Information technology — Standards and applications for the integration of biometrics and integrated circuit cards (ICCs)

This document summarizes how some of the main international standards and recommendations approach personal identification and its related information security, with regard to the integration of biometrics and integrated circuit cards (ICCs). It also provides examples of how biometrics and ICCs are integrated in applications.

Technologies de l'information — Normes et applications pour l’intégration des données biométriques et cartes à circuits intégrés

General Information

Status
Published
Publication Date
26-Aug-2021
Current Stage
6060 - International Standard published
Start Date
27-Aug-2021
Due Date
28-Sep-2021
Completion Date
27-Aug-2021
Ref Project

Relations

Buy Standard

Technical report
ISO/IEC TR 30117:2021 - Information technology -- Standards and applications for the integration of biometrics and integrated circuit cards (ICCs)
English language
22 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/IEC PRF TR 30117:Version 19-jun-2021 - Information technology -- Guidance on standards and applications for the integration of biometrics and ICC
English language
22 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

TECHNICAL ISO/IEC TR
REPORT 30117
Second edition
2021-08
Information technology — Standards
and applications for the integration
of biometrics and integrated circuit
cards (ICCs)
Technologies de l'information — Normes et applications pour
l’intégration des données biométriques et cartes à circuits intégrés
Reference number
ISO/IEC TR 30117:2021(E)
©
ISO/IEC 2021

---------------------- Page: 1 ----------------------
ISO/IEC TR 30117:2021(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2021 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TR 30117:2021(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 1
5 Relationships between biometrics and ICCs . 3
5.1 Architectures for the joint use of biometrics and ICCs . 3
5.2 Considerations to be addressed when designing the application . 3
6 Data formats . 6
6.1 General . 6
6.2 Single modality plain biometric data formats . 6
6.3 Encapsulation of multiple modalities and/or security mechanisms . 8
6.4 ICC-specific definitions on biometric data formats . 9
7 Privacy and security . 9
8 Outside-ICC application development .11
8.1 General overview .11
8.2 Local applications .11
8.3 Client-server implementations .11
9 Use cases profiles .12
10 Technology evaluation .13
11 Implementing solutions merging the use of ICCs and biometrics.14
11.1 Spanish national ID card (DNIe) .14
11.1.1 General.14
11.1.2 Biometric services provided .15
11.1.3 Biometric modalities and data formats .15
11.1.4 Security mechanisms and operations .16
11.1.5 Evaluations and results .16
11.2 ePassport.16
11.2.1 General.16
11.2.2 Biometric services provided .17
11.2.3 Biometric modality and data formats .18
11.2.4 Security mechanisms and operations .18
Bibliography .20
© ISO/IEC 2021 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC TR 30117:2021(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO's adherence to the WTO principles in the Technical
Barriers to Trade (TBT) see www .iso .org/ iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 17, Cards and security devices for personal identification.
This second edition cancels and replaces the first edition (ISO/IEC TR 30117:2014) which has been
technically revised.
The main changes compared to the previous edition are as follows:
— Addition and update of references to the related projects in all relevant standardization bodies.
— Addition to the Scope, to include not only on-card biometric comparison, but all other interactions
of biometrics and integrated circuit cards (ICCs).
— Addition of the example of the ePassport, which is a widely-deployed application using off-card
biometric comparison.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html and www .iec .ch/ national
-committees.
iv © ISO/IEC 2021 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC TR 30117:2021(E)

Introduction
There are a large number of applications where the need for implementing jointly integrated circuit
cards (ICC) and biometrics can arise. In those cases, system designers and integrators need to be aware
of the range of international standards and technical reports that are applicable. All of these potential
reference documents have been developed by different standardization bodies and committees. ISO/
IEC JTC1 (Joint Technical Committee) subcommittees develop standards in the following areas:
ICCs:
ISO/IEC JTC 1 SC 17 (Information technology — Cards and security devices for personal identification)
Security aspects:
ISO/IEC JTC 1 SC 27 (Information technology — Information security, cybersecurity and privacy protection)
Biometrics:
ISO/IEC JTC 1 SC 37 (Information technology — Biometrics)
Other regional or sectoral standardization bodies are also applicable.
In this context, the system designer and developer have a large number of documents at their disposal,
but with little information about which of them is really applicable. There are no general rules, as
depending on the application, different alternatives are available.
This document provides information on the published documents and relates them to the kind of
application to be developed. When referring to different applications, these will be classified attending
to the verification needs of the application, not to the final sector where the application is to be deployed.
This document provides information on the published documents and relates them to the kind of
application to be developed.
Interactions among standards cover different implementation levels, from data formats to be used to
the application profiles, including application programming interfaces (APIs) and security mechanisms.
This document places special emphasis on providing recommendations and policies needed by
developers to integrate the use of both biometrics and ICCs in applications.
The structure of this document is as follows:
— Clause 5 provides a first overview to the different decisions that have to be taken when developing
an application that can involve the use of ICCs and biometrics.
— Clauses 6 to 10 provide an overview to the different International Standards and Technical Reports
that can be applicable to the application to be developed.
— Clause 11 provides examples of implementations that can be used by application designers and
developers as guidelines.
All ISO/IEC documents mentioned in this document are listed in the Bibliography at the end of this
document.
NOTE Future editions of this document will add more information about Biometric System-on-Card
technology and the use of the PBO command.
© ISO/IEC 2021 – All rights reserved v

