《ANSI-INCITS-422-2007.pdf》由会员分享,可在线阅读,更多相关《ANSI-INCITS-422-2007.pdf(42页珍藏版)》请在三一文库上搜索。
1、American National Standard Developed by for Information Technology Application Profile for Commercial Biometric Physical Access Control ANSI INCITS 422-2007 ANSI INCITS 422-2007 Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility
2、Yokosuka/9961031100 Not for Resale, 05/08/2007 20:44:06 MDTNo reproduction or networking permitted without license from IHS -,-,- Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 2
3、0:44:06 MDTNo reproduction or networking permitted without license from IHS -,-,- ANSI INCITS 422-2007 American National Standard for Information Technology Application Profile for Commercial Biometrical Physical Access Control Secretariat Information Technology Industry Council Approved February 1,
4、 2007 American National Standards Institute, Inc. Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 20:44:06 MDTNo reproduction or networking permitted without license from IHS -,-,
5、- Approval of an American National Standard requires review by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgement of the ANSI Board of Standards Review, substantial agreement
6、 has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made towards their resolution. The use of Ameri
7、can National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not, from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standar
8、ds Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. R
9、equests for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that actio
10、n be taken periodically to reaffirm, revise, or withdraw this standard. Purchasers of American National Standards may receive current information on all standards by calling or writing the American National Standards Institute. American National Standard Published by American National Standards Inst
11、itute, Inc. 25 West 43rd Street, New York, NY 10036 Copyright 2007 by Information Technology Industry Council (ITI) All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of ITI, 1250 Eye Street
12、 NW, Washington, DC 20005. Printed in the United States of America Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 20:44:06 MDTNo reproduction or networking permitted without lice
13、nse from IHS -,-,- Contents Page 1 Scope1 2 Conformance.2 3 Normative References2 3.1 Existing Standards2 3.1.1 Core Set of Standards 2 3.1.2 Modality Dependent Standards .2 3.1.3 System Interface Standards.2 3.1.4 Security Standards .2 4 Terms and Definitions 3 4.1 application profile.3 4.2 biometr
14、ic3 4.3 biometric data block (BDB)3 4.4 biometric information record (BIR) .3 4.5 biometric information data record (BIDR)3 4.6 biometric technology/biometric type3 4.7 biometrics3 4.8 credential .3 4.9 enroll.3 4.10 identification/identify3 4.11 identifier.4 4.12 integrity4 4.13 biometric access co
15、ntrol reader4 4.14 standard biometric header (SBH)4 4.15 verification/verify 4 5 Symbols (and abbreviated terms).4 6 Architectural Requirements for Biometric Commercial Access Control4 6.1 Security5 6.2 Interoperability5 6.2.1 Biometric Characteristic Interoperability .5 6.2.2 Access Control System
16、Interoperability.5 6.2.3 Credential Interoperability6 6.3 Biometric Matching Mechanism6 6.3.1 Verification to claimed identity6 6.3.2 Identification establishes an identity6 6.4 Hosting of the Biometric Processing7 6.4.1 Match on Terminal 7 6.4.2 Match on Secure Service7 7 Biometric Physical Access
17、Control Context (Informative).8 7.1 Biometric System Performance.8 7.2 Identity Establishment8 Annex A (normative) Requirements List and Implementation Conformance Statement .9 A.1 Requirements List.9 A.2 Relationship between RL and corresponding ICS proformas9 A.3 Profile Implementation Conformance
