ISO/IEC 24709-1:2007

INTERNATIONAL ISO/IEC
STANDARD 24709-1
First edition
2007-02-15
Information technology — Conformance
testing for the biometric application
programming interface (BioAPI) —
Part 1:
Methods and procedures
Technologies de l'information — Essai de conformité pour l'interface de
programmation d'applications biométriques (BioAPI) —
Partie 1: Méthodes et procédures

Reference number
©
ISO/IEC 2007
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO/IEC 2007
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2007 – All rights reserved

Contents Page
Foreword. vii
Introduction . viii
1 Scope . 1
2 Conformance. 1
3 Normative references . 2
4 Terms and definitions. 2
5 Abbreviations . 4
6 Conformance testing methodology . 5
6.1 General. 5
6.2 Conformance testing models . 9
6.3 Abstract test engine . 14
7 General properties of the assertion language . 15
7.1 General. 15
7.2 Variables . 18
7.3 Built-in variables. 18
7.4 Representation of integers . 19
7.5 Representation of booleans . 19
7.6 Representation of universally unique identifiers . 19
7.7 Representation of octet strings. 20
7.8 XML documents . 20
8 Elements of the assertion language . 20
8.1 Element . 20
8.2 Element (child of ) . 22
8.3 Element (child of ). 23
8.4 Element (child of ) . 24
8.5 Element (child of ). 25
8.6 Element (child of ). 26
8.7 Element (child of ). 27
8.8 Element (child of ) . 28
8.9 Element (child of ) . 29
8.10 Element (child of ). 35
8.11 Element (child of ). 36
8.12 Element . 36
8.13 Element . 37
8.14 Element . 38
8.15 Element (child of ) . 39
8.16 Element . 42
8.17 Element . 43
8.18 Element . 45
8.19 Element . 46
8.20 Element . 47
8.21 Element . 47
8.22 Element . 48
8.23 Element . 49
8.24 Element . 50
8.25 Element . 50
© ISO/IEC 2007 – All rights reserved iii

8.26 Element . 50
8.27 Element . 50
8.28 Element . 51
8.29 Element . 51
8.30 Element . 52
8.31 Element . 52
8.32 Element . 52
9 Standard interface functions . 53
9.1 General . 53
9.2 Parameter groups . 58
9.3 BioAPI_Init . 87
9.4 BioAPI_Terminate . 88
9.5 BioAPI_GetFrameworkInfo. 89
9.6 BioAPI_EnumBSPs . 90
9.7 BioAPI_BSPLoad . 93
9.8 BioAPI_BSPUnload. 94
9.9 BioAPI_BSPAttach. 95
9.10 BioAPI_BSPDetach . 98
9.11 BioAPI_QueryUnits . 99
9.12 BioAPI_EnumBFPs . 101
9.13 BioAPI_QueryBFPs. 104
9.14 BioAPI_ControlUnit. 106
9.15 BioAPI_FreeBIRHandle. 108
9.16 BioAPI_GetBIRFromHandle . 109
9.17 BioAPI_GetHeaderFromHandle . 111
9.18 BioAPI_EnableEvents. 113
9.19 BioAPI_SetGUICallbacks. 114
9.20 BioAPI_Capture. 116
9.21 BioAPI_CreateTemplate . 118
9.22 BioAPI_Process . 122
9.23 BioAPI_ProcessWithAuxBIR. 124
9.24 BioAPI_VerifyMatch . 126
9.25 BioAPI_IdentifyMatch . 130
9.26 BioAPI_Enroll . 133
9.27 BioAPI_Verify. 137
9.28 BioAPI_Identify. 141
9.29 BioAPI_Import . 145
9.30 BioAPI_PresetIdentifyPopulation. 147
9.31 BioAPI_DbOpen . 149
9.32 BioAPI_DbClose. 151
9.33 BioAPI_DbCreate . 152
9.34 BioAPI_DbDelete. 155
9.35 BioAPI_DbSetMarker . 156
9.36 BioAPI_DbFreeMarker . 157
9.37 BioAPI_DbStoreBIR . 159
9.38 BioAPI_DbGetBIR . 161
9.39 BioAPI_DbGetNextBIR. 163
9.40 BioAPI_DbDeleteBIR. 165
9.41 BioAPI_SetPowerMode. 166
9.42 BioAPI_SetIndicatorStatus. 168
9.43 BioAPI_GetIndicatorStatus . 169
9.44 BioAPI_CalibrateSensor. 171
9.45 BioAPI_Cancel. 172
9.46 BioAPI_Free. 173
9.47 BioAPI_Util_InstallBSP. 174
9.48 BioAPI_Util_InstallBFP . 176
9.49 BioSPI_BSPLoad. 178
9.50 BioSPI_BSPUnload . 180
9.51 BioSPI_BSPAttach . 181
iv © ISO/IEC 2007 – All rights reserved

