ISO/IEC JTC 1/SC 37 - Biometrics

This document gives guidance relating to successful, secure and usable implementation of biometric enrolment processes, while indicating risk factors that organizations which use biometric technologies can address during procurement, design, deployment and operation. Much of this document is generic to many types of applications, e.g. from national scale commercial and government applications, to closed systems for in-house operations, and to consumer applications. However, the intended application and its purpose often have influence on the necessary enrolment data quality and are taken into account when specifying an enrolment system and process. This document specifies the differences in operation relating to specific types of application, e.g. where self-enrolment is more appropriate than attended enrolment. This document focuses on mandatory, attended enrolment at fixed locations. It ultimately consolidates information relating to better practices for the implementation of biometric enrolment capability in various business contexts including considerations of process, function (system), and technology, as well as legal/privacy and policy aspects. This document provides guidance on collection and storage of biometric enrolment data and the impact on dependent processes of verification and identification. This document does not include material specific to forensic and law enforcement applications.

This document establishes a methodology to evaluate the resistance of BSs to morphing attacks, including multiple identity attacks. The document is limited to image-based morphing attacks. The term "image-based" includes modalities such as face, iris and finger image data. The document establishes: — a definition of biometric sample modifications and manipulation with a specific focus on manipulations that constitute a multiple identity attack. This can be, for instance, an enrolment attack with face image morphing; — a methodology to measure the morphing attack potential of a morphing method. The document also describes how morphing algorithms can be used for system evaluation.

This document specifies security block (SB) formats (see ISO/IEC 19785-1) registered in accordance with ISO/IEC 19785-2 as formats defined by the Common Biometric Exchange Formats Framework (CBEFF) biometric organization ISO/IEC JTC 1/SC 37. This document also specifies registered SB format identifiers. NOTE The SB format identifier is recorded in the standard biometric header (SBH) of a patron format (or defined by that patron format as the only available SB format). The general-purpose SB format specifies whether the biometric data block (BDB) is encrypted or the SBH and BDB have integrity applied (or both). The general-purpose SB format can include ACBio instances (see ISO/IEC 24761). This SB provides all necessary security parameters, including those used for encryption or integrity. This document does not restrict the algorithms and parameters used for encryption or integrity, but it provides for the recording of such algorithms and parameter values. This document does not cover profiling to determine what algorithms and parameter ranges can be used by the generator of an SB for a particular application area, and hence what algorithms and parameter ranges have to be supported by the user of an SB. The second SB format is more limited but simpler. In particular, it cannot contain ACBio instances and does not support encryption of the BDB. The general-purpose SB format in XML provides for specification of whether the BDB is encrypted or the SBH and BDB have integrity applied (or both).

This document specifies and publishes registered Common Biometric Exchange Formats Framework (CBEFF) patron formats defined by the CBEFF patron ISO/IEC JTC 1/SC 37, and specifies their registered CBEFF patron format types (see ISO/IEC 19785-1) and resulting full ASN.1 OIDs. See Annex A for rules on how patron formats are defined using CBEFF data elements.

This document establishes requirements on implementations that quantify how a face image’s properties conform with those of canonical face images, for example those specified in ISO/IEC 39794-5:2019, Clause D.1, for three use-cases: 1) collection of reference samples for ID documents; 2) sample system enrolment; and 3) probes for instantaneous response. This document also establishes terms and definitions for quantifying face image quality and specifies methods for quantifying the quality of face images. This document does not establish requirements on: — assessing the quality of pairs or sequences of images; NOTE This document establishes requirements for software that inspects exactly one image. This document does not establish requirements for software that compares two or more images (such as biometric recognition). However, the computations of this document can be applied separately to each image in a pair or sequence. — assessing the quality of 3D captures; — encodings of face image quality data; — performance evaluation of face image quality assessment algorithms. The use cases within scope of this document primarily address the assessment of images from data capture subjects who consent to processing of their biometric data, or for whom biometric capture is operationally authorized.