---------------------- Page: 5 ----------------------
TECHNICAL REPORT ISO/IEC TR 30117:2021(E)
Information technology — Standards and applications for
the integration of biometrics and integrated circuit cards
(ICCs)
1 Scope
This document summarizes how some of the main international standards and recommendations
approach personal identification and its related information security, with regard to the integration of
biometrics and integrated circuit cards (ICCs). It also provides examples of how biometrics and ICCs are
integrated in applications.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 2382-37, Information technology — Vocabulary — Part 37: Biometrics
3 Terms and definitions
For the purpose of this document, the terms and definitions given in ISO/IEC 2382-37 and the following
apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
NOTE ISO/IEC 2382-37 is freely available at https:// standards .iso .org/ ittf/ Publicl yAvailable Standards/
index .html
3.1
biometric template
set of stored biometric features comparable directly to probe biometric features
Note 1 to entry: In the ISO/IEC 7816 series, the term "template" has a completely different meaning, being in that
case the “value field of a constructed data object”, regardless to whether the data object relates to biometrics or
not.
4 Symbols and abbreviated terms
APDU Application Protocol Data Unit
API Application Programming Interface
ASN.1 Abstract Syntax Notation One
BAC Basic Access Control
BDB Biometric Data Block (as defined in the ISO/IEC 19785 series)
© ISO/IEC 2021 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/IEC TR 30117:2021(E)

BDIR Biometric Data Information Record
BFP Biometric Function Provider
BIAS Biometric Identity Assurance Services
BioAPI Biometric Application Programming Interface
BIR Biometric Information Record
BSoC Biometric System-on-Card
BSP Biometric Service Provider
CA Certification Authority
CBEFF Common Biometric Exchange Format Framework (defined in the ISO/IEC 19785 series)
CEN European Committee for Standardization
CENELEC European Committee for Electrotechnical Standardization
COS Card Operating System
DNI Documento Nacional de Identidad (Spanish National ID Card)
DO Data Object
EAC Extended Access Control
ICAO International Civil Aviation Organization
ICC Integrated Circuit Card
IFD Interface Device
LDS Logic Data Structure
MRTD Machine Readable Travel Document
NIST National Institute of Standards and Technology
PAD Presentation Attack Detection
PBO Perform Biometric Operation (command defined in ISO/IEC 7816-11)
PIV Personal Identity Verification (US Federal government-wide credential)
PKI Public Key Infrastructure
PP Protection Profile
REST Representational State Transfer
SOA Service Oriented Architecture
SOAP Simple Object Access Protocol
ST Security Target
TLV Tag Length Value (data coding format)
2 © ISO/IEC 2021 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC TR 30117:2021(E)

