Personal identification - Robustness against biometric presentation attacks - Application to European Automated Border Control

This Technical Specification is an application profile for the International Standard ISO/IEC 30107 Biometric presentation attack detection. It provides best practice recommendations for the implementation of Automated Border Control (ABC) systems in Europe.
Presentation Attack Detection (PAD) is addressed for facial and fingerprint recognition.
The biometric reference data can be stored in electronic Machine Readable Travel Documents (eMRTD) and/or EU Visa Information System (VIS).
The TS covers the robustness of the system, privacy and data protection aspects, usability and acceptance as well as countermeasures including their evaluation from the Biometrics perspective. Enrolment, issuance and verification applications of eMRTD other than border control are not in scope.

Persönliche Identification - Empfehlungen zur Sicherung der biometrischen Belastbarkeit Europäischer ABC-Systeme gegenüber Manipulationen

Identification personnelle - Recommandations pour garantir la robustesse de la biométrie dans les systèmes de contrôle frontalier automatisés européens contre les attaques de présentation

Osebna identifikacija - Odpornost proti napadom na biometrično predstavitev - Uporaba pri evropskem avtomatiziranem mejnem nadzoru

Ta tehnična specifikacija je profil aplikacije za mednarodni standard ISO/IEC 30107 Zaznavanje napada na biometrično predstavitev. Določa priporočila najboljše prakse za uvedbo avtomatiziranih sistemov nadzora meje (ABC) v Evropi. Zaznavanje napada na predstavitev (PAD) se uporablja za prepoznavanje obraza in prstnih odtisov. Biometrični referenčni podatki se lahko shranijo v elektronskih strojno berljivih potovalnih dokumentih (eMRTD) in/ali v vizumskem informacijskem sistemu EU (VIS). Tehnična specifikacija obravnava robustnost sistema, vidike zasebnosti in varstva podatkov, uporabnost in sprejemljivost ter protiukrepe, vključno z vrednotenjem z vidika biometrije. Postopki vnašanja, izdajanja in preverjanja drugih elektronskih strojno berljivih potovalnih dokumentov, razen nadzora na meji, ne spadajo na področje uporabe tega dokumenta.

General Information

Status
Published
Publication Date
03-Jan-2019
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
13-Dec-2018
Due Date
17-Feb-2019
Completion Date
04-Jan-2019

Buy Standard

Technical specification
SIST-TS CEN/TS 17262:2019
English language
23 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST-TS CEN/TS 17262:2019
01-februar-2019
2VHEQDLGHQWLILNDFLMD2GSRUQRVWSURWLQDSDGRPQDELRPHWULþQRSUHGVWDYLWHY
8SRUDEDSULHYURSVNHPDYWRPDWL]LUDQHPPHMQHPQDG]RUX

Personal identification - Robustness against biometric presentation attacks - Application

to European Automated Border Control

Persönliche Identification - Empfehlungen zur Sicherung der biometrischen Belastbarkeit

Europäischer ABC-Systeme gegenüber Manipulationen

Identification personnelle - Recommandations pour garantir la robustesse de la biométrie

dans les systèmes de contrôle frontalier automatisés européens contre les attaques de

présentation
Ta slovenski standard je istoveten z: CEN/TS 17262:2018
ICS:
35.240.15 ,GHQWLILNDFLMVNHNDUWLFHýLSQH Identification cards. Chip
NDUWLFH%LRPHWULMD cards. Biometrics
SIST-TS CEN/TS 17262:2019 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST-TS CEN/TS 17262:2019
---------------------- Page: 2 ----------------------
SIST-TS CEN/TS 17262:2019
CEN/TS 17262
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
December 2018
TECHNISCHE SPEZIFIKATION
ICS 35.240.20
English Version
Personal identification - Robustness against biometric
presentation attacks - Application to European Automated
Border Control

Identification personnelle - Recommandations pour Persönliche Identifikation - Empfehlungen zur

garantir la robustesse de la biométrie dans les Sicherung der biometrischen Belastbarkeit

systèmes de contrôle frontalier automatisés européens Europäischer ABC-Systeme gegenüber Manipulation

contre les attaques de présentation

This Technical Specification (CEN/TS) was approved by CEN on 10 September 2018 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to

submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS

available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in

parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,

Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,

Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2018 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 17262:2018 E

worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
Contents

European foreword ....................................................................................................................................................... 4

Introduction .................................................................................................................................................................... 5

1 Scope .................................................................................................................................................................... 6