9.52 BioSPI_BSPDetach. 183
9.53 BioSPI_QueryUnits. 184
9.54 BioSPI_QueryBFPs. 186
9.55 BioSPI_ControlUnit. 187
9.56 BioSPI_FreeBIRHandle. 189
9.57 BioSPI_GetBIRFromHandle . 190
9.58 BioSPI_GetHeaderFromHandle . 191
9.59 BioSPI_EnableEvents. 192
9.60 BioSPI_SetGUICallbacks . 193
9.61 BioSPI_Capture. 194
9.62 BioSPI_CreateTemplate . 195
9.63 BioSPI_Process . 197
9.64 BioSPI_ProcessWithAuxBIR . 198
9.65 BioSPI_VerifyMatch. 200
9.66 BioSPI_IdentifyMatch . 202
9.67 BioSPI_Enroll . 204
9.68 BioSPI_Verify . 206
9.69 BioSPI_Identify. 209
9.70 BioSPI_Import . 211
9.71 BioSPI_PresetIdentifyPopulation. 212
9.72 BioSPI_DbOpen . 213
9.73 BioSPI_DbClose. 215
9.74 BioSPI_DbCreate . 216
9.75 BioSPI_DbDelete. 217
9.76 BioSPI_DbSetMarker . 218
9.77 BioSPI_DbFreeMarker . 219
9.78 BioSPI_DbStoreBIR . 220
9.79 BioSPI_DbGetBIR . 221
9.80 BioSPI_DbGetNextBIR. 222
9.81 BioSPI_DbDeleteBIR. 224
9.82 BioSPI_SetPowerMode. 225
9.83 BioSPI_SetIndicatorStatus . 226
9.84 BioSPI_GetIndicatorStatus . 227
9.85 BioSPI_CalibrateSensor. 228
9.86 BioSPI_Cancel. 228
9.87 BioSPI_Free. 229
9.88 BioAPI_EventHandler. 230
9.89 BioAPI_GUI_STATE_CALLBACK. 231
9.90 BioAPI_GUI_STREAMING_CALLBACK. 234
9.91 BioSPI_EventHandler . 235
9.92 BioSPI_GUI_STATE_CALLBACK . 237
9.93 BioSPI_GUI_STREAMING_CALLBACK . 238
9.94 BioSPI_BFP_ENUMERATION_HANDLER. 240
9.95 BioSPI_MEMORY_FREE_HANDLER. 242
10 Built-in variables. 243
10.1 Variables whose value never changes . 243
10.2 Variables whose value may change. 251
11 Test log . 251
12 Test report . 254
13 BioAPI conformance test suite. 255
13.1 General concepts. 255
13.2 BioAPI conformance test suite structure. 255
Annex A (normative) XML schema of the assertion language . 257
Annex B (normative) ASN.1 schema of the assertion language . 261
Annex C (normative) XML schema for the test log. 265
Annex D (informative) Test method implementation guideline . 267
© ISO/IEC 2007 – All rights reserved v

Annex E (informative) BioAPI conformity assessment program. 275
Annex F (informative) XML diagrams of the assertion language . 281
Bibliography . 303

vi © ISO/IEC 2007 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 24709-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 37, Biometrics.
ISO/IEC 24709 consists of the following parts, under the general title Information technology — Conformance
testing for the biometric application programming interface (BioAPI):
⎯ Part 1: Methods and procedures
⎯ Part 2: Test assertions for biometric service providers
The following parts are under preparation:
⎯ Part 3: Test assertions for BioAPI frameworks
⎯ Part 4: Test assertions for biometric applications

