iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 19784-1:2006/Amd 3:2010

(Amendment)

Information technology — Biometric application programming interface — Part 1: BioAPI specification — Amendment 3: Support for interchange of certificates and security assertions, and other security aspects

Information technology — Biometric application programming interface — Part 1: BioAPI specification — Amendment 3: Support for interchange of certificates and security assertions, and other security aspects

Technologies de l'information — Interface de programmation d'applications biométriques — Partie 1: Spécifications BioAPI — Amendement 3: Support pour interéchange de certificats et de déclarations de sécurité, et autres aspects de sécurité

General Information

Status
Withdrawn
Publication Date
26-Jul-2010
Withdrawal Date
26-Jul-2010
ICS
35.040 - Information coding
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
ISO/IEC JTC 1/SC 37 - Biometrics
Drafting Committee
ISO/IEC JTC 1/SC 37/WG 2 - Biometric technical interfaces
Current Stage
9599 - Withdrawal of International Standard
Completion Date
23-Mar-2018
Ref Project

Relations

Revised
ISO/IEC 19784-1:2018 - Information technology — Biometric application programming interface — Part 1: BioAPI specification
Effective Date
27-Feb-2016
Amends
ISO/IEC 19784-1:2006 - Information technology — Biometric application programming interface — Part 1: BioAPI specification
Effective Date
06-Jun-2022
Child
ISO/IEC 19784-1:2006 - Information technology — Biometric application programming interface — Part 1: BioAPI specification
Effective Date
15-Apr-2008

Buy Standard

ISO/IEC 19784-1:2006/Amd 3:2010 - Support for interchange of certificates and security assertions, and other security aspectsISO/IEC 19784-1:2006/Amd 3:2010 - Support for interchange of certificates and security assertions, and other security aspects
PreviousNext
Standard
ISO/IEC 19784-1:2006/Amd 3:2010 - Support for interchange of certificates and security assertions, and other security aspects
English language
47 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 19784-1
First edition
2006-05-01
AMENDMENT 3
2010-08-01

Information technology — Biometric
application programming interface —
Part 1:
BioAPI specification
AMENDMENT 3: Support for interchange of
certificates and security assertions, and
other security aspects
Technologies de l'information — Interface de programmation
d'applications biométriques —
Partie 1: Spécifications BioAPI
AMENDEMENT 3: Support pour interéchange de certificats et de
déclarations de sécurité, et autres aspects de sécurité




Reference number
ISO/IEC 19784-1:2006/Amd.3:2010(E)
©
ISO/IEC 2010

---------------------- Page: 1 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2010
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2010 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
Amendment 3 to ISO/IEC 19784-1:2006 was prepared by Joint Technical Committee ISO/IEC JTC 1,
Information technology, Subcommittee SC 37, Biometrics.
This amendment to ISO/IEC 19784-1 defines a new version 2.2 of BioAPI which adds support for biometric
fusion and security assertions to ISO/IEC 19784-1. It extends the API and the SPI of BioAPI by specifying new
functions and new values for existing data types.
ISO/IEC 19784-1:2006 provides no direct support for biometric fusion. In addition, the use of FARs in the
representation of matching scores is not suitable, in general, for performing score-level fusion (although it
does allow some limited forms of fusion). This amendment adds support of biometric fusion to
ISO/IEC 19784-1.

© ISO/IEC 2010 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)

Information technology — Biometric application programming
interface —
Part 1:
BioAPI specification
AMENDMENT 3: Support for interchange of certificates and security
assertions, and other security aspects

1) General amendment items
1-1) Add the following at the end of the first paragraph of the Foreword:
“, BioAPI 2.1, and BioAPI 2.2”

1-2) Replace the last paragraph of the Foreword with the following:
This is the first ISO/IEC standard on BioAPI. Previous versions were published by ANSI and the BioAPI
Consortium. As the last official non-ISO release was designated Version 1.1, the version specified in this part
of ISO/IEC 19784-1 is designated Version 2.0 onwards. This is to distinguish the versions of BioAPI products
in the marketplace.

1-3) Replace the first paragraph of the Introduction with the following:
This part of ISO/IEC 19784 provides a high-level generic biometric authentication model suited to most forms
of biometric technology. Support for multimodal biometrics and security assertions is also provided.

2) Amendment items for interchange of certificates and security assertions, and other security
aspects
2-1) Replace the last paragraph of the Scope with the following:
This part of ISO/IEC 19784 specifies a version of the BioAPI specification that is defined to have a version
number described as Major 2, Minor 0, or version 2.0. It also specifies a version number described as Major 2,
Minor 1, or version 2.1 that provides an enhanced Graphical User Interface. It also specifies a version number
described as Major 2, Minor 2, or version 2.2 that provides features supporting fusion and security. Some
clauses and sub-clauses apply only to one of these versions, some to two or more. This is identified at the
head of the relevant clauses and sub-clauses.

© ISO/IEC 2010 – All rights reserved 1

---------------------- Page: 4 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
2-2) Remove the amended paragraph in Amd.2 after the last paragraph of the Scope and add the
following paragraph after the last amended NOTEs of the Scope:
Conformance requirements are specified in Clause 2.

