Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 38671-2020 English PDF (GBT38671-2020)

GB/T 38671-2020 English PDF (GBT38671-2020)

Regular price $395.00 USD
Regular price Sale price $395.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 38671-2020 to get it for Purchase Approval, Bank TT...

GB/T 38671-2020: Information security technology -- Technical requirements for remote face recognition system

This Standard stipulates the functions, performance, security requirements and security assurance requirements of information system that adopts face recognition technology for remote identity authentication on the server side. This Standard is applicable to the research, development and testing of information system that adopts face recognition technology for remote identity authentication on the server side. The management of the system may take this as a reference.
GB/T 38671-2020
GB
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology - Technical
Requirements for Remote Face Recognition System
ISSUED ON: APRIL 28, 2020
IMPLEMENTED ON: NOVEMBER 1, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of the PEOPLE Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms, Definitions and Abbreviations ... 4
4 Overview ... 7
5 Security Classification ... 10
6 Functional Requirements ... 10
7 Performance Requirements ... 22
8 Security Function Requirements ... 23
9 Security Assurance Requirements ... 33
Appendix A (informative) Correspondence between Basic Level and Enhanced Level of Remote Face Recognition System ... 34
Appendix B (informative) Security Description of Remote Face Recognition System ... 36
Bibliography ... 43
Information Security Technology - Technical
Requirements for Remote Face Recognition System
1 Scope
This Standard stipulates the functions, performance, security requirements and security assurance requirements of information system that adopts face recognition technology for remote identity authentication on the server side.
This Standard is applicable to the research, development and testing of information system that adopts face recognition technology for remote identity authentication on the server side. The management of the system may take this as a reference. 2 Normative References
The following documents are indispensable to the application of this document. In terms of references with a specified date, only versions with a specified date are applicable to this document. In terms of references without a specified date, the latest version (including all the modifications) is applicable to this document. GB/T 18336.3-2015 Information Technology - Security Techniques - Evaluation Criteria for IT Security - Part 3: Security Assurance Components
GB/T 20271-2006 Information Security Technology - Common Security Techniques Requirement for Information System
GB/T 26238-2010 Information Technology - Terminology for Biometrics
GB/T 29268.1-2012 Information Technology - Biometric Performance Testing and Reporting - Part 1: Principles and Framework
GB/T 36651-2018 Information Security Techniques - Biometric Authentication Protocol Framework Based on Trusted Environment
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
What is defined in GB/T 20271-2006, GB/T 26238-2010, GB/T 29268.1-2012 and GB/T 36651-2018, and the following terms and definitions are applicable to this document. 3.1.1 Biometrics; biometric recognition
Figure 1 -- System Reference Model
4.2 Description of Client Side
4.2.1 Environment detection
Detect the environmental conditions of face collection; determine whether the environment, in which, the face characteristics are collected, satisfies the collection requirements. Thus, determine whether face collection shall be initiated. 4.2.2 Face image collection
Analyze and process sample data, for example, the input pictures or videos. Extract face images that satisfy the quality conditions for face characteristic extraction and comparison.
4.2.3 Living body detection
Detect and judge whether the collected subject is a live face and whether it is attack by a prosthetic face. When conditions allow, determine whether the face comparison object is a real and valid human face on the client side. If the living body detection fails, then, no further processing shall be performed.
4.2.4 Quality detection
Judge the quality of face images. This module is often combined with the face detection and collection module to output face images of the best quality, for the subsequent characteristic-based modeling and comparison. If the face quality detection fails, then, no further processing shall be performed.
4.2.5 Security management
Conduct security management of sensitive data, such as: client-side passwords, configuration parameters and user data, etc.
4.3 Description of Server Side
4.3.1 Living body judgment
Conduct secondary judgment of information collected during the live face detection process on the client side. Combine the detection results of the client side to complete the final living body judgment.
4.3.2 Quality judgment
Judge the quality of biometric information uploaded to the server side. 4.3.3 Face database
5 Security Classification
The functions, performance and security requirements of the remote face recognition system are divided into basic level and enhanced level. The boldfaces are the newly added requirements of the enhanced level in comparison with the basic level. The brief correspondence between the basic level and the enhanced level is shown in Appendix A; the system security description is shown in Appendix B. Relevant content of this Standard that involves cryptographic algorithm shall be implemented in accordance with the relevant national laws and regulations. Those involving the application of cryptographic technology to solve the requirements of confidentiality, integrity, authenticity and non-repudiation must comply with the national standards and industry standards related to cryptography.
6 Functional Requirements
6.1 Basic-level Requirements
6.1.1 User identification
The function of user identification shall be designed and implemented through the following aspects:
a) All users shall carry out user identification during the registration; b) It shall have uniqueness;
c) User identification information shall be managed and maintained, so as to ensure that it is not unauthorizedly accessed, modified or deleted.
6.1.2 Face image collection and processing
The face image collection and processing shall be equipped with the following functions:
a) During the face data collection process, data, for example, personal information shall be prevented from being leaked;
