ISO/IEC 19792:2009 信息技术 安全技术 生物测定的安全评定
标准编号:ISO/IEC 19792:2009
中文名称:信息技术 安全技术 生物测定的安全评定
英文名称:Information technology — Security techniques — Security evaluation of biometrics
发布日期:2009-08
标准范围
ISO/IEC 19792:2009规定了在生物识别系统安全性评估期间要解决的主题。它涵盖了生物识别系统安全评估期间要考虑的生物识别特定方面和原则。它没有涉及非生物识别方面,这些方面可能构成使用生物识别技术的系统的总体安全评估的一部分(例如,对数据库或通信信道的要求)。ISO/IEC 19792:2009并不旨在为生物识别系统的安全评估定义任何具体的方法,而是侧重于主要要求。因此,ISO/IEC 19792:2009中的要求独立于任何评估或认证计划,并且在用于具体计划之前需要纳入和调整。ISO/IEC 19792:2009定义了在生物识别系统安全评估期间需要考虑的各个重要领域。ISO/IEC 19792:2009与评估人员和开发人员社区都相关。它规定了对评估人员的要求,并提供了对生物识别系统进行安全评估的指导。它用于告知开发人员生物识别安全评估的要求,以帮助他们准备安全评估。尽管ISO/IEC 19792:2009独立于任何特定的评估方案,但它可以作为开发具体评估和测试方法的框架,将生物识别评估的要求整合到现有的评估和认证方案中。
ISO/IEC 19792:2009 specifies the subjects to be addressed during a security evaluation of a biometric system.
It covers the biometric-specific aspects and principles to be considered during the security evaluation of a biometric system. It does not address the non-biometric aspects which might form part of the overall security evaluation of a system using biometric technology (e.g. requirements on databases or communication channels).
ISO/IEC 19792:2009 does not aim to define any concrete methodology for the security evaluation of biometric systems but instead focuses on the principal requirements. As such, the requirements in ISO/IEC 19792:2009 are independent of any evaluation or certification scheme and will need to be incorporated into and adapted before being used in the context of a concrete scheme.
ISO/IEC 19792:2009 defines various areas that are important to be considered during a security evaluation of a biometric system.
ISO/IEC 19792:2009 is relevant to both evaluator and developer communities.
- It specifies requirements for evaluators and provides guidance on performing a security evaluation of a biometric system.
- It serves to inform developers of the requirements for biometric security evaluations to help them prepare for security evaluations.
Although ISO/IEC 19792:2009 is independent of any specific evaluation scheme it could serve as a framework for the development of concrete evaluation and testing methodologies to integrate the requirements for biometric evaluations into existing evaluation and certification schemes.
标准预览图