18、 Statement 9 A.4 Instruction for completing the ICS proforma.10 A.4.1 General structure of the ICS proforma .10 A.4.2 Additional Information10 i Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resal
19、e, 05/08/2007 20:44:06 MDTNo reproduction or networking permitted without license from IHS -,-,- ANSI INCITS 422-2007 A.4.3 Exception Information11 A.5 Function Requirements Tables .11 A.5.1 Tables for Biometric Interchange Data Records11 A.5.2 Table for CBEFF Specification 24 Annex B (normative) Ac
20、cess Control Interface 26 B.1 Wiegand-2626 Annex C (normative) Interoperable Credential Format27 Annex D (Informative) Bibliography.30 ii Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/0
21、8/2007 20:44:06 MDTNo reproduction or networking permitted without license from IHS -,-,- iii Foreword (This foreword is not part of American National Standard ANSI INCITS 422-2007.) This standard specifies a biometric profile for access control applications. It defines a set of base standards and c
22、riteria for applying those standards in applications that use biometrics to authenticate the identity of users requesting access to a facility. This document contains three normative annexes (Annexes A, B, and C), which are considered part of this standard, and one informative annex (Annex D), which
23、 is not considered part of this standard. INCITS (The InterNational Committee for Information Technology Standards) is the ANSI recognized Standards Development Organization for information technology within the United States of America. Members of INCITS are drawn from Govern- ment, Corporations, A
24、cademia and other organizations with a material interest in the work of INCITS and its Technical Committees. INCITS does not restrict membership and attracts participants in its technical work from 13 different countries, and oper- ates under the rules of the American National Standards Institute. I
25、n the field of Biometrics, INCITS has established the Technical Committee M1. Stan- dards developed by this Technical Committee have reached consensus throughout the development process and have been thoroughly reviewed through several Public Review processes. In addition, this American National Sta
26、ndard has been approved by the INCITS Executive Board and ANSI Board of Standards Review for Publication as an ANSI INCITS Standard. Requests for interpretation, suggestions for improvement or addenda, or defect re- ports are welcome. They should be sent to InterNational Committee for Information Te
27、chnology Standards (INCITS), ITI, 1250 Eye Street, NW, Suite 200, Washington, DC 20005. This standard was processed and approved for submittal to ANSI by INCITS. Com- mittee approval of this standard does not necessarily imply that all committee mem- bers voted for its approval. At the time it appro
28、ved this standard, INCITS had the following members: Karen Higginbottom, Chair Jennifer Garner, Secretary Organization Represented Name of Representative AIM GlobalDan Mullen Charles Biss (Alt.) Apple Computer, Inc.David Michael Electronic Industries AllianceEdward Mikoski, Jr. David Thompson (Alt.)
29、 EMC CorporationGary Robinson Farance, IncFrank Farance Timothy Schoechle (Alt.) GS1 US Frank Sharkey James Chronowski (Alt.) Mary Wilson (Alt.) Hewlett-Packard Company.Karen Higginbottom Steve Mills (Alt.) Scott Jameson (Alt.) IBM Corporation .Ronald F. Silletti Peter Schirling (Alt.) IEEE .Judith
30、Gorman Terry DeCourcelle (Alt.) Robert Pritchard (Alt.) Jodi Haasz (Alt.) Bob Labelle (Alt.) Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 20:44:06 MDTNo reproduction or network
31、ing permitted without license from IHS -,-,- iv Organization RepresentedName of Representative Intel. Philip Wennblom Dave Thewlis (Alt.) Jesse Walker (Alt.) Grace Wei (Alt.) Lexmark International. Don Wright Dwight Lewis (Alt.) Paul Menard (Alt.) Microsoft Corporation. Jim Hughes Don Stanwyck (Alt.
