SIST-TS CEN/TS 18139:2025

SLOVENSKI STANDARD
01-julij-2025
Osebna identifikacija - Evropski vodnik za aplikacije biometričnega
prepoznavanja na podlagi osebnih dokumentov (ERG)
Personal identification - European guide for biometric recognition applications based on
ID documents (ERG)
Persönliche Identifikation - Europäischer Leitfaden für Verifikationsanwendungen auf der
Grundlage von ID-Dokumenten (EVG)
Identification des personnes - Guide européen pour les applications de reconnaissance
biométrique basées sur des documents d'identité (ERG)
Ta slovenski standard je istoveten z: CEN/TS 18139:2025
ICS:
35.240.15 Identifikacijske kartice. Čipne Identification cards. Chip
kartice. Biometrija cards. Biometrics
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

CEN/TS 18139
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
April 2025
TECHNISCHE SPEZIFIKATION
ICS 35.240.15
English Version
Personal identification - European guide for biometric
recognition applications based on ID documents (ERG)
Identification des personnes - Guide européen pour les Persönliche Identifikation - Europäischer Leitfaden für
applications de reconnaissance biométrique basées sur Verifikationsanwendungen auf der Grundlage von ID-
des documents d'identité (ERG) Dokumenten (EVG)
This Technical Specification (CEN/TS) was approved by CEN on 7 March 2025 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2025 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 18139:2025 E
worldwide for CEN national Members.

Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 6
4 Abbreviated terms . 8
5 Overview of biometric recognition systems . 9
5.1 Concept . 9
5.2 Biometric references . 9
5.3 Types of identity documents . 9
5.3.1 General. 9
5.3.2 ePassport . 10
5.3.3 National identity cards. 10
5.3.4 Schengen visa . 10
5.3.5 Driving licence . 10
5.3.6 Residence permit . 10
5.4 Topologies of identity recognition systems . 11
6 Data protection and privacy . 11
6.1 General. 11
6.2 Obligation to provide information about data processing . 11
6.3 Right of access and right to erasure . 12
6.4 Sharing data with third countries and international organizations . 12
6.5 Saving data for statistical reasons . 12
7 Biometric systems used for recognition . 12
7.1 General requirements and recommendations . 12
7.1.1 Usability and accessibility . 12
7.1.2 Quality or score driven approaches . 14
7.1.3 Evaluation . 16
7.1.4 Biometric security functions . 16
7.1.5 Interoperability assurance . 19
7.1.6 Biometric data quality . 19
7.1.7 Data authenticity assurance . 19
7.1.8 Logging . 20
7.2 Recommendations for biometric systems . 20
7.2.1 Recommendations for face biometrics . 20
7.2.2 Requirements and recommendations for fingerprint biometrics . 24
7.3 Contexts for recognition via biometrics . 26
7.3.1 Automated border control. 26
7.3.2 Manual border control . 27
7.3.3 Mobile recognition . 27
7.3.4 Passenger flow facilitation . 27
Bibliography . 29
European foreword
This document (CEN/TS 18139:2025) has been prepared by Technical Committee CEN/TC 224 “Personal
identification, electronic signature and cards and their related systems and operations”, the secretariat
of which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the follow-
ing countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cy-
prus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, It-
aly, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Mac-
edonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the United King-
dom.
Introduction
Biometric reference data for ID documents meanwhile are highly standardized by ISO, ICAO, and CEN.
Within CEN, this work is done by TC 224/WG 18 in close cooperation with the Article 6 Technical Sub-
group and FRONTEX. Several International Standards, in particular ISO/IEC 19794 series and
ISO/IEC 39794 series, achieve technical interoperability of biometric data.
With CEN/TS 17661 [1] the enrolment of biometric data for identity documents has been profiled specif-
ically for European needs. However, biometric data is captured in many other situations as well, even in
the context of ID documents, in particular for verification applications like automated or manual border
control, or temporary enrolment into entry/exit systems. This gap shall be addressed by this TS.
During the development of the TS, a close cooperation between WG18 and the EU has been maintained
to ensure that the needs of the Member States are exactly met.
The document gives recommendations for
• Capturing of facial images for verification applications mainly using reference data stored in identity
documents or traveller/visa databases, covering data quality and interoperability, data authenticity,
morphing and presentation attack detection in several environments,
• Capturing of fingerprint images for verification applications mainly using reference data stored in
identity documents or traveller/visa databases, covering data quality and interoperability, data au-
thenticity, and presentation attack detection in several environments, and
• Processes handling such biometric data for verification and identification purposes considering se-
curity as well as privacy aspects.
