iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 9868:2025

(Main)

Information technology — Design, development, use and maintenance of biometric identification systems involving passive capture subjects

Information technology — Design, development, use and maintenance of biometric identification systems involving passive capture subjects

This document provides recommendations and requirements for the design, development, use and maintenance of biometric identification systems involving passive capture subjects, including pre- and post-deployment evaluation. While the emphasis is on surveillance systems, this document is also applicable to other types of biometric identification systems involving passive capture subjects, regardless of biometric characteristic or sensing technology. This includes systems involving passive capture of subjects where some capture subjects enrolled voluntarily. This document does not apply to biometric verification systems and biometric identification systems only involving capture subjects deliberately taking part in the capture. This document does not define specific services, platforms or tools.

Technologies de l'information — Conception, développement, utilisation et maintenance des systèmes d'identification biométriques appliqués sur des sujets de capture passifs

General Information

Status
Published
Publication Date
12-Feb-2025
ICS
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
ISO/IEC JTC 1/SC 37 - Biometrics
Drafting Committee
ISO/IEC JTC 1/SC 37 - Biometrics
Current Stage
6060 - International Standard published
Start Date
13-Feb-2025
Due Date
13-Feb-2025
Completion Date
13-Feb-2025
Ref Project

Buy Standard

ISO/IEC 9868:2025 - Information technology — Design, development, use and maintenance of biometric identification systems involving passive capture subjects Released:13. 02. 2025ISO/IEC 9868:2025 - Information technology — Design, development, use and maintenance of biometric identification systems involving passive capture subjects Released:13. 02. 2025
PreviousNext
Standard
ISO/IEC 9868:2025 - Information technology — Design, development, use and maintenance of biometric identification systems involving passive capture subjects Released:13. 02. 2025
English language
30 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


International
Standard
ISO/IEC 9868
First edition
Information technology — Design,
2025-02
development, use and maintenance
of biometric identification systems
involving passive capture subjects
Technologies de l'information — Conception, développement,
utilisation et maintenance des systèmes d'identification
biométriques appliqués sur des sujets de capture passifs
Reference number
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
3.1 Roles .2
3.2 Categories of biometric identification system and use cases .3
3.3 Miscellaneous .4
4 Abbreviated terms . 4
5 Conformance . 5
6 Scenarios and use of biometric systems involving passive capture subjects . 6
6.1 Main characteristics .6
6.2 Use cases and scenarios.6
6.3 Minimizing identification errors .7
7 Consideration of risk arising from BISPCS . 8
8 Design and development practice . 9
8.1 Biometric system and algorithm .9
8.2 Impact of capture devices on training and testing .10
9 Technical capabilities of the system .10
9.1 Performance .10
9.1.1 General .10
9.1.2 Biometric recognition .10
9.1.3 Demographic differential performance assessment .11
9.1.4 Detection of anomalous image quality .11
9.1.5 Security evaluation and presentation attack detection .11
9.1.6 Third-party ex-ante performance evaluation .11
9.2 Security and integrity . 12
9.3 Biometric data management . 12
9.4 Support for manual review . 13
9.5 Support for human oversight .14
9.6 Support for operational testing .14
9.7 Documentation .14
10 Operational practice .15
10.1 Organizational control . 15
10.2 Competence of biometric system operators . 15
10.3 Operational security.16
10.4 Privacy measures .16
10.4.1 General .16
10.4.2 Privacy principles of ISO/IEC 29100.16
10.4.3 Biometric information protection .19
10.5 Operational monitoring .19
10.5.1 Monitoring .19
10.5.2 Operational testing and internal audit .19
10.5.3 Feedback . 20
10.5.4 Threshold management . 20
10.6 Improvement .21
10.6.1 Retraining of ML-based biometric systems .21
10.6.2 Continuous learning .21
10.6.3 Continual improvement.21
Annex A (informative) Use case profiles .23

© ISO/IEC 2025 – All rights reserved
iii
Annex B (informative) Example audit report .26
Bibliography .30

© ISO/IEC 2025 – All rights reserved
iv
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 37, Biometrics.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2025 – All rights reserved
v
Introduction
Recent improvements in biometric systems, and in particular face recognition, have allowed new usage
for identification systems. Biometric systems using artificial intelligence (AI) techniques are capable
of capturing biometric data in publicly accessible spaces without any deliberate action from the capture
subjects and possibly even without their knowledge.
On 13 March 2024, the European Commission adopted a proposal for a regulation laying down a “uniform
[1]
legal fram
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC TS 22604:2024(Main)
Information technology — Biometric recognition of subjects in motion in access-related systems

This document establishes requirements for the development of biometric solutions for verification and identification processes for secure access without physical contact with any device at any time. The solutions acquire biometric characteristics that are captured while the data subjects are in motion to verify or identify the individuals requiring access, thus controlling access using contactless biometrics.

