iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

kSIST-TS FprCEN/TS 17489-5:2025

(Main)

Personal identification - Secure and interoperable European breeder documents - Part 5: Trust establishment and management processes

Personal identification - Secure and interoperable European breeder documents - Part 5: Trust establishment and management processes

1.1   Objective
This document is intended for the use of breeder document issuing authorities both policymakers and technical, for having uniform formats that conform to printed as well as digital requirements of CEN member and associated states (including EU member states).
The objectives are:
a)   provision of a common set of formats of breeder documents – printed and digital to be implemented by CEN member and associated states (including EU member states), with the extended objective of their acceptance internationally;
b)   the focus is on having common recognizable formats as well as prevention of identity fraud, particularly related to the use of breeder documents to obtain national and international ID documents, such as passports, and residence permits.
1.2   Human dimension of identity management
Each country’s identity management system also provides a framework for observing and protecting many of the human rights embodied in international declarations and conventions. Depending on the provisions in place, the system can ensure that citizens can exercise a wide range of rights, such as rights to property, privacy, freedom of movement and free choice of place of residence, as well as access to social services such as education, healthcare and social security. In states with more advanced technological infrastructure, population registration provides the basis for the establishment of a number of citizen-oriented computerized services, also known as e-services and e-government. Identity management is also central to prevention of discrimination in exercising guaranteed rights.
The identity management infrastructure provides the backbone for a functioning and viable state by securing civil, population and tax registers, as well other systems such as healthcare benefits, voter lists and the issuance of travel and identity documents based on verifiable identities. Such flaws may become visible during elections, where shortcomings in voter lists can affect confidence in the election process. In essence, a secure identity management system can be seen as the foundation, a root level, that is able to then feed into and help numerous other branches of key state services function effectively and accurately (OSCE, 2017, p.13) [27].
1.3   Security dimension of identity management
One of the key elements of a secure environment for cross-border travel is that the travel documents used by visitors meet international standards in terms of security of the document itself and security in that the document reflects the genuine identity of its holder. Similarly, the systems for issuing travel documents need to be linked to identity management systems to streamline decision-making processes, preferably through modernized systems that reflect developments in document security technology. As entries in registers or officially issued identification documents provide access to specific services, criminal networks are constantly looking for possible gaps in identity management systems to obtain genuine documents under fabricated or stolen identities. Documents obtained as result of gaps in identity management have enabled criminals to target business entities and cause significant financial losses through the use of genuine documents issued to non-existent identities (OSCE, 2017, p.14) [27].
Both legal and illegal immigration breeder docs are regularly used to determine an identity if no MRTD or eMRTD is presented. An identity which will be printed on an eRP, Foreigners ppt, Refugees travel doc etc. unless other supportive evidence of identity is provided.
Organized crime has not overlooked this and fraudulently obtained or falsified travel documents are regularly presented to hide the true identity.
Since a significant portion of the world’s population cannot reliably prove their identity, they rely on verbally presented identities and/or supportive breeder documents when registering in another country.
Asylum applicants who...

Persönliche Identifikation - Sichere und interoperable Europäische Ausgangsdokumente - Teil 5: Vertrauensbildung und Verwaltungsprozesse

Osebna identifikacija - Varni in interoperabilni evropski izvorni dokumenti - 5. del: Postopki vzpostavitve in vodenja zaupanja

General Information

Status
Not Published
Public Enquiry End Date
29-Jun-2025
ICS
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
ITC - Information technology
Current Stage
5520 - Unique Acceptance Procedure (UAP) (Adopted Project)
Start Date
25-Apr-2025
Due Date
12-Sep-2025
Ref Project
FprCEN/TS 17489-5 - Personal identification - Secure and interoperable European breeder documents - Part 5: Trust establishment and management processes

Buy Standard

kTS FprCEN/TS 17489-5:2025kTS FprCEN/TS 17489-5:2025
PreviousNext
Draft
kTS FprCEN/TS 17489-5:2025
English language
69 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-junij-2025
Osebna identifikacija - Varni in interoperabilni evropski izvorni dokumenti - 5. del:
Postopki vzpostavitve in vodenja zaupanja
Personal identification - Secure and interoperable European breeder documents - Part 5:
Trust establishment and management processes
Persönliche Identifikation - Sichere und interoperable Europäische Ausgangsdokumente
- Teil 5: Vertrauensbildung und Verwaltungsprozesse
Ta slovenski standard je istoveten z: FprCEN/TS 17489-5
ICS:
35.240.15 Identifikacijske kartice. Čipne Identification cards. Chip
kartice. Biometrija cards. Biometrics
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