2-3) Add the following documents to Clause 3:
ISO/IEC 19785-4:2010, Information technology — Common Biometric Exchange Formats
Framework — Part 4: Security block format specifications
ISO/IEC 24761:2009, Information technology — Security techniques — Authentication context for
biometrics

2-4) Add the following term and definition before 4.1:
4.0
ACBio instance
report generated by a biometric processing unit (BPU) compliant to ISO/IEC 24761 to show the validity of the
result of one or more subprocesses executed in the BPU
[ISO/IEC 24761]

2-5) Add the following term and definition after 4.3:
4.3bis
authentication context for biometrics
ACBio
International Standard that specifies the form and encoding of ACBio instances
[ISO/IEC 24761]

2-6) Add the following terms and definitions after 4.5:
4.5bis
biographic data (BioAPI 2.2)
non-biometric data that potentially affects a biometric operation
4.5ter
biographic BIR (BioAPI 2.2)
non-biometric BIR that potentially affects a biometric operation

2-7) Add the following term and definition after 4.10:
4.10bis
biometric processing unit
BPU
entity that executes one or more subprocesses that perform a biometric verification at a uniform level of
security
[ISO/IEC 24761]
2 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 5 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
NOTE A sensor, a smart card, and a comparison device are examples of BPUs.

2-8) Add the following term and definition after 4.14:
4.14bis
BPU IO Index
integer assigned to each biometric data stream between BPUs by the subject, such as software, which utilizes
the function of the BPU so that the validator can reconstruct the data flow among BPUs
[ISO/IEC 24761]
2-9) Add the following term and definition after 4.16:
4.16bis
decision BIR (BioAPI 2.2)
BIR which contains decision in the BDB

2-10) Replace the terms of 4.22 with the following terms:
4.22
score
score data
scoring

2-11) Add the following term and definition after 4.22:
4.22bis
score BIR (BioAPI 2.2)
BIR which contains score in the BDB

2-12) Add the following term and definition after 4.22bis:
4.22ter
secure BioAPI (BioAPI 2.2)
BioAPI API and SPI interfaces that include the security features defined for version 2.2 of BioAPI

2-13) Replace Clause 5 with the following:
ACBio – Authentication Context for Biometrics
API – Application Programming Interface
BDB – Biometric Data Block
BFP – BioAPI Function Provider
BIR – Biometric Information Record
BPU – Biometric Processing Unit
© ISO/IEC 2010 – All rights reserved 3

---------------------- Page: 6 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
BSP – Biometric Service Provider
CBEFF – Common Biometric Exchange Formats Framework
FMR – False Match Rate
FPI – Function Provider Interface
GUI – Graphical User Interface
ID – Identity/Identification/Identifier
IRI – Internationalized Resource Identifier (see RFC 3987)
MAC – Message Authentication Code
MOC – Match on Card
PID – Product ID
SB – Security Block
SBH – Standard Biometric Header
NOTE This term and abbreviation is imported from ISO/IEC 19785-1.
SPI – Service Provider Interface
UUID – Universally Unique Identifier

2-14) Replace 6.6.6 as follows:
6.6.6 On BioAPI_BSPAttach/BioAPI_BSPAttachSecure (BioAPI 2.2 or greater), the application is required
to select at most one BioAPI Unit of each category that is currently in an "inserted" state (or to select
BioAPI_DONT_CARE) and is managed by that BSP or by an associated BFP. The BSP then either accesses
that BioAPI Unit (for directly managed BioAPI Units), or else interacts with the associated BFP in order to
access that BioAPI Unit.

2-15) Add the following text after 7.1:
7.1bis BioAPI_ACBio_PARAMETERS (BioAPI 2.2)
7.1bis.1 Structure giving information which is used to generate ACBio instances
typedef struct bioapi_acbio_parameters {
uint32_t Challenge[4];
uint32_t *InitialBPUIOIndexOutput;
uint32_t *SupremumBPUIOIndexOutput;
} BioAPI_ACBio_PARAMETERS;

4 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
7.1bis.2 Definitions
Challenge – Challenge from the validator of a biometric verification when ACBio is used. This value shall be
set to the field controlValue of type ACBioContentInformation in ACBio instances.
InitialBPUIOIndexOutput – The initial value of BPU IO index which is to be assigned to the output from the
BioAPI Unit, BFP, or BSP when the ACBio instances are generated. The range between
InitialBPUIOIndexOutput and SupremumBPUIOIndexOutput shall be divided into the number of BSP Units
and BFPs which are attached to the BSP, and assigned to the BSP Units and BSPs.
SupremumBPUIOIndexOutput – The supremum of BPU IO indexes which are to be assigned to the output
from the BioAPI Unit, BFP, or BSP when the ACBio instances are generated.
7.1ter BioAPI_ASN1_BIR (BioAPI 2.2)
A container for biometric data, (or non-biometric data) that may affect a biometric operation, encoded in
ASN.1 DER. The BioAPI_ASN1_BIR structure is used when a BioAPI API with security functionality is used.
The BioAPI_ASN1_BIR structure associates a length, in bytes, with the address of an arbitrary block of
contiguous memory which contains an ASN.1 encoded BIR of type BioAPI-BIR, specified in Annex E. The
ASN.1 encoded BIR consists of an SBH of type BioAPIBIRHeader, a BDB of type BiometricData, and an
SB of type CBEFFSecurityBlock. The BDB may contain raw sample data, partially processed
(intermediate) data, completely processed data, score data (resulting from a matching or fusion operation),
decision data (resulting from a decision or fusion operation), or biographic data which can be provided as
input to a biometric operation to modify its behavior. The BioAPI_ASN1_BIR may be used to enroll a user
(thus being stored persistently), or may be used to verify or identify a user (thus being used transiently). It may
also be stored and used later to provide feedback to subsequent biometric operations. Type
BioAPI_ASN1_BIR is an alias of type BioAPI_DATA.
NOTE The ASN.1 type BioAPI-BIR corresponds to the C structured type BioAPI_BIR element by element.
typedef BioAPI_DATA BioAPI_ASN1_BIR;

