ISO/IEC 24761:2009

INTERNATIONAL ISO/IEC
STANDARD 24761
First edition
2009-05-15
Information technology — Security
techniques — Authentication context
for biometrics
Technologies de l'information — Techniques de sécurité — Contexte
d'authentification biometrique

Reference number
©
ISO/IEC 2009
.
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO/IEC 2009
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2009 – All rights reserved

Contents Page
Foreword. iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions. 1
4 Abbreviated terms . 5
5 Model and framework of ACBio . 6
5.1 Biometric enrolment and verification process model and Biometric Processing Unit (BPU). 6
5.2 Framework for use of ACBio . 8
5.2.1 Preparation for use of ACBio . 8
5.2.2 Biometric verification and ACBio. 10
5.2.3 Validation of biometric verification process using ACBio . 11
6 ACBio instance . 11
6.1 BPU information block . 15
6.2 Biometric process block . 15
6.3 BRT certificate information. 16
7 Definition of components in BPUInformationBlock. 17
7.1 BPU certificate . 17
7.2 BPUReportInformation. 17
7.2.1 BPUFunctionReport. 18
7.2.2 BPUSecurityReport. 21
8 BRT certificate. 21
8.1 BRTCContentInformation . 22
8.2 Format Owner and Format Type values . 23
Annex A (normative)  ASN.1 module for ACBio. 24
Annex B (informative) Implementation examples . 30
Bibliography . 50

© ISO/IEC 2009 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
ISO/IEC 24761 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, IT Security techniques.
iv © ISO/IEC 2009 – All rights reserved

Introduction
A biometric verification process executed at a remote site is exposed to many risks: falsified reference
templates, forged raw data, unreliable biometric devices, etc. How can the validator check whether a biometric
verification process carried out in a remote site is trustworthy? This International Standard gives a mechanism
to cope with this problem.
In general, reliability of the result of a biometric verification process is dependent both on the security level of
the process executed and on the functional performance level of the biometric devices used. If devices
offering a better functional performance level are used, the result will be more reliable. If the devices are not
secure or the process has been executed in an unsecure environment, then the result will not be reliable.
In the Internet environment, the validator of a biometric verification process usually does not directly know
about the biometric devices used or about the process(es) executed at a remote site. Obtaining trusted
information, such as the functional performance level of the biometric devices used, the security level of the
remote system, and also knowing that the processes in the system were executed securely, the validator can
make a better decision on how much trust can be placed on the result of the biometric verification.
This International Standard provides a solution to the above problem by sending information about the devices
used and the processes executed at the remote site to the validator.
In general, the biometric enrolment process consists of the following subprocesses: data capture, intermediate
signal processing, final signal processing (or feature extraction), and storage. (This is true in general, but there
are many variants possible.)
In general, the biometric verification process consists of data capture, intermediate signal processing, final
signal processing, retrieval from storage, comparison, and decision. (This is true in general, but there are
many variants possible.)
Usually, subprocesses are executed in one or more biometric processing units (BPUs), each of which has its
own uniform security level. Several subprocesses are involved in the biometric verification process, but the
security of the retrieval subprocess from storage is also dependent on the subprocesses involved in the
biometric enrolment process.
This International Standard is designed to be applied to this model of biometric verification processes, which is
an extension of the biometric system model defined in ISO 19092, but is also applicable to other biometric
verification process models.
This International Standard defines a data format for security data generated by BPUs, such as a sensor,
smartcard, or comparison device, to provide certified information about the BPU to help the validator to
determine the reliability of the result of the biometric verification process.
This International Standard is based on the Public Key Infrastructure (PKI) technology and PKIX (see
ISO/IEC 9594-8 | ITU-T Recommendation X.509 and RFC 3852). This International Standard uses a digital
signature as the base for trust and non-repudiation. This International Standard requires input and output
information to be hashed, and subsequently digitally signed with other data such as a challenge from the
validator, and the evaluation result of the BPU actions.
This International Standard recognizes that privacy requirements concerned with the storage of biometric
elements have to respond to and comply with local laws and legislation on data privacy. ACBio ensures that
the validator can validate the result of the biometric verification process without receiving private data, such as
the biometric sample acquired from the claimant or the biometric reference template used for comparison.
© ISO/IEC 2009 – All rights reserved v

