ISO/IEC TR 29196:2015

TECHNICAL ISO/IEC TR
REPORT 29196
First edition
2015-08-15
Guidance for biometric enrolment
Directives pour l’inscription biométrique
Reference number
ISO/IEC TR 29196:2015(E)
©
ISO/IEC 2015

---------------------- Page: 1 ----------------------
ISO/IEC TR 29196:2015(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TR 29196:2015(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Terms and definitions . 1
3 Abbreviated terms . 2
4 Role of Enrolment in a Biometric System . 3
5 Stakeholders and approaches for enrolment . 5
5.1 Enrolment Stakeholders . 5
5.2 Enrolment Approaches . 8
6 Key Stakeholder perspectives. 9
6.1 Summary of key observations. 9
6.2 Meeting the requirements of Stakeholders .10
6.2.1 Supporting the interests of the Subject .10
6.2.2 Information provided to the Applicant.11
6.2.3 Legal implications of the enrolment service .11
6.2.4 Issues related to inclusivity .12
6.2.5 Usability .12
6.2.6 Usability aspects — Effectiveness .12
6.2.7 Usability aspects — Efficiency .12
6.2.8 Usability aspects — Satisfaction with the enrolment process .12
6.2.9 Supporting the interests of the Enrolment Authority.13
6.2.10 Establishing the legal framework for enrolment .13
6.2.11 Independent review of the operation of the Service .14
6.2.12 Metrics of a successful biometric enrolment .14
6.2.13 Failure to Enrol and related failure rates .15
6.2.14 Analysis of enrolment failures .16
6.2.15 Analysis of poor quality enrolments .18
6.2.16 Strategy for corrective actions .19
6.2.17 Use of data for research .19
6.2.18 End-of-contract or contract reassignment actions.19
6.2.19 Supporting the interests of the Operator of the enrolment service .19
6.2.20 Development and maintenance of training programmes for personnel .20
6.2.21 System performance monitoring and correction actions .21
6.2.22 Service Improvement Actions .21
6.2.24 Participation in end-of-service or contract reassignment activities .22
6.2.25 Supporting the interests of Relying Parties .22
6.2.26 System Design and Developer’s perspective.23
6.2.27 Pre-enrolment and scheduling processes .23
6.2.28 Confirmation of the biographic identity of the Applicant .24
6.2.29 Requirements of the verification system(s) which will depend on
this enrolment .24
6.2.30 Selection of enrolment system .24
6.2.31 Physical design of the enrolment environment .24
6.2.32 Interfacing with the Applicant .24
6.2.33 Appropriate training of the Enrolment Officer and Attendants .25
6.2.34 Support Staff Training .25
6.2.35 Security .25
6.2.36 Number of attempts at collection of a biometric feature or maximum
duration of collection time before timeout .26
6.2.37 Exception handling: enrolment and/or registration procedure for secure
and effective fallback .26
6.2.38 Post enrolment verification session .27
© ISO/IEC 2015 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC TR 29196:2015(E)

6.2.39 System maintenance procedures .27
6.2.40 Token production and secure delivery .27
6.2.41 System performance monitoring .27
6.2.42 Effective system level performance through testing and piloting .28
6.3 Regulator’s perspective .28
6.3.1 Regulation .28
6.3.2 Completeness of the governance processes .28
6.3.3 Integrity of the logging and audit processes .28
6.4 Auditor’s perspective .29
7 Process for the development of biometric enrolment capability .29
7.1 General .29
7.2 Architectural considerations in enrolment station design .29
7.3 System definition .30
8 Guidance relating to specific modalities .30
8.1 General .30
8.2 Facial Biometrics .31
8.3 Fingerprint biometric systems .32
8.3.1 General.32
8.3.2 Fingerprint image optimization .33
8.3.3 Single finger systems .33
8.3.4 Tenprint systems .34
8.4 Vascular (Vein) authentication systems .36
8.4.1 General.36
8.4.2 Palm vein technology .36
8.4.3 Finger Vein technology .37
9 Guidance relating to enrolment for mobile biometric applications .37
9.1 Best practice guidelines .37
9.2 Fingerprint systems .38
9.3 Facial image Systems .39
9.4 Iris systems .40
Annex A (informative) Checklist of Activities related to biometric enrolment .42
Bibliography .46
iv © ISO/IEC 2015 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC TR 29196:2015(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical
Barriers to Trade (TBT), see the following URL: Foreword — Supplementary information.
The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommitee
SC 37, Biometrics.
© ISO/IEC 2015 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC TR 29196:2015(E)

