ISO/IEC FDIS 17839-3

ISO/IEC DISFDIS 17839-3:2025(en)
ISO/IEC JTC1JTC 1/SC 17
Secretariat: BSI
Date: 2025-11-252026-01-13
Information technology — Biometric System-on-Card — —
Part 3:
Logical information interchange mechanism
Technologies de l'information — Système biométrique sur carte —
Partie 3: Mécanisme d'échange de l'information logique
FDIS stage
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
EmailE-mail: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2026 – All rights reserved
ii
Contents
Foreword . iv
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 3
5 Conformance . 3
6 Logical data structures . 3
6.1 BSoC capability . 3
6.2 Identifying the biometric reference in a BSoC . 3
6.3 Configuration data . 4
6.4 Enrolment procedures . 4
6.5 Initiation of biometric verification . 5
7 Discovery of services . 5
8 Operational sequence . 5
9 Feedback to user from IFD . 6
9.1 General . 6
9.2 Feedback messaging mechanism . 7
9.3 IFD's behaviour based on output from BSoC. 9
9.4 Time management in BSoC . 15
Annex A (informative) Sample command for verification on BSoC . 19
Annex B (informative) Commands for different biometric-related implementations . 20
Annex C (informative) Examples of self-initiated BSoC activation . 22
Annex D (informative) Examples of command feedback message retrieving . 23
Annex E (informative) State transitions for BSoC time management . 28
Annex F (informative) Examples of autonomous enrolment . 31
Bibliography . 32

© ISO/IEC 2026 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members
of ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of
document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC
Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the use of
(a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any claimed
patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not received
notice of (a) patent(s) which may be required to implement this document. However, implementers are
cautioned that this may not represent the latest information, which may be obtained from the patent database
available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held responsible for
identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 17, Cards and security devices for personal identification.
This second edition cancels and replaces the first edition (ISO/IEC 17839-3:2016), which has been technically
revised.
The main changes are as follows:
— — aligned with ISO/IEC 24787-1:2024;
— — improved terms and definitions;
— — restructured feedback messaging;
— — corrected feedback message format and examples;
— — updated all figures;
— — updated Annex AAnnex A and Annex CAnnex C;;
— — introduced autonomous enrolment in Annex FAnnex F.
A list of all parts in the ISO/IEC 17839 series can be found on the ISO and IEC websites.
© ISO/IEC 2026 – All rights reserved
iv
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html and www.iec.ch/national-
committees.
© ISO/IEC 2026 – All rights reserved
v
Introduction
A Biometric System-on-Card (BSoC) is a portable card-sized device including the following entities: biometric
capture, image/signal processing, storage, comparison, decision and action. The use of a BSoC with such
specifications is subject to an information flow and security mechanisms, which are detailed in this document.
ISO/IEC 17839-1 describes two types of BSoC. Type ID-1 is a fully flexible card compliantconformant with
ISO/IEC 7810. Type ID-T deviates from some of the requirements of size and flexibility, while keeping the rest
of the requirements intact, including the use of a contactless ICC interface. The logical interface and security
mechanisms are independent on whether the BSoC is of type ID-1 or type ID-T, so the specifications stated in
this document are applicable to both types of BSoC.
The ISO/IEC 17839 series is organized into three separate documents:
— — ISO/IEC 17839-1, Biometric System-on-Card — Core requirements
— — ISO/IEC 17839-2, Biometric System-on-Card — Physical characteristics
— — ISO/IEC 17839-3 (this document),, Biometric System-on-Card — Logical information interchange
mechanism (this document)
© ISO/IEC 2026 – All rights reserved
vi
Information technology — Biometric System-on-Card — —
Part 3:
Logical information interchange mechanism
1 Scope
This document specifies:
— — logical data structures for a BSoC;
— — enrolment procedures; and
— — usage of commands and data structures defined in other ISO standardsInternational Standards for
BSoC.