An ACBio instance is a report that is encoded using the XML Encoding Rules (XER) or the Basic Encoding
Rules (BER) of ASN.1 [see ISO/IEC 8824 (All parts) | ITU-T Recommendations X.680-683 and
ISO/IEC 8825-4 | ITU-T Recommendation X.693], commonly supported by cryptographic tool kit vendors. The
syntax is algorithm independent and supports provision of data integrity and data origin authentication. The
cryptographic algorithms specified by ISO/IEC JTC 1/SC 27 are recommended, though any algorithm
appropriate for use by a given community may be used.
This International Standard uses BPU certificates, issued by a BPU certification organization (a trusted third
party that issues certificates concerning the security of the BPU) and biometric reference template (BRT)
certificates, issued by a BRT certification organization that issues certificates concerned with the production
and retention of a biometric reference template in a database or on a smart-card.
The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC)
draw attention to the fact that it is claimed that compliance with this document may involve the use of a patent
concerning the ACBio instance given in Clauses 5, 6, 7, and 8.
ISO and IEC take no position concerning the evidence, validity and scope of this patent right.
The holder of this patent right has assured the ISO and IEC that he/she is willing to negotiate licences under
reasonable and non-discriminatory terms and conditions with applicants throughout the world. In this respect,
the statement of the holder of this patent right is registered with ISO and IEC. Information may be obtained
from:
Toshiba Corporation, Toshiba Solutions Corporation,
1-1, Shibaura 1-chome, Minato-ku,
Tokyo 105-8001, Japan
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights other than those identified above. ISO and IEC shall not be held responsible for identifying any or all
such patent rights.
vi © ISO/IEC 2009 – All rights reserved

INTERNATIONAL STANDARD ISO/IEC 24761:2009(E)

Information technology — Security techniques —
Authentication context for biometrics
1 Scope
This International Standard defines the structure and the data elements of Authentication Context for
Biometrics (ACBio), which is used for checking the validity of the result of a biometric verification process
executed at a remote site. This International Standard allows any ACBio instance to accompany any data item
that is involved in any biometric process related to verification and enrolment. The specification of ACBio is
applicable not only to single modal biometric verification but also to multimodal fusion.
This International Standard specifies the cryptographic syntax of an ACBio instance. The cryptographic syntax
of an ACBio instance is based on an abstract Cryptographic Message Syntax (CMS) schema whose concrete
values can be represented using either a compact binary encoding or a human-readable XML encoding.
This International Standard does not define protocols to be used between entities such as BPUs, claimant,
and validator. Its concern is entirely with the content and encoding of the ACBio instances for the various
processing activities.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 8824 (all parts) | ITU-T Recommendations X.680-683, Information technology — Abstract Syntax
Notation One (ASN.1)
ISO/IEC 8825-4 | ITU-T Recommendation X.693, Information technology — ASN.1 encoding rules: XML
Encoding Rules (XER)
ISO/IEC 9594-2 | ITU-T Recommendation X.501, Information technology — Open Systems Interconnection —
The Directory: Models
ISO/IEC 9594-8 | ITU-T Recommendation X.509, Information technology — Open Systems Interconnection —
The Directory: Public-key and attribute certificate frameworks
ISO/IEC 19785-1, Information technology — Common Biometric Exchange Formats Framework — Part 1:
Data element specification
ISO/IEC 19785-3, Information technology — Common Biometric Exchange Formats Framework — Part 3:
Patron format specifications
RFC 3852, Cryptographic Message Syntaxt (CMS), July 2004
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
© ISO/IEC 2009 – All rights reserved 1