TR Technical Report
TS Technical Specification
WG Working Group
XML Extensible Markup Language
XSD XML Schema Definition
5 Relationships between biometrics and ICCs
5.1 Architectures for the joint use of biometrics and ICCs
ISO/IEC 24787 provides a comprehensive introduction to the different ways that biometrics and ICCs can
be integrated into a final application. This is summarized as follows as to provide a brief introduction
to the reader of this document. When integrating biometrics into ICCs, four different approaches can be
followed:
— Off-card biometric comparison (see ISO/IEC 24787): The ICC stores the biometric reference but is
not directly involved in comparison processing. The IFD application reads the biometric reference
from the ICC, as needed, with biometric verification occurring external to the ICC.
— On-card biometric comparison (see ISO/IEC 24787): The ICC both stores the biometric reference,
and performs biometric comparison against biometric problems supplied by the IFD. Security
controls employed by the ICC for this process include:
— Use of cryptography or other controls to prevent unauthorised access to the biometric reference
and associated processes; and
— Limiting the number of consecutive unsuccessful comparisons and blocking further comparison
attempts once a specified threshold has been reached.
— Work-sharing on-card biometric comparison (see ISO/IEC 24787): An implementation in which
comparison processing, and potentially sample pre-processing, is shared between ICC and external
system components.
— Biometric system-on-card (see ISO/IEC 24787 and the ISO/IEC 17839 series) The ICC contains a
complete reference storage, biometric sample capture and biometric comparison subsystem.
Such implementations are limited to modalities using small sensors and constrained processing
capabilities.
5.2 Considerations to be addressed when designing the application
With these four architectures in mind, the designer and/or developer takes several decisions in order to
define the whole system and the relationship between biometrics and ICCs. The following considerations
have to be taken into account. They are outlined in the following paragraphs and discussed further in
subsequent clauses in this document.
a) Is the system going to be implementing a verification scheme (i.e. the user claims his/her identity
and the comparison is only made between the sample provided and the biometric reference of the
© ISO/IEC 2021 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/IEC TR 30117:2021(E)

claimed user), or an identification scheme (i.e. the biometric sample is to be compared to the whole
database of users enrolled)?
1) If an identification scheme is used, then there is no need for a further relationship between
biometrics and ICCs, and in such case this document is not applicable.
b) Is the system considering the use of a centralized database, or is it going to be implemented in a
distributed way?
1) If a centralized database is going to be used and such database is going to be contacted at
every single verification attempt, then the need for a further relationship between biometric
information and ICC is not needed. Therefore, this document is not applicable. The ICC will act
only as a means to claim the user identity.
c) Is there an initial requirement of the biometric modality to be used?
1) With an initial requirement, a set of further decisions can already be taken, such as the
possibility of using on-card biometric comparison, work-sharing on-card comparison or
biometric system-on-card.
2) If there is no initial requirement, the decision on the modality can be taken as any other
requirements are satisfied.
3) Once the modality is chosen, then the interoperable data formats have to be checked (see
Clause 6).
4) Once the modality is chosen, it can also be important to address whether the ICC is expected to
also support other biometric verification types on ICC (e.g. off-card comparison) for the same
modality.
NOTE NIST SP 800-76-2 (see 5.4 Finger selection for details) specification for PIV card (further
also referenced within Clause 9 of this document) describes ICC platform with optional fingerprint on-
card comparison and mandatory storage of the off-card comparison dedicated fingerprint templates.
It also addresses the subject stated above, that using the same reference finger positions for both
enrolled for off-card comparison and enrolled for on-card comparison biometric data can lead to
security vulnerabilities, if off-card templates would be read-out by an inappropriate party. Therefore,
it recommends using different positions for off-card and on-card comparison reference templates.
However, it also does not prohibit using the same positions because of usability (the same two positions
have to be presented by the cardholder despite the off-card or on-card verification method utilized).
5) In practice, multiple modalities can be used to address a higher level of security, flexibility
and also interoperability, i.e. face + fingerprints, where the latter enables interoperability at
compact format feature (minutiae) set level if face proprietary feature set encoding is used.
6) Although theoretically possible, the use of multiple biometrics in on-card biometric comparison
or in BSoC can raise usability issues. Not only can an excessive interaction be requested, but
also delays in decision taking can appear due to the increase in computational needs.
7) In either case, data quality control has to be considered for both the biometric reference and
the biometric probe, prior to applying any biometric operation.
d) What are the initial requirements of ICC’s resources?
1) If there is the requirement of using an ICC with insufficient processing capability, then
alternatives such as off-card comparison or work-sharing on-card comparison can be
compromised.
2) If there is the requirement of using an ICC with limited storage capacity, then the number of
references to be stored on the ICC, or the modalities to be used can be limited and/or the use
of compact data formats can become a major requirement (see Clause 6). Attention is drawn to
the face that the limitations imposed by compact data formats also have to be considered (e.g.
4 © ISO/IEC 2021 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC TR 30117:2021(E)