FINAL DRAFT
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
April 2025
ICS 35.240.15
English Version
Personal identification - Secure and interoperable
European breeder documents - Part 5: Trust establishment
and management processes
Persönliche Identifikation - Sichere und interoperable
Europäische Ausgangsdokumente - Teil 5:
Vertrauensbildung und Verwaltungsprozesse

This draft Technical Specification is submitted to CEN members for Vote. It has been drawn up by the Technical Committee
CEN/TC 224.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.

Warning : This document is not a Technical Specification. It is distributed for review and comments. It is subject to change
without notice and shall not be referred to as a Technical Specification.

EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2025 CEN All rights of exploitation in any form and by any means reserved Ref. No. FprCEN/TS 17489-5:2025 E
worldwide for CEN national Members.

Contents Page
European foreword . 3
Introduction . 4
1 Scope . 6
1.1 Objective . 6
1.2 Human dimension of identity management . 6
1.3 Security dimension of identity management . 6
1.4 Legal identity . 7
2 Normative references . 8
3 Terms and definitions . 8
4 Symbols and abbreviated terms . 10
5 Methodology . 10
5.1 Introduction . 10
5.2 Procedure . 11
5.3 Classification. 11
5.3.1 Categories of criteria adoption . 11
5.3.2 Categories of implementation status . 11
5.4 Reporting . 11
5.4.1 Objective . 11
5.4.2 Declaration of Implementation (DOI) . 12
5.4.3 Ranking . 12
Annex A (informative) Checklist “Declaration of Implementation . 14
A.1 General recommendations on issuance and operational procedures . 14
A.1.1 Logistical aspects . 14
A.1.2 Human resources . 18
A.1.3 Technical controls and system migration . 24
A.1.4 Distribution of secure public keys and systems access . 31
A.1.5 Civil registration (Newly born) . 33
A.1.6 Civil registration (other) . 49
A.1.7 Content update of data-entries . 52
A.1.8 Reissuance of birth certificates . 58
A.1.9 Issuance process . 60
A.1.10 Coding; Transcribing of eastern / western names and character sets . 62
A.1.11 Validity of document . 63
A.1.12 Vetting of data . 64
A.1.13 Note . 66
Bibliography . 67
European foreword
This document (FprCEN/TS 17489-5:2025) has been prepared by Technical Committee CEN/TC 224
“Personal identification and related personal devices with secure element, systems, operations and
privacy in a multi sectorial environment”, the secretariat of which is held by AFNOR.
This document is currently submitted to the Vote on TS.

