iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 24713-3:2009

(Main)

Information technology — Biometric profiles for interoperability and data interchange — Part 3: Biometrics-based verification and identification of seafarers

Information technology — Biometric profiles for interoperability and data interchange — Part 3: Biometrics-based verification and identification of seafarers

In order to support a globally interoperable system of seafarers' identity documents, ISO/IEC 24713-3:2009 establishes a biometric profile to define how to use biometrics for verification and identification of seafarers at the various stages of document issuance and inspection. It defines a set of base standards and criteria for applying those standards in applications where identity documents are issued to seafarers and biometrics are used to link each document to the seafarer to whom it was issued. It attempts to provide information on the processes surrounding the enrolment and verification or identification of seafarers so that the biometric components of the system can be used in a proper context. It also addresses other system components such as the storage medium for the biometric data and the security of the system, since these will affect the use of the biometric technology.

Technologies de l'information — Profils biométriques pour interopérabilité et échange de données — Partie 3: Vérification basée sur la biométrie et identification des navigateurs

General Information

Status
Published
Publication Date
26-Aug-2009
ICS
35.040 - Information coding
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
ISO/IEC JTC 1/SC 37 - Biometrics
Drafting Committee
ISO/IEC JTC 1/SC 37/WG 4 - Technical Implementation of Biometric Systems
Current Stage
9093 - International Standard confirmed
Completion Date
03-Feb-2021
Ref Project

Buy Standard

ISO/IEC 24713-3:2009 - Information technology -- Biometric profiles for interoperability and data interchangeISO/IEC 24713-3:2009 - Information technology -- Biometric profiles for interoperability and data interchange
PreviousNext
Standard
ISO/IEC 24713-3:2009 - Information technology -- Biometric profiles for interoperability and data interchange
English language
37 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 24713-3
First edition
2009-09-01

Information technology — Biometric
profiles for interoperability and data
interchange —
Part 3:
Biometrics-based verification and
identification of seafarers
Technologies de l'information — Profils biométriques pour
interopérabilité et échange de données —
Partie 3: Vérification basée sur la biométrie et identification des
navigateurs




Reference number
ISO/IEC 24713-3:2009(E)
©
ISO/IEC 2009

---------------------- Page: 1 ----------------------
ISO/IEC 24713-3:2009(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2009
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2009 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 24713-3:2009(E)
Contents Page
Foreword .v
Introduction.vi
1 Scope.1
2 Conformance .1
3 Normative references.1
4 Terms and definitions .2
5 Abbreviated terms.3
6 Application requirements .3
6.1 General .3
6.2 Requirements of ILO SID convention.4
6.2.1 Physical composition of the document .4
6.2.2 Personal data contained in the document.4
6.2.3 Biometric data contained in the document .4
6.2.4 Visibility of data .5
6.2.5 Secure electronic database.5
6.2.6 Restrictions on database content.5
6.2.7 Access to the database.5
6.2.8 Data protection and privacy .6
6.3 Suitable biometric modalities .6
6.4 Performance levels.6
6.5 Data storage formats and data storage media .7
6.5.1 General .7
6.5.2 Two dimensional bar code .7
6.5.3 Contactless integrated circuit.8
6.5.4 Secure electronic database.8
6.6 Security requirements.10
6.6.1 General .10
6.6.2 Protection of biometric data on the SID.10
6.6.3 Authentication of biometric data on the SID .11
6.6.4 Protection of the secure electronic database .11
6.6.5 General security requirements .11
6.7 Enrolment procedures .12
6.8 Verification procedures .14
6.8.1 General .14
6.8.2 Off-line verification procedure .15
6.8.3 On-line verification procedure .16
Annex A (normative) Requirements list .18
A.1 General .18
A.2 Relationship between RL and corresponding ICS proformas.18
A.3 Profile specific implementation conformance statement .18
A.4 Instruction for completing the ICS proforma .19
A.4.1 General structure of the ICS proforma.19
A.4.2 Additional Information .19
A.4.3 Exception Information.19
A.5 ICS proforma.20
A.6 Interchange formats.21
A.6.1 Finger image data (ISO/IEC 19794-4).21
A.6.2 Finger minutia data (ISO/IEC 19794-2) .23
© ISO/IEC 2009 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 24713-3:2009(E)
A.6.3 Face image data (ISO/IEC 19794-5).25
A.6.4 ISO/IEC 19785 (CBEFF) .28
Annex B (normative) CBEFF patron format for the SID .30
B.1 Patron.30
B.2 Patron identifier .30
B.3 Patron format name.30
B.4 Patron format identifier .30
B.5 ASN.1 object identifier for this patron format.30
B.6 Domain of use .30
B.7 Version identifier.30
B.8 CBEFF version .31
B.9 General.31
B.10 Bit oriented patron format specification and conformance statement.31
B.10.1 Specification.32
B.11 Patron format conformance statement .32
B.11.1 Identifying information.32
B.11.2 CBEFF-defined data elements and abstract values.33
B.11.3 Patron defined data elements and abstract values.33
Annex C (normative) CBEFF security block for the SID .34
C.1 Introduction.34
C.2 SB owner .35
C.3 SB owner identifier .35
C.4 SB format name .35
C.5 SB format identifier.35
C.6 ASN.1 object identifier for this SB format.35
C.7 Version identifier.35
C.8 SB specification.35
C.9 Size of the SB encoding.36
Bibliography .37