  • Technical specification
    15 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 24722:2024(Main)
Information technology — Biometrics — Multimodal and other multibiometric fusion

This document provides descriptions and analyses of current practices on multimodal and other multibiometric fusion, including (as appropriate) references to more detailed descriptions. This document contains descriptions and explanations of high-level multibiometric concepts to aid in the explanation of multibiometric fusion approaches including: multi-characteristic-type, multi-instance, multi-sensorial, multialgorithmic, decision-level and score-level logic.

  • Technical report
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 21419:2024(Main)
Information technology — Cross-jurisdictional and societal aspects of implementation of biometric technologies — Use of biometrics for identity management in healthcare

This document describes potential applications of biometrics in identity management systems used for medical and healthcare purposes. It provides feedback from healthcare practitioners on the advantages, disadvantages, risks and priority of implementing certain use cases of healthcare with biometrics. For those use cases, information related to the selection of biometric type and associated measures related to security and privacy protection is provided to system designers. The document concentrates on aspects of the subject which apply to the good management of healthcare services for patients who need monitoring, treatment and care in hospitals, clinics or at home, but can be incapacitated. It does not cover the measurement and interpretation of symptoms and biological data for the purposes of medical treatment or research. The document is intended to be useful for the management of public and private healthcare systems anywhere in the world, and to commercial providers of identity management services and equipment. It is also potentially relevant to regulatory stakeholders addressing issues of privacy and legality, and the assessment of potential vulnerabilities in biometrics and identity management systems applied in the healthcare sector.

  • Technical specification
    25 pages
    English language
    sale 15% off
ISO
ISO/IEC 19795-10:2024(Main)
Information technology — Biometric performance testing and reporting — Part 10: Quantifying biometric system performance variation across demographic groups

This document establishes requirements for estimating and reporting on performance variations observed when cohorts belonging to different demographic groups engage with biometric enrolment and recognition systems. In this context, performance refers to failure-to-enrol rate, failure-to-acquire rate, shifts in comparison score, recognition error rates, and aspects of response and processing time (throughput). This document is applicable to the following: — demographic group membership; — using phenotypic measures; — reporting on tests; — stating statistical uncertainty estimates; — operational thresholds settings; — equitability; — procurement agency activities. This document also provides terms and definitions to be used when reporting performance variation across demographic groups. This document is applicable to: — technology evaluations of algorithms, subsystems and systems; — scenario evaluations of systems; — operational evaluations of fielded systems. Application of this document does not require detailed knowledge of a system’s algorithms but it does require specific knowledge of the demographic characteristics for the population of interest.

  • Standard
    25 pages
    English language
    sale 15% off
ISO
ISO/IEC 29794-4:2024(Main)
Information technology — Biometric sample quality — Part 4: Finger image data

ISO/IEC 29794-4:2017 establishes - terms and definitions for quantifying finger image quality, - methods used to quantify the quality of finger images, and - standardized encoding of finger image quality, for finger images at 196,85 px/cm spatial sampling rate scanned or captured using optical sensors with capture dimension (width, height) of at least 1,27 cm × 1,651 cm.

  • Standard
    60 pages
    English language
    sale 15% off
ISO
ISO/IEC 24741:2024(Main)
Information technology — Biometrics — Overview and application

This document describes the history and purpose of biometrics, the various biometric technologies in general use today (for example, fingerprint recognition, face recognition and iris recognition) and the architecture of the systems and the system processes that allow automated recognition using those technologies. It provides information on the application of biometrics in various business domains, such as border management, law enforcement and driver licencing. It also provides information on the societal and jurisdictional considerations that are typically taken into account in biometric systems. Additionally, this document provides guidance on the use of the International Standards that underpin the use of biometric recognition systems.

