SIST CWA 16926-78:2023

SLOVENSKI STANDARD
SIST CWA 16926-78:2023
01-april-2023

Specifikacija vmesnika razširitev za finančne storitve (XFS), izdaja 3.50 - 78. del:

Extensions for Financial Services (XFS) interface specification Release 3.50 - Part 78:

Biometrics Device Class Interface Proposal - Programmer's Reference - Migration from

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

This CEN Workshop Agreement has been drafted and approved by a Workshop of representatives of interested parties, the

The formal process followed by the Workshop in the development of this Workshop Agreement has been endorsed by the

National Members of CEN but neither the National Members of CEN nor the CEN-CENELEC Management Centre can be held

accountable for the technical content of this CEN Workshop Agreement or possible conflicts with standards or legislation.

This CEN Workshop Agreement can in no way be held as being an official standard developed by CEN and its Members.

This CEN Workshop Agreement is publicly available as a reference document from the CEN Members National Standard Bodies.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France,

Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North

Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

© 2023 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members.

European Foreword ...................................................................................................... 4

1. Introduction .......................................................................................................... 7

1.1 Background to Release 3.50 ....................................................................................................... 7

1.2 XFS Service-Specific Programming ........................................................................................... 7

2. Biometric Devices................................................................................................ 9

2.1 Enrollment .................................................................................................................................... 9

2.2 Biometric Matching ...................................................................................................................... 9

2.3 Biometric Device Types ............................................................................................................ 10

2.4 Biometric Data Security ............................................................................................................ 10

3. References ......................................................................................................... 11

4. Info Commands ................................................................................................. 12

4.1 WFS_INF_BIO_STATUS ............................................................................................................ 12

4.2 WFS_INF_BIO_CAPABILITIES .................................................................................................. 15

4.3 WFS_INF_BIO_STORAGE_INFO .............................................................................................. 20

4.4 WFS_INF_BIO_KEY_INFO ......................................................................................................... 21

5. Execute Commands .......................................................................................... 22

5.1 WFS_CMD_BIO_READ .............................................................................................................. 22

5.2 WFS_CMD_BIO_IMPORT .......................................................................................................... 25

5.3 WFS_CMD_BIO_MATCH ........................................................................................................... 26

5.4 WFS_CMD_BIO_SET_MATCH .................................................................................................. 29

5.5 WFS_CMD_BIO_CLEAR ............................................................................................................ 30

5.6 WFS_CMD_BIO_RESET ............................................................................................................ 31

5.7 WFS_CMD_BIO_SET_DATA_PERSISTENCE .......................................................................... 32

5.8 WFS_CMD_BIO_SET_GUIDANCE_LIGHT ............................................................................... 33

5.9 WFS_CMD_BIO_POWER_SAVE_CONTROL ........................................................................... 35

5.10 WFS_CMD_BIO_SYNCHRONIZE_COMMAND ......................................................................... 36

6. Events ................................................................................................................. 37

6.1 WFS_EXEE_BIO_PRESENTSUBJECT ..................................................................................... 37

6.2 WFS_EXEE_BIO_SUBJECTDETECTED ................................................................................... 38

6.3 WFS_EXEE_BIO_REMOVESUBJECT....................................................................................... 39

6.4 WFS_SRVE_BIO_SUBJECTREMOVED .................................................................................... 40

6.5 WFS_SRVE_BIO_DATACLEARED ........................................................................................... 41

6.6 WFS_EXEE_BIO_ORIENTATION .............................................................................................. 42

6.7 WFS_SRVE_BIO_DEVICEPOSITION ........................................................................................ 43

6.8 WFS_SRVE_BIO_POWER_SAVE_CHANGE ............................................................................ 44

7. Biometric Device Command Flows – Application Guidelines ....................... 45

7.1 Biometric Enrollment Command Flow ..................................................................................... 45

7.2 Biometric Match Command Flow – Separate Scan and Match ............................................. 46

7.3 Biometric Match Command Flow – Combined Scan and Match ........................................... 47

7.4 Biometric Scan-Only Command Flow ...................................................................................... 48

8. C - Header file .................................................................................................... 49

This CEN Workshop Agreement has been developed in accordance with the CEN-CENELEC Guide 29

“CEN/CENELEC Workshop Agreements – The way to rapid consensus” and with the relevant provisions of

CEN/CENELEC Internal Regulations – Part 2. It was approved by a Workshop of representatives of interested

parties on 2022-11-08, the constitution of which was supported by CEN following several public calls for

participation, the first of which was made on 1998-06-24. However, this CEN Workshop Agreement does not

The final text of this CEN Workshop Agreement was provided to CEN for publication on 2022-11-18.

The following organizations and individuals developed and approved this CEN Workshop Agreement:

It is possible that some elements of this CEN/CWA may be subject to patent rights. The CEN-CENELEC policy on

patent rights is set out in CEN-CENELEC Guide 8 “Guidelines for Implementation of the Common IPR Policy on

Patents (and other statutory intellectual property rights based on inventions)”. CEN shall not be held responsible for

The Workshop participants have made every effort to ensure the reliability and accuracy of the technical and non-

technical content of CWA 16926-19, but this does not guarantee, either explicitly or implicitly, its correctness.