This document does not define requirements for:
— — commands and data structures that apply to devices external to a BSoC;
— — commands and data structures that apply to logical interfaces inside a BSoC.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 2382--37, Information technology — Vocabulary — Part 37: Biometrics
ISO/IEC 7816--4, Identification cards — Integrated circuit cards — Part 4: Organization, security and
commands for interchange
ISO/IEC 7816--11, Identification cards — Integrated circuit cards — Part 11: Personal verification through
biometric methods
ISO/IEC 18328--3, Identification cards — ICC-managed devices — Part 3: Organization, security and commands
for interchange
ISO/IEC 24787--1, Information technology — On-card biometric comparison — Part 1: General principles and
specifications
ISO/IEC 17839-1, Information technology — Biometric System-on-Card — Part 1: Core requirements
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 2382-37 and the following
apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— — ISO Online browsing platform: available at https://www.iso.org/obp
© ISO/IEC 2026 – All rights reserved
— — IEC Electropedia: available at https://www.electropedia.org/
3.1 3.1
Biometric System-on-Card
card-sized device including biometric capture, data processing, comparison, decision and action, used to
compose a complete biometric verification system
[SOURCE: ISO/IEC 17839-1:2024, 3.1]
3.2 3.2
feedback messaging mechanism
mechanism of informing devices outside of a Biometric System-on-Card (3.1BSoC (3.1)) of detailed error,
warning or progress message complementing the status bytes by using card-originated byte strings defined
in ISO/IEC 7816-4
3.3 3.3
on-card biometric comparison
comparison and decision making on the integrated circuit card (ICC) where the biometric reference is retained
on-card in order to enhance security and privacy
[SOURCE: ISO/IEC 24787-1:2024, 3.12]
3.4 3.4
decision
process that compares a similarity score to a predefined threshold to decide whether the biometric claim is
from the genuine cardholder or an imposter
[SOURCE: ISO/IEC 24787-1:2024, 3.9]
3.5 3.5
action
operation taken according to the results of the biometric decision (3.4(3.4))
[SOURCE: ISO/IEC 24787-1:2024, 3.4]1, modified — Example and Note 1 to entry removed.]
3.6 3.6
biometric comparison
algorithmic process to assess the similarity of characteristic features extracted from a current biometric
sample with biometric reference data stored in the card, typically resulting in a score
Note 1 to entry: This definition replaces the definition of comparison in ISO/IEC 2382-37.
3.7 3.8
biometric verification
process of confirming a biometric claim through biometric comparison
[SOURCE: ISO/IEC 24787-1:2024, 3.98, modified — Note 1 to entry removed, specified "biometric"
comparison.]
3.8 3.9
storage-on-card
system architecture where biometric reference data is stored in an ICC and compared outside of the ICC used
as a portable data carrier
[SOURCE: ISO/IEC 17839-1:2025, 3.2]
© ISO/IEC 2026 – All rights reserved
4 Abbreviated terms
ACBio Authentication Context for Biometrics (see ISO/IEC 24761)
APDU application protocol data unit
AT control reference template for authentication
ATR answer-to-reset
BER basic encoding rules
BSoC Biometric System-on-Card
CRT control reference template
DF dedicated file
DO BER-TLV data object
DVCP device control parameter
FCI file control information
ICC integrated circuit card
IFD interface device
PBO PERFORM BIOMETRIC OPERATIONPERFORM BIOMETRIC OPERATION
PCD proximity coupling device
SW1-SW2 status bytes
SW1 first status byte
SW2 second status byte
TLV tag, length, value
5 Conformance
A BSoC claiming conformance with this document shall conform to all mandatory requirements specified
herein as applicable.
6 Logical data structures
6.1 BSoC capability
BSoC capability should be expressed with a biometric information template DO‘7F60’ specified in ISO/IEC
24787-1.
6.2 Identifying the biometric reference in a BSoC
An application in a BSoC can know which biometric reference is used in the following ways:
— — implicitly;
— — commands for a biometric comparison, for example, reference data qualifier in P2 of VERIFY or PBO
command;
— — AT (control reference template valid for authentication) in a security environment (see ISO/IEC 7816-
4);
© ISO/IEC 2026 – All rights reserved
— — AT in FCI for DF (dedicated file) (see ISO/IEC 7816-4).
6.3 Configuration data
A BSoC may use configuration data for BSoC comparison and decision. Each application may provide its own
configuration data for a biometric reference, as defined in ISO/IEC 24787-1. See ISO/IEC 7816-4 and ISO/IEC
7816-11 for generic handling of CRTs and biometric information template.
