ISO/IEC FDIS 19785-2
(Main)Information technology — Common Biometric Exchange Formats Framework — Part 2: Procedures for the operation of the Biometric Registration Authority
Information technology — Common Biometric Exchange Formats Framework — Part 2: Procedures for the operation of the Biometric Registration Authority
Technologies de l'information — Cadre de formats d'échange biométriques communs — Partie 2: Procédures pour le fonctionnement de l'organisme d'enregistrement biométrique
General Information
Relations
Standards Content (Sample)
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
19785-2
ISO/IEC JTC 1
Information technology — Common
Secretariat: ANSI
Biometric Exchange Formats
Voting begins on:
Framework —
2011-11-24
Part 2:
Voting terminates on:
2012-01-24
Procedures for the operation of the
Biometric Registration Authority
Technologies de l'information — Cadre de formats d'échange
biométriques communs —
Partie 2: Procédures pour le fonctionnement de l'organisme
d'enregistrement biométrique
Please see the administrative notes on page iii
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPORT-
ING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC FDIS 19785-2:2011(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
©
ISO/IEC 2011
NATIONAL REGULATIONS.
---------------------- Page: 1 ----------------------
ISO/IEC FDIS 19785-2:2011(E)
Copyright notice
This ISO document is a Draft International Standard and is copyright-protected by ISO. Except as permitted
under the applicable laws of the user's country, neither this ISO draft nor any extract from it may be
reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic,
photocopying, recording or otherwise, without prior written permission being secured.
Requests for permission to reproduce should be addressed to either ISO at the address below or ISO's
member body in the country of the requester.
ISO copyright office
Case postale 56 CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Reproduction may be subject to royalty payments or a licensing agreement.
Violators may be prosecuted.
ii © ISO/IEC 2011 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC FDIS 19785-2:2011(E)
In accordance with the provisions of Council Resolution 21/1986, this document is circulated in the
English language only.
© ISO/IEC 2011 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC FDIS 19785-2:2011(E)
Contents Page
Forew ord .v
Introduction .vi
1 Scope .1
2 Normative references .1
3 Terms and definitions .1
4 Abbreviated terms .2
5 General .3
5.1 Assignment of identifiers to biometric organizations and biometric objects .3
5.2 ASN.1 object identifier components .3
5.3 Initiation of a new biometric object register .5
5.4 Registration authority operational considerations .6
6 Appointment of the registration authority .6
7 Fees .6
8 Registration procedures for CBEFF biometric organizations and CBEFF patrons .7
8.1 General .7
8.2 Application for registration as a CBEFF biometric organization or as a CBEFF patron .7
8.3 Review of applications .7
8.3.1 Procedure .7
8.3.2 Response time .8
8.4 Confirmation process .8
8.5 Objection process for CBEFF patron registrations .8
9 Registration procedures for biometric objects .8
9.1 General .8
9.2 Application for registration of a biometric object .8
9.3 Review of applications .9
9.3.1 Procedure .9
9.3.2 Response time .9
9.4 Confirmation process .9
9.5 Objection process.9
10 Content of applications .9
10.1 General .9
10.2 Application for registration as a biometric organization or as a CBEFF patron .9
10.3 Application for registration of a biometric object .10
11 Maintenance of a web-based register .10
Annex A (normative) Registration authority .12
Bibliography .13
iv © ISO/IEC 2011 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC FDIS 19785-2:2011(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 19785-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 37, Biometrics.
This second edition cancels and replaces the first edition (ISO/IEC 19785-2:2006), which has been technically
revised. It also incorporates the Amendment ISO/IEC 19785-2:2006/Amd.1:2010.
