HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (27 Oct 2024)

GB/T 37036.3-2019 PDF in English


GB/T 37036.3-2019 (GB/T37036.3-2019, GBT 37036.3-2019, GBT37036.3-2019)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 37036.3-2019English210 Add to Cart 0-9 seconds. Auto-delivery. Information technology -- Biometrics used with mobile devices -- Part 3: Face Valid
Standards related to (historical): GB/T 37036.3-2019
PDF Preview

GB/T 37036.3-2019: PDF in English (GBT 37036.3-2019)

GB/T 37036.3-2019 NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.240.15 L 71 Information Technology - Biometrics Used with Mobile Devices - Part 3: Face ISSUED ON: OCTOBER 18, 2019 IMPLEMENTED ON: MAY 1, 2020 Issued by: State Administration for Market Regulation; Standardization Administration of the People’s Republic of China. Table of Contents Foreword ... 3  1 Scope ... 5  2 Normative References ... 5  3 Terms and Definitions ... 5  4 Abbreviations ... 7  5 Technology Architecture ... 7  6 Operational Process ... 9  7 Functional Requirements ... 11  8 Performance Requirements ... 16  9 Security Requirements ... 16  Appendix A (informative) Typical Application Architectures of Face Recognition Used with Mobile Devices ... 20  Appendix B (informative) Mobile Device Face Recognition Presentation Attack Detection Methods ... 26  Information Technology - Biometrics Used with Mobile Devices - Part 3: Face 1 Scope This Part of GB/T 37036 provides the technology architecture of the face recognition system used with mobile devices, and specifies the operational process, functional requirements, performance requirements and security requirements of face recognition used with mobile devices. This Part is applicable to the design, production, integration and application of the face recognition system used with mobile devices. 2 Normative References The following documents are indispensable to the application of this document. In terms of references with a specified date, only versions with a specified date are applicable to this document. In terms of references without a specified date, the latest version (including all the modifications) is applicable to this document. GB/T 26238-2010 Information Technology - Terminology for Biometrics GB/T 37036.1-2018 Information Technology - Biometrics Used with Mobile Devices - Part 1: General Requirement 3 Terms and Definitions What is defined in GB/T 26238-2010, and the following terms and definitions are applicable to this document. 3.1 Face Recognition Face recognition refers to the process of individual recognition based on individual’s face characteristic. 3.2 Face Characteristic Face characteristic refers to distinguishable and repeatable characteristic information that can be extracted from individual’s face information, so as to achieve the purpose of automatic individual recognition. NOTE: face characteristics may include: anatomical characteristics of face, facial characteristics, special marking characteristics and other characteristics of human Attack presentation false acceptance rate refers to the proportion that attacks presented by means of attack presentation are mistakenly accepted as the actual face presentation in specific scenarios. 3.12 Bona Fide Presentation False Rejection Rate Bona fide presentation false rejection rate refers to the proportion that actual face presentation is mistakenly determined as attack presentation and rejected in specific scenarios. 3.13 Attack Presentation Non-response Rate Attack presentation non-response rate refers to the proportion of non-responses in the face recognition system during the process of presenting attacks through the mode of attack presentation. 3.14 Bona Fide Presentation Non-response Rate Bona fide presentation non-response rate refers to the proportion of non-responses in the face recognition system during the presentation of actual face. 4 Abbreviations The following abbreviations are applicable to this document. APFAR: Attack Presentation False Acceptance Rate APNRR: Attack Presentation Non-response Rate BPFRR: Bona Fide Presentation False Rejection Rate BPNRR: Bona Fide Presentation Non-response Rate FAR: False Acceptance Rate FRR: False Rejection Rate 5 Technology Architecture The face recognition system used with mobile devices is mainly constituted of several functional modules on the mobile device side and the remote server. It mainly includes face characteristic capture module, face characteristic storage module and face characteristic comparison module, etc. Specifically speaking, the face characteristic capture module includes sub-functional modules, such as: face sample capture, quality judgment, presentation attack detection and face feature extraction, etc. The face recognition system captures user’s face samples by accessing the face capture device devices includes: enrollment process, recognition process and log-out process. See the requirements below: a) The enrollment process shall include, but is not limited to the following steps: 1) The mobile application initiates the enrollment process in a mobile device; 2) The face capture device in the mobile device captures the user’s face samples; 3) Conduct quality judgment, presentation attack detection and user’s face feature extraction; 4) Store the user’s face feature in the face characteristic storage module as the user’s face template; associate it with the user’s identity; 5) After completing it, end the enrollment process. b) The recognition process shall include, but is not limited to the following steps: 1) The mobile application initiates the recognition process in the mobile device; 2) The face capture device in the mobile device captures the user’s face samples; 3) Conduct quality judgment, presentation attack detection and user’s face feature extraction; 4) Regard the extracted user’s face feature as the face probe; compare it with one or more user’s face templates stored in the face characteristic storage module; 5) In accordance with the comparison result, make recognition decisions and output the recognition result; end the recognition process. NOTE: the face recognition system used with mobile devices may use face probe, which passes the recognition, to update the user’s face template stored in the face characteristic storage module. c) The log-out process shall include, but is not limited to the following steps: 1) The mobile application initiates the log-out process in the mobile device; 2) Delate all face references associated with the user to be logged out in the face characteristic storage module; delete the identity of the user to be logged out in face recognition; Face recognition used with mobile devices shall have the function of log management, which includes, but is not limited to: a) Events that generate log records, which include, but are not limited to: 1) Success or failure event during the enrollment process; 2) Success or failure event during the recognition process; 3) Success or failure event during the log-out process; 4) Face template update, etc. b) For each event, log records include the event occurrence time, the type of event, the user, the event execution result or cause of failure, and the validity time, etc. 7.2 Face Characteristic Capture Module 7.2.1 Basic functions The