This document provides recommendations and requirements for the design, development, use and maintenance of biometric identification systems involving passive capture subjects, including pre- and post-deployment evaluation. While the emphasis is on surveillance systems, this document is also applicable to other types of biometric identification systems involving passive capture subjects, regardless of biometric characteristic or sensing technology. This includes systems involving passive capture of subjects where some capture subjects enrolled voluntarily. This document does not apply to biometric verification systems and biometric identification systems only involving capture subjects deliberately taking part in the capture. This document does not define specific services, platforms or tools.

This document establishes requirements for the development of biometric solutions for verification and identification processes for secure access without physical contact with any device at any time. The solutions acquire biometric characteristics that are captured while the data subjects are in motion to verify or identify the individuals requiring access, thus controlling access using contactless biometrics.

This document provides descriptions and analyses of current practices on multimodal and other multibiometric fusion, including (as appropriate) references to more detailed descriptions. This document contains descriptions and explanations of high-level multibiometric concepts to aid in the explanation of multibiometric fusion approaches including: multi-characteristic-type, multi-instance, multi-sensorial, multialgorithmic, decision-level and score-level logic.

This document describes potential applications of biometrics in identity management systems used for medical and healthcare purposes. It provides feedback from healthcare practitioners on the advantages, disadvantages, risks and priority of implementing certain use cases of healthcare with biometrics. For those use cases, information related to the selection of biometric type and associated measures related to security and privacy protection is provided to system designers. The document concentrates on aspects of the subject which apply to the good management of healthcare services for patients who need monitoring, treatment and care in hospitals, clinics or at home, but can be incapacitated. It does not cover the measurement and interpretation of symptoms and biological data for the purposes of medical treatment or research. The document is intended to be useful for the management of public and private healthcare systems anywhere in the world, and to commercial providers of identity management services and equipment. It is also potentially relevant to regulatory stakeholders addressing issues of privacy and legality, and the assessment of potential vulnerabilities in biometrics and identity management systems applied in the healthcare sector.

This document establishes requirements for estimating and reporting on performance variations observed when cohorts belonging to different demographic groups engage with biometric enrolment and recognition systems. In this context, performance refers to failure-to-enrol rate, failure-to-acquire rate, shifts in comparison score, recognition error rates, and aspects of response and processing time (throughput). This document is applicable to the following: — demographic group membership; — using phenotypic measures; — reporting on tests; — stating statistical uncertainty estimates; — operational thresholds settings; — equitability; — procurement agency activities. This document also provides terms and definitions to be used when reporting performance variation across demographic groups. This document is applicable to: — technology evaluations of algorithms, subsystems and systems; — scenario evaluations of systems; — operational evaluations of fielded systems. Application of this document does not require detailed knowledge of a system’s algorithms but it does require specific knowledge of the demographic characteristics for the population of interest.

ISO/IEC 29794-4:2017 establishes - terms and definitions for quantifying finger image quality, - methods used to quantify the quality of finger images, and - standardized encoding of finger image quality, for finger images at 196,85 px/cm spatial sampling rate scanned or captured using optical sensors with capture dimension (width, height) of at least 1,27 cm × 1,651 cm.

This document describes the history and purpose of biometrics, the various biometric technologies in general use today (for example, fingerprint recognition, face recognition and iris recognition) and the architecture of the systems and the system processes that allow automated recognition using those technologies. It provides information on the application of biometrics in various business domains, such as border management, law enforcement and driver licencing. It also provides information on the societal and jurisdictional considerations that are typically taken into account in biometric systems. Additionally, this document provides guidance on the use of the International Standards that underpin the use of biometric recognition systems.

This document establishes the following items for any or all biometric sample types as necessary: — terms and definitions that are useful in the specification and use of quality measures; — purpose and interpretation of biometric quality scores; — motivation for developing biometric sample datasets for the purpose of quality score normalization; — format for exchange of quality assessment algorithm results; — methods for aggregation of quality scores; — methods for evaluating the efficiency of quality assessment algorithms. The following are outside the scope of this document: — specification of minimum requirements for sample, module, or system quality scores; — standardization of quality assessment algorithms; — assessment of utility of biometric samples or references for human examiners.

