HOME Cart(0) Quotation About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (19 Oct 2025)

GB/T 27912-2011 English PDF

US$1569.00 · In stock
Delivery: <= 10 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 27912-2011: Financial services -- Biometrics -- Security framework
Status: Valid

Standard ID	Contents [version]	USD	STEP2	[PDF] delivered in	Standard Title (Description)	Status	PDF
GB/T 27912-2011	English	1569	Add to Cart	10 days [Need to translate]	Financial services -- Biometrics -- Security framework	Valid	GB/T 27912-2011

PDF similar to GB/T 27912-2011

Standard similar to GB/T 27912-2011

JR/T 0197 JR/T 0154 GB/T 19584 GB/T 27913 GB/T 27909.2 GB/T 27909.1

Basic data

Standard ID	GB/T 27912-2011 (GB/T27912-2011)
Description (Translated English)	Financial services -- Biometrics -- Security framework
Sector / Industry	National Standard (Recommended)
Classification of Chinese Standard	A11
Classification of International Standard	03.360; 35.240.40
Word Count Estimation	71,792
Date of Issue	2011-12-30
Date of Implementation	2012-02-01
Quoted Standard	ISO 10202-3; ISO/IEC 19790
Adopted Standard	ISO 19092-1-2006, MOD
Regulation (derived from)	Announcement of Newly Approved National Standards No. 23 of 2011
Issuing agency(ies)	General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China
Summary	This standard specifies the use of the financial industry personnel biometric identification mechanisms identity security framework describes the type of biometric technology, elaborated on the application problem. This standard also describes the implementation architecture, details the minimum security requirements for effective management, but also for professionals provides control objectives and recommendations. This standard applies to the data confidentiality or otherwise is encrypted biometric information on a mandatory way.

GB/T 27912-2011: Financial services -- Biometrics -- Security framework

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Financial services. Biometrics. Security framework ICS 03.360; 35.240.40 A11 National Standards of People's Republic of China Financial Services Biometrics Security Framework (ISO 19092-1.2006, MOD) Issued on. 2011-12-30 2012-02-01 implementation Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China Standardization Administration of China released

Preface Ⅰ Introduction Ⅲ 1 Scope 1 2 Compliance 1 3 Normative references 1 4 Terms and definitions 2 5 Acronyms 7 6 Biometrics Overview 7 10 7 technical considerations The basic principle of structure 8 Biometrics 14 9 management and security requirements 18 22 10 Security Infrastructure 11 biometric identification of control objectives 24 Appendix A (informative) Event Log 47 Appendix B (normative) Biometric Registration 50 Annex C (normative) Security Considerations 51 Annex D (normative) Safety requirements for biometric devices 61 Annex E (informative) existing applications 63 References 65

Foreword

This standard was drafted in accordance with GB/T 1.1-2009 given rules. This revised standard adopts ISO 19092-1.2006 "Financial Services Biometrics - Part 1. Safety Framework" (in English). This standard and ISO 19092-1.2006 technical differences are as follows. Content a) delete the text involved in ISO 19092-2 (ISO 19092-2 by ISO proposal has been aborted, and delete content and It does not affect the integrity of the standard); b) delete the original standard 10.1.2, because the key name in this section has been terminated all from ISO 19092-2; c) 10.1.2 (original standard 10.1.3) digital signature "hash algorithm should meet the relevant ISO standards (or an equivalent national standard) Specific requirements "is replaced by" hashing algorithm should meet the specific requirements of the relevant national standards "; d) Remove 10.1.2 (formerly Standard 10.1.3) digital signature column item "should be hashed through plain text data by the text And one or more values \u200b\u200bBiometricHeader BiometricData type of composition, in addition to the type and BiometricHeader Outside BiometricData value it should also include the value of a IntegrityBlock type "; e) "key management, as shown in 10.1.2 and 10.1.3 (former standard 10.1.3 and 10.1.4) in Table 1, shall be in accordance with the relevant ISO , specific provisions of ISO /IEC standards (or an equivalent national standard) implementation, such as ISO 11568, or ISO / IEC 11770 "to" key management techniques should be specific provisions related to the implementation of national standards "; f) delete the original standard in Table 1 (subsequent table numbers are minus 1); g) 10.1.3 encryption-based data confidentiality purposes of "encryption algorithm should be relevant ISO standards (or equivalent national standard) Specific provisions "with" specified in the national standard encryption algorithm should be related to the implementation of "; h) 11.3.1 12 tables (13 tables in the original standard) of 147. "key generation using key generation algorithm, as specified in ISO standard (or National standards are equivalent) "to" key generation algorithm using the key generation, particularly in the relevant national standards "; i) Appendix A.3.4 column item d) the "reference template description (for example, biometric OID)" was changed to "reference template described (Example For example, biometric target identifier) \u200b\u200b"; j) Remove ISO 19092-1.2006 Annex B.2, because the individual identification criteria as described in the premises not suitable for China's national conditions. This standard also made the following editorial changes. --- The original text of the "international standard", "ISO 19092", "this part of ISO 19092," and "this part" to "this standard"; --- Delete foreword international standards; --- For the sake of full unity, to define the equal error rate of 4.21 in the "crossover rate (crossoverrate)" was renamed "crossover error rate (Crossovererrorrate) "; --- 9.3.3 column item a) re-registration requirements mentioned. "The use of raw materials credentials, rather than existing biometric template. This method can provide adequate assurance level, depending on the existing biometric templates and technical reliability and Usability "to" use the original voucher material, rather than existing biometric template. This method provides sufficient Guaranteed level, depending on the original certificate of reliability and availability of materials "(errata); --- Table 22 11.4.5 Integrated Circuit Card (ICC) life cycle control 300 "Unless CDF active or re When active, otherwise the IC can not be used for financial transactions "to" unless CDF active or re-active, Otherwise ICC can not be used for financial transactions "(errata); --- C.8 in the "single-factor biometric identification system using a simple probabilistic model [20], the system does not appear in the wrong N users Pr is the probability of mismatch "to" single-factor biometric identification system using a simple probabilistic model [20], with the N System error probability Pr of matching households appear as "(errata). The standard proposed by the People's Bank of China. This standard by the National Standardization Technical Committee on Finance (SAC/TC180) centralized. This standard is drafted by. China Financial Computerization Corporation. Participated in the drafting of this standard. Agricultural Bank of China, CITIC Bank, Shanghai Silver morning Intelligent Recognition Technology Co., Ltd., Beijing Branch of the Rainbow Division Pa Technology Co., Ltd., Beijing Watchdata System Co., Ltd., Hangzhou Chiang Kai-shek biometric authentication technology Co., People's Bank of China Xinghua city center Branch, Taiyuan Central Branch of People's Bank of China, People's Bank of China branch in the city center of Shijiazhuang. The main drafters of this standard. Wang Ping baby, Lushu Chun, Li Shuguang, Liu Yun, Zhao Zheng, Lin Song, Zeng Wenbin, Chiu Chao, Yu Weihua, Wang Xuelin, Liang Ming, Lu Ying, Zhong Zhihui, Zhanglong Long, Jun.