face characteristic capture module provides the function of face characteristic data capture and transmission, which includes, but is not limited to: a) It shall comply with the requirements of 6.2.1 in GB/T 37036.1-2018; b) Technical means should be adopted to determine the environmental lighting conditions where the user is located during the capture process. When the environmental lighting conditions are inappropriate (for example, ambient light is too bright or too dark), the user should be reminded to cooperate with the improvement; c) Technical means should be adopted to determine blockage and posture of the face area in the face capture zone during the capture process. When the face area is incomplete (for example, when there is blockage by ornament, or, when only part of the face is in the video capture area) or the posture is inappropriate (face rotation, pitching or excessive inclination angle), the user should be reminded to cooperate with the improvement; d) During the capture process, if there are multiple faces, or no face in the video area, it should be properly handled in accordance with the current business scenario, for example, remind the user to cooperate with the improvement, or, set rules to select the main face area for processing. 7.2.2 Quality judgment The face characteristic capture module in the mobile device shall have the function of quality judgment; comply with the requirements of 6.2.2 in GB/T 37036.1-2018. The quality judgment function of face samples: a) Shall include, but is not limited to: 1) Evaluation of area size: determine whether the size of the face area detected in the sample meets the requirements of the face recognition algorithm; 2) Evaluation of clarity: determine whether the clarity of the face area detected in the sample meets the requirements of the face recognition algorithm; 3) Evaluation of integrity: determine whether the integrity of the face area detected in the sample meets the requirements of the face recognition algorithm; 4) Evaluation of gesture angle: determine whether the rotation angle, pitching angle and inclination angle of the face gesture detected in the sample are within a reasonable range. b) Should include, but is not limited to: 1) Evaluation of eye closure: quantify and evaluate the eye closure; determine whether it meets the requirements of the face recognition algorithm; 2) Evaluation of mouth closure: quantify and evaluate the mouth closure; determine whether it meets the requirements of the face recognition algorithm; 3) Evaluation of illumination: determine whether the illumination of the face area detected in the sample meets the requirements of the face recognition algorithm; 4) Evaluation of user subjective cooperation level: determine whether the user has subjective willingness to cooperate with face recognition. 7.2.3 Presentation attack detection Face recognition used with mobile devices shall be equipped with the function of presentation attack detection; comply with the requirements of 6.2.3 in GB/T 37036.1- 2018. The presentation attack detection function of face recognition used with mobile devices should be able to support the detection of the following types of presentation attack, as it is shown in Table 1. See Appendix B for some feasible presentation attack detection methods of face capturing and using the face data for products or services provided, and obtain the user’s authorized consent; c) Before face recognition log-out is initiated, the operator’s identity shall be authenticated, and the authority shall be confirmed. After the face recognition log-out is completed, ensure that all the associated face data is deleted and cannot be recovered; d) During its operation, the functional module located in the mobile device should have the capability of inspecting the operating environment. The scope of the inspection may include whether the mobile device system has been authorized by an illegal user to obtain administrator rights, and whether the program operating environment is trusted. When it is found that the operating environment is abnormal, there shall be corresponding treatment measures, such as: prompting the user for security risks and closing the application, etc.; e) The functional module in the mobile device shall adopt security measures to ensure that only the caller with the calling authority can call the module; f) The functional module in the mobile device shall adopt security reinforcement measures, such as: de-compilation and integrity check, to improve its own security protection level. 9.2 Security of Face Characteristic Capture Module The security requirements for the face characteristic capture module include, but are not limited to: a) It shall comply with the requirements of 7.2 in GB/T 37036.1-2018; b) A face characteristic capture timeout processing mechanism shall be set. In other words, within the set effective time, if face samples that meet the quality requirements and pass the presentation attack detection cannot be captured, then, the module shall automatically withdraw from the operation; c) Effective security measures shall be adopted to protect the sensitive data input by the user, or the captured user’s face data, so as to ensure its confidentiality and integrity, and ensure that it is not illegally stolen or tampered with, for example, the implementation through the trusted environment in the mobile device; d) After face feature extraction is completed, the user’s face samples shall be timely removed from the mobile device; ensure that the face samples cannot be recovered. 9.3 Security of Face Characteristic Storage Module When face data is transmitted among different modules of face recognition: a) During the transmission process, the true identity of the other side of communication shall be authenticated. After the authentication is passed, a secure channel shall be established to protect the confidentiality and integrity of face data during the transmission process; b) Effective measures shall be adopted to prevent replay attacks, for example, unpredictable random numbers, time stamps or challenges / responses; c) In the mode of remote recognition, when transmitting face data from the mobile device to a remote server for comparison, and returning the recognition decision-making result, an effective and safe mode shall be adopted to perform security protection of the transmitted face data and recognition decision-making result, so as to ensure its confidentiality and integrity; ensure that it is not stolen or tampered with; d) Effective security measures shall be adopted to perform security protection of keys used during the transmission process, for example, the implementation through the trusted environment in the mobile device. 9.6 Security of Logs The security requirements for logs include, but are not limited to: a) There shall be no clear-text face data, key information or other security- related parameters in the log records; b) Security measures shall be adopted to protect the integrity of log information, for example, digital signature; c) It shall be equipped with an authorization management mechanism to manage the operating authorization of adding, deleting and modifying log records. ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.