2 Normative references .................................................................................................................................... 6

3 Terms and definitions ................................................................................................................................... 6

4 Abbreviated terms .......................................................................................................................................... 7

5 Presentation attack detection overview in ABC system ................................................................... 8

5.1 Obstacles to presentation attacks in ABC system ................................................................................ 8

5.2 Impostor attacks .............................................................................................................................................. 8

5.2.1 General ................................................................................................................................................................ 8

5.2.2 Verification of an eMRTD credential ........................................................................................................ 8

5.2.3 Identification in a Registered Traveller Programme use case ....................................................... 9

5.2.4 Concealer attacks ............................................................................................................................................ 9

5.3 Level of attack potential to consider ........................................................................................................ 9

6 Minimal accuracy requirements guideline for ABC systems ........................................................ 10

7 PAD evaluation in ABC systems .............................................................................................................. 10

7.1 Overview ......................................................................................................................................................... 10

7.2 Artefacts Properties .................................................................................................................................... 10

7.2.1 Overview ......................................................................................................................................................... 10

7.2.2 Artefacts for facial biometrics ................................................................................................................. 10

7.2.3 Artefacts for fingerprint biometrics ...................................................................................................... 11

7.3 Artefact creation and usage ...................................................................................................................... 12

7.4 Metrics for the evaluation of ABC systems .......................................................................................... 13

7.4.1 General metrics ............................................................................................................................................. 13

7.4.2 Metrics for an impostor attack scenario with eMRTD credentials ............................................ 14

7.4.3 Metrics for an impostor attack scenario in Registered Traveller Programme ..................... 14

7.4.4 Metrics for concealer attack scenario ................................................................................................... 14

7.4.5 Considerations on statistical relevance ............................................................................................... 14

8 Logging, data protection and privacy ................................................................................................... 14

9 Usability and the environment ................................................................................................................ 15

Annex A (informative) Examples of attack potential ratings .................................................................... 16

A.1 General ............................................................................................................................................................. 16

A.2 Framework for the calculation of attack potential .......................................................................... 16

A.3 Considerations for rating factors in ABC systems ............................................................................ 18

A.3.1 Overview ......................................................................................................................................................... 18

A.3.2 Elapsed time ................................................................................................................................................... 18

A.3.3 Window of opportunity: Access to the TOE ........................................................................................ 18

A.3.4 Window of opportunity: Access to biometric characteristics ...................................................... 19

---------------------- Page: 4 ----------------------
SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)

A.4 Examples of application to ABC systems .............................................................................................. 19

A.4.1 Overview .......................................................................................................................................................... 19

A.4.2 Impostor Attack against a face-based ABC system in an eMRTD credential

verification scenario .................................................................................................................................... 19

A.4.3 Impostor Attack against a fingerprint-based ABC system for Identification in a

Registered Traveller Programme scenario ......................................................................................... 20

A.4.4 Concealer Attack against a watchlist in an ABC system .................................................................. 21

Bibliography ................................................................................................................................................................. 23

---------------------- Page: 5 ----------------------
SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
European foreword

This document (CEN/TS 17262:2018) has been prepared by Technical Committee CEN/TC 224

“Personal identification, electronic signature and cards and their related systems and operations”, the

secretariat of which is held by AFNOR.

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CEN shall not be held responsible for identifying any or all such patent rights.

According to the CEN-CENELEC Internal Regulations, the national standards organisations of the

following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,

Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,

France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,

Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,

Turkey and the United Kingdom.
---------------------- Page: 6 ----------------------
SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
Introduction

EU Member States issue electronic passports (ePassports) containing a smart-card chip that stores

biometric data. The biometric data stored is a face image and two finger images of the holder, except for

Ireland and the UK, which issue ePassports containing only a face image. A number of EU Member

States have deployed automated border control (ABC) systems that automate border checks for EU

citizens in possession of an ePassport. An ABC system authenticates the ePassport, verifies that the

traveller is the rightful holder of the ePassport by comparing presented biometric characteristics with

biometric data stored in the ePassport, queries border control records (possibly involving biometric

identification of the traveller in watchlists), and finally determines eligibility of border crossing

according to pre-defined rules, without intervention of a border guard. Border guards can supervise

several ABC lanes and intervene whenever something does not work as expected or the traveller hits a

watchlist.

Even though supervised, ABC systems are potentially vulnerable to biometric presentation attacks. A

biometric presentation attack (or spoofing) is the presentation of artefacts or human characteristics to

the biometric capture subsystem in a fashion that may interfere with the system policy. Techniques for

the automated detection of presentation attacks are called presentation attack detection (PAD)

mechanisms.