7.1quater BioAPI_ASN1_ENCODED (BioAPI 2.2)
A container for ASN.1 DER encoded data. The BioAPI_ASN1_ENCODED structure is used to express
information about cryptographic keys. The BioAPI _ASN1_ ENCODED structure associates a length, in bytes,
with the address of an arbitrary block of contiguous memory which contains an ASN.1 encoded data. Type
BioAPI_ASN1_ENCODED is an alias of type BioAPI_DATA.
typedef BioAPI_DATA BioAPI_ASN1_ENCODED;

2-16) In 7.4.1, modify the paragraph as follows:
A container for biometric data, or non-biometric data that may affect a biometric operation. A BioAPI_BIR
consists of a BioAPI_BIR_HEADER, a BDB, and an optional SB. The BDB may contain raw sample data,
partially processed (intermediate) data, completely processed data, score data (resulting from a matching or
fusion operation), decision data (resulting from a decision or fusion operation), or biographic data which can
be provided as input to a biometric operation to modify its behavior. The BioAPI_BIR may be used to enroll a
user (thus being stored persistently), or may be used to verify or identify a user (thus being used transiently). It
may also be stored and used later to provide feedback to subsequent biometric operations.


© ISO/IEC 2010 – All rights reserved 5

---------------------- Page: 8 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
2-17) In 7.9.1, modify a) with the following:
a) it identifies the type of biometric sample (raw, intermediate, processed, score data, decision data or
biographic data) that is contained in the BDB;

2-18) Replace 7.9.4 as follows:
7.9.4 The ‘index’ flag shall be set if an index is present in the BIR header and not set if no index is present in
the BIR header.
typedef uint8_t BioAPI_BIR_DATA_TYPE;
#define BioAPI_BIR_DATA_TYPE_RAW   (0x01)
#define BioAPI_BIR_DATA_TYPE_INTERMEDIATE (0x02)
#define BioAPI_BIR_DATA_TYPE_PROCESSED  (0x04)
#define BioAPI_BIR_DATA_TYPE_SCORE  (0x08)
#define BioAPI_BIR_DATA_TYPE_DECISION  (0x09)
#define BioAPI_BIR_DATA_TYPE_BIOGRAPHIC  (0x0A)
#define BioAPI_BIR_DATA_TYPE_ENCRYPTED  (0x10)
#define BioAPI_BIR_DATA_TYPE_SIGNED  (0x20)
NOTE 1 The BioAPI BIR Data Type corresponds to a combination of the
“CBEFF_BDB_processed_level”, ”CBEFF_BDB_encryption_options”, and “CBEFF_BIR_integrity_options” in
ISO/IEC 19785-1.
NOTE 2 BioAPI_BIR_DATA_TYPE_DECISION (BioAPI 2.2 or greater) and BioAPI_BIR_DATA_TYPE_BIOGRAPHIC
(BioAPI 2.2 or greater) have two bits on while others have only one bit on.
NOTE 3 BioAPI_BIR_DATA_TYPE_SCORE is used in BioAPI 2.2 or greater.

2-19) Replace the text of 7.10 with the following:
A handle to refer to a BioAPI BIR or an ASN.1 encoded BIR that exists within a BSP.

2-20) Replace 7.12.1 with the following:
7.12.1 A value which defines the purpose(s) or use(s) for which the BioAPI BIR is intended (when used as an
input to a BioAPI function) or suitable (when used as an output from a BioAPI function or within the BIR
header).
typedef uint8 BioAPI_BIR_PURPOSE;
#define BioAPI_PURPOSE_VERIFY (1)
#define BioAPI_PURPOSE_IDENTIFY (2)
#define BioAPI_PURPOSE_ENROLL (3)
#define BioAPI_PURPOSE_ENROLL_FOR_VERIFICATION_ONLY (4)
#define BioAPI_PURPOSE_ENROLL_FOR_IDENTIFICATION_ONLY (5)
#define BioAPI_PURPOSE_AUDIT (6)
6 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
#define BioAPI_PURPOSE_DECIDE (7)
#define BioAPI_NO_PURPOSE_AVAILABLE (0)
NOTE 1 The condition NO VALUE AVAILABLE is indicated by setting the value to zero. This value is used only for
BIRs that are not originally generated by a BioAPI BSP, but originate from another source and have been transformed into
a BioAPI BIR. BSPs shall not use this value.
NOTE 2 BioAPI_PURPOSE_DECIDE is used in BioAPI 2.2 or greater.