iv © ISO/IEC 2009 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 24713-3:2009(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 24713-3 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 37, Biometrics.
ISO/IEC 24713 consists of the following parts, under the general title Information technology — Biometric
profiles for interoperability and data interchange:
⎯ Part 1: Overview of biometric systems and biometric profiles
⎯ Part 2: Physical access control for employees at airports
⎯ Part 3: Biometrics-based verification and identification of seafarers
© ISO/IEC 2009 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 24713-3:2009(E)
Introduction
The International Labour Organization, in response to a request from the International Maritime Organization,
has adopted the Seafarers' Identity Documents Convention (Revised), 2003 (No.185). This convention
requires all seafarers from ratifying nations to be issued with an identity document that follows a uniform
format, has specific physical security features, and uses biometrics to link the seafarer to their identity
document. Currently Convention No. 185 specifies the use of two fingerprints stored in a two-dimensional bar
code, but the choice of biometric modality and storage medium could be changed provided backwards
compatibility is maintained.
In order to support a globally interoperable system of Seafarers' Identity Documents (SIDs), this part of
ISO/IEC 24713 establishes a biometric profile to define how to use biometrics for verification and identification
of seafarers at the various stages of document issuance and inspection. It defines a set of base standards and
criteria for applying those standards in applications where identity documents are issued to seafarers and
biometrics are used to link each document to the seafarer to whom it was issued. It attempts to provide
information on the processes surrounding the enrolment and verification or identification of seafarers so that
the biometric components of the system can be used in a proper context. It also addresses other system
components such as the storage medium for the biometric data and the security of the system, since these
will affect the use of the biometric technology. This part of ISO/IEC 24713 is intended for use in the maritime
industry, but can be applicable to other situations where identification and verification of document holders are
necessary during document issuance or inspection.
The use of biometric data includes identification checks during the issuance of the document, when watchlists
can be checked and the entire database of existing seafarers can be searched to prevent a single seafarer
from establishing multiple identities.
It also includes the use of biometric data for verification when a card is presented at a control point by a
person claiming to be the seafarer to whom the card was issued. Such control points can include port
entrances, ship gangplanks, border crossing points where a seafarer must verify themselves to immigration
authorities and any other situation where the seafarer needs to verify their identity as a seafarer. This
verification is expected to be performed not only indoors under controlled conditions, but also outdoors in
difficult conditions, including harsh wet weather, salt spray, high humidity and high temperatures. Biometric
equipment and credentials have to be capable of functioning in all such environments.
This part of ISO/IEC 24713 is not intended in any way to conflict with the existing international Convention
No. 185 established by the International Labour Organization and ratified by various member states of the
ILO. Instead, the approaches profiled in this part of ISO/IEC 24713 can be used to satisfy the requirements of
the current version of Convention No. 185 while also allowing alternative approaches outlined in this part of
ISO/IEC 24713 to be used in the future by the ILO if the technical documents associated with or annexes of
Convention No. 185 are modified. To this end, the concept of backwards compatibility is stressed. The
fundamental choices already made by the ILO of the use of a minutiae-based, two-finger template for seafarer
verification, of the inclusion of a photograph and signature in the visible area of the SID, and of the use of a
two-dimensional barcode as a storage medium are respected in this profile. Where alternative technology
choices are promoted, they are defined in such a way that there will still be backwards compatibility with
existing SIDs.
This part of ISO/IEC 24713 defines a CBEFF patron format in Annex B and a CBEFF Security Block in
Annex C that are suitable for the limited storage available in a two dimensional barcode and which may be
relevant for other storage constrained environments.