3.1
ACBio instance
report generated by a biometric processing unit (BPU) compliant to this International Standard to show the
validity of the result of one or more subprocesses executed in the BPU
3.2
authentication context for biometrics
ACBio
International Standard that specifies the form and encoding of ACBio instances
3.3
biometric
pertaining to the field of biometrics
3.4
biometric processing unit
BPU
entity that executes one or more subprocesses that perform a biometric verification at a uniform level of
security
NOTE A sensor, a smart card, and a comparison device are examples of BPUs.
3.5
biometric processing unit certificate
BPU certificate
X.509 certificate that is issued to a BPU by a certification organization which enables the validator to
determine the reliability of the BPU
3.6
biometric processing unit certification organization
BPU certification organization
organization which issues BPU certificates
3.7
biometric processing unit function report
BPU function report
report on the function of the BPU, which contains the evaluation results on each function in the BPU
3.8
biometric processing unit IO Index
BPU IO Index
integer assigned to each biometric data stream between BPUs by the subject, such as software, which utilizes
the function of the BPU so that the validator can reconstruct the data flow among BPUs
3.9
biometric processing unit report
BPU report
report on a BPU, which consists of a BPU function report and a BPU security report
3.10
biometric processing unit security report
BPU security report
report on the security level of a BPU, which contains an evaluation result of the security level of the BPU
3.11
biometric sample
information obtained from a biometric sensor, either directly or after further processing
NOTE See also raw biometric sample (3.33), intermediate biometric sample (3.26), and processed biometric
sample (3.31).
2 © ISO/IEC 2009 – All rights reserved

3.12
biometric reference template
biometric sample or combination of biometric samples that has been stored as a reference for future
comparison
NOTE See also raw biometric reference template (3.34), intermediate biometric reference template (3.27), and
processed biometric reference template (3.32).
3.13
biometric reference template certificate
BRT certificate
certificate that is issued to a biometric reference template by a BRT certification organization and enables the
validator to determine the authenticity of the biometric reference template
3.14
biometric reference template certification organization
BRT certification organization
organization which issues BRT certificates
3.15
biometric verification
application that returns true or false for a claim about the similarity of one or more biometric reference
templates and one or more recognition biometric samples by making one or more comparisons
3.16
biometrics
automated recognition of individuals based on their behavioural and biological characteristics
3.17
claimant
〈biometric verification〉 individual who is seeking, and is the object of, biometric verification
3.18
comparison
estimation, calculation or measurement of similarity or dissimilarity between one or more recognition biometric
samples and one or more biometric reference templates
3.19
comparison decision
determination of whether the recognition biometric sample(s) and biometric reference template(s) have the
same biometric source, based on comparison scores, decision policies (including threshold values), and
possibly other inputs to the comparison decision
3.20
comparison score
numerical value (or set of values) resulting from a comparison
3.21
control value
random number provided by a validator that is a means by which the validator can check whether an ACBio
instance is generated at the validator’s request or not
3.22
enrol
collect one or more biometric samples from an individual, and subsequently construct one or more biometric
reference templates which can then be used to verify or determine the individual’s identity
© ISO/IEC 2009 – All rights reserved 3

3.23
enrolment
process of collecting one or more biometric samples from an individual, and the subsequent construction of a
biometric reference template which can then be used to verify or determine the individual’s identity
3.24
enrolment organization
organization which handles enrolment and creates and stores biometric reference templates
3.25
evaluation organization
organization which evaluates biometric processing unit function or security
3.26
intermediate biometric sample
biometric sample obtained by processing a raw biometric sample, intended for further processing
3.27
intermediate biometric reference template
intermediate biometric sample or combination of intermediate biometric samples used as a biometric
reference template
3.28
match
decision that the recognition biometric sample(s) and the biometric reference template are from the same
individual
3.29
non-match
decision that the recognition biometric sample(s) and the biometric reference template are not from the same
individual
3.30
on-card matching
performing comparison and decision making on an integrated circuit card where the biometric reference
template is retained on-card in order to enhance security and privacy
NOTE The term "matching" is deprecated and replaced with the term "comparison" in ISO/IEC JTC 1/SC 37 work.
But the term "on card matching" is a term heavily used in ISO/IEC JTC 1/SC 17 work. So this term is used in this
International Standard.
3.31
processed biometric sample
biometric sample suitable for comparison
3.32
processed biometric reference template
processed biometric sample or combination of processed biometric samples used as a biometric reference
template
3.33
raw biometric sample
biometric sample obtained directly from a biometric sensor
3.34
raw biometric reference template
raw biometric sample or combination of raw biometric samples used as a biometric reference template
4 © ISO/IEC 2009 – All rights reserved