Regardless of individual configuration data, a BSoC shall implement a retry counter as defined in ISO/IEC
24787-1.
6.4 Enrolment procedures
6.4.1 Internal enrolment
Internal enrolment uses an on-card sensor for capturing biometric data (image or signal). Internal enrolment
processes the captured biometric data and extracts its features. Internal enrolment shall be executed by using
the PBO CAPTURE AND STORE BIOMETRIC REFERENCE or PBO CAPTURE AND UPDATE BIOMETRIC
REFERENCE command (see ISO/IEC 7816-11).
The enrolment may use a single or multiple presentation of the biometric characteristic by the cardholder.
The policy for single or multiple presentation is defined internally by the algorithm and application in the
BSoC and not by command parameters.
The enrolment in a BSoC shall implement a feedback mechanism as specified in Clause 9Clause 9,, which
includes status bytes (SW1-SW2) for the cases specified in Table 1Table 1.
Table 1 — Status bytes related to the enrolment of a BSoC
Case SW1-SW2 Meaning
Normal
‘90 00’ Enrolment successful
processing
State of non-volatile memory is unchanged
‘62 XX’
XX = ‘02’ to ‘80’: length of the provided feedback data object containing reason
Warning
for warning (see Clause 9Clause 9))
processing
‘63 XX’ State of non-volatile memory may have changed
State of non-volatile memory is unchanged
Execution
‘64 XX’
XX = ‘02’ to ‘80’: length of the provided feedback data object containing reason
error
for error (see Clause 9Clause 9))
6.4.2 External enrolment
The application policy may decide to import reference data generated with an off-card sensor and applying
different algorithm and parameters. This is called “external enrolment” in the context of BSoC.
External enrolment shall comply with the security policies defined in ISO/IEC 24787-1 for on-card biometric
comparison (sensor off-card).
NOTE External enrolment in a BSoC is equivalent to the enrolment in an on-card biometric comparison (sensor off-
card).
© ISO/IEC 2026 – All rights reserved
6.4.3 Autonomous enrolment
Autonomous internal enrolment means that the BSoC executes the enrolment process without being triggered
by a command received from an IFD. The BSoC will automatically start the enrolment when required
conditions are met. Examples are described in Annex FAnnex F.
6.5 Initiation of biometric verification
6.5.1 IFD initiated verification
The biometric comparison of a BSoC initiated by the IFD shall start with a VERIFY (see Annex A)) or PBO
command specified in ISO/IEC 7816-4 and ISO/IEC 7816-11. The result of BSoC verification shall be discarded
when power supply or communication with the IFD is lost.
6.5.2 Self-initiated verification
Self-initiated verification performs an entire biometric verification process on a stand-alone BSoC without
exchanging command-response with IFD. Self-initiated verification may be initiated by an on-card device with
triggering capability (e.g. a mechanical switch) or by automatic detection of the presented biometric
characteristic.
Self-initiated verification assumes that the BSoC has power available regardless internally or externally. The
specification of the power supply for self-initiated verification is out of scope of this document.
The result of the comparison of self-initiated verification may be stored for usage in further processing in an
IFD-controlled communication, i.e. by an application on the BSoC. The result of BSoC verification shall be
discarded when power supply is lost. Otherwise, the BSoC should discard the result of the comparison after a
predefined duration.
For execution of self-initiated verification, a predefined internal process flow is assumed. The mechanisms
and definitions of a predefined internal process are outside of the scope of this document.
The example of procedures for activation of self-initiated verification is provided in Annex CAnnex C.
7 Discovery of services
A BSoC may reveal its capability regarding biometric verification.
A general feature management template DO‘7F74’ either in EF.ATR/INFO or in the FCI of any application DF,
or both may indicate existing on-card features, e.g. a biometric input sensor. A DO‘81’ under the DO‘7F74’
indicates such on-card features as an identifier for on-card services defined in ISO/IEC 7816-4.
When a BSoC provides a DVCP (device control parameter) for such on-card feature, a DVCP DO‘62’ shall
include a device descriptor DO‘82’ defined in ISO/IEC 18
...