ISO/IEC 19794-2 compact card format maximum value for the minutiae x and y coordinate is
25,5 mm).
e) Steps to be followed to reach interoperability:
1) If there is no need, then the designer can decide to create his/her own solution without
following any standard. Therefore, this document cannot be applicable. This option is not
recommended as the need for interoperability can arise at any time during the project, or when
applying the development done for the current project to future ones.
2) If interoperability is required for exchanging data, then refer to Clause 6. As it will be seen, it
can happen that for reaching global interoperability in a specific modality, being independent
on the algorithm to be used, the use of captured sample data in standardized format can
become the only viable solution (e.g. the face image coded as ISO/IEC 19794-5, instead of a
proprietary feature-based information).
3) If interoperability is required to have multiple technological providers, then not only
data interoperability is requested, but also interoperability at API level and from security
mechanisms. See Clauses 7 and 8.
4) The use of more complex products, such as on-card biometric comparison ones or biometric
system-on-card, contributes to reaching interoperability, as there is only the need to focus on
data interoperability (and can be security mechanisms), avoiding all technological differences
coming from technological solutions at algorithm level.
5) In the use of biometrics, the quality of the data used plays a major role in the performance
and usability of the system. Data quality has to be analysed, so as to allow the system to reject
the input if a minimum quality threshold is not achieved. This is not only important for the
biometric probe, but even more important for the biometric reference. If the reference presents
low quality, then the performance of the rest of the verifications is compromised. Therefore,
the system designer has to be aware if there are some quality specifications for the application,
or if not, to define those for both enrolment and verification. Data quality thresholds can
be more restrictive for enrolment than for verification, to ensure a proper operation in the
daily use of the system. There are standards devoted to the definition of quality metrics for
several biometric modalities, such as the ISO/IEC 29794 series. Additionally, for the case of
on-card biometric comparison, there are also definitions in ISO/IEC 24787 regarding Minimal
Verification Quality DOs inside Biometric Comparison Parameters DO, as well as considerations
on the minimal reference / verification data quality to be addressed for the on-card comparison
engine on the ICC for enrolment or verification respectively.
6) When ICCs are in use, it is important to use interindustry APDU command exchange, as to allow
a good level of interoperability. The ISO/IEC 7816 series (in particular Part 4) describes those
interindustry APDUs. Also, for some applications, there is even a workflow recommended
which has to be followed, such as the one described in ISO/IEC 24787 for on-card biometric
comparison. For example, when designing an application using on-card biometric comparison,
the interindustry APDU commands described in ISO/IEC 7816-4, ISO/IEC 7816-11, and
ISO/IEC 24787, are to be used for reaching interoperable on-card comparison implementations.
f) In many parts of the world, biometric data are considered personal data, and therefore are to be
protected as to ensure citizen's privacy. Depending on the environment where the application is
going to be deployed, the use of security mechanisms becomes a major requirement. See Clause 7
for the works already done in this area.
g) The most typical scenario for designing and developing a new project involving ICCs and biometrics
is integrating technological modules from several providers. Furthermore, many project designers
require more than one provider for each technological module to be integrated. In this kind of
scenario, standardized APIs are to be used to ease integration. Clause 8 provides further details.
h) For certain applications there is the need of following already defined specifications. Clause 9
describes the current available specifications.
© ISO/IEC 2021 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO/IEC TR 30117:2021(E)

i) Either to select the technological modules to be integrated, or to provide final results to the end
user about the behaviour of the whole project, an evaluation methodology is required. Clause 10
describes the evaluation-related standards related to ICC, biometrics and security.
In addition to the above information, Clause 11 provides examples that could serve as guidance for
implementing ICC-based biometric solutions, based, or not, on ISO/IEC 24787.
6 Data formats
6.1 General
As long as data for exchanging are encapsulated in an ICC according to the ISO/IEC 7816 series, either
the biometric information template DO’7F60’ or the biometric information group template DO’7F61’
defined in ISO/IEC 7816-11 are considered.
As biometric data can contain information on one or more modalities, several options have to be
considered. The following sub-clauses detail those options, from the mono-modality version, to the
specific definitions already written for ICC-based applications.
6.2 Single modality plain biometric data formats
ISO/IEC JTC1 SC37 is in charge of developing standards that provide interoperable ways to code
biometric data, depending on the modality. Since its funding, three generations of the biometric data
formats have been generated. The two first generations have been published within the ISO/IEC 19794
series, while the third one is being published in the ISO/IEC 39794 series.
It is important to note that the differences introduced in each generation, has made them not fully
compatible. The first generation was published in 2005-2007, while the second one was published
from 2011 and beyond. The typical process for ISO/IEC international standards is that, when a new
edition is published (i.e. a new generation), the previous one is considered deprecated. But for certain
parts of ISO/IEC 19794, the first edition (i.e. first generation) has been retained as published, as it is
currently used by some world-wide applications, such as the ePassport. In order to try to avoid further
deprecations, the third generation has been published under a new standard number, i.e. ISO/IEC 39794
series.
The structure of both the ISO/IEC 19794 series and the ISO/IEC 39794 series is the following:
— Part 1 provid
...