The ISO/IEC 30137 series is applicable to the use of biometrics in VSSs (also known as closed circuit television or CCTV systems) for a number of scenarios, including real-time operation against watchlists and in post-event analysis of video data. In most cases, the biometric mode of choice will be face recognition, but this document also provides guidance for other modalities, such as gait recognition. This document: — defines the key terms for use in the specification of biometric technologies in a VSS, including metrics for defining performance; — provides guidance on the selection of camera types, placement of cameras, image specification, etc., for the operation of a biometric recognition capability in conjunction with a VSS; — provides guidance on the composition of the gallery (or watchlist) against which facial images from the VSS are compared, including the selection of appropriate images of sufficient quality, and the size of the gallery in relation to performance requirements; — makes recommendations on data formats for facial images and other relevant information (including metadata) obtained from video footage, used in watchlist images, or from observations made by human operators; — establishes general principles for supporting the operator of the VSS, including user interfaces and processes to ensure efficient and effective operation, and highlights the need to have suitably trained personnel; — highlights the need for robust governance processes to provide assurance that the implemented security, privacy and personal data protection measures specific to the use of biometric technologies with a VSS (e.g. internationally recognizable signage) are fit for purpose, and that societal considerations are reflected in the deployed system. This document also provides information on related recognition and detection tasks in a VSS, such as: — estimation of crowd densities; — determination of patterns of movement of individuals; — identification of individuals appearing in more than one camera; — use of other biometric modalities such as gait or iris; — use of specialized software to infer attributes of individuals, e.g. estimation of gender and age; — interfaces to another related functionality, e.g. video analytics to measure queue lengths or to provide alerts for abandoned baggage.

This document is a profile that specifies requirements for testing biometric presentation attack detection (PAD) mechanisms on mobile devices with local biometric recognition and on biometric modules integrated into mobile devices. The profile lists requirements from ISO/IEC 30107-3 that are specific to mobile devices. It also establishes requirements that are not present in ISO/IEC 30107-3. For each requirement, the profile defines an “Approach in PAD Tests for Mobile Devices”. For some requirements, numerical values or ranges are provided in the form of best practices. This profile is applicable to mobile devices that operate as closed systems with no access to internal results, including mobile devices with local biometric recognition as well as biometric modules for mobile devices. This document is not applicable to mobile devices with solely remote biometric recognition. The attacks considered in this document take place at the capture device during the presentation and collection of biometric characteristics. Any other attacks are outside the scope of this document.

The ISO/IEC 30108 series defines biometric services used for identity assurance that are invoked over a services-based framework. It provides a generic set of biometric and identity-related functions and associated data definitions to allow remote access to biometric services. Although focused on biometrics, the ISO/IEC 30108 series includes support for other related identity assurance mechanisms such as biographic and document capabilities. Identity attributes verification services (IAVSs) are intended to be compatible with and used in conjunction with other biometric standards as described in ISO/IEC 30108-1. This document implements the specification provided in ISO/IEC 30108-1 using representational state transfer (REST). Specification of biometric functionality is limited to remote (backend) services. Services between a client-side application and biometric capture devices are not within the scope of this document. Integration of biometric services as part of an authentication service or protocol is not within the scope of this document.

This document specifies: — generic extensible data interchange formats for the representation of finger minutia data: — a tagged binary data format based on an extensible specification in ASN.1, — a textual data format based on an XML schema definition that is capable of holding the same information as the tagged binary format, and — an on-card biometric comparison format based on extensible TLV encoding; — on-card biometric comparison parameters based on extensible TLV encoding for constructing valid probe data in the on-card biometric comparison format; — examples of data record contents; — application-specific requirements, recommendations and best practices in determining minutiae location, direction and type; and — conformance test assertions and conformance test procedures applicable to this document. NOTE Whereas ISO/IEC 39794-4 covers finger, palm, toe and foot image data, this document covers only finger minutiae and is not applicable to palms, toes or feet.

This document establishes terms and definitions that are useful in the specification, characterization and evaluation of presentation attack detection (PAD) methods. This document does not provide the following: — standardization of specific PAD detection methods; — detailed information about countermeasures (i.e. anti-spoofing mechanisms), algorithms or sensors; — overall system-level security or vulnerability assessment. The attacks to be considered in this document are those that take place at the capture device during the presentation and collection of the biometric characteristics. Any other attacks are considered outside the scope of this document.

