iTeh Standards logo
EURUSD
Your shopping cart is empty.
CEN

EN 419212-4:2018

(Main)

Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 4: Privacy specific Protocols

Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 4: Privacy specific Protocols

This part specifies mechanisms for SEs to be used as privacy-enabled devices in the context of IAS, and fulfil the requirements of Article 5 of the so-called eIDAS Regulation about data processing and protection.
It covers:
- Age verification
- Document validation
- Restricted identification
- eServices with trusted third party based on ERA protocol

Anwendungsschnittstelle für sichere Elemente zur elektronischen Identifikation, Authentisierung und für vertrauenswürdige Dienste - Teil 4: Datenschutzspezifische Protokolle

Interface applicative des éléments sécurisés pour les services électroniques d'identification, d'authentification et de confiance - Partie 4 : Protocoles spécifiques à la protection de la vie privée

La présente partie spécifie les mécanismes relatifs aux SE utilisés en tant que dispositifs de protection de la vie privée dans le cadre des IAS et remplit les exigences de l’Article 5 de ce qu’il est convenu d’appeler le Règlement eIDAS relatif au traitement et à la protection des données.
Il traite des aspects suivants :
   vérification de l'âge ;
   validation de document ;
   identification restreinte ;
   services électroniques avec tierce partie de confiance basés sur le protocole ERA.

Uporabniški vmesnik za varnostne elemente za elektronsko identifikacijo, avtentikacijo in zanesljivost storitev - 4. del: Posebni protokoli zasebnosti

Ta del določa mehanizme za varnostne elemente, ki se uporabljajo kot naprave z omogočeno zasebnostjo v okviru IAS in izpolnjujejo zahteve člena 5 tako imenovane uredbe eIDAS o obdelavi in
varstvu podatkov.
Zajema:
– preverjanje starosti
– potrjevanje dokumentov
– omejeno identifikacijo
– elektronske storitve z zaupanja vredno tretjo stranjo na podlagi protokola ERA

General Information

Status
Published
Publication Date
03-Apr-2018
Withdrawal Date
30-Oct-2018
ICS
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
CEN/TC 224 - Machine-readable cards, related device interfaces and operations
Drafting Committee
CEN/TC 224/WG 16 - Application Interface for smart cards used as Secure Signature Creation Devices
Current Stage
9093 - Decision to confirm - Review Enquiry
Start Date
27-Jun-2024
Completion Date
14-Apr-2025
Directive
910/2014 - Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing directive 1999/93/EC
Mandate
M/460 - Standardisation Mandate to the European Standardisation Organizations CEN, CENELEC and ETSI in the field of Information and Communication Technologies applied to Electronic Signatures
Ref Project
SIST EN 419212-4:2018 - Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 4: Privacy specific Protocols

Relations

Replaces
EN 419212-2:2014 - Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional services
Effective Date
08-Jun-2022
Replaces
EN 419212-1:2014 - Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services
Effective Date
08-Jun-2022

Overview

EN 419212-4:2018 - Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services (Part 4: Privacy specific Protocols) is a CEN European Standard that specifies privacy-oriented mechanisms for Secure Elements (SEs, e.g. smart cards) used in electronic Identification and Authentication Services (IAS). It implements requirements of Article 5 of the eIDAS Regulation (data processing and protection) and defines how SEs can perform privacy-preserving functions such as age checks, document validation, restricted identification and trusted eServices built on the Enhanced Role Authentication (ERA) protocol.

Key Topics

  • Privacy Context & Threats: Defines the privacy context where a cardholder could be tracked via card identifiers or profiling parameters and prescribes measures to prevent unauthorized disclosure.
  • Auxiliary Data Comparison: Uses the ISO/IEC 7816-4 COMPARE command and auxiliary data carried in device authentication flows (mEAC / GAP) to enable selective disclosure (for example comparing a supplied threshold date for age verification) without revealing full personal data.
  • Restricted Identification (RI): Provides protocol-level support (APDU command flows) for pseudonym-based or limited identification, so services receive only the attributes they need and not a global identifier.
  • ERA Protocol and Trusted Third Parties: Describes architecture and stepwise flows for eServices that involve a trusted third party, including user consent, service selection, attribute requests and optional restoration of security context.
  • Standards interoperability: Normative references include ISO/IEC 7816-4, ISO/IEC 7816-8 and Technical Guideline TR-03110 v2.20 (mEAC, EAC extensions, PACE, RI).

