标准摘要
[中文适用范围]: 本技术报告为在开放市场采购的系统中,在移动环境中开发一致且安全的生物识别(单独或与非生物识别结合)个性化和认证方法提供指导。指导内容包括: — 1:1验证或1:少量正识别; — 在条件不受良好控制且未被ISO/IEC生物识别交换格式标准和ISO/IEC生物识别样本质量技术报告涵盖的移动环境中的生物识别样本捕获; — 最佳使用多种生物识别和非生物识别(PIN、密码、个人数据)个性化和认证方法(即多因素)。 本技术报告定义了一个框架,用于解决远程和无监督注册的方法和途径,以及生物识别和支持性生物数据的安全存储和传输,涵盖各种在线连接和离线模式。 本技术报告确定了通用移动生物识别系统的功能元素和组件以及每个组件的独特特征。它提供了与通用移动架构相关的指导,并参考了支持标准。 背景认识到a)用户是移动的,b)操作跨越各种平台,特别是移动设备,还包括平板电脑、笔记本电脑和其他个人计算设备。定义此背景的关键是用户的环境是否由用户寻求访问的组织物理控制。 [外文原描述]: ISO/IEC TR 30125:2016 provides guidance for developing a consistent and secure method of biometric (either alone or supported by non-biometric) personalization and authentication in a mobile environment for systems procured on the open market. Guidance is provided for - 1:1 verification or 1:few positive identification; - biometric sample capture in the mobile environment where conditions are not well controlled and not covered in ISO/IEC Biometric interchange format standards and the ISO/IEC Biometric sample quality Technical Reports; NOTE 1 Further information regarding architectures may be found in NIST/SP 500-288. - the best use of multiple biometric and non-biometric (PINs, passwords, personal data) personalization and authentication methods (i.e. multifactor). NOTE 2 More information may be found in ISO/IEC 30108‑1. ISO/IEC TR 30125:2016 defines a framework to address methods and approaches for remote and unsupervised enrolment, together with secure storage and transmission of biometric and supporting biographic data, covering a variety of both online connected and offline modes. ISO/IEC TR 30125:2016 identifies the functional elements and components of a generic mobile biometric system and the distinct characteristics of each component. It provides guidance related to a generic mobile architecture with reference to supporting standards. The context recognizes a) the user as being mobile and b) operation across a variety of platforms, particularly mobile devices but also including tablet, laptop and other personal computing devices. The key to defining this context is whether the user's environment is physically controlled by the organization to which the user seeks access.
英文名称Information technology - Biometrics used with mobile devices