ISO 19092

From Wikipedia the free encyclopedia

ISO 19092 Financial Services - Biometrics, released as ISO 19092 Financial Services - Biometrics - Part 1: Security framework, is an ISO standard and describes the adequate information management security controls and the proper procedures for using biometrics as an authentication mechanism for secure remote electronic access or local physical access controls for the financial and other critical infrastructure industries.[1]

The standard also provides a useful tutorial on biometric systems and technology, describes the physical security requirements of biometric devices, the minimal content for Biometric Policy (BP) and Biometric Practice Statements (BPS), and secure event journal content for review and audit of biometric systems.

Unpublished Part 2

[edit]

There was to be an ISO 19092 Financial Services - Biometrics - Part 2: Message syntax and cryptographic requirements to describes the techniques, protocols, cryptographic requirements, and syntax for using biometrics as an identification and verification mechanism in a wide variety of security applications in the financial industry.[2][3] However, consensus was never reached on this part.[4]

The standard was to provide support for policy based matching decisions for remote authentication and allows biometrics to be used securely with the ISO 8583 retail transaction messaging standard.[5] A secure review and audit event journal syntax was to allow many of the security controls specified in Part 1 to be implemented.[6]

References

[edit]
  1. ^ Bidgoli, Hossein. Handbook of Information Security, Threats, Vulnerabilities, Prevention, Detection, and Management. Germany, Wiley, 2006. 497.
  2. ^ "ISO 19092:2008". ISO. Retrieved 2023-11-10.
  3. ^ "iTeh Standards". iTeh Standards. Retrieved 2023-11-10.
  4. ^ "ISO 19092:2008(en)". www.iso.org. Retrieved 25 August 2024.
  5. ^ Woodward, Jr., John (2004-09-10). "Department of Defense Biometric Standards Development Recommended Approach". hsdl.org.
  6. ^ Lundin, Mark (2005-10-20). "IT and Security Standards A Practical Approach to Implementation" (PDF). sfiasca.org.