Applications

This standard is practical for:

  • Smart card / Secure Element manufacturers implementing privacy-capable eID chips.
  • System integrators and middleware developers building eID/IAS solutions that must comply with eIDAS privacy obligations.
  • Trust service providers & public authorities deploying age verification, document validation (e.g., ballot access, age-restricted services), and privacy-preserving authentication for online government and commercial services.
  • Application developers using ERA-based flows to enable pseudonymous sessions or attribute-based access while minimizing data exposure.

Practical capabilities enabled: selective attribute disclosure (age, document expiry), unlinkable pseudonyms for sector-specific services, and standardized APDU-based interactions for privacy-preserving device authentication.

Related Standards

  • EN 419212 series (Parts 1–5) - common definitions, signature/seal services, device authentication, privacy protocols, trusted eServices
  • ISO/IEC 7816-4:2013 - APDU commands, COMPARE
  • ISO/IEC 7816-8:2016 - security operations commands
  • TR-03110 v2.20 - mEAC, PACE, Restricted Identification (RI)

Keywords: EN 419212-4:2018, privacy protocols, secure elements, eIDAS, ERA protocol, age verification, restricted identification, document validation, COMPARE command, mEAC.

EN 419212-4:2018 - BARVEEN 419212-4:2018 - BARVE
PreviousNext
Standard
EN 419212-4:2018 - BARVE
English language
22 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Uporabniški vmesnik za varnostne elemente za elektronsko identifikacijo, avtentikacijo in zanesljivost storitev - 4. del: Posebni protokoli zasebnostiAnwendungsschnittstelle für sichere Elemente, die als qualifizierte elektronische Signatur-/Siegelerstellungseinheiten verwendet werden - Teil 4: Datenschutzspezifische ProtokolleInterface applicative des éléments sécurisés pour les services électroniques d'identification, d'authentification et de confiance - Partie 4 : Protocoles spécifiques à la protection de la vie privéeApplication Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 4: Privacy specific Protocols35.240.15Identification cards. Chip cards. BiometricsICS:Ta slovenski standard je istoveten z:EN 419212-4:2018SIST EN 419212-4:2018en,fr,de01-september-2018SIST EN 419212-4:2018SLOVENSKI
STANDARDSIST EN 419212-2:2015SIST EN 419212-1:20151DGRPHãþD

EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM
EN 419212-4
April
t r s z ICS
u wä t v rä s w Supersedes EN
v s { t s tæ sã t r s vá EN
v s { t s tæ tã t r s vEnglish Version
Application Interface for Secure Elements for Electronic Identificationá Authentication and Trusted Services æ Part
vã Privacy specific Protocols Interface applicative des éléments sécurisés pour les services électroniques d 5identificationá d 5authentification et de confiance æ Partie
v ã Protocoles spécifiques à la protection de la vie privée
Anwendungsschnittstelle für sichere Elemente zur elektronischen Identifikationá Authentisierung und für vertrauenswürdige Dienste æ Teil
vã Datenschutzspezifische Protokolle This European Standard was approved by CEN on
x February
t r s yä
egulations which stipulate the conditions for giving this European Standard the status of a national standard without any alterationä Upætoædate lists and bibliographical references concerning such national standards may be obtained on application to the CENæCENELEC Management Centre or to any CEN memberä
translation under the responsibility of a CEN member into its own language and notified to the CENæCENELEC Management Centre has the same status as the official versionsä
CEN members are the national standards bodies of Austriaá Belgiumá Bulgariaá Croatiaá Cyprusá Czech Republicá Denmarká Estoniaá Finlandá Former Yugoslav Republic of Macedoniaá Franceá Germanyá Greeceá Hungaryá Icelandá Irelandá Italyá Latviaá Lithuaniaá Luxembourgá Maltaá Netherlandsá Norwayá Polandá Portugalá Romaniaá Serbiaá Slovakiaá Sloveniaá Spainá Swedená Switzerlandá Turkey and United Kingdomä
EUROPEAN COMMITTEE FOR STANDARDIZATION COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre:
Rue de la Science 23,
B-1040 Brussels
t r s z CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Membersä Refä Noä EN
v s { t s tæ vã t r s z ESIST EN 419212-4:2018

