-- Module TAI (X.1089:11/2008)
-- See also the README file
-- See also the index of all ASN.1 assignments needed in this document
TAI {itu-t recommendation x tai(1089) modules(0) framework(0) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
-- Directories imports from [ITU-T X.509]
ATTRIBUTE, Name, Attribute{}, SupportedAttributes
FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
informationFramework(1) 6}
SIGNED{}, EXTENSION, CertificateSerialNumber, Certificate, ALGORITHM,
AlgorithmIdentifier{}, SupportedAlgorithms
FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
authenticationFramework(7) 6}
AttributeCertificateInfo
FROM AttributeCertificateDefinitions {joint-iso-itu-t ds(5) module(1)
attributeCertificateDefinitions(32) 6}
GeneralNames, KeyUsage
FROM CertificateExtensions {joint-iso-itu-t ds(5) module(1)
certificateExtensions(26) 6}
IssuerSerial, ObjectDigestInfo
FROM AttributeCertificateDefinitions {joint-iso-itu-t ds(5) module(1)
attributeCertificateDefinitions(32) 6}
UniqueIdentifier
FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
selectedAttributeTypes(5) 6}
ID
FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
usefulDefinitions(0) 6}
-- The BioAPI False Match Rate is imported from the
-- Biometric Interworking Protocol (BIP) [ITU-T X.1083 | ISO/IEC 24708]
BioAPI-FMR
FROM BIP {joint-iso-itu-t bip(41) modules(0) bip(0) version1(1)}
-- BiometricType and Biometric InformationTemplate are imported from
-- CBEFF [ISO/IEC 19785-3]
BiometricType
FROM CBEFF-DATA-ELEMENTS {iso standard 19785 modules(0)
types-for-cbeff-data-elements(1)}
BiometricInformationTemplate
FROM CBEFF-SMARTCARD-BIDO {iso standard 19785 modules(0)
types-for-smartcard(8)};
-- START OF X.tai definitions.
-- URI definition - used in a BDC and in a BPC
URI ::=
UTF8String
(CONSTRAINED BY {
-- shall be a valid URI as defined in IETF RFC 3986 --})
-- BC definition – (see 8.2 for additional comments)
BiometricCertificate ::=
SIGNED{BiometricCertificateInfo}
BiometricCertificateInfo ::=
AttributeCertificateInfo(WITH COMPONENTS {
...,
attributes (SIZE (1..MAX))
})
-- Definition of the biometricInformationTemplate attribute
-- contained in a BC (see 8.6 and 8.7 for additional comments)
biometricInformationTemplate ATTRIBUTE ::= {
WITH SYNTAX BiometricInformationTemplateorPointer
ID id-tai-at-BiometricInformationTemplate
}
BiometricInformationTemplateorPointer ::= CHOICE {
bcBiometricInformationTemplate BCBiometricInformationTemplate,
referenceToBCBiometricInformationTemplate URI,
...
}
BCBiometricInformationTemplate ::=
SIGNED{BCBiometricInformationTemplateContent}
BCBiometricInformationTemplateContent ::= SEQUENCE {
biometricTemplateVersion BiometricTemplateVersion,
biometricTemplateInfo BiometricTemplateInfo,
issuerDigitalSignatureAlgorithm
AlgorithmIdentifier{{SupportedAlgorithms}} OPTIONAL,
bioTempIssuer BioTempIssuer OPTIONAL
}
BiometricTemplateVersion ::= INTEGER {v0(0)}(v0, ...)
BioTempIssuer ::= [0] SEQUENCE {
issuerName GeneralNames OPTIONAL,
baseCertificateID [0] IssuerSerial OPTIONAL,
objectDigestInfo [1] ObjectDigestInfo OPTIONAL -- [b-ISO-IEC-TR-24741] --
}
BiometricTemplateInfo ::= CHOICE {
biometricTemplateInfo19785 BiometricInformationTemplate,
...
