ISO/IEC 19785-2:2006
(Main)Information technology — Common Biometric Exchange Formats Framework — Part 2: Procedures for the operation of the Biometric Registration Authority
Information technology — Common Biometric Exchange Formats Framework — Part 2: Procedures for the operation of the Biometric Registration Authority
ISO/IEC 19785-2:2006 specifies the requirements for the operation of the Biometric Registration Authority within the Common Biometric Exchange Formats Framework (CBEFF). The Registration Authority is responsible for assigning and publishing, via its website, unique biometric organization identifier values to organizations that own or are otherwise responsible for standardized or proprietary format specifications for biometric data blocks, biometric information record security blocks and/or CBEFF patron formats, and to organizations that intend to assign biometric product identifier values to their products.
Technologies de l'information — Cadre de formats d'échange biométriques communs — Partie 2: Procédures pour le fonctionnement de l'autorité d'enregistrement biométrique
General Information
Relations
Standards Content (Sample)
INTERNATIONAL ISO/IEC
STANDARD 19785-2
First edition
2006-04-15
Information technology — Common
Biometric Exchange Formats
Framework —
Part 2:
Procedures for the operation of the
Biometric Registration Authority
Technologies de l'information — Cadre de formats d'échange
biométriques communs —
Partie 2: Procédures pour le fonctionnement de l'autorité
d'enregistrement biométrique
Reference number
ISO/IEC 19785-2:2006(E)
©
ISO/IEC 2006
---------------------- Page: 1 ----------------------
ISO/IEC 19785-2:2006(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.
© ISO/IEC 2006
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2006 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 19785-2:2006(E)
Contents Page
Foreword .iv
Introduction.v
1 Scope.1
2 Normative references.1
3 Terms and definitions .1
3.1 Terms defined in ISO/IEC 19785-1 .1
3.2 Other terms and definitions .2
4 Symbols and abbreviated terms .2
5 General .2
6 Appointment of the registration authority .5
7 Fees.5
8 Registration procedures for CBEFF biometric organizations and CBEFF patrons .5
8.1 General .5
8.2 Application for registration as a CBEFF biometric organization or as a CBEFF patron .5
8.3 Review of applications.6
8.3.1 Procedure.6
8.3.2 Response time .6
8.4 Confirmation process .6
8.5 Objection process for CBEFF patron registrations .6
9 Registration procedures for BIR formats, BDB formats, SB formats and biometric
products .7
9.1 General .7
9.2 Application for registration of a BIR format, BDB format, SB format, or biometric product .7
9.3 Review of applications.7
9.3.1 Procedure.7
9.3.2 Response time .7
9.4 Confirmation process .8
9.5 Objection process .8
10 Content of applications.8
10.1 General .8
10.2 Application for registration as a biometric organization or as a CBEFF patron .8
10.3 Application for registration of a BIR format, BDB format, SB format, or biometric product .8
11 Maintenance of a web-based register .9
Annex A (normative) Registration authority .10
Annex B (informative) Sample registration tables.11
© ISO/IEC 2006 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 19785-2:2006(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 19785-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 37, Biometrics.
ISO/IEC 19785 consists of the following parts, under the general title Information technology — Common
Biometric Exchange Formats Framework:
⎯ Part 1: Data element specification
⎯ Part 2: Procedures for the operation of the Biometric Registration Authority
The following part is under preparation:
⎯ Part 3: Patron Format Specifications
iv © ISO/IEC 2006 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 19785-2:2006(E)
Introduction
Biometric-based authentication systems and applications are expected to support multiple biometric devices
and multiple biometric data formats. The Common Biometric Exchange Formats Framework (CBEFF)
promotes interoperability of biometric-based application programs and systems developed by different
vendors by facilitating biometric data interchange. This part of ISO/IEC 19785 supports such exchanges by
providing unambiguous identification of biometric organizations, formats and products.
This part of ISO/IEC 19785 specifies procedures for a Registration Authority that is responsible for the
assignment of ASN.1 object identifier components to identify biometric organizations, CBEFF patrons,
biometric information record formats, biometric data block formats, security block formats, and biometric
products, to provide globally unambiguous identification in the context of the CBEFF ASN.1 object identifier.
