iTeh Standards logo
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 17839-1:2025

(Main)

Information technology - Biometric system-on-card - Part 1: Core requirements

Information technology - Biometric system-on-card - Part 1: Core requirements

This document establishes: - functional architecture of a Biometric System-on-Card (BSoC); - definition of Type ID-1 BSoC (ISO/IEC 7810 conformant) and Type ID-T BSoC (see ISO/IEC 18328-2:2021, Annex A) implementation of a BSoC; - sensor types in a BSoC; - requirements to a BSoC with respect to: - discriminative power (i.e. biometric accuracy criteria); - interfaces; - power supply options. - The following aspects are out of scope of this document (see ISO/IEC 24787-1): - off-card biometric comparison, storage-on-card; - on-card biometric comparison (sensor-off-card); - work-sharing implementations; - detailed specification and configuration of individual components. This document provides a functional architectural description of a BSoC and describes how the interfaces are mapped using existing commands and data structures from other International Standards.

Technologies de l'information — Système biométrique sur carte — Partie 1: Exigences de base

General Information

Status
Published
Publication Date
06-Nov-2025
ICS
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
ISO/IEC JTC 1/SC 17 - Cards and security devices for personal identification
Drafting Committee
ISO/IEC JTC 1/SC 17 - Cards and security devices for personal identification
Current Stage
6060 - International Standard published
Start Date
07-Nov-2025
Due Date
23-Aug-2026
Completion Date
07-Nov-2025
Ref Project

Relations

Revises
ISO/IEC 17839-1:2014 - Information technology - Biometric System-on-Card - Part 1: Core requirements
Effective Date
26-Aug-2023

Overview

ISO/IEC 17839-1:2025 - Information technology - Biometric System-on-Card (BSoC) - Part 1: Core requirements - defines the functional architecture and core requirements for integrating biometric capture, processing, storage, comparison, decision and action into a card-sized device. The standard covers two BSoC form-factors: Type ID-1 (conforming to ISO/IEC 7810 card dimensions) and Type ID-T (as specified in ISO/IEC 18328-2:2021, Annex A). It focuses on on-card biometric verification (the entire verification process executed on the card) and describes sensor types, discriminative power (biometric accuracy criteria), interfaces and power-supply options.

Key topics and requirements

  • Functional architecture: Defines the end-to-end BSoC verification flow - capture, feature extraction, on-card comparison, decision and action - and how interfaces map to existing standards.
  • Form factors:
    • Type ID-1 BSoC - ISO/IEC 7810 dimensions, must pass torsion and bending tests; supports contact, USB, contactless and NFC interfaces.
    • Type ID-T BSoC - deviates from some ISO/IEC 7810 constraints (thicker), supports contactless and NFC only.
  • Sensor types: Area and swipe fingerprint sensors are explicitly addressed; other modalities (e.g., voice, dynamic signature) are allowed with appropriate sensors.
  • Discriminative power: Biometric accuracy must follow FMR grading as defined in ISO/IEC 24787-1.
  • Interfaces: Conformance to ISO/IEC 7816-3, ISO/IEC 7816-12, ISO/IEC 14443 series and ISO/IEC 18092 for contact/contactless/NFC operation.
  • Power supply: Supports contact, contactless (ISO/IEC 14443-2 / ISO/IEC 18092) and internal power options (battery or capacitor). Battery-powered BSoC should support at least one full verification without recharge and may allow self-initiated verification.
  • User feedback: On-card or reader-provided feedback (LED, display, buzzer, or IFD interpretation) to indicate verification status.
  • Out of scope: Off-card comparison, storage-on-card architectures, sensor-off-card on-card comparison and detailed component specifications.

Applications

Practical uses of ISO/IEC 17839-1:2025 include designing and specifying secure, portable biometric verification solutions where the biometric match is performed entirely on the card. Typical applications:

  • secure identity verification and authentication in constrained environments
  • tamper-resistant personal ID and credential cards
  • access control and verification systems requiring strong privacy protection (no biometric data leaves the card)

Who should use this standard

  • card manufacturers and module designers
  • biometric sensor vendors and system integrators
  • government agencies and identity program architects
  • test labs and conformity assessors

Related standards

Key references and interoperable standards: ISO/IEC 7810, ISO/IEC 7816-3, ISO/IEC 7816-12, ISO/IEC 14443 (all parts), ISO/IEC 18092, ISO/IEC 18328-2:2021 (Annex A), ISO/IEC 24787-1:2024, ISO/IEC 17839-3 and ISO/IEC 2382-37.

