ISO/IEC 17839-3:2016

INTERNATIONAL ISO/IEC
STANDARD 17839-3
First edition
2016-11-01
Information technology —
Identification cards — Biometric
System-on-Card —
Part 3:
Logical information interchange
mechanism
Technologies de l’information — Cartes d’identification — Système
biométrique sur carte —
Partie 3: Mécanisme d’échange de l’information logique
Reference number
ISO/IEC 17839-3:2016(E)
©
ISO/IEC 2016

---------------------- Page: 1 ----------------------
ISO/IEC 17839-3:2016(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 17839-3:2016(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 2
5 Conformance . 2
6 Logical data structures . 3
6.1 BSoC capability . 3
6.2 Biometric reference qualifier . 3
6.3 Configuration data . 3
6.4 Enrolment procedures . 3
6.4.1 Internal enrolment . 3
6.4.2 External enrolment . 4
6.5 Biometric comparison process . 4
6.5.1 IFD initiated verification . 4
6.5.2 Self-initiated verification . 4
7 Discovery of services . 4
8 Operational sequence . 5
9 Feedback mechanisms during biometric acquisition process. 5
9.1 Feedback message data objects . 5
9.2 Time management in a BSoC . 6
9.3 Feedback messages . 8
9.3.1 Successful completion of the command. 8
9.3.2 Status feedback messages . 9
9.3.3 Cancellation of the command by the ICC . 9
Annex A (informative) Sample APDU for Biometric System-on-Card comparison .10
Annex B (informative) Comparison of commands used among the different kinds of
biometric-related implementations .11
Annex C (informative) Examples of self-initiated BSoC activation .12
Annex D (informative) Examples of command feedback message retrieving .13
Annex E (informative) State transitions for BSoC time management .14
Bibliography .15
© ISO/IEC 2016 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 17839-3:2016(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical
Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee
SC 17, Cards and personal identification.
A list of all parts in the ISO 17839 series can be found on the ISO website.
iv © ISO/IEC 2016 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 17839-3:2016(E)

Introduction
A Biometric System-on-Card (BSoC) is a portable card size device including the following entities:
biometric acquisition, image/signal processing, storage, comparison and decision. The use of a BSoC
with such specifications is subject to an information flow and security mechanisms, which are detailed
in this document.
ISO/IEC 17839-1 describes two types of BSoC. Type S1 is a fully flexible card compliant with
ISO/IEC 7810. Type S2 deviates from some of the requirements of size and flexibility, while keeping the
rest of the requirements intact, including the use of a contactless ICC interface. The logical interface and
security mechanisms are independent on whether the BSoC is of type S1 or type S2, so the specifications
stated in this document are applicable to both types of BSoC.
© ISO/IEC 2016 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO/IEC 17839-3:2016(E)
Information technology — Identification cards —
Biometric System-on-Card —
Part 3:
Logical information interchange mechanism
1 Scope
This document specifies
— logical data structures for a BSoC,
— enrolment procedures, and
— usage of commands and data structures defined in other ISO standards for BSoC.
This document does not define requirements for
— commands and data structures that apply to devices external to a BSoC, and
— commands and data structures that apply to logical interfaces inside a BSoC.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 7816-3, Identification cards — Integrated circuit cards — Part 3: Cards with contacts — Electrical
interface and transmission protocols
ISO/IEC 7816-4, Identification cards — Integrated circuit cards — Part 4: Organization, security and
commands for interchange
ISO/IEC 7816-11, Identification cards — Integrated circuit cards — Part 11: Personal verification through
biometric methods
ISO/IEC 14443-4, Identification cards — Contactless integrated circuit cards — Proximity cards — Part 4:
Transmission protocol
ISO/IEC 18328-3, Information technology — ICC-managed devices — Part 3: Organization, security and
commands for interchange
ISO/IEC 24787, Information technology — Identification cards — On-card biometric comparison
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 2382-37 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
© ISO/IEC 2016 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/IEC 17839-3:2016(E)

— ISO Online browsing platform: available at http://www.iso.org/obp
3.1
biometric system-on-card
BSoC
card size device including biometric acquisition, data processing, storage, comparison and decision to
compose a complete biometric verification system
3.2
feedback mechanism
mechanism of informing devices outside of a BSoC (3.1) of detailed error, warning or progress message
complementing the status bytes by using card-originated byte strings defined in ISO/IEC 7816-4
3.3
on-card biometric comparison
performing comparison and decision making on an ICC where the biometric reference data is retained
on-card in order to enhance security and privacy
4 Symbols and abbreviated terms
APDU application protocol data unit
AT control reference template for authentication
ATR answer-to-reset
BER basic encoding rules
BSoC biometric system-on-card
CRT control reference template
DO BER-TLV data object
ICC integrated circuit card
IFD interface device
PBO perform biometric operation
SW1-SW2 status bytes
SW1 first status byte
SW2 second status byte
TLV tag, length, value
5 Conformance
A Biometric System-on-Card claiming conformance with this document shall conform to all mandatory
requirements specified herein as applicable.
2 © ISO/IEC 2016 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC 17839-3:2016(E)

