Information technology -- Guide to on-card biometric comparison standards and applications

ISO/IEC TR 30117:2014 summarizes how the international standards, recommendations and technical reports dealing with identification cards, biometrics and/or information security relate to each other with regard to the joint use of biometrics and integrated circuit cards. It also provides further recommendations and policies needed by developers to integrate applications related to on-card biometric comparison.

Technologies de l'information -- Guide des normes et applications de comparaison biométrique sur carte

General Information

Status
Replaced
Publication Date
12-Mar-2014
Withdrawal Date
12-Mar-2014
Current Stage
9599 - Withdrawal of International Standard
Completion Date
13-Mar-2014
Ref Project

RELATIONS

Buy Standard

Technical report
ISO/IEC TR 30117:2014 - Information technology -- Guide to on-card biometric comparison standards and applications
English language
13 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

TECHNICAL ISO/IEC
REPORT TR
30117
First edition
2014-03-15
Information technology — Guide
to on-card biometric comparison
standards and applications
Technologies de l’information — Guide des normes et applications de
comparaison biométrique sur carte
Reference number
ISO/IEC TR 30117:2014(E)
ISO/IEC 2014
---------------------- Page: 1 ----------------------
ISO/IEC TR 30117:2014(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2014

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form

or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior

written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of

the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2014 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TR 30117:2014(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Terms and definitions ..................................................................................................................................................................................... 1

3 Symbols and abbreviated terms ........................................................................................................................................................... 3

4 Relationships between biometrics and ICCs ........................................................................................................................... 3

5 Data Formats............................................................................................................................................................................................................. 5

6 Security mechanisms ....................................................................................................................................................................................... 6

7 Application development ............................................................................................................................................................................ 7

8 Application profiles ........................................................................................................................................................................................... 8

9 Technology evaluation .................................................................................................................................................................................... 8

10 Implementing on-card biometric comparison solutions ........................................................................................... 9

10.1 Spanish National ID Card (DNIe) ............................................................................................................................................. 9

Bibliography .............................................................................................................................................................................................................................12

© ISO/IEC 2014 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC TR 30117:2014(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are

members of ISO or IEC participate in the development of International Standards through technical

committees established by the respective organization to deal with particular fields of technical

activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international

organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the

work. In the field of information technology, ISO and IEC have established a joint technical committee,

ISO/IEC JTC 1.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for

the different types of document should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.

Details of any patent rights identified during the development of the document will be in the Introduction

and/or on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the meaning of ISO specific terms and expressions related to conformity

assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers

to Trade (TBT) see the following URL: Foreword - Supplementary information

The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 17, Cards and

personal identification.
iv © ISO/IEC 2014 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC TR 30117:2014(E)
Introduction

There are a large number of applications where the need of implementing jointly integrated circuit

cards – ICC (i.e. smart cards) and biometrics can arise. In those cases, system designers and integrators

have to be aware of the whole range of international standards and technical reports that may be

applicable. All these potential reference documents have been developed by different standardization

bodies and different subcommittees. For example, those standards dealing with ICCs are defined

within ISO/IEC JTC 1/SC 17, while those dealing with biometrics are developed in ISO/IEC JTC 1/SC 37.

Furthermore, when security aspects are to be considered, the works in ISO/IEC JTC 1/SC 27 have to be

referenced.

In this context, the system designer and developer have in their hands a large number of documents, and

on some occasions little information about which of them are really applicable to the application to be

developed, and which alternatives can be faced.

This Technical Report provides a guide to those developers by enumerating and referring to those

published standards and reports, relating them to the kind of application to be developed. When

referring to different applications, these will be classified attending to the authentication needs of the

application, not to the final sector where the application is to be deployed.

Interactions among standards cover different implementation levels, from data formats to be used to

the application profiles, including application programming interfaces (APIs) and security mechanisms.

This Technical Report places special emphasis on providing recommendations and policies needed by

developers to integrate applications related to on-card biometric comparison.
The structure of this Technical Report is as follows.

— Clause 4 provides a first overview to the different decisions that have to be taken when developing

an application that may involve the use of ICCs and biometrics.

— Clauses 5 to 9 provide an overview to the different International Standards and Technical Reports

that may be applicable to the application to be developed.

