ISO/IEC 30107-1 2023 ed2 信息技术 生物识别展示攻击检测 第一部分 框架(英文版).pdf

2023,30107,ed2,IEC,ISO,国外及港澳台标准
文档页数:18
文档大小:1.77MB
文档格式:pdf
文档分类:国外及港澳台标准
上传会员:
上传日期:
最后更新:

INTERNATIONAL STANDARD

Part 1:Framework

Partie 1: Structure

Informationtechnology-Biometric presentationattackdetection-

Technologies de l’information - Detection d’attaque de presentationen biometrie -

COPYRIGHTPROTECTEDDOCUMENT

@ ISO/IEC 2023

Allrights reserved. Uless otherwise specified or required in the context of its imlementation o part of this publication maybe reproduced or utilized otherwise in any form or by any means electronic or mechanical including photocopying or posting on the intermet or an intranet without prior written permission. Permission can be requested from either ISO at the address belowor ISO's member body in the country of the requester.

ISO copyright officeCH-1214 Vernier Geneva CP 401 • Ch. de Blandonnet 8Email:copyright@ Phone: 41 22 749 01 11Website: in Switzerland

Contents

Page

Foreword. ivIntroduction. V1 Scope. 12 Normative references. 13 Terms and definitions. 14 Characterization of presentation attacks. 4.1 General. 34.2 Presentation attack instruments. 35 Framework for presentation attack detection methods. Types of presentation attack detection. 45.1 5.2 The role of challenge-response. 5 45.2.2 5.2.1 Challenge-response related to liveness detection. General. 65.2.3 5.2.4 Challenge-response not related to biometrics. Liveness detection not related to challenge-response. 65.3 Presentation attack detection process. 65.4 5.4.1 Presentation attack detection within biometric system architecture. Overview in terms of the generalized biometric framework. 7 75.4.2 PAD processing considerations relative to the other biometric subsystems. 86 Obstacles to biometric impostor presentation attacks in a biometric system. 5.4.3 PAD location implications regarding data interchange. 9 6Bibliography. 11

Foreword

ISO (the International Organization for Standardization) and IEC (the International ElectrotechnicalCommission) form the specialized system for worldwide standardization. National bodies that aremittees established by the respective organization to deal with particular fields of technical members of ISO or IEC participate in the development of International Standards through technicalorganizations governmental and non-governmental in liaison with ISO and IEC also take part in the activity. ISO and IEC technical mittees collaborate in fields of mutual interest. Other internationalwork.

The procedures used to develop this document and those intended for its further maintenanceare described in the ISO/IEC Directives Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted inaccordance with the editorial rules of the ISO/IEC Directives Part 2 (see or

ISO and IEC draw attention to the possibility that the implementation of this document may involve theuse of (a) patent(s). ISO and IEC take no position concerning the evidence validity or applicability ofany claimed patent rights in respect thereof. As of the date of publication of this document ISO and IEC had not received notice of (a) patent(s) which may be required to implement this document. However implementers are cautioned that this may not represent the latest information which may be obtainedfrom the patent database available at and ISO and IEC shall not be held responsible for identifying any or all such patent rights.

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation of the voluntary nature of standards the meaning of ISO specific terms andexpressions related to conformity assessment as well as information about ISO's adherence to In the IEC see

This document was prepared by Joint Technical Committee ISO/IEC JTC 1 Information technology Submittee SC 37 Biometrics.

This second edition cancels and replaces the first edition (ISO/IEC 30107-1:2016) which has beentechnically revised.

The main changes are as follows:

the terms and definitions have been harmonized with the other parts of the ISO/IEC 30107 series.

A list of all parts in the ISO/IEC 30107 series can be found on the ISO and IEC websites.

Any feedback or questions on this document should be directed to the user's national standardsbody. A plete listing of these bodies can be found at and

Introduction

Biometric technologies are used to recognize individuals based on biological and behaviouralcharacteristics. Consequently they are often used as a ponent in security systems. A biometricor foes or can attempt to recognize persons who are unknown to the system as either.

Since the beginning of these technologies the possibility of subversion of recognition by determinedsubversive recognition attempts or presentation attacks. Subversion of the intended function of a adversaries has been widely acknowledged as has the need for countermeasures to detect and defeatbiometric technology can take place at any point within a security system and by any actor whether aon mechanisms for the automated detection of presentation attacks undertaken by biometric capturesubjects at the capture device during the presentation of the biometric characteristics. These automatedbiometric samples that are manipulated to match two or more biometric data subjects are submittedmethods are similar for PAD and morphing attack detection mechanisms. during enrolment are not considered in the ISO/IEC 30107 series though the performance assessment

The potential for subversion of biometric systems at the point of data collection by determinedindividuals acting as biometric capture subjects has limited the use of biometrics in applicationswhich are unsupervised by an agent of the system owner such as remote collections over untrusted networks. Guidelines on e-authentication for example do not remend the use of biometrics as anopen networks automated presentation attack detection methods can be applied to mitigate the risks authentication factor for this reason. In unattended applications such as remote authentication overof attack. Standards best practices and independently-evaluated mechanisms can improve the securityof all systems employing biometrics whether using supervised or unsupervised data capture including those using biometric recognition to secure online transactions.

As is the case for biometric recognition PAD mechanisms are subject to errors both false positive andfalse negative: false positive indications wrongly categorize bona-fide presentations as attacks thusimpairing the efficiency of the system and false negative indications wrongly categorize presentation attacks as bona fide not preventing a security breach. Therefore the decision to use a specifictrade-offs with respect to security and efficiency. implementation of PAD depends upon the requirements of the application and consideration of the

framework through which presentation attack events can be specified and detected so that they canbe categorized detailed and municated for subsequent biometric system decision-making andISO/IEC mittees and submittees. This document does not advocate a specific mechanism as a standard PAD tool.

There are currently three other parts in the ISO/IEC 30107 series. ISO/IEC 30107-2 defines dataformats for conveying the type of approach used in biometric presentation attack detection and forconveying the results of PAD methods. The data formats defined in ISO/IEC 30107-2 are integrated into the extensible biometric data interchange formats defined in the ISO/IEC 39794 series. ISO/IEC 30107-3establishes principles and methods for performance assessment of PAD mechanisms. ISO/IEC 30107-4 provides requirements for assessing the performance of PAD mechanisms on mobile devices with localbiometric recognition.

资源链接请先登录(扫码可直接登录、免注册)
①本文档内容版权归属内容提供方。如果您对本资料有版权申诉,请及时联系我方进行处理(联系方式详见页脚)。
②由于网络或浏览器兼容性等问题导致下载失败,请加客服微信处理(详见下载弹窗提示),感谢理解。
③本资料由其他用户上传,本站不保证质量、数量等令人满意,若存在资料虚假不完整,请及时联系客服投诉处理。

投稿会员:匿名用户
我的头像

您必须才能评论!

手机扫码、免注册、直接登录

 注意:QQ登录支持手机端浏览器一键登录及扫码登录
微信仅支持手机扫码一键登录

账号密码登录(仅适用于原老用户)