vi © ISO/IEC 2009 – All rights reserved

---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO/IEC 24713-3:2009(E)

Information technology — Biometric profiles for interoperability
and data interchange —
Part 3:
Biometrics-based verification and identification of seafarers
1 Scope
This part of ISO/IEC 24713 specifies a biometric profile including data interchange formats, system
requirements, and the operation of biometric procedures on a Seafarers’ Identity Document (SID).
The domain of applicability can extend to other situations where an interoperable biometrics-based identity
document is required, but the main focus is on the use of biometrics on a Seafarers' Identity Document (SID).
This part of ISO/IEC 24713 notes that ILO Convention No. 185 already provides the overarching policy
guidance on biometric verification and identification of seafarers and it relies on that guidance. Determining
any matters of policy beyond those or in contradiction to those included in ILO Convention No. 185 is explicitly
out of scope of this part of ISO/IEC 24713.
2 Conformance
All seafarers' identity documents, systems used for issuing seafarers' identity documents, and systems used
for verification or identification of seafarers that claim conformance to this part of ISO/IEC 24713 shall conform
to the mandatory requirements of Clause 6 of this part of ISO/IEC 24713 and of the normative Annexes
referenced therein.
3 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 7501-1, Identification cards — Machine readable travel documents — Part 1: Machine readable
passport
ISO/IEC 7501-3, Identification cards — Machine readable travel documents — Part 3: Machine readable
official travel documents
ISO/IEC 8824-1:2002, Information technology — Abstract Syntax Notation One (ASN.1): Specification of basic
notation
ISO/IEC 8825-1:2002, Information technology — ASN.1 encoding rules: Specification of Basic Encoding
Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)
ISO/IEC 8825-2:2002, Information technology — ASN.1 encoding rules: Specification of Packed Encoding
Rules (PER)
© ISO/IEC 2009 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO/IEC 24713-3:2009(E)
ISO/IEC 15438:2006, Information technology — Automatic identification and data capture techniques —
PDF417 bar code symbology specification
ISO/IEC 19785-1:2006, Information technology — Common Biometric Exchange Formats Framework —
Part 1: Data element specification
ISO/IEC 19785-3:2007, Information technology — Common Biometric Exchange Formats Framework —
Part 3: Patron format specifications
ISO/IEC 19794-2:2005, Information technology — Biometric data interchange formats — Part 2: Finger
minutiae data
ISO/IEC 19794-4:2005, Information technology — Biometric data interchange formats — Part 4: Finger image
data
ISO/IEC 19794-5:2005, Information technology — Biometric data interchange formats — Part 5: Face image
data
ISO/IEC 19795-4:2008, Information technology — Biometric performance testing and reporting — Part 4:
Interoperability performance testing
ISO/IEC 24713-1:2008, Information technology — Biometric profiles for interoperability and data
interchange — Part 1: Overview of biometric systems and biometric profiles
ISO/IEC 29109-1, Information technology — Conformance testing methodology for biometric data interchange
formats defined in ISO/IEC 19794 — Part 1: Generalized conformance testing methodology
4 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 24713-1 and the following
apply.
NOTE There are some terms which are commonly used in this part of ISO/IEC 24713 but are not explicitly defined.
Specifically, verification authority, issuing authority, competent authority and focal point are terms which address legal
entities that are the responsibility of the ILO and which vary from country to country. These terms are used frequently in
ILO Convention No. 185 but their precise definition is best left to the interpretation of ILO legal experts. Further
explanations can be found by reading Convention No. 185 as provided in the bibiliography or by consulting with the ILO.
4.1
biometric characteristic
measurable, physical characteristic or personal behavioural trait used to recognize the identity, or verify the
claimed identity, of an enrolee
4.2
biometric enrolment
process of creating and storing, for an individual, a data record associated with an individual and including
biometric reference(s) and, typically, non-biometric data
4.3
biometric feature
concise representation of information extracted from an acquired or intermediate biometric sample by applying
a mathematical transformation
4.4
biometric model
stored function (dependent on the biometric data subject) generated from a biometric feature(s)
2 © ISO/IEC 2009 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/IEC 24713-3:2009(E)
4.5
biometric reference
one or more stored biometric samples, biometric templates or biometric models attributed to a biometric data