Read parameters Data are in response APDU GET DATA to read public parameters from EF.DH. Protocol relevant data are available to the terminal. B 2 condi-tional In case of a remote interface: Proof of user presence: User is requested to prove presence by presentation of e.g. PIN \ Z
Verify user presence Response: OK In case of a remote interface or a contactless local interface, proof of user presence shall be given by mechanisms defined in 6 "User verification" in order to avoid skimming attacks.
10 For mEACv1 perform the steps 10–13 here. For backward compatibility to EACv1.1 protocol variant, step 11 and step 12 may alternatively be replaced by step 11p applying MSE SET KAT command
(see EN 419212-3:2017, 3.6.3.11)
3 Select and/or verify PuK.RCA.AUT. \ Z Select and/or verify key. Response: OK
4 PSO:Verify Certificate C_CV.CAIFD.CS_AUT \ Z Verify certificate.
The verification of certificates along a certificate chain may continue until the CA's key is available in the ICC that signed the IFD's certificate and delivers PuK.IFD.AUT.
5 Select and/or verify PuK.CAIFD.CS_AUT. \ Z Select and/or verify key. Response: OK
6 PSO:Verify Certificate C_CV.IFD.AUT \ Z Verify certificate. Response: OK The Public Key of the IFD is now known to the ICC, and can be trusted. D 7 MSE:SET AT (PuK.IFD.AUT) Select IFDs public key and select the key parameters for the consecutive operation, send compressed ephemeral public key Comp(PuK.IFD.KA) and optionally auxiliary data For the use of AUX.Data refer to 3.2. \ Z Select PuK of IFD, Store Comp(PuK.IFD.KA) Store auxiliary data (optional) Response: OK 8 GET CHALLENGE \ Z RND.ICC SIST EN 419212-4:2018

S = [SN.ICC II RND.ICC ||
Comp(PuK.IFD.KA) ||
AUX.Data ] \
ICC verifies signature. The IFD's identity is implicitly verified as known by the certificate C_CV.IFD.AUT.
Z Response: OK ICC has now authenticated the IFD E 10 Conditional – only if C.ICC.AUT is available: READ BINARY to obtain C.ICC.AUT or PuK.ICC.KA
\ Z Read C.ICC.AUT or PuK.ICC.KA Data are in response APDU 11 MSE SET AT Set PrK.ICC.KA for authentication \ Z Set PrK.ICC.KA Response: OK 12 GENERAL AUTHENTICATE (compliant to ISO/IEC 7816-4:2013, 11.5.5) send PuK.IFD.KA Compute MAC[KMAC](PuK.IFD.KA) and compare with received value Generate new session keys KENC and KMAC \ Z Compute Comp(PuK.IFD.KA) and compare with hash value obtained in step 7. Generate new session keys KENC and KMAC. Response: OK and MAC[KMAC](PuK.IFD.KA) and RND2.ICC 13 Establish secure session The secure messaging session is restarted with session keys generated in step 11' or 12. Secure channel (ICC- server) is now established and two-way authentication is complete; If Step 10 is not performed, then Step 10 shall be performed in secure messaging mode as Step 14 (not shown in this example).
14 COMPARE BINARY send reference (i.e. OID) of AUX.Data given in step 7 and send mode of comparison
15 Repeat step 14 until all auxiliary data verifications are processed IFD has now verified auxiliary data SIST EN 419212-4:2018

The OID describes the use and associated service for the DO '53' < comparison data > . 3.2.3 Age Verification Age verification is one possible application of AUX.Data on the ICC. The IFD may send an age threshold value as part of the AUX data in the device authentication protocol or in the appropriate C.IFD.AUT certificate. The ICC can return acceptance or refusal without having to reveal the actual age of the card holder. NOTE Cryptologically the age can be evaluated by the IFD using an exhaustive binary search, seven attemps would cover the range from 1 … 128 years. Storing the threshold value as part of the IFD's certificate makes the process less flexible, however, this would avoid leakage of the age through a binary search. Table 2 — COMPARE operation — command APDU Command Parameter Meaning CLA according to ISO/IEC 7816-4 INS ‘33’ COMPARE P1 ‘00’ = COMPARE BINARY P2 ‘00’
Lc field Lc =
< length of command data field >
Data field ‘06’ L06 < OID associating the comparison data >
The result is indicated by the status word in the command response. The COMPARE function is described in 11.6.1 of ISO/IEC 7816-4:2013. The response data field is empty. Table 3 — COMPARE operation —
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