Users of CWA 16926-19 should be aware that neither the Workshop participants, nor CEN can be held liable for

damages or losses of any kind whatsoever which may arise from its application. Users of CWA 16926-19 do so on

Part 1: Application Programming Interface (API) - Service Provider Interface (SPI) - Programmer's Reference

Part 10: Sensors and Indicators Unit Device Class Interface - Programmer's Reference

Parts 29 through 47 constitute an optional addendum to this CWA. They define the integration between the SNMP

standard and the set of status and statistical information exported by the Service Providers.

Part 37: XFS MIB Device Specific Definitions - Sensors and Indicators Unit Device Class

Part 43: XFS MIB Device Specific Definitions - Vendor Dependent Mode Device Class

Part 47: XFS MIB Device Specific Definitions - Item Processing Module Device Class

Part 61: Application Programming Interface (API) - Migration from Version 3.40 (CWA 16296:2020) to Version

Part 62: Printer and Scanning Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to Version

Part 63: Identification Card Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to Version

Part 64: Cash Dispenser Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to Version 3.50

Part 65: PIN Keypad Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to Version 3.50

Part 66: Check Reader/Scanner Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to

Part 67: Depository Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to Version 3.50 (this

Part 68: Text Terminal Unit Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to Version

Part 69: Sensors and Indicators Unit Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to

Part 70: Vendor Dependent Mode Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to

Part 71: Camera Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to Version 3.50 (this

Part 72: Alarm Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to Version 3.50 (this

Part 73: Card Embossing Unit Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to

Part 74: Cash-In Module Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to Version 3.50

Part 75: Card Dispenser Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to Version 3.50

Part 76: Barcode Reader Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to Version 3.50

Part 77: Item Processing Module Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to

Part 78: Biometric Device Class Interface - Migration from Version 3.40 (CWA 16296:2020) to Version 3.50 (this

In addition to these Programmer's Reference specifications, the reader of this CWA is also referred to a

complementary document, called Release Notes. The Release Notes contain clarifications and explanations on the

CWA specifications, which are not requiring functional changes. The current version of the Release Notes is

available online from: https://www.cencenelec.eu/areas-of-work/cen-sectors/digital-society-cen/cwa-download-

The information in this document represents the Workshop's current views on the issues discussed as of the date of

publication. It is provided for informational purposes only and is subject to change without notice. CEN makes no

The CEN/XFS Workshop aims to promote a clear and unambiguous specification defining a multi-vendor software

interface to financial peripheral devices. The XFS (eXtensions for Financial Services) specifications are developed

within the CEN (European Committee for Standardization/Information Society Standardization System) Workshop

environment. CEN Workshops aim to arrive at a European consensus on an issue that can be published as a CEN

The CEN/XFS Workshop encourages the participation of both banks and vendors in the deliberations required to

create an industry standard. The CEN/XFS Workshop achieves its goals by focused sub-groups working

Release 3.50 of the XFS specification is based on a C API and is delivered with the continued promise for the

protection of technical investment for existing applications. This release of the specification extends the

functionality and capabilities of the existing devices covered by the specification:

The service classes are defined by their service-specific commands and the associated data structures, error codes,

messages, etc. These commands are used to request functions that are specific to one or more classes of Service

Providers, but not all of them, and therefore are not included in the common API for basic or administration

When a service-specific command is common among two or more classes of Service Providers, the syntax of the

command is as similar as possible across all services, since a major objective of XFS is to standardize function

codes and structures for the broadest variety of services. For example, using the WFSExecute function, the

commands to read data from various services are as similar as possible to each other in their syntax and data

In general, the specific command set for a service class is defined as a superset of the specific capabilities likely to

be provided by the developers of the services of that class; thus any particular device will normally support only a

There are three cases in which a Service Provider may receive a service-specific command that it does not support:

The requested capability is defined for the class of Service Providers by the XFS specification, the particular vendor

implementation of that service does not support it, and the unsupported capability is not considered to be

fundamental to the service. In this case, the Service Provider returns a successful completion, but does no operation.

An example would be a request from an application to turn on a control indicator on a passbook printer; the Service

Provider recognizes the command, but since the passbook printer it is managing does not include that indicator, the

Service Provider does no operation and returns a successful completion to the application.