Introduction
One of the most important contributions to a successful biometric-based recognition system is a
consistent enrolment service that generates the biometric data required for subsequent recognition
of individuals. Subsequent verifications or identifications will be compared with the biometric
data collected at enrolment. If the quality of capture at enrolment is not maintained consistently,
the operators of a recognition system which depends on a good enrolment are likely to experience
unreliable performance. For those who are enrolled in a verification system, a poor quality enrolment
will result in inconvenience should they fail to be recognized. (Readers of this report should note that
quality has a specific meaning when applied to biometric systems; a high quality capture is one that
results in biometric data that provides good match scores when compared with other high quality
images from the same biometric feature.)
By analysing the requirements for a good enrolment from the perspectives of a range of stakeholders,
it is possible to derive a set of principles to guide the development of a biometric enrolment policy and
the deployment of a service. Where enrolment is outsourced to a third party, it is extremely important
to be able to measure quality metrics rather than quantity metrics, since the technical and business
objectives of the two organisations (the Relying Party and the Enrolment Authority as defined in this
document) may, in general, not be aligned.
Although the recommendations and guidelines in this report are directed in the main at the parties
responsible for the enrolment itself and for management of the enrolment service (noting that these
two entities may be one and the same), they will also be of value to the designers and developers of
enrolment systems.
vi © ISO/IEC 2015 – All rights reserved

---------------------- Page: 6 ----------------------
TECHNICAL REPORT ISO/IEC TR 29196:2015(E)
Guidance for biometric enrolment
1 Scope
This report consolidates information relating to successful, secure and usable implementation of
biometric enrolment processes, while indicating areas of uncertainty that organisations proposing to
use biometric technologies will need to address during procurement, design, deployment and operation.
Much of the information is generic to many types of application e.g. from national scale commercial
and government applications, through to closed user group systems for in-house operations, and to
consumer applications where convenience rather than security is the primary driver for adoption of
biometric technologies.
The report points out the differences in operation relating to specific types of application, e.g. where
self-enrolment is more appropriate than attended operation. This report will focus in the main
on fixed location enrolments at a number of sites in an organization, where there is an attendant
who supports the biometric applicant in effecting a successful enrolment, and where enrolment is a
mandatory requirement. In summary, this report consolidates information relating to better practice
implementation of biometric enrolment capability in various business contexts including considerations
of legislation, policy, process, function (system) and technology.
The report provides guidance as to the collection and storage of biometric enrolment data and the
impact on dependent processes of verification and identification. This report will not aim to include
material specific to forensic and law enforcement applications.
The recommendations contained in the report are not mandatory.
2 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 2382-37 and the
following apply.
2.1
biometric applicant
individual seeking to be enrolled in a biometric enrolment database
2.2
designers and developers
organization or individuals responsible for the design, development, (and deployment, if applicable) of
the enrolment system
2.3
duty officer
individual acting on behalf of either the enrolment authority or operator either present in the vicinity
of one or more enrolment stations, or available on line or by telephone, trained to provide advice and
guidance to an enrolment officer in case of difficulty
Note 1 to entry: The duty officer may also have a role in determining exception handling routines.
2.4
enrolment authority
organisation (or other entity) with legal and contractual responsibilities for the completion of
enrolment processes
© ISO/IEC 2015 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO/IEC TR 29196:2015(E)

2.5
enrolment officer
agent of the operator responsible for the secure and effective enrolment service at one or more
enrolment points
2.6
identity provider
entity storing and managing the biometric data obtained directly or indirectly from the biometric
enrolment
2.7
operator
organization (or other entity) responsible for delivering the enrolment service on behalf of the
enrolment authority
2.8
performance manager
person responsible for managing the enrolment service to ensure it meets its specified enrolment
performance criteria
Note 1 to entry: This will typically include actions such as monitoring enrolment performance (quality as well
as quantity metrics), applying corrective measures where necessary and reporting enrolment performance
achievement to the enrolment authority.
2.9
personal assistant
individual accompanying the biometric applicant at the enrolment session for one or more purposes
Note 1 to entry: Such purposes might include: translation of instructions from the enrolment officer into the
native language of the applicant; support for a disabled applicant to enable the applicant to undertake an
enrolment successfully; to fulfil a legal requirement such as a parent present at the enrolment of a child.
2.10
relying party
entity operating a biometrically-enabled application for which the enrolment process provides
biometric references
2.11
specialist support staff
trained attendant(s) present at the enrolment session on behalf of the enrolment authority or operator
to assist with the enrolment of applicants with disabilities, or to fulfil service or legal requirements in
respect of gender, religious observance, or age of the applicant
2.12
vendor
entity providing hardware and/or software biometric functionality
3 Abbreviated terms
KPI Key Performance Indicator. A metric quantifying one or more aspects of the successful operation
of a process
NFIQ NIST Fingerprint Image Quality
SLA Service Level Agreement. An agreement between a service provider and a customer defining a
target level of service, mutual responsibilities of service provider and customer, together with
other requirements for the delivery of a service
2 © ISO/IEC 2015 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/IEC TR 29196:2015(E)

