GB/T 41807-2022 Information security technology - Security requirements of voiceprint recognition data
1 Scope
This document specifies the security requirements for data processors in such activities as the collection, storage, use, transmission, provision, disclosure and deletion of voiceprint recognition data.
This document is applicable to regulate the voiceprint recognition data processing behaviors of data processors.
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 25069 Information security techniques - Terminology
GB/T 35273 Information security technology - Personal information security specification
GB/T 37988 Information security technology - Data security capability maturity model
GB/T 39335 Information security technology - Guidance for personal information security impact assessment
GB/T 40660 Information security technology - General requirements for biometric information protection
GB/T 41479 Information security technology - Network data processing security requirements
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069, GB/T 35273, GB/T 37988, GB/T 40660 and GB/T 41479 as well as the following apply.
3.1
voiceprint recognition data subject
specific natural person to which the voiceprint recognition data corresponds
Note: It is shorted as "data subject" in this document.
3.2
speech sample
analog representation or digital representation of speech
Note: The speech sample collected directly from the data subject contains the voiceprint of data subject.
3.3
voiceprint
general term for the biometric and behavioral features contained in human speech that can be used to characterize and identify data subjects
3.4
voiceprint speech sample
speech sample from which the voiceprint may be extracted
Note 1: If voiceprints may be extracted from the speech samples collected during intelligent speech interaction without special processing, such samples are voiceprint speech samples.
Note 2: If the speech samples generated by parameter synthesis method contain no voiceprints, they are not voiceprint speech samples.
Note 3: The voiceprint speech samples are a class of biometric samples. See GB/T 5271.37-2021 for details.
3.5
voiceprint feature
parameters extracted from the voiceprint speech sample for voiceprint recognition
Note 1: Common voiceprint feature parameters include the information at various levels such as spectrum, cepstrum, LPC, pitch, tone, formant, voice quality and prosody.
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 General
4.1 Typical scenarios
4.2 Typical risks
5 Basic security requirements
6 Data collection
6.1 General requirements
6.2 Identity recognition application
6.3 Non-identity recognition application
6.4 Scientific experiment and testing
7 Data storage and transmission
7.1 General requirements
7.2 Identity recognition application
7.3 Non-identity recognition application
8 Data usage
8.1 General requirements
8.2 Scientific experiment and testing
9 Data provision
9.1 General requirements
9.2 Identity recognition application
9.3 Non-identity recognition application
9.4 Scientific experiment and testing
10 Data disclosure
11 Data deletion
11.1 General requirements
11.2 Scientific experiment and testing
Annex A (Informative) Security risk analysis of voiceprint recognition data
Annex B (Informative) Example of informed consent form
Bibliography