UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ISO/IEC 19792

Information technology - Security techniques - Security evaluation of biometrics

active, Most Current
Buy Now
Organization: ISO
Publication Date: 1 August 2009
Status: active
Page Count: 42
ICS Code (Information coding): 35.040
scope:

This International Standard specifies the subjects to be addressed during a security evaluation of a biometric system.

It covers the biometric-specific aspects and principles to be considered during the security evaluation of a biometric system.It does not address the non-biometric aspects which might form part of the overall security evaluation of a system using biometric technology (e.g. requirements on databases or communication channels).

This International Standard does not aim to define any concrete methodology for the security evaluation of biometric systems but instead focuses on the principal requirements. As such, the requirements in this International Standard are independent of any evaluation or certification scheme and will need to be incorporated into and adapted before being used in the context of a concrete scheme.

This International Standard defines various areas that are important to be considered during a security evaluation of a biometric system. These areas are represented by the following clauses of this International Standard:

- Clauses 4 and 5 of this International Standard give an overview of all terms, definitions and acronyms used,

- Clause 6 introduces the overall concept for a security evaluation of a biometric system,

- Clause 7 describes statistical aspects of security-relevant error rates,

- Clause 8 deals with the vulnerability assessment of biometric systems and

- Clause 9 describes the evaluation of privacy aspects.

This International Standard is relevant to both evaluator and developer communities.

- It specifies requirements for evaluators and provides guidance on performing a security evaluation of a biometric system.

- It serves to inform developers of the requirements for biometric security evaluations to help them prepare for security evaluations.

Although this International Standard is independent of any specific evaluation scheme it could serve as a framework for the development of concrete evaluation and testing methodologies to integrate the requirements for biometric evaluations into existing evaluation and certification schemes.

This International Standard refers to and utilizes other biometric standards, notably those for biometric performance testing and reporting from ISO/JTC1 SC 37. These standards have been adapted as necessary for the specific requirements of biometric security evaluation.

Document History

ISO/IEC 19792
August 1, 2009
Information technology - Security techniques - Security evaluation of biometrics
This International Standard specifies the subjects to be addressed during a security evaluation of a biometric system. It covers the biometric-specific aspects and principles to be considered during...

References

This document references:
ISO/IEC 15408-1 - Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 1: Introduction and general model
Published by ISO on August 1, 2022
This document establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of the standard which in its entirety is...
This document references:
ISO/IEC 15408-2 - Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional components
Published by ISO on August 15, 2008
This part of ISO/IEC 15408 defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that...
This document references:
ISO/IEC 15408-3 - Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance components
Published by ISO on August 15, 2008
This part of ISO/IEC 15408 defines the assurance requirements of ISO/IEC 15408. It includes the evaluation assurance levels (EALs) that define a scale for measuring assurance for component TOEs, the...
This document references:
ISO/IEC 19795-1 - Information technology — Biometric performance testing and reporting — Part 1: Principles and framework
Published by ISO on May 1, 2021
This document: — establishes general principles for testing the performance of biometrics systems in terms of error rates and throughput rates for purposes including measurement of performance,...
This document references:
ISO/IEC 24713-1 - Information technology - Biometric profiles for interoperability and data interchange - Part 1: Overview of biometric systems and biometric profiles
Published by ISO on March 1, 2008
This part of ISO/IEC 24713 identifies and defines the functional blocks and components of a generic biometric system, and the distinct characteristics of each component. It also defines a generic...
This document is referenced by:
ITU-T X.1091 - A guideline for evaluating telebiometric template protection techniques
Published by ITU-T on April 1, 2012
This Recommendation: • establishes a general guideline for testing and evaluating the performance of biometric template protection techniques based on biometric cryptosystem or cancellable...
This document is referenced by:
ISO/IEC 24761 - Information technology — Security techniques — Authentication context for biometrics
Published by ISO on October 1, 2019
This document defines the structure and the data elements of Authentication Context for Biometrics (ACBio), which is used for checking the validity of the result of a biometric enrolment and...
This document is referenced by:
BS ISO/IEC 24745 - Information security, cybersecurity and privacy protection - Biometric information protection
Published by BSI on March 31, 2022
A description is not available for this item.
This document is referenced by:
BS ISO/IEC 24761 - Information technology - Security techniques - Authentication context for biometrics
Published by BSI on June 30, 2009
A description is not available for this item.
View Less
View All
Advertisement