This document gives general guidance for the stages in the life cycle of a system’s biometric and associated elements. This covers the following: — the capture and design of initial requirements, including legal frameworks; — development and deployment; — operations, including enrolment and subsequent usage; — interrelationships with other systems; — related data storage and security of data; — data updates and maintenance; — training and awareness; — system evaluation and audit; — controlled system expiration. The areas addressed are limited to the design and implementation of biometric technologies with respect to the following: — legal and societal constraints on the use of biometric data; — accessibility for the widest population; — health and safety, addressing the concerns of users regarding direct potential hazards as well as the possibility of the misuse of inferred data from biometric information. This document is intended for planners, implementers and system operators of biometric applications. Specification and assessment of government policy are not within the scope of this document. However, this document is intended to be beneficial to public authorities when deploying biometric systems.

This document establishes requirements for development of biometric solutions for verification and identification processes for secure access without physical contact with any device at any time. The solution acquires the biometric characteristics that are captured while the data subjects are in motion to verify or identify the individuals requiring access, and thus controlling access using contactless biometrics.

This document builds upon the information provided in ISO/IEC TR 24714-1, ISO/IEC TR 29194 and ISO/IEC 29138-1 in order to highlight in a more detailed way the medical, physical and cognitive aspects that are specific for the use of biometrics by elderly persons.

This document establishes: — principles and methods for the performance assessment of presentation attack detection (PAD) mechanisms; — reporting of testing results from evaluations of PAD mechanisms; and — a classification of known attack types (Annex A). Outside the scope are: — standardization of specific PAD mechanisms; — detailed information about countermeasures (i.e. anti-spoofing techniques), algorithms or sensors; and — overall system-level security or vulnerability assessment. The attacks considered in this document take place at the biometric capture device during presentation. Any other attacks are considered outside the scope of this document.

This document establishes: — machine-readable records for documenting the output of a biometric test; — formats for data that ISO/IEC 19795 series tests are required to report; and — an ASN.1 syntax for test reports. This document does not: — require, prohibit, or otherwise specify the format of biometric samples or templates used in a test; — require, prohibit or otherwise specify the encapsulation of biometric samples or templates used in a test; or — regulate metrics for tests. NOTE The reportable metrics are established in ISO/IEC 19795-1.

This document specifies a data interchange format for the exchange of deoxyribonucleic acid (DNA) data for person identification or verification technologies that utilize human DNA. Consideration of laboratory procedures is out of scope of this document. This document provides the ability for DNA profile data to be exchanged and used for comparison (subject to privacy regulations) with DNA profile data produced by any other system that is based on a compatible DNA profiling technique and where the data format conforms to this document. This document is intended to cover current forensic DNA profiling or typing techniques that are based on short tandem repeats (STRs), including STRs on the X chromosome (X-STRs) the Y chromosome (Y-STRs), as well as mitochondrial DNA. A single DNA profile for a subject can contain data resulting from more than one of these different DNA techniques. This document enables data from multiple DNA techniques to be presented in a single DNA profile for a given subject. This document has been prepared in light of ongoing efforts to reduce human involvement in the processing (enrolment and comparison) of DNA. In anticipation of the data format requirements for automated DNA techniques, this document describes a format for both processed and raw (electrophoretic) DNA data. A normative XML schema definition (XSD) is provided in Clause A.1 for the syntax of DNA data XML documents. In Clause A.2, there is a sample DNA data XML document. This document is not intended for any other purposes than exchange of DNA for biometric verification and identification of individuals. In particular, it is not intended for the exchange of medical and other health-related information. This document also specifies elements of conformance testing methodology, test assertions and test procedures as applicable to this document. It establishes test assertions pertaining to the structure of the DNA data format (Type A Level 1 as defined in ISO/IEC 19794-1:2011/Amd. 1:2013) and test assertions pertaining to internal consistency of the values contained within each field (Type A,ind Level 2 as defined in ISO/IEC 19794-1:2011/Amd. 1:2013). This document also specifies test assertions pertaining to the content of DNA data XML documents (Level 3 as defined in ISO/IEC 19794-1:2011/Amd. 1:2013). The successful completion of Level 1 and Level 2 is a prerequisite for carrying out the tests at Level 3. The conformance testing methodology specified in this document does not establish: — tests of other characteristics of biometric products or other types of testing of biometric products (e.g. acceptance, performance, robustness, security); — tests of systems not claimed to conform to the requirements of this document.