This document deals with best practice recommendations regarding the PAD capabilities of European

ABC systems.
---------------------- Page: 7 ----------------------
SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
1 Scope

This document is an application profile for the International Standard ISO/IEC 30107. It provides

requirements and recommendations for the implementation of Automated Border Control (ABC)

systems in Europe with Presentation Attack Detection (PAD) capability.

This document covers the evaluation of countermeasures from the Biometrics perspective as well as

privacy, data protection and usability aspects. Technical descriptions of countermeasures are out of

scope. Enrolment, issuance and verification applications of electronic Machine Readable Travel

Documents (eMRTD) other than border control are not in scope. In particular, presentation attacks at

enrolment are out of scope.

The biometric reference data can be stored in an eMRTD and/or in a database of registered travellers.

This document covers:
• biometric impostor attacks and
• biometric concealer attacks in a watchlist scenario.
This document addresses PAD for facial and fingerprint biometrics only.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 2382-37, Information technology — Vocabulary — Part 37: Biometrics

ISO/IEC 30107 (series), Information Technology — Biometric presentation attack detection

CEN/TS 16634, Personal identification - Recommendations for using biometrics in European Automated

Border Control
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 2382-37, CEN/TS 16634,

ISO/IEC 30107 (series) and the following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
automated border control system
ABC system

automated system which authenticates the electronic machine readable travel document or token,

establishes that the passenger is the rightful holder of the document or token, queries border control

records and other relevant records or databases, then determines eligibility of border crossing

according to the predefined rules
---------------------- Page: 8 ----------------------
SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
3.2
imposter attack presentation match rate BASIC
IAPMR
BASIC

in an evaluation of an ABC system in a verification scenario, maximum value of IAPMR obtained by a PAI

species of attack potential BASIC among those evaluated
3.3
imposter attack presentation identification rate BASIC
IAPIR
BASIC

in an evaluation of an ABC system in an identification scenario, maximum value of IAPIR obtained by a

PAI species of attack potential BASIC among those evaluated
3.4
concealer attack presentation non identification rate BASIC
CAPNIR
BASIC

in an evaluation of an ABC system in a watchlist identification scenario, maximum value of CAPNIR

obtained by a PAI species of attack potential BASIC among those evaluated
4 Abbreviated terms
The abbreviated terms shown in Table 1 are used in this document.
Table 1 — Abbreviated Terms
Abbreviations Terms
ABC Automated Border Control
APCER Attack Presentation Classification Error Rate
APMR Attack Presentation Match Rate
APNRR Attack Presentation Non-Response Rate
BPCER Bona Fide Presentation Classification Error Rate
BPNRR Bona Fide Presentation Non-Response Rate
CEN European Committee for Standardization
CAPNIR Concealer Attack Presentation Non-Identification Rate
CAPNIRBASIC Concealer Attack Presentation Non-Identification Rate
BASIC
eMRTD electronic Machine Readable Travel Document
EU European Union
FTA Failure to Acquire
FMR False Match Rate
FNIR False Negative Identification Rate
FNMR False Non Match Rate
FPIR False Positive Identification Rate
FS-PD Full System Processing Duration
GDPR General Data Protection Regulation
---------------------- Page: 9 ----------------------
SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
Abbreviations Terms
IAPIR Imposter Attack Presentation Identification Rate
IAPIR Imposter Attack Presentation Identification Rate BASIC
BASIC
IAPMR Imposter Attack Presentation Match Rate
IAPMR Imposter Attack Presentation Match Rate BASIC
BASIC
IEC International Electrotechnical Commission
ISO International Organization for Standardization
PAD Presentation Attack Detection
PAI Presentation Attack Instrument
TOE Target of Evaluation
TS Technical Specification
5 Presentation attack detection overview in ABC system
5.1 Obstacles to presentation attacks in ABC system

By definition, biometric presentation to ABC systems is not directly supervised by an operator. An

operator should be present but is typically monitoring several ABC systems at the same time.

Intervention by the operator may be requested by the system if a fraud attempt is detected, or if the

capture subject is identified against a watchlist, which are the outcomes an attacker wants to avoid. The

operator will also become actively involved in a transaction if a capture subject fails to be recognized by

the system after a certain number of attempts. In this case of multiple rejections, human intervention is

needed to check the identity credential of the capture subject before processing through the border is

allowed.

