Powered by Google-Search & Google-Books www.ChineseStandard.net Database: 169759 (Oct 10, 2021)
HOME   Quotation   Tax   Examples Standard-List   Contact-Us   Cart
  

GB/T 37036.1-2018 (GB/T37036.1-2018)

Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardSee DetailStatusRelated Standard
GB/T 37036.1-2018English185 Add to Cart 0--10 minutes. Auto-delivery. Information technology -- Biometrics used with mobile devices -- Part 1: General requirement GB/T 37036.1-2018 Valid GB/T 37036.1-2018


GB/T 37036.1-2018: PDF in English (GBT 37036.1-2018)
GB/T 37036.1-2018
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.240.15
L 71
Information Technology - Biometrics Used with Mobile
Devices - Part 1: General Requirement
ISSUED ON: DECEMBER 28, 2018
IMPLEMENTED ON: JULY 1, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 3 
1 Scope ... 4 
2 Normative References ... 4 
3 Terms and Definitions ... 4 
4 Technology Architecture ... 6 
5 General Process ... 7 
6 Functional Requirements ... 8 
7 Security Requirements ... 12 
Appendix A (informative) A Typical Application Scenario of Biometrics Used with
Mobile Devices ... 15 
Bibliography ... 17 
Information Technology - Biometrics Used with Mobile
Devices - Part 1: General Requirement
1 Scope
This Part of GB/T 37036 specifies the technology architecture, general process,
functional requirements and security requirements of biometrics used with mobile
devices.
This Part is applicable to the design, production, integration and application of
biometric system used with mobile devices.
2 Normative References
The following documents are indispensable to the application of this document. In
terms of references with a specified date, only versions with a specified date are
applicable to this document. In terms of references without a specified date, the latest
version (including all the modifications) is applicable to this document.
GB/T 26237 (all parts) Information Technology - Biometric Data Interchange Formats
GB/T 26238 Information Technology - Terminology for Biometrics
GB/T 33767.1-2017 Information Technology - Biometric Sample Quality - Part 1:
Framework
GB/T 35273-2017 Information Security Technology - Personal Information Security
Specification
ISO/IEC 30107 Information Technology - Biometric Presentation Attack Detection
3 Terms and Definitions
What is defined in GB/T 26238, and the following terms and definitions are applicable
to this document.
3.1 Mobile Device
Mobile device refers to a small and hand-held information technology product that can
be connected to the network.
NOTE: Mobile devices may include tablet computers and mobile smart terminals.
the mobile device, which has a relatively strong security capability to ensure that the
application programs and sensitive data running in it are stored, processed and
protected in a relatively trusted environment.
4 Technology Architecture
The biometric technology architecture used with mobile devices is mainly constituted
of several functional modules on the mobile device side and the server side, which
mainly include: biometric collection module, biometric storage module and biometric
comparison module, etc. Specifically speaking, biometric collection module includes
sub-functional modules like biometric sample collection, quality judgment, presentation
attack detection and biometric item extraction. Biometric sample collection collects
user’s biometric samples by accessing the biometric collection elements (such as:
image collection element, audio collection element and fingerprint sensing element,
etc.) in the mobile device.
Under normal circumstances, the biometric process on mobile device may be locally
completed in the mobile device; the biometric result is output to the mobile application
calling the biometric service. The mobile application is a service caller of biometrics in
a mobile device. It can provide a system service to an independent mobile application
software, a functional module in the mobile application software or the mobile device
operating system. In certain application scenarios, some modules or sub-modules of
biometrics, such as: quality judgment, presentation attack detection and biometric item
extraction, as well as biometric storage module and biometric comparison module, can
complete the corresponding functions on the server side.
See Appendix A for a typical application scenario of biometrics used with mobile
devices.
The technology architecture of biometrics used with mobile devices is shown in Figure
1.
2) The biometric collection module in the mobile device collects the user’s
biometric samples, and through quality judgment and presentation attack
detection, further extracts the user’s biometric items.
3) Store the user’s biometric items in the biometric storage module as this
user’s biometric template; associate it with the user’s identity.
4) End the enrollment process.
b) The recognition process includes the following steps:
1) The user initiates the recognition process in the mobile device.
2) The biometric collection module in the mobile device collects the user’s
biometric samples, and through quality judgment and presentation attack
detection, further extracts the user’s biometric items.
3) Compare the extracted user biometric items with one or multiple biometric
templates stored in the biometric storage module.
4) In accordance with the comparison result, make recognition decisions
and output the recognition results.
5) End the recognition process.
c) The log-out process includes the following steps:
1) The user initiates the log-out process on a mobile device.
2) In the biometric storage module in the mobile device, delete all the
biometric templates associated with the user to be logged out; delete the
identity of the user to be logged out.
3) End the log-out process.
6 Functional Requirements
6.1 General Requirements
6.1.1 Basic functions
The basic functions of biometrics used with mobile devices include, but are not limited
to:
a) It should be applicable to users of difference races and ages;
b) It should be applicable to mobile device users and biometric system