This document establishes a systematic description of the concepts in the field of biometrics pertaining to recognition of human beings. This document also reconciles variant terms in use in pre-existing International Standards on biometrics against the preferred terms, thereby clarifying the use of terms in this field. This document does not cover concepts (represented by terms) from information technology, pattern recognition, biology, mathematics, etc. Biometrics uses such fields of knowledge as a basis. In principle, mode-specific terms are outside of scope of this document.

This document provides transition examples from ISO/IEC 19794-4:2005 and ISO/IEC 19794-5:2005 formats to ISO/IEC 39794-4:2019 and ISO/IEC 39794-5:2019 formats for eMRTD application. This document also provides an implementation example for the ISO/IEC 39794-6:2021 format. This document includes: — information for eMRTD issuers and eMRTD-reader vendors; — summarized tables of data elements of ISO/IEC 19794-4:2005 and ISO/IEC 19794-5:2005 and ISO/IEC 39794-4:2019, ISO/IEC 39794-5:2019 and ISO/IEC 39794-6:2021; — correspondence tables of data elements between ISO/IEC 19794-4:2005 and ISO/IEC 19794-5:2005 and ISO/IEC 39794-4:2019 and ISO/IEC 39794-5:2019, providing: — information on whether each data element is normative or optional, and — a brief note of each data element from the viewpoint of transition; — tag, length, value (TLV) data examples of ISO/IEC 39794-4:2019, ISO/IEC 39794-5:2019 and ISO/IEC 39794-6:2021 for implementation, and, — tag lists of ISO/IEC 39794-4:2019, ISO/IEC 39794-5:2019 and ISO/IEC 39794-6:2021, and an extended example of ISO/IEC 39794-5 as informative annexes. The following are not within the scope of this document: — second and later editions of the ISO/IEC 19794 series (2011 and after), and, — ASN.1 formats and XML formats specified in the ISO/IEC 39794 series.

This document describes the identification scheme used by the Biometric Registration Authority (BRA) in preparing, maintaining and publishing registers of identifiers for biometric organizations and biometric objects, and provides a description of BRA responsibilities and services. Procedural requirements and recommendations are not within the scope of this document and are maintained separately on the ISO/IEC JTC 1/SC 37 website.

This document specifies data interchange formats for signature/sign behavioural data captured in the form of a multi-dimensional time series using devices such as digitizing tablets or advanced pen systems. The data interchange formats are generic, in that they can be applied and used in a wide range of application areas where handwritten signs or signatures are involved. No application-specific requirements or features are addressed in this document. This document contains: — a description of what data can be captured; — three binary data formats for containing the data: a full format for general use, a compression format capable of holding the same amount of information as the full format but in compressed form, and a compact format for use with smart cards and other tokens that does not require compression/ decompression but conveys less information than the full format; — an XML schema definition; and — examples of data record contents and best practices in capture. Specifying which of the format types and which options defined in this document are to be applied in a particular application is out of scope; this needs to be defined in application-specific requirements specifications or application profiles. It is advisable that cryptographic techniques be used to protect the authenticity, integrity, and confidentiality of stored and transmitted biometric data; yet such provisions are beyond the scope of this document. This document also specifies elements of conformance testing methodology, test assertions and test procedures as applicable to this document. It establishes test assertions on the structure and internal consistency of the signature/sign time series data formats defined in this document (type A level 1 and 2 as defined in ISO/IEC 19794-1) and semantic test assertions (type A level 3 as defined in ISO/IEC 19794-1). The conformance testing methodology specified in this document does not establish: — tests of other characteristics of biometric products or other types of testing of biometric products (e.g. acceptance, performance, robustness, security); or — tests of conformance of systems that do not produce data records claimed to conform to the requirements of this document.