Introduction

With the introduction of computer technology, the business model has changed significantly. Replace the previous paper electronic trading transactions, reduces costs This improves the efficiency. These transactions are in an open network environment, there is a risk of data corruption, the financial sector needs to take appropriate Measures to deal with these risks. Biometrics, the "who you are or what to do," the means of identification, there have been a number of years, including such as fingerprint recognition, voice recognition Do not, eyes scanning, face recognition like. Biometrics in increased reliability at the same time, gradually reduce the cost to the financial industry Implementation possible. This standard describes the use of biometric identification technology as a mechanism to protect remote electronic access to the financial industry or local physical access Mechanisms and processes. Biometrics can be used as a physical or logical access to personnel identification. Can include logical access to applications, services or grant Access. This standard promotes biometric applications in the financial industry, and promote the biometric information of a commercial management Part of the organization's information security management. This standard through the use of biometric technology to provide higher strength and more a result of differential mode Sub-authentication mechanism, public key infrastructure (PKI) to provide stronger authentication mechanism. In addition, the standard allows duplicate acknowledgment generate digital signatures People actually have access to the private person. Widely used biometric recognition system built on a number of factors, existing biometric technology on these factors table Now different, these factors include. --- Convenience and ease of use; --- External level of safety; ---performance; --- Non-invasive. The standard authentication mechanisms discussed limited to closed user groups, community members have agreed to use biometric technology for identity Recognition. These agreements may be the dominant form (such as service agreements), or implicit form (such as access to a facility that is shown to have a transaction executed Motivation). Uncertain regulatory system personnel are not within the scope of this standard discussion. This standard describes a technique for maintaining the integrity and confidentiality of biometric information, and provide authentication mechanism. However, the standard does not Ensure implementation of an adequate safety. Financial institutions have a responsibility to set the appropriate whole business processes and make the necessary controls to ensure business Process safe operation. In addition, in order to verify compliance with this standard of consistency, control measures should include appropriate audit tests. Financial Services Biometrics Security Framework

1 Scope

This standard specifies the use of the financial industry biometric identification mechanisms personnel identity security framework introduces biometric identification technology Type describes the relevant application problems. This standard also describes the implementation architecture, details the minimum requirements for safe and effective management, but also for Professional provides control objectives and recommendations. The criteria include. --- Using biometric recognition technology, by verifying the claimed identity or identify their individual identity of persons involved in financial services and Employee identity identification; --- Based on the risk management requirements of the registration certificate submitted by the user for confirmation to support authentication; --- Throughout the life cycle, including registration, transmission, storage, identification, identification and termination processes, biometric letter Information management; --- Biometric information security in their life cycle, including data integrity, origin authentication and confidentiality; --- Biometric mechanism in logical and physical access control applications; --- Protect financial institutions and their customers control measures; --- Throughout the biometric information life cycle used in the physical hardware security. This standard does not include. --- Individual biometric information privacy and ownership; --- The data acquisition, signal processing and biometric data matches biometric matching decision-making process and other aspects of the specific technology; --- Biometrics convenience of non-discrimination in respect of the application, such as speech recognition, user interaction and anonymous access control, etc. usage of. This standard applies because of data confidentiality or other reasons to encrypt biometric information will be mandatory. Although this standard does not address the use of biometric technologies specific requirements and restrictions on business applications, but other criteria may discuss On these issues.

2 Compliance

If specific biometric identification system implementation to meet this standard management and security requirements, it can be claimed that it complies with this standard. Adopts this proposed standard password packet request and take appropriate policy measures and biometric identification systems operation process, it It could claim to comply with the standard. By meeting this standard Chapter 9 and Chapter 10 of the management and security requirements, biometric identification systems to meet the many aspects Compliance requirements and be able to verify their implementation, related policies, procedures, whether operating in Chapter 11 confirmation control objectives. phase Closing mechanism can be used as specified in Appendix A biometric event log to record the operational requirements of the present standard of compliance.

3 Normative References

The following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 27912-2011_English be delivered?

Answer: Upon your order, we will start to translate GB/T 27912-2011_English as soon as possible, and keep you informed of the progress. The lead time is typically 6 ~ 10 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 27912-2011_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 27912-2011_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.