ISO/IEC JTC 1/SC 37 - Biometrics

This document establishes a systematic description of the concepts in the field of biometrics pertaining to recognition of human beings. This document also reconciles variant terms in use in pre-existing International Standards on biometrics against the preferred terms, thereby clarifying the use of terms in this field. This document does not cover concepts (represented by terms) from information technology, pattern recognition, biology, mathematics, etc. Biometrics uses such fields of knowledge as a basis. In principle, mode-specific terms are outside of scope of this document.

This document provides transition examples from ISO/IEC 19794-4:2005 and ISO/IEC 19794-5:2005 formats to ISO/IEC 39794-4:2019 and ISO/IEC 39794-5:2019 formats for eMRTD application. This document also provides an implementation example for the ISO/IEC 39794-6:2021 format. This document includes: — information for eMRTD issuers and eMRTD-reader vendors; — summarized tables of data elements of ISO/IEC 19794-4:2005 and ISO/IEC 19794-5:2005 and ISO/IEC 39794-4:2019, ISO/IEC 39794-5:2019 and ISO/IEC 39794-6:2021; — correspondence tables of data elements between ISO/IEC 19794-4:2005 and ISO/IEC 19794-5:2005 and ISO/IEC 39794-4:2019 and ISO/IEC 39794-5:2019, providing: — information on whether each data element is normative or optional, and — a brief note of each data element from the viewpoint of transition; — tag, length, value (TLV) data examples of ISO/IEC 39794-4:2019, ISO/IEC 39794-5:2019 and ISO/IEC 39794-6:2021 for implementation, and, — tag lists of ISO/IEC 39794-4:2019, ISO/IEC 39794-5:2019 and ISO/IEC 39794-6:2021, and an extended example of ISO/IEC 39794-5 as informative annexes. The following are not within the scope of this document: — second and later editions of the ISO/IEC 19794 series (2011 and after), and, — ASN.1 formats and XML formats specified in the ISO/IEC 39794 series.

This document describes the identification scheme used by the Biometric Registration Authority (BRA) in preparing, maintaining and publishing registers of identifiers for biometric organizations and biometric objects, and provides a description of BRA responsibilities and services. Procedural requirements and recommendations are not within the scope of this document and are maintained separately on the ISO/IEC JTC 1/SC 37 website.

This document specifies data interchange formats for signature/sign behavioural data captured in the form of a multi-dimensional time series using devices such as digitizing tablets or advanced pen systems. The data interchange formats are generic, in that they can be applied and used in a wide range of application areas where handwritten signs or signatures are involved. No application-specific requirements or features are addressed in this document. This document contains: — a description of what data can be captured; — three binary data formats for containing the data: a full format for general use, a compression format capable of holding the same amount of information as the full format but in compressed form, and a compact format for use with smart cards and other tokens that does not require compression/ decompression but conveys less information than the full format; — an XML schema definition; and — examples of data record contents and best practices in capture. Specifying which of the format types and which options defined in this document are to be applied in a particular application is out of scope; this needs to be defined in application-specific requirements specifications or application profiles. It is advisable that cryptographic techniques be used to protect the authenticity, integrity, and confidentiality of stored and transmitted biometric data; yet such provisions are beyond the scope of this document. This document also specifies elements of conformance testing methodology, test assertions and test procedures as applicable to this document. It establishes test assertions on the structure and internal consistency of the signature/sign time series data formats defined in this document (type A level 1 and 2 as defined in ISO/IEC 19794-1) and semantic test assertions (type A level 3 as defined in ISO/IEC 19794-1). The conformance testing methodology specified in this document does not establish: — tests of other characteristics of biometric products or other types of testing of biometric products (e.g. acceptance, performance, robustness, security); or — tests of conformance of systems that do not produce data records claimed to conform to the requirements of this document.

This document addresses: — requirements for planning, executing and reporting the influence of user interaction on biometric system performance based on scenario test methodologies, considering three kinds of factors: a) factors related to the design, position or condition of the capture device, b) factors depending on users and user attributes, c) factors depending on the interaction of users with the biometric system; — specifications for the definition, establishment and measurement of conditions needed for evaluation, including those relating to equipment; — requirements for establishing a reference evaluation condition (REC) and target evaluation condition(s) (TEC) to compare the influence of user interaction factors; — a specification of the biometric evaluation including requirements for test population, test protocols, data to record, test results; and — procedures for carrying out the overall evaluation. This document does not: — determine which parameters ought to be analysed for a specific biometric modality. This is currently covered in ISO/IEC TR 19795-3; — specify requirements for performing a vulnerability analysis modifying user interaction influence factors; — include procedures for performing usability testing.