ISO/IEC 19785 consists of the following parts, under the general title Information technology — Common
Biometric Exchange Formats Framework:
Part 1: Data element specification
Part 2: Procedures for the operation of the Biometric Registration Authority
Part 3: Patron format specifications
Part 4: Security block format specifications
© ISO/IEC 2011 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC FDIS 19785-2:2011(E)
Introduction
Biometric-based authentication systems and applications are expected to support multiple biometric devices,
multiple biometric data formats, and multiple algorithms for feature extraction, comparison, quality
determination and compression, possibly each from a different vendor. The Common Biometric Exchange
Formats Framework (CBEFF) promotes interoperability of biometric-based application programs and systems
developed by different vendors by facilitating biometric data interchange. This part of ISO/IEC 19785 supports
such exchanges by providing unambiguous identification of biometric organizations, formats and products,
with separate registration of identifiers for components of products that are biometric products, including
specialized products like capture devices, feature extraction algorithms, comparison algorithms, quality
algorithms, or compression algorithms.
This part of ISO/IEC 19785 specifies procedures for a registration authority that is responsible for the
assignment of ASN.1 object identifier components to identify biometric objects to provide globally
unambiguous identification in the context of the CBEFF ASN.1 object identifier.
The registration process is universal, assigns unique and unambiguous identifiers, and avoids changes in
identifiers over time.
The publication of the registers promotes compatibility in interchange of biometric data and improves
interoperability of biometric systems. Registration provides an identifier, but registration should not be
regarded as a standardization procedure. Nevertheless, as a matter apart from registration, the registered
object may, but need not, be the subject of an international, national, or other standard.
vi © ISO/IEC 2011 – All rights reserved
---------------------- Page: 6 ----------------------
FINAL DRAFT INTERNATIONAL STANDARD ISO/IEC FDIS 19785-2:2011(E)
Information technology — Common Biometric Exchange
Formats Framework —
Part 2:
Procedures for the operation of the Biometric Registration
Authority
1 Scope
This part of ISO/IEC 19785 specifies the procedures to be followed by the Biometric Registration Authority in
preparing, maintaining, and publishing registers of identifiers for biometric organizations and biometric objects.
2 Normative references
The following referenced document is indispensable for the application of this document. For dated references,
only the edition cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
ISO/IEC 19785-1, Information technology — Common Biometric Exchange Formats Framework — Part 1:
Data element specification
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 19785-1 and the following apply.
3.1
applicant
organization requesting registration as a CBEFF biometric organization, or a registered CBEFF biometric
organization requesting registration of a biometric object
3.2
BDB format
format of a BDB (biometric data block) defined by a CBEFF biometric organization
3.3
biometric object
something related to the field of biometrics that fits a category definition as established by an International
Standard and that can be identified by a unique ASN.1 identifier that has been registered in a biometric
register
NOTE Examples of biometric object categories include, but are not limited to, biometric data blocks (BDBs), biometric
products, and security blocks (SBs). International Standards which define types of biometric objects include
ISO/IEC 19784, ISO/IEC 19785 and ISO/IEC 19794.
3.4
CBEFF biometric organization
organization whose charter includes relevance to the field of biometrics and which has registered with the
Biometric Registration Authority to obtain a unique organization identifier value
© ISO/IEC 2011 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO/IEC FDIS 19785-2:2011(E)
3.5
CBEFF patron format identifier
identifier for a CBEFF patron format that is unambiguous within the context of a CBEFF patron identifier
3.6
CBEFF patron identifier
CBEFF biometric organization identifier of a CBEFF patron
3.7
register
record of assigned identifiers for CBEFF biometric organizations and biometric objects
3.8
registrar
person or organization appointed by a registration authority, responsible for preparing and maintaining the
register(s)
3.9
registration authority
organization nominated and appointed by the ISO/IEC Council to prepare and maintain registers
3.10
relevant ISO/IEC subcommittee
ISO/IEC subcommittee responsible for the maintenance of this International Standard
3.11
security block format
format of a security block defined by a CBEFF biometric organization
3.12
specialized biometric product
biometric product which is in one of the following categories: capture device, feature extraction algorithm,
comparison algorithm, quality algorithm, or compression algorithm
NOTE A specialized biometric product can be registered both as a specialized biometric product of the appropriate
category and also as a (general) biometric product.