© ISO/IEC 2007 – All rights reserved vii

Introduction
This part of ISO/IEC 24709 defines a conformance testing methodology for ISO/IEC 19784-1. It specifies
three conformance testing models that enable conformance testing of each of the following BioAPI
components: an application, a framework and a BSP. It also specifies an assertion language that is used for
the definition of test assertions. Actual test assertions for each of the BioAPI components are defined in
subsequent parts of ISO/IEC 24709.
This part of ISO/IEC 24709 also contains informative guidelines regarding general concepts related to
establishing and administering a BioAPI conformance assessment and certification program. These
informative guidelines identify the types of activities, responsibilities, services and documentation
recommended for conducting conformity assessment and certification of BioAPI-conformant implementations.
Further, this part of ISO/IEC 24709 provides informative guidelines for establishing a complete conformity
assessment methodology for BioAPI specification.
Clause 6 describes the general test method and conformance testing models for BioAPI.
Clause 7 defines the assertion language, based on XML, used for definition of conformance test assertion.
Clause 8 defines the elements of the assertion language.
Clause 9 specifies the use of the standard BioAPI interface functions of BioAPI in conformance testing.
Clause 10 defines the built-in variables of the assertion language.
Clause 11 defines the test log using XML syntax.
Clause 12 defines the test report using XML syntax.
Clause 13 describes the general concept and structure of a BioAPI conformance test suite.
Annex A is normative, and defines the XML schema of the assertion language.
Annex B is normative, and defines the ASN.1 schema of the assertion language.
Annex C is normative, and defines the XML schema for the test log.
Annex D is informative, and describes a primer of a BioAPI test method implementation, including elements of
the conformance test process and description of the test categories.
Annex E is informative, and describes a general framework for the overall BioAPI Conformity Assessment
Process.
Annex F is informative, and provides the relationship diagrams for the assertion language.
viii © ISO/IEC 2007 – All rights reserved

The Bibliography references a number of standards organizatons, including ISO, IEC, NIST and IEEE, and
other organizations that have published a number of documents and white papers related to conformity
1)
assessments in general and conformance testing in particular.

1) Rather than make normative references to these documents, this part of the ISO/IEC 24709 incorporates appropriate
excerpts of their text, in some cases paraphrasing the text or adapting the provisions to the specific circumstances.
Therefore, these documents are listed in the Bibliography or are referenced explicitly in the body text, as appropriate.
© ISO/IEC 2007 – All rights reserved ix

INTERNATIONAL STANDARD ISO/IEC 24709-1:2007(E)

Information technology — Conformance testing for the
biometric application programming interface (BioAPI) —
Part 1:
Methods and procedures
1 Scope
1.1 This part of ISO/IEC 24709 specifies the concepts, framework, test methods and criteria required to test
conformity of biometric products claiming conformance to BioAPI (see ISO/IEC 19784-1). Guidelines for
specifying BioAPI conformance test suites, writing test assertions and defining procedures to be followed
during the conformance testing are provided.
1.2 This part of ISO/IEC 24709 is concerned with conformance testing of biometric products claiming
conformance to BioAPI (see ISO/IEC 19784-1). It is not concerned with testing other characteristics of
biometric products or other types of testing of biometric products (i.e. acceptance, performance, robustness,
security, etc.). Testing by means of test methods which are specific to particular biometric products are not the
subject of ISO/IEC 24709.
1.3 This part of ISO/IEC 24709 is applicable to the development and use of conformance test method
specifications, BioAPI conformance test suites and conformance testing programs for BioAPI-conformant
products. It is intended primarily for use by testing organizations, but may be applied by developers and users
of test assertions and test method implementations.
2 Conformance
2.1 A BioAPI conformance test suite conforming to this part of ISO/IEC 24709 shall support one or more
conformance testing models (see 6.2) and shall be able to execute any valid test assertion for the testing
model(s) that it supports, and that are written in the assertion language specified in Clauses 7 through 10.
NOTE There is no restriction on the form or structure of a BioAPI conformance test suite, in terms of the number of
software components, the tasks performed by each software component, or the content and form of the information
exchanged between software components.
2.2 A BioAPI conformance test suite shall be able to verify the syntactic correctness of any package (see
7.1.6) containing assertions or activities (or both) for any conformance testing model, including the testing
models that the implementation does not support (if any).
2.3 For each supported conformance testing model, a BioAPI conformance test suite shall be able to
perform the actions (specific to a computing platform) necessary to interact with an implementation under test,
making function calls to the standard BioAPI interface functions exposed by the implementation under test and
receiving function calls from it.
NOTE 1 In the conformance testing model for BioAPI applications, it is not required that the BioAPI conformance test
suite be able to start or stop the execution of the implementation under test, but needs a mechanism to detect the starting
or ending of the application under test.
NOTE 2 It is not required that a BioAPI conformance test suite be able to test all implementations of the base standard
that claim conformance to the base standard. This includes, but is not limited to, the case when the implementation of the
base standard was created for a computing platform different from the one for which the BioAPI conformance test suite
© ISO/IEC 2007 – All rights reserved 1