subject and used for comparison
4.6
enrolee
person who has a biometric reference template recorded for the purpose of issuing a SID
4.7
IC chip
processor and storage embedded in a SID that contains information suitable for verification of the seafarers’
identity when read by a SID verification station that is equipped to communicate with an IC chip
NOTE This is also called a contactless integrated circuit.
4.8
seafarer
person who is employed or is engaged or works in any capacity on board a vessel (other than a ship of war)
ordinarily engaged in maritime navigation
4.9
Seafarers' Identity Document
SID
document containing identifying information about a seafarer including demographic information, a photo of
that seafarer and biometric data contained within a PDF 417 bar code or optionally an IC chip
NOTE It is expected that in initial deployments of SIDs the inclusion of an IC chip will be optional but that more
deployments will migrate to that technology as IC chips and the technology to perform biometric verification using IC chips
become ubiquitous.
4.10
SID verification station
system of hardware and software that supports the biometric verification of a seafarer's identity using
information recorded on the SID, optionally including the capability to perform on-line verification of the SID
with a secure electronic database provided by the issuing authority that issued the SID
NOTE A single verification authority will often support multiple SID verification stations, some of which may be
required to function on board ships or in other difficult environments where no on-line access is available.
5 Abbreviated terms
CBEFF Common Biometric Exchange Formats Framework
ILO International Labour Organization
SID Seafarers' Identity Document
6 Application requirements
6.1 General
The requirements of a globally interoperable system of seafarers' identity documents to be used for the
biometric verification and identification of seafarers are outlined in this clause. The requirements focus on the
biometric aspects of this application, but where other aspects affect the use of biometrics, they are also
discussed. These requirements are intended to be in accordance with the regulatory requirements of the
Seafarers' Identity Documents Convention (Revised), 2003 (No.185) [3] and to ensure backwards
© ISO/IEC 2009 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO/IEC 24713-3:2009(E)
compatibility with the existing practices of the ILO and with SIDs already issued. There are currently several
requirements of the existing Convention that would be difficult to change and which this standard normatively
requires for all verification and identification of seafarers. Permission has been given for certain portions of
Convention No. 185 to be quoted directly in this document, and these are used to help define the
requirements. The relevant sections of Convention No. 185 (renumbered to make sense when quoted without
the full text of the Convention) follow in Clause 6.2.
6.2 Requirements of ILO SID convention
6.2.1 Physical composition of the document
The seafarers' identity document shall be designed in a simple manner, be made of durable material, with
special regard to conditions at sea and be machine-readable. The materials used shall:
a) prevent tampering with the document or falsification, as far as possible, and enable easy detection of
alterations; and
b) be generally accessible to governments at the lowest cost consistent with reliably achieving the purpose
set out in (a) above.
NOTE 1 This requirement comes from Article 3, paragraph 2 of Convention No. 185 [3].
NOTE 2 The specific details associated with this requirement are found by reference to the physical layout and
document specifications for either a TD-3 booklet size document as defined in ISO/IEC 7501-1 or preferably a TD-1 card
size document as defined in ISO/IEC 7501-3.
6.2.2 Personal data contained in the document
Particulars about the holder included in the seafarer's identity document shall be restricted to the following:
a) full name (first and last names where applicable);
b) sex;
c) date and place of birth;
d) nationality;
e) any special physical characteristics that may assist identification;
f) digital or original photograph; and
g) signature
NOTE This requirement comes from Article 3, paragraph 7 of Convention No. 185 [3].
6.2.3 Biometric data contained in the document
Notwithstandi
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 19785-3:2020(Main)
Information technology — Common Biometric Exchange Formats Framework — Part 3: Patron format specifications

This document specifies and publishes registered Common Biometric Exchange Formats Framework (CBEFF) patron formats defined by the CBEFF patron ISO/IEC JTC 1/SC 37, and specifies their registered CBEFF patron format types (see ISO/IEC 19785-1) and resulting full ASN.1 OIDs.

