Redistributions of documents, or parts of documents, must retain the FISWG cover page containing the disclaimer.

Similar documents
Scientific Working Group on Digital Evidence

This version has been archived. Find the current version at on the Current Documents page. Archived Version. Capture of Live Systems

Scientific Working Group on Digital Evidence

Scientific Working Groups on Digital Evidence and Imaging Technology. SWGDE/SWGIT Recommended Guidelines for Developing Standard Operating Procedures

Scientific Working Group on Digital Evidence

1. Redistributions of documents, or parts of documents, must retain the SWGIT cover page containing the disclaimer.

Scientific Working Group on Digital Evidence

Scientific Working Group on Digital Evidence

Scientific Working Groups on Digital Evidence and Imaging Technology

IETF TRUST. Legal Provisions Relating to IETF Documents. February 12, Effective Date: February 15, 2009

Scientific Working Group on Digital Evidence

EV^CLMH} MEMORANDUM OF UNDERSTANDING BETWEEN THE FEDERAL BUREAU OF INVESTIGATION AND

Ecma International Policy on Submission, Inclusion and Licensing of Software

Ecma International Policy on Submission, Inclusion and Licensing of Software

IETF TRUST. Legal Provisions Relating to IETF Documents. Approved November 6, Effective Date: November 10, 2008

RDMS AUTOMATED FILE EXTRACT SERVICE REQUEST APPROVAL FORM

Managed Security Services - Automated Analysis, Threat Analyst Monitoring and Notification

Have a question? Speak with a member of our team on

American Association for Laboratory Accreditation

1 Siebel Attachments Solution Overview

EU Passport Specification

Oracle Banking Digital Experience

Newsletters We may send out newsletters to our customers providing them with articles and information which we believe may be of interest to you.

PRIVACY POLICY. Article 4 of the EU General Data Protection Regulation defines a data controller and a data processor as follows.

Branding Guidance December 17,

SSC-WG4 Certification Process

I. PURPOSE III. PROCEDURE

New Features in Primavera Professional 15.2

Data Subject Access Request Procedure. Page 1 KubeNet Data Subject Access Request Procedure KN-SOP

Creating Resources on the ZFS Storage Appliance

Copyrights and Privacy Statement

The Open Group Certification for People. Training Course Accreditation Requirements

Bar Code Discovery. Administrator's Guide

US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

CDViewer. User Guide. Version 6.1

Guidelines Concerning the Transmission, Etc. of Specified Electronic Mail

License, Rules, and Application Form

What's New. Features introduced in New Features in Primavera Gateway 17

Microsoft Active Directory Plug-in User s Guide Release

Terms of Use. Changes. General Use.

Air Transport & Travel Industry. Principles, Functional and Business Requirements PNRGOV

Orion Registrar, Inc. Certification Regulations Revision J Effective Date January 23, 2018

END USER LICENSE AGREEMENT PANDA ANTIVIRUS 2007 / PANDA ANTIVIRUS + FIREWALL 2007 / PANDA INTERNET SECURITY 2007

Oracle Responsys Release 18C. New Feature Summary

Oracle Enterprise Manager Ops Center. Introduction. Creating Oracle Solaris 11 Zones 12c Release 2 ( )

Canadian Anti-Spam Legislation (CASL) Compliance Policy. 2. Adopt Canadian Anti-Spam Legislation (CASL) Compliance Policy.

2. Which personal data is processed by SF Studios and from which source does the personal data originate?

Oracle. Engagement Cloud Using Service Request Management. Release 12

Contents. 1 General Terms. Page 1 of 8

Vendor Partnership Manual. Section 6 EDI

Information memorandum. SUNČANI HVAR d.d.