3.35
subprocess
part of a biometric verification or enrolment process usually performing data capture, intermediate signal
processing, final signal processing, storage, comparison, or decision
3.36
subprocess index
integer uniquely assigned to each subprocess within a biometric processing unit (BPU) by the organization
providing the BPU
3.37
subprocess IO index
unique integer assigned to each data stream between subprocesses in a biometric processing unit (BPU) so
that the validator can reconstruct the data flow between subprocesses in the BPU
3.38
validator
〈biometric verification〉 entity which makes a decision on whether the result of a biometric verification process
is acceptable or not, based on the policy of the corresponding application, using one or more comparison
decisions and possibly other information, supported by ACBio instances
4 Abbreviated terms
ACBio Authentication Context for Biometrics
ASN.1 Abstract Syntax Notation One as defined in ISO/IEC 8824
BER Basic Encoding Rules (of ASN.1)
BIR Biometric Information Record
BPU Biometric Processing Unit
BRT certificate Biometric Reference Template certificate
CBEFF Common Biometric Exchange Formats Framework as defined in ISO/IEC 19785-1
CMS Cryptographic Message Syntax as defined in RFC 3852
IO Input/Output
OCM On-Card Matching
STOC STore On Card
URI Universal Resource Identifier
XML eXtensible Markup Language
© ISO/IEC 2009 – All rights reserved 5

5 Model and framework of ACBio
5.1 Biometric enrolment and verification process model and Biometric Processing Unit
(BPU)
ACBio’s design is based on the following biometric verification subprocesses:
a) data capture
This subprocess captures biometric information from a claimant and converts it to a raw biometric sample.
The raw biometric sample is transmitted to the intermediate signal processing subprocess for further
processing.
b) intermediate signal processing
This subprocess receives a raw biometric sample and transforms it into an intermediate biometric sample. The
intermediate biometric sample is transmitted to another intermediate signal processing subprocess or to the
final signal processing subprocess for further processing.
c) final signal processing
This subprocess receives an intermediate biometric sample and transforms it into a processed biometric
sample. The processed biometric sample is transmitted either to the comparison subprocess (verification) or
to the storage subprocess (enrolment).
d) storage
This subprocess stores one of three types of biometric reference template; raw biometric reference template
((1) in Figure 1 and Figure 2), intermediate biometric reference template ((2) in Figure 1 and Figure 2), or
processed biometric reference template ((3) in Figure 1 and Figure 2). One of the three types of biometric
reference template will be compared with a biometric sample for verification.
e) comparison
This subprocess receives a biometric sample, which is acquired originally from a claimant, and may or may
not be further processed, and a biometric reference template. This subprocess compares the biometric
sample and the processed biometric reference template, and calculates the similarity, which is called a
comparison score. The comparison score is transmitted to the decision subprocess.
f) decision
This subprocess receives a comparison score from the comparison subprocess, evaluates the score under
rules determined by the security policy in use, decides the validity of the claimant’s identity, and outputs the
comparison decision, match or non-match, which is sent to the validator.
6 © ISO/IEC 2009 – All rights reserved