This document addresses: — requirements for planning, executing and reporting the influence of user interaction on biometric system performance based on scenario test methodologies, considering three kinds of factors: a) factors related to the design, position or condition of the capture device, b) factors depending on users and user attributes, c) factors depending on the interaction of users with the biometric system; — specifications for the definition, establishment and measurement of conditions needed for evaluation, including those relating to equipment; — requirements for establishing a reference evaluation condition (REC) and target evaluation condition(s) (TEC) to compare the influence of user interaction factors; — a specification of the biometric evaluation including requirements for test population, test protocols, data to record, test results; and — procedures for carrying out the overall evaluation. This document does not: — determine which parameters ought to be analysed for a specific biometric modality. This is currently covered in ISO/IEC TR 19795-3; — specify requirements for performing a vulnerability analysis modifying user interaction influence factors; — include procedures for performing usability testing.

This document establishes requirements for the annotation of humans, human faces and other body parts, and arbitrary objects appearing in imagery. It specifies the following: — metadata to be inserted in a video stream; — encoding of full and partial spatial and temporal ground truth information for: — objects present in a video, and — objects absent in a video; — procedures for different annotation of known and unknown subjects. This document does not specify: — encoding of video data.

This document introduces the effects of population demographics on biometric functions. It: — establishes terms and definitions relevant to the study of demographic factors in biometric recognition system performance; — identifies areas where biometric systems can exhibit different performances based on different demographic factors of the individuals submitting the biometric samples; — explains how different demographic factors can influence the biometric characteristics captured by different biometric modalities and how these influences can affect biometric performance measures; — presents a case study on existing scientific material that explores the impact of demographic factors on biometric system performance. Only biometric modalities where quantitative information is available on the impact of demographic factors are considered. Outside of the scope of this document are: — effects of disease and injury on biometric performance; and — how religious and cultural norms can affect biometric operations.

This document is intended to provide a generic extensible full body image data format for biometric recognition applications requiring exchange of human full body image data. Typical applications are: a) automated body biometric verification and identification of an unknown individual or cadaver (one-to-one as well as one-to-many comparison); b) support for human verification of identity by comparison of individuals against full body images; and c) support for human examination of full body images with sufficient resolution to allow a human examiner to verify identity or identify a living individual or a cadaver. This document ensures that full human body images and image sequence data generated by video surveillance and other similar systems are suitable for identification and verification. The structure of the data format in this document is compatible with ISO/IEC 39794-5. In addition to the data format, this document specifies application-specific profiles including scene constraints, photographic properties and digital image attributes like image spatial sampling rate, image size, etc. These application profiles are contained in a series of annexes. The 3D encoding types "3D point map" and "range image" are not supported by this document.

This document specifies — generic extensible data interchange formats for the representation of vascular image data: a tagged binary data format based on an extensible specification in ASN.1 and a textual data format based on an XML schema definition that are both capable of holding the same information, — examples of data record contents, — application specific requirements, recommendations, and best practices in data acquisition, and — conformance test assertions and conformance test procedures applicable to this document.

This document specifies examples of application-specific requirements, recommendations and best practices in data acquisition applicable to gait image sequence data. Its typical applications include: a) support for human examination of high-resolution video and still images; b) support for human biometric verification and identification based on video and still images; c) automated gait image sequence verification and identification. This document ensures that image sequences are suitable for human identification and human verification generated by video surveillance and other similar systems. The following topics are not in scope of this document: — Definitions for facial and/or full body image related biometric profiles, which are fully covered in ISO/IEC 39794-5 and ISO/IEC 39794-16 respectively. — Security aspects like digital image sequence electronic signature, Presentation Attack Detection (PAD) and morphing prevention.