This document establishes requirements for the annotation of humans, human faces and other body parts, and arbitrary objects appearing in imagery. It specifies the following: — metadata to be inserted in a video stream; — encoding of full and partial spatial and temporal ground truth information for: — objects present in a video, and — objects absent in a video; — procedures for different annotation of known and unknown subjects. This document does not specify: — encoding of video data.

This document introduces the effects of population demographics on biometric functions. It: — establishes terms and definitions relevant to the study of demographic factors in biometric recognition system performance; — identifies areas where biometric systems can exhibit different performances based on different demographic factors of the individuals submitting the biometric samples; — explains how different demographic factors can influence the biometric characteristics captured by different biometric modalities and how these influences can affect biometric performance measures; — presents a case study on existing scientific material that explores the impact of demographic factors on biometric system performance. Only biometric modalities where quantitative information is available on the impact of demographic factors are considered. Outside of the scope of this document are: — effects of disease and injury on biometric performance; and — how religious and cultural norms can affect biometric operations.

This document is intended to provide a generic extensible full body image data format for biometric recognition applications requiring exchange of human full body image data. Typical applications are: a) automated body biometric verification and identification of an unknown individual or cadaver (one-to-one as well as one-to-many comparison); b) support for human verification of identity by comparison of individuals against full body images; and c) support for human examination of full body images with sufficient resolution to allow a human examiner to verify identity or identify a living individual or a cadaver. This document ensures that full human body images and image sequence data generated by video surveillance and other similar systems are suitable for identification and verification. The structure of the data format in this document is compatible with ISO/IEC 39794-5. In addition to the data format, this document specifies application-specific profiles including scene constraints, photographic properties and digital image attributes like image spatial sampling rate, image size, etc. These application profiles are contained in a series of annexes. The 3D encoding types "3D point map" and "range image" are not supported by this document.

This document specifies examples of application-specific requirements, recommendations and best practices in data acquisition applicable to gait image sequence data. Its typical applications include: a) support for human examination of high-resolution video and still images; b) support for human biometric verification and identification based on video and still images; c) automated gait image sequence verification and identification. This document ensures that image sequences are suitable for human identification and human verification generated by video surveillance and other similar systems. The following topics are not in scope of this document: — Definitions for facial and/or full body image related biometric profiles, which are fully covered in ISO/IEC 39794-5 and ISO/IEC 39794-16 respectively. — Security aspects like digital image sequence electronic signature, Presentation Attack Detection (PAD) and morphing prevention.

This document specifies — generic extensible data interchange formats for the representation of vascular image data: a tagged binary data format based on an extensible specification in ASN.1 and a textual data format based on an XML schema definition that are both capable of holding the same information, — examples of data record contents, — application specific requirements, recommendations, and best practices in data acquisition, and — conformance test assertions and conformance test procedures applicable to this document.

This document: — establishes general principles for testing the performance of biometrics systems in terms of error rates and throughput rates for purposes including measurement of performance, prediction of performance, comparison of performance, and verifying conformance with specified performance requirements; — specifies performance metrics for biometric systems; — specifies requirements on the recording of test data and reporting of test results; and — specifies requirements on test protocols in order to: — reduce bias due to inappropriate data collection or analytic procedures; — help achieve the best estimate of field performance for the expended effort; — improve understanding of the limits of applicability of the test results. This document is applicable to empirical performance testing of biometric systems and algorithms through analysis of the comparison scores and decisions output by the system, without requiring detailed knowledge of the system’s algorithms or of the underlying distribution of biometric characteristics in the population of interest. Not within the scope of this document is the measurement of error and throughput rates for people deliberately trying to subvert the intended operation of the biometric system (e.g. by presentation attacks).

This document specifies: — generic extensible data interchange formats for the representation of iris image data: a tagged binary data format based on an extensible specification in ASN.1 and a textual data format based on an XML schema definition that are both capable of holding the same information, — examples of data record contents, — application specific requirements, recommendations, and best practices in data acquisition, and — conformance test assertions and conformance test procedures applicable to this document. The iris image information is stored as: — an array of intensity values optionally compressed with ISO/IEC 15948 or ISO/IEC 15444-1, or — an array of intensity values optionally compressed with ISO/IEC 15948 or ISO/IEC 15444-1 that can be cropped around the iris, with the iris at the centre, and which can incorporate region-of-interest masking of non-iris regions. This document also specifies elements of conformance testing methodology, test assertions, and test procedures, as applicable to this document. It establishes: — test assertions pertaining to the structure of the iris image data format, as specified in Clauses 6, 7, 8 and 9 of this document, — test assertions pertaining to internal consistency by checking the types of values that may be contained within each field, and — semantic test assertions. The conformance testing methodology specified in this document does not establish: — tests of other characteristics of biometric products or other types of testing of biometric products (e.g. acceptance, performance, robustness, security), or — tests of conformance of systems that do not produce data records conforming to the requirements of this document. This document does not establish: — requirements on the optical specifications of cameras, or — requirements on photometric properties of iris images, or — requirements on enrolment processes, workflow and use of iris equipment.