The registration process is universal, assigns unique and unambiguous identifiers, and avoids changes in
identifiers over time.
The publication of the registers promotes compatibility in interchange of biometric data and improves
interoperability of biometric systems. Registration provides an identifier, but registration should not be
regarded as a standardization procedure. Nevertheless, as a matter apart from registration, the registered
object may, but need not, be the subject of an international, national, or other standard.
The same registry can be used to register the identification of products which produce or process biometric
data – whether the biometric organization owning the product is the same as or different from the biometric
organization which defined the format of that data.
© ISO/IEC 2006 – All rights reserved v
---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO/IEC 19785-2:2006(E)
Information technology — Common Biometric Exchange
Formats Framework —
Part 2:
Procedures for the operation of the Biometric Registration
Authority
1 Scope
This part of ISO/IEC 19785 specifies the procedures to be followed by the Biometric Registration Authority in
preparing, maintaining, and publishing registers of identifiers for biometric organizations, CBEFF patron
formats, BDB formats, security block formats, and biometric products.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 8824-1, Information technology — Abstract Syntax Notation One (ASN.1): Specification of basic
notation
ISO/IEC 9834-1, Information technology — Open Systems Interconnection — Procedures for the operation of
OSI Registration Authorities: General procedures and top arcs of the ASN.1 Object Identifier tree
ISO/IEC 19784-1, Information technology — Biometric application programming interface — Part 1: BioAPI
specification
ISO/IEC 19785-1, Information technology — Common Biometric Exchange Formats Framework — Part 1:
Data element specification
ISO/IEC 19794 (all parts), Information technology — Biometric data interchange formats
3 Terms and definitions
3.1 Terms defined in ISO/IEC 19785-1
For the purposes of this document, the following terms defined in ISO/IEC 19785-1 apply:
BDB format; BDB format identifier; biometric; biometrics; biometric data block (BDB); biometric information
record (BIR); biometric product; biometric product identifier; biometric product owner; biometric sample;
CBEFF biometric organization identifier; CBEFF patron; CBEFF patron format; CBEFF patron format
identifier; CBEFF patron identifier; security block; security block format; security block format identifier.
© ISO/IEC 2006 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO/IEC 19785-2:2006(E)
3.2 Other terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.2.1
applicant
organization requesting registration as a CBEFF biometric organization, or registered CBEFF biometric
organization requesting registration of a CBEFF patron format, BDB format, SB format or biometric product
3.2.2
register
record of assigned identifiers for CBEFF biometric organizations, CBEFF patron formats, BDB formats, SB
formats, or biometric products
3.2.3
registrar
person or organization appointed by a Registration Authority, responsible for preparing and maintaining the
register(s)
3.2.4
registration authority
organization nominated and appointed by the ISO/IEC Council to prepare and maintain registers
3.2.5
relevant ISO/IEC subcommittee
ISO/IEC subcommittee responsible for the maintenance of this part of ISO/IEC 19785
NOTE The relevant subcommittee is currently ISO/IEC JTC 1/SC 37.
4 Symbols and abbreviated terms
ASN.1 Abstract Syntax Notation One (see ISO/IEC 8824-1)
BDB biometric data block
BIR biometric information record
CBEFF common biometric exchange formats framework (see ISO/IEC 19785-1)
RA registration authority
SB security block
5 General
5.1 This part of ISO/IEC 19785 defines procedures for registration by which ASN.1 object identifier
components are assigned to
a) organizations concerned with the specification of biometric formats or with biometric products that either
directly, or through the data that they produce, claim conformance to or can be used in conjunction with
ISO/IEC 19785, ISO/IEC 19784, or one of the parts of ISO/IEC 19794;
b) BIR formats specified by a CBEFF patron;
c) BDB formats specified by a registered biometric organization;
d) SB formats specified by a registered biometric organization; and
e) biometric products supported by a registered biometric organization.
