ISO/IEC 18584:2015

INTERNATIONAL ISO/IEC
STANDARD 18584
First edition
2015-11-15
Information technology —
Identification cards — Conformance
test requirements for on-card
biometric comparison applications
Technologies de l’information — Cartes d’identification —
Exigences relatives aux essais de conformité pour les applications de
comparaison biométrique sur carte
Reference number
ISO/IEC 18584:2015(E)
©
ISO/IEC 2015

---------------------- Page: 1 ----------------------
ISO/IEC 18584:2015(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 18584:2015(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 4
5 Test Methodology . 5
5.1 Test assertion . 5
5.2 Test criteria . 5
6 Conformance test requirements related to data for on-card comparison .5
6.1 Biometric reference object handling . 5
6.2 Configuration data (biometric verification) . 5
6.2.1 Data objects for configuration data elements . 5
6.2.2 Biometric comparison algorithm parameters . 6
6.2.3 Biometric product identifier . 8
6.3 Sharable Interface for multiple applications . 8
6.3.1 File control parameter . 8
6.3.2 Access rules . 8
6.4 Retry counter management . 8
7 Conformance test requirements for standard processes for on-card
biometric comparison . 9
7.1 Standard Processes . 9
7.1.1 Application identifier (AID) for on-card biometric comparison . 9
7.1.2 Read biometric reference data . 9
7.1.3 Enrolment . 9
7.1.4 Verification . 9
7.1.5 Termination of on-card comparison application . 9
7.2 Comparison process and result output .10
7.2.1 Comparison process and result . .10
8 Conformance test requirements for work-sharing mechanism using WSR protocol .10
8.1 Biometric reference for work-sharing mechanism.10
8.2 Command and response bytes for work-sharing .10
8.3 Work-sharing management .11
8.3.1 Unique Identifier .11
8.3.2 Work-sharing procedure discovery .11
8.3.3 Work-sharing procedure operation .11
9 Conformance test requirements s for security policies for on-card
biometric comparison .12
9.1 Common security policies (CSP) for on-card biometric comparison .12
9.2 Security policies (SP1) for global comparison configuration data.12
9.3 Security policies (SP2) for local comparison configuration data .13
Annex A (normative) Checklist for Biometric Data Template for Working-Sharing Mechanism .15
Annex B (informative) Testing framework .16
© ISO/IEC 2015 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 18584:2015(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical
Barriers to Trade (TBT), see the following URL: Foreword — Supplementary information.
The committee responsible for this document is ISO/IEC JTC1, Information technology, Subcommittee
SC 17, Cards and personal identification.
iv © ISO/IEC 2015 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 18584:2015(E)

Introduction
On-card biometric comparison provides a more secure biometric authentication in that the
comparison is executed inside the ICC and the biometric reference is never be revealed outside the
ICC. ISO/IEC 24787:2010 specifies a set of requirements for implementing biometric comparison inside
the ICC. An ICC application that is claimed to be conformant to ISO/IEC 24787:2010, should fulfil a set
of requirements that are stated in this International Standard. The requirements established are for
both, the ICCs that fully process the on-card biometric comparison, and those using the work-sharing
mechanism, as specified in ISO/IEC 24787:2010.
© ISO/IEC 2015 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO/IEC 18584:2015(E)
Information technology — Identification cards —
Conformance test requirements for on-card biometric
comparison applications
1 Scope
This International Standard establishes
— conformance test requirements for using general framework for on-card comparison applications,
— conformance test requirements for using work-sharing mechanism for on-card comparison
applications, and
— conformance test requirements to check accomplishment of security policies for on-card biometric
comparison that are specified in ISO/IEC 24787:2010.
This International Standard only covers the testing of APDU command and response pairs involved for
the ICC that has the capability to perform on-card biometric comparison based on ISO/IEC 24787:2010.
Measuring the performance of on-card biometric comparison algorithms in terms of error rates is not
within the scope of this International Standard.
2 Normative references
ISO/IEC 7816-3, Identification cards — Integrated circuit cards — Part 3: Cards with contacts — Electrical
interface and transmission protocols
ISO/IEC 7816-4:2013, Identification cards — Integrated circuit cards — Part 4: Organization, security and
commands for interchange
ISO/IEC 7816-11:2004, Identification cards — Integrated circuit cards — Part 11: Personal verification
through biometric methods
ISO/IEC 7816-15, Identification cards — Integrated circuit cards — Part 15: Cryptographic information
application
ISO/IEC 19785-1, Information technology — Common Biometric Exchange Formats Framework — Part 1:
Data element specification
ISO/IEC 19785-2, Information technology — Common Biometric Exchange Formats Framework — Part 2:
Procedures for the operation of the Biometric Registration Authority
ISO/IEC 19785-3:2007, Information technology — Common Biometric Exchange Formats Framework —
Part 3: Patron format specifications
ISO/IEC 19794 (all parts), Information technology — Biometric data interchange formats
ISO/IEC 24761:2009, Information technology — Security techniques — Authentication context for biometrics
ISO/IEC 24787:2010, Information technology — Identification cards — On-card biometric comparison
ISO/IEC 29794-1:2009, Information technology — Biometric sample quality — Part 1: Framework
© ISO/IEC 2015 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/IEC 18584:2015(E)

