标准摘要
[中文适用范围]: 本国际标准规定了生物识别系统安全评估期间应解决的主题。它涵盖了生物识别系统安全评估期间应考虑的生物识别特定方面和原则。它不解决使用生物识别技术的系统的整体安全评估中可能存在的非生物识别方面(例如对数据库或通信渠道的要求)。本国际标准不旨在定义生物识别系统安全评估的任何具体方法,而是侧重于主要要求。因此,本国际标准中的要求独立于任何评估或认证计划,在用于具体计划之前需要纳入并适应。本国际标准定义了生物识别系统安全评估期间需要考虑的各种重要领域。这些领域由本国际标准的以下条款表示:本国际标准的第 4 条和第 5 条提供了所有术语、定义和缩略语的概述;第 6 条介绍了生物识别系统安全评估的总体概念;第 7 条描述了安全相关错误率的统计方面;第 8 条涉及生物识别系统的安全性评估;第 9 条描述了隐私方面的评估。本国际标准适用于评估者和开发者社区。它规定了评估者的要求,并提供了执行生物识别系统安全评估的指导。它有助于告知开发者生物识别安全评估的要求,以帮助他们为安全评估做准备。虽然本国际标准独立于任何特定的评估计划,但它可以作为开发具体评估和测试方法的框架,将生物识别评估的要求纳入现有的评估和认证计划中。本国际标准引用并利用其他生物识别标准,特别是 ISO/JTC1 SC 37 的生物识别性能测试和报告标准。这些标准已根据生物识别安全评估的具体要求进行了必要的调整。 [外文原描述]: ISO/IEC 19792:2009 specifies the subjects to be addressed during a security evaluation of a biometric system. It covers the biometric-specific aspects and principles to be considered during the security evaluation of a biometric system. It does not address the non-biometric aspects which might form part of the overall security evaluation of a system using biometric technology (e.g. requirements on databases or communication channels). ISO/IEC 19792:2009 does not aim to define any concrete methodology for the security evaluation of biometric systems but instead focuses on the principal requirements. As such, the requirements in ISO/IEC 19792:2009 are independent of any evaluation or certification scheme and will need to be incorporated into and adapted before being used in the context of a concrete scheme. ISO/IEC 19792:2009 defines various areas that are important to be considered during a security evaluation of a biometric system. ISO/IEC 19792:2009 is relevant to both evaluator and developer communities. It specifies requirements for evaluators and provides guidance on performing a security evaluation of a biometric system. It serves to inform developers of the requirements for biometric security evaluations to help them prepare for security evaluations. Although ISO/IEC 19792:2009 is independent of any specific evaluation scheme it could serve as a framework for the development of concrete evaluation and testing methodologies to integrate the requirements for biometric evaluations into existing evaluation and certification schemes.
英文名称Information technology - Security techniques - Security evaluation of biometrics