  • Standard
    151 pages
    English language
    sale 15% off
  • Draft
    151 pages
    English language
    sale 15% off
ISO
ISO/IEC 24779-5:2020(Main)
Information technology — Cross-jurisdictional and societal aspects of implementation of biometric technologies — Pictograms, icons and symbols for use with biometric systems — Part 5: Face applications

The ISO/IEC 24779 series of standards focuses on communication with the data capture subject. This document contains a set of pictograms, icons and symbols to help the general public understand the concepts and procedures for using electronic systems that collect and/or evaluate facial images. Operators can use this document, with the possibility of using additional symbols and information. This set of pictograms, icons and symbols is designed to be used to: — identify the type of biometric sensor; — provide supporting instructions related to facial image collection. To provide this functionality, the set of pictograms, icons and symbols includes both directional pictograms, icons and symbols and action or feedback pictograms, icons and symbols. The facial image pictograms, icons and symbols include: — facial image capture; — single person; — no hat; — no sunglasses; — neutral expression; — hair up; — view direction. Although the pictograms, icons and symbols are presented individually, the pictograms, icons and symbols are intended to be combined to fully illustrate the facial image capture interaction. For example, in a customs or immigration environment, procedures constructed from the individual pictograms, icons and symbols could be presented as: — a series of posters while passengers are in the queue; — a series of transitional frames in a biometric booth; — an animated video or series of transitional frames while passengers are in the queue; — instructional leaflets for passengers to read in the queue.

  • Standard
    7 pages
    English language
    sale 15% off
ISO
ISO/IEC 30137-1:2019(Main)
Information technology — Use of biometrics in video surveillance systems — Part 1: System design and specification

The ISO 30137 series is applicable to the use of biometrics in VSS (also known as Closed Circuit Television or CCTV systems) for a number of scenarios, including real-time operation against watchlists and in post event analysis of video data. In most cases, the biometric mode of choice will be face recognition, but this document also provides guidance for other modalities such as gait recognition. This document: — defines the key terms for use in the specification of biometric technologies in a VSS, including metrics for defining performance; — provides guidance on selection of camera types, placement of cameras, image specification etc. for the operation of a biometric recognition capability in conjunction with a VSS; — provides guidance on the composition of the gallery (or watchlist) against which facial images from the VSS are compared, including the selection of appropriate images of sufficient quality, and the size of the gallery in relation to performance requirements; — makes recommendations on data formats for facial images and other relevant information (including metadata) obtained from video footage, used in watchlist images, or from observations made by human operators; — establishes general principles for supporting the operator of the VSS, including user interfaces and processes to ensure efficient and effective operation, and highlights the need to have suitably trained personnel; — highlights the need for robust governance processes to provide assurance that the implemented security, privacy and personal data protection measures specific to the use of biometric technologies with a VSS (e.g. internationally recognizable signage) are fit for purpose, and that societal considerations are reflected in the deployed system. This document also provides information on related recognition and detection tasks in a VSS such as: — estimation of crowd densities; — determining patterns of movement of individuals; — identification of individuals appearing in more than one camera; — use of other biometric modalities such as gait or iris; — use of specialized software to infer attributes of individuals, e.g. estimation of gender and age; — interfaces to other related functionality, e.g. video analytics to measure queue lengths or to alert for abandoned baggage.