3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
auxiliary data
data that is dependent on biometric modality and related to the biometric reference but does not include
the biometric reference or a biometric sample
EXAMPLE Data such as orientation, scaling, etc.
3.2
biometric (adj.)
of or having to do with biometrics
Note 1 to entry: “biometric” should never be used as a noun.
Note 2 to entry: This definition is derived from SC37 SD2 Harmonized biometric vocabulary.
3.3
biometrics
automated recognition of individuals based on their behavioral and biological characteristics
Note 1 to entry: This definition is derived from SC37 SD2 Harmonized biometric vocabulary.
3.4
biometric claim
claim that a biometric capture subject is the bodily source of a specified biometric reference
3.5
biometric data
biometric sample or aggregations of biometric samples at any stage of processing, biometric reference,
biometric feature or biometric property
Note 1 to entry: This definition is derived from SC37 SD2 Harmonized biometric vocabulary.
3.6
biometric data format
structure for representing biometric data
3.7
biometric Information Template
descriptive information regarding the associated biometric data
Note 1 to entry: This definition is derived from ISO/IEC 7816-11:2004.
3.8
biometric product identifier
unique identifier registered with the registration authority in accordance with ISO/IEC 19785-1
3.9
biometric property
descriptive attributes of the biometric data subject estimated or derived from the biometric sample by
automated means
Note 1 to entry: This definition is derived from SC37 SD2 Harmonized biometric vocabulary.
3.10
biometric reference
one or more stored biometric samples, biometric templates or biometric models attributed to a
biometric data subject and used for comparison
Note 1 to entry: This definition is derived from SC37 SD2 Harmonized biometric vocabulary.
2 © ISO/IEC 2015 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC 18584:2015(E)

3.11
biometric verification system
system that aims to perform the process of confirming a biometric claim
3.12
client application
software executed in the biometric sample acquisition terminal to process a request for comparison
that uses the decision obtained from the on-card comparison process
3.13
installation
writing of the required parameters into the non-volatile memory inside the ICC by the card OS executing
the installation procedure after the application has been uploaded to the ICC
3.14
integrated circuit(s) cards interface devices
requirements and specifications for USB devices that interface with Integrated Circuit(s) Cards or act
as interfaces with Integrated Circuit(s) Cards
Note 1 to entry: This definition is derived from USB Implementers Forum.
3.15
on-card comparison
performing comparison and decision making on an IC card where the biometric reference data is
retained on-card in order to enhance security and privacy
3.16
off-card comparison
biometric comparison performed outside the card by the biometric verification system against the
biometric reference data stored on the card
3.17
pre-comparison computation
computation procedure executed outside the ICC that requires the (open) on-card auxiliary data to
compute meta-data that can be used to speed up the subsequent on-card biometric data comparison
process
3.18
work-sharing
splitting the work load of computation of the pre-comparison process between the card and the
biometric interfacing device
Note 1 to entry: Work-sharing on-card comparison is one type of on-card comparison.
3.19
system-on-card
complete biometric verification system on a card, including data acquisition, processing and comparison
Note 1 to entry: System-on-card comparison is one type of on-card comparison
3.20
zeroize data
electronically stored data that have been degaussed, erased, or over-written device
Note 1 to entry: This definition is derived from ANSI X9.17 Financial Institution Key Management (Wholesale).
© ISO/IEC 2015 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/IEC 18584:2015(E)