b) The integrity and consistency of the collected data should be verified; c) The data collection process should be tracked and recorded; the traceability of face collection data should be supported;
d) The authenticity of the collected data should be ensured;
e) After collection, residual information shall be eliminated.
6.1.5.1 Face data registration
The modes of registration include on-site registration and remote registration. If the user uses the client-side device for registration, the registration process shall be performed in a trusted environment.
6.1.5.2 Face data deregistration
Face data deregistration shall satisfy the following requirements:
a) The deregistration participant is the user who wishes to deregister. b) Before the deregistration, verify the identity of the authorized de-registrant. c) After the deregistration, the face data in the memory must be destroyed and cannot be repeatedly used. It needs to be collected again for the next use. 6.1.5.3 Face data registration and loading
When loading face data in bulk during the face data registration process, this function shall:
a) Establish security strategies, modes and access control mechanisms for the loading of collected data among different data sources and different security domains;
b) Ensure the correctness and consistency of data during the loading of face data;
c) Ensure the security protection of data during the loading of face data; d) Record and store the processing of personal information data, for example, human face, during the loading of face data.
6.1.6 User authentication
6.1.6.1 Authentication timing
Before the actions required by the security function of the face recognition system are executed, firstly, the user who is required to execute the actions shall be authenticated. Those who fail the authentication will not execute the actions.
6.1.6.2 Face verification
If the function of face verification is provided, then, the following functions shall be possessed:
a) During face verification, UID shall be provided;
d) When the above attacks or unauthorized operation events occur, the service shall be cancelled, and an alarm shall be triggered.
6.1.6.6 Decision-making feedback protection
The face recognition decision-making feedback protection shall satisfy the following requirements:
a) In accordance with the face recognition decision-making strategy, return the face recognition comparison results; protect the integrity of the feedback results;
b) During the recognition process, the feedback information provided to the user shall be prevented from disclosing the user?€?s face characteristic information data;
c) It shall only return whether or not it passes, and cannot feedback the recognition score, so as to prevent mountain-climbing attack.
6.1.6.7 Specification of secrets
A mechanism shall be provided to verify whether the extracted face characteristic template satisfies the corresponding quality measurement.
When secret information, for example, face characteristic template used for identity authentication is generated by the face recognition system, the system shall be able to generate secret information that meets the quality requirements for secret information. The quality of secret information includes the template size. The requirements for the quality measurement of the secret information shall be formulated by the security administrator.
6.1.6.8 Authentication failure
6.1.6.8.1 Basic requirements
By pre-defining the value of unsuccessful authentication attempts (including the threshold of the number and the time of attempts), and explicitly specifying the measures that shall be taken when this value is reached, the processing of authentication failure is implemented.
6.1.6.8.2 Failure determination
During the recognition process, when the following situations occur, the system determines that the recognition fails:
a) Device failure: the face collector is malfunctioning and cannot successfully capture images;
c) After the deregistration, the face data in the memory must be destroyed and cannot be repeatedly used. It needs to be collected again for the next use. 6.2.5.3 Face data registration and loading
When loading face data during the face data registration process, this function shall: a) Establish security strategies, modes and access control mechanisms for the loading of collected data among different data sources and different security domains;
b) Ensure the correctness and consistency of data during the loading of face data;
c) Ensure the security protection of data during the loading of face data; d) Record and store the processing of personal information data, for example, human face, during the loading of face data;
e) The failure recovery method and mechanism for data loading shall be
established; it shall be equipped with the capability of handling loading data consistency detection and problem control shall be equipped.
6.2.6 User authentication
6.2.6.1 Authentication timing
Before the actions required by the security function of the face recognition system are executed, firstly, the user who is required to execute the actions shall be successfully authenticated.
6.2.6.2 Face verification
If the function of face verification is provided, then, the following functions shall be possessed:
a) During face verification, UID shall be provided;
b) In accordance with the user?€?s identity information, retrieve the user?€?s face template;
c) Execute the data packet verification function to check the integrity of the user?€?s face template;
d) Execute the data packet verification function to check the integrity of the user?€?s collection sample;
e) Compare the face sample characteristics collected and generated in real time c) Forgery of paper masks: it shall be able to detect or prevent the counterfeiting of using most paper masks on human faces;
d) Anti-video forgery: it shall be able to detect or prevent the use of splicing, replacement and video remaking for forgery;
e) Anti-face CG synthesis forgery: it shall be able to detect or prevent the use of CG technology to synthesize single or multiple face images into
face videos or 3D face models for forgery;
f) Anti-prosthetic mask forgery: it shall be able to detect or prevent
counterfeiting of using most human face 3D prosthetic masks (resin
masks and silicone masks);
g) When the above attacks or unauthorized operation events occur, the service shall be cancelled, and an alarm shall be triggered.
6.2.6.7 Decision-making feedback protection
The face recognition decision-making feedback protection shall satisfy the following requirements:
a) In accordance with the face recognition decision-making strategy, return the face recognition comparison results; protect the integrity of the feedback results;
b) During the recognition process, the feedback information provided to the user shall be prevented from disclosing the user?€?s face characteristic information data.
6.2.6.8 Specification of secrets
A mechanism shall be provided to verify whether the extracted face characteristic template satisfies the corresponding quality measurement.
When secret information, for example, face characteristic template used for identity authentication is generated by the face recognition system, the system shall be able to generate secret information that meets the quality requirements for secret information. The quality of secret information includes the template size. The requirements for the quality measurement of the secret information shall be formulated by the security administrator.
6.2.6.9 Authentication failure
6.2.6.9.1 Basic requirements
By pre-defining the value of unsuccessful authentication attempts (including the or, there is no user candidate in the stored face template during face
recognition, then, warning message shall be provided;
b) When forged recognition images, recognition data, or, copied and
unauthorized saving of images and data, or, non-live faces or unauthorized database operations are detected, alarm messages shall be provided.
7 Performance Requirements
7.1 Basic-level Requirements
7.1.1 Face registration
The system?€?s face registration failure rate shall be not greater than 1%. 7.1.2 Face verification
When the false accept rate is 0.1%, the false reject rate shall be not greater than 5%. 7.1.3 Capabilities of living body detection and prevention
7.1.3.1 Types of attack
The system shall have defensive measures against the following types of attacks: ---Basic-level living body detection (static attack), which can prevent the following means of attack: printed ordinary face photo, high-definition face paper photo, face photo replayed on mobile terminal screen and paper mask.
7.1.3.2 Normal pass rate
The normal pass rate of the system?€?s living body detection shall be not less than 95%. 7.1.3.3 Attack reject rate
The attack reject rate of the system?€?s living body detection shall be not less than 99%. 7.2 Enhanced-level Requirements
7.2.1 Face registration
The failure rate of the system?€?s face registration shall be not more than 0.1%. 7.2.2 Face verification
When the false accept rate is 0.01%, the false reject rate shall be not more than 5%.
6) Counterfeit face masks;
7) Forged characteristic data or tampered identification result data, user attribute data and configuration management data;
8) Attempts to save face images;
9) Unauthorized storage of characteristic data;
10) Unauthorized database operations.
b) Audit record shall at least include: the date and time of event, the user, the type of event, whether the event is successful, and other audit-related information.
In the log records, there shall be no plain text of face characteristic templates, private keys, symmetric keys and other security-related parameters.
The audit function component shall be able to associate auditable event with the identity of the user who initiated the event.
c) For identity authentication events, audit record shall include the source of request (for example, device identifier).
8.1.1.2 Security audit review
In accordance with different requirements for security audit, security audit review is divided into:
a) The audit function component shall provide the administrator with the capability of reviewing all information in the log.
b) The audit function component shall provide the reader with log information in a mode suitable for reading and interpretation.
8.1.1.3 Security audit event selection
The audit function component shall be able to select or exclude auditable events in the audit event set based on the following attributes:
User ID, type of event, subject ID, object ID, etc.
8.1.1.4 Security audit event storage
In accordance with different requirements for security audit, security audit event storage is divided into:
a) Storage of protected audit trails: the storage of audit trails is properly protected, faces; satisfy the requirements for data confidentiality protection;
b) Utilize the storage access control module to implement the face data user identification and authentication strategy and data access control strategy; implement related security control measures; prevent unauthorized access to user face data.
8.1.2.3 Data transmission security
Corresponding security control measures that satisfy the data transmission security strategy shall be adopted, for example, data encryption, so as to protect the transmission of face recognition data.
8.1.3 Personal information protection
Citizens?€? personal privacy information, for example, user face template, shall be protected, which includes, but is not limited to the following functions: a) No association protection: prevent the association with the stored face template data through the application or database;
b) Confidentiality protection: prevent unauthorized users from accessing the face template data;
c) Residual information protection: it is requested that the system?€?s security function shall be able to ensure that when allocating or recycling resources of a defined object within the scope of security control, the residual information is unavailable.
8.1.4 Timestamp
The system?€?s security function shall be able to provide a reliable timestamp for its own application.
8.1.5 Backup and recovery
The system shall have the function of backup and recovery. When there is a fault that causes information loss during the system operation, it shall perform information recovery. When there is a fault that causes system failure during the system operation, it shall perform system recovery.
8.1.6 Security management
The system shall provide role definitions of system administrator, security administrator and audit administrator.
System administrator: install, configurate and maintain the system; establish and manage user accounts; execute system backup and recovery.
There are two types of subjects in the system: one is privileged users, including system administrators, system security officers and system auditors; the other is system processes that handle specialized transactions.
The object in the system refers to the object that can be operated by the subject, including the object of image processing and data storage, and the process of user service. The f...

View full details