ISO/IEC 30108-1:2015

INTERNATIONAL ISO/IEC
STANDARD 30108-1
First edition
2015-11-01
Corrected version
2016-04-15
Information technology — Biometric
Identity Assurance Services —
Part 1:
BIAS services
Technologies de l’information — Service d’assurance de l’identité
biométrique (BIAS) —
Partie 1: Services BIAS
Reference number
ISO/IEC 30108-1:2015(E)
©
ISO/IEC 2015

---------------------- Page: 1 ----------------------
ISO/IEC 30108-1:2015(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 30108-1:2015(E)

Contents Page
Foreword .v
Introduction .vii
1 Scope . 1
2 Conformance . 1
3 Normative references . 1
4 Terms and definitions . 1
5 Symbols and abbreviated terms . 3
6 System context . 3
6.1 Service-oriented architectures . 3
6.2 BIAS architecture . 5
6.3 Identity models . 6
6.4 Identity databases . 8
6.5 BIAS implementation considerations (informative) . 9
7 Biometric Identity Assurance Services .10
7.1 BIAS interface XML schema .10
7.2 Primitive services .11
7.2.1 Add Subject To Gallery .11
7.2.2 Check Quality .12
7.2.3 Classify Biometric Data .13
7.2.4 Create Encounter .13
7.2.5 Create Subject .14
7.2.6 Delete Biographic Data .14
7.2.7 Delete Biometric Data .15
7.2.8 Delete Document Data .15
7.2.9 Delete Encounter .16
7.2.10 Delete Subject .16
7.2.11 Delete Subject From Gallery .17
7.2.12 Get Identify Subject Results.17
7.2.13 Identify Subject .18
7.2.14 List Biographic Data .19
7.2.15 List Biometric Data .20
7.2.16 List Document Data .21
7.2.17 Perform Fusion .21
7.2.18 Query Capabilities.22
7.2.19 Retrieve Biographic Data .26
7.2.20 Retrieve Biometric Data .27
7.2.21 Retrieve Document Data .28
7.2.22 Set Biographic Data .29
7.2.23 Set Biometric Data .29
7.2.24 Set Document Data .30
7.2.25 Transform Biometric Data .31
7.2.26 Update Biographic Data .31
7.2.27 Update Biometric Data .32
7.2.28 Update Document Data .32
7.2.29 Verify subject .33
7.3 Aggregate Services .34
7.3.1 Delete .34
7.3.2 Enrol .35
7.3.3 Get Deletion Results .36
7.3.4 Get Enrol Results.36
7.3.5 Get Identify Results.37
7.3.6 Get Update Results .37
© ISO/IEC 2015 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 30108-1:2015(E)

7.3.7 Get Verify Results .38
7.3.8 Identify .38
7.3.9 Retrieve Data .40
7.3.10 Update .40
7.3.11 Verify .41
8 Data elements and data types .42
8.1 Biographic data .42
8.1.1 Biographic Data Type . .42
8.1.2 Biographic Data Item Type.43
8.1.3 Biographic Data Set Type .43
8.1.4 Biographic Data List Type .44
8.2 Biometric Data.44
8.2.1 CBEFF BIR Type .44
8.2.2 CBEFF BIR List Type .45
8.2.3 Biometric Data Element Type .46
8.2.4 Biometric Data List Type .46
8.3 Document Data .46
8.3.1 Document Data Type .46
8.3.2 Document Data List Type .47
8.4 Candidate Lists .48
8.4.1 Candidate Type .48
8.4.2 Candidate List Type .48
8.5 Capabilities .49
8.5.1 Capability Type . .49
8.5.2 Capability List Type .49
8.6 Fusion Information .50
8.6.1 Fusion Information Type .50
8.6.2 Fusion Information List Type .50
8.6.3 Fusion Identity List Type .51
8.7 Other Data Types.51
8.7.1 Encounter Category Type .51
8.7.2 Encounter List Type .51
8.7.3 Information Type .52
8.7.4 List Filter Type .52
8.7.5 Option Type .52
8.7.6 Processing Options Type.53
8.7.7 Token Type .53
9 Error handling and notification .54
9.1 Successful service calls .54
9.2 Error condition codes .54
10 Security.56
Annex A (normative) Conformance requirements .57
Annex B (informative) Sample biographic data format references .66
Annex C (informative) Example usage scenarios .67
Annex D (informative) Example encounter scenarios .74
Bibliography .78
iv © ISO/IEC 2015 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 30108-1:2015(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical
Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee
SC 37, Biometrics.
ISO/IEC 30108 consists of the following parts, under the general title Information technology —
Biometric Identity Assurance Services:
— Part 1: BIAS Services
This corrected version of ISO/IEC 30108-1:2015 incorporates the following corrections plus other
minor editorial modifications.
Table A.1: The following rows were missing and have been added to the end of the table:
Get Verify Results C* C* C*
Identify X X
Retrieve Data X X
Update X X X
Verify X X X
Capability Information Items
AggregateInputDataOptional X X X
AggregateInputDataRequired X X X
AggregateProcessingOption X X X
AggregateReturnData X X X
AggregateServiceDescription X X X
BiographicDataSet X X X X X
CBEFFPatronFormat X X X X X X X
© ISO/IEC 2015 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 30108-1:2015(E)

ClassificationAlgorithmType X
ConformanceClass X X X X X X X
Gallery X X X
IdentityModel X X X X X
ComparisonAlgorithm X X X X X X X
ComparisonScore X X X X X X X
QualityAlgorithm X
SupportedBiometric X X X X X X X
TransformOperation X
vi © ISO/IEC 2015 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/IEC 30108-1:2015(E)