ISO/IEC 17839-1:2025 - Information technology — Biometric system-on-card — Part 1: Core requirements Released:7. 11. 2025ISO/IEC 17839-1:2025 - Information technology — Biometric system-on-card — Part 1: Core requirements Released:7. 11. 2025
PreviousNext
Standard
ISO/IEC 17839-1:2025 - Information technology — Biometric system-on-card — Part 1: Core requirements Released:7. 11. 2025
English language
7 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


International
Standard
ISO/IEC 17839-1
Second edition
Information technology —
2025-11
Biometric system-on-card —
Part 1:
Core requirements
Technologies de l'information — Système biométrique sur carte —
Partie 1: Exigences de base
Reference number
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 3
5 Functional architecture of a BSoC . 3
5.1 BSoC verification .3
5.2 Type ID-1 BSoC .3
5.3 Type ID-T BSoC .4
5.4 Feedback to the user .4
5.5 Sensor type .4
6 Discriminative power . 5
7 Power supply . 5
7.1 General .5
7.2 Contacts .5
7.3 Contactless .5
7.4 Internal power supply .5
8 Infrastructure . 5
Annex A (informative) Motivations for the specification of Type ID-T . 6
Bibliography . 7

© ISO/IEC 2025 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 17, Cards and security devices for personal identification.
This second edition cancels and replaces the first edition (ISO/IEC 17839:2014), which has been technically
revised.
The main changes are as follows:
— updated Biometric System-on-Card architecture in alignment with ISO/IEC 24787-1;
— replaced references to S1 and S2 with ID-1 and ID-T;
— removed normative references to ISO/IEC 15693;
— added diagram for feedback.
A list of all parts in the ISO/IEC 17839 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2025 – All rights reserved
iv
Introduction
In the context of this document, a Biometric System-on-Card is a portable card-sized device including the
following entities: biometric capture, data processing, storage, comparison, decision, and action. It is a
functional extension to on-card biometric comparison by physically and logically integrating the sensor and
signal processing into the card.
ISO/IEC 7816-11, ISO/IEC 19785-3, ISO/IEC 19795-7 and ISO/IEC 24787-1 include technologies with respect
to on-card biometric comparison.
The physical integration of a biometric sensor in an ISO/IEC 7810 card withstanding torsion and bending
tests is technically challenging. This document describes two types of Biometric System-on-Card. Type ID-1
BSoC is a flexible card fully conformant to ISO/IEC 7810 while Type ID-T BSoC conformant to Annex A of
ISO/IEC 18328-2:2021 intentionally deviates from some of the requirements to size and bending stiffness,
keeping the rest of the requirements intact, including the use of a contactless ICC interface.
The ISO/IEC 17839 series is currently organized in 3 separate documents:
— ISO/IEC 17839-1, Biometric System-on-Card — Part 1: Core requirements (this document)
— ISO/IEC 17839-2, Biometric System-on-Card — Part 2: Physical characteristics
— ISO/IEC 17839-3, Biometric System-on-Card — Part 3: Logical information interchange mechanism

© ISO/IEC 2025 – All rights reserved
v
International Standard ISO/IEC 17839-1:2025(en)
Information technology — Biometric system-on-card —
Part 1:
Core requirements
1 Scope
This document establishes:
— functional architecture of a Biometric System-on-Card (BSoC);
— definition of Type ID-1 BSoC (ISO/IEC 7810 conformant) and Type ID-T BSoC (see ISO/IEC 18328-2:2021,
Annex A) implementation of a BSoC;
— sensor types in a BSoC;
— requirements to a BSoC with respect to:
— discriminative power (i.e. biometric accuracy criteria);
— interfaces;
— power supply options.
The following aspects are out of scope of this document (see ISO/IEC 24787-1):
— off-card biometric comparison, storage-on-card;
— on-card biometric comparison (sensor-off-card);
— work-sharing implementations;
— detailed specification and configuration of individ
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

Frequently Asked Questions

ISO/IEC 17839-1:2025 is a standard published by the International Organization for Standardization (ISO). Its full title is "Information technology - Biometric system-on-card - Part 1: Core requirements". This standard covers: This document establishes: - functional architecture of a Biometric System-on-Card (BSoC); - definition of Type ID-1 BSoC (ISO/IEC 7810 conformant) and Type ID-T BSoC (see ISO/IEC 18328-2:2021, Annex A) implementation of a BSoC; - sensor types in a BSoC; - requirements to a BSoC with respect to: - discriminative power (i.e. biometric accuracy criteria); - interfaces; - power supply options. - The following aspects are out of scope of this document (see ISO/IEC 24787-1): - off-card biometric comparison, storage-on-card; - on-card biometric comparison (sensor-off-card); - work-sharing implementations; - detailed specification and configuration of individual components. This document provides a functional architectural description of a BSoC and describes how the interfaces are mapped using existing commands and data structures from other International Standards.

