Zu Produktinformationen springen
1 von 8

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 36651-2018 English PDF (GBT36651-2018)

GB/T 36651-2018 English PDF (GBT36651-2018)

Normaler Preis $380.00 USD
Normaler Preis Verkaufspreis $380.00 USD
Sale Ausverkauft
Versand wird beim Checkout berechnet
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 36651-2018
Historical versions: GB/T 36651-2018
Preview True-PDF (Reload/Scroll if blank)

GB/T 36651-2018: Information security techniques -- Biometric authentication protocol framework based on trusted environment
GB/T 36651-2018
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security techniques - Biometric authentication
protocol framework based on trusted environment
ISSUED ON: OCTOBER 10, 2018
IMPLEMENTED ON: MAY 01, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3 
1 Scope ... 4 
2 Normative references ... 4 
3 Terms and definitions... 4 
4 Abbreviations ... 8 
5 Protocol framework ... 8 
5.1 Overview ... 8 
5.2 Registration ... 11 
5.3 Authentication ... 12 
5.4 Deregister ... 13 
6 Protocol process and rules ... 14 
6.1 Registration process ... 14 
6.2 Authentication process ... 17 
6.3 Deregister process ... 19 
7 Protocol interface ... 20 
7.1 Overview ... 20 
7.2 Interface of biometric authentication key manager ... 21 
Appendix A (Informative) Protocol message ... 22 
Appendix B (Informative) Protocol message related data structures ... 26 
Appendix C (Informative) Protocol interface ... 33 
References ... 36 
Information security techniques - Biometric authentication
protocol framework based on trusted environment
1 Scope
This standard specifies the biometric authentication protocol framework based on
trusted environment, including protocol framework, protocol process, protocol rules,
protocol interface, etc.
This standard applies to the development, test, evaluation of biometric authentication
services.
2 Normative references
The following documents are essential to the application of this document. For the dated
documents, only the versions with the dates indicated are applicable to this document;
for the undated documents, only the latest version (including all the amendments) is
applicable to this standard.
GB/T 25069-2010 Information security technology - Glossary
3 Terms and definitions
The terms and definitions as defined in GB/T 25069-2010, as well as the following
terms and definitions, apply to this document.
3.1
Trusted environment
A secure area on a user's device, that guarantees the security of data, which is loaded
into it, including confidentiality, integrity, availability, such as Trusted Execution
Environment (TEE), Secure Element (SE), Trusted Cryptographic Module (TCM)
or other protected areas with secured boundaries.
3.2
Biometric authentication
The use of biometric authentication technology to identify the user's identity.
a trust relationship with the relying party. Figure 1 depicts a scenario on the
realization of IdP that has a trust relationship with the relying party. The identity
authentication server stores the user's authentication public key, which is the
authentication public key, as generated by the biometric authentication key
manager, when the user registers with the identity authentication server, using the
biometric authentication key manager.
- The biometric authentication key manager is integrated in the trusted environment;
it stores the vendor private key and authentication private key. The authentication
private key is the authentication private key, which is generated by the biometric
authentication key manager, when the user uses the biometric authentication key
manager to register, with the identity authentication server; it is used by the identity
authentication server, to authenticate the user's identity. The biometric
authentication key manager can interact with multiple biometric matchers.
This standard does not specify the specific implementation of the IdP's delivery of the
identity authentication protocol message to the biometric authentication key manager.
E.g.: When the identity authentication server belongs to an IdP independent of the
relying party, the relying party can redirect the user equipment to the identity
authentication server, using the redirection mechanism, so that the identity
authentication server can directly interact with the user equipment, thereby submitting
the identity authentication protocol message to the biometric authentication key
manager; when the relying party internally deploys the IdP, it shall guarantee the
security of the forwarding information.
Any content related to cryptographic algorithms, in this standard, shall be implemented
in accordance with relevant national regulations. Those involving the use of
cryptographic technology to solve the needs of confidentiality, integrity, authenticity,
non-repudiation, must follow the relevant national standards and industry standards for
cryptography.
The biometric authentication protocol, based on trusted environment, consists of three
sessions between biometric authentication key manager and authentication server.
Before conducting these three sessions, the identity authentication server checks
whether the user equipment supports this protocol, by calling the discovery method.
The three sessions are as follows:
- Registration: The user registers the authentication public key, which is generated
by the biometric authentication key manager, to the identity authentication server;
- Authentication: The user uses the registered biometric authentication key manager,
for identity authentication;
- Deregister: The user will delete the authentication public key, which is registered
to the authentication server.
authenticity of the identity authentication server. If the verification is passed, the
user will be prompted to select an available biometric matcher; otherwise, the
message will be rejected.
c) The user selects the appropriate biometric matcher; uses the biometric information
to unlock the biometric authentication key manager (register if the user has not
previously registered biometric information to the biometric matcher; if the user
has registered, use the registered biometric authentication information to
complete the unlocking process), to complete the user's biometric authentication
verification. After the user's biometric authentication verification is successful,
the biometric authentication key manager creates a pair of unique authentication
public and private keys, which are associated with the biometric authentication
key manager and the identity authentication server; the authentication private key
is stored in the local biometric authentication key manager, it does not allow
export from biometric authentication key manager. If the biometric authentication
key manager does not have the ability to save the authentication private key,
THEN, the biometric authentication key manager encrypts the authentication
private key, then saves the encrypted authentication private key in the user
equipment. The key, which is used for encrypting the user's private key, is stored
in the biometric authentication key manager; it does not allow export from the
biometric authentication key manager.
d) The biometric authentication key manager generates key registration data (the key
registration data contains the authentication public key, which is generated in the
previous step); then generates a registration response message (the registration
response message contains the key registration data, as well as the sign value,
which uses the vendor private key to sign the private key registration data); sends
the registration response message to the identity authentication server.
e) The identity authentication server uses the vendor public key, to verify the
signature in the registration response message. If t...
Vollständige Details anzeigen