TECHNICAL ISO/IEC TR
REPORT 30117
Second edition
Information technology — Guidance
on standards and applications for the
integration of biometrics and ICC
PROOF/ÉPREUVE
Reference number
ISO/IEC TR 30117:2021(E)
©
ISO/IEC 2021

---------------------- Page: 1 ----------------------
ISO/IEC TR 30117:2021(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TR 30117:2021(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 1
5 Relationships between biometrics and ICCs . 3
5.1 Architectures for the joint use of biometrics and ICCs . 3
5.2 Considerations to be addressed when designing the application . 3
6 Data formats . 6
6.1 General . 6
6.2 Single modality plain biometric data formats . 6
6.3 Encapsulation of multiple modalities and/or security mechanisms . 8
6.4 ICC-specific definitions on biometric data formats . 9
7 Privacy and security . 9
8 Outside-ICC application development .11
8.1 General overview .11
8.2 Local applications .11
8.3 Client-server implementations .11
9 Use cases profiles .12
10 Technology evaluation .13
11 Implementing solutions merging the use of ICCs and biometrics.14
11.1 Spanish national ID card (DNIe) .14
11.1.1 Introduction .14
11.1.2 Biometric services provided .15
11.1.3 Biometric modalities and data formats .15
11.1.4 Security mechanisms and operations .16
11.1.5 Evaluations and results .16
11.2 ePassport.16
11.2.1 Introduction .16
11.2.2 Biometric services provided .17
11.2.3 Biometric modality and data formats .18
11.2.4 Security mechanisms and operations .18
Bibliography .20
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE iii

---------------------- Page: 3 ----------------------
ISO/IEC TR 30117:2021(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO's adherence to the WTO principles in the Technical
Barriers to Trade (TBT) see www .iso .org/ iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 17, Cards and security devices for personal identification.
This second edition cancels and replaces the first edition (ISO/IEC TR 30117:2014) which has been
technically revised.
The main changes compared to the previous edition are as follows:
— Addition and update of references to the related projects in all relevant standardization bodies.
— Addition to the Scope, to include not only on-card biometric comparison, but all other interactions
of biometrics and integrated circuit cards (ICCs).
— Addition of the example of the ePassport, which is a widely-deployed application using off-card
biometric comparison.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html and www .iec .ch/ national
-committees.
iv PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC TR 30117:2021(E)

Introduction
There are a large number of applications where the need for implementing jointly integrated circuit
cards (ICC) and biometrics can arise. In those cases, system designers and integrators need to be aware
of the range of international standards and technical reports that are applicable. All of these potential
reference documents have been developed by different standardization bodies and committees. ISO/
IEC JTC1 (Joint Technical Committee) subcommittees develop standards in the following areas:
ICCs:
ISO/IEC JTC 1 SC 17 (Information technology — Cards and security devices for personal identification)
Security aspects:
ISO/IEC JTC 1 SC 27 (Information technology — Information security, cybersecurity and privacy protection)
Biometrics:
ISO/IEC JTC 1 SC 37 (Information technology — Biometrics)
Other regional or sectoral standardization bodies are also applicable.
In this context, the system designer and developer have a large number of documents at their disposal,
but with little information about which of them is really applicable. There are no general rules, as
depending on the application, different alternatives are available.
This document provides guidelines to those developers by enumerating and referring to those published
standards and reports and relating them to the kind of application to be developed. When referring to
different applications, these will be classified attending to the verification needs of the application, not
to the final sector where the application is to be deployed.
Interactions among standards cover different implementation levels, from data formats to be used to
the application profiles, including application programming interfaces (APIs) and security mechanisms.
This document places special emphasis on providing recommendations and policies needed by
developers to integrate the use of both biometrics and ICCs in applications.
The structure of this document is as follows:
— Clause 5 provides a first overview to the different decisions that have to be taken when developing
an application that can involve the use of ICCs and biometrics.
— Clauses 6 to 10 provide an overview to the different International Standards and Technical Reports
that can be applicable to the application to be developed.
— Clause 11 provides examples of implementations that can be used by application designers and
developers as guidelines.
All ISO/IEC documents mentioned in this document are listed in the Bibliography at the end of this
document.
NOTE Future editions of this document will add more information about Biometric System-on-Card
technology and the use of the PBO command.
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE v