This document establishes: - functional architecture of a Biometric System-on-Card (BSoC); - definition of Type ID-1 BSoC (ISO/IEC 7810 conformant) and Type ID-T BSoC (see ISO/IEC 18328-2:2021, Annex A) implementation of a BSoC; - sensor types in a BSoC; - requirements to a BSoC with respect to: - discriminative power (i.e. biometric accuracy criteria); - interfaces; - power supply options. - The following aspects are out of scope of this document (see ISO/IEC 24787-1): - off-card biometric comparison, storage-on-card; - on-card biometric comparison (sensor-off-card); - work-sharing implementations; - detailed specification and configuration of individual components. This document provides a functional architectural description of a BSoC and describes how the interfaces are mapped using existing commands and data structures from other International Standards.

ISO/IEC 17839-1:2025 is classified under the following ICS (International Classification for Standards) categories: 35.240.15 - Identification cards. Chip cards. Biometrics. The ICS classification helps identify the subject area and facilitates finding related standards.

ISO/IEC 17839-1:2025 has the following relationships with other standards: It is inter standard links to ISO/IEC 17839-1:2014. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.

You can purchase ISO/IEC 17839-1:2025 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of ISO standards.

This May Also Interest You

ISO
ISO/IEC TR 25219:2025(Main)
Personal identification - ISO-compliant driving licence - Considerations for early adopters of ISO/IEC 18013-7

This document specifies considerations that can be of use to implementers and developers that elect to participate in work around updates to ISO/IEC TS 18013-7 . These considerations are intended to support the improvements, to maximize backward compatibility and to, at minimum, maintain the security and privacy properties already embodied in ISO/IEC TS 18013-7 . This document also provides additional information related to these considerations.

  • Technical report
    3 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 18013-6:2025(Main)
Personal identification - ISO-compliant driving licence - Part 6: mDL test methods

This document specifies test methods for testing conformity of a mobile driving licence (mDL) or an mDL reader to ISO/IEC 18013-5. This document specifies test methods for: - mDL on its interface to an mDL reader; - mDL reader on its interface to an mDL; - mDL reader on its (optional) interface to an issuing authority infrastructure. Test cases for an issuing authority infrastructure on its interface to an mDL reader are not included in this document. Test cases for the use of OpenID Connect (OIDC) by an mDL reader on its interface to an issuing authority infrastructure are not included in this document. This document only provides test cases for the use of WebAPI on this interface. This document only addresses the functional behaviour of an implementation under test (IUT) on its interface(s) in scope. It does not address: - the internal implementation of an IUT, such as a secure area in an mDL; - any functional requirements to an IUT not specified in ISO/IEC 18013-5, for example, requirements of a particular issuing authority; - non-functional aspects of the IUT, nor IUT interfaces not listed above, such as the interface from an issuing authority infrastructure to an mDL, used to provision mDL data.

  • Technical specification
    58 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 23220-6:2025(Main)
Cards and security devices for personal identification - Building blocks for identity management via mobile devices - Part 6: Mechanism for use of certification on trustworthiness of secure area

This document specifies mechanism for use of certification on trustworthiness of secure area that is defined in ISO/IEC 23220-1. This document aims at enabling secure area providers to describe capabilities and confidence level of secure area for verification by eID issuers or mobile eID Attestation service providers, or both. This document specifies: - list of elements describing capabilities and confidence level of a secure area; - structure and management for use of a certificate, affixed or not to the secure area, containing that list of elements. This document refers to existing standards and applicable industry specifications which partly address the trustworthiness related issue (e.g. DLOA specified in GlobalPlatform specification GPC_SPE_095[ REF Reference_ref_3 \r \h 1 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000100000005200650066006500720065006E00630065005F007200650066005F0033000000 ], MDS specified in FIDO Alliance specification[ REF Reference_ref_4 \r \h 2 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000100000005200650066006500720065006E00630065005F007200650066005F0034000000 ], and SAAO specified in ISO/IEC TS 23220-3), and aims to minimize the differences between them.