The following Figure 1 shows three biometric enrolment process models where the storage subprocess stores
a raw biometric sample, an intermediate biometric sample, and a processed biometric sample.
storage storage
storage
raw intermediate processed
(1)                     (2)                           (3)
biometric biometric biometric
reference reference reference
template template template
raw intermediate processed
biometric biometric biometric
sample sample sample
data intermediate final
capture signal signal
processing processing
:possible untrusted network
Figure 1 — Biometric enrolment process model
The following Figure 2 shows three biometric verification process models where the storage subprocess
stores a raw biometric reference template, an intermediate biometric reference template, and a processed
biometric reference template.
© ISO/IEC 2009 – All rights reserved 7

storage storage storage
raw intermediate
processed
biometric biometric biometric
(1)              (2)                (3)
reference reference reference
template template template
raw intermediate processed
biometric biometric biometric
reference reference reference
template template template
comparison comparison
score decision
raw intermediate processed
biometric
biometric biometric
sample
sample sample
data intermediate final comprison decision
capture signal signal
processing processing
:possible untrusted network
Figure 2 — Biometric verification process model
5.2 Framework for use of ACBio
ACBio gives information to the validator of a biometric verification process about the level of trust of the
biometric verification process.
Subclauses 5.2.1 to 5.2.3 describe what shall be prepared in the production process of BPUs that result in a
comparison and the enrolment process of BPUs that produce biometric references template, how ACBio
instances are generated in these processes, and how biometric verification is validated.
5.2.1 Preparation for use of ACBio
To validate biometric verification processes with ACBio, preparation is necessary in addition to capture and
storage (enrolment) of the biometric reference templates of claimants.
The series of steps in preparations for the use of ACBio is shown in Figure 3, separated into the production
process, and the enrolment process, and the subsequent verification process.
8 © ISO/IEC 2009 – All rights reserved

evaluation organization manufacturer BPU certification organization
(1)           (2)             (3)    (4)
issuance
evaluation
issuance biometric verification and
of
key
of of validation
BPU function/
generation
BPU
BPU certificate (details are seen in Figure 4)
security report
production process
enrolment BRT certification
organization organization
(5)            (6)
enrolment issuance
of of
BRT BRT certificate
enrolment process
Figure 3 — Preparation for use of ACBio and biometric verification execution
5.2.1.1 Preparation in the production process
The security level and functional performance level (quality) of each function in each BPU are evaluated by
one or more evaluation organizations which may include the manufacturer of the product (software or
hardware that forms the BPU ((1) in Figure 3).
After the evaluation, a BPU function report (See 7.2.1) and a BPU security report (See 7.2.2) are issued from
the evaluation organization ((2) in Figure 2), which compose a BPU report.
Manufacturers of the products forming the BPU shall generate a key of symmetric cryptosystem or a key pair
of asymmetric key cryptosystem depending on the BPU, to each BPU ((3) in Figure 3).
The key shall be certified and a BPU certificate (See 7.1) shall be issued by a BPU certification organization
which may be the manufacturer of the product of the BPU ((4) in Figure 3).
The BPU report or a referrer to it, the BPU certificate or the referrer to it, and the key shall be stored in each
BPU before shipping of the product of the BPU. Each BPU shall have the means to generate a digital
signature or a message authentication code so that the validator can validate the integrity of the ACBio
instance.
5.2.1.2 Preparation in the enrolment process
For biometric verification, a biometric reference template shall be created and enrolled in advance with an
enrolment organization ((5) in Figure 3).
To use ACBio for validation of a biometric verification process, a certificate of biometric reference template
called a BRT certificate (see Clause 8) shall be issued by a BRT certification organization ((6) in Figure 3).
© ISO/IEC 2009 – All rights reserved 9