This document: — establishes general principles for testing the performance of biometrics systems in terms of error rates and throughput rates for purposes including measurement of performance, prediction of performance, comparison of performance, and verifying conformance with specified performance requirements; — specifies performance metrics for biometric systems; — specifies requirements on the recording of test data and reporting of test results; and — specifies requirements on test protocols in order to: — reduce bias due to inappropriate data collection or analytic procedures; — help achieve the best estimate of field performance for the expended effort; — improve understanding of the limits of applicability of the test results. This document is applicable to empirical performance testing of biometric systems and algorithms through analysis of the comparison scores and decisions output by the system, without requiring detailed knowledge of the system’s algorithms or of the underlying distribution of biometric characteristics in the population of interest. Not within the scope of this document is the measurement of error and throughput rates for people deliberately trying to subvert the intended operation of the biometric system (e.g. by presentation attacks).

This document specifies: — generic extensible data interchange formats for the representation of iris image data: a tagged binary data format based on an extensible specification in ASN.1 and a textual data format based on an XML schema definition that are both capable of holding the same information, — examples of data record contents, — application specific requirements, recommendations, and best practices in data acquisition, and — conformance test assertions and conformance test procedures applicable to this document. The iris image information is stored as: — an array of intensity values optionally compressed with ISO/IEC 15948 or ISO/IEC 15444-1, or — an array of intensity values optionally compressed with ISO/IEC 15948 or ISO/IEC 15444-1 that can be cropped around the iris, with the iris at the centre, and which can incorporate region-of-interest masking of non-iris regions. This document also specifies elements of conformance testing methodology, test assertions, and test procedures, as applicable to this document. It establishes: — test assertions pertaining to the structure of the iris image data format, as specified in Clauses 6, 7, 8 and 9 of this document, — test assertions pertaining to internal consistency by checking the types of values that may be contained within each field, and — semantic test assertions. The conformance testing methodology specified in this document does not establish: — tests of other characteristics of biometric products or other types of testing of biometric products (e.g. acceptance, performance, robustness, security), or — tests of conformance of systems that do not produce data records conforming to the requirements of this document. This document does not establish: — requirements on the optical specifications of cameras, or — requirements on photometric properties of iris images, or — requirements on enrolment processes, workflow and use of iris equipment.

This document specifies an interface of a BioAPI C# framework and BioAPI C# BSP which mirror the corresponding components specified in ISO/IEC 30106-1. The semantic equivalence of this document will be maintained with ISO/IEC 30106-2 (Java implementation). In spite of the differences in actual parameters passed between functions, the names and interface structure are the same.

This document specifies an interface of a BioAPI Java framework and BioAPI Java BSP, which will mirror the corresponding components, specified in ISO/IEC 30106-1. The semantic equivalent of ISO/IEC 30106-1 is maintained in this document.

This document defines: — structures and data elements for biometric information records (BIRs); — the concept of a domain of use to establish the applicability of a standard or specification that conforms with CBEFF requirements; — the concept of a CBEFF patron format, which is a published BIR format specification that complies with CBEFF requirements, specified by a CBEFF patron; — the abstract values and associated semantics of a set of CBEFF data elements to be used in the definition of CBEFF patron formats; This document describes methods to define CBEFF patron formats using CBEFF data elements to specify the structure of BIRs, including the standard biometric headers (SBHs). This document also provides the means for identification of BDB formats in a BIR, but the standardization and interoperability of BDB formats is not within the scope of this document. This document provides a security block (SB) as a means for BIRs to carry information about the encryption of a BDB in the BIR and about integrity mechanisms applied to the BIR itself. The structure and content of SBs is not within the scope of this document. Further, the specification of encryption mechanisms for BDBs and of integrity mechanisms for BIRs is not within the scope of this document. This document specifies transformations from one CBEFF patron format to a different CBEFF patron format. The following are not within the scope of this document: — the encoding of the abstract values of CBEFF data elements to be used in the specification of CBEFF patron formats; and — protection of the privacy of individuals from inappropriate dissemination and use of biometric data.

This document specifies and publishes registered Common Biometric Exchange Formats Framework (CBEFF) patron formats defined by the CBEFF patron ISO/IEC JTC 1/SC 37, and specifies their registered CBEFF patron format types (see ISO/IEC 19785-1) and resulting full ASN.1 OIDs.