— Clause 10 will provide examples of implementations that may be used by application designers and

developers as guidelines.
© ISO/IEC 2014 – All rights reserved v
---------------------- Page: 5 ----------------------
TECHNICAL REPORT ISO/IEC TR 30117:2014(E)
Information technology — Guide to on-card biometric
comparison standards and applications
1 Scope

This Technical Report summarizes how the international standards, recommendations and technical

reports dealing with identification cards, biometrics and/or information security relate to each

other with regard to the joint use of biometrics and integrated circuit cards. It also provides further

recommendations and policies needed by developers to integrate applications related to on-card

biometric comparison.
2 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
2.1
biometric probe
biometric query

biometric sample or biometric feature set input to an algorithm for use as the subject of biometric

comparison to a biometric reference(s)

Note 1 to entry: The term comparison refers to comparison in the biometric sense.

Note 2 to entry: The subject/object labelling in a comparison might be arbitrary. In some comparisons a biometric

reference might be used as the subject of the comparison with other biometric references or incoming samples

used as the objects of the comparisons. For example, in a duplicate enrolment check a biometric reference will be

used as the subject for comparison against all other biometric references in the database.

Note 3 to entry: Typically in a biometric comparison process, incoming biometric samples serve as the subject of

comparison against objects stored as biometric references in a database.
[SOURCE: ISO/IEC 2382-37:2012]

Note 4 to entry: In the scope of ISO/IEC 7816-11, these two terms are used under the more generalized term of

“biometric verification data”.
2.2
biometric reference

one or more stored biometric samples, biometric templates or biometric models attributed to a biometric

data subject and used as the object of biometric comparison

EXAMPLE Face image stored digitally on a passport; Fingerprint minutiae template on a National ID card;

Gaussian Mixture Model for speaker recognition, in a database.

Note 1 to entry: A biometric reference may be created with implicit or explicit use of auxiliary data, such as

Universal Background Models.

Note 2 to entry: The subject/object labelling in a comparison might be arbitrary. In some comparisons a biometric

reference might be used as the subject of the comparison with other biometric references or incoming samples

used as the objects of the comparisons. For example, in a duplicate enrolment check a biometric reference will be

used as the subject for comparison against all other biometric references in the database.

[SOURCE: ISO/IEC 2382-37:2012]

Note 3 to entry: In the scope of ISO/IEC 7816-11, this term is used under the more generalized term of “biometric

reference data”.
© ISO/IEC 2014 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO/IEC TR 30117:2014(E)
2.3
biometric feature
numbers or labels extracted from biometric samples and used for comparison

Note 1 to entry: Biometric features are the output of a completed biometric feature extraction.

Note 2 to entry: The use of this term should be consistent with its use by the pattern recognition and mathematics

communities.

Note 3 to entry: A biometric feature set can also be considered a processed biometric sample.

Note 4 to entry: Biometric features may be extracted from an intermediate biometric sample.

Note 5 to entry: Filters applied to biometric samples are not themselves biometric features, however the output of

the filter applied to these samples may be. Therefore, for example, eigenfaces are not biometric

[SOURCE: ISO/IEC 2382-37:2012]
2.4
biometric sample

analog or digital representation of biometric characteristics prior to biometric feature extraction

EXAMPLE A record containing the image of a finger is a biometric sample.
[SOURCE: ISO/IEC 2382-37:2012]
2.5
biometric template
set of stored biometric features comparable directly to probe biometric features

Note 1 to entry: In the scope of ISO/IEC 7816, the term template has a completely different meaning, being in that

case the “value field of a constructed data object”, no matter if the data object relates to biometrics or not.

2.6
intermediate biometric sample/probe
biometric sample/probe resulting from intermediate biometric sample processing

EXAMPLE Biometric samples that have been cropped, down-sampled, compressed or enhanced are examples

of intermediate biometric samples.
[SOURCE: ISO/IEC 2382-37:2012]
2.7
intermediate biometric sample processing
any manipulation of a biometric sample that does not produce biometric features

EXAMPLE Examples of intermediate biometric sample processing include cropping, down-sampling,

compression, conversion to data interchange formats standard and image enhancement.

[SOURCE: ISO/IEC 2382-37:2012]
2.8
processed sample/probe

biometric sample/probe resulting from biometric sample processing that is ready to be used for storage

as a biometric reference, or to be compared with a previous biometric reference

EXAMPLE Fingerprint minutiae or iris codes are examples of processed biometric samples.

