7/27/2019 Biometrics Standards Financial

1/19

ANSI X9.84

Biometr ic Management and Secur ityfor the F inancial Services I ndustry

ANSI X9F4 Working Group

7/27/2019 Biometrics Standards Financial

2/19

X9F4Working Group

November 8, 2000 2

What is X9.84?

Standard of the American National Standards Institute

(ANSI)

Focuses on management of the biometric data across its

life cycle

Covers enrollment, verification, and identification

Primary industry focus is financial services

Developed in collaboration with other standards efforts

7/27/2019 Biometrics Standards Financial

3/19

X9F4Working Group

November 8, 2000 3

Where Does X9.84 Fit? ISO

Accredited Standards Committee

Financial Services IndustryNCITS B10Identification Cards and Related Devices

www.ncits.org

7/27/2019 Biometrics Standards Financial

4/19

X9F4Working Group

November 8, 2000 4

Where Does X9.84 Fit? ANSI

www.x9.orgX9A - Retail Banking SubcommitteeX9B - Check Processing SubcommitteeX9D - Securities Subcommittee

X9F - Information and Data Security Subcommittee X9F1 - Cryptographic Tools

X9F3 - Cryptographic Protocols

X9F4 - Cryptographic Applications

X9.84 Biometr ic Management and Security for the Financial

Services I ndustry

X9F5 - Certificate Policy and Procedures

X9F6 - Cardholder Authentication and ICC

7/27/2019 Biometrics Standards Financial

5/19

X9F4Working Group

November 8, 2000 5

Interested ISO Committees

Technical Committee 68 - Financial Industry

Subcommittee 2 - Information Security

Joint Technical Committee One (JTC1) ISO/IEC

Subcommittee 17 - Passports and Identification Cards

7/27/2019 Biometrics Standards Financial

6/19

X9F4Working Group

November 8, 2000 6

Collaborative Standards Activities

www.bioapi.orgBiometric API -Vendor, biometric, and operating system independent API.

Version 1.0 released April, 2000. Participants from biometrics industry,software developers, and system integrators.

www.nist.gov/cbeffCommon Biometric Exchange File Format - enable interoperability of

biometric-based application programs and systems from different vendors

BioAPI

CBEFF

7/27/2019 Biometrics Standards Financial

7/19

X9F4Working Group

November 8, 2000 7

Collaborators

X9.84

BioAPI NIST/ITLCBEFF

Common

Biometric

Exchange

File

Format

Biometric

Service

Provider

(BSP)

API

NCITS B10

7/27/2019 Biometrics Standards Financial

8/19

X9F4Working Group

November 8, 2000 8

Other Standards Activities

www.ectf.orgEnterprise Computer-Telephony Forum (ECTF) Speaker Recognition Resource

for the ECTFs S.100 Interface. They have an architecture for computer-

telephony. S.100 is the API of the architecture.

www.iosoftware.comMicrosoft & I/O Software API API for computing devices

Speaker Verification API (SVAPI) disbanded

BAPI

SVAPI

7/27/2019 Biometrics Standards Financial

9/19

X9F4Working Group

November 8, 2000 9

What is X9.84?

Security of biometric data across its life cycle

Management of the biometric data across its life cycle

Usage of biometric technology for identifying and

authenticating banking customers and employees

Application of biometric technology for physical and

logical access controls

Encapsulation of biometric data

Techniques for securely transmitting biometric data

Security of the physical hardware used throughout the

biometric life cycle

7/27/2019 Biometrics Standards Financial

10/19

X9F4Working Group

November 8, 2000 10

Security Services

Confidentialityprotection of data against unauthorized disclosure

Authenticationprotection against unauthorized access / authorization to data

Integrityprotection of data against unauthorized modification / substitution

Non-repudiationAuthentication and Integrity provable to a third party

Access Control = Authentication + Authorization

7/27/2019 Biometrics Standards Financial

11/19

X9F4Working Group

November 8, 2000 11

Security Requirements

1. The biometric system must prevent captured biometric data

from being introduced into the system through fake,

system-attached, biometric capture devices.

2. The biometric system must ensure that biometric data can

be introduced into the system only through authorized

interfaces using prescribed procedures

* Source: A Biometri c Standard for I nformation Management and Securi ty

7/27/2019 Biometrics Standards Financial

12/19

X9F4Working Group

November 8, 2000 12

Security Requirements

3. The biometric system must implement protection

mechanisms (controls and procedures) to detect or deter

the synthetic biometric feature attack

4. Where necessary, the biometric system must implement

protection mechanisms (controls and procedures) to

prevent the exposure or loss of biometric data

* Source: A Biometri c Standard for I nformation Management and Securi ty

7/27/2019 Biometrics Standards Financial

13/19

X9F4Working Group

November 8, 2000 13

Security Requirements

5. The biometric system must implement protection

mechanisms (controls and procedures) to ensure that the

enrollment process is a well-defined

6. The biometric system must restrict access to the templates;

it must restrict the ability of an attacker to reconstruct the template

database from intercepted biometric data (samples or templates);

it must restrict the ability of an attacker to issue verificationrequests against data in the template database

* Source: A Biometri c Standard for I nformation Management and Securi ty

7/27/2019 Biometrics Standards Financial

14/19

X9F4Working GroupNovember 8, 2000 14

X9.84 Approach

Biometric data should be managed so that

integrity is highest security requirement

unauthorized disclosure of biometric data should not

compromise the system or the individual

NOTE

Biometric data are not inherently confidential or secret.

Therefore, biometric data may still be encrypted to protect

the system for reasons of individual privacy issues

* Source: X9.84 Biometri c In formation Management and Securi ty

7/27/2019 Biometrics Standards Financial

15/19

7/27/2019 Biometrics Standards Financial

16/19

7/27/2019 Biometrics Standards Financial

17/19

X9F4Working GroupNovember 8, 2000 17

What Is X9.84 Current Status?

Work started in 1998

Approved by X9F4 in April 2000

Sent to X9 for a vote

30 day public review

ANSI is going to submit X9.84 for new ISO standard

New ISO working group (WG10) created to review

X9.84. US will chair it and UK, Germany, Japan, and

(maybe) Canada are among the participants.

7/27/2019 Biometrics Standards Financial

18/19

X9F4Working GroupNovember 8, 2000 18

Contact Information

[1] X9F4 Judith Markowitz judith@jmarkowitz.com

Jeff Stapleton jstapleton@kpmg.com

[2] ANSI X9 www.x9.org

[3] NCITS B10 www.ncits.org

[4] Common Biometric Exchange File Format (CBEFF) www.nist.gove/cbeff

[5] BioAPIwww.bioapi.org

[6] Biometric Consortiumwww.biometrics.org

[7] International Biometric Industry Association (IBIA) www.ibia.org

[8] Enterprise Computer-Telephony Forum (ECTF) www.ectf.org

[9] BAPI www.iosoftware.com

7/27/2019 Biometrics Standards Financial

19/19

X9F4Working GroupNovember 8, 2000 19

Contact Information

+91-20-26127374

services@biometricsintegrated.com

http://www.BiometricsIntegrated.com

Biometrics Integrated