  • Standard
    46 pages
    English language
    sale 15% off
ISO
ISO/IEC 30106-1:2016/Amd 1:2019(Amendment)
Information technology — Object oriented BioAPI — Part 1: Architecture — Amendment 1: Additional specifications and conformance statements
  • Standard
    17 pages
    English language
    sale 15% off
ISO
ISO/IEC 20027:2018(Main)
Information technology — Guidelines for slap tenprint fingerprintture

This document provides guidelines to follow during the acquisition process of slap tenprints in order to obtain fingerprints of the best quality possible within acceptable time constraints. Non-cooperative users are out of the scope of this document. When using ten-fingerprint sensors, it is fundamental to know how to use them and how to proceed with the acquisition. This document describes how to capture fingerprints correctly by specifying best practices for slap tenprint captures. It gives recommendations on the following topics: 1) hardware of the fingerprint sensor and its deployment; 2) user guidance; 3) enrolment process including a sample workflow; 4) application software for developers and system integrators; 5) processing, compression and coding of the acquired fingerprint images; 6) operational issues and data logging; 7) evaluation of a solution and its components. Although this document primarily focuses on reaching optimal data quality for enrolment purposes, the recommendations given here are applicable for other purposes. All processes which rely on good quality tenprint slaps can take advantage of the best practices.

  • Standard
    16 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 29196:2018(Main)
Information technology — Guidance for biometric enrolment

This document consolidates information relating to successful, secure and usable implementation of biometric enrolment processes, while indicating risk factors that organisations proposing to use biometric technologies will should address during procurement, design, deployment and operation. Much of the information is generic to many types of application, e.g. from national scale commercial and government applications, to closed systems for in-house operations, and to consumer applications. However, the intended application and its purpose often have influence on the necessary enrolment data quality and are intended to be taken into account when specifying an enrolment system and process. The document points out the differences in operation relating to specific types of application, e.g. where self-enrolment is more appropriate than attended operation. This document focuses on mandatory, attended enrolment at fixed locations. In summary, this document consolidates information relating to better practice implementation of biometric enrolment capability in various business contexts including considerations of process, function (system), and technology, as well as legal/privacy and policy aspects. The document provides guidance on collection and storage of biometric enrolment data and the impact on dependent processes of verification and identification. This document does not include material specific to forensic and law enforcement applications. This document does not contain any mandatory requirements. The following terms are used in this document to provide guidance. The terms "should" and "should not" indicate that among several possibilities one is recommended as particularly suitable, without mentioning or excluding others, or that a certain course of action is preferred but not necessarily required, or that (in the negative form) a certain possibility or course of action is discouraged but not prohibited. The term "may" indicates a course of action permissible within the limits of the publication. The terms "can" and "cannot" indicate a possibility and capability, whether material, physical or causal.

  • Technical report
    55 pages
    English language
    sale 15% off
ISO
ISO/IEC 19784-1:2018(Main)
Information technology — Biometric application programming interface — Part 1: BioAPI specification

ISO/IEC 19784-1:2018 defines the Application Programming Interface (API) and Service Provider Interface (SPI) for standard interfaces within a biometric system that support the provision of that biometric system using components from multiple vendors. It provides interworking between such components through adherence to this and to other International Standards. For use in a system that does not include a BioAPI Framework (called a framework-free BioAPI system), only the SPI interface is applicable, with applications interfacing directly to that in a platform-specific manner. NOTE 1 Many clauses and/or sub-clauses of this document are not applicable for implementation of a framework-free BioAPI system. These are identified at the head of the clause of sub-clause. The BioAPI specification is applicable to a broad range of biometric technology types. It is also applicable to a wide variety of biometrically enabled applications, from personal devices, through network security applications, to large complex identification systems. ISO/IEC 19784-1:2018 supports an architecture in which a BioAPI Framework supports multiple simultaneous biometric applications (provided by different vendors), using multiple dynamically installed and loaded (or unloaded) Biometric Service Provider (BSP) components and BioAPI Units (provided by other different vendors), possibly using one of an alternative set of BioAPI Function Provider (BFP) components (provided by other vendors) or by direct management of BioAPI Units. NOTE 2 Where BioAPI Units are provided by a different vendor fom a BSP, a standardised BioAPI Function Provider Interface (FPI) may be needed. This is outside the scope of this document, but is specified by later parts for the different categories of FPI. NOTE 3 Where a BioAPI Framework is not used in a system, the ability to support multiple applications and multiple BSPs is platform-dependent and depends on the nature of the system-integration techniques employed. ISO/IEC 19784-1:2018 is not required (and should normally not be referenced) when a complete biometric system is being procured from a single vendor, particularly if the addition or interchange of biometric hardware, services, or applications is not a feature of that biometric system. (Such systems are sometimes referred to as "embedded systems".) Standardisation of such systems is not in the scope of this document. ISO/IEC 19784-1:2018 does not define security requirements for biometric applications and biometric service providers. NOTE 4 ISO 19092 provides guidelines on security aspects of biometric systems[3]. The performance of biometric systems (particularly in relation to searches of a large population to provide the biometric identification capability) is not in the scope of this document. Trade-offs between interoperability and performance are not in the scope of this document. ISO/IEC 19784-1:2018 specifies a version of the BioAPI specification that is defined to have a version number described as Major 2, Minor 0, or version 2.0. It also specifies a version number described as Major 2, Minor 1, or version 2.1 that provides an enhanced Graphical User Interface. It also specifies a version number described as Major 2, Minor 2, or version 2.2 that provides features supporting fusion and security. Some clauses and sub-clauses apply only to one of these versions, some to two or more. This is identified at the head of the relevant clauses and sub-clauses. NOTE 5 Earlier versions of the BioAPI specification were not International Standards. NOTE 6 The differences between the requirements of the 2.0 specification and the 2.1 specification for framework-free operation relate only to the biometric type values and encodings. Conformance requirements are specified in Clause 5.