2.9
captured biometric sample
raw biometric sample (deprecated)
biometric sample resulting from a biometric capture process
[SOURCE: ISO/IEC 2382-37:2012]
2 © ISO/IEC 2014 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/IEC TR 30117:2014(E)
3 Symbols and abbreviated terms
API Application Program Interface
BIR Biometric Information Record
CBEFF Common Biometric Exchange Format Framework
ICC Integrated Circuit Card
IFD Interface Device
SB Security Block, as defined in CBEFF standard ISO/IEC 19785-1
COS Card Operating System
4 Relationships between biometrics and ICCs
[16]

ISO/IEC 24787 provides a comprehensive introduction to the different ways that biometrics and ICCs

can be integrated into a final application. This is summarized as follows as to provide a brief introduction

to the reader of this Technical Report. When integrating biometrics into ICCs, four different approaches

can be followed:

— Store on card: In this case, the ICC is used to store the biometric reference. The application will read

from the ICC the biometric reference, as needed, and execute all the authentication process within

the IFD or rest of the system. The COS has no extra control on the biometric data, apart from using

the same kind of mechanisms that when storing any other kind of data into the ICC.

— On-card biometric comparison: In this approach the ICC not only stores the biometric reference,

but also performs the biometric comparison inside the card, once an external biometric probe has

been received by the ICC. With this approach, the COS can use the same control with the biometric

reference, as with those administrative keys stored in the card (e.g. not allowing the reading of

the biometric reference, controlling the number of consecutive unsuccessful comparisons carried

out, blocking the authentication mechanism if a certain number of consecutive unsuccessful

comparisons is reached, etc.). Also the COS can control de access to other information in the card, or

commands within the card, considering the result of a previous on-card biometric comparison. In

this technology the biometric probe is usually considered to be a biometric feature set, instead of a

raw sample.

— Work-sharing mechanism for on-card biometric comparison: the previous approach may not be

able to be fully integrated into the ICC due to several reasons, being the most frequent, the lack

of processing capabilities of the ICC. In such a case, it might be possible that part of the process

is executed in the IFD or system, and the results transmitted to the ICC to end the comparison

process. Although this is initially defined for sharing the work on the comparison algorithm, this

same schema can be used for the pre-processing and the feature extraction phases of the biometric

process. In the former case, the biometric probe to be sent to the card is to be a biometric feature

set, while in the latter case the biometric probe can be a raw sample, an intermediate sample or a

processed sample.

— System-on-Card: this approach is based on the inclusion of all the steps of the biometric process

within the ICC, including the sample acquisition, i.e. the sensor is embedded into the ICC. Due to this

definition, only certain modalities can be considered with the technology existing nowadays, being

restricted to those where the sensor is small and flexible as to allow the ICC to pass the physical

and mechanical test methods defined in ISO/IEC 10373-1. If the physical restrictions are removed

and other kind of embodiments are selected (keeping conformance to the rest of applicable ICC

standards), then the number of biometric modalities can be increased.

With these initial concepts, the application designer or developer is to take several decisions as to define

the whole system and the relationship to be established between biometrics and ICCs. The following

© ISO/IEC 2014 – All rights reserved 3
---------------------- Page: 8 ----------------------
ISO/IEC TR 30117:2014(E)

decision tree is provided for illustration purposes, where the subsequent clauses in this Technical

Report are referenced.

a) Is the system going to be implementing an authentication scheme (i.e. the user claims his/her

identity and the comparison is only made between the sample provided and the biometric reference

of the claimed user), or an identification scheme (i.e. the biometric sample is to be compared to the

whole database of users enrolled)?

1) If an identification scheme is used, then there is no need to a further relationship between

biometrics and ICCs, and in such case this Technical Report is not applicable.

b) Is the system considering the use of a centralized database, or is it going to be implemented in a

distributed way?

1) If a centralized database is going to be used and such database is going to be contacted at

every single authentication attempt, then the need of further relationship between biometric

information and ICC is not needed. Therefore this Technical Report is not applicable. The ICC

will act only as a mean to claim the user identity.
c) Is there an initial requirement of the biometric modality to be used?

1) With an initial requirement, a set of further decisions may be already taken, such as the

possibility of using on-card biometric comparison, work-sharing or system-on-card.

2) If there is no initial requirement the decision on the modality can be taken as any other

requirements are satisfied.