Introduction
A legally recognized identity enables citizens to exercise their rights and access state and other services.
This includes the right to travel and access to travel documents such as passports, as well as access to
education, healthcare, social services, and bank accounts. In order to establish legally recognized
identities of citizens, states implement identity management (IdM) systems.
Breeder documents are legal documents which certify a vital event of a person and are essential
components of these IdM systems. According to the United Nations terminology [10] vital events include
live birth, death, foetal death, marriage (which includes partnership), divorce, adoption, legitimation,
recognition of parenthood, annulment of marriage, or legal separation. These vital events of a person are
recorded in the civil register (if used) of the state, during a process which is called registration, and a
corresponding breeder document is issued to the citizen.
The Organization for Security and Co-operation in Europe (OSCE) points out the importance of a breeder
document (denoted as primary documents) framework [8]:
“While there are several layers of identity management that produce different types of identity
documents, frameworks for issuing primary identity documents are the critical components of the entire
identity management system. They provide a framework for the legal establishment of one’s identity and
identity documents on the basis of which other types of identity documents may be issued.”
While there are standardized frameworks for identity documents such as travel documents including
passports, a standardized framework for secure and interoperable breeder documents is missing.
For machine readable travel documents (MRTDs) including passports, the International Civil Aviation
Organization (ICAO) has published the Doc 9303 standard [4] which has been prepared in collaboration
with the standardization group ISO/IEC JTC 1/SC 17/WG 3. The international adoption and
implementation of this document establishes a certain security level for travel documents and enables
interoperability, e.g. by means of the standardized layout and character set used for travel documents.
The lack of breeder document standardization leads to interoperability as well as security issues. The
layout of breeder documents differs between states and often even between the municipalities of a state.
Breeder documents typically do not support machine readable technologies, and therefore their data is
be manually entered for subsequent processing which is error prone and time consuming. The non-
standardized layout can hinder a verifier to identify the required breeder document data and a
translation of the breeder document is potentially required. This translation potentially uses a
transliteration of names, i.e. a conversion of the names from one alphabet to another, and this can lead to
different spellings of the name of the same person, e.g. if diacritical marks are used in the original breeder
document, but not used in the translated document.
For instance, the International Commission on Civil Status (ICCS) [6] has addressed these interoperability
issues in several conventions and recommendations that specify a data set and a character set to be used
as well as identifiers for the different data fields of a breeder document.
Breeder documents are typically used as an identity evidence in identity proofing scenarios for issuing
travel documents. Due to the established security level of travel documents and the typically lower
security level of breeder documents fraudsters aim at obtaining authentic travel documents on the basis
of false identities based e.g. on non-genuine or forged breeder documents instead of forging or
counterfeiting travel documents. Therefore, fraudsters use:
— counterfeit breeder documents, i.e. unauthorized reproductions of genuine documents;
— forged breeder documents, i.e. genuine breeder document that have been altered;
— genuine breeder documents of another person; i.e. they impersonate the legitimate holder of the
breeder documents. As breeder documents such as birth certificates usually do not include
information that links the breeder document to its legitimate holder, strong organisational methods
are required to establish this link, in particular in the case of first-time registration;
— forged data and identity evidence documents to obtain breeder documents with false data
representations.
Breeder documents are considered the weakest link in the issuance process of travel documents, see the
ICAO guidelines [5] for best practices on how breeder documents are used in this process. For this reason
the European Union (EU) has funded projects to investigate solutions for strengthening the security of
breeder documents: The FIDELITY project [3] suggests among others a standardized birth certificate
design, the support of physical security features and an online verification of the birth certificate. The
ORIGINS project [9] analysed the issuance of breeder documents used for passport delivery, identified
loopholes in this process, and proposed security measures and processes to enhance the security of
breeder documents. These enhancements include the standardization of breeder documents and the
harmonization of the related processes. In addition, the European Commission has issued an action plan
to strengthen the European response to travel document fraud [2] which recommends a minimum
security level for breeder documents to prevent counterfeiting and forging.
The breeder document framework in CEN/TS 17489 (all parts) takes the results of these EU projects [3],
[9] into considerat
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST-TS CEN/TS 17489-2:2025(Main)
Secure and interoperable European Breeder Documents — Part 2: Data model
CEN/TS 17489-2:2024

This document specifies the abstract data model for breeder document data and the specific encodings of this abstract data model used in the CEN breeder document framework.
The abstract data model is a semantic description of the birth, marriage / partnership, and death certificate data, independently from their specific encoding. This abstract data model is extensible for further standardized and proprietary data of birth, marriage / partnership, and death certificates as well as for other types of breeder documents.
This abstract data model is technology agnostic, i.e. it is applicable for paper-based, server-based, and hardware-based breeder documents as well as further breeder document designs and technologies.
The specific encodings of this abstract data model comprise the encodings to be used for the machine readable technologies specified in part 3 of the framework as well as the encoding of human readable breeder document data. These encodings are used in the birth, marriage / partnership, and death certificate profiles specified in part 4 of the framework.

  • Technical specification
    25 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 18099:2025(Main)
Biometric data injection attack detection
CEN/TS 18099:2024

This document provides an overview on:
-   Definitions on Biometric Data Injection Attack,
-   Biometric Data Injection Attack use case on main biometric system hardware for enrolment and verification,
-   Injection Attack Instruments on systems using one or several biometric modalities.
This document provides guidance on:
-   System for the detection of Injection Attack Instruments (defined in 3.12),
-   Appropriate mitigation risk of Injection Attack Instruments,
-   Creation of test plan for the evaluation of Injection Attack Detection system (defined in 3.9).
If presentation attacks testing is out of scope of this document, note that these two characteristics are in the scope of this document:
-   Presentation Attack Detection systems which can be used as injection attack instrument defence mechanism and/or injection attack method defence mechanism. Yet, no presentation attack testing will be performed by the laboratory to be compliant with this document (out of scope).
-   Bona Fide Presentation testing in order to test the ability of the Target Of Evaluation to correctly classify legitimate users.
The following aspects are out of scope:
-   Presentation Attack testing (as they are covered in ISO/IEC 30107 standards),
-   Biometric attacks which are not classified as Type 2 attacks (see Figure 1),
-   Evaluation of implementation of cryptographic mechanisms like secure elements,
-   Injection Attack Instruments rejected due to quality issues.