2 © ISO/IEC 2006 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/IEC 19785-2:2006(E)
NOTE International Standards do not require the registration of BIR formats, BDB formats, SB formats, or biometric
products, but registration is possible if a CBEFF patron or biometric organization considers that registration would be
beneficial.
5.2 ASN.1 object identifiers are a form of worldwide unambiguous identification based on a hierarchical tree
structure, and independent hierarchical registration authorities (see ISO/IEC 9834-1 and ISO/IEC 8824-1).
The ASN.1 object identifier tree has a root arc, arcs beneath that root arc, arcs beneath each of those arcs,
and so on, to any depth. Arcs are identified by positive integer values (zero upwards) that provide
unambiguous identification of an arc within the superior arc. Arcs can also be given names (all in lower case,
letters and hyphens only), but these are subsidiary to the numerical values and are not required. An object is
identified by the sequence of arc values (numerical, or for early arcs, arc names) from the root to the object.
5.3 It is possible in representations of an object identifier to imply (by the context of that representation)
identification of part of the path from the root to a node in the object identifier tree. In the extreme case, only a
single object identifier component from that implied node need be represented.
This is the approach taken by ISO/IEC 19785-1 and by ISO/IEC 19784-1. These use a sixteen-bit field to
provide the identification of an object identifier arc beneath an arc that is implied by the context. In other
contexts, the full object identifier value should be given.
5.4 Components of ASN.1 object identifiers are positive integers (including zero) of unlimited magnitude.
However, there are standards, for example ISO/IEC 19784-1, using the components allocated by this RA that
use a simple 16-bit positive integer encoding for such components. The RA is therefore required to allocate
values for arcs that can be represented as a 16-bit positive integer, and to alert the relevant ISO/IEC
subcommittee before making allocations with any of the top three bits set to one.
NOTE It is expected that allocations will normally start at zero and proceed incrementally upwards except under
exceptional requirements.
5.5 Successful registration as a biometric organization provides that biometric organization with a CBEFF
biometric organization identifier. This is a sixteen-bit binary value (that can be interpreted as a positive integer)
for an ASN.1 object identifier arc under
{iso registration-authority cbeff(19785) organizations(0)}
The allocated object identifier value is worldwide unambiguous, but the CBEFF biometric organization
identifier can also be used alone in contexts where the preceding arcs are implied. Arcs identified by CBEFF
biometric organization identifiers do not have arc names.
The syntax of the notation used in this subclause and subsequent subclauses for the value of ASN.1 Object
Identifiers is specified in ISO/IEC 8824-1 and the semantics is specified in ISO/IEC 9834-1 and the standards
it references.
5.6 A biometric organization that is recognized by the RA as the producer of open standards (standards
that are subject to vetting procedures that ensure that they are technically correct and accurate and have
wide-spread approval) will be recorded as having open standardization privileges, and is then called a CBEFF
patron, and its CBEFF biometric organization identifier is called a CBEFF patron identifier. Any registered
biometric organization can register BDB formats (see 5.8), SB formats (see 5.9), and biometric products
(see 5.10), but only a CBEFF patron can register a BIR format - a CBEFF patron format (see 5.7).
© ISO/IEC 2006 – All rights reserved 3
---------------------- Page: 8 ----------------------
ISO/IEC 19785-2:2006(E)
5.7 Successful registration of a BIR format by a CBEFF patron records that the BIR format is identified by
an arc with a sixteen-bit BIR format identifier (provided by the CBEFF patron) and also called a CBEFF patron
format identifier, under the arc
{iso registration-authority cbeff(19785) organizations(0) birs(1)}
and enables publication of a reference to the specification of that BIR format (CBEFF patron format).
The is the sixteen-bit CBEFF patron identifier of the definer of the CBEFF patron format.
The allocated object identifier value is worldwide unambiguous, but the BIR format identifier can also be used
alone in contexts where the preceding arcs are implied. Arcs identified by CBEFF patron format identifiers do
not have arc names.