4 Abbreviated terms
The following abbreviated terms are used in this part of ISO/IEC 19785.
ASN.1 Abstract Syntax Notation One
BDB biometric data block
BIR biometric information record
CBEFF common biometric exchange formats framework
RA registration authority
SB security block
URL Uniform Resource Locator
2 © ISO/IEC 2011 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/IEC FDIS 19785-2:2011(E)
5 General
5.1 Assignment of identifiers to biometric organizations and biometric objects
5.1.1 The Biometric Registration Authority shall assign identifiers to biometric organizations and shall
record such values in the biometric organization register. Identifiers shall be expressible as 16-bit positive
integers (see 5.2.4). The value zero and the values in sequence beginning from 61440 (F000 hex) to 65535
(FFFF hex) shall be reserved in the register of biometric organizations and shall not be assigned. Values
assigned to subcommittees of ISO/IEC JTC 1 shall be assigned in sequence beginning from 257 (0101 hex)
to 511 (01FF hex). Values assigned to all other biometric organizations shall be assigned in sequence
beginning from one (0001 hex) to 256 (0100 hex), and 512 (0200 hex) to 61439 (EFFF hex).
5.1.2 Individual biometric organizations shall assign identifiers to the biometric objects that they seek to
register. Biometric organizations shall not assign duplicate identifiers to objects of the same object type. As
with biometric organization identifiers, biometric object identifiers shall be expressible as 16-bit positive
integers.
5.2 ASN.1 object identifier components
5.2.1 This part of ISO/IEC 19785 defines procedures for registration by which ASN.1 object identifier
components are assigned to:
a) organizations concerned with the specification of biometric formats or with biometric products that either
directly, or through the data that they produce, claim conformance to or can be used in conjunction with
ISO/IEC 19785, ISO/IEC 9784, or one of the parts of ISO/IEC 19794;
b) biometric objects of various types where the relevant ISO/IEC subcommittee has formally defined each
type in an International Standard and has requested the Biometric Registration Authority to establish and
maintain a register for that type.
NOTE 1 At the time this revision was being prepared the RA had established and was maintaining registers for the
following types of biometric objects (see 5.2.7 through 5.2.11): BIR formats, BDB formats, SB formats, and biometric
products. Subcategories of specialised biometric products were defined for: capture device, feature extraction algorithm,
comparison algorithm, quality algorithm, and compression algorithm.
NOTE 2 International Standards do not require the registration of biometric objects, but registration is possible if a
CBEFF biometric organization considers that registration would be beneficial.
5.2.2 ASN.1 object identifiers are a form of worldwide unambiguous identification based on a hierarchical
tree structure, and independent hierarchical registration authorities. The ASN.1 object identifier tree has a root
arc, arcs beneath that root arc, arcs beneath each of those arcs, and so on, to any depth. Arcs are identified
by positive integer values (zero upwards) that provide unambiguous identification of an arc within the superior
arc. Arcs can also be given names, but these are subsidiary to the numerical values and are not required.
(Names shall consist of an arbitrary number (one or more) of letters, digits, and hyphens. The first character
shall be a lower-case letter. The last character shall not be a hyphen. A hyphen shall not be immediately
followed by another hyphen.) An object is identified by the sequence of arc values (numerical, or for early arcs,
arc names) from the root to the object.
NOTE For a fuller description of the ASN.1 object identifier tree, see ISO/IEC 8824.
5.2.3 It is possible in representations of an object identifier to imply (by the context of that representation)
identification of part of the path from the root to a node in the object identifier tree. In the extreme case, only a
single object identifier component from that implied node need be represented.
NOTE This is the approach taken by ISO/IEC 19785-1 and by ISO/IEC 19784 (BioAPI). These use a sixteen-bit field
to provide the identification of an object identifier arc beneath an arc that is implied by the context. In other contexts, the
full object identifier value should be given.
