CEN/TS 17661:2021
(Main)Personal identification – European enrolment guide for biometric ID documents (EEG)
Personal identification – European enrolment guide for biometric ID documents (EEG)
This document consolidates information relating to successful and high quality biometric enrolment processes of facial and fingerprint systems, while indicating risk factors and providing appropriate mitigations. This information supports decisions regarding procurement, design, deployment and operation of these biometric systems.
This document provides guidance on:
— capturing of facial images to be used as reference images in identity and secure documents;
— capturing of fingerprint images to be used as reference images in identity and secure documents;
— data quality maintenance for biometric reference data;
— data authenticity maintenance for biometric reference data.
The document addresses the following aspects which are specific for biometric reference data capturing:
— biometric data quality and interoperability ensurance;
— data authenticity ensurance;
— morphing and other presentation attack detection as well as other unauthorized changes;
— accessibility and usability;
— privacy and data protection;
— optimal enrolment design.
The following aspects are out of scope:
— IT security;
— data capturing for verification purposes, e.g. in ABC gates;
— capturing biometric data for enrolment in other systems different from data enrolment for integration in secure MRTD, like entry/exit systems.
This document consolidates the role of the enrolment process in a biometric system and differentiates the enrolment from the authentication, while mentioning key factors of the enrolment process that are feature independent.
Interests of the existing stakeholders are broken down and provide an insight on different views of the enrolment. In addition, organisational enrolment approaches are covered.
This document is not concerned with IT requirements or the capturing of biometric data for inspection, identification or verification purposes without the required step of creating an identity document using the captured data.
Persönliche Identifikation - Europäischer Enrolmentguide für biometrische ID-Dokumente (EEG)
Dieses Dokument fasst Informationen über erfolgreiche und hochwertige biometrische Enrolmentprozesse von Gesichts- und Fingerabdrucksystemen zusammen, weist gleichzeitig auf Risikofaktoren hin und schlägt entsprechende Abhilfemaßnahmen vor. Diese Informationen unterstützen Entscheidungen bezüglich Beschaffung, Gestaltung, Einsatz und Betrieb dieser biometrischen Systeme.
Dieses Dokument bietet Orientierungshilfe für
— das Erfassen von Gesichtsbildern zur Verwendung als Referenzbilder in Ausweis- und Sicherheits-dokumenten,
— das Erfassen von Fingerabdruckbildern zur Verwendung als Referenzbilder in Ausweis- und Sicherheits¬dokumenten,
— die Datenqualitätssicherung für biometrische Referenzdaten und
— die Sicherstellung der Datenauthentizität für biometrische Referenzdaten.
Das Dokument behandelt die folgenden Aspekte, die spezifisch für die Erfassung biometrischer Referenzdaten sind:
— Sicherstellung der Qualität und Interoperabilität biometrischer Daten;
— Sicherstellung der Datenauthentizität;
— das Erkennen von Morphing- und anderen Präsentationsangriffen sowie andere nicht autorisierte Änderungen;
— Zugänglichkeit und Gebrauchstauglichkeit;
— Schutz der Privatsphäre und Datenschutz;
— optimale Enrolment-Gestaltung.
Die folgenden Aspekte liegen außerhalb des Anwendungsbereichs:
— IT Sicherheit;
— Datenerfassung zu Verifizierungszwecken, z. B. in automatisierten Grenzkontrollsystemen;
— Erfassung biometrischer Daten für das Enrolment in anderen Systemen, die sich vom Datenenrolment für die Integration in sichere MRTD unterscheiden, wie z. B. das Einreise-/Ausreisesystem.
Dieses Dokument konsolidiert die Rolle des Enrolmentprozesses in einem biometrischen System und unterscheidet das Enrolment von der Authentifizierung, wobei Schlüsselfaktoren des Enrolmentprozesses, die merkmalsunabhängig sind, erwähnt werden.
Die Interessen der vorhandenen Stakeholder werden aufgeschlüsselt und geben einen Einblick in die unterschiedlichen Sichtweisen auf das Enrolment. Darüber hinaus werden organisatorische Enrolment¬ansätze behandelt.