  • Standard
    44 pages
    English language
    sale 15% off
ISO
ISO/IEC 29794-1:2024(Main)
Information technology — Biometric sample quality — Part 1: Framework

This document establishes the following items for any or all biometric sample types as necessary: — terms and definitions that are useful in the specification and use of quality measures; — purpose and interpretation of biometric quality scores; — motivation for developing biometric sample datasets for the purpose of quality score normalization; — format for exchange of quality assessment algorithm results; — methods for aggregation of quality scores; — methods for evaluating the efficiency of quality assessment algorithms. The following are outside the scope of this document: — specification of minimum requirements for sample, module, or system quality scores; — standardization of quality assessment algorithms; — assessment of utility of biometric samples or references for human examiners.

  • Standard
    26 pages
    English language
    sale 15% off
ISO
ISO/IEC 30137-1:2024(Main)
Information technology — Use of biometrics in video surveillance systems — Part 1: System design and specification

The ISO/IEC 30137 series is applicable to the use of biometrics in VSSs (also known as closed circuit television or CCTV systems) for a number of scenarios, including real-time operation against watchlists and in post-event analysis of video data. In most cases, the biometric mode of choice will be face recognition, but this document also provides guidance for other modalities, such as gait recognition. This document: — defines the key terms for use in the specification of biometric technologies in a VSS, including metrics for defining performance; — provides guidance on the selection of camera types, placement of cameras, image specification, etc., for the operation of a biometric recognition capability in conjunction with a VSS; — provides guidance on the composition of the gallery (or watchlist) against which facial images from the VSS are compared, including the selection of appropriate images of sufficient quality, and the size of the gallery in relation to performance requirements; — makes recommendations on data formats for facial images and other relevant information (including metadata) obtained from video footage, used in watchlist images, or from observations made by human operators; — establishes general principles for supporting the operator of the VSS, including user interfaces and processes to ensure efficient and effective operation, and highlights the need to have suitably trained personnel; — highlights the need for robust governance processes to provide assurance that the implemented security, privacy and personal data protection measures specific to the use of biometric technologies with a VSS (e.g. internationally recognizable signage) are fit for purpose, and that societal considerations are reflected in the deployed system. This document also provides information on related recognition and detection tasks in a VSS, such as: — estimation of crowd densities; — determination of patterns of movement of individuals; — identification of individuals appearing in more than one camera; — use of other biometric modalities such as gait or iris; — use of specialized software to infer attributes of individuals, e.g. estimation of gender and age; — interfaces to another related functionality, e.g. video analytics to measure queue lengths or to provide alerts for abandoned baggage.

  • Standard
    46 pages
    English language
    sale 15% off
ISO
ISO/IEC 30107-4:2024(Main)
Information technology — Biometric presentation attack detection — Part 4: Profile for testing of mobile devices

This document is a profile that specifies requirements for testing biometric presentation attack detection (PAD) mechanisms on mobile devices with local biometric recognition and on biometric modules integrated into mobile devices. The profile lists requirements from ISO/IEC 30107-3 that are specific to mobile devices. It also establishes requirements that are not present in ISO/IEC 30107-3. For each requirement, the profile defines an “Approach in PAD Tests for Mobile Devices”. For some requirements, numerical values or ranges are provided in the form of best practices. This profile is applicable to mobile devices that operate as closed systems with no access to internal results, including mobile devices with local biometric recognition as well as biometric modules for mobile devices. This document is not applicable to mobile devices with solely remote biometric recognition. The attacks considered in this document take place at the capture device during the presentation and collection of biometric characteristics. Any other attacks are outside the scope of this document.

  • Standard
    14 pages
    English language
    sale 15% off
ISO
ISO/IEC 30108-2:2023(Main)
Biometrics — Identity attributes verification services — Part 2: RESTful specification

The ISO/IEC 30108 series defines biometric services used for identity assurance that are invoked over a services-based framework. It provides a generic set of biometric and identity-related functions and associated data definitions to allow remote access to biometric services. Although focused on biometrics, the ISO/IEC 30108 series includes support for other related identity assurance mechanisms such as biographic and document capabilities. Identity attributes verification services (IAVSs) are intended to be compatible with and used in conjunction with other biometric standards as described in ISO/IEC 30108-1. This document implements the specification provided in ISO/IEC 30108-1 using representational state transfer (REST). Specification of biometric functionality is limited to remote (backend) services. Services between a client-side application and biometric capture devices are not within the scope of this document. Integration of biometric services as part of an authentication service or protocol is not within the scope of this document.

  • Standard
    126 pages
    English language
    sale 15% off