© ISO/IEC 2011 – All rights reserved 3
---------------------- Page: 9 ----------------------
ISO/IEC FDIS 19785-2:2011(E)
5.2.4 Components of ASN.1 object identifiers are positive integers (including zero) of unlimited magnitude.
However, there are standards, for example ISO/IEC 19784-1, using the components allocated by this RA that
use a simple 16-bit positive integer encoding for such components. The RA is therefore required to allocate
values for arcs that can be represented as a 16-bit positive integer, and to alert the relevant ISO/IEC
subcommittee before making allocations with any of the top three bits set to one.
NOTE It is expected that allocations will normally start at zero and proceed incrementally upwards except under
exceptional requirements.
5.2.5 Successful registration as a biometric organization provides that biometric organization with a CBEFF
biometric organization identifier. This is a sixteen-bit binary value (that can be interpreted as a positive integer)
for an ASN.1 object identifier arc under
{iso registration-authority cbeff(19785) organizations(0)}
The allocated object identifier value is worldwide unambiguous, but the CBEFF biometric organization
identifier can also be used alone in contexts where the preceding arcs are implied.
5.2.6 A biometric organization that is recognized by the RA as the producer of open standards (standards
that are subject to vetting procedures that ensure that they are technically correct and accurate and have
wide-spread approval) will be recorded as having open standardization privileges, and is then called a CBEFF
patron, and its CBEFF biometric organization identifier is called a CBEFF patron identifier. Any registered
biometric organization can register BDB formats (see 5.2.8), SB formats (see 5.2.9), and biometric products
(see 5.2.10 and 5.2.11), but only a CBEFF patron can register a BIR format - a CBEFF patron format
(see 5.2.7).
5.2.7 Successful registration of a BIR format by a CBEFF patron records that the BIR format is identified by
an arc with a sixteen-bit BIR format identifier (provided by the CBEFF patron) and also called a CBEFF patron
format identifier, under the arc
{iso registration-authority cbeff(19785) organizations(0) birs(1)}
and enables publication of a reference to the specification of that BIR format (CBEFF patron format). The
is either the decimal value of the sixteen-bit CBEFF patron identifier of the definer of the
CBEFF patron format, or is an arc identifier followed by the decimal value in parentheses. The allocated object
identifier value is worldwide unambiguous, but the BIR format identifier can also be used alone in contexts
where the preceding arcs are implied.
5.2.8 Successful registration of a BDB format by a biometric organization records that the BDB format is
identified by an arc with a sixteen-bit BDB format identifier (provided by the CBEFF biometric organization)
under the arc
{iso registration-authority cbeff(19785) organizations(0) bdbs(0)}
and enables publication of a reference to the specification of that BDB format. The is either
the decimal value of the sixteen-bit CBEFF biometric organization identifier of the definer of the BDB format,
or is an arc identifier followed by the decimal value in parentheses. The allocated object identifier value is
worldwide unambiguous, but the BDB format value can also be used alone in contexts where the preceding
arcs are implied.
5.2.9 Successful registration of an SB format by a biometric organization records that that SB format is
identified by an arc with a sixteen-bit SB format identifier (provided by the CBEFF biometric organization)
under the arc
{iso registration-authority cbeff(19785) organizations(0) sb-formats(3)}
and enables publication of a reference to the specification of that SB format. The is either
the sixteen-bit CBEFF biometric organization identifier of the definer of the SB format, or is an arc identifier
followed by the decimal value in parentheses. The allocated object identifier value is worldwide unambiguous,
but the SB format value can also be used alone in contexts where the preceding arcs are implied.
4 © ISO/IEC 2011 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/IEC FDIS 19785-2:2011(E)
5.2.10 Successful registration of a biometric product by a CBEFF biometric organization records that the
biometric product is identified by an arc with a CBEFF biometric product identifier allocated by the Registration
Authority. This is a sixteen-bit binary value (that can be interpreted as a positive integer) for an ASN.1 object
identifier arc under
{iso registration-authority cbeff(19785) organizations(0) products(2)}
The is either the sixteen-bit CBEFF biometric organization identifier of the owner of the
biometric product, or is an arc identifier followed by the decimal value in parentheses. The allocated object
identifier value is worldwide unambiguous, but the biometric product identifier can also be used alone in
contexts where the preceding arcs are implied.