4 Abbreviated terms
AID application identifier
ADF application dedicated file
APDU application protocol data unit
API application programme interface
AUT authenticate
BER basic encoding rules
BIT biometric information template
CCID Integrated Circuit(s) Cards Interface Devices
CRT control reference template
CPU central processing unit
DF dedicated file
DF.CIA dedicated file, cryptographic information application
EF elementary file
FCI file control information
FCP file control parameter
FMR false match rate
FNMR false non-match rate
ICC integrated circuit card
IFD interface device
MAC message authentication code
MSE manage security environment
OID object Identifier
OS operating system
RFU reserved for future use
SW1-SW2 status bytes
TLV tag length value
UQ usage qualifier
USB Universal Serial Bus
WSCP work-sharing computation protocol
WSR work-sharing request
4 © ISO/IEC 2015 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC 18584:2015(E)

5 Test Methodology
5.1 Test assertion
Test assertion is a function to check a given parameter whether can meet the requirement of
specification. If the parameter cannot satisfy the criteria of the original specification, the assertion
function shall return a negative condition (e.g. Boolean false) indicating “assertion failed” with specific
error message. Otherwise, the assertion function shall return a positive condition (e.g. Boolean true)
and continue to test for the next criteria. All test results shall be consolidated to generate a report to
notify the outcome of the test.
5.2 Test criteria
If the item under test is specified as mandatory, this item under test shall be present as per specification.
Two levels of test criteria for the content/value are defined in the document for testing:
— Level 1: The content/value can be tested by following the requirement from the manufacturer.
— Level 2: The content/value shall be tested by following the test requirement/method specified in
this document.
6 Conformance test requirements related to data for on-card comparison
6.1 Biometric reference object handling
For testing 7.1.2 biometric reference object handling, the conformance test requirements of relevant
part of ISO/IEC 19794- series shall be used to test the biometric data format, unless proprietary
biometric data format is explicitly not required for particular operation environment.
6.2 Configuration data (biometric verification)
6.2.1 Data objects for configuration data elements
If configuration data are available and the access rule associated with logical data structures allows
retrieval of configuration, the test requirements as shown in Table 1 shall be used.
Table 1 — Test requirements for data objects for configuration data elements
Tag Length Valid values Test Requirement Mandatory Test Level Test result
‘80’ 1 to 3 bytes NA * Maximum size of biome- Yes 1
tric verification data.
‘81’ 1 to 3 bytes NA * Minimum size of the bi- Yes 1
ometric reference data.
‘82’ 1 ‘00’-‘FF’ * Supported number of Yes 1
biometric templates (‘00’
– no information given)
‘83’ 1 ‘00’-‘FF’ * Flag indicating the pos- Yes 2
sibility of re-enrolment.
Only two values: ‘00’: No
re-enrolment possible and
‘01’:Re-enrolment possible
are allowed, all other val-
ues are reserved for future
use and shall never be used.
NOTE 1 “*” denotes that this tag shall be present. The value is provided by manufacturer of the ICC under test.
© ISO/IEC 2015 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO/IEC 18584:2015(E)