---------------------- Page: 5 ----------------------
TECHNICAL REPORT ISO/IEC TR 30117:2021(E)
Information technology — Guidance on standards and
applications for the integration of biometrics and ICC
1 Scope
This document summarizes how some of the main international standards and recommendations
approach personal identification and its related information security, with regard to the integration of
biometrics and ICCs. It also provides guidance for developers on how to integrate biometrics and ICCs
in applications.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 2382-37, Information technology — Vocabulary — Part 37: Biometrics
3 Terms and definitions
For the purpose of this document, the terms and definitions given in ISO/IEC 2382-37 and the following
apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
NOTE ISO/IEC 2382-37 is freely available at https:// standards .iso .org/ ittf/ Publicl yAvailable Standards/
index .html
3.1
biometric template
set of stored biometric features comparable directly to probe biometric features
Note 1 to entry: In the ISO/IEC 7816 series, the term "template" has a completely different meaning, being in that
case the “value field of a constructed data object”, regardless to whether the data object relates to biometrics or
not.
4 Symbols and abbreviated terms
APDU Application Protocol Data Unit
API Application Programming Interface
ASN.1 Abstract Syntax Notation One
BAC Basic Access Control
BDB Biometric Data Block (as defined in the ISO/IEC 19785 series)
BDIR Biometric Data Information Record
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE 1

---------------------- Page: 6 ----------------------
ISO/IEC TR 30117:2021(E)

BFP Biometric Function Provider
BIAS Biometric Identity Assurance Services
BioAPI Biometric Application Programming Interface
BIR Biometric Information Record
BSoC Biometric System-on-Card
BSP Biometric Service Provider
CA Certification Authority
CBEFF Common Biometric Exchange Format Framework (defined in the ISO/IEC 19785 series)
CEN European Committee for Standardization
CENELEC European Committee for Electrotechnical Standardization
COS Card Operating System
DNI Documento Nacional de Identidad (Spanish National ID Card)
DO Data Object
EAC Extended Access Control
ICAO International Civil Aviation Organization
ICC Integrated Circuit Card
IFD Interface Device
LDS Logic Data Structure
MRTD Machine Readable Travel Document
NIST National Institute of Standards and Technology
PAD Presentation Attack Detection
PBO Perform Biometric Operation (command defined in ISO/IEC 7816-11)
PIV Personal Identity Verification (US Federal government-wide credential)
PKI Public Key Infrastructure
PP Protection Profile
REST Representational State Transfer
SC17 ISO/IEC JTC 1/SC 17
SC27 ISO/IEC JTC 1/SC 27
SC37 ISO/IEC JTC 1/SC 37
SOA Service Oriented Architecture
SOAP Simple Object Access Protocol
2 PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC TR 30117:2021(E)

ST Security Target
TLV Tag Length Value (data coding format)
TR Technical Report
TS Technical Specification
WG Working Group
XML Extensible Markup Language
XSD XML Schema Definition
5 Relationships between biometrics and ICCs
5.1 Architectures for the joint use of biometrics and ICCs
ISO/IEC 24787 provides a comprehensive introduction to the different ways that biometrics and ICCs can
be integrated into a final application. This is summarized as follows as to provide a brief introduction
to the reader of this document. When integrating biometrics into ICCs, four different approaches can be
followed:
— Off-card biometric comparison (see ISO/IEC 24787): The ICC stores the biometric reference but is
not directly involved in comparison processing. The IFD application reads the biometric reference
from the ICC, as needed, with biometric verification occurring external to the ICC.
— On-card biometric comparison (see ISO/IEC 24787): The ICC both stores the biometric reference,
and performs biometric comparison against biometric problems supplied by the IFD. Security
controls employed by the ICC for this process include:
— Use of cryptography or other controls to prevent unauthorised access to the biometric reference
and associated processes; and
— Limiting the number of consecutive unsuccessful comparisons and blocking further comparison
attempts once a specified threshold has been reached.
— Work-sharing on-card biometric comparison (see ISO/IEC 24787): An implementation in which
comparison processing, and potentially sample pre-processing, is shared between ICC and external
system components.
— Biometric system-on-card (see ISO/IEC 24787 and ISO/IEC 17839 all parts): The ICC contains
a complete reference storage, biometric sample capture and biometric comparison subsystem.
Such implementations are limited to modalities using small sensors and constrained processing
capabilities.
5.2 Considerations to be addressed when designing the application
With these four architectures in mind, the designer and/or developer has to take several decisions to
define the whole system and the relationship between biometrics and ICCs. The following considerations
have to be taken into account. They are outlined in the following paragraphs and discussed further in
subsequent clauses in this document.
a) Is the system going to be implementing a verification scheme (i.e. the user claims his/her identity
and the comparison is only made between the sample provided and the biometric reference of the
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE 3