This document specifies an interface of a BioAPI C# framework and BioAPI C# BSP which mirror the corresponding components specified in ISO/IEC 30106-1. The semantic equivalence of this document will be maintained with ISO/IEC 30106-2 (Java implementation). In spite of the differences in actual parameters passed between functions, the names and interface structure are the same.

This document specifies an interface of a BioAPI Java framework and BioAPI Java BSP, which will mirror the corresponding components, specified in ISO/IEC 30106-1. The semantic equivalent of ISO/IEC 30106-1 is maintained in this document.

This document defines: — structures and data elements for biometric information records (BIRs); — the concept of a domain of use to establish the applicability of a standard or specification that conforms with CBEFF requirements; — the concept of a CBEFF patron format, which is a published BIR format specification that complies with CBEFF requirements, specified by a CBEFF patron; — the abstract values and associated semantics of a set of CBEFF data elements to be used in the definition of CBEFF patron formats; This document describes methods to define CBEFF patron formats using CBEFF data elements to specify the structure of BIRs, including the standard biometric headers (SBHs). This document also provides the means for identification of BDB formats in a BIR, but the standardization and interoperability of BDB formats is not within the scope of this document. This document provides a security block (SB) as a means for BIRs to carry information about the encryption of a BDB in the BIR and about integrity mechanisms applied to the BIR itself. The structure and content of SBs is not within the scope of this document. Further, the specification of encryption mechanisms for BDBs and of integrity mechanisms for BIRs is not within the scope of this document. This document specifies transformations from one CBEFF patron format to a different CBEFF patron format. The following are not within the scope of this document: — the encoding of the abstract values of CBEFF data elements to be used in the specification of CBEFF patron formats; and — protection of the privacy of individuals from inappropriate dissemination and use of biometric data.

This document specifies and publishes registered Common Biometric Exchange Formats Framework (CBEFF) patron formats defined by the CBEFF patron ISO/IEC JTC 1/SC 37, and specifies their registered CBEFF patron format types (see ISO/IEC 19785-1) and resulting full ASN.1 OIDs.

This document is a profile that provides requirements for testing biometric presentation attack detection (PAD) mechanisms on mobile devices with local biometric recognition. This document lists requirements from ISO/IEC 30107‑3 specific to mobile devices. It also establishes new requirements not present in ISO/IEC 30107‑3. For each requirement, the profile defines an Approach in Presentation Attack Detection (PAD) Testing for Mobile Devices. For some requirements, numerical values or ranges are provided in the form of best practices. This profile is applicable to mobile devices that operate as closed systems with no access to internal results, including mobile devices with local biometric recognition as well as biometric modules for mobile devices. Out of the scope of this document are the following: — mobile devices solely with remote biometric recognition. The attacks considered in this document take place at the sensor during the presentation and collection of the biometric characteristics. Any other attacks are outside the scope of this document.

The ISO/IEC 24779 series of standards focuses on communication with the data capture subject. This document contains a set of pictograms, icons and symbols to help the general public understand the concepts and procedures for using electronic systems that collect and/or evaluate facial images. Operators can use this document, with the possibility of using additional symbols and information. This set of pictograms, icons and symbols is designed to be used to: — identify the type of biometric sensor; — provide supporting instructions related to facial image collection. To provide this functionality, the set of pictograms, icons and symbols includes both directional pictograms, icons and symbols and action or feedback pictograms, icons and symbols. The facial image pictograms, icons and symbols include: — facial image capture; — single person; — no hat; — no sunglasses; — neutral expression; — hair up; — view direction. Although the pictograms, icons and symbols are presented individually, the pictograms, icons and symbols are intended to be combined to fully illustrate the facial image capture interaction. For example, in a customs or immigration environment, procedures constructed from the individual pictograms, icons and symbols could be presented as: — a series of posters while passengers are in the queue; — a series of transitional frames in a biometric booth; — an animated video or series of transitional frames while passengers are in the queue; — instructional leaflets for passengers to read in the queue.

This document specifies: — rules and guidelines for defining extensible biometric data interchange formats that are extensible without invalidating previous data structures; — the meaning of common data elements for use in extensible biometric data interchange formats; — common data structures for tagged binary data formats based on an extensible specification in ASN.1; — common data structures for textual data formats based on an XML schema definition; and — conformance testing concepts and methodologies for testing the syntactic conformance of biometric data blocks.

