ISO/IEC PRF TR 30117

TECHNICAL ISO/IEC TR
REPORT 30117
Second edition
Information technology — Guidance
on standards and applications for the
integration of biometrics and ICC
PROOF/ÉPREUVE
Reference number
ISO/IEC TR 30117:2021(E)
ISO/IEC 2021
---------------------- Page: 1 ----------------------
ISO/IEC TR 30117:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2021

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Symbols and abbreviated terms ........................................................................................................................................................... 1

5 Relationships between biometrics and ICCs ........................................................................................................................... 3

5.1 Architectures for the joint use of biometrics and ICCs ......................................................................................... 3

5.2 Considerations to be addressed when designing the application .............................................................. 3

6 Data formats .............................................................................................................................................................................................................. 6

6.1 General ........................................................................................................................................................................................................... 6

6.2 Single modality plain biometric data formats .............................................................................................................. 6

6.3 Encapsulation of multiple modalities and/or security mechanisms ....................................................... 8

6.4 ICC-specific definitions on biometric data formats ................................................................................................. 9

7 Privacy and security .......................................................................................................................................................................................... 9

8 Outside-ICC application development .........................................................................................................................................11

8.1 General overview ...............................................................................................................................................................................11

8.2 Local applications ..............................................................................................................................................................................11

8.3 Client-server implementations ..............................................................................................................................................11

9 Use cases profiles ..............................................................................................................................................................................................12

10 Technology evaluation .................................................................................................................................................................................13

11 Implementing solutions merging the use of ICCs and biometrics..................................................................14

11.1 Spanish national ID card (DNIe) ...........................................................................................................................................14

11.1.1 Introduction ......................................................................................................................................................................14

11.1.2 Biometric services provided ...............................................................................................................................15

11.1.3 Biometric modalities and data formats .....................................................................................................15

11.1.4 Security mechanisms and operations .........................................................................................................16

11.1.5 Evaluations and results ...........................................................................................................................................16

11.2 ePassport...................................................................................................................................................................................................16

11.2.1 Introduction ......................................................................................................................................................................16

11.2.2 Biometric services provided ...............................................................................................................................17

11.2.3 Biometric modality and data formats .........................................................................................................18

11.2.4 Security mechanisms and operations .........................................................................................................18

Bibliography .............................................................................................................................................................................................................................20

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are

members of ISO or IEC participate in the development of International Standards through technical

committees established by the respective organization to deal with particular fields of technical

activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international

organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for

the different types of document should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent

rights. Details of any patent rights identified during the development of the document will be in the

Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

For an explanation on the meaning of ISO specific terms and expressions related to conformity

assessment, as well as information about ISO's adherence to the WTO principles in the Technical

This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,

This second edition cancels and replaces the first edition (ISO/IEC TR 30117:2014) which has been

— Addition and update of references to the related projects in all relevant standardization bodies.

— Addition to the Scope, to include not only on-card biometric comparison, but all other interactions

— Addition of the example of the ePassport, which is a widely-deployed application using off-card

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html and www .iec .ch/ national

There are a large number of applications where the need for implementing jointly integrated circuit

cards (ICC) and biometrics can arise. In those cases, system designers and integrators need to be aware

of the range of international standards and technical reports that are applicable. All of these potential

reference documents have been developed by different standardization bodies and committees. ISO/

IEC JTC1 (Joint Technical Committee) subcommittees develop standards in the following areas:

ISO/IEC JTC 1 SC 17 (Information technology — Cards and security devices for personal identification)

ISO/IEC JTC 1 SC 27 (Information technology — Information security, cybersecurity and privacy protection)

In this context, the system designer and developer have a large number of documents at their disposal,

but with little information about which of them is really applicable. There are no general rules, as

This document provides guidelines to those developers by enumerating and referring to those published

standards and reports and relating them to the kind of application to be developed. When referring to

different applications, these will be classified attending to the verification needs of the application, not

Interactions among standards cover different implementation levels, from data formats to be used to

the application profiles, including application programming interfaces (APIs) and security mechanisms.

