IEEE 2410-2019 pdf download

IEEE 2410-2019 pdf download.IEEE Standard for Biometric Open Protocol
The Biometric Open Protocol Standard (BOPS) provides three application-programming interface (API) calls to support biometric identification and authentication including liveness. The BOPS implementation allows the systems to meet security needs by using the API.
The BOPS implementation need not know whether the underlying system is a machine learning model, a relational database management system (RDBMS), or a search engine.
The BOPS implementation functionality offers a“point-and-cut mechanism to add the appropriate security to the production systems as well as to the systems in development. Additionally, BOPS includes the biometric identification that the industry frequently calls the“one -to many (1:M) case.
In the past, biometric identfication was not considered because it requires a lookup against previously stored biometrics and this lookup required indexing and storing the biometric in plain text biometric identification. This speification includes biometric identification by using biometric features vectors as input to the enroll endpoint, biometric feature vectors as input to the predict endpoint, and either video or audio as input to the liveness endpoint.
1.2 Purpose
This standard provides a biometric-agnostic security protocol for authentication, identifcation, and liveness.
1.3 Intended audience
The intended audience of this document includes security evaluators, system underwriters, developers, and systems engineers. The BOPS is subject to changes and updates.
2. Normative references
The following referenced documents are indispensable for the application of this document (i.e., they must be understood and used, so each referenced document is cited in text and its relationship to this document is explained).
For dated references, only the edition cited applies. For undated references, the latest edition ofthe referenced document (including any amendments or corrigenda) applies.
The Trusted Computer System Evaluation Criteria (Mitre 1984).’
3. Definitions, acronyms, and abbreviations
3.1 Definitions
For the purposes of this document, the following terms and definitions apply. The IEE Standards Dictionary Online should be consulted for terms not defined in this clause.2
account: A user account that was validated (against an external system or by an email validation mechanism).
The enrollment process ends by processing a client for subsequent calls to predict against the BOPS platform.
RESTful: Refers to Representational State Transfer (REST), which is a software architecture style.
4. Conformance
The BOPS comprises the rules governing secure communication between a variety of client devices and the trusted server. This standard is based on the tested computer-based implementation of the Trusted Computer System Evaluation Criteria (TCSEC).3 BOPS conforms to the TCSEC, which is the U.S.
Department ofDefense standard that sets basic requirements for asssing the effectiveness of computer security controls built into a computer system. TCSEC was . created by the National Computer Security Center, an arm of the National Scurity Agency (NSA) and is also frequently referred as“Orange Book, section B1.” BOPS also conforms to the Director of the Central Intelligence Dirctive 6/3 protection level 3, level 4, and level 5 (PL3, PL4, and PL5), and to the standards of the Multiple Independent Levels of Security/Safety (MILS) architecture. 5. Security considerations 5.1 General information BOPS largely considers the server side component of an end-to-end biometric solution.
This solution is recorded as IEEE Std 2410TM-2015 and IEEE Std 2410TM-2017 and now the greatly simplified IEEE Std 2410TM-2019, which describes all the components necessary for the server side of end-to-end biometric security. The standard lists requirements for the client component to comply with the Server Side Solution.
The standard describes a set of new technologies including, but not limited to, liveness.“Liveness” is a term that means ensuring the biometric is from a live source, such as a human being, and not from an imitation, such as a wax replica, a picture, or a video. This technology shall be implemented on a public cloud or any private cloud. The specification makes no assumptions of the *how* of a solution. The specification describes the“what” and the overall goals of the solution. Users no longer have to remember their passwords and risk having their passwords end up in the wrong hands. BOPS provides a framework for safety and convenience. Biometrics are part of us, unique to us, and excellent for leveraging in a secure solution. BOPS is an enterprise grade solution that handles any size user space and requirements for fault tolerance and load balancing. Using multiple rounds of penetration tests, the IEEE vetting process, and industry and client critiques, BOPS has been validated. This mature and secure framework provides an end to end solution without the compromise of privacy.IEEE 2410 pdf download.IEEE 2410-2019 pdf download