This document covers biometric recognition applications based on ID documents. Biometric recognition
applications within the frame of this document are corresponding to the definition of biometric recogni-
tion systems in ISO/IEC 2382-37:2022 encompassing identification and verification systems. This means
that biometric recognition applications should be considered as a subsystem of a complete identity veri-
fication system. Identity verification systems can be ABC gates, inspection systems, mobile phones etc.
1 Scope
This document defines requirements and provides guidance on:
• capturing of facial images to be used for verification or identification purposes in applications based
on reference images in identity or similar documents and traveller or visa databases;
• capturing of fingerprint images to be used for verification or identification purposes in applications
based on reference images in identity or similar documents and traveller or visa databases;
• data quality maintenance for biometric data captured by/for verification or identification applica-
tions;
• data authenticity maintenance for biometric data captured by/for verification or identification ap-
plications.
This document addresses the following aspects which are specific for biometric data capturing:
• biometric data quality and interoperability assurance;
• data authenticity assurance;
• morphing and other presentation attacks and biometric data injection attacks;
• accessibility and usability;
• recognition algorithms and their evaluation;
• privacy and data protection;
• optimal process design.
The following aspects are out of scope:
• other aspects of IT security;
• data capturing for ID document enrolment purposes, e.g. passport or ID card enrolment.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content consti-
tutes requirements of this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 2382-37:2022, Information technology - Vocabulary - Part 37: Biometrics
ISO/IEC 29794-4, Information technology - Biometric sample quality – Part 4: Finger image data
ISO/IEC 29794-5, Information technology - Biometric sample quality – Part 5: Face image data
ISO/IEC 39794-4:2019, Information technology - Extensible biometric data interchange formats - Part 4:
Finger image data
ISO/IEC 39794-5, Information technology - Extensible biometric data interchange formats - Part 5: Face
image data
3 Terms and definitions
For the purpose of this document, the terms and definitions given in ISO/IEC 2382-37 and the following
apply:
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
• IEC Electropedia available at https://www.electropedia.org/
• ISO Online Browsing Platform available at http://www.iso.org/obp.
3.1
automated border control system
ABC
automated system which authenticates the electronic machine readable travel document or token, estab-
lishes that the passenger is the rightful holder of the document or token, queries border control records,
then determines eligibility of border crossing according to the pre-defined rules
3.2
biometric capture
collecting or attempting to collect a signal(s) from a biometric characteristic(s), or a representation(s) of
a biometric characteristic(s,) and converting the signal(s) to a captured biometric sample set
3.3
border guard
public official assigned, in accordance with national law, to a border crossing point or along the border
or the immediate vicinity of that border who carries out, in accordance with the Schengen Borders Code
and national law, border control tasks
[SOURCE: Regulation (EU) No. 2016/399 [2] ]
3.4
database
application storing a structured set of data and allowing for the management and retrieval of such data
EXAMPLE: The Schengen Information System (SIS) is a joint information system that enables the competent author-
ities in each Member State of the Schengen area, by means of an automated search procedure, to have access to
alerts on persons and property for the purposes of border checks and other police and customs checks carried out
within the country in accordance with national law and, for some specific categories of alerts (those defined in Ar-
ticle 96 of the Schengen Convention), for the purposes of issuing visas, residence permits and the administration of
legislation on aliens in the context of the application of the provisions of the Schengen Convention relating to the
movement of persons
3.5
data subject
identified or identifiable natural person
Note 1 to entry: Depending on the context, the definition from ISO/IEC 2382-37:2022 can also be appropriate: in-
dividual whose individualized biometric data is within the biometric system.
[SOURCE: GDPR Art. 4(1) [3] ]
3.6
digital mirror
display showing the horizontally mirrored live image of the camera’s capturing area
3.7
face region
rectangle containing the central region of interest of a face visible in the face image
Note 1 to entry: The face bounding box is used for the estimation of landmarks to restrict the face image to the
region of interest.
3.8
eID
electronically enabled card that may be used as an identity document
3.9
ePassport
machine readable passport (MRP) containing a contactless integrated circuit (IC) chip within which is
stored data from the MRP data page, one or more biometric samples of the passport holder, and a security
object to protect the data with Public Key Infrastructure (PKI) cryptographic technology
3.10
machine readable zone
MRZ
area on a MRTD containing two lines of data (three lines on a TD-1 card) that are printed using a standard
format and font to allow machine reading using optical character recognition methods
Note 1 to entry: See also “visual inspection zone (VIZ)”.
3.11
Member State
country which is a member of the European Union
Note 1 to entry: Within the context of the present recommendations, the term also applies to those countries that,
not being EU members, take part in the Schengen area. See also “Schengen area”.
