ISO/TC 68/SC 2
| Projekta Nr. | ISO 19092:2023 |
|---|---|
| Nosaukums | <p class="MsoBodyText"><span lang="EN-GB">This document specifies the security framework for using biometrics for authentication of customers in financial services, focusing exclusively on retail payments. It introduces the most common types of biometric technologies and addresses issues concerning their application. This document also describes representative architectures for the implementation of biometric authentication and associated minimum control objectives.</span></p> <p class="MsoBodyText"><span lang="EN-GB">The following are within the scope of this document:</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">use of biometrics for the purpose of:</span></p> <p class="MsoListContinue2" style="mso-list: l1 level1 lfo2;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">verification of a claimed identity;</span></p> <p class="MsoListContinue2" style="mso-list: l1 level1 lfo2;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">identification of an individual;</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">biometric authentication threats, vulnerabilities and controls;</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">validation of credentials presented at enrolment to support authentication;</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">management of biometric information across its life cycle, comprising enrolment, transmission and storage, verification, identification and termination processes;</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">security requirements for hardware used in conjunction with biometric capture and biometric data processing;</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">biometric authentication architectures and associated security requirements.</span></p> <p class="MsoBodyText"><span lang="EN-GB">The following are not within the scope of this document:</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">detailed specifications for data collection, feature extraction and comparison of biometric data and the biometric decision-making process;</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">use of biometric technology for non-financial transaction applications, such as physical or logical system access control.</span></p> |
| Reģistrācijas numurs (WIID) | 78308 |
| Darbības sfēra | <p class="MsoBodyText"><span lang="EN-GB">This document specifies the security framework for using biometrics for authentication of customers in financial services, focusing exclusively on retail payments. It introduces the most common types of biometric technologies and addresses issues concerning their application. This document also describes representative architectures for the implementation of biometric authentication and associated minimum control objectives.</span></p> <p class="MsoBodyText"><span lang="EN-GB">The following are within the scope of this document:</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">use of biometrics for the purpose of:</span></p> <p class="MsoListContinue2" style="mso-list: l1 level1 lfo2;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">verification of a claimed identity;</span></p> <p class="MsoListContinue2" style="mso-list: l1 level1 lfo2;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">identification of an individual;</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">biometric authentication threats, vulnerabilities and controls;</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">validation of credentials presented at enrolment to support authentication;</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">management of biometric information across its life cycle, comprising enrolment, transmission and storage, verification, identification and termination processes;</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">security requirements for hardware used in conjunction with biometric capture and biometric data processing;</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">biometric authentication architectures and associated security requirements.</span></p> <p class="MsoBodyText"><span lang="EN-GB">The following are not within the scope of this document:</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">detailed specifications for data collection, feature extraction and comparison of biometric data and the biometric decision-making process;</span></p> <p class="ListContinue1" style="mso-list: l0 level1 lfo1;"><!-- [if !supportLists]--><span lang="EN-GB" style="mso-fareast-font-family: Cambria; mso-bidi-font-family: Cambria;"><span style="mso-list: Ignore;">—<span style="font: 7.0pt 'Times New Roman';"> </span></span></span><!--[endif]--><span lang="EN-GB">use of biometric technology for non-financial transaction applications, such as physical or logical system access control.</span></p> |
| Statuss | Standarts spēkā |
| ICS grupa | 03.060 35.240.40 |