GB/T 41773-2022 Information security technology - Security requirements of gait recognition data
1 Scope
This document specifies the security requirements for data processing activities such as the collection, storage, transmission, use, processing, provision, disclosure and deletion of gait recognition data.
This document is applicable to the standardized data processing activities of gait recognition data processors, and also serves as a reference for the supervision, management and assessment of gait recognition data processing activities by regulatory authorities and third-party assessment agencies.
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 25069 Information security techniques - Terminology
GB/T 35273 Information security technology - Personal information security specification
GB/T 37988 Information security technology - Data security capability maturity model
GB/T 39335 Information security technology - Guidance for personal information security impact assessment
GB/T 40660 Information security technology - General requirements for biometric information protection
GB/T 41479 Information security technology - Network data processing security requirements
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069, GB/T 35273, GB/T 37988, GB/T 40660 and GB/T 41479 as well as the following apply.
3.1
gait recognition
technique for identifying natural persons based on their biometric and behavioral features contained in their gaits
Note: In addition to identity recognition application scenarios, the gait recognition may also be used in non-identity recognition application scenarios, such as behavior analysis, posture analysis or anomaly analysis.
3.2
gait sample
gait video or image sequence of a natural person obtained though collection, preprocessing, etc.
Note: The gait sample includes the original (cut) video or continuous image sequence of the gait period of a natural person, including the information such as clothing, shoes, hats and other things.
3.3
gait silhouettes
sequence of a gait sample obtained after segmentation
Note: Not only gait silhouettes, but also human body part segmented image sequence and 3D human body model sequence may also be obtained after gait sample processing. The gait silhouettes are usually in black and white, with black indicating the human body area while white the background area.
3.4
gait feature
data extracted from gait silhouettes for comparison
Note: Common gait features include Gait Energy Image (GEI), Gait Entropy Image (GENI), Gait Flow Image (GFI) and Chrono-Gait Image (CGI).
3.5
gait recognition data
data obtained from gait sample and its processing
Note: It may be used to recognize the identity of a natural person separately or in combination with other data.
3.6
gait recognition data subject
natural person identified by or connected to gait recognition data
Note: It is shorted as "data subject".
4 General
4.1 Gait recognition data activities
The data processing roles involved in gait recognition data activities include data subjects, gait recognition data processors, public safety management agencies and third-party service platforms. The process of data processing includes:
a) Collection of gait recognition data:
1) requirement proposal: an activity in which an organization or individual propose an requirement of using the gait recognition data and related information to the data subject in order to complete the service activities;
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 General
4.1 Gait recognition data activities
4.2 Typical scenarios of gait recognition
4.3 Security risks of gait recognition data activities
5 Basic security requirements
6 Data collection
7 Data storage and transmission
8 Data usage
9 Data processing, provision and disclosure
10 Data deletion
Annex A (Informative) Common security risks of gait recognition data
A.1 Description of security risks
A.2 Comparison between common security risks and clauses/subclauses
Annex B (Informative) Example of informed consent form for scientific experiment scenario
Bibliography