2-21) In 7.12.3, replace e) and f) as follows:
e) The BioAPI_Process, BioAPI_CreateTemplate, BioAPI_ProcessWithAuxBIR (BioAPI 2.1 or less),
BioAPI_ProcessUsingAuxBIRs (BioAPI 2.2 or greater), BioAPI_Decide (BioAPI 2.2 or greater), and
BioAPI_Fuse (BioAPI 2.2 or greater) functions do not have Purpose as an input parameter, but read the
Purpose field from the BIR header of the input BIR.
f) The BioAPI_Process and BioAPI_ProcessUsingAuxBIRs functions may accept as input any intermediate
BIR with a Purpose of BioAPI_PURPOSE_VERIFY or BioAPI_PURPOSE_IDENTIFY, and shall output only
BIRs with the same purpose as the input BIR.

2-22) In 7.12.3, add i) as follows:
i) All score BIRs and decision BIRs must have the Decide purpose. Biographic BIRs may have any purpose.
No other types of BIRs may have the Decide purpose.

2-23) Add the following text after 7.25:
7.25bis BioAPI_ENCRYPTION_ALG (BioAPI 2.2)
Identifies encryption algorithm supported by a BioAPI Unit. This BioAPI type shall be the XML value notation
of ASN.1 identifier (see ISO/IEC 8824-1) assigned to encryption algorithms. Example to specify AES with
128 bit keys in CBC mode, the char would be “2.16.840.1.101.3.4.1.2” which is the XML value notation for.
typedef char *BioAPI_ENCRYPTION_ALG;
#define BioAPI_ENCRYPTION_ALG_NOT_SUPPORTED NULL

7.25ter BioAPI_ENCRYPTION_INFO (BioAPI 2.2)
7.25ter.1 Structure giving information of the cryptographic algorithm and key(s) of a BioAPI Unit or a
biometric application which is used to encrypt/decrypt biometric data
typedef struct bioapi_encryption_info {
BioAPI_ENCRYPTION_ALG ENCAlg;
BioAPI_KEY_INFO *ENCKeyInfo;
} BioAPI_ENCRYPTION_INFO;

© ISO/IEC 2010 – All rights reserved 7

---------------------- Page: 10 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
7.25ter.2 Definitions
ENCAlg – Encryption algorithm.
ENCKeyInfo – An array of key information for encryption.

2-24) In 7.27, replace NOTE as follows:
NOTE: It may be impossible to mask an INSERT event coming from an attach session of a BSP, because the event may
occur just after a BioAPI_BSPLoad call, before any BioAPI_EnableEvents call has had any chance to be processed.
This is because BioAPI_EnableEvents requires a handle which is provided by BioAPI_BSPAttach/
BioAPI_BSPAttachSecure (BioAPI 2.2 or greater), and BioAPI_BSPAttach/BioAPI_BSPAttachSecure (BioAPI 2.2 or
greater) itself shall follow BioAPI_BSPLoad. An INSERT event will be raised by the BSP on the BioAPI_BSPLoad call if
a BioAPI Unit is already "inserted", and this event will reach the application before the application can call
BioAPI_EnableEvents.

2-25) Replace 7.38 with the following
A unique identifier, returned on BioAPI_BSPAttach/BioAPI_BSPAttachSecure (BioAPI 2.2 or greater), that
identifies an attached BioAPI BSP session.

typedef uint32_t BioAPI_HANDLE;

2-26) Add the following text after 7.38:
7.38bis BioAPI_HASH_ALG (BioAPI 2.2)
Identifies the hash algorithm supported by a BioAPI Unit, which is used in the generation of ACBio instance.
This BioAPI type shall be the XML value notation of ASN.1 identifier (see ISO/IEC 8824-1) assigned to hash
algorithms. Example to specify the SHA-1 hash algorithm, the char would be “1.3.14.3.2.26” which is the XML
value notation for.
typedef char *BioAPI_HASH_ALG;
#define BioAPI_HASH_ALG_NOT_SUPPORTED NULL

2-27) Add the following text after 7.45:
7.45bis BioAPI_KEY_INFO (BioAPI 2.2)
7.45bis.1 Union giving information of cryptographic key of a BioAPI Unit or a biometric application
which is used to encrypt/decrypt biometric data or to generate/validate MAC of BIR.
typedef union bioapi_key_info {
BioAPI_KEY_TRANSPORT KTInfo;
BioAPI_ASN1_ENCODED KEKInfo;
} BioAPI_KEY_INFO;

8 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
7.45bis.2 Definitions
KTInfo – Key information when key management technique of key transport is used
KEKInfo – Key information when key management technique of previously distributed symmetric key-
encryption keys is used
NOTE: For details of key management, see RFC 3852.
7.45ter BioAPI_KEY_TRANSPORT (BioAPI 2.2)
7.45ter.1 Structure giving information of cryptographic key of a BioAPI Unit or a biometric application,
which is used to encrypt/decrypt biometric data or to generate/.validate MAC of BIR, when key management
technique of key transport is used.
typedef struct bioapi_key_transport {
BioAPI_ASN1_ENCODED IssuerAndSerialNumber;
BioAPI_ASN1_ENCODED Certificate;
} BioAPI_KEY_TRANSPROT;
7.45ter.2 Definitions
IssuerAndSerialNumber – ASN.1 encoded data of ASN.1 type IssuerAndSerialNumber which contains
the information of issuer and serial number of the X.509 certificate for the public key.
Certificate – ASN.1 encoded data of ASN.1 type Certificate which contains X.509 certificate of the public
key.
NOTE: For details of the definitions of the types IssuerAndSerialNumber and Certificate, see RFC 3852.
7.45quater BioAPI_MAC_ALG (BioAPI 2.2)
Identifies the MAC algorithm supported by a BioAPI Unit. Example to specify the HMAC algorithm with SHA-1,
the char would be “1.3.6.1.5.5.8.1.2” which is the XML value notation for.
typedef char *BioAPI_MAC_ALG;
#define BioAPI_MAC_ALG_NOT_SUPPORTED NULL