32、) Mike Ksar (Alt.) Isabelle Valet-Harper (Alt.) National Institute of Standards the table in Annex A.5.2; the requirements of Annex B; and the table in Annex C. Note that some of these tables might specify mandatory requirements that are merely optional in the referenced base standards. 3 Normative
33、References The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. 3.1 Existing Standards 3.1.1 Core Set
34、of Standards a) ANSI INCITS 398-2005, Information technology Common Biometric Exchange Formats Framework (CBEFF) (see A.5.2) 3.1.2 Modality Dependent Standards b) ANSI INCITS 377-2004, Information Technology Finger Pattern-Based Format for Data Interchange (see A.5.1.2) c) ANSI INCITS 378-2004, Info
35、rmation Technology Finger Minutiae Format for Data Interchange (see A.5.1.1) d) ANSI INCITS 379-2004, Information Technology Iris Image Interchange Format (see A.5.1.5) e) ANSI INCITS 381-2004, Information Technology Finger Image Format for Data Interchange (see A.5.1.3) f) ANSI INCITS 385-2004, Inf
36、ormation Technology Face Recognition Format for Data Interchange (see A.5.1.4) g) ANSI INCITS 395-2005, Information Technology Biometric Data Interchange Formats - Signature/Sign Data (see A.5.1.6) h) ANSI INCITS 396-2005, Information technology - Hand Geometry Format for Data Interchange (see A.5.1
37、.7) 3.1.3 System Interface Standards i) SIA (Security Industry Association) Access Control Standard Protocol for the 26-bit Wiegand Reader Interface (October 17, 1996) 3.1.4 Security Standards j) Advanced Encryption Standard (AES) (FIPS PUB 197) (November 26, 2001) k) RFC 3447: Public-Key Cryptograp
38、hy Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 (February, 2003) (http:/www.ietf.org/rfc/rfc3447.txt) l) RFC 1321: The MD5 Message-Digest Algorithm (April, 1992) (http:/www.ietf.org/rfc/rfc1321.txt) 2 Copyright American National Standards Institute Provided by IHS under license w
39、ith ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 20:44:06 MDTNo reproduction or networking permitted without license from IHS -,-,- ANSI INCITS 422-2007 4 Terms and Definitions 4.1 application profile conforming subsets or combinations of base standards used
40、to provide specific functions NOTE: Application profiles identify the use of particular options available in base standards, and provide a basis for the interchange of data between applications and interoperability of systems. 4.2 biometric pertaining to the field of biometrics (see 4.7). NOTE: “bio
41、metric“ should never be used as a noun. 4.3 biometric data block (BDB) block of data with a defined format that contains one or more biometric samples or biometric templates 4.4 biometric information record (BIR) data structure containing one or more BDBs together with information identifying the BD
42、B formats, and possibly further information such as whether a BDB is signed or encrypted 4.5 biometric information data record (BIDR) data structure, corresponding to one person, that contains a BIR plus other information specific to access control functions 4.6 biometric technology/biometric type g
43、eneralized terms used where it is not appropriate to mention a specific behavioral or biological biometric feature 4.7 biometrics automated recognition of living persons based on observation of behavioral and biological (anatomical and physiological) characteristics 4.8 credential encrypted signed d
44、ocument that contains at least an identifier and biometric information 4.9 enroll process of collecting biometric samples from a person and the subsequent preparation and storage of biometric reference templates representing that persons identity 4.10 identification/identify one-to-many process of c
45、omparing a submitted biometric sample against all of the biometric reference templates on file to determine whether it matches any of the templates and, if so, the identity of the enrollee whose template was matched 3 Copyright American National Standards Institute Provided by IHS under license with
46、 ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 20:44:06 MDTNo reproduction or networking permitted without license from IHS -,-,- ANSI INCITS 422-2007 4.11 identifier unique data string used as a key in the biometric system to name a persons identity and its a
47、ssociated attributes. An example of an identifier would be a passport number 4.12 integrity property of physically stored data, both on a travel document and in a central database, that the data cannot be altered without such alteration being detected and tracked 4.13 biometric access control reader
48、 system comprising at least of the following components: one or more biometric sensors, a credential input mechanism, an access control system interface, and a biometric comparison capability 4.14 standard biometric header (SBH) part of a CBEFF compliant BIR structure that provides encodings for values of CBEFF data elements and enables an application to obtain knowledge about the BDB contents without having to process the BDB 4.15 verification/verify process of comparing a submit