Terms Of Use AGREEMENT BETWEEN USER AND DRAKE MODIFICATION OF THESE TERMS OF USE LINKS TO THIRD PARTY WEB SITES USE OF COOKIES

Accreditation Body Evaluation Procedure for AASHTO R18 Accreditation

SLED Certification of 3 rd Party NCIC/SCIC Applications Overview February 2, 2004

Polycom RealConnect for Microsoft Teams

FRAMEWORK FOR CERTIFICATION OF BIOMETRIC FINGERPRINT SCANNERS. (PUBLIC)

DISADVANTAGED BUSINESS ENTERPRISE PROGRAM. Unified Certification Program OKLAHOMA

Checklist: Credit Union Information Security and Privacy Policies

ALG Associates, LLC ( ALG Associates ) operates a website under. and has created this privacy policy to demonstrate its

Standard Development Timeline

First Federal Savings Bank of Mascoutah, IL Agreement and Disclosures

ArchiMate Certification for People Training Course Accreditation Requirements

MasterCard NFC Mobile Device Approval Guide v July 2015

Privacy Policy May 2018

CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS

APPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME

Electronic Disclosure and Electronic Statement Agreement and Consent

Oracle Mission Critical Support Platform. General. Installation. Troubleshooting. Inventory and Discovery. Frequently Asked Questions Release 2.

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

Siebel Project and Resource Management Administration Guide. Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013

PRIVACY NOTICE 1. Introduction

BAA Oracle EBS R12.1 isupplier Portal Created on 11/26/2012 3:18:00 PM

Superannuation Transaction Network

SCHOOL SUPPLIERS. What schools should be asking!

PeopleSoft Fluid Messages Standard

EnterpriseTrack Reporting Data Model Configuration Guide Version 17

TOP-010-1(i) Real-time Reliability Monitoring and Analysis Capabilities

Memorandum of Understanding

LAW OF THE REPUBLIC OF KAZAKSTAN «ON CERTIFICATION»

Norme NET 4 Européenne de Télécommunication

Standard Development Timeline

0522: Governance of the use of as a valid UNC communication

Data Processing Agreement

OpenFlow Trademark Policy

PayThankYou LLC Privacy Policy

APPLICATION FOR REGISTERING A CHECK IMAGE TEST FOR USE IN X9 CHECK STANDARDS. Reference: ANS X

Managing Business Rules THE BEST RUN. PLANNING AND DESIGN PUBLIC SAP Global Track and Trace Document Version: Cloud 2018.

Oracle Agile Product Lifecycle Management for Process Content Synchronization and Syndication User Guide Release E

Oracle Insurance IStream

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Hardware and Software Configuration

University of Pittsburgh Security Assessment Questionnaire (v1.7)

The Purpose of the processing and legal basis of the processing

Oracle Banking Digital Experience

Oracle Hospitality Cruise Meal Count System Security Guide Release 8.3 E

INFORMATION TO BE GIVEN 2

Service Description: Cisco Technical Services Advantage (Releases 1.0 through 2.3)

Telecommunications Equipment Certification Scheme FEBRUARY 2017

Oracle Retail Furniture Retail System (FRS) Product Spec Sheet Guide Release October 2015

Element Finance Solutions Ltd Data Protection Policy

Deploying Lookout with IBM MaaS360

Transcription:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 Disclaimer: As a condition to the use of this document and the information contained herein, the Facial Identification Scientific Working Group (FISWG) requests notification by e-mail before or contemporaneously to the introduction of this document, or any portion thereof, as a marked exhibit offered for or moved into evidence in any judicial, administrative, legislative, or adjudicatory hearing or other proceeding (including discovery proceedings) in the United States or any foreign country. Such notification shall include: 1) the formal name of the proceeding, including docket number or similar identifier; 2) the name and location of the body conducting the hearing or proceeding; and 3) the name, mailing address (if available) and contact information of the party offering or moving the document into evidence. Subsequent to the use of this document in a formal proceeding, it is requested that FISWG be notified as to its use and the outcome of the proceeding. Notifications should be sent to: FISWG@yahoogroups.com Redistribution Policy: FISWG grants permission for redistribution and use of all publicly posted documents created by FISWG, provided that the following conditions are met: Redistributions of documents, or parts of documents, must retain the FISWG cover page containing the disclaimer. Neither the name of FISWG, nor the names of its contributors, may be used to endorse or promote products derived from its documents. Any reference or quote from a FISWG document must include the version number (or creation date) of the document and mention if the document is in a draft status.