Introduction
This part of ISO/IEC 30108 defines the architecture, operations, data elements, and basic requirements
for biometric identity assurance services – a framework for the implementation of generic, biometric-
based identity services within a services-oriented environment. An identity in the context of BIAS
comprises a subject, biographic data, and biometric data. Other parts are intended to define specific
BIAS implementations (or bindings) within specific environments, for example, SOAP web services.
BIAS services are generic in nature, being modality neutral, and not targeted at any particular business
application. These services include those related to identity data management, transformation, and
biometric comparison. Services are invoked by a BIAS requester and implemented by a BIAS service
provider (responder). It does not prescribe the architecture or business logic of either the requester or
service provider.
Two categories of identity services are defined – primitive and aggregate. Primitive services are more
atomic and well-defined, whereas the aggregate services tend to be higher level and enable more
flexibility on the part of the BIAS service provider.
Two identity models are also defined – person-centric and encounter-based. Person-centric systems
maintain a single up-to-date record (set of data) for a given subject, whereas an encounter-based system
retains data related to each interaction the subject has with the system.
This part of ISO/IEC 30108 represents a version of BIAS subsequent to that previously standardized by
INCITS and OASIS, therefore, it is denoted as version 2.0.
© ISO/IEC 2015 – All rights reserved vii

---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO/IEC 30108-1:2015(E)
Information technology — Biometric Identity Assurance
Services —
Part 1:
BIAS services
1 Scope
This part of ISO/IEC 30108 defines biometric services used for identity assurance that are invoked over
a services-based framework. It provides a generic set of biometric and identity-related functions and
associated data definitions to allow remote access to biometric services.
The binding of these services to specific frameworks is not included in this part of ISO/IEC 30108, but
will be the subject of subsequent parts.
Although focused on biometrics, this part of ISO/IEC 30108 will necessarily include support for other
related identity assurance mechanisms such as biographic and document capabilities. BIAS is intended
to be compatible with and used in conjunction with other biometric standards as described in Clause 3.
Specification of biometric functionality is limited to remote (backend) services. Services between
a client-side application and biometric capture devices are not within the scope of this part of
ISO/IEC 30108.
Integration of biometric services as part of an authentication service or protocol is not within the scope
of this part of ISO/IEC 30108.
2 Conformance
Annex A specifies the conformance requirements for systems/components claiming conformance to
this part of ISO/IEC 30108.
3 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 19785-1, Information technology — Common Biometric Exchange Formats Framework — Part 1:
Data element specification
ISO/IEC 19785-3, Information technology — Common Biometric Exchange Formats Framework — Part 3:
Patron format specifications
4 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
4.1
biometric sample
analogue or digital representation of biometric characteristics prior to biometric feature extraction
Note 1 to entry: As an example, a record containing the image of a finger is a biometric sample.
© ISO/IEC 2015 – All rights reserved 1

---------------------- Page: 8 ----------------------
ISO/IEC 30108-1:2015(E)

4.2
claim to identity
biometric claim
assertion that an individual is or is not the bodily source of a specified or unspecified biometric
reference in an identity assurance system
4.3
encounter
event in which the BIAS requester interacts with a subject (4.11) resulting in data being collected during
or about the encounter
Note 1 to entry: The event may involve collection of biographic, biometric, document, and/or contextual data
during an enrolment or recognition interaction.
4.4
encounter-centric system
system that supports encounter processing maintaining a one-to-many relationship between subjects
(4.11) and encounters (4.3) and which does not necessarily contain a single, unique set of information
for each subject
4.5
gallery
group of subjects (4.11) related by a common purpose, designation, or status
EXAMPLE A watch list or a set of subjects entitled to a certain benefit.
4.6
identification
biometric identification
process of searching against a biometric enrolment database to find and return the biometric reference
identifier(s) attributable to a single individual
4.7
identity assurance
process of establishing, determining, and/or confirming a subject identity
4.8
merge
combination of biometric data during the process of updating an enrolment record
Note 1 to entry: The “merge” operation is implementation specific, however, it may include either adding a new
sample to a multi-sample record or performing some level of biometric fusion, for example, sample or feature
level fusion.
4.9
merge
combination of two or more subject records into a single subject record
4.10
person-centric model
identity model in which a single master record is maintained on a subject (4.11) which is updated over
time when additional, newer, or better biographic, biometric, and/or document information becomes
available and which does not maintain separate historical data records for each system encounter with
the subject
4.11
subject
person who is known to an identity assurance system
Note 1 to entry: The person may also be a biometric capture subject or biometric data subject, but this is not the
case in all situations.
2 © ISO/IEC 2015 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC 30108-1:2015(E)

4.12
verification
biometric verification
process of confirming a biometric claim (4.2) through biometric comparison
Note 1 to entry: Verification is usually performed through a one-to-one comparison in which a biometric sample
(4.1) from one individual (probe) is compared to a biometric reference(s) from one individual to produce a
comparison decision (match/no-match) and optionally, a comparison score.
5 Symbols and abbreviated terms
AFIS Automated Fingerprint Identification System
BIAS Biometric Identity Assurance Services
BIR Biometric Information Record
CBEFF Common Biometric Exchange Formats Framework
ESB Enterprise Service Bus
ID Identity/Identification/Identifier
OASIS Organization for the Advancement of Structured Information Standards
SOA
...