Table 1 (continued)
Tag Length Valid values Test Requirement Mandatory Test Level Test result
‘85’ Var As defined in ISO/IEC 29794-1 Minimum verification data Yes 2
quality supported as de-
fined in the relevant parts
of the ISO/IEC 19794 and
ISO/IEC 29794- series of
standards.
‘86’ 1 NA * Initial value of the retry Yes 1
counter, indicating the sup-
ported maximum number
of permitted verification
attempts.
‘87’ Var NA Internal quality restric- Yes 1
tions for performing the
comparison. The value
is depends on particular
application.
‘8F’ Var NA Proprietary data, applica- No. 1
tion dependent.
’90’ Var As per Table 3 in ISO/ See Table 3 below Yes 2
IEC 24787:2010
‘A4’ Var As defined by the registration Reserve for future use, No 1
authority described in ISO/ Algorithm ID as defined
IEC 19785-2 by SC 37.
NOTE 1 “*” denotes that this tag shall be present. The value is provided by manufacturer of the ICC under test.
6.2.2 Biometric comparison algorithm parameters
The requirements for testing data objects to be read from the card encoded in BIT are shown in Table 2.
Table 2 — Test requirements for Data objects for biometric comparison algorithm parameters
Tag Length Valid values Test Requirement Mandatory Test Level Test result
‘81’ * * Minimum and maximum Yes 2
length of biometric data as
defined in the relevant part
of the ISO/IEC 19794- series
of standards. The content
shall follow the relevant part
of ISO/IEC 19794- series of
standards.
‘82’ * * Ordering, if applicable, of the Yes 2
features in the biometric data
as defined in the relevant
part of the ISO/IEC 19794-
series of standards. The con-
tent shall follow the relevant
part of ISO/IEC 19794- series
of standards.
‘83’ * * Biometric data handling Yes 2
information as defined in
the relevant part of the ISO/
IEC 19794- series of stand-
ards. The content shall
follow the relevant part of
ISO/IEC 19794- series of
standards.
NOTE 1 “*” denotes that this variable is defined in the relevant part of ISO/IEC 19794- series of standards.
NOTE 2 “**” denotes that this variable is defined in the relevant parts of the ISO/IEC 19794 and ISO/IEC 29794- series of
standards.
6 © ISO/IEC 2015 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC 18584:2015(E)

Table 2 (continued)
Tag Length Valid values Test Requirement Mandatory Test Level Test result
‘84’ * * Alignment information as Yes 2
defined in the relevant part
of the ISO/IEC 19794- series
of standards. The content
shall follow the relevant part
of ISO/IEC 19794- series of
standards.
‘85’ ** ** Minimum verification data Yes 2
qualit y supported (See
Table 1). The content shall
follow the relevant part of
ISO/IEC 19794 and ISO/
IEC 29794- series of stand-
ards.
‘90’ 1 As per Table 3 See Table 3 below Yes 2
in ISO/
IEC 24787:2010
‘91’ 2 ‘0001’ – ‘FFFF’ Maximum response time in Yes 2
milli-seconds. A card per-
forming a time-consuming
operation has to support
proper waiting time ex-
tensions according to ISO/
IEC 7816-3.
NOTE 1 “*” denotes that this variable is defined in the relevant part of ISO/IEC 19794- series of standards.
NOTE 2 “**” denotes that this variable is defined in the relevant parts of the ISO/IEC 19794 and ISO/IEC 29794- series of
standards.
The test requirement of authentication and descriptive power as specified in Table 1 and 2 shall
follow Table 3.
Table 3 — Authentication type and discriminative power
b7 b6 b5 b4 b3 b2 b1 b0 Meaning Requirements Test Level Test re-
sult
x x Authentication
type
0 0 Comparison on- * Shall be the same as 2
card specified by the manu-
facturer
0 1 Work sharing * Shall be the same as 2
comparison on- specified by the manu-
card facturer
1 0 System-on-card * Shall be the same as 2
specified by the manu-
facturer
1 1 RFU Shall never be used.
x x x FMR claimed
0 0 0 No indication
given
0 0 1 FMR grade 1 ** shall be the same as 2
(largest) specified by manufacturer
NOTE 1 “*” denotes that these bits shall represent the same operation as specified by manufacturer. For example, for
comparison on-card, ‘b1’ = 0 and ‘b0’ = 1 shall be found.
NOTE 2 “**” denotes that these bits shall represent the same descriptive power as specified by manufacturer.
© ISO/IEC 2015 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO/IEC 18584:2015(E)

