标准摘要
[中文适用范围]: 本文件规定了生物识别性能安全评估及生物识别验证系统与识别系统中呈现攻击检测的适用范围,具体包括:— 对ISO/IEC 15408-2中SFR类安全功能组件的扩展;— 对ISO/IEC 18045所规定的方法论中关于ISO/IEC 15408-3的SAR类所补充的活动。本文件提出了生物识别系统安全评估的总体框架,涵盖扩展的安全功能组件及补充的方法论活动,其中包括评估人员在执行这些活动时所依据的额外评估活动与指导/建议。补充的评估活动在本文件中制定,而详细建议则分别见于ISO/IEC 19989-2(针对生物识别方面)和ISO/IEC 19989-3(针对呈现攻击检测方面)。本文件仅适用于针对单一生物特征类型的待评估对象(TOE),但允许在安全功能要求(SFRs)中选择来自多种特征的特征。 [外文原描述]: For security evaluation of biometric recognition performance and presentation attack detection for biometric verification systems and biometric identification systemsthis document specifies: — extended security functional components to SFR Classes in ISO/IEC 15408-2; — supplementary activities to methodology specified in ISO/IEC 18045 for SAR Classes of ISO/IEC 15408-3. This document introduces the general framework for the security evaluation of biometric systems, including extended security functional components, and supplementary activities to methodology, which is additional evaluation activities and guidance/recommendations for an evaluator to handle those activities. The supplementary evaluation activities are developed in this document while the detailed recommendations are developed in ISO/IEC 19989-2 (for biometric recognition aspects) and in ISO/IEC 19989-3 (for presentation attack detection aspects). This document is applicable only to TOEs for single biometric characteristic type. However, the selection of a characteristic from multiple characteristics in SFRs is allowed.
英文名称Information security - Criteria and methodology for security evaluation of biometric systems - Part 1: Framework