}
-- BPC definition – (see clause 9 for additional comments)
BiometricPolicyCertificate ::=
SIGNED{BiometricPolicyCertificateInfo}
BiometricPolicyCertificateInfo ::=
AttributeCertificateInfo(WITH COMPONENTS {
...,
attributes (SIZE (1..MAX))
})
bioSecLevelReference ATTRIBUTE ::= {
WITH SYNTAX SecurityLevelBioReference
ID id-tai-at-bioSecLevelReference
}
SecurityLevelBioReference ::= SEQUENCE {
securityLevelNum INTEGER,
securityLevelBioRef SecurityLevelBioRef
}
SecurityLevelBioRef ::= SEQUENCE {
biometricSecurityLevelId BiometricSecurityLevelId,
modalityPolicy ModalityPolicy,
biometricPara BiometricPara
}
BiometricSecurityLevelId ::= BIT STRING
ModalityPolicy ::= UniversalString
BiometricPara ::=
SEQUENCE OF
SEQUENCE {biometricType BiometricType,
--CBEFF defined type
fMR-Value BioAPI-FMR,
trialNumber INTEGER OPTIONAL,
requestQuality INTEGER OPTIONAL,
...}
-- BDC definition – (see clause 10 for additional comments)
BiometricDeviceCertificate ::=
SIGNED{BiometricDeviceCertificateInfo}
BiometricDeviceCertificateInfo ::=
AttributeCertificateInfo(WITH COMPONENTS {
...,
attributes (SIZE (1..MAX))
})
bDCReportContentInformation ATTRIBUTE ::= {
WITH SYNTAX BDCReportContentInformation
ID id-tai-at-bDCReportContentInformation
}
BDCReportContentInformation ::= SEQUENCE {
bdcPKCInformation BdcPKCInformation,
bdcReportInformation BPUReportInformation
}
BdcPKCInformation ::= CHOICE {
bdcPublicKeyCertificate Certificate,
-- Certificate is imported from [ITU-T X.509]
bpuCertificateReference URI
}
-- BPUReportInformation as defined in ACBio[ISO/IEC 24761]
BPUReportInformation ::= CHOICE {
bpuReport BPUReport,
bpuReportReferrer URI
}
CONTENT-TYPE ::= TYPE-IDENTIFIER
BPUReport ::= SEQUENCE {
contentType CONTENT-TYPE.&id({ContentTypeBPUReport}),
content
[0] EXPLICIT CONTENT-TYPE.&Type({ContentTypeBPUReport}{@contentType})
}
ContentTypeBPUReport CONTENT-TYPE ::= {bpuReport}
bpuReport CONTENT-TYPE ::= {BPUReport
IDENTIFIED BY id-bpuReport
}
id-bpuReport OBJECT IDENTIFIER ::=
{iso(1) standard(0) acbio(24761) contentType(2) bpuReport(4)}
-- TAI EXTENSION in a PKC (see 11.1)
publicKeyCert EXTENSION ::= {
SYNTAX PublicKeyCert
IDENTIFIED BY id-tai-ce-publicKeyCert
}
PublicKeyCert ::= SEQUENCE {
pkcIssuer Name,
pkcSerialNumber CertificateSerialNumber,
pkcUsage KeyUsage
}
-- TAI EXTENSION used with PMI (see 11.2)
holderDirectoryAttributes EXTENSION ::= {
SYNTAX AttributesSyntax
IDENTIFIED BY id-tai-ce-holderDirectoryAttributes
}
AttributesSyntax ::= SEQUENCE SIZE (1..MAX) OF Attribute{{SupportedAttributes}}
-- TAI EXTENSION used for digital keys (see 11.3)
dkgExtensionData EXTENSION ::= {
SYNTAX DkgExtensionDataSyntax
IDENTIFIED BY id-tai-ce-dgkExtensionData
}
DkgExtensionDataSyntax ::= SEQUENCE {
alignmentHelpData OCTET STRING(SIZE (1..MAX)),
biometricKeyBindingData OCTET STRING(SIZE (1..MAX))
}
-- TAI EXTENSION in an AC for BC Index (see 11.4)
bioCert EXTENSION ::= {SYNTAX BioCert
IDENTIFIED BY id-tai-ce-bioCert
}
BioCert ::= SEQUENCE {
baseCertificateID [0] IssuerSerial OPTIONAL,
entityName [1] GeneralNames OPTIONAL -- [b-ISO-IEC-TR-24741] --,
objectDigestInfo [2] ObjectDigestInfo OPTIONAL -- [b-ISO-IEC-TR-24722] --
}
(CONSTRAINED BY { -- at least one of baseCertificateID,
-- entityName or
-- objectDigestInfo shall be present –
})
-- TAI EXTENSION for security level in PMI (see 11.5)
securityLevelofPrivilege EXTENSION ::= {
SYNTAX SecurityLevelofPrivilege
IDENTIFIED BY id-tai-ce-biometricSecurityLevelOfPrivilege
}
SecurityLevelofPrivilege ::= SEQUENCE {
bioSecLevel
CHOICE {x520identifier UniqueIdentifierOfBioParaInfo,
simpleidentifier INTEGER}
}
UniqueIdentifierOfBioParaInfo ::= UniqueIdentifier
-- TAI EXTENSION used in a BDC (see 11.6)
bDCCertificate EXTENSION ::= {
SYNTAX BDCCertificateReferer
IDENTIFIED BY id-tai-ce-bDCCertificate
}
BDCCertificateReferer ::= SEQUENCE {
bdcIssuer Name,
bdcSerialNumber CertificateSerialNumber,
bdcUsage KeyUsage
}
-- ID values used in this module
id-tai-at-BiometricInformationTemplate ID ::=
{iso registration-authority cbeff(19785) biometric-organization(0)
jtc1-sc37(257) patronformat(1) tlv-encoded(5)}
id-tai ID ::= {itu-t(0) recommendation(0) x(24) tai(1089)}
id-tai-at ID ::= {id-tai attributes(1)}
id-tai-ce ID ::= {id-tai certificate-extensions(2)}
id-tai-at-bioSecLevelReference ID ::= {id-tai-at 1}
id-tai-at-bDCReportContentInformation ID ::= {id-tai-at 2}
id-tai-ce-bDCCertificate ID ::= {id-tai-ce 1}
id-tai-ce-bioCert ID ::= {id-tai-ce 2}
id-tai-ce-biometricSecurityLevelOfPrivilege ID ::= {id-tai-ce 3}
id-tai-ce-publicKeyCert ID ::= {id-tai-ce 4}
id-tai-ce-holderDirectoryAttributes ID ::= {id-tai-ce 5}
id-tai-ce-dgkExtensionData ID ::= {id-tai-ce 6}
END
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D