This document places special emphasis on providing recommendations and policies needed by

— Clause 5 provides a first overview to the different decisions that have to be taken when developing

— Clauses 6 to 10 provide an overview to the different International Standards and Technical Reports

— Clause 11 provides examples of implementations that can be used by application designers and

All ISO/IEC documents mentioned in this document are listed in the Bibliography at the end of this

NOTE Future editions of this document will add more information about Biometric System-on-Card

This document summarizes how some of the main international standards and recommendations

approach personal identification and its related information security, with regard to the integration of

biometrics and ICCs. It also provides guidance for developers on how to integrate biometrics and ICCs

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

For the purpose of this document, the terms and definitions given in ISO/IEC 2382-37 and the following

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

NOTE ISO/IEC 2382-37 is freely available at https:// standards .iso .org/ ittf/ Publicl yAvailable Standards/

Note 1 to entry: In the ISO/IEC 7816 series, the term "template" has a completely different meaning, being in that

case the “value field of a constructed data object”, regardless to whether the data object relates to biometrics or

CBEFF Common Biometric Exchange Format Framework (defined in the ISO/IEC 19785 series)

ISO/IEC 24787 provides a comprehensive introduction to the different ways that biometrics and ICCs can

be integrated into a final application. This is summarized as follows as to provide a brief introduction

to the reader of this document. When integrating biometrics into ICCs, four different approaches can be

— Off-card biometric comparison (see ISO/IEC 24787): The ICC stores the biometric reference but is

not directly involved in comparison processing. The IFD application reads the biometric reference

from the ICC, as needed, with biometric verification occurring external to the ICC.

— On-card biometric comparison (see ISO/IEC 24787): The ICC both stores the biometric reference,

and performs biometric comparison against biometric problems supplied by the IFD. Security

— Use of cryptography or other controls to prevent unauthorised access to the biometric reference

— Limiting the number of consecutive unsuccessful comparisons and blocking further comparison

— Work-sharing on-card biometric comparison (see ISO/IEC 24787): An implementation in which

comparison processing, and potentially sample pre-processing, is shared between ICC and external

— Biometric system-on-card (see ISO/IEC 24787 and ISO/IEC 17839 all parts): The ICC contains

a complete reference storage, biometric sample capture and biometric comparison subsystem.

Such implementations are limited to modalities using small sensors and constrained processing

With these four architectures in mind, the designer and/or developer has to take several decisions to

define the whole system and the relationship between biometrics and ICCs. The following considerations

have to be taken into account. They are outlined in the following paragraphs and discussed further in

a) Is the system going to be implementing a verification scheme (i.e. the user claims his/her identity

and the comparison is only made between the sample provided and the biometric reference of the

claimed user), or an identification scheme (i.e. the biometric sample is to be compared to the whole

1) If an identification scheme is used, then there is no need for a further relationship between

b) Is the system considering the use of a centralized database, or is it going to be implemented in a

1) If a centralized database is going to be used and such database is going to be contacted at

every single verification attempt, then the need for a further relationship between biometric

information and ICC is not needed. Therefore, this document is not applicable. The ICC will act

1) With an initial requirement, a set of further decisions can already be taken, such as the

possibility of using on-card biometric comparison, work-sharing on-card comparison or

2) If there is no initial requirement, the decision on the modality can be taken as any other

3) Once the modality is chosen, then the interoperable data formats have to be checked (see

4) Once the modality is chosen, it can also be important to address whether the ICC is expected to

also support other biometric verification types on ICC (e.g. off-card comparison) for the same

NOTE NIST SP 800-76-2 (see 5.4 Finger selection for details) specification for PIV card (further

also referenced within Clause 9 of this document) describes ICC platform with optional fingerprint on-

card comparison and mandatory storage of the off-card comparison dedicated fingerprint templates.

It also addresses the subject stated above, that using the same reference finger positions for both

enrolled for off-card comparison and enrolled for on-card comparison biometric data can lead to

security vulnerabilities, if off-card templates would be read-out by an inappropriate party. Therefore,

it recommends using different positions for off-card and on-card comparison reference templates.

However, it also does not prohibit using the same positions because of usability (the same two positions

have to be presented by the cardholder despite the off-card or on-card verification method utilized).

5) In practice, multiple modalities can be used to address a higher level of security, flexibility

and also interoperability, i.e. face + fingerprints, where the latter enables interoperability at

compact format feature (minutiae) set level if face proprietary feature set encoding is used.

6) Although theoretically possible, the use of multiple biometrics in on-card biometric comparison

or in BSoC can raise usability issues. Not only can an excessive interaction be requested, but

also delays in decision taking can appear due to the increase in computational needs.

7) In either case, data quality control has to be considered for both the biometric reference and

1) If there is the requirement of using an ICC with insufficient processing capability, then

alternatives such as off-card comparison or work-sharing on-card comparison can be

2) If there is the requirement of using an ICC with limited storage capacity, then the number of

references to be stored on the ICC, or the modalities to be used can be limited and/or the use

of compact data formats can become a major requirement (see Clause 6). Attention is drawn to

the face that the limitations imposed by compact data formats also have to be considered (e.g.