7.45quinquies BioAPI_MAC_INFO (BioAPI 2.2)
7.45quinquies.1 Structure giving information of the MAC algorithm and key(s) of a BioAPI Unit or a
biometric application which is used to generate/validate MAC of BIR
typedef struct bioapi_mac_info {
BioAPI_MAC_ALG MACAlg;
BioAPI_KEY_INFO *MACKeyInfo;
} BioAPI_MAC_INFO;

© ISO/IEC 2010 – All rights reserved 9

---------------------- Page: 12 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
7.45quinquies.2 Definitions
MACAlg – MAC algorithm.
MACKeyInfo – An array of key information for message authentication code.

2-28) In 7.46, add the following masks:
#define BioAPI_PROCESSUSINGAUXBIRS  (0x01000000)
#define BioAPI_VERIFYMATCHUSINGAUXBIRS (0x02000000)
#define BioAPI_DECIDE    (0x04000000)
#define BioAPI_FUSE    (0x08000000)
#define BioAPI_SECURITY   (0x10000000)

2-29) In 7.47, modify the description about BioAPI_PAYLOAD as follows:
If set, the BSP supports payload carry (accepts a payload during BioAPI_Enroll or BioAPI_CreateTemplate
and returns the payload upon successful BioAPI_Verify, BioAPI_VerifyMatch, or
VerifyMatchUsingAuxBIRs (BioAPI 2.2 or greater)).

2-30) In 7.47, modify the description about BioAPI_ADAPTATION as follows:
If set, the BSP supports BIR adaptation in the return parameters of a Verify, VerifyMatch, or
VerifyMatchUsingAuxBIRs (BioAPI 2.2 or greater) operation.

2-31) Add the following text after 7.50:
7.50bis BioAPI_SECURITY_OPTIONS_MASK (BioAPI 2.2)
A mask that indicates what security options are supported by the BioAPI Unit.
typedef uint32_t BioAPI_SECURITY_OPTIONS_MASK;
#define BioAPI_ENCRYPTION (0x00000001)
If set, indicates that the BioAPI Unit supports encryption.
#define BioAPI_MAC (0x00000002)
If set, indicates that the BioAPI Unit supports MAC generation.
#define BioAPI_DIGITAL_SIGNATURE (0x00000004)
If set, indicates that the BioAPI Unit supports digital signature.
#define BioAPI_ACBio_GENERATION_WITH_MAC (0x00000010)
If set, indicates that the BioAPI Unit supports ACBio generation using MAC.
#define BioAPI_ACBio_GENERATION_WITH_DIGITAL_SIGNATURE (0x00000020)
If set, indicates that the BioAPI Unit supports ACBio generation using digital signature.
10 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 13 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
7.50ter BioAPI_SECURITY_PROFILE (BioAPI 2.2)
7.50ter.1 Structure giving information of the cryptographic algorithms and keys of a BioAPI Unit or a
biometric application which is used to encrypt/decrypt biometric data or to generate/validate the MAC or digital
signature of the BIR and also giving the information of the hash algorithm, the information about the MAC
generation, and the digital signature used in ACBio generation. When this structure is used in the structure of
BioAPI_UNIT_SCHEMA (BioAPI 2.2) as the output parameter of BioAPI_QueryUnits, the parameters in this
structure indicate the information supported in the BioAPI Unit. On the other hand, when this structure is used
as the parameter of BioAPI_BSPAttachSecure, the parameters in this structure indicates the information
which is to be used in the execution of security operations.
typedef struct bioapi_security_profile {
BioAPI_SECURITY_OPTIONS_MASK SupportedSecOption;
BioAPI_ENCRYPTION_INFO **ENCInfo;
BioAPI_MAC_INFO **MACInfo;
BioAPI_DIGITAL_SIGNATURE_ALG *SIGNAlg;
BioAPI_OPERATIONS_MASK ACBioOption;
BioAPI_HASH_ALG **HASHAlgForACBio;
BioAPI_MAC_INFO **MACInfoForACBio;
BioAPI_DIGITAL_SIGNATURE_ALG *SIGNAlgForACBio;
} BioAPI_SECURITY_PROFILE;
7.50ter.2 Definitions
SupportedSecOption – A mask which indicates which security options are supported or to be executed by the
BSP Unit.
ENCInfo – Encryption information used in the encryption of the BDB.
MACInfo – MAC information used to keep the integrity of the BIR.
SIGNAlg – Digital signature algorithm used to keep the integrity of the BIR.
ACBioOption – A mask which indicates which security options of MAC or digital signature are supported or to
be executed by the BSP Unit.
HASHAlgForACBio – Hash algorithm used to generate ACBio instances.
MACInfoForACBio – MAC information used to generate ACBio instances.
SIGNAlgForACBio – Digital signature algorithm used to generate ACBio instances.
7.50quater BioAPI_DIGITAL_SIGNATURE_ALG (BioAPI 2.2)
Identifies the digital signature algorithm supported by a BioAPI Unit. This BioAPI type shall be the XML value
notation of ASN.1 identifier (see ISO/IEC 8824-1) assigned to digital signature algorithms. Example to specify
the digital signature algorithm using SHA1 with RSA according to ISO/IEC 9796-2, the char would be
“1.3.36.3.4.3.2.1” which is the XML value notation for.