3) Once the modality is chosen, then the interoperable data formats have to be checked (see

Clause 5)
d) Which are the initial cost requirements?

1) If there is the requirement of using low cost ICCs, then alternatives such as on-card biometric

comparison, work-sharing or system-on-card can be compromised.

2) Furthermore if storage capacity is impacting the ICC cost, then the number of references to be

stored on the card, or the modalities to be used can be limited and/or the use of compact data

formats may become a major requirement (see Clause 5).
e) Which are the needs for interoperability?

1) If there is no need, then the designer may decide to create his/her own solution without

following any standard. Therefore this Technical Report may not be applicable. This option in

not recommended as the need for interoperability may arise at any time during the project, or

when applying the development done for the current project to future ones.

2) If interoperability is required for exchanging data, then refer to Clause 5. As it will be seen, it

may happen that for reaching global interoperability, being independent on the algorithm to be

used, the use or raw sample data formats may become the only viable solution.

3) If interoperability is required to have multiple technological providers, then not only

data interoperability is requested, but also interoperability at API level and from security

mechanisms. See Clauses 6 and 7.

4) The use of more complex products, such as on-card biometric comparison ones or System-

on-Card, contributes to reach interoperability, as there is only the need to focus on data

interoperability (and may be security mechanisms), avoiding all technological differences

coming from technological solutions at algorithm level.

f) In many parts of the world, biometric data are considered as personal data, and therefore are to be

protected, as to ensure citizen’s privacy. Depending on the environment where the application is

4 © ISO/IEC 2014 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC TR 30117:2014(E)

going to be deployed, the use of security mechanisms becomes a major requirement. See Clause 6

for the works already done in this area.

g) The most typical scenario for designing and developing a new project involving ICCs and biometrics,

is integrating technological modules from several providers. Furthermore, many project designers

require more than one provider for each technological module to be integrated. In this kind of

scenarios, standardized APIs are to be used to ease integration. Clause 7 provides further details.

h) For certain applications there is the need of following already defined specifications. Clause 8 will

describe the current available specifications.

i) Last but not least, either to select the technological modules to be integrated, or to provide final

results to the end user about the behaviour of the whole project, evaluation methodology is required.

Clause 9 will describe the evaluation-related standards related to ICC, biometrics and security.

In addition to all this information, Clause 9 provide guidance for implementing on-card biometric

[16]
comparison solutions, based, or not, on ISO/IEC 24787.
5 Data Formats

ICC related standards do not provide serious constraints about the format of the data to be exchanged

and/or stored. As long as these data are encapsulated within the ICC protocol and COS specification

[2] [3] [4] [5]

(i.e. following ISO/IEC 7816-4 , ISO/IEC 7816-6 , ISO/IEC 7816-8 and ISO/IEC 7816-9 , and the

manufacturer’s restriction to the COS implemented in the ICC), the only standards to be considered for

data formats are the ones related to biometrics.
[11]

ISO/IEC 19794 series of International Standards provide interoperable ways to code biometric data,

depending on the modality. This multipart standard provides a framework to be applied to all parts,

some data formats for raw sample data (e.g. sample images), and some others for processed sample

data (e.g. fingerprint minutiae). This family of standards have currently two different generations

defined, that are both still accepted. The first generation of standards is the one published in 2005–2007,

and it has been requested to be kept available by ISO/IEC to keep compliance with the standards of

some world-wide applications, such as the ePassport. But for new project it is recommended that the

second generation of these standards is followed. This generation is composed of those standards being

published in 2011 and beyond this date.
[11]

The second generation of ISO/IEC 19794 is a multipart standard with the following structure:

— Part 1 provides a general framework to be applied to all the other parts. It defines the general

structure for the biometric records and the common elements of such structure. It tells that each

biometric information record (BIR) is to be composed of a general header that introduces the

information to be followed, and one or more representations (i.e. biometric samples), which are

structured into a representation header and the representation data. Part 1 defines those common

elements of each of the headers. This is defined for both, a binary coding and an XML coding. In

addition to this, it also defines the framework for the conformance testing of those BIRs defined

within this family of standards.

— Part 2-n provide the information about those extra elements to be added to the different headers,

plus the way the representation data are to be coded. This is done for each of the modalities defined.