was created, and the case where the implementation of the base standard depends on a hardware device that is not
available on the computing system where the test is to be run.
2.4 A BioAPI conformance test suite shall produce a test log (see Clause 11) and test report (see
Clause 12) for each implementation tested.
2.5 If a BioAPI conformance test suite is unable to perform the test of an implementation of the base
standard, this shall be recorded in the test report in these terms rather than as non-conformance of the
implementation under test.
2.6 A BioAPI conformance test suite shall provide a means for a user to enter all the data necessary as
input to a test.
NOTE This includes the identification of the assertion to be processed (package name and assertion name), the list
of all the input parameters of the assertion, and all the other information that is to be included in a test report (see
Clause 12).
3 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 19784-1, Information technology — Biometric application programming interface — Part 1: BioAPI
specification
4 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 19784-1 and the following apply.
4.1
abstract test engine
conceptual machine capable of performing conformance tests on an instance of a standard BioAPI component
4.2
base standard
standard for which a test method specification is written and/or a test method implementation is developed
4.3
BioAPI conformance test suite
test software used to ascertain conformance to a specification or a standard that is in conformance with
ISO/IEC 19784-1
4.4
BioAPI conformity statement
statement that describes conformity of an Implementation Under Test against relevant BioAPI requirements
4.5
certification
acknowledgement that a validation has been completed and the criteria established by the certifying
organization have been met
4.6
conformance
fulfillment by a product, process or service of all relevant specified conformance requirements
[ISO/IEC 13210:1999]
2 © ISO/IEC 2007 – All rights reserved

4.7
conformance requirement
requirement stated in a base standard that identifies a specific requirement in a finite, measurable and
unambiguous manner
NOTE 1 A conformance requirement by itself or in conjunction with other conformance requirements corresponds to an
assertion.
NOTE 2 Adapted from ISO/IEC 13210:1999.
4.8
conformity assessment
any activity concerned with determining directly or indirectly that relevant requirements are fulfilled
4.9
implementation under test
software and hardware, located on one or more system, which implement the standard(s) being tested
4.10
standard BioAPI component
BioAPI application, BioAPI framework or biometric service provider, as specified in ISO/IEC 19784-1
NOTE 1 See 6.1.3.8.
NOTE 2 Although a biometric function provider is also a BioAPI component according to ISO/IEC 19784-1, it is not
included in this definition because ISO/IEC 19784-1 does not specify any biometric function provider interfaces.
4.11
standard BioAPI interface
any one of the interfaces specified in ISO/IEC 19784-1, which one standard BioAPI component exposes to
another standard BioAPI component
NOTE See 6.1.3.8.
4.12
test assertion
assertion
specification for testing a conformance requirement in an Implementation Under Test in the form of software
or procedural methods that generate the test results (also named test outcomes or test verdicts) used for
assessment of the conformance requirement
4.13
test case
specification of the actions required to achieve a specific test purpose or combination of test purposes
NOTE Adapted from the definition of “abstract test case” in ISO/IEC 9646-1:1994.
4.14
test method implementation
software, procedures or other means used to measure conformance
4.15
test method specification
document that expresses the required functionality and behavior of a base standard as assertions and
provides the complete set of conforming test result codes
[ISO/IEC 13210:1999]
© ISO/IEC 2007 – All rights reserved 3