This document specifies: — generic extensible data interchange formats for the representation of face image data: A tagged binary data format based on an extensible specification in ASN.1 and a textual data format based on an XML schema definition that are both capable of holding the same information; — examples of data record contents; — application specific requirements, recommendations, and best practices in data acquisition; and — conformance test assertions and conformance test procedures applicable to this document.

This document specifies: — generic extensible data interchange formats for the representation of friction ridge image data: a tagged binary data format based on an extensible specification in ASN.1 and a textual data format based on an XML schema definition that are both capable of holding the same information; — examples of data record contents; — application specific requirements, recommendations, and best practices in data acquisition; and — conformance test assertions and conformance test procedures applicable to this document.

This document provides guidance for performance testing of biometrics when this technology is used on mobile devices with local biometric authentication to improve authentication assurance. This document aims to: — Provide guidance for affordable and cost-efficient testing and reporting methods for performance assessment at a full system level of biometric systems embedded in mobile devices with offline evaluation of false accept rate (FAR) claims. — Define modality-specific considerations of these methods. This document is applicable to: — verification use cases related to secure transactions. This document is not applicable to: — privacy aspects; — secure authentication from mobile device to server; — testing and reporting for presentation attack detection (PAD) mechanisms in mobile devices; — performance testing of biometric sub-systems such as acquisition sub-system or comparison sub-system; — continuous authentication.

This document specifies an interface of a BioAPI C++ framework and BioAPI C++ BSP which will mirror the corresponding components specified in ISO/IEC 30106-1. The semantic equivalence of this document will be maintained with ISO/IEC 30106-2 (Java implementation) and ISO/IEC 30106-3 (C# implementation). In spite of the differences in actual parameters passed between functions, the names and interface structure are the same.

The ISO 30137 series is applicable to the use of biometrics in VSS (also known as Closed Circuit Television or CCTV systems) for a number of scenarios, including real-time operation against watchlists and in post event analysis of video data. In most cases, the biometric mode of choice will be face recognition, but this document also provides guidance for other modalities such as gait recognition. This document: — defines the key terms for use in the specification of biometric technologies in a VSS, including metrics for defining performance; — provides guidance on selection of camera types, placement of cameras, image specification etc. for the operation of a biometric recognition capability in conjunction with a VSS; — provides guidance on the composition of the gallery (or watchlist) against which facial images from the VSS are compared, including the selection of appropriate images of sufficient quality, and the size of the gallery in relation to performance requirements; — makes recommendations on data formats for facial images and other relevant information (including metadata) obtained from video footage, used in watchlist images, or from observations made by human operators; — establishes general principles for supporting the operator of the VSS, including user interfaces and processes to ensure efficient and effective operation, and highlights the need to have suitably trained personnel; — highlights the need for robust governance processes to provide assurance that the implemented security, privacy and personal data protection measures specific to the use of biometric technologies with a VSS (e.g. internationally recognizable signage) are fit for purpose, and that societal considerations are reflected in the deployed system. This document also provides information on related recognition and detection tasks in a VSS such as: — estimation of crowd densities; — determining patterns of movement of individuals; — identification of individuals appearing in more than one camera; — use of other biometric modalities such as gait or iris; — use of specialized software to infer attributes of individuals, e.g. estimation of gender and age; — interfaces to other related functionality, e.g. video analytics to measure queue lengths or to alert for abandoned baggage.

This document specifies elements of conformance testing methodology, test assertions, and test procedures as applicable to two-dimensional face images defined in the ISO/IEC 19794-5:2005 biometric data interchange format standard for face image data. This document establishes — test assertions of the structure of the face image data format as specified in ISO/IEC 19794-5:2005 (Type A Level 1 as defined in ISO/IEC 29109-1:2009), — test assertions of internal consistency by checking the types of values that may be contained within each field (Type A Level 2 as defined in ISO/IEC 29109-1:2009). This document does not establish — tests of conformance of 3D face records defined in ISO/IEC 19794-5:2005, 5.7.1, codes 0x80, 0x81, and 0x82, — tests of conformance of CBEFF structures required by ISO/IEC 19794-5:2005, — tests of consistency with the input biometric data record (Level 3), — tests of conformance of the image data to the quality-related specifications of ISO/IEC 19794-5:2005, — tests of conformance of the image data blocks to the respective JPEG or JPEG 2000 standards, — tests of other characteristics of biometric products or other types of testing of biometric products (e.g., acceptance, performance, robustness, security).