4 Role of Enrolment in a Biometric System
Given the variety of applications and technologies, it might seem difficult to draw any generalizations
about biometric systems. All such systems, however, have many elements in common. Captured
biometric samples are acquired from a subject by a sensor. The sensor output is sent to a processor
that extracts the distinctive but repeatable measures of the sample (the biometric features), discarding
all other components. The resulting features can be stored in the biometric enrolment database as a
biometric reference or (in this case) a biometric template. In other cases the sample itself (without
feature extraction) may be stored as the reference. A subsequent probe biometric sample can be
compared to a specific reference, to many references or to all references already in the database to
determine if there is a match. A decision regarding the biometric claim is made based upon the
similarities or dissimilarities between the features of the biometric probe and those of the reference or
references compared.
Figure 1 — Components of general biometric system
Figure 1 (which is functional in nature and has no implications for physical location) illustrates the
information flow within a general biometric system, showing a general biometric system consisting
of data capture, signal processing, data storage, comparison and decision subsystems. This diagram
illustrates both enrolment, and the operation of verification and identification systems. The following
subclauses describe each of these subsystems in more detail. However, it should be noted that in any
implemented system, some of these conceptual components may be absent, or may not have a direct
correspondence with a physical or software entity.
The data capture subsystem collects an image or signal of a subject’s biometric characteristics that they
have presented to the biometric sensor, and outputs this image/signal as a captured biometric sample.
The transmission subsystem (not portrayed in the diagram and not always present or visibly present in
a biometric system) will transmit samples, features, probes and references between different subsystems.
The captured biometric sample may be compressed and/or encrypted before transmission, and
expanded and/or decrypted before use. A captured biometric sample may be altered in transmission
due to noise in the transmission channel as well as losses in the compression/expansion process. Data
may be transmitted using standard biometric data interchange formats, and cryptographic techniques
© ISO/IEC 2015 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO/IEC TR 29196:2015(E)

may be used to protect the authenticity, integrity, and confidentiality of stored and transmitted
biometric data.
Signal processing may include processes such as:
— enhancement, i.e. improving the quality and clarity of the captured biometric sample,
— segmentation, i.e. locating the signal of the subject’s biometric characteristics within the captured
biometric sample,
— feature extraction, i.e. deriving the subject’s repeatable and distinctive measures from the captured
biometric sample, and
— quality control, i.e. assessing the suitability of samples, features, references, etc. and possibly
affecting other processes, such as returning control to the data capture subsystem to collect further
samples; or modifying parameters for segmentation, feature extraction, or comparison.
In the case of enrolment, the signal processing subsystem creates a biometric reference. Sometimes
the enrolment process requires features from several presentations of the individual’s biometric
characteristics. Sometimes the reference comprises just the features, in which case the reference
may be called a “template”. Sometimes the reference comprises just the sample, in which case feature
extraction from the reference occurs immediately before comparison.
In the case of verification and identification, the signal processing subsystem creates a biometric probe.
Sequencing and iteration of the above-mentioned processes are determined by the specifics of each
system.
References are stored within an enrolment database held in the data storage subsystem. Each reference
might be associated with some details of the enrolled subject or the enrolment process. It should
be noted that prior to being stored in the enrolment database, references may be reformatted into a
biometric data interchange format. References may be stored within a biometric capture device, on a
portable medium such as a smart card, locally such as on a personal computer or local server, or in a
central database.
In the comparison subsystem, probes are compared against one or more references and comparison
scores are passed to the decision subsystem. The comparison scores indicate the similarities or
dissimilarities between the features and reference/s compared. In some cases, the features may take the
same form as the stored reference. For verification, a single specific claim of subject enrolment would
lead to a single comparison score. For identification, many or all references may be compared with the
features, and output a comparison score for each comparison.
The decision subsystem uses the comparison scores generated from one or more attempts to provide
the decision outcome for a verification or identification transaction.
In the case of verification, the features are considered to match a compared reference when (assuming
that higher scores correspond to greater similarity) the comparison score exceeds a specified threshold.
A biometric claim can then be verified on the basis of the decision policy, which may allow or require
multiple attempts.
In the case of identification, the enrolee reference is a potential candidate for the subject
...