The BRT certificate or the referrer to it shall be stored in the BPU where the certified biometric reference
template is stored.
During the enrolment process, ACBio instances should be generated to validate the reliability of the enrolment
process. The validation with these ACBio instances may be done by the storage subprocess as well as the
validator of the biometric verification process.
5.2.2 Biometric verification and ACBio
Figure 4 shows the detail of the biometric verification process and its validation process.
storage storage storage
raw processed
intermediate
biometric biometric
biometric
reference
reference reference
template template template
raw intermediate processed
biometric biometric biometric
reference reference reference
template template template
comparison comparison
validator
score decision
raw intermediate processed
+
biometric biometric biometric
biometric
sample sample sample
application
ACBio
instance
data intermediate final
comparison decision
capture signal signal
processing processing
Biometric verification
Internet
BPU BRT
evaluation
: possible untrusted network
certification certification
organization
organization organization
Figure 4 — Biometric verification process and its validation
In a biometric verification process, each BPU shall pack its ACBio instance containing the BPU certificate
information (the BPU certificate itself or the referrer to it), the BPU report information (the BPU report itself or
the referrer to it), and the BRT certificate information (the BRT certificate itself or the referrer to it) if the BPU
includes the storage subprocess into the data of type ACBioContentInformation (See 6). The data of type
ACBioContentInformation shall contain a value from the validator, called the control value, and the hash
value(s) of the input/output biometric data to/from the BPU, which enables the validator to validate the
consistency of the transmission of biometric data between BPUs.
By adding the digital signature or the message authentication code to the data of type
ACBioContentInformation with the key of the BPU, the ACBio instance is generated.
10 © ISO/IEC 2009 – All rights reserved

5.2.3 Validation of biometric verification process using ACBio
In this ACBio framework, the validator receives not only the comparison decision, the result of biometric
verification, but also the ACBio instance(s) with which the validator can validate the result of the executed
biometric verification.
The validator can validate the authenticity and integrity of an ACBio instance by verifying the digital signature
or the message authentication code with the BPU certificate. The validator can obtain the security level and
the functional performance level of the BPU by referring to the BPU report, and the authenticity of the
biometric reference template used in the biometric verification process by referring to the BRT certificate. The
validator can also validate the consistency of the communication between BPUs and between the validator
and the biometric verification process by checking the biometric process block and the control value in the
ACBio instance(s) respectively. With all of these, the validator can decide the level of trust for the result of the
biometric verification.
If necessary, the validator can connect to relevant organizations such as the BPU certification organization,
the evaluation organization, and the BRT certification organization, as shown in Figure 4.
6 ACBio instance
An ACBio instance is data of ASN.1 type ACBioInstance which is specified in ASN.1 notation as follows:
ACBioInstance ::= SEQUENCE {
contentType CONTENT-TYPE.&id({ContentTypeACBio}),
content [0] EXPLICIT CONTENT-TYPE.&Type
({ContentTypeACBio}{@contentType})}

The type ACBioInstance corresponds to the type ContentInfo of CMS. The latter is constrained by an extensible
object set while the former is constrained by an object set containing only two objects signedDataACBio and
authenticatedDataACBio. These two objects of class CONTENT-TYPE are defined as follows:
ContentTypeACBio CONTENT-TYPE ::= {signedDataACBio | authenticatedDataACBio}
signedDataACBio CONTENT-TYPE ::= {
SignedDataACBio
IDENTIFIED BY id-signedDataACBio }
id-signedDataACBio OBJECT IDENTIFIER ::=
{iso(1) standard(0) acbio(24761) contentType(2) signedDataACBio(1)}
authenticatedDataACBio CONTENT-TYPE ::= {
AuthenticatedDataACBio
IDENTIFIED BY id-authenticatedDataACBio }
id-authenticatedDataACBio OBJECT IDENTIFIER ::=
{iso(1) standard(0) acbio(24761) contentType(2) authenticatedDataACBio(2)}

SignedDataACBio and AuthenticatedDataACBio are specified as follows:
SignedDataACBio ::= SIGNEDDATA { EncapsulatedContentInfoACBio }
AuthenticatedDataACBio ::= AUTHENTICATEDDATA { EncapsulatedContentInfoACBio }

The types SignedDataACBio and AuthenticatedDataACBio specified above replace the CMS types SignedData
and AuthenticatedData together with the following definitions:
© ISO/IEC 2009 – All rights reserved 11

