28 Figure 6 Distribution Model.29 Figure 7 Token Verification Model30 Figure 8 - Biometric Header32 Figure 9 - Biometric Object .33 Figure 10 - Integrity Object33 Figure 11 - Privacy Object.34 Figure 1
33、2 - Integrity and Privacy Object34 Figure 13 - Biometric Syntax Set 34 Figure 14 - Biometric Objects35 Figure 15 - Integrity Objects35 Figure 16 - Privacy Objects.35 Figure 17 - Integrity and Privacy Objects36 Figure 18 Security Architectures.49 Figure 19 CBEFF Entity Relationships .128 Figure 20 Bi
34、oAPI BIR130 List of Tables Table 1 Organization of X9.84 2 Table 2 Key Management Techniques.50 Table 3 Closed versus Open Systems86 Table 4 CBEFF to X9.84 Data Element Mapping.129 Table 5 Biometric Identification Record (BIR).129 2003 ASC X9, Inc. v Copyright American National Standards Institute P
35、rovided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 12:50:35 MDTNo reproduction or networking permitted without license from IHS -,-,- ANS X9.84-2003 Introduction Business practice has changed with the introduction of computer-ba
36、sed technologies. The substitution of electronic transactions for their paper-based predecessors has reduced costs and improved efficiency. Trillions of dollars in funds and securities are transferred daily by telephone, wire services, and other electronic communication mechanisms. The high value or
37、 sheer volume of such transactions within an open environment exposes the financial community and its customers to potentially severe risks from accidental or deliberate alteration, substitution or destruction of data. Interconnected networks, and the increased number and sophistication of malicious
38、 adversaries compound this risk. The inevitable advent of electronic communications across uncontrolled public networks, such as the Internet, is also increasing risk to the financial industry. The necessity to expand business operations onto these environments has elevated the awareness for strong
39、identification and authentication (I adaptation can be employed to evolve the voice template along with changes in the verified speakers voice. Many companies market speaker recognition engines, often as part of large voice processing, control, and switching systems. Capture of the biometric is seen
40、 as non-invasive. The technology needs little additional hardware, and can leverage existing microphones and voice-transmission technology. This provides functionality over long distances via ordinary telephones (wireline or wireless). However, performance is negatively affected by changes between e
41、nrollment and sampling in the microphone type or the transmission path. 6.4 Iris Biometrics The iris of the eye is the colored portion of the eye surrounding the pupil. Iris imaging uses distinctive anatomical features such as corona, crypts, filaments, freckles, pits, radial furrows, and striations
42、 that make up the complex iris patterns. Iris biometrics entails illumination of the eye, capture of the resulting image, and location of distinctive features through specialized video cameras. Iris biometrics are capable of both verification and identification. Iris images can automatically and wit
43、h reasonably little effort be acquired from a distance of three feet from the camera. Iris biometric systems utilize automatic eye detection and advanced camera technology. Iris biometrics systems are much easier to use by the general public than retinal systems. 2003 ASC X9, Inc. 12 Copyright Ameri
44、can National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 12:50:35 MDTNo reproduction or networking permitted without license from IHS -,-,- ANS X9.84-2003 The iris, being naturally well protected behi
45、nd the cornea, appears to be stable over long periods of time (decades) according to medical literature. Iris imaging is not perceived as highly invasive, since the minimum distance, even for less-sophisticated iris identification systems, is 3-4 inches from the sensor. Iris images are unaffected by
46、 common contact lenses but can be affected by “designer” contacts. Reflections caused by eyeglasses and sunglasses can also be a problem. 6.5 Retina Biometrics The retina is a structure in the interior of the eye. Retinal biometrics leverages the pattern of blood vessels on the retina. Retinal biome
47、trics entails illumination of the eye, capture of the resulting image, and location of distinctive features through specialized video cameras. Accurate retinal imaging require almost perfect alignment of the eye with the scanning device, which requires the eye to be in close proximity to the scanner
48、. This requires a great deal of effort and training, and can lead to high levels of enrollment and non-matching errors. At the same time, this contributes to the technologys historically low false match rate. Retina biometrics are capable of both verification and identification. Retinal patters are highly distinctive, but the retinal structure may change during the life of the person. The requirement for close proximity to the retinal imager, as well as the beam of light shone into the eye, are perceived as unpleasant by many. 6.6 Face Biometrics The identification or verific