Skip to product information
1 of 8

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 37036.1-2018 English PDF (GBT37036.1-2018)

GB/T 37036.1-2018 English PDF (GBT37036.1-2018)

Regular price $190.00 USD
Regular price Sale price $190.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds (Download full-editable-PDF + Invoice).
Quotation: Click GB/T 37036.1-2018>>Add to cart>>Quote
Editable-PDF Preview (Reload if blank, scroll for next page)

GB/T 37036.1-2018: Information technology -- Biometrics used with mobile devices -- Part 1: General requirement
This Part of GB/T 37036 specifies the technology architecture, general process, functional requirements and security requirements of biometrics used with mobile devices. This Part is applicable to the design, production, integration and application of biometric system used with mobile devices.
GB/T 37036.1-2018
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.240.15
L 71
Information Technology - Biometrics Used with Mobile
Devices - Part 1: General Requirement
ISSUED ON: DECEMBER 28, 2018
IMPLEMENTED ON: JULY 1, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Technology Architecture ... 6
5 General Process ... 7
6 Functional Requirements ... 8
7 Security Requirements ... 12
Appendix A (informative) A Typical Application Scenario of Biometrics Used with Mobile Devices ... 15
Bibliography ... 17
Information Technology - Biometrics Used with Mobile
Devices - Part 1: General Requirement
1 Scope
This Part of GB/T 37036 specifies the technology architecture, general process, functional requirements and security requirements of biometrics used with mobile devices.
This Part is applicable to the design, production, integration and application of biometric system used with mobile devices.
2 Normative References
The following documents are indispensable to the application of this document. In terms of references with a specified date, only versions with a specified date are applicable to this document. In terms of references without a specified date, the latest version (including all the modifications) is applicable to this document. GB/T 26237 (all parts) Information Technology - Biometric Data Interchange Formats GB/T 26238 Information Technology - Terminology for Biometrics
GB/T 33767.1-2017 Information Technology - Biometric Sample Quality - Part 1: Framework
GB/T 35273-2017 Information Security Technology - Personal Information Security Specification
ISO/IEC 30107 Information Technology - Biometric Presentation Attack Detection 3 Terms and Definitions
What is defined in GB/T 26238, and the following terms and definitions are applicable to this document.
3.1 Mobile Device
Mobile device refers to a small and hand-held information technology product that can be connected to the network.
NOTE: Mobile devices may include tablet computers and mobile smart terminals. the mobile device, which has a relatively strong security capability to ensure that the application programs and sensitive data running in it are stored, processed and protected in a relatively trusted environment.
4 Technology Architecture
The biometric technology architecture used with mobile devices is mainly constituted of several functional modules on the mobile device side and the server side, which mainly include: biometric collection module, biometric storage module and biometric comparison module, etc. Specifically speaking, biometric collection module includes sub-functional modules like biometric sample collection, quality judgment, presentation attack detection and biometric item extraction. Biometric sample collection collects user’s biometric samples by accessing the biometric collection elements (such as: image collection element, audio collection element and fingerprint sensing element, etc.) in the mobile device.
Under normal circumstances, the biometric process on mobile device may be locally completed in the mobile device; the biometric result is output to the mobile application calling the biometric service. The mobile application is a service caller of biometrics in a mobile device. It can provide a system service to an independent mobile application software, a functional module in the mobile application software or the mobile device operating system. In certain application scenarios, some modules or sub-modules of biometrics, such as: quality judgment, presentation attack detection and biometric item extraction, as well as biometric storage module and biometric comparison module, can complete the corresponding functions on the server side.
See Appendix A for a typical application scenario of biometrics used with mobile devices.
The technology architecture of biometrics used with mobile devices is shown in Figure 1.
2) The biometric collection module in the mobile device collects the user’s biometric samples, and through quality judgment and presentation attack detection, further extracts the user’s biometric items.
3) Store the user’s biometric items in the biometric storage module as this user’s biometric template; associate it with the user’s identity.
4) End the enrollment process.
b) The recognition process includes the following steps:
1) The user initiates the recognition process in the mobile device.
2) The biometric collection module in the mobile device collects the user’s biometric samples, and through quality judgment and presentation attack detection, further extracts the user’s biometric items.
3) Compare the extracted user biometric items with one or multiple biometric templates stored in the biometric storage module.
4) In accordance with the comparison result, make recognition decisions and output the recognition results.
5) End the recognition process.
c) The log-out process includes the following steps:
1) The user initiates the log-out process on a mobile device.
2) In the biometric storage module in the mobile device, delete all the biometric templates associated with the user to be logged out; delete the identity of the user to be logged out.
3) End the log-out process.
6 Functional Requirements
6.1 General Requirements
6.1.1 Basic functions