This document provides guidelines to follow during the acquisition process of slap tenprints in order to obtain fingerprints of the best quality possible within acceptable time constraints. Non-cooperative users are out of the scope of this document. When using ten-fingerprint sensors, it is fundamental to know how to use them and how to proceed with the acquisition. This document describes how to capture fingerprints correctly by specifying best practices for slap tenprint captures. It gives recommendations on the following topics: 1) hardware of the fingerprint sensor and its deployment; 2) user guidance; 3) enrolment process including a sample workflow; 4) application software for developers and system integrators; 5) processing, compression and coding of the acquired fingerprint images; 6) operational issues and data logging; 7) evaluation of a solution and its components. Although this document primarily focuses on reaching optimal data quality for enrolment purposes, the recommendations given here are applicable for other purposes. All processes which rely on good quality tenprint slaps can take advantage of the best practices.

This document consolidates information relating to successful, secure and usable implementation of biometric enrolment processes, while indicating risk factors that organisations proposing to use biometric technologies will should address during procurement, design, deployment and operation. Much of the information is generic to many types of application, e.g. from national scale commercial and government applications, to closed systems for in-house operations, and to consumer applications. However, the intended application and its purpose often have influence on the necessary enrolment data quality and are intended to be taken into account when specifying an enrolment system and process. The document points out the differences in operation relating to specific types of application, e.g. where self-enrolment is more appropriate than attended operation. This document focuses on mandatory, attended enrolment at fixed locations. In summary, this document consolidates information relating to better practice implementation of biometric enrolment capability in various business contexts including considerations of process, function (system), and technology, as well as legal/privacy and policy aspects. The document provides guidance on collection and storage of biometric enrolment data and the impact on dependent processes of verification and identification. This document does not include material specific to forensic and law enforcement applications. This document does not contain any mandatory requirements. The following terms are used in this document to provide guidance. The terms "should" and "should not" indicate that among several possibilities one is recommended as particularly suitable, without mentioning or excluding others, or that a certain course of action is preferred but not necessarily required, or that (in the negative form) a certain possibility or course of action is discouraged but not prohibited. The term "may" indicates a course of action permissible within the limits of the publication. The terms "can" and "cannot" indicate a possibility and capability, whether material, physical or causal.

ISO/IEC 19784-1:2018 defines the Application Programming Interface (API) and Service Provider Interface (SPI) for standard interfaces within a biometric system that support the provision of that biometric system using components from multiple vendors. It provides interworking between such components through adherence to this and to other International Standards. For use in a system that does not include a BioAPI Framework (called a framework-free BioAPI system), only the SPI interface is applicable, with applications interfacing directly to that in a platform-specific manner. NOTE 1 Many clauses and/or sub-clauses of this document are not applicable for implementation of a framework-free BioAPI system. These are identified at the head of the clause of sub-clause. The BioAPI specification is applicable to a broad range of biometric technology types. It is also applicable to a wide variety of biometrically enabled applications, from personal devices, through network security applications, to large complex identification systems. ISO/IEC 19784-1:2018 supports an architecture in which a BioAPI Framework supports multiple simultaneous biometric applications (provided by different vendors), using multiple dynamically installed and loaded (or unloaded) Biometric Service Provider (BSP) components and BioAPI Units (provided by other different vendors), possibly using one of an alternative set of BioAPI Function Provider (BFP) components (provided by other vendors) or by direct management of BioAPI Units. NOTE 2 Where BioAPI Units are provided by a different vendor fom a BSP, a standardised BioAPI Function Provider Interface (FPI) may be needed. This is outside the scope of this document, but is specified by later parts for the different categories of FPI. NOTE 3 Where a BioAPI Framework is not used in a system, the ability to support multiple applications and multiple BSPs is platform-dependent and depends on the nature of the system-integration techniques employed. ISO/IEC 19784-1:2018 is not required (and should normally not be referenced) when a complete biometric system is being procured from a single vendor, particularly if the addition or interchange of biometric hardware, services, or applications is not a feature of that biometric system. (Such systems are sometimes referred to as "embedded systems".) Standardisation of such systems is not in the scope of this document. ISO/IEC 19784-1:2018 does not define security requirements for biometric applications and biometric service providers. NOTE 4 ISO 19092 provides guidelines on security aspects of biometric systems[3]. The performance of biometric systems (particularly in relation to searches of a large population to provide the biometric identification capability) is not in the scope of this document. Trade-offs between interoperability and performance are not in the scope of this document. ISO/IEC 19784-1:2018 specifies a version of the BioAPI specification that is defined to have a version number described as Major 2, Minor 0, or version 2.0. It also specifies a version number described as Major 2, Minor 1, or version 2.1 that provides an enhanced Graphical User Interface. It also specifies a version number described as Major 2, Minor 2, or version 2.2 that provides features supporting fusion and security. Some clauses and sub-clauses apply only to one of these versions, some to two or more. This is identified at the head of the relevant clauses and sub-clauses. NOTE 5 Earlier versions of the BioAPI specification were not International Standards. NOTE 6 The differences between the requirements of the 2.0 specification and the 2.1 specification for framework-free operation relate only to the biometric type values and encodings. Conformance requirements are specified in Clause 5.

