GB/T 27912-2011
Financial services.Biometrics.Security framework (English Version)

Standard No.
GB/T 27912-2011
Language
Chinese, Available in English version
Release Date
2011
Published By
General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
Latest
GB/T 27912-2011
Scope
This standard specifies the security framework for the financial industry to use biometric identification mechanisms to identify personnel, introduces the types of biometric identification technologies, and expounds related application issues. This standard also describes the implementation architecture, specifies the minimum security requirements for effective management, and provides control objectives and usage suggestions for professionals. This standard includes: ——Using biometric technology to authenticate the identity of persons and employees participating in financial services by verifying their claimed identities or identifying their individual identities; Confirmation of credentials to support identity authentication; ——Manage biometric information throughout the life cycle, including registration, transmission, storage, identity confirmation, identification, and termination; ——Biometric information in its life cycle Security throughout the lifecycle, including data integrity, origin authentication and confidentiality; — the application of biometric mechanisms for logical and physical access control; — monitoring measures to protect the financial institution and its customers; Features identify the security of the physical hardware used in the information lifecycle. This standard does not include: ——Privacy and ownership of individual biometric identification information; ——Specific technologies related to data collection, signal processing and matching of biometric data, and biometric matching decision-making process; ——Biometric identification technology Convenience applications in non-authentication, such as speech recognition, user interaction, and anonymous access control. This standard applies to mandatory means of encrypting biometric information due to data confidentiality or other reasons.

GB/T 27912-2011 Referenced Document

  • ISO 10202-3 Financial transaction cards - Security architecture of financial transaction systems using integrated circuit cards - Part 3: Cryptographic key relationships
  • ISO/IEC 19790 Corrigendum 1 - Information technology - Security techniques - Security requirements for cryptographic modules

GB/T 27912-2011 history

Financial services.Biometrics.Security framework


Copyright ©2024 All Rights Reserved