Table 3 (continued)
b7 b6 b5 b4 b3 b2 b1 b0 Meaning Requirements Test Level Test re-
sult
0 1 0 FMR grade 2 ** shall be the same as 2
specified by manufacturer
0 1 1 FMR grade 3 ** shall be the same as 2
specified by manufacturer
1 0 0 FMR grade 4 ** shall be the same as 2
specified by manufacturer
1 0 1 FMR grade 5 ** shall be the same as 2
specified by manufacturer
1 1 0 FMR grade 6 ** shall be the same as 2
(smallest) specified by manufacturer
1 1 1 RFU Shall never be used.
x x x RFU Shall never be used. These 1
bits may be set to zero.
NOTE 1 “*” denotes that these bits shall represent the same operation as specified by manufacturer. For example, for
comparison on-card, ‘b1’ = 0 and ‘b0’ = 1 shall be found.
NOTE 2 “**” denotes that these bits shall represent the same descriptive power as specified by manufacturer.
6.2.3 Biometric product identifier
Biometric product identifier shall be an integer within the range 1 to 65535 and should be registered
with the registration authority according to ISO/IEC 19785-1. ‘0’ shall never be used as identifier.
6.3 Sharable Interface for multiple applications
6.3.1 File control parameter
The file control parameter (FCP) shall be tested according to ISO/IEC 7816-4.
6.3.2 Access rules
Access rules shall be tested according to ISO/IEC 7816-4.
6.4 Retry counter management
The following Table 4 shall be used to test the retry counter management.
8 © ISO/IEC 2015 – All rights reserved

---------------------- Page: 13 ----------------------
ISO/IEC 18584:2015(E)

Table 4 — Checklist for retry counter management
List Test Requirement Mandatory Test Level Test result
1 The cardholder of biometric comparison process shall be under Yes 2
the control of a retry counter which determines if the verification
process may continue to be used with a given biometric reference.
2 An initial value of the retry counter shall be associated to the Yes 2
on-card biometric reference.
3 This association may be encoded using ISO/IEC 7816-15 sub-class No 2
attributes assigned to a Biometric Data Info Object as defined in
ISO/IEC 7816-15.
4 If the verification fails, the retry counter shall be decremented Yes 2
by one and an error status that contains the remaining attempts
shall be returned by the application.
5 The number of allowed retries may be encoded in the status No 1
bytes SW1-SW2 = “63CX” (where X is the remaining number) of
a response to a VERIFY command where the data field is absent
according to ISO/IEC 7816-4.
6 A successful verification of the biometrics reference shall reset Yes 2
the associated retry counter to its initial value.
7 Conformance test requirements for standard processes for on-card
biometric comparison
7.1 Standard Processes
7.1.1 Application identifier (AID) for on-card biometric comparison
If biometric comparison is implemented as an independent application, the application identifier shall
be generated as per ISO/IEC 7816-4:2013, 8.2.1.2 and Annex A.
NOTE 1 The AID is derived from the standard’s object identifier according to ISO/IEC 7816-4:2013, 8.2.1.2 and
Annex A.
7.1.2 Read biometric reference data
This operation shall never be supported, no matter using specific APDU command or reading from file.
7.1.3 Enrolment
This operation shall be supported. The biometric terminal shall be able to store biometric reference
into the ICC using the mechanism specified in ISO/IEC 7816-11. Test verification can be used to verify
the biometric reference is correctly stored inside the ICC.
7.1.4 Verification
This operation shall be supported. The biometric terminal shall be able to send biometric data to the ICC
using the mechanism specified in ISO/IEC 7816-11. The returned bytes shall not contain the biometric
comparison score.
7.1.5 Termination of on-card comparison application
The on-card logical data structure containing biometric reference data pertaining only to such
application shall be made inaccessib
...