---------------------- Page: 8 ----------------------
ISO/IEC TR 30117:2021(E)

claimed user), or an identification scheme (i.e. the biometric sample is to be compared to the whole
database of users enrolled)?
1) If an identification scheme is used, then there is no need for a further relationship between
biometrics and ICCs, and in such case this document is not applicable.
b) Is the system considering the use of a centralized database, or is it going to be implemented in a
distributed way?
1) If a centralized database is going to be used and such database is going to be contacted at
every single verification attempt, then the need for a further relationship between biometric
information and ICC is not needed. Therefore, this document is not applicable. The ICC will act
only as a means to claim the user identity.
c) Is there an initial requirement of the biometric modality to be used?
1) With an initial requirement, a set of further decisions can already be taken, such as the
possibility of using on-card biometric comparison, work-sharing on-card comparison or
biometric system-on-card.
2) If there is no initial requirement, the decision on the modality can be taken as any other
requirements are satisfied.
3) Once the modality is chosen, then the interoperable data formats have to be checked (see
Clause 6).
4) Once the modality is chosen, it can also be important to address whether the ICC is expected to
also support other biometric verification types on ICC (e.g. off-card comparison) for the same
modality.
NOTE NIST SP 800-76-2 (see 5.4 Finger selection for details) specification for PIV card (further
also referenced within Clause 9 of this document) describes ICC platform with optional fingerprint on-
card comparison and mandatory storage of the off-card comparison dedicated fingerprint templates.
It also addresses the subject stated above, that using the same reference finger positions for both
enrolled for off-card comparison and enrolled for on-card comparison biometric data can lead to
security vulnerabilities, if off-card templates would be read-out by an inappropriate party. Therefore,
it recommends using different positions for off-card and on-card comparison reference templates.
However, it also does not prohibit using the same positions because of usability (the same two positions
have to be presented by the cardholder despite the off-card or on-card verification method utilized).
5) In practice, multiple modalities can be used to address a higher level of security, flexibility
and also interoperability, i.e. face + fingerprints, where the latter enables interoperability at
compact format feature (minutiae) set level if face proprietary feature set encoding is used.
6) Although theoretically possible, the use of multiple biometrics in on-card biometric comparison
or in BSoC can raise usability issues. Not only can an excessive interaction be requested, but
also delays in decision taking can appear due to the increase in computational needs.
7) In either case, data quality control has to be considered for both the biometric reference and
the biometric probe, prior to applying any biometric operation.
d) What are the initial requirements of ICC’s resources?
1) If there is the requirement of using an ICC with insufficient processing capability, then
alternatives such as off-card comparison or work-sharing on-card comparison can be
compromised.
2) If there is the requirement of using an ICC with limited storage capacity, then the number of
references to be stored on the ICC, or the modalities to be used can be limited and/or the use
of compact data formats can become a major requirement (see Clause 6). Attention is drawn to
the face that the limitations imposed by compact data formats also have to be considered (e.g.
4 PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC TR 30117:2021(E)