  • Standard
    234 pages
    English language
    sale 15% off
ISO
ISO/IEC 30136:2018(Main)
Information technology — Performance testing of biometric template protection schemes

ISO/IEC 30136:2018 supports evaluation of the accuracy, secrecy, and privacy of biometric template protection schemes. It establishes definitions, terminology, and metrics for stating the performance of such schemes. Particularly, this document establishes requirements for the measurement and reporting of: - theoretical and empirical accuracy of biometric template protection schemes, - theoretical and empirical probability of a successful attack on biometric template protection schemes (single or multiple), and - the information leaked about the original biometric when one or more biometric template protection schemes are compromised. ISO/IEC 30136:2018 also gives guidance on measuring and reporting diversity and unlinkability of templates. ISO/IEC 30136:2018 does not: - establish template protection schemes; - address testing of traditional encryption schemes.

  • Standard
    23 pages
    English language
    sale 15% off
ISO
ISO/IEC 19794-13:2018(Main)
Information technology — Biometric data interchange formats — Part 13: Voice data

ISO/IEC 19794-13:2018 specifies a data interchange format that can be used for storing, recording, and transmitting digitized acoustic human voice data (speech) assumed to be from a single speaker recorded in a single session. This format is designed specifically to support a wide variety of Speaker Identification and Verification (SIV) applications, both text-dependent and text-independent, with minimal assumptions made regarding the voice data capture conditions or the collection environment. Other uses for the data encapsulated in this format, such as automated speech recognition (ASR), may be possible, but are not addressed in this documnet. This document also does not address handling of data that has been processed to the feature or voice model levels. No application-specific requirements, equipment, or features are addressed in this document. This document supports the optional inclusion of non-standardized extended data. This document allows both the original data captured and digitally-processed (enhanced) voice data to be exchanged. A description of any processing of the original source input is intended to be included in the metadata associated with the voice representations (VRs). This document does not address data streaming. Provisions that stored and transmitted biometric data be time-stamped and that cryptographic techniques be used to protect their authenticity, integrity and confidentiality are out of the scope of this document. Information formatted in accordance with this document can be recorded on machine-readable media or can be transmitted by data communication between systems. A general content-oriented subclause describing the voice data interchange format is followed by a subclause addressing an XML schema definition. ISO/IEC 19794-13:2018 includes vocabulary in common use by the speech and speaker recognition community, as well as terminology from other ISO standards.

  • Standard
    26 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 24741:2018(Main)
Information technology — Biometrics — Overview and application

ISO/IEC TR 24741:2018 describes the history of biometrics and what biometrics does, the various biometric technologies in general use today (for example, fingerprint recognition and face recognition) and the architecture of the systems and the system processes that allow automated recognition using those technologies. It also provides information about the application of biometrics in various business domains such as border management, law enforcement and driver licensing, the societal and jurisdiction considerations that are typically taken into account in biometric systems, and the international standards that underpin their use.

  • Technical report
    33 pages
    English language
    sale 15% off