administrators;
biometric comparison. An irreversible mode should be adopted to extract
biometric items from user’s biometric samples;
d) It shall be able to transmit the extracted user’s biometric items to the
subsequent processing modules, for example, biometric storage module or
biometric comparison module;
e) It shall be equipped with the capability of determining and handling abnormal
conditions, such as corresponding processing mechanisms for biometric
sample collection failure, failed biometric sample quality judgment, detection
of presentation attacks and biometric item extraction failure, etc.
6.2.2 Quality judgment
It shall be able to judge the quality of the collected user’s biometric samples, so as to
determine whether the current biometric samples meet the requirements of biometric
processing.
When the biometric samples fail to pass the quality judgment, it shall be equipped with
a corresponding processing mechanism, for example, prompting the user to re-collect,
or prompting that there is a failure.
In accordance with different biometric modalities, the basis for quality judgment shall
comply with the requirements of GB/T 33767.1-2017 for sample quality.
6.2.3 Presentation attack detection
It shall be able to conduct presentation attack detection on the currently collected
user’s biometric samples, so as to prevent malicious forgery. When presentation attack
is detected, there shall be corresponding processing mechanism, for example, failure
/ error prompts or risk prompts.
Presentation attack detection shall comply with the methods of ISO/IEC 30107.
6.2.4 Data interchange format
For the successfully collected user’s biometric data, the extensions shall include event
identifier, unique device identifier, date and time of collection, and description of the
biometric samples.
The storage and transmission process shall support the biometric data interchange
formats specified in GB/T 26237 (all parts).
6.3 Biometric Storage Module
Biometric storage module shall provide the following functions, which include, but are
not limited to:
7 Security Requirements
7.1 General Requirements
The general security requirements of biometrics used with mobile devices include, but
are not limited to:
a) It shall be equipped with an effective security mechanism, so as to ensure that
the current operator has the legal authority to complete user enrollment,
update and log-out. Appropriate mechanism and procedures should be
adopted to confirm the true identity of the current enrollee during the user
enrollment process;
b) If biometrics supports different user permissions, there shall be an effective
security mechanism to ensure that users with different permissions can only
perform corresponding operations within their authorized scope.
7.2 Security of Biometric Collection Module
The security requirements for biometric collection module used with mobile devices
include, but are not limited to:
a) The collection process shall be implemented in an independent logical domain
or physical domain;
b) It shall be equipped with an effective security mechanism, so as to ensure the
confidentiality and integrity of user’s biometric data during the biometric
sample collection, quality judgment, presentation attack detection, biometric
item extraction and transmission process;
c) User’s biometric samples that fail to pass the quality judgment shall be
removed in time; ensure that they are not recoverable;
d) After the extraction of biometric items is completed, the user’s biometric
samples shall be removed in time; ensure that they are not recoverable;
e) The trusted execution environment or security unit of the mobile device should
be combined to implement the above security mechanism.
7.3 Security of Biometric Storage Module
The security requirements for biometric storage module used with mobile devices
include, but are not limited to:
a) It shall be equipped with an effective security mechanism to prevent
unauthorized access to the biometric storage module;
d) An effective security mechanism shall be adopted to ensure the integrity of
the output of the recognition result; ensure that it is not illegally tampered with;
e) The trusted execution environment or security unit of the mobile device should
be combined to implement the above security mechanism.
7.5 Security Environment
If the mobile device supports secure environment, for example, trusted execution
environment or security unit, during the biometric collection, storage and comparison
process:
a) Biometric collection module located in the trusted execution environment
should be used to collect the user’s biometric samples;
b) Quality judgment, presentation attack detection and biometric item extraction
should be conducted on the collected user’s biometric samples in a trusted
execution environment;
c) If the biometric storage and comparison module is implemented in a mobile
device, the biometric storage and comparison shall be implemented in a
trusted execution environment;
d) Security services in the trusted execution environment or security unit should
be used, such as: secure encryption and decryption service, secure clock
service and random number service, etc.;
e) Through the trusted interactive interface in the trusted execution environment,
interaction with the user should be implemented;
f) The key involved shall be stored in the trusted execution environment or
security unit;
g) Data interchange with the biometric collection module or mobile applications
located in the rich execution environment is needed, there shall be an effective
security mechanism to verify the legitimacy of the interchange object in the
rich execution environment. During the data interchange process, a secure
channel mechanism should be adopted to guarantee the integrity and
confidentiality of the interchanged data during the data interchange process.
......
 
(Above excerpt was released on 2020-06-12, modified on 2021-06-07, translated/reviewed by: Wayne Zheng et al.)
Source: https://www.chinesestandard.net/PDF.aspx/GBT37036.1-2018