3.12
MRTD
official document issued by a state or organization and used by the holder for international travel, and
containing mandatory visual data and a separate mandatory data summary in a format that is capable of
being read by machine
EXAMPLE: machine readable passport, machine readable visa, machine readable official travel document
3.13
presentation attack
presentation to the biometric data capture subsystem with the goal of interfering with the operation of
the biometric system
3.14
Schengen Area
area comprising European countries that have officially abolished border control at their mutual borders
Note 1 to entry: Currently, the Schengen area comprises all EU Member States except Cyprus and Ireland and four
non-EU countries, namely Iceland, Liechtenstein, Norway and Switzerland
Note 2 to entry: The Schengen area takes its name from the Schengen Agreement signed in Schengen, Luxembourg,
in 1985; this agreement was later incorporated into the EU legal framework by the 1997 Treaty of Amsterdam.
3.15
visual inspection zone
VIZ
portion of the MRTD (data page in the case of an ePassport) designed for visual inspection, i.e. front and
back (where applicable), not defined as the MRZ
Note 1 to entry: See also “Machine Readable Zone (MRZ)”.
3.16
watch list
list of individuals, groups, or items that require close surveillance
4 Abbreviated terms
ABC automatic border control
CEN European Committee for Standardization
DET detection error tradeoff
DG2 Data Group 2 (eMRTD face image)
DG3 Data Group 3 (eMRTD fingerprint image)
EEA European Economic Area
eMRTD electronic MRTD
EU European Union
EU/EEA/CH European Union/European Economic Area/Switzerland
FAR false accept rate
FRR false reject rate
FMR false match rate
FNMR false non-match rate
GDPR General Data Protection Regulation
ICAO International Civil Aviation Organization
IR infrared
ISO International Organization for Standardization
KYC know your customer
MRTD machine-readable travel document
MRZ machine readable zone
RFID radio frequency identification
SC subcommittee
SDK software development kit
TC technical committee
TS technical specification
UMF universal message format
VIS visa information system
VIZ visual inspection zone
WG working group
5 Overview of biometric recognition systems
5.1 Concept
Depending on the context, biometric recognition can be performed manually or automatically.
There are several contexts in which biometric recognition is used. Typical use case covered in this docu-
ment are border crossings, both with manual or automated controls, police inspections or contexts where
governmental services play a role.
An automated biometric recognition system solution checks the authenticity of the travel document pre-
sented by a capture subject and the capture subject’s ownership of that document using their biometric
data. An eMRTD based system may make use of all the biometric modalities recommended by ICAO, for
example face or finger. While other biometric modalities could be used for recognition, this TS concen-
trates on the ones approved by ICAO [5].
As automated systems can also be based on another token than an eMRTD or can be tokenless, the au-
thenticity check of the identity document may be done at the time of enrolment for the system.
An important issue concerns the need for clearly defined protocols when failures appear in a fully auto-
matic system (without human supervision). Failures can lead to false rejection of bona-fide users or prob-
lems with outliers (i.e. people that have difficulty in fully showing their face due to cultural reasons). In
such situations, and to avoid raising acceptance issues, an alternative procedure is needed. Such an alter-
native procedure can consist of performing identity verification with a dedicated capture system with
assistance from a human operator.
5.2 Biometric references
The use of biometric data is key for ensuring a close binding between the person and the document.
As described in [6] two general types of recognition systems can be identified in relation to their use of
biometric references, token-based or tokenless, which generally applies to recognition systems:
• Token based systems require the capture subject to present a token (eMRTD, MRTD, ID card or any
other issued or approved token) to the system, to provide additional authentication information or
biometric references.
• If local legislation does not require the presentation of an identity document for being checked, it is
possible to rely only on live biometrics capture of pre-enrolled qualified (vetted) capture subjects at
the time of inspection. In this case immediate (1:N) comparison against an up-to-date list of author-
ized capture subjects would take place without any document inspection during the recognition pro-
cess. Legislation might require that capture subjects carry a valid identity document even if this doc-
ument does not have to be presented for inspection.
This document focuses on the biometric aspect of both types of systems.
5.3 Types of identity documents
5.3.1 General
Usually, capture subjects wishing to enter the European Union are required to carry a passport as a travel
document compliant with the ICAO Doc 9303 attesting the holders’ nationality and their biographic data.