  • Technical specification
    37 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TP CEN/TR 18108:2025(Main)
Personal identification - Usage of biometrics in breeder documents
CEN/TR 18108:2024

This document provides guidance on usage of biometrics in breeder documents, in particular regarding
-   encoding of biometric reference data;
-   data quality maintenance for biometric reference data;
-   data authenticity maintenance for biometric reference data; and
-   privacy preservation of biometric reference data.
This document addresses advantages and disadvantages of biometric modes, in particular regarding
-   verification performance;
-   privacy impact;
-   feasibility of biometric acquisition considering the age of the capture subjects;
-   limits of validity and need for updating biometric reference data.
The following aspects are out of scope:
-   format and structure of breeder documents;
-   general security aspects, which are covered in CEN/TS 17489-1 [1].

  • Technical report
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 21549-7:2024(Main)
Health informatics - Patient healthcard data - Part 7: Medication data (ISO 21549-7:2024)
EN ISO 21549-7:2024

This document applies to situations in which such data is recorded on or transported by patient healthcards compliant with the physical dimensions of ID-1 cards defined by ISO/IEC 7810.
This document specifies the basic structure of the data contained within the medication data object, but does not specify or mandate particular data sets for storage on devices.
The purpose of this document is for cards to provide information to other health professionals and to the patient or its non-professional caregiver.
It can also be used to carry a new prescription from the prescriber to the dispenser/pharmacy in the design of its sets.
Medication data include the following four components:
—     medication notes: additional information related to medication and the safe use of medicines by the patient such as medication history, sensitivities and allergies;
—     medication prescriptions: to carry a new prescription from the prescriber to the dispenser/pharmacy;
—     medication dispensed: the records of medications dispensed for the patient;
—     medication references: pointers to other systems that contain information that makes up medication prescription and the authority to dispense.
The following topics are beyond the scope of this document:
—     physical or logical solutions for the practical functioning of particular types of data cards;
—     how the message is processed further “downstream” of the interface between two systems;
—     the form which the data takes for use outside the data card, or the way in which such data is visibly represented on the data card or elsewhere.
NOTE            Not only does the definition of “medicinal products” differ from country to country, but also the same name can relate to entirely different products in some countries. Therefore, it is important to consider the safety of the patient when the card is used across borders.
This document describes and defines the Medication data objects used within or referenced by patient-held health data cards using UML, plain text and Abstract Syntax Notation (ASN.1).
This document does not describe nor define the common objects defined within ISO 21549-2.

  • Standard
    51 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TP CEN/TR 18030:2024(Main)
Personal identification - Biometrics - Overview of biometric verification systems implemented across Europe
CEN/TR 18030:2023

This Technical Report provides an overview of the current deployment of biometric systems within Europe. It addresses the challenges that are being faced, in order to detect the current needs for improving the specifications for the implementation and deployment of biometric systems. This Technical Report considers all kind of deployments, from border control to ad-hoc services. As most of the deployed systems are based on the use of fingerprints or face recognition, this Technical Report will focus on these two biometric modalities, from the system integrator and interoperability points of view.
Identity documents, in terms of production, structure, interoperability, etc., are out of the scope of this TR. The TR is focused on the performance at system level.
The current European legislative initiatives around this topic (e.g., Entry/Exit System, framework for interoperability between EU information systems, etc.) need a robust framework study about the availability of standard technologies to improve interoperability in biometric products around the European Union.
By showing these needs, a set of recommendations for future standardization works is provided.
From a methodological perspective, the report gathers information of different entities with this classification:
- Capture/enrolment of biometrics including the quality assurance and the generation of feature or biometric models from the images.
- Best practices and guidelines to use biometrics in Europe.
- Data Quality environment using biometrics in European networks.