ISO/IEC 30136:2018 supports evaluation of the accuracy, secrecy, and privacy of biometric template protection schemes. It establishes definitions, terminology, and metrics for stating the performance of such schemes. Particularly, this document establishes requirements for the measurement and reporting of: - theoretical and empirical accuracy of biometric template protection schemes, - theoretical and empirical probability of a successful attack on biometric template protection schemes (single or multiple), and - the information leaked about the original biometric when one or more biometric template protection schemes are compromised. ISO/IEC 30136:2018 also gives guidance on measuring and reporting diversity and unlinkability of templates. ISO/IEC 30136:2018 does not: - establish template protection schemes; - address testing of traditional encryption schemes.

ISO/IEC 19794-13:2018 specifies a data interchange format that can be used for storing, recording, and transmitting digitized acoustic human voice data (speech) assumed to be from a single speaker recorded in a single session. This format is designed specifically to support a wide variety of Speaker Identification and Verification (SIV) applications, both text-dependent and text-independent, with minimal assumptions made regarding the voice data capture conditions or the collection environment. Other uses for the data encapsulated in this format, such as automated speech recognition (ASR), may be possible, but are not addressed in this documnet. This document also does not address handling of data that has been processed to the feature or voice model levels. No application-specific requirements, equipment, or features are addressed in this document. This document supports the optional inclusion of non-standardized extended data. This document allows both the original data captured and digitally-processed (enhanced) voice data to be exchanged. A description of any processing of the original source input is intended to be included in the metadata associated with the voice representations (VRs). This document does not address data streaming. Provisions that stored and transmitted biometric data be time-stamped and that cryptographic techniques be used to protect their authenticity, integrity and confidentiality are out of the scope of this document. Information formatted in accordance with this document can be recorded on machine-readable media or can be transmitted by data communication between systems. A general content-oriented subclause describing the voice data interchange format is followed by a subclause addressing an XML schema definition. ISO/IEC 19794-13:2018 includes vocabulary in common use by the speech and speaker recognition community, as well as terminology from other ISO standards.

ISO/IEC TR 24741:2018 describes the history of biometrics and what biometrics does, the various biometric technologies in general use today (for example, fingerprint recognition and face recognition) and the architecture of the systems and the system processes that allow automated recognition using those technologies. It also provides information about the application of biometrics in various business domains such as border management, law enforcement and driver licensing, the societal and jurisdiction considerations that are typically taken into account in biometric systems, and the international standards that underpin their use.

ISO/IEC 30107-2:2017 defines data formats for conveying the mechanism used in biometric presentation attack detection and for conveying the results of presentation attack detection methods. The attacks considered in the ISO/IEC 30107 series take place at the sensor during the presentation and collection of the biometric characteristics. Any other attacks are outside the scope of this document. ISO/IEC 30107-2:2017 contains the following data formats: a binary format and an XML schema. The data interchange formats in this document are generic, in that they may be applied and used in a wide range of application areas. No application-specific requirements are addressed here. Provisions for the cryptographic protection of the authenticity, integrity, and confidentiality of stored and transmitted presentation attack detection data are beyond the scope of this document. NOTE While addressing security is out of the scope of this document, PAD data may be protected by encoding them into a biometric information record (see ISO/IEC 19785-1) that includes an optional security block.

ISO/IEC 24709-1:2017 specifies the concepts, framework, test methods, and criteria required to test conformity of biometric products claiming conformance to BioAPI (see ISO/IEC 19784-1). Guidelines for specifying BioAPI conformance test suites, writing test assertions, and defining procedures to be followed during the conformance testing are provided. ISO/IEC 24709-1:2017 is concerned with conformance testing of biometric products claiming conformance to BioAPI (see ISO/IEC 19784-1). It is not concerned with testing other characteristics of biometric products or other types of testing of biometric products (i.e. acceptance, performance, robustness, security, etc.) Testing by means of test methods, which are specific to particular biometric products, are not the subject of ISO/IEC 24709-1:2017. ISO/IEC 24709-1:2017 is applicable to the development and use of conformance test method specifications, BioAPI conformance test suites, and conformance testing programs for BioAPI-conformant products. It is intended primarily for use by testing organizations, but can be applied by developers and users of test assertions and test method implementations.

ISO/IEC 29794-4:2017 establishes - terms and definitions for quantifying finger image quality, - methods used to quantify the quality of finger images, and - standardized encoding of finger image quality, for finger images at 196,85 px/cm spatial sampling rate scanned or captured using optical sensors with capture dimension (width, height) of at least 1,27 cm × 1,651 cm.