© ISO/IEC 2010 – All rights reserved 11

---------------------- Page: 14 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
typedef char *BioAPI_DIGITAL_SIGNATURE_ALG;
#define BioAPI_DIGITAL_SIGNATURE_ALG_NOT_SUPPORTED NULL

2-32) Add the following text after 7.55:
7.55bis BioAPI_UNIT_SCHEMA (BioAPI 2.2)
7.55bis.1 A BioAPI Unit schema indicates the specific characteristics of the BioAPI Unit.
typedef struct bioapi_unit_schema {
 BioAPI_UUID BSPUuid;
 BioAPI_UUID UnitManagerUuid;
 BioAPI_UNIT_ID UnitId;
 BioAPI_CATEGORY UnitCategory;
 BioAPI_UUID UnitProperties;
 BioAPI_STRING VendorInformation;
 uint32_t SupportedEvents;
 BioAPI_UUID UnitPropertyID;
 BioAPI_DATA UnitProperty;
 BioAPI_STRING HardwareVersion;
 BioAPI_STRING FirmwareVersion;
 BioAPI_STRING SoftwareVersion;
 BioAPI_STRING HardwareSerialNumber;
 BioAPI_BOOL AuthenticatedHardware;
uint32_t MaxBSPDbSize;
 uint32_t MaxIdentify;
 BioAPI_SECURITY_PROFILE *SecurityProfile;
} BioAPI_UNIT_SCHEMA;
NOTE: The BioAPI Unit Schema is used as a function parameter (by BioAPI_QueryUnits and
BioAPI_EventHandler), but is not stored in the component registry.
7.55bis.2 Definitions
BSPUuid – UUID of the BSP supporting this BioAPI Unit.
UnitManagerUuid – UUID of the software component directly managing the BioAPI Unit (may be either
the BSP itself or a BFP).
UnitId – ID of the BioAPI Unit during this attach session. This will be created by the BSP uniquely.
UnitCategory – Defines the category of the BioAPI Unit.
UnitProperties – UUID indicating a set of properties of the BioAPI Unit. The indicated set can either be
specified by each vendor or follow a related standard.
VendorInformation – Contains vendor proprietary information.
SupportedEvents – A mask indicating which types of events are supported by the hardware.
UnitPropertyID – UUID of the format of the following Unit property structure.
UnitProperty – Address and length of a memory buffer containing the Unit property describing the BioAPI
Unit. The format and content of the Unit property can either be specified by the vendor or be specified in a
related standard.
HardwareVersion – A NUL-terminated string containing the version of the hardware. Empty if not
available.
FirmwareVersion – A NUL-terminated string containing the version of the firmware. Empty if not available.
12 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 15 ----------------------
ISO/IEC 19784-1:2006/Amd.3:2010(E)
SoftwareVersion – A NUL-terminated string containing the version of the software. Empty if not available.
HardwareSerialNumber – A NUL-terminated string containing the vendor defined unique serial number of
the hardware component. Empty if not available.
AuthenticatedHardware – A boolean value that indicates whether the hardware component has been
authenticated.
MaxBSPDbSize – Maximum size databas
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 19785-3:2020(Main)
Information technology — Common Biometric Exchange Formats Framework — Part 3: Patron format specifications

This document specifies and publishes registered Common Biometric Exchange Formats Framework (CBEFF) patron formats defined by the CBEFF patron ISO/IEC JTC 1/SC 37, and specifies their registered CBEFF patron format types (see ISO/IEC 19785-1) and resulting full ASN.1 OIDs.

  • Standard
    151 pages
    English language
    sale 15% off
  • Draft
    151 pages
    English language
    sale 15% off
ISO
ISO/IEC 24779-5:2020(Main)
Information technology — Cross-jurisdictional and societal aspects of implementation of biometric technologies — Pictograms, icons and symbols for use with biometric systems — Part 5: Face applications

The ISO/IEC 24779 series of standards focuses on communication with the data capture subject. This document contains a set of pictograms, icons and symbols to help the general public understand the concepts and procedures for using electronic systems that collect and/or evaluate facial images. Operators can use this document, with the possibility of using additional symbols and information. This set of pictograms, icons and symbols is designed to be used to: — identify the type of biometric sensor; — provide supporting instructions related to facial image collection. To provide this functionality, the set of pictograms, icons and symbols includes both directional pictograms, icons and symbols and action or feedback pictograms, icons and symbols. The facial image pictograms, icons and symbols include: — facial image capture; — single person; — no hat; — no sunglasses; — neutral expression; — hair up; — view direction. Although the pictograms, icons and symbols are presented individually, the pictograms, icons and symbols are intended to be combined to fully illustrate the facial image capture interaction. For example, in a customs or immigration environment, procedures constructed from the individual pictograms, icons and symbols could be presented as: — a series of posters while passengers are in the queue; — a series of transitional frames in a biometric booth; — an animated video or series of transitional frames while passengers are in the queue; — instructional leaflets for passengers to read in the queue.