5.2.11 Successful registration of a specialised biometric product by a CBEFF biometric organization records
that the specialised biometric product is identified (within its category) by an arc with a CBEFF biometric
product identifier allocated by the registration authority. This is a sixteen-bit binary value (that can be
interpreted as a positive integer) for an ASN.1 object identifier arc under one of the arcs
{iso registration-authority cbeff(19785) organizations(0)
capture-device(4)}
{iso registration-authority cbeff(19785) organizations(0)
feature-extraction-algorithm(5)}
{iso registration-authority cbeff(19785) organizations(0)
comparison-algorithm(6)}
{iso registration-authority cbeff(19785) organizations(0)
quality-algorithm(7)}
{iso registration-authority cbeff(19785) organizations(0)
compression-algorithm(8)}
according to the category of the specialised product. The is either the sixteen-bit CBEFF
biometric organization identifier of the owner of the biometric product, or is an arc identifier followed by the
decimal value in parentheses. The allocated object identifier value is worldwide unambiguous, but the
biometric product identifier can also be used alone in contexts where the category of the specialised product
(and earlier arcs) is implied.
5.2.12 All the above 16 bit identifiers are notified to applicants, and recorded in the registers as four
hexadecimal digits. These four hexadecimal digits can also be considered as a positive integer value, and the
use of the hexadecimal format does not carry any implications of the representation of this value in machine-
readable or other material.
5.3 Initiation of a new biometric object register
From time to time the relevant ISO/IEC subcommittee may approve an International Standard that defines a
new type of biometric object. That International Standard shall include the name of the new object type and
the decimal value of the new object's arc in the definition of the new biometric object type. For example,
{iso registration-authority cbeff(19785) organizations(0)
new-object-type(xx)}
where xx is the decimal value assigned as the new type's arc and new-object-type is the new name. An
amendment to this International Standard shall not be required to establish the register for the new object type;
the subcommittee shall inform the RA of the requirement to establish the new register. The subcommittee shall
also inform the RA of any additional or different information about the new object type that will require changes
to the table in which the object identifiers are to be published (table columns are: organization name,
organization identifier in decimal and hexadecimal, object identifier in decimal and hexadecimal, object name,
and descriptive information about the object).
© ISO/IEC 2011 – All rights reserved 5
---------------------- Page: 11 ----------------------
ISO/IEC FDIS 19785-2:2011(E)
NOTE The procedure for informing the RA of the need for a new object register is intended to be effective but
informal. When it becomes known to a working group or special group of the subcommittee that a new registered object
type is being defined the WG or SG should inform both the subcommittee's Secretariat and its Liaison to the RA of the
relevant information about the new object type. This will enable the Liaison to monitor the progress of the new object type
until the standard in which it is defined has been approved (successful FDIS or DIS ballot). Prior to the close of the FDIS
or DIS ballot the Liaison should discuss the requirements of the new register with the RA and determine that the RA will be
able to support the new register; the Liaison should inform the Secretariat and the WG/SG chair of the progress of these
discussions. Shortly after the international standard is approved the Liaison should ask the RA to implement the new
register and should inform the Secretariat and the WG/SG chair when the new register is implemented.
5.4 Registration authority operational considerations
5.4.1 The registration authority shall not assign the value zero (X'00 00') to any biometric organization.
5.4.2 The registration authority may at any time submit to the next meeting of the relevant ISO/IEC
subcommittee a request for amendment of this part of ISO/IEC 19785.
5.4.3 The registration authority shall not be liable for any failure to operate under these procedures, or for
any actions in relation to its duties defined in this International Standard, except that it may be discharged of
its duties by the relevant ISO/IEC subcommittee, without penalty, should it fail to satisfactorily operate these
procedures.
NOTE Should the relevant ISO/IEC subcommittee determine that the registration authority be discharged of its duties,
for this or for any other reason, it is expec
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.