标准摘要
[中文适用范围]: 本技术报告提供关于使用生物识别认证技术规范身份认证性能要求的指导,以实现所需的安全性和可用性水平。该指南涵盖了以下方面:——影响安全性和可用性的生物识别性能指标;——比较和量化生物识别技术和/或其他认证机制在单独或组合使用时的安全性和可用性;——如何结合单个认证元素的性能以满足整体安全性和可用性要求;——在使用生物识别技术的应用中的安全性和可用性的权衡;——维护在采用生物识别系统中保持安全性和可用性的考虑。该指南针对以下应用:——使用生物识别技术对个人进行身份验证,以及——规模较小或中等的系统(从用户数量来看)。本技术报告未涵盖以下内容:——监控系统;——其主要目的是检测和阻止个人尝试在不同身份下创建多个注册的系统;——用户群庞大且多样化、可能包括有特殊需求的人的系统;——具有复杂功能、安全性和可用性要求组合的其他系统。这些大规模应用通常属于大型组织领域,假定此类系统的开发者将拥有适当的生物识别专业知识,并能提供超出本技术报告范围的指导。本技术报告未涉及特定于生物识别模态和技术的问题,也没有提供满足特定应用程序需求的定量生物识别性能要求。 [外文原描述]: ISO/IEC TR 29156:2015 provides guidance on specifying performance requirements for authentication using biometric recognition in order to achieve desired levels of security and usability for the authentication mechanism. Guidance addresses issues such as the following: - the biometric performance metrics that impact security and usability; - comparing and quantifying the security and usability of biometrics and other authentication mechanisms, when used alone or in combination; - how to combine performance of individual authentication elements in order to meet an overall security and usability requirement; - the trade-off between security and usability in applications using biometric recognition; - considerations in maintaining security and usability in systems incorporating biometrics. The guidance is targeted towards applications that - use biometrics for the authentication of individuals, and - are of small to medium size (in terms of the number of enrolled individuals). The guidance does not address the following: - surveillance systems; - systems whose primary aim is to detect and prevent attempts by individuals to create multiple enrolments under different identities; - systems with a large and diverse population of enrolees, which can include people with special needs; - other systems with a complex mix of functional, security and usability requirements. Such large-scale applications are typically the domain of large organizations, and it is assumed that the developers of such systems will have access to appropriate biometric expertise able to provide guidance beyond the scope of this Technical Report. This Technical Report does not address biometric modality and technology specific issues, nor does it provide quantitative biometric performance requirements that would satisfy a particular application.
英文名称Information technology - Guidance for specifying performance requirements to meet security and usability needs in applications using biometrics