标准摘要
[中文适用范围]: 本文件规定了在金融服务中使用生物识别技术对客户进行身份验证的安全框架,专门关注零售支付。 它介绍了最常见的生物识别技术类型并解决了与其应用相关的问题。 本文档还描述了用于实施生物特征认证和相关最低控制目标的代表性架构。 以下内容属于本文件的范围: ——将生物识别技术用于以下目的: ——验证所声称的身份; ——个人身份识别; ——生物特征认证威胁、漏洞和控制; ——验证注册时提供的凭证以支持身份验证; ——生物识别信息整个生命周期的管理,包括注册、传输和存储、验证、识别和终止过程; ——与生物识别捕获和生物识别数据处理结合使用的硬件的安全要求; ——生物特征认证架构和相关的安全要求。 以下内容不属于本文件的范围: ——生物识别数据的数据采集、特征提取和比较以及生物识别决策过程的详细规范; ——将生物识别技术用于非金融交易应用,例如物理或逻辑系统访问控制。 [外文原描述]: This document specifies the security framework for using biometrics for authentication of customers in financial services, focusing exclusively on retail payments. It introduces the most common types of biometric technologies and addresses issues concerning their application. This document also describes representative architectures for the implementation of biometric authentication and associated minimum control objectives. The following are within the scope of this document: — use of biometrics for the purpose of: — verification of a claimed identity; — identification of an individual; — biometric authentication threats, vulnerabilities and controls; — validation of credentials presented at enrolment to support authentication; — management of biometric information across its life cycle, comprising enrolment, transmission and storage, verification, identification and termination processes; — security requirements for hardware used in conjunction with biometric capture and biometric data processing; — biometric authentication architectures and associated security requirements. The following are not within the scope of this document: — detailed specifications for data collection, feature extraction and comparison of biometric data and the biometric decision-making process; — use of biometric technology for non-financial transaction applications, such as physical or logical system access control.
英文名称Financial services — Biometrics — Security framework