Professional Documents
Culture Documents
Biometrics Standards Financial
Biometrics Standards Financial
Biometrics Standards Financial
What is X9.84?
Standard of the American National Standards Institute (ANSI) Focuses on management of the biometric data across its life cycle Covers enrollment, verification, and identification Primary industry focus is financial services Developed in collaboration with other standards efforts
November 8, 2000
NCITS B10
Identification Cards and Related Devices www.ncits.org
November 8, 2000 X9F4 Working Group 3
November 8, 2000
BioAPI
CBEFF
www.bioapi.org
Biometric API - Vendor, biometric, and operating system independent API. Version 1.0 released April, 2000. Participants from biometrics industry, software developers, and system integrators.
www.nist.gov/cbeff
Common Biometric Exchange File Format - enable interoperability of biometric-based application programs and systems from different vendors
November 8, 2000
Collaborators
BioAPI
X9.84
NIST/ITL
CBEFF
NCITS B10
November 8, 2000 X9F4 Working Group 7
www.iosoftware.com BAPI Microsoft & I/O Software API API for computing devices
SVAPI
November 8, 2000
What is X9.84?
Security of biometric data across its life cycle Management of the biometric data across its life cycle Usage of biometric technology for identifying and authenticating banking customers and employees Application of biometric technology for physical and logical access controls Encapsulation of biometric data
Techniques for securely transmitting biometric data Security of the physical hardware used throughout the biometric life cycle
November 8, 2000 X9F4 Working Group 9
Security Services
Confidentiality
protection of data against unauthorized disclosure
Authentication
protection against unauthorized access / authorization to data
Integrity
protection of data against unauthorized modification / substitution
Non-repudiation
Authentication and Integrity provable to a third party
Access Control = Authentication + Authorization
November 8, 2000 X9F4 10 Working Group
Security Requirements
1. The biometric system must prevent captured biometric data from being introduced into the system through fake, system-attached, biometric capture devices. 2. The biometric system must ensure that biometric data can be introduced into the system only through authorized interfaces using prescribed procedures
November 8, 2000
Security Requirements
3. The biometric system must implement protection mechanisms (controls and procedures) to detect or deter the synthetic biometric feature attack 4. Where necessary, the biometric system must implement protection mechanisms (controls and procedures) to prevent the exposure or loss of biometric data
November 8, 2000
Security Requirements
5. The biometric system must implement protection mechanisms (controls and procedures) to ensure that the enrollment process is a well-defined 6. The biometric system must restrict access to the templates;
it must restrict the ability of an attacker to reconstruct the template database from intercepted biometric data (samples or templates); it must restrict the ability of an attacker to issue verification requests against data in the template database
* Source: A Biometric Standard for Information Management and Security
November 8, 2000
X9.84 Approach
Biometric data should be managed so that integrity is highest security requirement unauthorized disclosure of biometric data should not compromise the system or the individual NOTE Biometric data are not inherently confidential or secret. Therefore, biometric data may still be encrypted to protect the system for reasons of individual privacy issues
November 8, 2000
X9.84 Requirements
1. Mechanisms to maintain the integrity of biometric data and verification results between any two components:
Cryptographic mechanisms such as a digital signature, physical protection where no transmission is involved and all components reside within the same tamper resistant unit
2. Mechanisms to authenticate the source of the biometric data and verification results, between the sender and receiver component:
Cryptographic mechanisms such as a digital signature Using physical protection where no transmission is involved and all components reside within the same tamper resistant unit
3. If desired, mechanisms to ensure the confidentiality of the biometric data during transmission
* Source: X9.84 Biometric Information Management and Security
November 8, 2000
X9.84 Architecture
Architecture
A is storage only, all other components are external B input device and application are external C includes all components and application
Data Collection
Storage
Score
Application
Decision
Yes/No
adaptation
November 8, 2000
November 8, 2000
Contact Information
[1] X9F4 Judith Markowitz judith@jmarkowitz.com
Contact Information
Biometrics Integrated
+91-20-26127374 services@biometricsintegrated.com http://www.BiometricsIntegrated.com
November 8, 2000