International Biometrics Standards
The Biometrics Institute is working with Standards Australia, both are represented on the SC37 group towards developing a set of standards for the implementation of biometrics. If you would like to be part of the working groups for the development of these standards then please contact us.
Biometrics Institute Updates on the development of biometric standards can be accessed in the Biometrics Institute newsletter (members only).
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National Bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity.
In the field of information technology, ISO and IEC have established a Joint Technical Committee 1: ISO/IEC JTC 1 on Information Technology.
ISO/IEC JTC 1 SC 37 on Biometrics
Chair: Mr. Fernando Podio (USA)
International Standards under SC37
In June 2002, JTC 1 established a new Subcommittee 37 on Biometrics. The goal of this JTC 1 SC is to ensure a high priority, focused, and comprehensive approach worldwide for the rapid development and approval of formal international biometric standards. These standards are necessary to support the rapid deployment of significantly better, open systems standard-based security solutions for purposes such as homeland defence and the prevention of ID theft.
The JTC 1/SC 37 is responsible for the standardisation of biometric technologies pertaining to human beings to support interoperability and data interchange among applications and systems. There are 6 working groups:
- JTC 1/SC 37/WG 1 Harmonized biometric vocabulary
- JTC 1/SC 37/WG 2 Biometric technical interfaces
- JTC 1/SC 37/WG 3 Biometric data interchange formats
- JTC 1/SC 37/WG 4 Biometric functional architecture and related profiles
- JTC 1/SC 37/WG 5 Biometric testing and reporting
- JTC 1/SC 37/WG 6 Cross-Jurisdictional and Societal Aspects of Biometrics
As at January 2010, there are 39 ISO standards published under the direct responsibility of JTC 1/SC 37.
Download an overview including abstracts.
Biometric Technical Interface Standards:
ISO/IEC 19784-1:2006 Information technology -- Biometric application programming interface -- Part 1: BioAPI specification
ISO/IEC 19784-2:2007 Information technology -- Biometric application programming interface -- Part 2: Biometric archive function provider interface
ISO/IEC 19785-1:2006 Information technology -- Common Biometric Exchange Formats Framework -- Part 1: Data element specification
ISO/IEC 19785-2:2006 Information technology -- Common Biometric Exchange Formats Framework -- Part 2: Procedures for the operation of the Biometric Registration Authority
ISO/IEC 19785-3:2007 Information technology -- Common Biometric Exchange Formats Framework -- Part 3: Patron Format Specifications
Biometric Data Interchange Format Standards:
ISO/IEC 19794-1:2006 Information technology -- Biometric data interchange formats -- Part 1: Framework
ISO/IEC 19794-2:2005 Information technology -- Biometric data interchange formats -- Part 2: Finger minutiae data
ISO/IEC 19794-3:2006 Information technology -- Biometric data interchange formats -- Part 3: Finger pattern spectral data
ISO/IEC 19794-4:2005 Information technology -- Biometric data interchange formats -- Part 4: Finger image data
ISO/IEC 19794-5:2005 Information technology -- Biometric data interchange formats -- Part 5: Face image data
ISO/IEC 19794-6:2005 Information technology -- Biometric data interchange formats -- Part 6: Iris image data
ISO/IEC 19794-7:2007 Information technology -- Biometric data interchange formats -- Part 7: Signature/sign time series data
ISO/IEC 19794-8:2006 Information technology -- Biometric data interchange formats -- Part 8: Finger pattern skeletal data
ISO/IEC 19794-9:2007 Information technology -- Biometric data interchange formats -- Part 9: Vascular image data
ISO/IEC 19794-10:2007 Information technology -- Biometric data interchange formats -- Part 10: Hand geometry silhouette data
Biometric Performance Testing and Reporting Standards:
ISO/IEC 19795-1:2006 Information technology -- Biometric performance testing and reporting -- Part 1: Principles and framework
ISO/IEC 19795-2:2007 Information technology -- Biometric performance testing and reporting -- Part 2: Testing methodologies for technology and scenario evaluation
ISO/IEC TR 19795-3:2007 Information technology -- Biometric performance testing and reporting -- Part 3: Modality-specific testing
ISO/IEC 19795-4:2008 Information technology -- Biometric performance testing and reporting -- Part 4: Interoperability performance testing
53ISO/IEC 24708:2008 Information technology -- Biometrics -- BioAPI Interworking
Conformance Testing Methodology Standards:
ISO/IEC 24709-1:2007 Information technology -- Conformance testing for the biometric application programming interface (BioAPI) -- Part 1: Methods and procedures