ISO/IEC 19794-2 compact card format maximum value for the minutiae x and y coordinate is
25,5 mm).
e) Steps to be followed to reach interoperability:
1) If there is no need, then the designer can decide to create his/her own solution without
following any standard. Therefore, this document cannot be applicable. This option is not
recommended as the need for interoperability can arise at any time during the project, or when
applying the development done for the current project to future ones.
2) If interoperability is required for exchanging data, then refer to Clause 6. As it will be seen, it
can happen that for reaching global interoperability in a specific modality, being independent
on the algorithm to be used, the use of captured sample data in standardized format can
become the only viable solution (e.g. the face image coded as ISO/IEC 19794-5, instead of a
proprietary feature-based information).
3) If interoperability is required to have multiple technological providers, then not only
data interoperability is requested, but also interoperability at API level and from security
mechanisms. See Clauses 7 and 8.
4) The use of more complex products, such as on-card biometric comparison ones or biometric
system-on-card, contributes to reaching interoperability, as there is only the need to focus on
data interoperability (and can be security mechanisms), avoiding all technological differences
coming from technological solutions at algorithm level.
5) In the use of biometrics, the quality of the data used plays a major role in the performance
and usability of the system. Data quality has to be analysed, so as to allow the system to reject
the input if a minimum quality threshold is not achieved. This is not only important for the
biometric probe, but even more important for the biometric reference. If the reference presents
low quality, then the performance of the rest of the verifications is compromised. Therefore,
the system designer has to be aware if there are some quality specifications for the application,
or if not, to define those for both enrolment and verification. Data quality thresholds can be
more restrictive for enrolment than for verification, to ensure a proper operation in the daily
use of the system. There are standards devoted to the definition of quality metrics for several
biometric modalities, such as the ISO/IEC 29794 series. Additionally, for the case of on-card
biometric comparison, there are also definitions in ISO/IEC 24787:2018 regarding Minimal
Verification Quality DOs inside Biometric Comparison Parameters DO, as well as considerations
on the minimal reference / verification data quality to be addressed for the on-card comparison
engine on the ICC for enrolment or verification respectively.
6) When ICCs are in use, it is important to use interindustry APDU command exchange, as to allow
a good level of interoperability. The ISO/IEC 7816 series (in particular Part 4) describes those
interindustry APDUs. Also, for some applications, there is even a workflow recommended
which has to be followed, such as the one described in ISO/IEC 24787 for on-card biometric
comparison. For example, when designing an application using on-card biometric comparison,
the interindustry APDU commands described in ISO/IEC 7816-4, ISO/IEC 7816-11, and
ISO/IEC 24787, are to be used for reaching interoperable on-card comparison implementations.
f) In many parts of the world, biometric data are considered personal data, and therefore are to be
protected as to ensure citizen's privacy. Depending on the environment where the application is
going to be deployed, the use of security mechanisms becomes a major requirement. See Clause 7
for the works already done in this area.
g) The most typical scenario for designing and developing a new project involving ICCs and biometrics
is integrating technological modules from several providers. Furthermore, many project designers
require more than one provider for each technological module to be integrated. In this kind of
scenario, standardized APIs are to be used to ease integration. Clause 8 provides further details.
h) For certain applications there is the need of following already defined specifications. Clause 9
describes the current available specifications.
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE 5

---------------------- Page: 10 ----------------------
ISO/IEC TR 30117:2021(E)

i) Either to select the technological modules to be integrated, or to provide final results to the end
user about the behaviour of the whole project, an evaluation methodology is required. Clause 10
describes the evaluation-related standards related to ICC, biometrics and security.
In addition to the above information, Clause 11 provides examples that could serve as guidance for
implementing ICC-based biometric solutions, based, or not, on ISO/IEC 24787.
6 Data formats
6.1 General
As long as data for exchanging are encapsulated in an ICC according to the ISO/IEC 7816 series, either
the biometric information template DO’7F60’ or the biometric information group template DO’7F61’
defined in ISO/IEC 7816-11 are considered.
As biometric data can contain information on one or more modalities, several options have to be
considered. The following sub-clauses detail those options, from the mono-modality version, to the
specific definitions already written for ICC-based applications.
6.2 Single modality plain biometric data formats
ISO/IEC JTC1 SC37 is in charge of developing standards that provide interoperable ways to code
biometric data, depending on the modality. Since its funding, three generations of the biometric data
formats have been generated. The two first generations have been published within the ISO/IEC 19794
series, while the third one is being published in the ISO/IEC 39794 series.
It is important to note that the differences introduced in each generation, has made them not fully
compatible. The first generation was published in 2005-2007, while the second one was published
from 2011 and beyond. The typical process for ISO/IEC international standards is that, when a new
edition is published (i.e. a new generation), the previous one is considered deprecated. But for certain
parts of ISO/IEC 19794, the first edition (i.e. first generation) has been retained as published, as it is
currently used by some world-wide applications, such as the ePassport. In order to try to avoid further
deprecations, the third generation has been published under a new standard number, i.e. ISO/IEC 39794
series.
The structure of both the ISO/IEC 19794 series and the ISO/IEC 39794 series is the following:
— Part 1 provides a general framework to be applied to all the other
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.