ISO/IEC 30107-3:2017 establishes: - principles and methods for performance assessment of presentation attack detection mechanisms; - reporting of testing results from evaluations of presentation attack detection mechanisms; - a classification of known attack types (in an informative annex). Outside the scope are: - standardization of specific PAD mechanisms; - detailed information about countermeasures (i.e. anti-spoofing techniques), algorithms, or sensors; - overall system-level security or vulnerability assessment. The attacks considered in this document take place at the sensor during presentation. Any other attacks are considered outside the scope of this document.

ISO/IEC 19794-15:2017 specifies an image interchange format for biometric person identification or verification technologies that utilize human palm crease biometric images and can be used for the exchange and comparison of palm crease image data. It specifies a data record interchange format for storing, recording, and transmitting palm crease biometric information from palm crease imaging. It defines the contents, format, and units of measurement for the image exchange. The format consists of mandatory and optional items, including scanning parameters, compressed or uncompressed image specifications and vendor-specific information. Information compiled and formatted in accordance with this document can be recorded on machine-readable media or may be transmitted by data communication facilities.

ISO/IEC 24779-4:2017 contains a set of symbols, icons and pictograms to help the general public understand the concepts and procedures for using electronic systems that collect and/or process fingerprints. This set of symbols, icons and pictograms is designed to be used to - identify the type of biometric device, - provide static instructions related to a fingerprint device, - display dynamic real-time information related to the fingerprint device, and - indicate the status of the fingerprint device. To provide this functionality, the set of symbols, icons and pictograms includes both directional symbols, icons and pictograms and real-time action or feedback symbols, icons and pictograms. The fingerprint device symbols, icons and pictograms can be categorized as - finger/hand general biometric, - kind of finger, four fingers or hand device, - finger/hand placement, - biometric position and impression which needs to be presented next, - hand orientation (switched hands), - finger/hand quality feedback, - press (more or less), - raise/lower angle, - finger/hand positioning, - hand/finger orientation, - necessary finger/hand movement (forward, backward, lateral), - rotation, - change angle, and - rolling finger(s). Although the symbols, icons and pictograms are presented individually, it is intended that the symbols, icons and pictograms be combined to fully illustrate the fingerprinting interaction. Alternative illustrations might be used; for example, in a customs or immigration environment, procedures constructed from the individual symbols, icons and pictograms could additionally be presented as - a series of posters while waiting to use the biometric system, - a series of transitional frames in a biometric booth, - an animated video or series of transitional frames while waiting to use the biometric system, and - instructional leaflets to read while waiting to use the biometric system. This multi-part International standard focuses on communication with the data capture subject. Operators could use this International standard, but they might need additional symbols and information.

ISO/IEC TR 30125:2016 provides guidance for developing a consistent and secure method of biometric (either alone or supported by non-biometric) personalization and authentication in a mobile environment for systems procured on the open market. Guidance is provided for - 1:1 verification or 1:few positive identification; - biometric sample capture in the mobile environment where conditions are not well controlled and not covered in ISO/IEC Biometric interchange format standards and the ISO/IEC Biometric sample quality Technical Reports; NOTE 1 Further information regarding architectures may be found in NIST/SP 500-288. - the best use of multiple biometric and non-biometric (PINs, passwords, personal data) personalization and authentication methods (i.e. multifactor). NOTE 2 More information may be found in ISO/IEC 30108‑1. ISO/IEC TR 30125:2016 defines a framework to address methods and approaches for remote and unsupervised enrolment, together with secure storage and transmission of biometric and supporting biographic data, covering a variety of both online connected and offline modes. ISO/IEC TR 30125:2016 identifies the functional elements and components of a generic mobile biometric system and the distinct characteristics of each component. It provides guidance related to a generic mobile architecture with reference to supporting standards. The context recognizes a) the user as being mobile and b) operation across a variety of platforms, particularly mobile devices but also including tablet, laptop and other personal computing devices. The key to defining this context is whether the user's environment is physically controlled by the organization to which the user seeks access.

ISO/IEC 24779-1:2016 multi-part International Standard specifies a family of icons and symbols used in association with devices for biometric enrolment, verification and/or identification. This part of ISO/IEC 24779 describes the approach used in specifying icons and the range of biometric technologies for which icon and symbol development is considered. The symbols and icons are intended to show the modality of biometrics and to advise the necessity of appropriate preparation for and behaviour required when using the biometric systems. They are also intended to assist subjects by guiding them as they use the biometric systems. ISO/IEC 24779-1:2016 Standard focuses on both enrolment and recognition processes. Icons and symbols used exclusively for biometric enrolment are not specified since most enrolment systems will be supervised, and an attendant will be available to explain to biometric capture subjects what to do. ISO/IEC 24779-1:2016 Standard focuses on communication with the data capture subject. Operators could use this part of ISO/IEC 24779, but they might need additional symbols and information.