[11]

Up to date, the ISO/IEC 19794 series of standards defined the following modalities:

— Part 2: finger minutiae
— Part 4: finger image
— Part 5: face image
— Part 6: iris image
— Part 7: handwritten signature time series
© ISO/IEC 2014 – All rights reserved 5
---------------------- Page: 10 ----------------------
ISO/IEC TR 30117:2014(E)
— Part 8: finger skeletal data
— Part 9: vascular image
— Part 11: handwritten signature processed data
— Part 13: voice data
— Part 14: DNA data

For some of these modalities, more than one format is defined, including a compact representation, also

known as card format. Such card format is intended to reduce storage and communication needs for

certain applications, such as the ones of on-card biometric comparison. The main idea behind those

card formats is to reduce the size by removing many of the fields at the general header or representation

header. This is possible because if a data record is transmitted to an ICC, then its application contour

conditions are fixed and many of those fields are not needed.
[11]

In addition to record and card formats, there is also, within the 2nd generation of ISO/IEC 19794

standards, a new set of amendments is being defined for allowing a XML coding of the information.

Currently most of the parts are defining XML coding, and even there are two parts (ISO/IEC 19794-13

and ISO/IEC 19794-14) that have been initially specified in XML.
[11]

In addition to the data formats defined in ISO/IEC 19794, which are defined as to include the

information from a single user and a single modality, ISO/IEC JTC1 SC37 has also defined a meta-

[9]
structure called CBEFF (i.e. ISO/IEC 19785 series of standards), that allows:
— the coding of biometric information from more than a single user;
— the coding of biometric information from more than one modality; and

— protecting biometric data by using security mechanisms that may cipher and authenticate the data

included into the record.
A CBEFF record is composed of a
— header that introduces to the information embedded into the record;
[11]
— the biometric data, which can be a BIR as defined in ISO/IEC 19794 ; and

— an optional security block (SB) that embeds that data needed for protecting the biometric

information.

CBEFF also allows the existence a hierarchical approach that is able to embed multiple simple CBEFF

records in what is called as a complex CBEFF record.

The way that CBEFF records can be coded can change from one architecture to another. This is why

ISO/IEC 19785-3 defines several ways to code CBEFF records in what is called as patron formats. These

patron formats for binary coding, with different system word lengths, XML coding or ASN.1 coding. One

of the binary coding is defined as to be the best suitable option for ICCs, especially when using on-card

biometric comparison approaches.
[6]

ISO/IEC 7816-11 defines how to use biometric information in ICCs, by defining a Biometric Information

Template frame (see Clause 5 and Annex C of ISO/IEC 7816-11). The coding inside the frame is defined in

Clause 11 of ISO/IEC 19785-3, .
6 Security mechanisms

Biometric data are considered in many scenarios as personal data, and protection of such data is required.

[9]

As already mentioned, CBEFF (i.e. ISO/IEC 19785 ) defines a security block (SB) to hold information

for protecting the biometric data (e.g. cryptograms that will provide integrity and authentication

mechanisms). But in order to reach interoperability the international standards and reports defined

6 © ISO/IEC 2014 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/IEC TR 30117:2014(E)

within ISO/IEC JTC1/SC27 have to be considered. SC27 covers the security and privacy in all Information

Technology fields, but related to biometrics, the major works carried out are:

— Dealing with application design and security and privacy scenarios the following works are initiated,

which will be further referenced in Clause 8:
[17]
— ISO/IEC 29100 on Privacy Framework
[18]
— ISO/IEC 29101 on the Privacy Reference Architecture
[20]
— ISO/IEC 29146 on A Framework for Access Management
— ISO/IEC 24760 on A Framework for Identity Management
[19]
— ISO/IEC 29115 on Entity Authentication Assurance Framework
[24]
— ISO/IEC 29191 on Requirements on Relative Anonymity with Identity Escrow
[23]
— ISO/IEC 29190 on Privacy Capability Maturity Model
[10]

— ISO/IEC 19792 on Security Evaluation of Biometrics, to be referenced in Clause 9.

[15]

— ISO/IEC 24761 on Access Conditions for Biometrics (ACBio). This International Standard specifies

the way that security mechanisms are to be used, and how information is to be coded into the SB.

[13]

— ISO/IEC 24745 on Biometric Information Protection, which specifies the way biometric

information can be used to achieve cancellable biometric references, i.e. what is also known in the

industry as “biometric template protection”.
In additio
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.