Frequently Asked Questions

EN 419212-4:2018 is a standard published by the European Committee for Standardization (CEN). Its full title is "Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 4: Privacy specific Protocols". This standard covers: This part specifies mechanisms for SEs to be used as privacy-enabled devices in the context of IAS, and fulfil the requirements of Article 5 of the so-called eIDAS Regulation about data processing and protection. It covers: - Age verification - Document validation - Restricted identification - eServices with trusted third party based on ERA protocol

This part specifies mechanisms for SEs to be used as privacy-enabled devices in the context of IAS, and fulfil the requirements of Article 5 of the so-called eIDAS Regulation about data processing and protection. It covers: - Age verification - Document validation - Restricted identification - eServices with trusted third party based on ERA protocol

EN 419212-4:2018 is classified under the following ICS (International Classification for Standards) categories: 35.240.15 - Identification cards. Chip cards. Biometrics. The ICS classification helps identify the subject area and facilitates finding related standards.

EN 419212-4:2018 has the following relationships with other standards: It is inter standard links to EN 419212-2:2014, EN 419212-1:2014. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.

EN 419212-4:2018 is associated with the following European legislation: EU Directives/Regulations: 910/2014; Standardization Mandates: M/460. When a standard is cited in the Official Journal of the European Union, products manufactured in conformity with it benefit from a presumption of conformity with the essential requirements of the corresponding EU directive or regulation.

You can purchase EN 419212-4:2018 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of CEN standards.

This May Also Interest You

CEN
CEN/TS 17489-5:2025(Main)
Personal identification - Secure and interoperable European breeder documents - Part 5: Trust establishment and management processes
SIST-TS CEN/TS 17489-5:2025

1.1   Objective
This document is intended for the use of breeder document issuing authorities both policymakers and technical, for having uniform formats that conform to printed as well as digital requirements of CEN member and associated states (including EU member states).
The objectives are:
a)   provision of a common set of formats of breeder documents – printed and digital to be implemented by CEN member and associated states (including EU member states), with the extended objective of their acceptance internationally;
b)   the focus is on having common recognizable formats as well as prevention of identity fraud, particularly related to the use of breeder documents to obtain national and international ID documents, such as passports, and residence permits.
1.2   Human dimension of identity management
Each country’s identity management system also provides a framework for observing and protecting many of the human rights embodied in international declarations and conventions. Depending on the provisions in place, the system can ensure that citizens can exercise a wide range of rights, such as rights to property, privacy, freedom of movement and free choice of place of residence, as well as access to social services such as education, healthcare and social security. In states with more advanced technological infrastructure, population registration provides the basis for the establishment of a number of citizen-oriented computerized services, also known as e-services and e-government. Identity management is also central to prevention of discrimination in exercising guaranteed rights.
The identity management infrastructure provides the backbone for a functioning and viable state by securing civil, population and tax registers, as well other systems such as healthcare benefits, voter lists and the issuance of travel and identity documents based on verifiable identities. Such flaws may become visible during elections, where shortcomings in voter lists can affect confidence in the election process. In essence, a secure identity management system can be seen as the foundation, a root level, that is able to then feed into and help numerous other branches of key state services function effectively and accurately (OSCE, 2017, p.13) [27].
1.3   Security dimension of identity management
One of the key elements of a secure environment for cross-border travel is that the travel documents used by visitors meet international standards in terms of security of the document itself and security in that the document reflects the genuine identity of its holder. Similarly, the systems for issuing travel documents need to be linked to identity management systems to streamline decision-making processes, preferably through modernized systems that reflect developments in document security technology. As entries in registers or officially issued identification documents provide access to specific services, criminal networks are constantly looking for possible gaps in identity management systems to obtain genuine documents under fabricated or stolen identities. Documents obtained as result of gaps in identity management have enabled criminals to target business entities and cause significant financial losses through the use of genuine documents issued to non-existent identities (OSCE, 2017, p.14) [27].
Both legal and illegal immigration breeder docs are regularly used to determine an identity if no MRTD or eMRTD is presented. An identity which will be printed on an eRP, Foreigners ppt, Refugees travel doc etc. unless other supportive evidence of identity is provided.
Organized crime has not overlooked this and fraudulently obtained or falsified travel documents are regularly presented to hide the true identity.
Since a significant portion of the world’s population cannot reliably prove their identity, they rely on verbally presented identities and/or supportive breeder documents when registering in another country.
Asylum applicants who...