The absence of direct supervision means that attackers may use artefacts with only limited visual

plausibility. Nevertheless, the presence of an operator nearby means the attacker could attract attention

by using artefacts which are too voluminous (like fake heads for example) or using fraud techniques

which take more time or more attempts than normally needed to cross ABC systems.

Abnormal or lengthy activities during presentation at ABC systems may also attract attention from

other people crossing the ABC systems and raise alarm.
5.2 Impostor attacks
5.2.1 General

Biometric imposters aim to attack a system by impersonating the biometric characteristics of another

person.

In order to be effective, the artefact is successfully matched and presentation attack detection does not

raise any alarm.
5.2.2 Verification of an eMRTD credential

An attacker may have acquired an eMRTD credential and the corresponding biometric characteristics of

the rightful user. The attacker will hence create an artefact mimicking these characteristics in order to

be verified when presenting the artefact at the ABC system. While the attacker may have stolen the

credential and used subterfuge to acquire the biometrics data (like latent fingerprint), it is also possible

that the owner of the credential is an accomplice and has provided high-quality samples of fingerprints

or the face.
---------------------- Page: 10 ----------------------
SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
5.2.3 Identification in a Registered Traveller Programme use case

In cases where biometric characteristics acquired in an ABC system are identified against a data set of

authorized or registered travellers, the attacker may target a specific identity upon which they have

acquired the characteristics. Alternatively, the attacker may also target any registered identity in the

data set by using an artefact with high false positive identification probability.

The attacker may also try to re-activate remaining latent fingerprints on the sensor left by the previous

legitimate user.
5.2.4 Concealer attacks

Biometric concealers aim to attack a system by hiding their biometric characteristics. The purpose is

not to be matched against a biometric watchlist or similar system. The eMRTD used by the concealer

attacker is not related to their true identity. The attacker also seeks to not attract unwanted attention

from personnel by triggering, for example, multiple “Failure To Acquire (FTA)” signals, so the artefact

might have characteristics likely to be confused with genuine biometric characteristics. In order to be

successful, the artefact does not raise any alarm from presentation attack detection. In the context of

ABC systems, the goal of an attacker is not to be recognized but still to be able to cross the border. The

attacker has two ways to achieve this:

1. The attacker may try to exploit the system policy for managing unsuccessful biometric verification.

Typically, after a given number of failed attempts fixed by the system policy, an ABC system user

will be redirected to a human officer for manual check.

NOTE This document only addresses the presentation of biometric characteristics to a sensor, the fallback

processes that could be implemented by the system policy after a failure are out of scope.

EXAMPLE As only one officer typically monitors several ABC systems, the manual check after an ABC system

rejection could be less adequate than a regular manual check in case of overcrowded border. Therefore, the

attacker could rely on forged identity credentials to proceed through the border after having been rejected by

automated access.

2. Alternatively, the concealer attack could be accompanied by an impostor attack where the attacker

tries to match the biometric data stored in the eMRTD with that of another identity.

5.3 Level of attack potential to consider

ISO/IEC 30107-3 and ISO/IEC 19989 ([1], currently under development by ISO/IEC JTC 1/SC 27) refer

to the Common Criteria terminology to evaluate the potential of presentation attacks. Attack potential

can be rated as being “Basic”, “Enhanced-Basic”, “Moderate”, “High” or “Beyond-High”. Examples of

Attack Potential Ratings can be found in Annex A. The level of attack potential considered for an

evaluation is a major factor as it will determine what kind of attacks the system is supposed to be

resilient to.

The attack potential rating is influenced by the level of knowledge available to an attacker on the

system. To reduce an ABC system’s vulnerability, technical details available publicly about the PAD

method used should therefore be minimal. Ideally, ABC systems should not be available on the general

public market to avoid easy access for attackers and limit the opportunity to test and elaborate specific

attack methods.

Attack potential will be greatly influenced by the level of technological know-how required to produce

artefacts. As information on most generic attack methodologies can be found quite easily in scientific

papers or on websites by potential attackers, ABC systems should at least be resilient to attack methods

requiring low or moderate technical means and ability.
---------------------- Page: 11 ----------------------
SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)

ABC systems should, for example, have countermeasures to detect attacks requiring no specific

technical ability and very common means (like camera or printing machine) as well as attacks requiring

limited technical ability (like the capacity to acquire latent fingerprints) and less common resources

(like silicon material or similar).
6 Minimal accuracy requirements guideline for ABC systems

An ABC system shall be resistant to presentation attacks requiring the attack potential BASIC.

