CEN/TS 17631:2021
(Main)Personal identification - Biometric group access control
Personal identification - Biometric group access control
This document provides guidance on providing access:
— to areas with physical access control, e.g. entertainment facilities, train stations, shops, libraries, banks, or border control,
— for small groups of persons, e.g. families with small children or seniors, or other accompanied persons in need of support,
— by means of biometric authentication technologies, e.g. facial, fingerprint, or vein recognition,
— in the European regulatory context.
The document addresses the following aspects, which are specific for biometric and group access:
— accessibility and usability,
— user guidance including group guidance and interaction control,
— privacy including data set content,
— presentation attack detection,
— applicable biometric technologies,
— storage of reference data,
— biometric process integration,
— specific needs considering biometrics for groups,
— biometric performance and error rates, and
— group internal linkage.
The following aspects which reflect on generic access control issues are out of scope:
— IT security,
— application specific physical security,
— policy definition,
— processes not related to biometric authentication, and
— specific performance requirements of identification (1:N) and verification (1:1) applications.
Persönliche Identifikation - Biometrische Zugangskontrolle für Gruppen
Osebna identifikacija - Biometrični nadzor dostopa za skupine
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
01-september-2021
Osebna identifikacija - Biometrični nadzor dostopa za skupine
Personal identification - Biometric group access control
Persönliche Identifikation - Biometrische Zugangskontrolle für Gruppen
Ta slovenski standard je istoveten z: CEN/TS 17631:2021
ICS:
35.240.15 Identifikacijske kartice. Čipne Identification cards. Chip
kartice. Biometrija cards. Biometrics
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
CEN/TS 17631
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
June 2021
TECHNISCHE SPEZIFIKATION
ICS 35.240.15
English Version
Personal identification - Biometric group access control
Persönliche Identifikation - Biometrische
Zugangskontrolle für Gruppen
This Technical Specification (CEN/TS) was approved by CEN on 9 May 2021 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.
CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2021 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 17631:2021 E
worldwide for CEN national Members.
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 6
4 Symbols and abbreviations . 6
5 Group access control processes and technologies . 6
5.1 Architecture . 6
5.1.1 General . 6
5.1.2 Biometric process and background integration . 7
5.1.3 Segregated two steps access control . 9
5.2 Integration of Access Control into other management systems . 11
5.3 Applicable biometric technologies . 11
5.3.1 General . 11
5.3.2 Segregated two steps access control . 12
5.4 Interoperability issues . 12
5.5 Storage of reference data . 12
5.5.1 General . 12
5.5.2 Segregated two steps access control . 13
5.6 Biometric performance and error rates . 13
6 Accessibility, usability, and guidance . 14
6.1 General . 14
6.2 Accessibility . 14
6.3 Usability . 14
6.4 Guidance . 14
6.5 Segregated two steps access control . 15
7 Privacy and security considerations . 15
7.1 Privacy. 15
7.1.1 General . 15
7.1.2 Segregated two steps access control . 15
7.2 Presentation attack detection . 16
7.3 Group internal linkage . 16
Annex A (informative) Example for need of group internal linkage: Human being trafficking . 17
A.1 Background . 17
A.2 Detection of illegal activities in a two step travel application . 17
Bibliography . 18
European foreword
This document (CEN/TS 17631:2021) has been prepared by Technical Committee CEN/TC 224
“Personal identification and related personal devices with secure element, systems, operations and
privacy in a multi sectorial environment”, the secretariat of which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Introduction
Purpose and Justification:
— Non-discriminative applications: As many subjects as possible are expected to be able to access a
biometric system. A large number of the overall public is smaller groups, such as families or
accompanied persons, and they will not be discriminated against.
— High throughput: One main objective of the use of biometric access control systems for biometric
subjects as well as for operators is the speed of the process and the prevention of queuing times.
This would include the applicability of processes to as many persons as possible.
— Increasing automation: Automation can limit time spent on recurrent processes and can decrease
the need for (e.g. human and financial) resources. As automation is increasing also in daily life
applications, e.g. access to leisure facilities, applications in smart cities etc., the approach should be
inclusive and cover most user groups. Such an inclusion of smaller groups into automated access
control processes would be the expectation of the public, as such groups are a major fraction of all
parties in real life.
— Focus sharpening: Human interaction and staff allocation could in such an automated system focus
on more difficult and more complex cases. That way, as easier cases are processed automatically,
the more complex cases themselves can be treated faster, and they do not slow down the overall
process.
— Prevention of child trafficking: When designing biometric access systems for small groups,
measures should be considered to prevent child trafficking e.g. by providing a group internal
linkage. This could massively improve the security level as of today.
Benefit for Stakeholders include:
— usage harmonization,
— extension of the target user group compared to current biometric access control technology,
— interoperability in workflow and data formats,
— establishment of usable biometric group access in several application environments,
— facilitation of throughput of biometric processes used for access control, and
— integration of biometric technology into security technology.
1 Scope
This document provides guidance on providing access:
— to areas with physical access control, e.g. entertainment facilities, train stations, shops, libraries,
banks, or border control,
— for small groups of persons, e.g. families with small children or seniors, or other accompanied
persons in need of support,
— by means of biometric authentication technologies, e.g. facial, fingerprint, or vein recognition,
— in the European regulatory context.
The document addresses the following aspects, which are specific for biometric and group access:
— accessibility and usability,
— user guidance including group guidance and interaction control,
— privacy including data set content,
— presentation attack detection,
— applicable biometric technologies,
— storage of reference data,
— biometric process integration,
— specific needs considering biometrics for groups,
— biometric performance and error rates, and
— group internal linkage.
The following aspects which reflect on generic access control issues are out of scope:
— IT security,
— application specific physical security,
— policy definition,
— processes not related to biometric authentication, and
— specific performance requirements of identification (1:N) and verification (1:1) applications.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
EN 17054:2019, Biometrics multilingual vocabulary based upon the English version of ISO/IEC
2382-37:2012
3 Terms and definitions
For the purposes of this document, the terms and definitions given in EN 17054:2019 and the following
apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at https://www.electropedia.org/
— ISO Online browsing platform: available at https://www.iso.org/obp
3.1
small group
in the context of access control, group of up to 10 persons with a common purpose that seek access
together
Note 1 to entry: Examples for a common purpose can be a joint travel or a joint visit to a building / a site.
Note 2 to entry: This document is mainly focussing on families or accompanied persons; the maximum size
depends on the application.
4 Symbols and abbreviations
FAR false acceptance rate
FRR false rejection rate
FTA failure to acquire
MRZ machine readable zone
PAD presentation attack detection
5 Group access control processes and technologies
5.1 Architecture
5.1.1 General
The access point architecture shall support authentication of small groups of persons using biometric
technology and additional token or documentation, e.g. mobile phone or tickets. Therefore, a system
needs to have at least two elements: one for capturing biometric data and one for checking the
authorization to access e.g. by an additional token or documentation.
EXAMPLE Family with a ticket for the zoo, or family going to a swimming pool with their crede
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.