SIGNEDDATA { EncapsulatedContentInfo } ::= SEQUENCE {
version CMSVersion,
digestAlgorithms SET OF DigestAlgorithmIdentifier,
encapContentInfo EncapsulatedContentInfo,
certificates [0] IMPLICIT CertificateSet OPTIONAL,
crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
signerInfos SignerInfos}
AUTHENTICATEDDATA { EncapsulatedContentInfo } ::= SEQUENCE {
version CMSVersion,
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
recipientInfos RecipientInfos,
macAlgorithm MessageAuthenticationCodeAlgorithm,
digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
encapContentInfo EncapsulatedContentInfo,
authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
mac MessageAuthenticationCode,
unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL}

The following types appeared in the specification of the above two types, SIGNEDDATA and
AUTHENTICATEDDATA, are imported from RFC 3852: CMSVersion, DigestAlgorithmIdentifier, SignerInfos,
OriginatorInfo, RecipientInfos, MessageAuthenticationCodeAlgorithm, AuthAttributes, MessageAuthenticationCode,
UnauthAttributes.
Since the types CertificateSet and RevocationInfoChoices in RFC 3852 are not compliant to the current version
of ASN.1 which was standardized in 2002 as ISO/IEC 8824 (all parts) | ITU-T Recommendations X.680-683,
they can not be imported and redefined as follows;
CertificateSet, RevocationInfoChoices are defined as follows;
CertificateSet ::= SET OF CertificateChoices
CertificateChoices ::= CHOICE {
certificate Certificate,
v2AttrCert [2] IMPLICIT AttributeCertificateV2,
other [3] IMPLICIT OtherCertificateFormat}
AttributeCertificateV2 ::= AttributeCertificate
OtherCertificateFormat ::= SEQUENCE {
otherFormat OTHERCERTIFICATE.&id({OtherCertificate}),
otherCert OTHERCERTIFICATE.&Type({OtherCertificate}{@otherFormat})}
OTHERCERTIFICATE ::= TYPE-IDENTIFIER
OtherCertificate OTHERCERTIFICATE ::= {.}
RevocationInfoChoices ::= SET OF RevocationInfoChoice
RevocationInfoChoice ::= CHOICE {
crl CertificateList,
other [1] IMPLICIT OtherRevocationInfoFormat }
OtherRevocationInfoFormat ::= SEQUENCE {
otherRevInfoFormat OTHERREVOCATION.&id({OtherRevocation}),
otherRevInfo OTHERREVOCATION.&Type({OtherRevocation}{@otherRevInfoFormat}) }
OTHERREVOCATION ::= TYPE-IDENTIFIER
OtherRevocation OTHERREVOCATION ::= {.}

The type EncapsulatedContentInfo is a parameter in the above definition and is not imported from CMS. In the
definition of the type SignedDataACBio and AuthenticatedDataACBio, the following type replaces
EncapsulatedContentInfo.
12 © ISO/IEC 2009 – All rights reserved

EncapsulatedContentInfoACBio ::= SEQUENCE {
eContentType CONTENT-TYPE.&id({ContentTypeACBioContentInfo}),
eContent [0] EXPLICIT CONTENT-TYPE.&Type
({ContentTypeACBioContentInfo}{@eContentType})}
ContentTypeACBioContentInfo CONTENT-TYPE ::= {acbioContentInformation}

As in the above definition, the type EncapsulatedContentInfoACBio is constrained by an object set containing a
single object acbioContentInformation of the class CONTENT-TYPE. This object is defined as follows:
acbioContentInformation CONTENT-TYPE ::= {
ACBioContentInformation
IDENTIFIED BY id-acbioContentInformation }
id-acbioContentInformation OBJECT IDENTIFIER ::=
{iso(1) standard(0) acbio(24761) contentType(2) acbioContent(3)}

Therefore an ACBio instance is a data of type ACBioInstance, essentially the same as the CMS type
ContentInfo, with the content of type SignedDataACBio or AuthenticatedDataACBio on the content of type
ACBioContentInformation.
Table 1 shows the structure of type ACBioContentInformation. The ACBioContentInformation consists of five
fields, version, BPU information block, control value, biometric process block, and BRT certificate information.
The first four fields are mandatory. An ACBio instance shall have the last field if and only if the BPU contains
the storage subprocess. The signature of SignedDataACBio or the message authentication code of
AuthenticatedDataACBio shall be generated with the (private) key of the BPU.
Version is the version of the format of ACBioContentInformation.
© ISO/IEC 2009 – All rights reserved 13