5.8 Successful registration of a BDB format by a biometric organization records that the BDB format is
identified by an arc with a sixteen-bit BDB format identifier (provided by the CBEFF biometric organization)
under the arc
{iso registration-authority cbeff(19785) organizations(0) bdbs(0)}
and enables publication of a reference to the specification of that BDB format. The is the
sixteen-bit CBEFF biometric organization identifier of the definer of the BDB format. The allocated object
identifier value is worldwide unambiguous, but the BDB format value can also be used alone in contexts
where the preceding arcs are implied. Arcs identified by CBEFF BDB format identifiers do not have arc names.
5.9 Successful registration of an SB format by a biometric organization records that that SB format is
identified by an arc with a sixteen-bit SB format identifier (provided by the CBEFF biometric organization)
under the arc
{iso registration-authority cbeff(19785) organizations(0) sb-formats(3)}
and enables publication of a reference to the specification of that SB format. The is the
sixteen-bit CBEFF biometric organization identifier of the definer of the SB format. The allocated object
identifier value is worldwide unambiguous, but the SB format value can also be used alone in contexts where
the preceding arcs are implied. Arcs identified by CBEFF SB format identifiers do not have arc names.
5.10 Successful registration of a biometric product by a CBEFF biometric organization records that the
biometric product is identified by an arc with a CBEFF biometric product identifier allocated by the Registration
Authority. This is a sixteen-bit binary value (that can be interpreted as a positive integer) for an ASN.1 object
identifier arc under
{iso registration-authority cbeff(19785) organizations(0) products(2)}
The is the sixteen-bit CBEFF biometric organization identifier of the owner of the biometric
product. The allocated object identifier value is worldwide unambiguous, but the biometric product identifier
can also be used alone in contexts where the preceding arcs are implied. Arcs identified by biometric product
identifiers do not have arc names.
5.11 All the above 16 bit identifiers are notified to applicants, and recorded in the registers as four
hexadecimal digits. These four hexadecimal digits can also be considered as a positive integer value, and the
use of the hexadecimal format does not carry any implications of the representation of this value in machine-
readable or other material.
5.12 The Registration Authority shall not assign the value zero (X'00 00') to any biometric organization.
5.13 The Registration Authority may at any time submit to the next meeting of the relevant ISO/IEC
subcommittee a request for amendment of this part of ISO/IEC 19785.
4 © ISO/IEC 2006 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC 19785-2:2006(E)
5.14 The Registration Authority shall not be liable for any failure to operate under these procedures, or for
any actions in relation to its duties defined in this part of ISO/IEC 19785, except that it may be discharged of
its duties by the relevant ISO/IEC subcommittee, without penalty, should it fail to satisfactorily operate these
procedures.
NOTE Should the relevant ISO/IEC subcommittee determine that the Registration Authority be discharged of its
duties, for this or for any other reason, it is expected that information held by the RA in its registers will be made available
to the relevant ISO/IEC subcommittee for use by any other organization that may be subsequently appointed as the
Biometric Registration Authority.
6 Appointment of the registration authority
It is within the mandate of ISO/IEC to organize registration as specified in this part of ISO/IEC 19785. In order
to do this, ISO/IEC appoints, according to their internal requirements and rules, an organization to act as the
RA for this part of ISO/IEC 19785. Annex A specifies the Biometric Registration Authority, and the means of
contacting it, that has been appointed to operate the procedures of this part of ISO/IEC 19785.
7 Fees
7.1 The organization performing the role of this RA shall do so on a cost recovery basis. The fee structure
shall be designed to recover the expenses of operating the RA, to cover Web publication of registrations, to
support inquiry requests, and to discourage frivolous and multiple requests.
7.2 Fees can apply to
a) initial registration;
b) inquiry request;
c) request for update (see 11.4 and 11.6).
7.3 Fees shall be independent of the country from which the application is made.
7.4 In no case shall fees or financial contributions be required from the ISO Secretariat, IEC Central Office,
their national bodies, or their technical committees or subcommittees.
7.5 Once the fee associated with making an initial register entry has been made, there shall be no further
charges for the maintenance of that entry or its publication on a web-site.