Dieses Dokument befasst sich nicht mit IT Anforderungen oder der Erfassung biometrischer Daten zu Prüf-, Identifizierungs- oder Verifizierungszwecken ohne den erforderlichen Schritt der Erstellung eines Ausweisdokuments unter Verwendung der erfassten Daten.
Identification des personnes - Guide d'enrôlement européen pour les documents d'identité biométriques (EEG)
Le présent document regroupe les informations relatives aux processus d'enrôlement biométrique réussis et de qualité supérieure des systèmes d'images faciales et d'empreintes digitales, tout en indiquant les facteurs de risque et en fournissant des mesures d'atténuation appropriées. Ces informations soutiennent les décisions relatives à l'achat, à la conception, au déploiement et à l'exploitation de ces systèmes biométriques.
Le présent document fournit des recommandations concernant :
— la capture des images faciales destinées à être utilisées comme images de référence dans les documents d'identité et les documents sécurisés ;
— la capture des images d'empreintes digitales destinées à être utilisées comme images de référence dans les documents d'identité et les documents sécurisés ;
— le maintien de la qualité des données de référence biométriques ;
— le maintien de l'authenticité des données de référence biométriques.
Le document aborde les aspects suivants qui sont spécifiques à la capture des données de référence biométriques :
— assurance de la qualité et de l'interopérabilité des données biométriques ;
— assurance de l'authenticité des données ;
— détection du morphing et des autres attaques de présentation ainsi que des autres modifications non autorisées ;
— accessibilité et utilisabilité ;
— confidentialité et protection des données ;
— conception optimale de l'enrôlement.
Les aspects suivants ne relèvent pas du domaine d'application :
— sécurité informatique ;
— capture des données à des fins de vérification, par exemple au niveau des portiques de contrôle automatisé aux frontières ;
— capture des données biométriques pour l'enrôlement dans d'autres systèmes différents de l'enrôlement des données pour intégration dans des DVLM sécurisés, comme les systèmes d'entrée/sortie.
Le présent document renforce le rôle du processus d'enrôlement dans un système biométrique et différencie l'enrôlement de l'authentification, tout en mentionnant les facteurs clés du processus d'enrôlement qui sont indépendants des attributs.
Les intérêts des parties prenantes existantes sont analysés et fournissent des indications sur les différents points de vue en matière d'enrôlement. De plus, les approches organisationnelles en matière d'enrôlement sont couvertes.
Le présent document ne traite pas des exigences informatiques ou de la capture de données biométriques à des fins de contrôle, d'identification ou de vérification sans l'étape requise de création d'un document d'identité à partir des données capturées.
Osebna identifikacija - Evropsko vodilo za vpis biometričnih osebnih dokumentov (EEG)
Ta tehnična specifikacija podaja smernice glede:
• zajemanja podob obrazov, ki se uporabljajo kot referenčne slike v osebnih ali podobnih dokumentih,
• zajemanja podob prstnih odtisov, ki se uporabljajo kot referenčne slike v osebnih ali podobnih dokumentih,
• vzdrževanja kakovosti podatkov za biometrične referenčne podatke,
• vzdrževanja pristnosti podatkov za biometrične referenčne podatke.
Tehnična specifikacija obravnava naslednje vidike, ki so specifični za zajemanje biometričnih referenčnih podatkov:
• zagotavljanje kakovosti biometričnih podatkov in interoperabilnosti,
• zagotavljanje pristnosti podatkov,
• zaznavanje preoblikovanja in drugih vrst lažnega predstavljanja,
• dostopnost in uporabnost,
• zasebnost in varstvo podatkov,
• optimalno načrtovanje procesov.
Področje uporabe ne zajema naslednjih vidikov:
• IT-varnosti,
• zajemanja podatkov za namene preverjanja, na primer v vratih ABC,
• slik, ki jih uporabniki posnamejo sami, čeprav je vključen tudi razdelek o tem.