  • Technical report
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 21549-5:2024(Main)
Health informatics - Patient healthcard data - Part 5: Identification data (ISO 21549-5:2023)
EN ISO 21549-5:2023

This document describes and defines the basic structure of the identification data objects held on healthcare data cards, but it does not specify particular data sets for storage on devices.
This document does not apply to the detailed functions and mechanisms of the following services (although its structures can accommodate suitable data objects elsewhere specified):
—    security functions and related services that are likely to be specified by users for data cards depending on their specific application, e.g. confidentiality protection, data integrity protection and authentication of persons and devices related to these functions;
—    access control services;
—    the initialization and issuing process (which begins the operating lifetime of an individual data card, and by which the data card is prepared for the data to be subsequently communicated to it according to this document).
Therefore, this document does not cover:
—    physical or logical solutions for the practical functioning of particular types of data card;
—    the forms that data take for use outside the data card, or the way in which such data are visibly represented on the data card or elsewhere.

  • Standard
    17 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 2382-37:2024(Main)
Information technology - Vocabulary - Part 37: Biometrics (ISO/IEC 2382-37:2022)
EN ISO/IEC 2382-37:2023

This document establishes a systematic description of the concepts in the field of biometrics pertaining to recognition of human beings. This document also reconciles variant terms in use in pre-existing International Standards on biometrics against the preferred terms, thereby clarifying the use of terms in this field.
This document does not cover concepts (represented by terms) from information technology, pattern recognition, biology, mathematics, etc. Biometrics uses such fields of knowledge as a basis.
In principle, mode-specific terms are outside of scope of this document.

  • Standard
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TP CEN/TR 17982:2024(Main)
European Digital Identity Wallets standards Gap Analysis
CEN/TR 17982:2023

This document identifies relevant existing standards and standards work in progress around European Digital Identity Wallets. It also identifies missing work items and overlaps in standards and is supposed to work as a roadmap for future standardization projects in the area.

  • Technical report
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 17661:2022(Main)
Personal identification – European enrolment guide for biometric ID documents (EEG)
CEN/TS 17661:2021

This document consolidates information relating to successful and high quality biometric enrolment processes of facial and fingerprint systems, while indicating risk factors and providing appropriate mitigations. This information supports decisions regarding procurement, design, deployment and operation of these biometric systems.
This document provides guidance on:
—   capturing of facial images to be used as reference images in identity and secure documents;
—   capturing of fingerprint images to be used as reference images in identity and secure documents;
—   data quality maintenance for biometric reference data;
—   data authenticity maintenance for biometric reference data.
The document addresses the following aspects which are specific for biometric reference data capturing:
—   biometric data quality and interoperability ensurance;
—   data authenticity ensurance;
—   morphing and other presentation attack detection as well as other unauthorized changes;
—   accessibility and usability;
—   privacy and data protection;
—   optimal enrolment design.
The following aspects are out of scope:
—   IT security;
—   data capturing for verification purposes, e.g. in ABC gates;
—   capturing biometric data for enrolment in other systems different from data enrolment for integration in secure MRTD, like entry/exit systems.
This document consolidates the role of the enrolment process in a biometric system and differentiates the enrolment from the authentication, while mentioning key factors of the enrolment process that are feature independent.
Interests of the existing stakeholders are broken down and provide an insight on different views of the enrolment. In addition, organisational enrolment approaches are covered.
This document is not concerned with IT requirements or the capturing of biometric data for inspection, identification or verification purposes without the required step of creating an identity document using the captured data.

  • Technical specification
    73 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 17631:2021(Main)
Personal identification - Biometric group access control
CEN/TS 17631:2021

This document provides guidance on providing access:
— to areas with physical access control, e.g. entertainment facilities, train stations, shops, libraries, banks, or border control,
— for small groups of persons, e.g. families with small children or seniors, or other accompanied persons in need of support,
— by means of biometric authentication technologies, e.g. facial, fingerprint, or vein recognition,
— in the European regulatory context.
The document addresses the following aspects, which are specific for biometric and group access:
— accessibility and usability,
— user guidance including group guidance and interaction control,
— privacy including data set content,
— presentation attack detection,
— applicable biometric technologies,
— storage of reference data,
— biometric process integration,
— specific needs considering biometrics for groups,
— biometric performance and error rates, and
— group internal linkage.
The following aspects which reflect on generic access control issues are out of scope:
— IT security,
— application specific physical security,
— policy definition,
— processes not related to biometric authentication, and
— specific performance requirements of identification (1:N) and verification (1:1) applications.

  • Technical specification
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day