scope:

To prove ownership of an ITU-T X.509 certificate registered individually with the registration authority (RA), a biometric hardware security module has been considered to provide a high-level biometric authentication. This Recommendation | International Standard provides a framework for telebiometric authentication using BHSM. Within the scope of this draft Recommendation | International Standard, the following issues are addressed: - telebiometric authentication mechanisms using BHSM in telecommunication network environments; and - abstract syntax notation one (ASN.1) format and protocols for implementing the mechanisms in the ITU-T X.509 framework. The related standard environment is depicted in Figure 1. The main role of this Recommendation | International Standard is to harmonize with existing telebiometric authentication and public key infrastructure (PKI) standards and to establish a standard mechanism using BHSM for verifying the ownership of the ITU-T X.509 certificate in the telebiometric environment. Evidence of biometric authentication specified in ISO/IEC 24761 Telebiometric Authentication (Local model specified in X.1084) Biometric Hardware Security Module Biometric Module Cipher Module I/F Telecomm. Terminal I/F BCA specified in X.1089 CA on X.509 Authentication Server RA BRA specified in X.1089 Tamper Proof Cipher Func. Private Key X.509 Cert. Tamper Proof Compare Function Template Capture Function Securely implemented in consideration of ISO/IEC 19792 Security requirements compliant with ISO/IEC 19790 Figure 1 - Standard environment for BHSM