The ISO/IEC 24779 series of standards focuses on communication with the data capture subject. This document contains a set of pictograms, icons and symbols to help the general public understand the concepts and procedures for using electronic systems that collect and/or evaluate facial images. Operators can use this document, with the possibility of using additional symbols and information. This set of pictograms, icons and symbols is designed to be used to: — identify the type of biometric sensor; — provide supporting instructions related to facial image collection. To provide this functionality, the set of pictograms, icons and symbols includes both directional pictograms, icons and symbols and action or feedback pictograms, icons and symbols. The facial image pictograms, icons and symbols include: — facial image capture; — single person; — no hat; — no sunglasses; — neutral expression; — hair up; — view direction. Although the pictograms, icons and symbols are presented individually, the pictograms, icons and symbols are intended to be combined to fully illustrate the facial image capture interaction. For example, in a customs or immigration environment, procedures constructed from the individual pictograms, icons and symbols could be presented as: — a series of posters while passengers are in the queue; — a series of transitional frames in a biometric booth; — an animated video or series of transitional frames while passengers are in the queue; — instructional leaflets for passengers to read in the queue.

This document specifies: — generic extensible data interchange formats for the representation of face image data: A tagged binary data format based on an extensible specification in ASN.1 and a textual data format based on an XML schema definition that are both capable of holding the same information; — examples of data record contents; — application specific requirements, recommendations, and best practices in data acquisition; and — conformance test assertions and conformance test procedures applicable to this document.

This document specifies: — generic extensible data interchange formats for the representation of friction ridge image data: a tagged binary data format based on an extensible specification in ASN.1 and a textual data format based on an XML schema definition that are both capable of holding the same information; — examples of data record contents; — application specific requirements, recommendations, and best practices in data acquisition; and — conformance test assertions and conformance test procedures applicable to this document.

This document specifies: — rules and guidelines for defining extensible biometric data interchange formats that are extensible without invalidating previous data structures; — the meaning of common data elements for use in extensible biometric data interchange formats; — common data structures for tagged binary data formats based on an extensible specification in ASN.1; — common data structures for textual data formats based on an XML schema definition; and — conformance testing concepts and methodologies for testing the syntactic conformance of biometric data blocks.

This document provides guidance for performance testing of biometrics when this technology is used on mobile devices with local biometric authentication to improve authentication assurance. This document aims to: — Provide guidance for affordable and cost-efficient testing and reporting methods for performance assessment at a full system level of biometric systems embedded in mobile devices with offline evaluation of false accept rate (FAR) claims. — Define modality-specific considerations of these methods. This document is applicable to: — verification use cases related to secure transactions. This document is not applicable to: — privacy aspects; — secure authentication from mobile device to server; — testing and reporting for presentation attack detection (PAD) mechanisms in mobile devices; — performance testing of biometric sub-systems such as acquisition sub-system or comparison sub-system; — continuous authentication.

This document specifies an interface of a BioAPI C++ framework and BioAPI C++ BSP which will mirror the corresponding components specified in ISO/IEC 30106-1. The semantic equivalence of this document will be maintained with ISO/IEC 30106-2 (Java implementation) and ISO/IEC 30106-3 (C# implementation). In spite of the differences in actual parameters passed between functions, the names and interface structure are the same.

This document specifies elements of conformance testing methodology, test assertions, and test procedures as applicable to two-dimensional face images defined in the ISO/IEC 19794-5:2005 biometric data interchange format standard for face image data. This document establishes — test assertions of the structure of the face image data format as specified in ISO/IEC 19794-5:2005 (Type A Level 1 as defined in ISO/IEC 29109-1:2009), — test assertions of internal consistency by checking the types of values that may be contained within each field (Type A Level 2 as defined in ISO/IEC 29109-1:2009). This document does not establish — tests of conformance of 3D face records defined in ISO/IEC 19794-5:2005, 5.7.1, codes 0x80, 0x81, and 0x82, — tests of conformance of CBEFF structures required by ISO/IEC 19794-5:2005, — tests of consistency with the input biometric data record (Level 3), — tests of conformance of the image data to the quality-related specifications of ISO/IEC 19794-5:2005, — tests of conformance of the image data blocks to the respective JPEG or JPEG 2000 standards, — tests of other characteristics of biometric products or other types of testing of biometric products (e.g., acceptance, performance, robustness, security).