scope:

This Recommendation defines a security framework that enhances the security framework provided by a public key infrastructure (PKI) and a privilege management infrastructure (PMI) to provide authentication using biometric certificates and biometric policy certificates to allow authentication at an appropriate security level, depending on the privileges a client needs for the actions or transactions that the client desires to undertake. It is called the telebiometrics authentication infrastructure (TAI). The specification includes:

- the flow of information in the TAI (see clause 7);

- the definition of a biometric certificate (BC) (see clause 8) issued by a biometric certificate authority (BCA);

- the definition of a biometric policy certificate (BPC) (see clause 9) issued by a telebiometrics authority (TBA);

- the definition of a biometric device certificate (BDC) (see clause 10) issued by a telebiometrics authority (TBA); and

- the definition of extensions for general use in [ITU-T X.509] attribute certificates (see clause 11). This Recommendation does not provide a full specification of the TAI, but forms the basis for a full specification. A full specification would need further standardization of the meaning of different security levels.

NOTE - Appendix I provides an outline of a possible definition of such security levels.

This Recommendation defines the issuance, management, usage, and revocation of biometric certificates by reference to [ITU-T X.509].

The specification of [ITU-T X.509] attribute certificate extensions in clause 11 allows the TAI specifications to be seamlessly combined with a public key infrastructure (PKI) or privilege management infrastructure (PMI), and the use of the reports defined for the authentication context for biometrics (ACBio).