  • Technical specification
    69 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 18139:2025(Main)
Personal identification - European guide for biometric recognition applications based on ID documents (ERG)
SIST-TS CEN/TS 18139:2025

This document defines requirements and provides guidance on:
•   capturing of facial images to be used for verification or identification purposes in applications based on reference images in identity or similar documents and traveller or visa databases;
•   capturing of fingerprint images to be used for verification or identification purposes in applications based on reference images in identity or similar documents and traveller or visa databases;
•   data quality maintenance for biometric data captured by/for verification or identification applications;
•   data authenticity maintenance for biometric data captured by/for verification or identification ap-plications.
This document addresses the following aspects which are specific for biometric data capturing:
•   biometric data quality and interoperability assurance;
•   data authenticity assurance;
•   morphing and other presentation attacks and biometric data injection attacks;
•   accessibility and usability;
•   recognition algorithms and their evaluation;
•   privacy and data protection;
•   optimal process design.
The following aspects are out of scope:
•   other aspects of IT security;
•   data capturing for ID document enrolment purposes, e.g. passport or ID card enrolment.

  • Technical specification
    30 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 17489-2:2024(Main)
Secure and interoperable European Breeder Documents - Part 2: Data model
SIST-TS CEN/TS 17489-2:2025

This document specifies the abstract data model for breeder document data and the specific encodings of this abstract data model used in the CEN breeder document framework.
The abstract data model is a semantic description of the birth, marriage / partnership, and death certificate data, independently from their specific encoding. This abstract data model is extensible for further standardized and proprietary data of birth, marriage / partnership, and death certificates as well as for other types of breeder documents.
This abstract data model is technology agnostic, i.e. it is applicable for paper-based, server-based, and hardware-based breeder documents as well as further breeder document designs and technologies.
The specific encodings of this abstract data model comprise the encodings to be used for the machine readable technologies specified in part 3 of the framework as well as the encoding of human readable breeder document data. These encodings are used in the birth, marriage / partnership, and death certificate profiles specified in part 4 of the framework.

  • Technical specification
    25 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 18099:2024(Main)
Biometric data injection attack detection
SIST-TS CEN/TS 18099:2025

This document provides an overview on:
-   Definitions on Biometric Data Injection Attack,
-   Biometric Data Injection Attack use case on main biometric system hardware for enrolment and verification,
-   Injection Attack Instruments on systems using one or several biometric modalities.
This document provides guidance on:
-   System for the detection of Injection Attack Instruments (defined in 3.12),
-   Appropriate mitigation risk of Injection Attack Instruments,
-   Creation of test plan for the evaluation of Injection Attack Detection system (defined in 3.9).
If presentation attacks testing is out of scope of this document, note that these two characteristics are in the scope of this document:
-   Presentation Attack Detection systems which can be used as injection attack instrument defence mechanism and/or injection attack method defence mechanism. Yet, no presentation attack testing will be performed by the laboratory to be compliant with this document (out of scope).
-   Bona Fide Presentation testing in order to test the ability of the Target Of Evaluation to correctly classify legitimate users.
The following aspects are out of scope:
-   Presentation Attack testing (as they are covered in ISO/IEC 30107 standards),
-   Biometric attacks which are not classified as Type 2 attacks (see Figure 1),
-   Evaluation of implementation of cryptographic mechanisms like secure elements,
-   Injection Attack Instruments rejected due to quality issues.

  • Technical specification
    37 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 18108:2024(Main)
Personal identification - Usage of biometrics in breeder documents
SIST-TP CEN/TR 18108:2025

This document provides guidance on usage of biometrics in breeder documents, in particular regarding
-   encoding of biometric reference data;
-   data quality maintenance for biometric reference data;
-   data authenticity maintenance for biometric reference data; and
-   privacy preservation of biometric reference data.
This document addresses advantages and disadvantages of biometric modes, in particular regarding
-   verification performance;
-   privacy impact;
-   feasibility of biometric acquisition considering the age of the capture subjects;
-   limits of validity and need for updating biometric reference data.
The following aspects are out of scope:
-   format and structure of breeder documents;
-   general security aspects, which are covered in CEN/TS 17489-1 [1].