8 Registration procedures for CBEFF biometric organizations and CBEFF patrons
8.1 General
This subclause specifies the procedures to be followed in the registration of CBEFF biometric organizations
and CBEFF patrons. The procedures are designed to assure openness and due process in the registration
process, with review if necessary by the relevant ISO/IEC subcommittee.
8.2 Application for registration as a CBEFF biometric organization or as a CBEFF patron
8.2.1 An organization submits an application for registration as a CBEFF biometric organization or as a
CBEFF patron directly to the RA. The content of the application is specified in subclause 10.2.
8.2.2 Any bona-fide organization concerned with the specification of biometric formats or the production or
use of biometric products can apply for registration as a CBEFF biometric organization.
NOTE It is intended that the class of those eligible to apply for registration as a “biometric organization” should be as
wide and loose as is manageably possible.
© ISO/IEC 2006 – All rights reserved 5
---------------------- Page: 10 ----------------------
ISO/IEC 19785-2:2006(E)
8.2.3 There shall be no filter on such applications other than to establish that the organization is a bona-fide
organization (preferably, but not necessarily, with some registered status within some country). The sole
purpose of this filter is to exclude frivolous and hacker applicants. If an application is made, and the RA cannot
easily determine that it is from a bona-fide organization, registration will be either rejected subject to appeal, or
else referred to the relevant ISO/IEC subcommittee for a decision.
8.2.4 The organization may also claim in its registration application that it is the producer of open standards
(standards that are subject to vetting procedures that ensure that they are technically accurate and have wide-
spread approval). If this claim is accepted, the applicant is assigned a “biometric organization identifier” from
the same namespace, but with the “BIR format definition” privilege. Such an organization can, if it wishes,
promote itself as a “CBEFF patron”, and the BIR formats that it defines (and may register) are called CBEFF
patron formats. It may (and is likely to) develop open specifications of CBEFF patron formats (BIR formats),
BDB formats, and/or security block formats, within its own standardisation procedures. It may (but is unlikely
to) assign biometric product identifiers.
8.2.5 Upon successful completion of the registration procedures, a 2-byte CBEFF biometric organization
identifier is assigned, registered, published, and notified to the applicant.
NOTE Sample listings of CBEFF biometric organization registration data are provided in Annex B.
8.3 Review of applications
8.3.1 Procedure
8.3.1.1 In order for an application to be processed, it shall contain sufficient information (see 10.2) to
enable the applicant to be identified as a bona-fide organization that is active in the biometric field, and that
has good reason to require a CBEFF biometric organization registration.
NOTE Evidence of this will often include a registered company identifier or equivalent in some country, together with
a statement of activity in the area of biometrics.
8.3.1.2 If the application does not contain the information specified in 10.2, the application shall be
rejected and the applicant notified, citing this subclause and the specific missing information as the reason for
rejection.
8.3.1.3 If the RA determines that the application is appropriate, then it is put into the confirmation process
specified in 8.4.
8.3.1.4 If the RA determines that the application may not be appropriate, then it shall be referred to the
relevant ISO/IEC subcommittee for a decision at its next scheduled meeting, and the applicant shall be so
informed.
8.3.2 Response time
The review of an application under the procedures specified in 8.3.1 shall normally be completed within
10 working days of the receipt of the application.
8.4 Confirmation process
Details of the successful application shall be recorded (with the CBEFF biometric organization identifier that
was allocated) on a website maintained by the RA, and the applicant shall be informed of the network
identification of this site. Adequate back-up procedures shall be used to ensure that register data is not lost.
8.5 Objection process for CBEFF patron registrations
Following publication by the RA of a registered CBEFF patron identifier, any ISO/IEC National Body may
submit to the relevant ISO/IEC subcommittee, within twelve months, a statement that it considers the
registration to be inappropriate. Should the relevant ISO/IEC subcommittee resolve that the objection be
6 © ISO/IEC 2006 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/IEC 19785-2:2006(E)
upheld, all details of the registration shall be rem
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.