Table 1 — ACBio Content Information

ACBioContentInformation
Version
BPU Information Block
BPU Certificate Referrer Information
BPU Report Information
Control Value
Biometric Process Block
SubprocessIndex[1]
・
・
SubprocessIndex[L]
BPUIOExecutionInformation[1] (for input)
・
・
BPUIOExecutionInformation[M] (for input)
BPUIOExecutionInformation[1] (for output)
・
・
BPUIOExecutionInformation[N] (for output)
BRT Certificate Information
In ASN.1 notation, the type ACBioContentInformation is specified as follows:
ACBioContentInformation ::= [14] IMPLICIT SEQUENCE {
version Version DEFAULT v0,
bpuInformation BPUInformation,
controlValue OCTET STRING (SIZE(16)),
biometricProcess BiometricProcess,
brtCertificateInformation BRTCertificateInformation OPTIONAL}

Version ::= INTEGER { v0(0) } ( v0, . )

The tag of ACBioContentInformation is chosen so that the digital signature or message authentication code
may be calculated for a data of this type on an IC card using the commands specified in ISO/IEC 7816-4.
The type BPUInformation is defined in 6.1. The detail of each type in BPUInformation is defined in Clause 7.
A control value is an octet string of 16 byte length with which the validator can check to which validator’s
request the ACBio instance is generated. It shall be set to controlValue field to make it infeasible to replay a
biometric verification process.
The type BiometricProcess is defined in 6.2. The type BRTCertificateInformation is defined in 6.3. The detail of
the type BRTCertificate, which is used in BRTCertificateInformation, is defined in Clause 8.
14 © ISO/IEC 2009 – All rights reserved

6.1 BPU information block
BPU information block carries the static information of BPU, information which does not depend on each
execution. This block is mandatory and consists of two components, BPU certificate referrer information and
BPU report information. ASN.1 type BPUInformation is defined for this block of information:
BPUInformation ::= SEQUENCE {
bpuCertificateReferrerInformation BPUCertificateReferrerInformation OPTIONAL,
bpuReportInformation BPUReportInformation}

BPU certificate referrer information of type BPUCertificateReferrerInformation defined as follows is the referrer
information to X.509 certificate for the (public) key of the BPU. If the ACBio instance contains the BPU
certificate in the field of certificates in case of SignedDataACBio is used or in the field of certs in originatorInfo in
case of AuthenticatedDataACBio is used, BPU certificate referrer information can be omitted. BPU certificate is
specified in 7.1.
BPUCertificateReferrerInformation ::= SEQUENCE {
bpuCertificateReferrer URI,
crlsReferrer URI OPTIONAL}
URI ::= VisibleString (SIZE(1.MAX))

BPU report information of type BPUReportInformation is the BPU report itself or the referrer to it. BPU report
contains the information about functions implemented in the BPU and the information of the security level of
the BPU. BPU report is defined in 7.2.
BPUReportInformation ::= CHOICE {
bpuReport BPUReport,
bpuReportReferrer URI}
6.2 Biometric process block
Biometric process block carries the runtime information of BPU, information which depends on each execution.
This block consists of three components, subprocessIndexList which is the list of indexes of the subprocesses
executed in the BPU, bpuInputExecutionInformationList which contains the information on the input data to the
BPU, and bpuOuputExecutionInformationList which contains the information on the output data from the BPU.
If the BPU sends/receives data to/from other BPUs, then the corresponding components in this block are
mandatory.
The ASN.1 type BiometricProcess is defined as follows:
BiometricProcess ::= SEQUENCE {
subprocessIndexList SubprocessIndexList,
bpuInputExecutionInformationList BPUIOExecutionInformationList OPTIONAL,
bpuOuputExecutionInformationList BPUIOExecutionInformationList OPTIONAL}
...