ISO/IEC 24709-2:2007 Information technology -- Conformance testing for the biometric application programming interface (BioAPI) -- Part 2: Test assertions for biometric service providers
Interoperability and Data Interchange:
ISO/IEC 24713-1:2008 Information technology -- Biometric profiles for interoperability and data interchange -- Part 1: Overview of biometric systems and biometric profiles
ISO/IEC 24713-2:2008 Information technology -- Biometric profiles for interoperability and data interchange -- Part 2: Physical access control for employees at airports
ISO/IEC 24713-3:2009 Information technology -- Biometric profiles for interoperability and data interchange -- Part 3: Biometrics-based verification and identification of seafarers
ISO/IEC TR 24714-1:2008 Information technology -- Biometrics -- Jurisdictional and societal considerations for commercial applications -- Part 1: General guidance
ISO/IEC TR 24722:2007 Information technology -- Biometrics-- Multimodal and other multibiometric fusion
ISO/IEC TR 24741:2007 Information technology -- Biometrics tutorial
ISO/IEC 29109-1:2009 Information technology -- Conformance testing methodology for biometric data interchange formats defined in ISO/IEC 19794 -- Part 1: Generalized conformance testing methodology
ISO/IEC 29141:2009 Information technology -- Biometrics -- Tenprint capture using biometric application programming interface (BioAPI)
ISO/IEC 29794-1:2009 Information technology -- Biometric sample quality -- Part 1: Framework
Access the SC 37 Work Programme.
Access schedule of SC37 Meetings.
ISO/IEC JTC 1 SC 27 on IT Security
Chair: Dr. Walter Fumy (Germany)
International Standards under direct responsiblity of SC27
As at January 2010, 91 standards have been published. Access standards here.
Working Groups within SC27
JTC 1/SC 27/WG 1 Requirements, security services and guidelines
JTC 1/SC 27/WG 2 Security techniques and mechanisms
JTC 1/SC 27/WG 3 Security evaluation criteria
JTC 1/SC 27/WG 4 Security controls and services
JTC 1/SC 27/WG 5 Identity management and privacy technologies
Access schedule of SC27 Meetings.
_______________________________________________________________________
ISO/IEC JTC 1 SC 17 on Cards and personal Identification
Mr. Richard A. Mabbott (United Kingdom)
International Standards under direct responsiblity of SC17
As at January 2010, 85 standards have been published. Access standards here.
Working Groups within SC17
JTC 1/SC 17/WG 1 Physical characteristics and test methods for ID-cards
JTC 1/SC 17/WG 3 Identification cards - Machine readable travel documents
JTC 1/SC 17/WG 4 Integrated circuit card with contacts
JTC 1/SC 17/WG 5 Registration Management Group (RMG)
JTC 1/SC 17/WG 8 Integrated circuit cards without contacts
JTC 1/SC 17/WG 9 Optical memory cards and devices
JTC 1/SC 17/WG 10 Motor vehicle driver licence and related documents
JTC 1/SC 17/WG 11 Application of biometrics to cards and personal identification
Contact the Biometrics Institute to find out dates for the meetings of these groups.
_______________________________________________________________________
ISO 19092:2008, Financial services – Biometrics – Security Framework
ISO 19092:2008 describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application. ISO 19092:2008 also describes the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations suitable for use by a professional practitioner.
The following are within the scope of ISO 19092:2008:
usage of biometrics for the authentication of employees and persons seeking financial services by:
verification of a claimed identity;
identification of an individual;
validation of credentials presented at enrolment to support authentication as required by risk management;
management of biometric information across its life cycle comprised of the enrolment, transmission and storage, verification, identification and termination processes;
security of biometric information during its life cycle, encompassing data integrity, origin authentication and confidentiality;
application of biometrics for logical and physical access control;
surveillance to protect the financial institution and its customers;
security of the physical hardware used throughout the biometric information life cycle.
ISO 19092:2008 provides the mandatory means whereby biometric information may be encrypted for data confidentiality or other reasons.
Contact: Mark Lundin, Chair of the ISO subcommittee who developed the standard (subcommittee SC 2, Security management and general banking operations from ISO technical committee ISO/TC 68, Financial services).
_______________________________________________________________________
International Civil Aviation Organisation (ICAO)
ICAO Publications (including free publications)
Last updated: 24 January 2010