4.16
test purpose
prose description of a narrowly defined objective of testing, focusing on a single conformance requirement, as
specified in the appropriate product specification
NOTE Adapted from ISO/IEC 13210:1999 and ISO/IEC 9646-1:1994.
4.17
test report
document that presents test results and other information relevant to the execution of the test methods against
an Implementation Under Test
4.18
test result code
test verdict
value that describes the result of a test
NOTE Adapted from ISO/IEC 13210:1999.
4.19
validation
process of testing software for conformance to a specific specification
5 Abbreviations
For the purposes of this document, the following abbreviations apply.
API Application Programming Interface
BCS BioAPI Conformity Statement
BIR Biometric Information Record
BSP Biometric Service Provider
CBEFF Common Biometric Exchange Formats Framework
CTS BioAPI Conformance Test Suite
IUT Implementation Under Test
SPI Service Provider Interface
UUID Universally Unique Identifier
4 © ISO/IEC 2007 – All rights reserved

6 Conformance testing methodology
6.1 General
6.1.1 Implementation under test
6.1.1.1 The Implementation Under Test (IUT) is the object that is being tested for conformity. For BioAPI
specifications it is the software that has ‘implemented’ the specification. The software and supporting
hardware constitute the IUT and shall be listed in both the test report and certificate of conformity.
6.1.1.2 Biometric products claiming to conform to the BioAPI specification are expected to conform to all
the applicable conformity requirements in the Conformity clause of the BioAPI specification (Clause 5 of the
specification). These requirements can be:
a) Mandatory requirements: these are to be observed in all cases;
b) Conditional requirements: these are to be observed if the conditions set out in the specification apply;
c) Optional requirements: these can be selected to suit the implementation, and are to be observed if
selected.
6.1.1.3 To evaluate the conformity of a biometric product, it is necessary to have a statement of the
capabilities that have been implemented in conformance with the BioAPI specification, so that the
implementation can be tested for conformity against relevant requirements, and against those requirements
only. Such a statement is called a BioAPI Conformity Statement (BCS), and shall be prepared by the IUT
supplier prior to the beginning of the Conformance Testing. At a minimum, the BCS shall contain an itemized
list of all mandatory, optional, and conditional conformity requirements of the BioAPI specification included in
the IUT.
6.1.2 Test method
6.1.2.1 For conformance testing to be meaningful, all BioAPI implementations must be tested in the same
manner. Conformance testing reflects the essence of technical requirements of BioAPI specifications and
measures whether a Biometric product faithfully implements the specification.
6.1.2.2 For the purpose of this standard, conformance testing is "black box" testing of the functionality of a
BioAPI implementation. Neither the internal structure nor source code of a candidate implementation is
examined.
6.1.2.3 Considering the complexity of the BioAPI specification, and many possible ways of implementing
BioAPI-conformant products, the feasible strategy is to use falsification testing methodology. This strategy as
implemented in this Part of ISO/IEC 24709 includes the following steps:
a) Analyze the BioAPI specification, and develop documented test cases in form of test assertions. Test
cases may be further grouped to form test scenarios. The test assertions are documented in other parts
of ISO/IEC 24709.
b) The test assertions may be realized in the form of executable test scripts, which, in combination with
applicable data files, will constitute a BioAPI conformance test suite (CTS)
c) An IUT will be subjected to various combinations of legal and illegal inputs, and compare the resulting
output to a set of corresponding “expected results.”
d) Test results will be evaluated using pass/fail criteria.
6.1.2.4 Falsification testing can only demonstrate non-conformity, i.e., if errors are found, non-conformance
of the IUT shall be proven, but the absence of errors does not necessarily imply the converse. This test
© ISO/IEC 2007 – All rights reserved 5

method is intended to provide a reasonable level of confidence and practical assurance that the IUT conforms
to the standard. Use of this test method will not guarantee conformity of an implementation to the standard;
that normally would require exhaustive testing, which is impractical for both technical and economic reasons.
6.1.2.5 A test method implementation shall document that it conforms to this Part of ISO/IEC 24709 and
shal
...