ISO/IEC 30106-1:2016 specifies an architecture for a set of interfaces which define the OO BioAPI. Components defined in this part of ISO/IEC 30106 include a framework, Biometric Service Providers (BSPs), Biometric Function Providers (BFPs) and a component registry. NOTE Each of these components have an equivalent component specified in ISO/IEC 19784‑1 as the OO BioAPI is intended to be an OO interpretation of this part of ISO/IEC 30106. For this reason, this part of ISO/IEC 30106 is conceptually equivalent to ISO/IEC 19784‑1. Concepts present in this part of ISO/IEC 30106 (for example, BioAPI_Unit and component registry) have the same meaning as in ISO/IEC 19784‑1. While the conceptual equivalence of this part of ISO/IEC 30106 will be maintained with ISO/IEC 19784‑1, there are differences in the parameters passed between functions and the sequence of function calls. These differences exist to take advantage of the features provided by Object Oriented Programming Languages.

Abstract: In recent years, there has been an increase in the availability and interest in using biometric sensors for authenticating users, but the potential for attacks on a system through the biometric sensor has limited the use of biometrics in applications which are unsupervised by an agent of the system owner, such as remote authentication over untrusted networks. Biometric data can be easily obtained directly from a person, online, or through existing databases and then used to create spoofs (or fakes) to mount an attack. The presentation of a biometric spoof (e.g. a facial image or video of a person on a tablet or a fake silicone or gelatin fingerprint) to a biometric sensor can be detected by methods broadly referred to as presentation attack detection, PAD. The purpose of ISO/IEC 30107-1 is to provide a foundation for PAD through defining terms and establishing a framework through which presentation attack events can be specified and detected so that they can be categorized, detailed and communicated for subsequent decision making and performance assessment activities. This foundation is intended to not only introduce and frame the topics of presentation attacks and PAD but also to benefit other standards projects. This standard does not advocate a specific standard PAD method. The scope is limited to describing attacks that take place at the sensor during the presentation and collection of biometric characteristics. There are two other parts of ISO/IEC 30107, under the general title Information Technology - Biometric presentation attack detection: - Part 2:Data Formats - Part 3: Testing and reporting. Keywords: Liveness, liveness detection, biometric liveness detection, spoof detection, biometric spoof, biometric spoof detection, fake, fake biometric, fake biometrics, arefact, artefact detection. .

ISO/IEC 29794-1:2016, for any or all biometric sample types as necessary, establishes the following: - terms and definitions that are useful in the specification and use of quality metrics; - purpose and interpretation of biometric quality scores; - encoding of quality data fields in biometric data interchange formats; - methods for developing biometric sample datasets for the purpose of quality score normalisation; - format for exchange of quality algorithm results; - methods for aggregation of quality scores. The following are outside the scope of ISO/IEC 29794-1:2016: - specification of minimum requirements for sample, module, or system quality scores; - performance assessment of quality algorithms; - standardization of quality algorithms.

ISO/IEC TR 24722:2015 contains descriptions of and analyses of current practices on multimodal and other multibiometric fusion, including (as appropriate) references to more detailed descriptions. ISO/IEC TR 24722:2015 contains descriptions and explanations of high-level multibiometric concepts to aid in the explanation of multibiometric fusion approaches including multi-characteristic-type, multiinstance, multisensorial, multialgorithmic, decision-level and score-level logic.

ISO/IEC TR 29156:2015 provides guidance on specifying performance requirements for authentication using biometric recognition in order to achieve desired levels of security and usability for the authentication mechanism. Guidance addresses issues such as the following: - the biometric performance metrics that impact security and usability; - comparing and quantifying the security and usability of biometrics and other authentication mechanisms, when used alone or in combination; - how to combine performance of individual authentication elements in order to meet an overall security and usability requirement; - the trade-off between security and usability in applications using biometric recognition; - considerations in maintaining security and usability in systems incorporating biometrics. The guidance is targeted towards applications that - use biometrics for the authentication of individuals, and - are of small to medium size (in terms of the number of enrolled individuals). The guidance does not address the following: - surveillance systems; - systems whose primary aim is to detect and prevent attempts by individuals to create multiple enrolments under different identities; - systems with a large and diverse population of enrolees, which can include people with special needs; - other systems with a complex mix of functional, security and usability requirements. Such large-scale applications are typically the domain of large organizations, and it is assumed that the developers of such systems will have access to appropriate biometric expertise able to provide guidance beyond the scope of this Technical Report. This Technical Report does not address biometric modality and technology specific issues, nor does it provide quantitative biometric performance requirements that would satisfy a particular application.