  • Standard
    7 pages
    English language
    sale 15% off
ISO
ISO/IEC 30137-1:2019(Main)
Information technology — Use of biometrics in video surveillance systems — Part 1: System design and specification

The ISO 30137 series is applicable to the use of biometrics in VSS (also known as Closed Circuit Television or CCTV systems) for a number of scenarios, including real-time operation against watchlists and in post event analysis of video data. In most cases, the biometric mode of choice will be face recognition, but this document also provides guidance for other modalities such as gait recognition. This document: — defines the key terms for use in the specification of biometric technologies in a VSS, including metrics for defining performance; — provides guidance on selection of camera types, placement of cameras, image specification etc. for the operation of a biometric recognition capability in conjunction with a VSS; — provides guidance on the composition of the gallery (or watchlist) against which facial images from the VSS are compared, including the selection of appropriate images of sufficient quality, and the size of the gallery in relation to performance requirements; — makes recommendations on data formats for facial images and other relevant information (including metadata) obtained from video footage, used in watchlist images, or from observations made by human operators; — establishes general principles for supporting the operator of the VSS, including user interfaces and processes to ensure efficient and effective operation, and highlights the need to have suitably trained personnel; — highlights the need for robust governance processes to provide assurance that the implemented security, privacy and personal data protection measures specific to the use of biometric technologies with a VSS (e.g. internationally recognizable signage) are fit for purpose, and that societal considerations are reflected in the deployed system. This document also provides information on related recognition and detection tasks in a VSS such as: — estimation of crowd densities; — determining patterns of movement of individuals; — identification of individuals appearing in more than one camera; — use of other biometric modalities such as gait or iris; — use of specialized software to infer attributes of individuals, e.g. estimation of gender and age; — interfaces to other related functionality, e.g. video analytics to measure queue lengths or to alert for abandoned baggage.

  • Standard
    46 pages
    English language
    sale 15% off
ISO
ISO/IEC 30106-1:2016/Amd 1:2019(Amendment)
Information technology — Object oriented BioAPI — Part 1: Architecture — Amendment 1: Additional specifications and conformance statements
  • Standard
    17 pages
    English language
    sale 15% off
ISO
ISO/IEC 20027:2018(Main)
Information technology — Guidelines for slap tenprint fingerprintture

This document provides guidelines to follow during the acquisition process of slap tenprints in order to obtain fingerprints of the best quality possible within acceptable time constraints. Non-cooperative users are out of the scope of this document. When using ten-fingerprint sensors, it is fundamental to know how to use them and how to proceed with the acquisition. This document describes how to capture fingerprints correctly by specifying best practices for slap tenprint captures. It gives recommendations on the following topics: 1) hardware of the fingerprint sensor and its deployment; 2) user guidance; 3) enrolment process including a sample workflow; 4) application software for developers and system integrators; 5) processing, compression and coding of the acquired fingerprint images; 6) operational issues and data logging; 7) evaluation of a solution and its components. Although this document primarily focuses on reaching optimal data quality for enrolment purposes, the recommendations given here are applicable for other purposes. All processes which rely on good quality tenprint slaps can take advantage of the best practices.

  • Standard
    16 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 29196:2018(Main)
Information technology — Guidance for biometric enrolment

This document consolidates information relating to successful, secure and usable implementation of biometric enrolment processes, while indicating risk factors that organisations proposing to use biometric technologies will should address during procurement, design, deployment and operation. Much of the information is generic to many types of application, e.g. from national scale commercial and government applications, to closed systems for in-house operations, and to consumer applications. However, the intended application and its purpose often have influence on the necessary enrolment data quality and are intended to be taken into account when specifying an enrolment system and process. The document points out the differences in operation relating to specific types of application, e.g. where self-enrolment is more appropriate than attended operation. This document focuses on mandatory, attended enrolment at fixed locations. In summary, this document consolidates information relating to better practice implementation of biometric enrolment capability in various business contexts including considerations of process, function (system), and technology, as well as legal/privacy and policy aspects. The document provides guidance on collection and storage of biometric enrolment data and the impact on dependent processes of verification and identification. This document does not include material specific to forensic and law enforcement applications. This document does not contain any mandatory requirements. The following terms are used in this document to provide guidance. The terms "should" and "should not" indicate that among several possibilities one is recommended as particularly suitable, without mentioning or excluding others, or that a certain course of action is preferred but not necessarily required, or that (in the negative form) a certain possibility or course of action is discouraged but not prohibited. The term "may" indicates a course of action permissible within the limits of the publication. The terms "can" and "cannot" indicate a possibility and capability, whether material, physical or causal.