  • Technical specification
    35 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 18013-7:2025(Main)
Personal identification - ISO-compliant driving licence - Part 7: Mobile driving licence (mDL) add-on functions

This document augments the capabilities of the mobile driving licence (mDL) standardized in ISO/IEC 18013-5 with the following additional functionality: - presentation of a mobile driving licence to a reader over the internet.

  • Technical specification
    42 pages
    English language
    sale 15% off
ISO
ISO/IEC 18584-2:2025(Main)
Information technology - Test methods for on-card biometric comparison applications - Part 2: Work-sharing mechanism

This document establishes conformance testing for the requirement described in ISO/IEC 24787-2, which is: - work-sharing on-card biometric comparison. Measuring the performance of on-card biometric comparison algorithms such as error rates or speed is not within the scope of this document.

  • Standard
    6 pages
    English language
    sale 15% off
ISO
ISO/IEC 18584-1:2025(Main)
Information technology - Test methods for on-card biometric comparison applications - Part 1: General principles and specifications

This document establishes conformance testing for the requirements described in ISO/IEC 24787-1, which are: - framework for on-card biometric comparison, both in sensor-off-card systems and as part of Biometric System-on-Card; - security policies for on-card biometric comparison. Measuring the performance of on-card biometric comparison algorithms such as error rates or speed is not within the scope of this document.

  • Standard
    19 pages
    English language
    sale 15% off
ISO
ISO/IEC 22460-1:2025(Main)
Cards and security devices for personal identification - ISO UAS licence and drone or UAS security module - Part 1: Physical characteristics and basic data sets for UAS licence

This document establishes requirements and recommendations for the design format and data content of a drone or UAS remote pilot and remote crew licence, encompassing both visual human-readable features and machine-readable technologies. By establishing a common basis, this document aims to standardize drone or UAS remote pilot and remote crew licence without impeding the efforts of individual national or regional drone or UAS-related authorities. NOTE Not all jurisdictions require drone or UAS remote pilot and remote crew licences.

  • Standard
    35 pages
    English language
    sale 15% off
ISO
ISO/IEC 7816-3:2006/Amd 1:2025(Amendment)
Identification cards - Integrated circuit cards - Part 3: Cards with contacts - Electrical interface and transmission protocols - Amendment 1: Additional voltage classes
  • Standard
    3 pages
    English language
    sale 15% off
ISO
ISO/IEC 10373-6:2025(Main)
Cards and security devices for personal identification - Test methods - Part 6: Contactless proximity objects

This document defines test methods which are specific to proximity cards and objects, proximity coupling devices and proximity extended devices, defined in ISO/IEC 14443-1, ISO/IEC 14443-2, ISO/IEC 14443-3 and ISO/IEC 14443-4. NOTE Test methods defined in this document are intended to be performed separately. A given proximity card or object, proximity coupling device or proximity extended device, is not required to pass through all the tests sequentially. The conformance test plan defined in Annex O specifies the list of tests required for each part of the ISO/IEC 14443 series.

  • Standard
    240 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 18013-6:2024(Main)
Personal identification - ISO-compliant driving licence - Part 6: mDL test methods

This document specifies test methods for testing conformity of a mobile driving licence (mDL) or an mDL reader to ISO/IEC 18013-5. This document specifies test methods for: - mDL on its interface to an mDL reader; - mDL reader on its interface to an mDL; - mDL reader on its (optional) interface to an issuing authority infrastructure. Test cases for an issuing authority infrastructure on its interface to an mDL reader are not included in this document. Test cases for the use of OIDC by an mDL reader on its interface to an issuing authority infrastructure are not included in this document. This document only provides test cases for the use of WebAPI on this interface. This document only addresses the functional behaviour of an implementation under test (IUT) on its interface(s) in scope. It does not address: - the internal implementation of an IUT, such as a secure area in an mDL; - any functional requirements to an IUT not specified in ISO/IEC 18013-5, for example, requirements of a particular issuing authority; - non-functional aspects of the IUT, nor IUT interfaces not listed above, such as the interface from an issuing authority infrastructure to an mDL, used to provision mDL data.

  • Technical specification
    58 pages
    English language
    sale 15% off