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
01-februar-2022
Osebna identifikacija - Evropsko vodilo za vpis biometričnih osebnih dokumentov
(EEG)
Personal identification – European enrolment guide for biometric ID documents (EEG)
Persönliche Identifikation - Europäischer Enrolmentguide für biometrische ID-Dokumente
(EEG)
Ta slovenski standard je istoveten z: CEN/TS 17661:2021
ICS:
35.240.15 Identifikacijske kartice. Čipne Identification cards. Chip
kartice. Biometrija cards. Biometrics
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
CEN/TS 17661
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
November 2021
TECHNISCHE SPEZIFIKATION
ICS 35.240.15
English Version
Personal identification - European enrolment guide for
biometric ID documents (EEG)
Identification des personnes - Guide d'enrôlement Persönliche Identifikation - Europäischer
européen pour les documents d'identité biométriques Enrolmentguide für biometrische ID-Dokumente (EEG)
(EEG)
This Technical Specification (CEN/TS) was approved by CEN on 16 August 2021 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.
CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2021 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 17661:2021 E
worldwide for CEN national Members.
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 6
3 Terms and definitions . 6
4 Abbreviated terms . 12
5 Enrolment and use of reference data in a biometric system . 13
6 Enrolment approaches . 14
7 Stakeholder . 15
8 Modality specific guidance . 25
Bibliography . 72
European foreword
This document (CEN/TS 17661:2021) has been prepared by Technical Committee CEN/TC 224 “Personal
identification and related personal devices with secure element, systems, operations and privacy in a
multi sectorial environment”, the secretariat of which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN-CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United
Kingdom.
Introduction
Over the past decade, many EU Member States introduced MRTD supported traveller processes. During
this time, lessons have been learned and experience has been gained on several application aspects of
newly introduced technologies. One key component of any MRTD inspection system is the biometric
comparison of the document holder with the reference data. In addition to passports and ID cards,
biometric data are used for documents other than eMRTD as well, including Residence Permits, Visas and
Drivers Licenses. This document aims to compile these lessons learnt and present best practice in
capturing facial and fingerprint images, and to improve the biometric samples at the point of capture
from the enrolee.
During the last few years, biometric comparison algorithms reached new performance levels and even
more improvements can be expected. However, every system can only be as good as the data it is based
on. Therefore, the quality of reference data has superior importance. The better the enrolment of
biometric data, the lower the error rates to be expected in any MRTD based application. Lower error rates
lead to a higher degree of automation, increase throughput and security, improve the traveller
experiences, and, finally, save resources. So, it is worth investing in enrolment of high quality facial images
as well as of fingerprint images.
The enhanced use of new technologies for identity and document inspection means that precise criteria
is set out for the enrolment and inspection processes. The enrolment process for biometric identifiers is
crucial in order to guarantee a successful verification at document inspection. This document presents
guidelines for the enrolment of an enrolee’s biometric face and fingerprint characteristics, which can be
used for identity documents.
With the amendment of Regulation (EU) 2017/458 of the European Parliament and of the Council
of 15 March 2017 amending Regulation (EU) 2016/399 as regards the reinforcement of checks against
relevant databases at external borders (OJ L 74 of 18 March 2017 p.1-7) the following provisions have
been inserted:
— for passports and travel documents containing a storage medium as referred to in Article 1(2) of
Council Regulation (EC) No 2252/2004, the authenticity of the chip data shall be checked;
— where there are doubts as to the authenticity of the travel document or the identity of its holder, at
least one of the biometric identifiers integrated into the passports and travel documents issued in
accordance with Regulation (EC) No 2252/2004 shall be verified. Where possible, such verification
is carried out in relation to travel documents not covered by that Regulation.
This concludes that in case of doubt a verification of the facial or the fingerprint image shall be carried
out. In order to achieve a successful verification, the following guidelines have been developed for
enrolment of these biometric data. The guidelines are intended to assist the responsible parties to achieve
the best quality of biometric enrolment in order to:
— create identity documents with high quality facial images integrated within the document and stored
on the chip in combination with high quality fingerprint images;
— prevent identity fraud by ensuring the integrity of the enrolment process;
— reduce false and increase true matching of facial and fingerprint images.