  • Technical report
    55 pages
    English language
    sale 15% off
ISO
ISO/IEC 19784-1:2018(Main)
Information technology — Biometric application programming interface — Part 1: BioAPI specification

ISO/IEC 19784-1:2018 defines the Application Programming Interface (API) and Service Provider Interface (SPI) for standard interfaces within a biometric system that support the provision of that biometric system using components from multiple vendors. It provides interworking between such components through adherence to this and to other International Standards. For use in a system that does not include a BioAPI Framework (called a framework-free BioAPI system), only the SPI interface is applicable, with applications interfacing directly to that in a platform-specific manner. NOTE 1 Many clauses and/or sub-clauses of this document are not applicable for implementation of a framework-free BioAPI system. These are identified at the head of the clause of sub-clause. The BioAPI specification is applicable to a broad range of biometric technology types. It is also applicable to a wide variety of biometrically enabled applications, from personal devices, through network security applications, to large complex identification systems. ISO/IEC 19784-1:2018 supports an architecture in which a BioAPI Framework supports multiple simultaneous biometric applications (provided by different vendors), using multiple dynamically installed and loaded (or unloaded) Biometric Service Provider (BSP) components and BioAPI Units (provided by other different vendors), possibly using one of an alternative set of BioAPI Function Provider (BFP) components (provided by other vendors) or by direct management of BioAPI Units. NOTE 2 Where BioAPI Units are provided by a different vendor fom a BSP, a standardised BioAPI Function Provider Interface (FPI) may be needed. This is outside the scope of this document, but is specified by later parts for the different categories of FPI. NOTE 3 Where a BioAPI Framework is not used in a system, the ability to support multiple applications and multiple BSPs is platform-dependent and depends on the nature of the system-integration techniques employed. ISO/IEC 19784-1:2018 is not required (and should normally not be referenced) when a complete biometric system is being procured from a single vendor, particularly if the addition or interchange of biometric hardware, services, or applications is not a feature of that biometric system. (Such systems are sometimes referred to as "embedded systems".) Standardisation of such systems is not in the scope of this document. ISO/IEC 19784-1:2018 does not define security requirements for biometric applications and biometric service providers. NOTE 4 ISO 19092 provides guidelines on security aspects of biometric systems[3]. The performance of biometric systems (particularly in relation to searches of a large population to provide the biometric identification capability) is not in the scope of this document. Trade-offs between interoperability and performance are not in the scope of this document. ISO/IEC 19784-1:2018 specifies a version of the BioAPI specification that is defined to have a version number described as Major 2, Minor 0, or version 2.0. It also specifies a version number described as Major 2, Minor 1, or version 2.1 that provides an enhanced Graphical User Interface. It also specifies a version number described as Major 2, Minor 2, or version 2.2 that provides features supporting fusion and security. Some clauses and sub-clauses apply only to one of these versions, some to two or more. This is identified at the head of the relevant clauses and sub-clauses. NOTE 5 Earlier versions of the BioAPI specification were not International Standards. NOTE 6 The differences between the requirements of the 2.0 specification and the 2.1 specification for framework-free operation relate only to the biometric type values and encodings. Conformance requirements are specified in Clause 5.

  • Standard
    234 pages
    English language
    sale 15% off
ISO
ISO/IEC 30136:2018(Main)
Information technology — Performance testing of biometric template protection schemes

ISO/IEC 30136:2018 supports evaluation of the accuracy, secrecy, and privacy of biometric template protection schemes. It establishes definitions, terminology, and metrics for stating the performance of such schemes. Particularly, this document establishes requirements for the measurement and reporting of: - theoretical and empirical accuracy of biometric template protection schemes, - theoretical and empirical probability of a successful attack on biometric template protection schemes (single or multiple), and - the information leaked about the original biometric when one or more biometric template protection schemes are compromised. ISO/IEC 30136:2018 also gives guidance on measuring and reporting diversity and unlinkability of templates. ISO/IEC 30136:2018 does not: - establish template protection schemes; - address testing of traditional encryption schemes.

  • Standard
    23 pages
    English language
    sale 15% off
ISO
ISO/IEC 19794-13:2018(Main)
Information technology — Biometric data interchange formats — Part 13: Voice data

ISO/IEC 19794-13:2018 specifies a data interchange format that can be used for storing, recording, and transmitting digitized acoustic human voice data (speech) assumed to be from a single speaker recorded in a single session. This format is designed specifically to support a wide variety of Speaker Identification and Verification (SIV) applications, both text-dependent and text-independent, with minimal assumptions made regarding the voice data capture conditions or the collection environment. Other uses for the data encapsulated in this format, such as automated speech recognition (ASR), may be possible, but are not addressed in this documnet. This document also does not address handling of data that has been processed to the feature or voice model levels. No application-specific requirements, equipment, or features are addressed in this document. This document supports the optional inclusion of non-standardized extended data. This document allows both the original data captured and digitally-processed (enhanced) voice data to be exchanged. A description of any processing of the original source input is intended to be included in the metadata associated with the voice representations (VRs). This document does not address data streaming. Provisions that stored and transmitted biometric data be time-stamped and that cryptographic techniques be used to protect their authenticity, integrity and confidentiality are out of the scope of this document. Information formatted in accordance with this document can be recorded on machine-readable media or can be transmitted by data communication between systems. A general content-oriented subclause describing the voice data interchange format is followed by a subclause addressing an XML schema definition. ISO/IEC 19794-13:2018 includes vocabulary in common use by the speech and speaker recognition community, as well as terminology from other ISO standards.

  • Standard
    26 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 24741:2018(Main)
Information technology — Biometrics — Overview and application

ISO/IEC TR 24741:2018 describes the history of biometrics and what biometrics does, the various biometric technologies in general use today (for example, fingerprint recognition and face recognition) and the architecture of the systems and the system processes that allow automated recognition using those technologies. It also provides information about the application of biometrics in various business domains such as border management, law enforcement and driver licensing, the societal and jurisdiction considerations that are typically taken into account in biometric systems, and the international standards that underpin their use.

  • Technical report
    33 pages
    English language
    sale 15% off