The requested capability is defined for the class of Service Providers by the XFS specification, the particular vendor

implementation of that service does not support it, and the unsupported capability is considered to be fundamental

to the service. In this case, a WFS_ERR_UNSUPP_COMMAND error for Execute commands or

WFS_ERR_UNSUPP_CATEGORY error for Info commands is returned to the calling application. An example

would be a request from an application to a cash dispenser to retract items where the dispenser hardware does not

have that capability; the Service Provider recognizes the command but, since the cash dispenser it is managing is

The requested capability is not defined for the class of Service Providers by the XFS specification. In this case, a

WFS_ERR_INVALID_COMMAND error for Execute commands or WFS_ERR_INVALID_CATEGORY error

This design allows implementation of applications that can be used with a range of services that provide differing

subsets of the functionalities that are defined for their service class. Applications may use the WFSGetInfo and

WFSAsyncGetInfo commands to inquire about the capabilities of the service they are about to use, and modify

their behavior accordingly, or they may use functions and then deal with error returns to make decisions as to how

Biometrics refers to metrics related to human characteristics and biology. Biometrics authentication can be used as

a form of identification and/or access control. This is an overview of biometrics, as well as an introduction to the

terminology used in this document. It introduces to XFS the concept of scanning a person’s biometric data in raw

image form (raw biometric data), then processing it into a smaller more concise form that is easier to manage

(biometric template data). The first scan of a user is called ENROLLMENT as the user is effectively being

enrolled into a scheme by recording their biometric data. Thereafter subsequent scans of the user can be compared

to the original data in order to verify who they say they are (VERIFICATION), or alternatively used to identify

them as a specific individual (IDENTIFICATION). These concepts are explained below in more detail.

The first time an individual uses a biometric device it is called Enrollment. During enrollment, biometric data from

an individual is captured and stored somewhere, for example on a smart card or in a server/host database. Normally

the raw biometric data captured will be processed and converted to a smaller format that is used for subsequent

comparison. This format is referred to in this document as a template. A template is a synthesis of the relevant

characteristics extracted from the original raw data. Elements of the biometric data that are not used in the matching

algorithm are discarded in the template to reduce the file size and to protect the identity of the enrollee.

During the matching phase, the obtained template is passed to a matcher which compares it to other existing

templates and a probable match is calculated, either as a Boolean true or false or as a threshold indicating the

likelihood of a match. With regard to matching, biometric systems commonly have two different basic modes of

Verification: performs a one-to-one comparison of captured biometric data with a specific template in order to

Identification: the system performs a one-to-many comparison of captured biometric data in order to establish a

Note: The above diagram does not make any assumptions about where the actual matching takes place. The

interface provided is versatile enough to be able to support three basic Biometric systems:

Match on server: The biometric template data is stored on a server or host. When scanning takes place biometric

data is sent to the server, which does the actual identification or verification.

Match on card: The biometric enrollment data for an individual is stored on a smart card/personal device. The

device scans a user then returns the biometric template information to the application. This data is then sent to the

card, and an application on the smart card chip does the comparison, returning the result to the application.

Match on device: The biometric enrollment data for an individual is stored on a smart card or host. The enrollment

data is read from the card or host and into the device, which then compares it to scanned information, returning the

There are many different varieties of biometric hardware, this XFS biometrics specification supports three main

In this case the device is a simple biometric scanning device, User data is scanned using the

WFS_CMD_BIO_READ command, but matching is performed externally, for example on a smart card or

on a server. In this case the WFS_CMD_BIO_MATCH and WFS_CMD_BIO_SET_MATCH commands

These devices scan and perform a comparison as separate operations. Existing biometric data is first

is then called the scanned user data is temporarily stored. The WFS_CMD_BIO_MATCH command is

These devices scan and perform a comparison as a single operation. Existing biometric data is first

WFS_CMD_BIO_SET_MATCH command must be called first, either as a one -time call or before each

set the criteria for matching. When the WFS_CMD_BIO_READ command is then called it scans the

user’s biometric data and also performs the comparison as a single operation. The

It is recommended that biometric data should be treated with the same strict caution as any other identifying and

sensitive information. A well designed biometric data handling architecture should always be designed to protect

against internal tampering, external attacks and other malicious threats. There are various ways of implementing

A Uni-Modal biometric system relies on data taken from a single source of information for authentication,

for example a single fingerprint reading device. In contrast, Multi-Modal biometric systems work on the

premise that it is more secure to accept information from two or more biometric inputs. As an example a

user could provide a fingerprint in addition to facial recognition, a positive match from two physical

characteristics improves the chances of a positive identification and mitigates the possibility that biometric

Biometric data should be encrypted where possible. The BIO specification provides for this by allowing an

encryption key to be specified whenever data is exchanged between an application and a BIO Service

Provider. In addition, the key management interface methods of the PIN device class can be used for key

management. This can be done by using the standard XFS compound device mechanism to implement a

BIO Service provider as a compound device together with a PIN device class Service Provider. The device

compounding mechanism is described in the XFS API specification. In this case the BIO Service Provider

would implement the biometric methods necessary to read and return data, while the key loading,

reporting etc,. functions of the PIN Service Provider interface would be implemented in order to provide

1. XFS Application Programming Interface (API)/Service Provider Interface ( SPI), Programmer’s Reference,

2. ANSI INCITS 381-2004 Information Technology - Finger Image-Based Data Interchange Format.

3. ANSI INCITS 378-2004 Information Technology - Finger Minutiae Format for Data Interchange.

4. ISO/IEC 19794-4:2005 Information technology - Biometric data interchange formats - Part 4: Finger image