1 Scope
This document consolidates information relating to successful and high quality biometric enrolment
processes of facial and fingerprint systems, while indicating risk factors and providing appropriate
mitigations. This information supports decisions regarding procurement, design, deployment and
operation of these biometric systems.
This document provides guidance on:
— capturing of facial images to be used as reference images in identity and secure documents;
— capturing of fingerprint images to be used as reference images in identity and secure documents;
— data quality maintenance for biometric reference data;
— data authenticity maintenance for biometric reference data.
The document addresses the following aspects which are specific for biometric reference data capturing:
— biometric data quality and interoperability ensurance;
— data authenticity ensurance;
— morphing and other presentation attack detection as well as other unauthorized changes;
— accessibility and usability;
— privacy and data protection;
— optimal enrolment design.
The following aspects are out of scope:
— IT security;
— data capturing for verification purposes, e.g. in ABC gates;
— capturing biometric data for enrolment in other systems different from data enrolment for
integration in secure MRTD, like entry/exit systems.
This document consolidates the role of the enrolment process in a biometric system and differentiates
the enrolment from the authentication, while mentioning key factors of the enrolment process that are
feature independent.
Interests of the existing stakeholders are broken down and provide an insight on different views of the
enrolment. In addition, organisational enrolment approaches are covered.
This document is not concerned with IT requirements or the capturing of biometric data for inspection,
identification or verification purposes without the required step of creating an identity document using
the captured data.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
EN 17054:2019, Biometrics multilingual vocabulary based upon the English version of ISO/IEC 2382-
37:2012
IEC 61966-2-1, Multimedia systems and equipment — Colour measurement and management — Part 2–
1: Colour management — Default RGB colour space — sRGB
ISO/IEC 10918-1, Information technology — Digital compression and coding of continuous-tone still
images: Requirements and guidelines
ISO/IEC 14496-2:2004, Information technology — Coding of audio-visual objects — Part 2: Visual
ISO/IEC 15444-1, Information technology — JPEG 2000 image coding system — Part 1: Core coding system
ISO/IEC 19794-5:2005, Information technology — Biometric data interchange formats — Part 5: Face
image data
ISO/IEC 2382-37:2017, Information technology — Vocabulary — Part 37: Biometrics
ISO/IEC 39794-4, Information technology — Extensible biometric data interchange formats — Part 4:
Finger image data
3 Terms and definitions
For the purposes of this document, the terms and definitions given in EN 17054:2019,
ISO/IEC 2382-37:2017 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
• IEC Electropedia: available at https://www.electropedia.org/
• ISO Online browsing platform: available at https://www.iso.org/obp
3.1
attended capture
acquisition of a biometric characteristic of an enrolee, while providing guidance
Note 1 to entry: Guidance is usually provided by an enrolment officer during live enrolment.
3.2
attendant
person, remote or automated system assisting the enrolment officer in obtaining the best available
quality biometric sample during capture through the procedures defined for enrolees with accessibility
needs or special requirements related to their age, gender, and religious observance
EXAMPLE 1 The automatically adjustable chair, detecting eye positions, while being removable for wheelchair
access.
EXAMPLE 2 Vocal assistance to guide partially sighted enrolees.
3.3
auditor
individual verifying the execution of the enrolment process, capture and registration, by checking against
the enrolment protocol
3.4
automated controlled capture
acquisition of an enrolee’s biometric characteristics, controlled by an automated system, not by
personnel
Note 1 to entry: The most common automated application for facial images is a photo booth.
3.5
biometric enrolee
individual providing a biometric sample to the capture system
3.6
capture
obtain contemporary signal(s) of biometric characteristic(s) from biometric enrolee(s)
3.7
designer and developer
entity designing the capture and/or registration system, service, process and the interaction protocol for
the enrolee
Note 1 to entry: Designer and developer create the service for production and distribution of any token used as
storage for biometric references or a pointer to where biometric references are stored.
3.8
duty officer
individual providing technical and operational advice and guidance to an enrolment officer
3.9
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.