ISO/IEC 19794-2 compact card format maximum value for the minutiae x and y coordinate is

1) If there is no need, then the designer can decide to create his/her own solution without

following any standard. Therefore, this document cannot be applicable. This option is not

recommended as the need for interoperability can arise at any time during the project, or when

2) If interoperability is required for exchanging data, then refer to Clause 6. As it will be seen, it

can happen that for reaching global interoperability in a specific modality, being independent

on the algorithm to be used, the use of captured sample data in standardized format can

become the only viable solution (e.g. the face image coded as ISO/IEC 19794-5, instead of a

3) If interoperability is required to have multiple technological providers, then not only

data interoperability is requested, but also interoperability at API level and from security

4) The use of more complex products, such as on-card biometric comparison ones or biometric

system-on-card, contributes to reaching interoperability, as there is only the need to focus on

data interoperability (and can be security mechanisms), avoiding all technological differences

5) In the use of biometrics, the quality of the data used plays a major role in the performance

and usability of the system. Data quality has to be analysed, so as to allow the system to reject

the input if a minimum quality threshold is not achieved. This is not only important for the

biometric probe, but even more important for the biometric reference. If the reference presents

low quality, then the performance of the rest of the verifications is compromised. Therefore,

the system designer has to be aware if there are some quality specifications for the application,

or if not, to define those for both enrolment and verification. Data quality thresholds can be

more restrictive for enrolment than for verification, to ensure a proper operation in the daily

use of the system. There are standards devoted to the definition of quality metrics for several

biometric modalities, such as the ISO/IEC 29794 series. Additionally, for the case of on-card

biometric comparison, there are also definitions in ISO/IEC 24787:2018 regarding Minimal

Verification Quality DOs inside Biometric Comparison Parameters DO, as well as considerations

on the minimal reference / verification data quality to be addressed for the on-card comparison

6) When ICCs are in use, it is important to use interindustry APDU command exchange, as to allow

a good level of interoperability. The ISO/IEC 7816 series (in particular Part 4) describes those

interindustry APDUs. Also, for some applications, there is even a workflow recommended

which has to be followed, such as the one described in ISO/IEC 24787 for on-card biometric

comparison. For example, when designing an application using on-card biometric comparison,

the interindustry APDU commands described in ISO/IEC 7816-4, ISO/IEC 7816-11, and

ISO/IEC 24787, are to be used for reaching interoperable on-card comparison implementations.

f) In many parts of the world, biometric data are considered personal data, and therefore are to be

protected as to ensure citizen's privacy. Depending on the environment where the application is

going to be deployed, the use of security mechanisms becomes a major requirement. See Clause 7

g) The most typical scenario for designing and developing a new project involving ICCs and biometrics

is integrating technological modules from several providers. Furthermore, many project designers

require more than one provider for each technological module to be integrated. In this kind of

scenario, standardized APIs are to be used to ease integration. Clause 8 provides further details.

h) For certain applications there is the need of following already defined specifications. Clause 9

i) Either to select the technological modules to be integrated, or to provide final results to the end

user about the behaviour of the whole project, an evaluation methodology is required. Clause 10

describes the evaluation-related standards related to ICC, biometrics and security.

In addition to the above information, Clause 11 provides examples that could serve as guidance for

As long as data for exchanging are encapsulated in an ICC according to the ISO/IEC 7816 series, either

the biometric information template DO’7F60’ or the biometric information group template DO’7F61’

As biometric data can contain information on one or more modalities, several options have to be

considered. The following sub-clauses detail those options, from the mono-modality version, to the

ISO/IEC JTC1 SC37 is in charge of developing standards that provide interoperable ways to code

biometric data, depending on the modality. Since its funding, three generations of the biometric data

formats have been generated. The two first generations have been published within the ISO/IEC 19794

It is important to note that the differences introduced in each generation, has made them not fully

compatible. The first generation was published in 2005-2007, while the second one was published

from 2011 and beyond. The typical process for ISO/IEC international standards is that, when a new

edition is published (i.e. a new generation), the previous one is considered deprecated. But for certain

parts of ISO/IEC 19794, the first edition (i.e. first generation) has been retained as published, as it is

currently used by some world-wide applications, such as the ePassport. In order to try to avoid further

deprecations, the third generation has been published under a new standard number, i.e. ISO/IEC 39794

The structure of both the ISO/IEC 19794 series and the ISO/IEC 39794 series is the following: