Date post: | 02-Apr-2018 |
Category: |
Documents |
Upload: | rohit-singh |
View: | 217 times |
Download: | 0 times |
of 19
7/27/2019 Biometrics Standards Financial
1/19
ANSI X9.84
Biometr ic Management and Secur ityfor the F inancial Services I ndustry
ANSI X9F4 Working Group
7/27/2019 Biometrics Standards Financial
2/19
X9F4Working Group
November 8, 2000 2
What is X9.84?
Standard of the American National Standards Institute
(ANSI)
Focuses on management of the biometric data across its
life cycle
Covers enrollment, verification, and identification
Primary industry focus is financial services
Developed in collaboration with other standards efforts
7/27/2019 Biometrics Standards Financial
3/19
X9F4Working Group
November 8, 2000 3
Where Does X9.84 Fit? ISO
Accredited Standards Committee
Financial Services IndustryNCITS B10Identification Cards and Related Devices
www.ncits.org
7/27/2019 Biometrics Standards Financial
4/19
X9F4Working Group
November 8, 2000 4
Where Does X9.84 Fit? ANSI
www.x9.orgX9A - Retail Banking SubcommitteeX9B - Check Processing SubcommitteeX9D - Securities Subcommittee
X9F - Information and Data Security Subcommittee X9F1 - Cryptographic Tools
X9F3 - Cryptographic Protocols
X9F4 - Cryptographic Applications
X9.84 Biometr ic Management and Security for the Financial
Services I ndustry
X9F5 - Certificate Policy and Procedures
X9F6 - Cardholder Authentication and ICC
7/27/2019 Biometrics Standards Financial
5/19
X9F4Working Group
November 8, 2000 5
Interested ISO Committees
Technical Committee 68 - Financial Industry
Subcommittee 2 - Information Security
Joint Technical Committee One (JTC1) ISO/IEC
Subcommittee 17 - Passports and Identification Cards
7/27/2019 Biometrics Standards Financial
6/19
X9F4Working Group
November 8, 2000 6
Collaborative Standards Activities
www.bioapi.orgBiometric API -Vendor, biometric, and operating system independent API.
Version 1.0 released April, 2000. Participants from biometrics industry,software developers, and system integrators.
www.nist.gov/cbeffCommon Biometric Exchange File Format - enable interoperability of
biometric-based application programs and systems from different vendors
BioAPI
CBEFF
7/27/2019 Biometrics Standards Financial
7/19
X9F4Working Group
November 8, 2000 7
Collaborators
X9.84
BioAPI NIST/ITLCBEFF
Common
Biometric
Exchange
File
Format
Biometric
Service
Provider
(BSP)
API
NCITS B10
7/27/2019 Biometrics Standards Financial
8/19
X9F4Working Group
November 8, 2000 8
Other Standards Activities
www.ectf.orgEnterprise Computer-Telephony Forum (ECTF) Speaker Recognition Resource
for the ECTFs S.100 Interface. They have an architecture for computer-
telephony. S.100 is the API of the architecture.
www.iosoftware.comMicrosoft & I/O Software API API for computing devices
Speaker Verification API (SVAPI) disbanded
BAPI
SVAPI
7/27/2019 Biometrics Standards Financial
9/19
X9F4Working Group
November 8, 2000 9
What is X9.84?
Security of biometric data across its life cycle
Management of the biometric data across its life cycle
Usage of biometric technology for identifying and
authenticating banking customers and employees
Application of biometric technology for physical and
logical access controls
Encapsulation of biometric data
Techniques for securely transmitting biometric data
Security of the physical hardware used throughout the
biometric life cycle
7/27/2019 Biometrics Standards Financial
10/19
X9F4Working Group
November 8, 2000 10
Security Services
Confidentialityprotection of data against unauthorized disclosure
Authenticationprotection against unauthorized access / authorization to data
Integrityprotection of data against unauthorized modification / substitution
Non-repudiationAuthentication and Integrity provable to a third party
Access Control = Authentication + Authorization
7/27/2019 Biometrics Standards Financial
11/19
X9F4Working Group
November 8, 2000 11
Security Requirements
1. The biometric system must prevent captured biometric data
from being introduced into the system through fake,
system-attached, biometric capture devices.
2. The biometric system must ensure that biometric data can
be introduced into the system only through authorized
interfaces using prescribed procedures
* Source: A Biometri c Standard for I nformation Management and Securi ty
7/27/2019 Biometrics Standards Financial
12/19
X9F4Working Group
November 8, 2000 12
Security Requirements
3. The biometric system must implement protection
mechanisms (controls and procedures) to detect or deter
the synthetic biometric feature attack
4. Where necessary, the biometric system must implement
protection mechanisms (controls and procedures) to
prevent the exposure or loss of biometric data
* Source: A Biometri c Standard for I nformation Management and Securi ty
7/27/2019 Biometrics Standards Financial
13/19
X9F4Working Group
November 8, 2000 13
Security Requirements
5. The biometric system must implement protection
mechanisms (controls and procedures) to ensure that the
enrollment process is a well-defined
6. The biometric system must restrict access to the templates;
it must restrict the ability of an attacker to reconstruct the template
database from intercepted biometric data (samples or templates);
it must restrict the ability of an attacker to issue verificationrequests against data in the template database
* Source: A Biometri c Standard for I nformation Management and Securi ty
7/27/2019 Biometrics Standards Financial
14/19
X9F4Working GroupNovember 8, 2000 14
X9.84 Approach
Biometric data should be managed so that
integrity is highest security requirement
unauthorized disclosure of biometric data should not
compromise the system or the individual
NOTE
Biometric data are not inherently confidential or secret.
Therefore, biometric data may still be encrypted to protect
the system for reasons of individual privacy issues
* Source: X9.84 Biometri c In formation Management and Securi ty
7/27/2019 Biometrics Standards Financial
15/19
7/27/2019 Biometrics Standards Financial
16/19
7/27/2019 Biometrics Standards Financial
17/19
X9F4Working GroupNovember 8, 2000 17
What Is X9.84 Current Status?
Work started in 1998
Approved by X9F4 in April 2000
Sent to X9 for a vote
30 day public review
ANSI is going to submit X9.84 for new ISO standard
New ISO working group (WG10) created to review
X9.84. US will chair it and UK, Germany, Japan, and
(maybe) Canada are among the participants.
7/27/2019 Biometrics Standards Financial
18/19
X9F4Working GroupNovember 8, 2000 18
Contact Information
[1] X9F4 Judith Markowitz [email protected]
Jeff Stapleton [email protected]
[2] ANSI X9 www.x9.org
[3] NCITS B10 www.ncits.org
[4] Common Biometric Exchange File Format (CBEFF) www.nist.gove/cbeff
[5] BioAPIwww.bioapi.org
[6] Biometric Consortiumwww.biometrics.org
[7] International Biometric Industry Association (IBIA) www.ibia.org
[8] Enterprise Computer-Telephony Forum (ECTF) www.ectf.org
[9] BAPI www.iosoftware.com
7/27/2019 Biometrics Standards Financial
19/19
X9F4Working GroupNovember 8, 2000 19
Contact Information
+91-20-26127374
http://www.BiometricsIntegrated.com
Biometrics Integrated