Section 4.4 Bulk Data Transfer 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 Facial Recognition System: Bulk Data Transfer This document provides information on Bulk Data Transfer as it applies to deploying, operating, or supporting a Facial Recognition System (FRS). The goal of this document is to provide suggestions, guidance, and examples on how to effectively and efficiently transfer large amounts of facial data between agencies. The intended audience of this document is anyone involved in the design, deployment, operational support, or operational usage of an FRS. A prerequisite to successful bulk data transfers start with appropriate agreements between the data owner and recipient. While the specific agreement must be appropriate to the parties involved, parties should consider the level of exchange and applicable rules, regulations, laws, policies, financial impacts and any associated risks. Agreements can materialize in various formats based upon agency operational policies and procedures. Examples include: Memorandum of Understanding (MOU) Memorandum of Agreement (MOA) Letter of Intent Contract Bulk Data Transfer Within this context, bulk data consists of two types of data: Image data is the actual facial imagery. Textual data is the non-image data associated with each facial image (including metadata). There are many circumstances where large amounts of data may need to be exchanged: Enrollment: Facial data is given to another system for enrollment. Searching: Facial data is given to another system for searching only. Data analysis: Facial data is exchanged for the purpose of analysis. FISWG FR Systems: Bulk Data Transfer 2

69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 Once legal and policy issues have been addressed, the data owner and recipient should consider appropriate documentation to guide the mechanics of the data transfer. Parties should consider the operational flow of the data from their unique perspectives resulting in a checklist appropriate for the planned transfer of data. The magnitude and complexity of the resultant documents will vary based on the data transfer needs. Examples include: Interface Control Documents (ICDs) to ensure interoperability by specification of connectivity, messaging, search volumes and technical aspects. Where appropriate, security requirements and transport mechanisms should be specified. Service Level Agreements (SLAs) detailing various aspects of performance, reports or results expected, timeframes, or other deliverables expected. If specific performance criteria, on-going or continual exchanges, or specific termination criteria is required, these points should be identified within the SLA. DATA Owner: The following areas need to be discussed as roles and responsibilities of the data owner: Ensure security classifications are met. o As the data owner, the supplier of the data in the transfer is totally responsible for what data is presented for transfer. o Any storage, labeling or packaging of the data must meet the proper policy of both agencies. Define processing parameters for each transferred image. o If there are various assumptions about what is to be done with the data when received (e.g. enroll, search, analyze, etc.), then this information needs to be clearly delineated and presented to the recipient. Meet any data management criteria agreed upon prior to transfer to the recipient, including facial imagery and any demographic or textual filtering. For example: o Apply quality based filters as agreed, such as inter-eye distance, file size or pose. Verify that each image transferred is accompanied with the agreed demographic context. o All mandatory demographic/metadata field information is provided in the agreed upon format and appropriately linked to each image. o Multiple images of the same person are acknowledged. FISWG FR Systems: Bulk Data Transfer 3

