Identification cards — Integrated circuit cards — Part 11: Personal verification through biometric methods

ISO/IEC 7816-11:2004 specifies the usage of interindustry commands and data objects related to personal verification through biometric methods in integrated circuit cards. The interindustry commands used are defined in ISO/IEC 7816-4. The data objects are partially defined in this International Standard, partially imported from ISO/IEC 19785-1. ISO/IEC 7816-11 also presents examples for enrollment and verification and addresses security issues.

Cartes d'identification — Cartes à circuit intégré — Partie 11: Verification personelle par méthodes biométriques

General Information

Status
Withdrawn
Publication Date
16-Mar-2004
Withdrawal Date
16-Mar-2004
Current Stage
9599 - Withdrawal of International Standard
Completion Date
01-Dec-2017
Ref Project

Relations

Buy Standard

Standard
ISO/IEC 7816-11:2004 - Identification cards -- Integrated circuit cards
English language
33 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 7816-11
First edition
2004-04-01


Identification cards — Integrated circuit
cards —
Part 11:
Personal verification through biometric
methods
Cartes d'identification — Cartes à circuit intégré —
Partie 11: Vérification personnelle par méthodes biométriques




Reference number
ISO/IEC 7816-11:2004(E)
©
ISO/IEC 2004

---------------------- Page: 1 ----------------------
ISO/IEC 7816-11:2004(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


©  ISO/IEC 2004
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2004 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 7816-11:2004(E)
Contents Page
Foreword. iv
Introduction . v
1 Scope. 1
2 Normative references . 1
3 Terms and definitions. 1
4 Abbreviated terms. 2
5 Commands for biometric verification processes . 2
5.1 Commands to retrieve biometric information. 2
5.2 Command for a static biometric verification process. 3
5.3 Commands for a dynamic biometric verification process. 3
6 Data elements. 3
6.1 Biometric information. 3
6.2 Biometric data . 5
6.3 Verification requirement information. 6
Annex A (informative) Biometric verification process. 8
Annex B (informative) Examples for enrollment and verification. 13
Annex C (informative) Biometric information data objects. 19
Annex D (informative) Usage of Secure Messaging Templates. 29
Bibliography . 33

© ISO/IEC 2004 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 7816-11:2004(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 7816-11 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 17, Cards and personal identification.
ISO/IEC 7816 consists of the following parts, under the general title Identification cards — Integrated circuit
cards:
 Part 1: Cards with contacts — Physical characteristics
 Part 2: Cards with contacts — Dimensions and location of the contacts
 Part 3: Cards with contacts — Electrical interface and transmission protocols
 Part 4: Organization, security and commands for interchange
 Part 5: Registration of application providers
 Part 6: Interindustry data elements for interchange
 Part 7: Interindustry Commands for Structured Card Query Language (SCQL)
 Part 8: Commands for security operations
 Part 9: Commands for card management
 Part 10: Cards with contacts — Electronic signals and answer to reset for synchronous cards
 Part 11: Personal verification through biometric methods
 Part 15: Cryptographic information application

iv © ISO/IEC 2004 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 7816-11:2004(E)
Introduction
This part of ISO/IEC 7816 is one of a series of standards describing the parameters for integrated circuit(s)
cards with contacts and the use of such cards for international interchange.
This part of ISO/IEC 7816 may also apply to contactless cards.

© ISO/IEC 2004 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO/IEC 7816-11:2004(E)

Identification cards — Integrated circuit cards with contacts —
Part 11:
Personal verification through biometric methods
1 Scope
This part of ISO/IEC 7816 specifies security related interindustry commands to be used for personal
verification with biometric methods in integrated circuit(s) cards. It also defines the data structure and data
access methods for use of the card as a carrier of the biometric reference data and/or as the device to
perform the verification of a personal biometric (on-card matching). Identification of persons using biometric
methods is outside the scope of this standard.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 7816-4:2003, Identification cards — Integrated circuit cards with contacts — Part 4: Organization,
security and commands for interchange
ISO/IEC CD 19785:2003, Information technology — Common Biometric Exchange Framework Format
(CBEFF)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
biometric data
data encoding a feature or features used in biometric verification
3.2
biometric information
information needed by the outside world to construct the verification data
3.3
biometric reference data
data stored on the card for the purpose of comparison with the biometric verification data
3.4
biometric verification
process of verifying by a one-to-one comparison of the biometric verification data against biometric reference
data
3.5
biometric verification data
data acquired during a verification process for the comparison with the biometric reference data
© ISO/IEC 2004 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/IEC 7816-11:2004(E)
3.6
template
as defined in ISO/IEC 7816-4
WARNING — The term “template” means the value field of a constructed data object. It should not be
confused with a processed biometric data sample.
4 Abbreviated terms
For the purpose of this part of ISO/IEC 7816, the following abbreviations apply.
AID Application Identifier
AT Authentication Template
BER Basic Encoding Rules
BIT Biometric Information Template
BD Biometric Data
BDP BD in proprietary format
BDS BD in standardized format
BDT Biometric Data Template
CCT Cryptographic Checksum Template
CRT Control Reference Template
CT Confidentiality Template
DE Data Element
DF Dedicated File
DO Data Object
DST Digital Signature Template
EFID Elementary File ID
FCI File Control Information
ID Identifier
L Length
OID Object Identifier
RD Reference Data
SE Security Environment
SM Secure Messaging
TLV Tag-Length-Value
UQ Usage Qualifier
VIDO Verification requirement Information Data Object
VIT Verification requirement Information Template
5 Commands for biometric verification processes
Commands for retrieval, verification and authentication defined in ISO/IEC 7816-4 are used for biometric
verification. Biometric data (e.g. face features, ear shape, fingerprint, speech pattern, voice print, key stroke)
may need protection against replay or presentation of verification data derived from original biometric data
(e.g. a fingerprint, a face photo). A method to prevent this kind of attack is to send the verification data to the
card with a cryptographic checksum or a digital signature applying secure messaging as defined in
ISO/IEC 7816-4. Likewise, secure messaging may be used to guarantee the authenticity of the biometric data
retrieved from the card.
5.1 Commands to retrieve biometric information
The commands as specified in ISO/IEC 7816-4 in the clause related to data referencing shall be used for the
retrieval of biometric information.
2 © ISO/IEC 2004 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC 7816-11:2004(E)
5.2 Command for a static biometric verification process
The command to be used for a static verification process (see Annex A) is the VERIFY command as specified
in ISO/IEC 7816-4. The information to be conveyed is
 biometric reference data identifier (i.e. the qualifier of the reference data)
 biometric verification data.
The biometric verification data may be encoded as BER-TLV data objects (see Table 2). The CLA byte may
indicate that the command data field is BER-TLV coded (see ISO/IEC 7816-4).
For combined biometric schemes, command chaining as defined in ISO/IEC 7816-8 may be used.
5.3 Commands for a dynamic biometric verification process
To get a challenge, to which a user response is required (see Annex A), the GET CHALLENGE command
shall be used.
The type of challenge in a biometric verification process, e.g. a phrase for voiceprint or a phrase for keystroke,
depends on the biometric algorithm, which can be specified in P1 of the GET CHALLENGE command (see
ISO/IEC 7816-4). The respective algorithm may be selected alternatively by using the MANAGE SECURITY
ENVIRONMENT command (e.g. SET option with CRT AT and DO usage qualifier and DO algorithm id in the
data field).
After a successful GET CHALLENGE command, an EXTERNAL AUTHENTICATE command is sent to the
card. The command data field conveys the relevant biometric verification data. For coding of the biometric
verification data, the same principles apply as for the VERIFY command, see 5.1.
6 Data elements
6.1 Biometric information
The Biometric Information Template (BIT) provides descriptive information regarding the associated biometric
data. It is provided by the card in response to a retrieval command prior to a verification process. Table 1
defines biometric information DOs.
© ISO/IEC 2004 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/IEC 7816-11:2004(E)
Table 1 — Biometric information DOs
Tag L Value Presence
‘7F60’ Var. Biometric Information Template (BIT)
 Tag L Value
 ‘80’ 1 Algorithm reference for use in the VERIFY / EXT. AUTHENTICATE / Optional
MANAGE SE command
 ’83’ 1 Reference data qualifier for use in the VERIFY / EXT. AUTH. / Optional
MANAGE SE command
 ‘A0’ Var. Biometric information DOs defined in this standard Optional
  Tag allocation authority (see ISO/IEC 7816-6): One of
these DOs
‘06’ Var. - Object identifier (OID)
is
’41’ Var. - Country authority (see ISO/IEC 7816-4)
mandatory,
’42’ Var. - Issuer (see ISO/IEC 7816-4)
if ‘A1’ is
’4F’ Var. - Application Identifier (AID), identifies the application and its
present
provider
 (see ISO/IEC 7816-4)
The default tag allocation authority is ISO/IEC JTC1/SC37.
 ‘A1’ Var. Biometric information DOs specified by the tag allocation authority Mandatory,
(mandatory indication, see above). if ‘A0’ is not
See also example in Annex C present
  Tag L Value
   DOs defined by the tag allocation authority
‘8x’/ ‘Ax’ Var. . (primitive / constructed) DO
‘9x’/ ’Bx’ Var. . (primitive / constructed) dependent

NOTE In case the card does not perform the verification process, the Biometric Information Template may also
contain the biometric reference data (see Table 3) and possibly discretionary data (tag ‘53’ or ‘73’) e.g. for data to be
delivered to a service system, if verification is positive (see Annex C).
If several BITs are present within the same application, then they shall be grouped as shown in Table 2.
Table 2 — BIT group template
Tag L Value Presence
‘7F61’ Var. BIT group template
 Tag L Value
 '02' Var. Number of BITs in the group Mandatory
 ’7F60’ Var. BIT 1 Conditional
  .
 ‘7F60’ Var. BIT n Conditional
A BIT group template can be recovered e.g. by
 a GET DATA command
 reading out of a file in the corresponding DF, EFID found in the FCI, or
 reading an SE template (see ISO/IEC 7816-4), in which the BIT group template is stored.
4 © ISO/IEC 2004 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC 7816-11:2004(E)
6.2 Biometric data
Biometric data (biometric verification data, biometric reference data) may be presented
 as a concatenation of data elements,
 within a biometric data DO as defined in ISO/IEC 7816-6, or
 as concatenation of DOs within a biometric data template, see Table 3.
Table 3 — Biometric data DOs
Tag L Value Presence
‘5F2E’ Var. Biometric data
‘7F2E’ Var. Biometric data template
 Tag L Value
 ‘5F2E’ Var. Biometric data At least one of
these DOs is
 ‘81’ / Var. Biometric data with standardised format (primitive /
present, if the
‘A1’ constructed)
template is
used
 ‘82’ / Var. Biometric data with proprietary format (primitive /
‘A2’ constructed)

As shown in Table 3, biometric data may be split up in a part with standard format and in a part with
proprietary format, whereby the part with the proprietary format may be used, e.g. for achieving a better
performance. The usage of biometric data with standardized and proprietary formats is shown in Figure 1.
Structure and coding of biometric data are biometric type (e.g. facial features, fingerprint) dependent and out
of scope of this standard.
© ISO/IEC 2004 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO/IEC 7816-11:2004(E)
A, A, B = AlB = Algorigoritthmhm t tyyppee
IFIFDD
VERIVERIFFY* Y*
BD  BD  = Bio= Biommeettricric Data Data
CarCardd
wiwitthh
BDP =BDP = BD in BD in propproprietarietarryy
wwiith mth maatctchhiing ng
ffeatureature ee exxtrtracactiontion
foforrmmaatt
aallgorgoriitthmhm AA
alalgorgorithmithm AA
BDS =BDS = BD in BD in ssttaandandardisrdiseded
foforrmmaatt
BDTBDT = = BD BD TTeemmppllaatete
* =* = VVereriifficicatiatioon data:n data: TT,, L = L = TTaagg,, Le Lengthngth
BBDD i inn ssttan-an- BBDD i inn pr propoprriiee--
LL LL LL
T.T.BDBDTT T.T.BDBDSS T.T.BDBDPP
dardardidised fsed foorrmmatat tatarryy ffoorrmmatat ofof A  A
IFDIFD
VERIVERIFFY* Y*
TThhe me maatctchihing ang allgogorithrithmmss
CarCardd
wiwitthh
A A andand B be B belonlongg toto the the
wwiith mth maatctchhiingng
ffeatureaturee e exxtrtractiactionon
ssaammee b biioommetrietric tc tyypepe, bu, but t
aallgorgoriitthmhm BB
alalggoorriithmthm AA
ususee ddiiffffeerreentnt p prropoprriietetaarryy
bbiiomometrietric dc daatata e.ge.g. f foor r
ppeerfrformormaannccee upg upgraderade. .
HHoowweevveer, bor, both ath arre ce capaapableble
* =* = VVereriifficicatiatioon data:n data:
ooff co commpputiuting tng the verihe veriffiicaca--
BD iBD inn stan-stan-
ttiionon resresuult usilt using onlng onlyy ththe e
LL LL
T.T.BDBDTT T.T.BDBDSS
BD iBD inn th thee sstantandarddardiisesed d
ddaardrdiseisedd f foormarmatt
foforrmmaatt.

Figure 1 — Use of biometric data with standardized and proprietary structure
6.3 Verification requirement information
6.3.1 Purpose
The current verification requirement is provided either by
 the verification requirement information data object VIDO (tag ‘96’, short format), or
 the verification requirement information template VIT (tag ‘A6’, long format).
VIDO or VIT, if present, is part of the file control parameter information of the respective DF or stored in a FCI
extension file as defined in ISO/IEC 7816-4. VIDO and VIT contain information, which indicate whether the
reference data for user verification (i.e. passwords and/or biometric data) are
 enabled or disabled and
 usable or unusable.
NOTE Usually the enabled/disabled flag is under control of the cardholder, the usable/unusable flag under control of
the application provider.
6.3.2 VIDO – the short format
The first byte of the VIDO (see Table 4) indicates by bit map which keys (i.e. reference data for user
verification) are enabled (bit set to 1) or disabled (bit set to 0). The second byte indicates by bit map which
keys are usable (bit set to 1) or unusable (bit set to 0). Each of the following bytes are key references. The
first key reference corresponds to bit b8 of the bit maps, the second key reference to bit b7, and so on. The
number of key references is given implicitly by the length of the VIDO, e.g. when L is less than or equal to 10,
the number of key references is L-2.
6 © ISO/IEC 2004 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC 7816-11:2004(E)
Table 4 — VIDO structure
VIDO L Enabled / Usable / Key Key .
Tag disabled unusable Ref. Ref.
Flags Flags
‘96’ Var. ‘xx’ ‘xx’ ‘xx’ ‘xx’ .
6.3.3 VIT – the long format
The VIT presents the information in long format, whereby additional information can be provided in the usage
qualifier DO. The DOs, which may occur in a VIT, are shown in Table 5.
Table 5 — Verification requirement information template (VIT) and embedded DOs
Tag L Value
‘A6’ Var. Verification requirement information template
 Tag L Value
 ’90’ 1 Enabled/disabled flags (Flag DO)
 ’95’ 1 Usage qualifier as defined in ISO/IEC 7816-4
 ’83’ 1 Key reference

The enabled/disabled flags DO is mandatory. At least one key reference DO shall be present. Each key
reference DO may be preceded by an associated usage qualifier DO. If no usage qualifier is associated to a
key, then the usage is implicitly known. In this context, a usage qualifier set to zero means, the associated key
shall not be used.
NOTE It is not necessary to introduce a VIT with an application tag to be retrieved by GET DATA, because the FCI or
the FCI extension file can be read always.
© ISO/IEC 2004 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO/IEC 7816-11:2004(E)
Annex A
(informative)

Biometric verification process
A.1 Abbreviations
ICC  Integrated Circuit(s) Card
IFD Interface Device
OID Object Identifier
SM Secure Messaging
A.2 Enrollment process and verification process
The general (simplified) scheme for an enrollment process is shown in Figure A.1.
EEnnrollmerollmenntt
BiBiomomeettriricc
rereffeerenrencce e
RaRaw w FeFeatureature
datadata
dadattaa datdata a
SenSen-- DaDatata FeFeFeatureatureature  EnEnEnrrrooollllllmmmeeennnttt DDaata sta sttorinoring g
sosorr aaccququisiisittioion n exexextttrrractiactiaction on on procprocprocessessessiiinnnggg  inin t thhee ca carrdd
IFIFD (enrollD (enrollmmeennt st syyssttemem)) IICC CC

Figure A.1 — General scheme of an enrollment process
The sensor and data acquisition module are considered to be one logical unit although they may be separate
modules. The raw data is usually processed outside the card due to the considerable size of the raw data.
During this processing, the biometric features are extracted and formatted for later use. In the enrollment
processing or at a later stage, the biometric reference data possibly together with additional information are
sent in a secure way to the card for storage and subsequent use.
In case of on-card matching, these data cannot be retrieved after storing. In case of off-card matching, the
biometric reference data can be retrieved as part of the BIT. The biometric reference data or possibly the
whole BIT may be secured, e.g. by a digital signature. Also the access to the BIT may be restricted, e.g.
access possible only after successful performance of an authentication procedure.
Biometric reference data may be stored in the card
 during a card personalization phase, or
 after issuing the card to the cardholder.
The storing of reference data after issuing of the card to the cardholder or when delivering the card to the
cardholder is addressed in Annex B.
Figure A.2 shows a simplified scheme for a verification covering the following configurations:
 with the biometric reference data and possibly parameters stored in the card
 with matching and decision processing in the card
 with feature extraction, formatting, matching and decision processing in the card
 with a sensor on the card and performance of the whole verification process in the card.
8 © ISO/IEC 2004 – All rights reserved

---------------------- Page: 13 ----------------------
ISO/IEC 7816-11:2004(E)
Other configurations are possible.
VVeeririfificacatitionon
SSSeeensnsnsororor
ICC wICC wiithth se sensnsoror oonn th thee ccardard
andand al alll ffuunnccttioionsns andand da datata
VeriVeriffiiccaatition on
DaDaDatttaaa
ffoor vr veeririffiiccaatitionon
resresuultlt
RaRaww
acacacquququisiisiisitttioioion n n
dadattaa
ICC wICC wiithth
-- ffeeaaturturee ex extratracctitionon
-- fforormatmatttiingng
FFeeatatuurre ee exx--
-m-maattcchhiinngg
ttrractactiionon anand d
BBiiometometrriicc
-- ddeecciissiion pon prrococesessisingng
ffoormrmattiattingng
veriveriffiiccaatition on
-- bbioiommeettrricic rreeffeerreennccee da dattaa
datdataa
-- ddececisisioionn pa parraametmeteerrss
ICC wICC wiitthh
-m-maattcchhiinngg
DDDeeecicicisisisiononon
-- ddeeccisisioionn pprroocecessssiningg
MatMatMatccchhhiiingngng
procprocprocesesessisising ng ng
-- bbiomiomeetritricc refref. d daatata
-- ddeciecissiion paraon parammeettersers
ICC wICC wiitthh
BiBiBiomomometrietrietriccc DeDeDecicicisisision on on
-- bbiomiomeettrricic refref. dat dataa
refrefrefeeerenrenrenccce e e papapara-ra-ra-
-- ddececisiisioonn par paramameettersers
datadatadata  mememettteeerrrsss

Figure A.2 — General scheme of a verification process
NOTE Decision parameters are usually bound to the decision processing. When the card provides the biometric
reference data (possibly cryptographically protected) for outside matching (lowest case in Figure A.2), decision
parameters may only be present and retrievable (in a secure way), if they contain user specific components.
A.3 Classification of biometric verification methods
Taking into account the different message exchanges between the card and the IFD, the following
classification is used:
 Static biometric verification method:
a biometric verification method which requires the presentation of a physiological (i.e. static) feature of a
person to be authenticated (see type A) or performance of an enrolled, pre-determined action (see type B).
 Dynamic biometric verification method:
a biometric verification method which requires a dynamic action from the person to be authenticated (i.e.
a user response to a biometric challenge, see type B).
Examples of biometric type A:
Ear shape
Facial features
Finger geometry
Fingerprint
Hand geometry
Iris
Palm geometry
Retina
Vein pattern
© ISO/IEC 2004 – All rights reserved 9

---------------------- Page: 14 ----------------------
ISO/IEC 7816-11:2004(E)
NOTE These biometric types can only be used for static verification.
Examples of biometric type B:

Keystroke dynamics
Lip movements
Signature image
Speech pattern (voiceprint)
Write dynamics (signature dynamics)
NOTE These biometric types may be used either for static verification or dynamic verification depending on the
usage of the respective type.
The main characteristics of biometric type A features are
 unique, not modifiable
 selectable, if several instances of the same kind exist (e.g. thumb, pointer finger)
 public, if the respective feature (e.g. face, ear, fingerprint) can be captured or measured by everybody, i.e.
the respective biometric verification data have to be presented to the card in an authentic way (see
Annex B, Figure B.4).
The main characteristics of biometric type B features are
 unique, but modifiable
 challenge dependent, if dynamic verification is used.
The Figures A.3 and A.4 illustrate the differences between static and dynamic biometric verification at the card
interface in case of matching and decision processing on the card.
AcAcAcquiquiquisisisitiontiontion ofofof thththe e e
biombiombiometrietrietric verifc verifc verifiiicatcatcatiiiononon datadatadata
VEVERRIIFYFY
withwith b biioommeettrriicc veverriificficaattiioonn d daattaa
ICICCC
IFIFDD
VVeeririffiiccaatition reson resuulltt
MMMMaaaattttcccchihihihingngngng
anananand dd dd dd deeeecccciiiissssiiiioooonnnn
prprprprooooccccesesesesssss

Figure A.3 — Commands for static biometric verification
AcquAcquAcquisiisiisitttioioionnn ooofff ttthe he he
biobiobiommmetetetric vric vric veeeriririfffiiicacacationtiontion datdatdata a a
GGEETT CH CHALLENGE   ALLENGE
BBiiomometretriicc chal challleenge  nge
IFIFIFDDD
IICC CC
EXTEXT. A AUUTTHHENENTTIICACATTEE
wiwithth b biioommeettrriic c vveerriifificacatitioonn ddaatata
ccoorrrreespsponondidingng ttoo t thhee c chhaallllengengee
MMMMaaaattttcccchihihihingngngng
anananand decd decd decd deciiiissssiiiioooonnnn
VVeeririffiiccaatition reson resuult   lt
prprprprococococesesesesssss

Figure A.4 — Commands for dynamic biometric verification
10 © ISO/IEC 2004 – All rights reserved

---------------------- Page: 15 ----------------------
ISO/IEC 7816-11:2004(E)
A.4 Scenarios
The Figures A.5 and A.6 illustrate some scenarios relevant to biometric user verification.
ThThee r reessuulltt ooff
ththe bie biomomeettricric
AcAcquiquisitsitiionon ofof ththe e
ververiiffiicatcatiion on
bbiiomometrietric verifc verifiicaticationon datadata
prprococesesss mo modidi--
BiBiometrometriicc ffiies the es the ccaardrd
sseecucurriityty stastattusus. .
vveerifrifiiccaatitionon ddaata ta
IfIf alsalsoo itit
ICICCC
IFIFDD
mmodiodiffiieses the the IIFDFD
VVeeririffiiccaatition reson resuulltt
sseecucurriityty stastattusus, ,
MMMaaatttccchinghinghing
ththen ien itt sh shoulouldd bbee
ananand dd dd deeeccciiisiosiosionnn
prprototeecctteedd bby y
proproprocccesesessss
seseccuurree
mmeessssagaging.ing.

Figure A.5 — Scenario with matching and decision process inside the card

AAccqquuiissititioionn ooff tthehe
bibiomomeettrriic vc veerriiffiicatcatiionon datdata a
MatMatMatccchinghinghing andandand
BiBiomometetrriicc r reeffeerrencencee
decidecidecisssiiion processon processon process
datdataa ((optoptiioonalnal S SMM))
IICC CC
A
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.