The basic functions of biometrics used with mobile devices include, but are not limited to:
a) It should be applicable to users of difference races and ages;
b) It should be applicable to mobile device users and biometric system
administrators;
biometric comparison. An irreversible mode should be adopted to extract biometric items from user’s biometric samples;
d) It shall be able to transmit the extracted user’s biometric items to the subsequent processing modules, for example, biometric storage module or biometric comparison module;
e) It shall be equipped with the capability of determining and handling abnormal conditions, such as corresponding processing mechanisms for biometric
sample collection failure, failed biometric sample quality judgment, detection of presentation attacks and biometric item extraction failure, etc.
6.2.2 Quality judgment
It shall be able to judge the quality of the collected user’s biometric samples, so as to determine whether the current biometric samples meet the requirements of biometric processing.
When the biometric samples fail to pass the quality judgment, it shall be equipped with a corresponding processing mechanism, for example, prompting the user to re-collect, or prompting that there is a failure.
In accordance with different biometric modalities, the basis for quality judgment shall comply with the requirements of GB/T 33767.1-2017 for sample quality.
6.2.3 Presentation attack detection
It shall be able to conduct presentation attack detection on the currently collected user’s biometric samples, so as to prevent malicious forgery. When presentation attack is detected, there shall be corresponding processing mechanism, for example, failure / error prompts or risk prompts.
Presentation attack detection shall comply with the methods of ISO/IEC 30107. 6.2.4 Data interchange format
For the successfully collected user’s biometric data, the extensions shall include event identifier, unique device identifier, date and time of collection, and description of the biometric samples.
The storage and transmission process shall support the biometric data interchange formats specified in GB/T 26237 (all parts).
6.3 Biometric Storage Module
Biometric storage module shall provide the following functions, which include, but are not limited to:
7 Security Requirements
7.1 General Requirements
The general security requirements of biometrics used with mobile devices include, but are not limited to:
a) It shall be equipped with an effective security mechanism, so as to ensure that the current operator has the legal authority to complete user enrollment, update and log-out. Appropriate mechanism and procedures should be
adopted to confirm the true identity of the current enrollee during the user enrollment process;
b) If biometrics supports different user permissions, there shall be an effective security mechanism to ensure that users with different permissions can only perform corresponding operations within their authorized scope.
7.2 Security of Biometric Collection Module
The security requirements for biometric collection module used with mobile devices include, but are not limited to:
a) The collection process shall be implemented in an independent logical domain or physical domain;
b) It shall be equipped with an effective security mechanism, so as to ensure the confidentiality and integrity of user’s biometric data during the biometric sample collection, quality judgment, presentation attack detection, biometric item extraction and transmission process;
c) User’s biometric samples that fail to pass the quality judgment shall be removed in time; ensure that they are not recoverable;
d) After the extraction of biometric items is completed, the user’s biometric samples shall be removed in time; ensure that they are not recoverable; e) The trusted execution environment or security unit of the mobile device should be combined to implement the above security mechanism.
7.3 Security of Biometric Storage Module
The security requirements for biometric storage module used with mobile devices include, but are not limited to:
a) It shall be equipped with an effective security mechanism to prevent unauthorized access to the biometric storage module;
d) An effective security mechanism shall be adopted to ensure the integrity of the output of the recognition result; ensure that it is not illegally tampered with; e) The trusted execution environment or security unit of the mobile device should be combined to implement the above security mechanism.
7.5 Security Environment
If the mobile device supports secure environment, for example, trusted execution environment or security unit, during the biometric collection, storage and comparison process:
a) Biometric collection module located in the trusted execution environment should be used to collect the user’s biometric samples;
b) Quality judgment, presentation attack detection and biometric item extraction should be conducted on the collected user’s biometric samples in a trusted execution environment;
c) If the biometric storage and comparison module is implemented in a mobile device, the biometric storage and comparison shall be implemented in a
trusted execution environment;
d) Security services in the trusted execution environment or security unit should be used, such as: secure encryption and decryption service, secure clock service and random number service, etc.;
e) Through the trusted interactive interface in the trusted execution environment, interaction with the user should be implemented;
f) The key involved shall be stored in the trusted execution environment or security unit;
g) Data interchange with the biometric collection module or mobile applications located in the rich execution environment is needed, there shall be an effective security mechanism to verify the legitimacy of the interchange object in the rich execution environment. During the data interchange process, a secure channel mechanism should be adopted to guarantee the integrity and
confidentiality of the interchanged data during the data interchange process.
View full details