  • Technical report
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 18030:2023(Main)
Personal identification - Biometrics - Overview of biometric verification systems implemented across Europe
SIST-TP CEN/TR 18030:2024

This Technical Report provides an overview of the current deployment of biometric systems within Europe. It addresses the challenges that are being faced, in order to detect the current needs for improving the specifications for the implementation and deployment of biometric systems. This Technical Report considers all kind of deployments, from border control to ad-hoc services. As most of the deployed systems are based on the use of fingerprints or face recognition, this Technical Report will focus on these two biometric modalities, from the system integrator and interoperability points of view.
Identity documents, in terms of production, structure, interoperability, etc., are out of the scope of this TR. The TR is focused on the performance at system level.
The current European legislative initiatives around this topic (e.g., Entry/Exit System, framework for interoperability between EU information systems, etc.) need a robust framework study about the availability of standard technologies to improve interoperability in biometric products around the European Union.
By showing these needs, a set of recommendations for future standardization works is provided.
From a methodological perspective, the report gathers information of different entities with this classification:
- Capture/enrolment of biometrics including the quality assurance and the generation of feature or biometric models from the images.
- Best practices and guidelines to use biometrics in Europe.
- Data Quality environment using biometrics in European networks.

  • Technical report
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 17982:2023(Main)
European Digital Identity Wallets standards Gap Analysis
SIST-TP CEN/TR 17982:2024

This document identifies relevant existing standards and standards work in progress around European Digital Identity Wallets. It also identifies missing work items and overlaps in standards and is supposed to work as a roadmap for future standardization projects in the area.

  • Technical report
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 2382-37:2023(Main)
Information technology - Vocabulary - Part 37: Biometrics (ISO/IEC 2382-37:2022)
SIST EN ISO/IEC 2382-37:2024

This document establishes a systematic description of the concepts in the field of biometrics pertaining to recognition of human beings. This document also reconciles variant terms in use in pre-existing International Standards on biometrics against the preferred terms, thereby clarifying the use of terms in this field.
This document does not cover concepts (represented by terms) from information technology, pattern recognition, biology, mathematics, etc. Biometrics uses such fields of knowledge as a basis.
In principle, mode-specific terms are outside of scope of this document.

  • Standard
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 17661:2021(Main)
Personal identification – European enrolment guide for biometric ID documents (EEG)
SIST-TS CEN/TS 17661:2022

This document consolidates information relating to successful and high quality biometric enrolment processes of facial and fingerprint systems, while indicating risk factors and providing appropriate mitigations. This information supports decisions regarding procurement, design, deployment and operation of these biometric systems.
This document provides guidance on:
—   capturing of facial images to be used as reference images in identity and secure documents;
—   capturing of fingerprint images to be used as reference images in identity and secure documents;
—   data quality maintenance for biometric reference data;
—   data authenticity maintenance for biometric reference data.
The document addresses the following aspects which are specific for biometric reference data capturing:
—   biometric data quality and interoperability ensurance;
—   data authenticity ensurance;
—   morphing and other presentation attack detection as well as other unauthorized changes;
—   accessibility and usability;
—   privacy and data protection;
—   optimal enrolment design.
The following aspects are out of scope:
—   IT security;
—   data capturing for verification purposes, e.g. in ABC gates;
—   capturing biometric data for enrolment in other systems different from data enrolment for integration in secure MRTD, like entry/exit systems.
This document consolidates the role of the enrolment process in a biometric system and differentiates the enrolment from the authentication, while mentioning key factors of the enrolment process that are feature independent.
Interests of the existing stakeholders are broken down and provide an insight on different views of the enrolment. In addition, organisational enrolment approaches are covered.
This document is not concerned with IT requirements or the capturing of biometric data for inspection, identification or verification purposes without the required step of creating an identity document using the captured data.

  • Technical specification
    73 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 17631:2021(Main)
Personal identification - Biometric group access control
SIST-TS CEN/TS 17631:2021

This document provides guidance on providing access:
— to areas with physical access control, e.g. entertainment facilities, train stations, shops, libraries, banks, or border control,
— for small groups of persons, e.g. families with small children or seniors, or other accompanied persons in need of support,
— by means of biometric authentication technologies, e.g. facial, fingerprint, or vein recognition,
— in the European regulatory context.
The document addresses the following aspects, which are specific for biometric and group access:
— accessibility and usability,
— user guidance including group guidance and interaction control,
— privacy including data set content,
— presentation attack detection,
— applicable biometric technologies,
— storage of reference data,
— biometric process integration,
— specific needs considering biometrics for groups,
— biometric performance and error rates, and
— group internal linkage.
The following aspects which reflect on generic access control issues are out of scope:
— IT security,
— application specific physical security,
— policy definition,
— processes not related to biometric authentication, and
— specific performance requirements of identification (1:N) and verification (1:1) applications.

  • Technical specification
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day