6 Logical data structures
6.1 BSoC capability
A biometric information template DO‘7F60’ may include data objects regarding BSoC capabilities
specified in ISO/IEC 24787.
6.2 Biometric reference qualifier
An application in a BSoC may know which biometric reference data is used in the following ways:
— implicitly;
— commands for a biometric comparison, for example, reference data qualifier in P2 of verify or pbo
command;
— AT (control reference template valid for authentication) in a security environment (see
ISO/IEC 7816-4);
— AT in FCI (file control information) for DF (dedicated file) (see ISO/IEC 7816-4).
6.3 Configuration data
A BSoC may use configuration data for BSoC comparison and decision (see Annex A). Each application
may provide its own configuration data for a biometric reference template, as defined in ISO/IEC 24787.
See ISO/IEC 7816-4 and ISO/IEC 7816-11 for generic handling of CRTs and biometric information
template.
Regardless of individual configuration data, a BSoC shall implement a retry counter as defined in
ISO/IEC 24787.
6.4 Enrolment procedures
6.4.1 Internal enrolment
Internal enrolment uses an on-card sensor for capturing biometric data (image or signal). Internal
enrolment processes the capturing biometric data and extracts its features. Internal enrolment shall
be executed by using the pbo capture and store biometric reference or pbo capture and update
biometric reference command.
The enrolment may use a single or multiple presentation of the biometric characteristic by the
cardholder. The policy for single or multiple presentation is defined internally by the algorithm and
application in the BSoC and not by command parameters.
The enrolment in a BSoC shall implement a feedback mechanism as specified in Clause 9, which includes
status bytes (SW1-SW2) for the cases specified in Table 1.
© ISO/IEC 2016 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/IEC 17839-3:2016(E)

Table 1 — Status bytes related to the operation of the BSoC
SW1-SW2 Meaning
Normal
‘90 00’ Enrolment successful
processing
‘62 XY’ State of non-volatile memory is unchanged
Warning
XY = ‘02’ to ‘80’ Reason for warning provided in data object (see Clause 9)
processing
‘63 XY’ State of non-volatile memory may have changed
‘64 XY’ State of non-volatile memory is unchanged
XY = ‘02’ to ‘80’ Enrolment failed, reason for error provided in the data object (see Clause 9)
Execution
error
‘64 83’ Maximum time for acquisition has expired (timeout)
‘64 84’ Enrolment failed, non-matching sample
6.4.2 External enrolment
The application policy may decide to import reference data generated with an off-card sensor and
applying different algorithm and parameters. This is called “external enrolment” in the context of BSoC.
External enrolment shall comply with the security policies defined in ISO/IEC 24787 for on-card
biometric comparison.
NOTE External enrolment in a BSoC is equivalent to the enrolment in on-card biometric comparison.
6.5 Biometric comparison process
6.5.1 IFD initiated verification
The biometric comparison of a BSoC initiated by the IFD shall start with a verify or pbo command
specified in ISO/IEC 7816-4 and ISO/IEC 7816-11.
6.5.2 Self-initiated verification
The biometric comparison may be initiated by an on-card device with triggering capability (e.g. a
mechanical switch) or by automatic detection of the presented biometric characteristic. Self-initiated
verification assumes that the BSoC has power available.
Self-initiated verification performs a biometric comparison process on a stand-alone BSoC. The result
of this comparison may be stored for usage in further processing in an IFD-controlled communication,
i.e. by an application on the BSoC. The validity time of the comparison results needs to be configurable.
For this mechanism, a BSoC has an on-card input device, e.g. a button on a BSoC for triggering
this mechanism. Although a power supply to a BSoC is needed for executing this mechanism, its
specification is outside of the scope of this document. For executing a biometric comparison process, a
pre-defined internal process flow is assumed. Mechanisms and definitions are outside of the scope of
this document. Power control and duration management on keeping the result of biometric comparison
shall be installed. These mechanisms ensure expiration of the result of biometric comparison using
autonomous activation mechanism when low power or end of duration is detected. This duration shall
be set at most for 1 min.
Example procedures for self-initiated activation of a BSoC are provided in Annex C.
7 Discovery of services
A BSoC may reveal its capability regarding biometric information process. A general feature
management template DO‘7F74’ in EF.ATR/INFO and/or in the FCI of any application DF may indicate
existing on-card services, e.g. on-card sensor. DO‘81’ under DO‘7F74’ indicates these on-card features
4 © ISO/IEC 2016 – All rights reserved

---------------------- Page:
...