ISO 19092-1:2006 金融服务 生物统计学 第1部分:安全框架
标准编号:ISO 19092-1:2006
中文名称:金融服务 生物统计学 第1部分:安全框架
英文名称:Financial services — Biometrics — Part 1: Security framework
发布日期:2006-12
标准范围
ISO 19092-1:20 06描述了在金融服务中使用生物特征认证个人的安全框架。它介绍了生物识别技术的类型,并解决了有关其应用的问题。ISO 19092-1:20 06还描述了实施的架构,规定了有效管理的最低安全要求,并提供了适合专业从业者使用的控制目标和建议。以下内容属于ISO 19092-1:20 06的范围:使用生物识别技术通过以下方式认证雇员和寻求金融服务的人:验证所声称的身份;个人的身份;验证注册时出示的凭证,以支持风险管理要求的身份验证;管理生物识别信息的整个生命周期,包括注册、传输和存储、验证、识别和终止过程;生物识别信息在其生命周期内的安全性,包括数据完整性、来源认证和保密性;生物识别技术在逻辑和物理访问控制中的应用;保护金融机构及其客户的监督;在整个生物识别信息生命周期中使用的物理硬件的安全性。ISO 19092-1:20 06提供了出于数据机密性或其他原因可以加密生物特征信息的强制性手段。
ISO 19092-1:2006 describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application. ISO 19092-1:2006 also describes the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations suitable for use by a professional practitioner.The following are within the scope of ISO 19092-1:2006:
- usage of biometrics for the authentication of employees and persons seeking financial services by:
- verification of a claimed identity;
- identification of an individual;
- validation of credentials presented at enrolment to support authentication as required by risk management;
- management of biometric information across its life cycle comprised of the enrolment, transmission and storage, verification, identification and termination processes;
- security of biometric information during its life cycle, encompassing data integrity, origin authentication and confidentiality;
- application of biometrics for logical and physical access control;
- surveillance to protect the financial institution and its customers;
- security of the physical hardware used throughout the biometric information life cycle.
标准预览图