109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 Submit images in an accepted format via a mutually agreed mechanism (CD, DVD, HDD, Secure File Transfer, etc.). Designate a Point of Contact (POC) for issues and concerns related to the bulk data transfer. o Manage updates to the data after delivery. o Receive feedback on any errors or issues with the data. DATA Recipient: The following areas need to be discussed as roles and responsibilities of the data recipient. Designate a POC for issues and concerns related to the bulk data transfer. o Manage updates to the data after delivery. o Provide feedback on any errors or issues with the data. Receive images in the accepted format via the mutually agreed mechanism (CD, DVD, HDD, Secure File Transfer, etc.). Evaluate the data to ensure it meets any agreed criteria. o Filter the images for non-compliant face images. o Filter the data for any non-compliant demographic text. o As applicable, provide human review of data. o Provide a response as to the result of the data review. Provide final results as agreed upon after enrollment and/or searching is completed. Close out activities as per the bulk transfer agreements. Examples: Although there is an expected wide variance in data exchange scenarios between agencies based on their individual needs, several examples follow. 1. Agency 1 wishes to transfer 500,000 facial images to Agency 2 for enrollment. a. An MOU is created and signed. (subject to applicable rules, regulations, laws and policies) b. An Electronic Biometric Transfer Specification (EBTS) file formatis agreed upon using ANSI NIST ITL 2007 specifications. c. Transfer media and mechanisms meeting the security requirements of both agencies are agreed upon. d. Agency 1 creates the EBTS files and loads them into the transfer process. An EBTS file manifest is created and sent with the data. FISWG FR Systems: Bulk Data Transfer 4

152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 e. Agency 2 receives the data and uses the manifest to verify all files are received and readable. f. The frontal facial data is extracted from the EBTS files and enrolled in the facial repository of Agency 2. g. Agency 2 creates a probe report and sends it to Agency 1 detailing what facial imagery was enrolled and what errors occurred during the enrollment. h. Agency 2 maintains the data for two years as stated in the MOU. 2. Agency 4 requests a complete transfer of 8M images from Agency 3 for search only. a. An MOA is created and signed. (subject to applicable rules, regulations, laws and policies) b. It is agreed that images are supplied in JPEG format with textual information in comma-separated-value (CSV) files. c. Transfer media and mechanisms meeting the security requirements of both agencies are agreed upon. d. Agency 3extracts the JPEG images, creates the CSV files, and loads them into the transfer process. e. Agency 4 receives the data and reads all CSV files, verifying data is properly formatted and all JPEG files are linked to rows within the CSV files. f. The facial imagery is paired with the textual information and enrolled in the facial repository of Agency 4. g. Agency 4 creates an enrollment report and sends to Agency 3 detailing what facial imagery was enrolled and what errors occurred during the enrollment. h. Agency 4deletes the data as stated in the MOA. 3. Agencies 5 and 6 wish to start a monthly transfer of a facial Watchlist which has in excess of 50,000 images. a. An MOU is created and signed. (subject to applicable rules, regulations, laws and policies) b. Since this bulk transfer will be a monthly process, an ICD and SLA is created and signed. c. ICD: i. The EBTS file format is agreed upon using ANSI NIST ITL 2011 specifications. ii. Transfer media and mechanisms meeting the security requirements of both agencies are agreed upon. iii. Each update will include all EBTS files on the Watchlist. iv. The EBTS files will have a manifest which lists: 1) All files, 2) new files, 3) updated files, 4) deleted files. FISWG FR Systems: Bulk Data Transfer 5

195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 d. SLA: i. Agency 5 will provide the data no later than the fifth day of each month. ii. Agency 6 will supply a response from processing within five days of transfer. e. Agency 5 creates the EBTS files and loads them into the transfer process. An EBTS file manifest is created and sent with the data. f. Agency 6 receives the data and uses the manifest to verify all files are received and readable. g. The frontal facial data is extracted from the EBTS files and enrolled in the facial repository of Agency 6. h. Agency 6 creates a report and sends to Agency 5 detailing what facial imagery was enrolled, updated, deleted, and what errors occurred during the processing. i. Agency 5 reviews the errors and communicates with Agency 6 on how to address them. j. The transfer is repeated each month. Reference List FISWG documents can be found at: www.fiswg.org ANSI/NIST-ITL Standard Homepage: http://www.nist.gov/itl/iad/ig/ansi_standard.cfm FISWG FR Systems: Bulk Data Transfer 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback