ISO/IEC 27553-2:2025

International
Standard
ISO/IEC 27553-2
First edition
Information security, cybersecurity
2025-07
and privacy protection — Security
and privacy requirements for
authentication using biometrics on
mobile devices —
Part 2:
Remote modes
Reference number
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Biometrics .2
3.2 Authentication .4
3.3 System .4
4 Abbreviated terms . 5
5 Security and privacy considerations . 6
5.1 General .6
5.2 Security challenges common to all biometric systems .6
5.3 Reasons for and implications of choosing a remote mode instead of local mode .7
5.4 Security and privacy challenges specific to remote modes .8
5.4.1 General .8
5.4.2 Sharing biometric information with remote services .8
5.4.3 Security heterogeneity of remote services information system .8
6 System description . 9
6.1 Generic architecture . .9
6.2 Entities and components .9
6.2.1 Biometric system .9
6.2.2 RP agent . .10
6.2.3 Authentication agent.10
6.2.4 RP server .10
6.2.5 Authentication server .10
6.3 Biometric system application models .10
6.4 Types of authentication workflow for remote mode . 12
7 Information assets .12
8 Threat analysis . 14
8.1 Threats related to the biometric system .14
8.2 Threats related to the authentication and RP agents . 15
8.3 Threats related to the authentication and RP servers .17
8.4 Threats to communication between agents and servers .17
9 Security requirements and recommendations .18
9.1 General .18
9.2 Biometric system .18
9.3 Mobile device - side . 20
9.4 Server-side.21
9.5 Communication between agents and server. 22
10 Privacy requirements and recommendations .22
Annex A (informative) Implementation example .24
Annex B (informative) Authentication assurance and assurance level .32
Bibliography .39

© ISO/IEC 2025 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, Information security, cybersecurity and privacy protection.
A list of all parts in the ISO/IEC 27553 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2025 – All rights reserved
iv
Introduction
As the computational and functional capabilities of mobile devices rapidly evolve, authentication technologies
using biometrics based on physiological or behavioural characteristics (e.g. fingerprint, face, voiceprint) have
been developed and widely adopted in various mobile applications. Compared to traditional authentication
methods on mobile devices such as passwords, patterns, or SMS messages, biometric characteristics are
easy to use and not shareable. Since authentication methods using biometrics can provide a secure, reliable
and more convenient solution, they have become an attractive topic for both industry and academia.
However, the fragmentation of computing environments for mobile devices (e.g. different operating
systems, different trusted environment implementations, different biometric system implementations,
open computation environments in mobile devices, and open communication networks between mobile
devices and servers) often results in inconsistent implementations, which can increase vulnerabilities and
attack risks against mobile devices. This fragmentation makes it even more necessary to analyse security
challenges, threats, and security frameworks for authentication using biometrics on mobile devices and
to specify the high-level security requirements that can mitigate the security risks for applications of
authentication using biometrics in mobile devices.
This document is the second part of the ISO/IEC 27553 series, which puts forward the security and privacy
requirements for authentication using biometrics on mobile devices. Biometrics in the ISO/IEC 27553 series
is used for authentication using mobile devices, whose result is consumed by relying parties. This document
is applicable to cases where the biometric data or derived biometric data are transmitted between the
mobile devices and the remote services in either or both directions. Those cases are called remote modes in
this document. A typical example of remote modes is the case where biometric processing is partially done
on the mobile device and partially done remotely, and the result of authentication is consumed by relying
parties.
Other typical examples include cases where:
— presentation attack detection is delegated to a remote service;
— a biometric reference (i.e. enrolled biometric data) is stored on an outsourced storage and sent onto
mobile devices;
— biometric comparison is executed within a server or distributed between mobile device and the server.
Applications embodying remote modes of operation can introduce additional threats to biometric
information protection and privacy compared to local modes of operation. The transmission of biometric
information or storage in a server implies security and privacy threats that can be difficult to mitigate for
organization with insufficient maturity level of security. Privacy threats can include:
— leveraging eavesdropped, lost or stolen biometric data to forge an authentication;
— exploiting biometric data for identity theft in various scenarios (not limited to authentication);
— generating fake biometric data based on AI tools.
This document provides high-level security requirements, taking into account that biometrics are persistent
a lifetime, for authentication using biometrics on mobile devices for remote modes, including security
requirements for functional components and security requirements for communication. Further detailed
security requirements are not covered here as they are implementation-dependent. This document also
analyses security challenges, threats and security frameworks for authentication using biometrics on
mobile devices.
The following contents are out of scope of this document:
— identity proofing and enrolment using biometrics on mobile devices;
— external Biometric Processing Units (BPUs) locally connected to mobile devices, e.g. a USB key with
embedded fingerprint sensor, which can be plugged into the mobile device;

© ISO/IEC 2025 – All rights reserved
v
— the use of biometrics for authentication to applications that are entirely local to the mobile device and no
remote service is involved;
— cases where the biometric data or derived biometric data never leave the mobile devices (see
ISO/IEC 27553-1 for those cases).
While identity proofing and enrolment are not covered in this document, risks and threats exist and
consequently they are an integral part of the security posture of an organization relying on authentication
using biometrics on mobile devices.

© ISO/IEC 2025 – All rights reserved
vi
International Standard ISO/IEC 27553-2:2025(en)
Information security, cybersecurity and privacy protection —
Security and privacy requirements for authentication using
biometrics on mobile devices —
Part 2:
Remote modes
1 Scope
This document provides high-level security and privacy requirements for authentication using biometrics
on mobile devices, in particular, for functional components, communication, storage and remote processing.
This document is applicable to remote modes, i.e. the cases where:
— the biometric sample is captured through mobile devices, and
— the biometric data or derived biometric data are transmitted between the mobile devices and the remote
services in either or both directions.
The following are out of scope of this document:
— the cases where the biometric data or derived biometric data never leave the mobile devices (i.e. local modes),
— the preliminary steps for biometric enrolment before authentication procedure, and
— the use of biometric identification as part of the authentication.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 18031, Information technology — Security techniques — Random bit generation
ISO/IEC 24745:2022, Information security, cybersecurity and privacy protection — Biometric information
protection
ISO/IEC 27002:2022, Information security, cybersecurity and privacy protection — Information security
controls
ISO/IEC 29100:2024, Information technology — Security techniques — Privacy framework
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/

© ISO/IEC 2025 – All rights reserved
3.1 Biometrics
3.1.1
artefact
artificial object or representation presenting a copy of biometric characteristics or synthetic biometric
patterns
[SOURCE: ISO/IEC 30107-1:2023, 3.1]
3.1.2
biometric data
biometric sample or aggregation of biometric samples at any stage of processing
EXAMPLE Biometric reference, biometric probe, biometric feature or biometric property
Note 1 to entry: Biometric data need not be attributable to a specific individual, e.g. Universal Background Models.
[SOURCE: ISO/IEC 2382-37:2022, 37.03.06]
3.1.3
biometrics
automated recognition of individuals based on their biological and behavioural characteristics
[SOURCE: ISO/IEC 2382-37:2022, 37.01.03, modified — notes to entry have been removed]
3.1.4
biometric processing unit
BPU
trusted implementation of a collection of biometric subprocesses implemented in a single physical unit
Note 1 to entry: A BPU commonly comprises biometric subprocesses that are sequential in the process flow for a
biometric verification.
Note 2 to entry: Application/service requirements typically require BPU subprocesses to meet a uniform level of
security assurance. In ACBio, assurance is achieved through a BPU evaluation process that is authenticated by means
of an X.509 certificate embedded in an ACBio instance.
[SOURCE: ISO/IEC 24761:2019, 3.3]
3.1.5
presentation attack detection
PAD
automated discrimination between bona-fide presentations and biometric presentation attacks
Note 1 to entry: PAD cannot infer the biometric capture subject’s intent.
[SOURCE: ISO/IEC 30107-1:2023, 3.6]
3.1.6
renewable biometric reference
RBR
renewable identifier that represents an individual or data subject within a domain by means of a protected
binary identity (re)constructed from the captured biometric sample, and fulfilling irreversibility
requirements
Note 1 to entry: A renewable biometric reference fulfilling irreversibility requirement provides additional security
property.
Note 2 to entry: An example of a renewable biometric reference is a pseudonymous identifier and additional data
elements required for biometric verification or identification such as auxiliary data.
[SOURCE: ISO/IEC 24745:2022, 3.34]

© ISO/IEC 2025 – All rights reserved
3.1.7
biometric presentation attack
attack presentation
presentation to the biometric data capture subsystem with the goal of interfering with the operation of the
biometric system
Note 1 to entry: Biometric presentation attacks can be implemented through a number of methods, e.g. artefact,
mutilations, replay, etc.
Note 2 to entry: Biometric presentation attacks can have a number of goals, e.g. impersonation or not being recognized.
Note 3 to entry: Biometric systems can be unable to differentiate between presentations with the goal of interfering
with the systems’ operation and non-conformant presentations.
[SOURCE: ISO/IEC 30107-1:2023, 3.5]
3.1.8
revocability
ability to prevent future successful verification of a specific biometric reference and the corresponding
identity reference
Note 1 to entry: Rejection of a subject may occur on the grounds of its appearance on a revocation list.
[SOURCE: ISO/IEC 24745:2022, 3.35]
3.1.9
renewability
property of a transform or process to create multiple, unlinkable transformed biometric references derived
from one or more biometric samples obtained from the same data subject and which can be used to recognize
the individual while not revealing information about the original reference
[SOURCE: ISO/IEC 24745:2022, 3.33]
3.1.10
biometric data subject
individual whose individualized biometric data is within the biometric system
Note 1 to entry: The intent of the word “individualized” is to distinguish biometric data subjects from those whose
aggregated data was used in the creation of the biometric recognition algorithm. Examples of individuals contributing
biometric data who are not biometric data subjects include those who contributed to a Universal Background Model in
speaker recognition systems, or who contributed to the creation of an eigenface basis set in a facial recognition system.
[SOURCE: ISO/IEC 2382-37:2022, 37.07.05]
3.1.11
biometric reference
BR
one or more stored biometric samples, biometric templates or biometric models attributed to a biometric
data subject (3.1.10) and used as the object of biometric comparison
EXAMPLE Face image stored digitally on a passport, fingerprint minutiae template on a National ID card or
Gaussian Mixture Model for speaker recognition, in a database.
Note 1 to entry: A biometric reference that can be renewed is referred to as a renewable biometric reference.
Note 2 to entry: BR can be used as a factor in multi-factor authentication, that is, something a person is.
[SOURCE: ISO/IEC 24745:2022, 3.11]

© ISO/IEC 2025 – All rights reserved
3.1.12
biometric data controller
person or organization which, alone or jointly with others, determines the purposes, means and goals of the
processing of biometric data
[SOURCE: ISO/IEC 2382-37:2022, 37.07.26]
3.2 Authentication
3.2.1
authentication
provision of assurance in the identity of an entity
[SOURCE: ISO/IEC 29115:2013, 3.2]
3.2.2
authentication agent
component in a mobile device that performs authentication-related functions on the mobile device and
interacts with the local biometric components
[SOURCE: ISO/IEC 27553-1:2022, 3.4]
3.2.3
entity authentication assurance
degree of confidence reached in the authentication process that the entity is what it is, or is expected to be
Note 1 to entry: The confidence is based on the degree of confidence in the binding between the entity and the identity
that is presented.
[SOURCE: ISO/IEC 29115:2013, 3.11]
3.2.4
authentication credential
credential containing information that can be used to help authenticate the entity
[SOURCE: ISO/IEC 20009-4:2017, 3.3]
3.2.5
authentication service provider
entity that provides authentication services to a relying party (3.3.4)
[SOURCE: ISO/IEC 27553-1:2022, 3.6]
3.2.6
credential
representation of an identity for use in authentication
[SOURCE: ISO/IEC 24760-1:2019, 3.3.5, modified – noted to entry have been removed]
3.3 System
3.3.1
device binding
association of a specific device with the data (credential) and the holder (individual getting the credential)
Note 1 to entry: The binding process typically provides assurance to a known level.
[SOURCE: ISO/IEC 27553-1:2022, 3.14]

© ISO/IEC 2025 – All rights reserved
3.3.2
information asset
knowledge or data that has value to the individual or organization
[SOURCE: ISO/IEC 27553-1:2022, 3.15]
3.3.3
mobile device
small, compact, handheld, lightweight, standalone computing device, typically having a display screen with
digitizer input and/or a miniature keyboard
Note 1 to entry: Examples include laptops, tablet PCs, wearable information and communication technology (ICT)
devices, and smartphones.
[SOURCE: ISO/IEC 30107-4:2024, 3.1]
3.3.4
relying party
RP
entity that relies on the verification of identity information for a particular entity
Note 1 to entry: A relying party is exposed to risk caused by incorrect identity information. Typically it has a trust
relationship with one or more identity information authorities.
Note 2 to entry: In the context of this document, an RP is implemented as a server plus an agent. An RP agent is a
software component located in the mobile device which initiates authentication requests to an RP server, displays
the returned information, and interacts with the identity information provider (IIP) agent to fulfil the authentication
process.
EXAMPLE An RP agent can be a mobile browser.
[SOURCE: ISO/IEC 27553-1:2022, 3.19]
3.3.5
threat
potential cause of an unwanted incident, which can result in harm to a system or organization
[SOURCE: ISO/IEC 27000:2018, 3.74]
3.3.6
trusted environment
secure area that guarantees the confidentiality and integrity of code and data loaded inside
Note 1 to entry: Examples include TEE (Trusted Execution Environment), SE (Secure Element), and TPM (Trusted
Platform Module). See ISO 12812-1 and ISO/IEC 11889 for further details.
[SOURCE: ISO/IEC 27553-1:2022, 3.22]
4 Abbreviated terms
PitM person-in-the-middle
OS operating system
RAM random-access memory
SDK software development kit
SE secure element
TEE trusted execution environment

© ISO/IEC 2025 – All rights reserved
TPM trusted platform module
BP biometric probe
PAI presentation attack instrument
FAR false acceptance rate
5 Security and privacy considerations
5.1 General
This document addresses the security and privacy requirements for using biometrics as an authentication
mechanism in order to realize a level of entity authentication assurance while ensuring, by design, the
security and privacy protection of biometric data. Annex B addresses possible levels of assurance that can
be used in addition to the levels of assurance addressed in ISO/IEC 29115.
This document considers the case of remote modes, that is where some biometric information is sent outside
the mobile device. It can be the case if the RP requests it or if the mobile device relies on some outsourced
biometric service.
Possible use cases (and justification) of choosing remote modes are analysed in 5.3.
ISO/IEC 27553-1:2022, Clause 5, introduces challenges that apply to both remote and local modes, whereas,
in this document, 5.4 introduces security challenges that are specific to remote modes.
Taking these use cases and challenges in account, the security impact of choosing remote modes versus the
local modes (see ISO/IEC 27553-1) shall be assessed. The security threats shall be reviewed in details and
assessed (see Clause 8). When possible, unnecessary collection shall be avoided, and local modes should be
preferred.
If remote mode is strongly justified based on risk assessment, and use case constraints (see 5.3), the security
and privacy requirements in Clause 9 and Clause 10 shall be met in order to drastically reduce leakage and
function creep risks. Periodic review of the risk assessment should be performed to adapt to emerging
threats and changes in system capabilities.
NOTE The corresponding security measures are generally more easily implemented within systems with a high
level of security constraints or requirements.
5.2 Security challenges common to all biometric systems
Biometric systems are generally faced with a number of threats that can result in a vulnerability as described
in ISO/IEC FDIS 19792:—, 6.2, including:
— performance limitations,
— presentation attacks of biometric characteristics (see also ISO/IEC 30107-1),
— modification of biometric characteristics,
— difficulty of concealing biometric characteristics,
— similarity due to blood relationship,
— special biometric characteristics,
— synthesised wolf (see ISO/IEC FDIS 19792:—, 3.5.5) biometric samples,
— hostile environment,
— procedural vulnerabilities around the enrolment process,

© ISO/IEC 2025 – All rights reserved
— leakage and alteration of biometric data, etc.
The components in a biometric system, and the biometric data transmitted through the interfaces between
these components, confront certain threats as listed in ISO/IEC 24745:2022, Tables 1 and 2, including:
— threats to data capture: presentation attacks against the biometric capture subsystem, which in turn
consist of several sensors;
— threats to signal processing: unauthorized manipulation of data during processing;
— threats to comparison: manipulation of comparison scores;
— threats to storage: database compromise;
— threats to decision: hill-climbing attack, threshold manipulation;
— threats to the interfaces between data capture, signal processing, and comparison: eavesdropping, relay,
or brutal force attack on the biometric sample and feature;
— threats to the interface between storage and comparison: eavesdropping, relay, person-in-the-middle, or
hill climbing attack on the biometric reference;
— threats to the interface between comparison and decision: comparison score manipulation.
Any applications depending on authentication using biometrics on mobile devices shall consider these
threats and decide whether to mitigate them or accept the corresponding risks.
5.3 Reasons for and implications of choosing a remote mode instead of local mode
Some possible specific motivations to choose remote modes include:
— The use of sophisticated image processing and sample extraction techniques on the server to improve
the quality of captured and processed biometric samples compared to those captured and processed
solely by the mobile device (e.g. facial images).
— The employment of more accurate biometric recognition algorithms in a server environment than those
available on a mobile device.
— The use of challenge-response operation or other techniques aimed at detecting and blocking presentation
attacks.
— Biometric references stored on the server can be better controlled and protected from compromise than
those stored on a mobile device in a less controlled or protected environment. However, the compromise
of the accumulated references stored on a remote server is likely to have a more significant impact,
with respect to security and privacy threats, than the compromise of a single reference stored locally
on a mobile device. Consequently, the needed levels of security and privacy are significantly different
between remote and local modes.
The following biometric information privacy threats described in ISO/IEC 24745:2022, 7.1 are also applicable
in this document:
— Biometric data can be abused for purposes other than originally intended and consented to by the data
subject.
— Biometric references can allow retrieval or analysis of properties of the data subject that are not
required or intended for biometric identification and verification, such as the data subject's health status
or inferential medical information and ethnic background.
— Biometric references can be used to link subjects across different applications in the same database or
across different databases. Privacy is related to the unlinkability of the stored biometric reference.
When biometric information is sent to a remote service, it can be used for comparing the biometric
information to enrolled biometric data or it can be for specific biometric processing that are not executed

© ISO/IEC 2025 – All rights reserved
in the mobile devices. In the first case, the pre-registered information represents a risk of database leakage
in addition to risk of leakage or unintentional collection of information during the workflow. In the second
case, even without the use of a database of biometric information, there is a risk of collection of information
during the workflow. In both cases, if the biometric information (stored in the biometric database or
communicated and processed) are not isolated from public access or from operators, there is a significant
risk of data leakage. In addition, if the system does not enforce restrictions on what can be done or not
with biometric information, there is a significant risk of function creep and the privacy risk of biometric
information being used for unintended purposes. Another significant risk when a network interface is used
between the mobile-side biometric subsystem and the server-side biometric subsystem is the risk of digital
injection attacks if there is no end-to-end secure pathway to transmit the biometrics data to the server-side
biometric subsystem.
Given the inherent security and privacy risks of remote modes, the risks and the possibility to mitigate those
risks versus the needs to process biometric information remotely shall be assessed thoroughly.
5.4 Security and privacy challenges specific to remote modes
5.4.1 General
In addition to the issues introduced in ISO/IEC 27553-1:2022, 5.3 related to diversity across mobile
devices, open computation environment, variable communication channels and operation in unsupervised
environment, 5.4.2 and 5.4.3 introduce specific challenges related to the remote modes.
5.4.2 Sharing biometric information with remote services
When biometric information is transmitted from or to a mobile device, it can involve various communication
channels, some of which can be insecure. Consequently, if the biometric data or derived data are allowed
to be transmitted or moved off without proper security protection, this creates a significant security and
privacy risk.
In addition, if endpoints (i.e. involved remote services and mobile device) are not authenticated and
restricted to legitimate parties, personal information can be transferred without authorization to a non-
legitimate party.
5.4.3 Security heterogeneity of remote services information system
Remote services rely on various technology and infrastructure stacks, and the maturity level of the
information security management system can vary a lot. Additionally, lack of computation environment
isolation and database breaches (even more when accumulating large quantities of biometric information in
the same location) are important risks, as well as the difficulty to technically block by design unauthorized
sharing to other parties.
For biometric authentication based on mobile devices for remote modes, the remote services face the
challenges of implementing adequate and robust security measures to mitigate those risks. This would
typically be more suitable for organisations possessing the cybersecurity maturity for managing sensitive
applications.
Furthermore, because the biometric processing and biometric information are shared between mobile
devices and the remote services, consistent measures shall be taken to ensure security and privacy between
the mobile devices and the remote services. There are various implementations and measures provided
by biometric technology vendors as application software. To handle security and privacy measures in
the remote modes, part of the measures is done in the mobile devices and the other is done in the remote
services. If the remote services apply measures, the mobile devices are expected to apply the corresponding
measures on various versions of the mobile execution environments. This is a typical example of difficult
aspects of the remote modes to be implemented.

© ISO/IEC 2025 – All rights reserved
6 System description
6.1 Generic architecture
The generic architecture of the remote modes for authentication using biometrics on mobile devices
described in this document is shown in Figure 1. The biometric subsystems are divided between the mobile
device and the server. In Figure 1, the biometric subsystem is part of the subsystems shown in Figure 2.
Figure 1 — Generic architecture for remote mode biometric authentication involving mobile devices
NOTE The components in Figure 1 represent the logical elements of a system. Specific configurations vary across
different implementations. Other examples of architecture exist, for instance one of the biometric subsystems can be
implemented on a different server that would communicate directly with the mobile device separately from the main RP
and authentication server. In such cases, some of the server requirements or agents-server communication requirements
will apply to either both servers or only one of them depending on the workflow. For the rest of the document, the
server-side is seen as a generic entity representing any combination of multiple servers (see NOTE 2 in 6.3).
6.2 Entities and components
6.2.1 Biometric system
Figure 2 shows the biometric subsystems comprising a biometric system with PAD, based on
ISO/IEC 30107-1:2023, Figure 3.
SOURCE Based on ISO/IEC 30107-1:2023, Figure 3
Figure 2 — Functional overview of a biometric system with PAD
As shown in Figure 2, the data capture subsystem, signal processing subsystem, comparison subsystem,
and decision subsystem run sequentially. The PAD subsystem can receive PAD information from the data

© ISO/IEC 2025 – All rights reserved
capture subsystem, the signal processing subsystem and data storage subsystem. The PAD result can be
output to the decision subsystem or the data capture subsystem, depending on where the PAD decision is
enforced in the system. In remote modes of operation, the subsystems are distributed between the mobile
device and the server – see Table 1 for further details. The data capture subsystem is always located in the
mobile device while the functionality provided by the other subsystems can be distributed between the
mobile device and the server. There are variations in practice (see ISO/IEC 24745 for details).
The functioning of the subsystems shown in Figure 2 depends on the details of the system implementation.
For example, the signal processing, comparison, and decision subsystems for a minutiae-based fingerprint
system can widely differ from those for a pattern-based iris recognition system or a deep learning face
recognition system. The use of RBR can also give rise to differences. For example, the similarity determination
(comparison) process can be effectively subsumed within the signal processing subsystem, and the decision
process can be deterministic like that for passwords; see ISO/IEC 24745 for further information on RBR.
Certain types of RBR allow to hide and recover a secret which can be a key. ISO/IEC 24745:2022, Annex C
gives some examples of RBRs.
The biometric subsystems on the mobile device interact with the biometric subsystems on the server
through the RP agent.
6.2.2 RP agent
The RP agent is a component provided by the RP which runs in the mobile device and manages communication
between the mobile device and the RP server. It can include additional functionalities that are out-of-scope
of this document.
6.2.3 Authentication agent
The authentication agent is a component in a mobile device that performs authentication-related functions
on the mobile device and interacts with the local biometric components. Although multiple authentication
factors can be supported, such as passwords, PINs, tokens, or biometrics, only biometrics are considered in
this document. The authentication agent interacts with the server through the RP agent.
The authentication agent is usually provided by the same provider as the authentication server.
In a typical implementation, the authentication agent uses authentication credentials that are combined with
biometrics, e.g. via digital signature of the biometrics, before sending biometric information to the server.
6.2.4 RP server
The RP server is responsible for providing back-end services for the RP. This includes communicating
between the mobile device and server-side components like the authentication server and biometric
subsystems. During the authentication process, the RP server obtains the authentication result from the
authentication server and provides the corresponding service or resource according to the authentication
result and the authorization policy. The RP server can include additional functionalities that are out-of-scope
of this document.
6.2.5 Authentication server
The authentication server performs the credential verification function during an authentication process.
Upon completing the authentication process, the authentication server generates an authentication result
and provides the result to the RP server. As in this document, some biometric subsystems are implemented
on the server-side, the authentication server also interacts with these subsystems to generate the
authentication result. The authentication server can include additional functionalities that are out-of-scope
of this document.
6.3 Biometric system application models
Table 1 lists the possible location of the biometric subsystems in Figure 2.

© ISO/IEC 2025 – All rights reserved
Table 1 — Possible location of biometric subsystems
a
Biometric sub- Description Possible location
system
PAD subsystem The PAD subsystem is used to detect presentation 1) In the mobile device;
attacks. Figure 2 shows the PAD subsystem as a distinct
2) Partially in the mobile device and
process in the general biometric framework, but in prac-
b
partially in the server ;
tice PAD functionality can be partially or fully integrated
within other biometric subsystems.
b
3) In the server .
Biometric capture The data capture subsystem collects an image or signal 1) In the mobile device
subsystem of a subject’s biometric characteristics presented to the
2) In a device connected to the
biometric sensor and outputs this image/signal as a cap-
mobile device (out of scope)
tured biometric sample.
Signal processing Signal processing can include processes suc
...