ISO/IEC 19785-4:2010 信息技术 公用生物统计交换格式框架 第4部分:安全块格式规范
标准编号:ISO/IEC 19785-4:2010
中文名称:信息技术 公用生物统计交换格式框架 第4部分:安全块格式规范
英文名称:Information technology — Common Biometric Exchange Formats Framework — Part 4: Security block format specifications
发布日期:2010-08
标准范围
ISO/IEC 19785-4:20 10将根据ISO/IEC 19785-2注册的安全块格式(参见ISO/IEC 19785-1)指定为CBEFF生物计量组织ISO/IEC JTC 1/SC 37定义的格式,并指定其注册的安全块格式标识符。[安全块格式标识符记录在顾客格式的标准生物统计报头(SBH)中(或由该顾客格式定义为唯一可用的安全块格式)。]通用安全块格式提供了生物统计数据块(BDB)是否被加密或者SBH和BDB是否被应用了完整性(或两者都被应用)的规范,并且可以包括ACBio实例(参见ISO/IEC 24761)。此安全块提供所有必要的安全参数,包括用于加密或完整性的参数。它不限制用于加密或完整性的算法和参数,但提供了这种算法和参数值的记录。对于分析来说,对于特定应用区域,确定安全块的生成器可以使用什么算法和参数范围,并且因此确定安全块的用户必须支持什么算法和参数范围是一个问题。这超出了ISO/IEC 19785-4:20 10的范围。第二个安全块更有限,但更简单(特别是不能包含ACBio实例,并且不支持BDB的加密)。
ISO/IEC 19785-4:2010 specifies security block formats (see ISO/IEC 19785-1) registered in accordance with ISO/IEC 19785-2 as formats defined by the CBEFF biometric organization ISO/IEC JTC 1/SC 37, and specifies their registered security block format identifiers. [The security block format identifier is recorded in the standard biometric header (SBH) of a patron format (or defined by that patron format as the only available security block format).]
The general-purpose security block format provides for specification of whether the biometric data block (BDB) is encrypted or the SBH and BDB have integrity applied (or both), and can include ACBio instances (see ISO/IEC 24761). This security block provides all necessary security parameters, including those used for encryption or integrity.
It does not restrict the algorithms and parameters used for encryption or integrity, but provides for the recording of such algorithms and parameter values.
It is a matter for profiling to determine, for a particular application area, what algorithms and parameter ranges can be used by the generator of a security block, and hence what algorithms and parameter ranges have to be supported by the user of a security block. This is out of the scope of ISO/IEC 19785-4:2010.
The second security block is more limited, but simpler (and in particular cannot contain ACBio instances, and does not support encryption of the BDB).
标准预览图