A system under test in an eMRTD verification impostor attack scenario is considered resistant to

attacks if IAPMR is below 20 %.
BASIC

A system under test in a Registered Traveller Programme impostor attack scenario is considered

resistant to attacks if IAPIR is below 20 %.
BASIC

A system under test in a concealer attack scenario is considered resistant to attacks if CAPNIR is

BASIC
below 20 %.
7 PAD evaluation in ABC systems
7.1 Overview

This section gives recommendations on how an evaluator should conduct a PAD evaluation to assess

the resilience of an ABC system PAD mechanisms to attacks.

An ABC system evaluation should be considered a full-system evaluation as described in

ISO/IEC 30107-3.

Special care should be taken by the evaluator to describe the precise use case of the TOE and the

evaluation scenario.
7.2 Artefacts Properties
7.2.1 Overview

This section presents common examples of artefacts for facial and fingerprint biometrics which would

be rated as having BASIC attack potential, requiring low or moderate technical ability. These constitute

examples of the minimal artefacts that an evaluator of an ABC system should consider when testing a

system

The examples in this section would be rated as BASIC for most sensors and systems on the market. Still

some factors involved in Attack Potential computation, like Knowledge of TOE and Window of

Opportunity, are TOE-specific, and should be computed accordingly for any new PAD evaluation of a

system by the evaluator.

Explicit technical details are not given and more refined and advanced techniques are not described. An

evaluator should nevertheless try to establish vulnerabilities of the system under evaluation and test

other type of artefacts.
7.2.2 Artefacts for facial biometrics

Even without complicity of the targeted identity, the increase of photograph sharing in social networks

makes it quite easy for impostor attackers to acquire very high quality facial images of the targeted

identity. The increase in small digital cameras also allows the discrete direct acquisition of facial images.

The attack may be presented to the sensor by:

• putting a printed face (paper sheet, photocopy, photograph, t-shirt) in front of/on the sensor:

---------------------- Page: 12 ----------------------
SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)
• the print can be planar or presented on a curved support;

• this type of attack requires no technical know-how and facial images of the target are easy

to obtain by an impostor attacker. Taking the window of opportunity and operator

supervision into account, these kind of attacks would be rated as having BASIC attack

potential in most evaluation scenarios;

• putting the face displayed on the screen of a digital media (tablet, smartphone, laptop) in front

of/on the sensor:
• in case of display on a screen, the presentation can be static or a video;

• similarly to a printed attack, these kind of attacks would be rated as having BASIC attack

potential in most evaluation scenarios;

• and presenting a mask moulded on the targeted face or produced from a 3D model of the face

(interpolated from a 2D acquisition or directly acquired with a 3D camera):

• this can include facial masks which can be personalized and bought rapidly and cheaply

from an online supplier or very realistic full head silicon masks;

• depending on the technical difficulty of building the mask, attack potential may vary for this

type of attack.

The impostor may also try to impersonate the targeted identity by using elaborate make-up which

changes biometric characteristics or artefacts to have a doppelganger appearance.

NOTE Cell twins might attack ABC systems by using the passport of the second twin. PAD mechanisms would

not be able to detect such an attack.

ABC systems should not misclassify minor appearance changes as artefacts used either for concealer or

impostor attacks presentation. For example, a person’s appearance could differ from their stored facial

reference for several reasons, such as:
• use of glasses (corrective or sunglasses),
• change of hairstyle (colour, cut, added hair extension…),
• use of contact lenses (with and without colour change),
• use of make-up,
• newly grown/shaven or different length or style of beard/moustache and/or
• a new facial scar.
7.2.3 Artefacts for fingerprint biometrics

7.2.3.1 Artefacts for an impostor attack in an eMRTD credential verification scenario

Impostor attackers may use fake fingerprint(s) made in advance, with or without the complicity of the

individual whose identity is faked. The fingerprint may have been obtained through different methods,

e.g., a high quality photograph of the hand of the person, a fingerprint image from a sensor or inked

impression latently revealed by black powder or other means. The fingerprint could also have been

directly moulded (generally with complicity). The attack could be presented to the sensor by:

---------------------- Page: 13 ----------------------
SIST-TS CEN/TS 17262:2019
CEN/TS 17262:2018 (E)

• putting the fingerprint printed on a document (paper sheet, photocopy, photograph) or a specific

material in front of/on the sensor.

This type of attack requires no technical know-how. The main difficulty for an impostor attacker is

finding the opportunity to acquire a fingerprint sample from the target. This type o

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.