Personal identification information is available both in printed form on the data page of the document, as
well as stored in the RFID chip (ISO/IEC 14443 [7]) complying with the ICAO Doc 9303 for national
identity documents. An MRTD, therefore, carries the capabilities for biometric verification using a facial
comparison system external to the document itself. The following travel ID documents are currently in
use or could be used in the future in the Member States:
• ePassports
• National ID cards issued to EU/EEA/CH citizens
• Schengen visa
• Driving licences
• Residence permits
In the future, if legislation and technical means allow it, other documents e.g. registered traveller cards
could also be used.
5.3.2 ePassport
The biometric references stored in ePassports are a face image and, in some countries (including the EU
Member States) two finger images of the ePassport holder.
5.3.3 National identity cards
Electronic national identity cards are used in several countries including the EU/EEA/CH. Such cards
identify physically and/or electronically a person as a citizen of the issuing state, and accredit the bio-
graphic data of that person. They store personal identification information both in the VIZ of the docu-
ment as well as in the MRZ according to ICAO Doc 9303 Part 3 [4]. National ID cards issued by the Member
States are accepted as travel documents entitling the holder to cross the external borders in the
EU/Schengen context.
Some national ID cards provide eID capabilities using biometric functionality for “comparison-on-card”
as well as for “comparison-off-card” in accordance with the standards for 2nd generation electronic pass-
ports.
Currently, national eID cards can be used only in a limited number of ABC systems and by own citizens of
the deploying country although greater interoperability may be achieved in the future.
5.3.4 Schengen visa
Additionally, the Schengen biometric visa, issued by EU/EEA/CH countries covered by Schengen agree-
ments, contains reference to fingerprint data stored in the European Visa Information System (VIS).
5.3.5 Driving licence
In some Member States a driving licence is accepted as a valid ID document [8].
5.3.6 Residence permit
Residence permits are official documents issued by EU member states to non-EU citizens, allowing them
to legally reside in a specific country for a defined period. These permits serve as proof of lawful presence
and include personal information, purpose of stay, and may use biometric features.
5.4 Topologies of identity recognition systems
In general there are three topologies of biometric recognition systems in use:
• One-step process which combines the identity verification using biometrics and an official document
of the capture subject and the use of the verification decision, e.g. for border crossing. This design
allows the capture subject to complete the whole transaction in one single process without the need
to move to another stage.
• Integrated two-step process, which is a variation on the one-step design described above. The differ-
ence between the two topologies is that in a biometric system designed as an integrated two-step
process the capture subject will initiate the verification of the document and the capture subject’s
eligibility to use the system at the first stage, and then if successful move to a second stage where a
biometric comparison and other applicable checks are carried out.
• Segregated two-step process where the process of identity verification using biometrics and an offi-
cial document of the capture subject, and the use of the verification decision are completely sepa-
rated. The identity of the capture subject is verified at the first stage, biometric data for temporary
use are captured and/or a token is issued, and then the capture subject proceeds to the second stage
where the temporary biometric data and/or the token is checked.
These three topologies are used in ABC systems or similar applications. Other architectures are possible
as well.
6 Data protection and privacy
6.1 General
As the biometric recognition of capture subjects is done via their identity document and their biometric
information, it is important for users operating in Europe to review the potential application of the Euro-
pean General Data Protection (GDPR) [3]. Special attention is drawn to the following articles:
• Article 5 for principles relating to the processing of personal data;
• Article 6 for the lawfulness of processing;
• Article 9 for the processing of special categories of personal data such as biometrics;
• Article 10 for processing of personal data relating to criminal convictions and offences.
The recitals of the GDPR are the justifications upon which the articles have been implemented. They are
listed in the following sub-chapters for informative reasons. Actual compliance with the GDPR is only
achieved through the articles themselves.
6.2 Obligation to provide information about data processing
Organizations have a legal obligation to provide transparent and clear information to individuals about
how their personal data is processed. This obligation encompasses the duty to inform individuals about
the purposes of data processing, the categories of data being processed, the legal basis for processing,
data retention periods and the rights individuals have regarding their data. Special attention is drawn to
Article 13, which outlines the information that must be provided to individuals when their personal data
is collected from them, including the identity of the data controller and the purposes of data processing.
Additionally, please take note of the following recitals:
• Recital 60 for information about fair and transparent processing of data;
• Recital 62 for exceptions to the obligation to provide information about data processing.
6.3 Right of access and right to erasure
The GDPR allows data subjects to have more control over the data they provide. Special attention is drawn
to the following articles:
• Article 15 for the right of access by the data subject;
• Article 17 for the right to erasure by the data subject and its limitations, e.g. in the case of statistical
applications or the establishment, exercise, or defence of legal claims.
Additionally, please take note of Recital 63 for information about form and content, as well as limits of
the access.
6.4 Sharing data with third countries and international organizations
As the rights of the data subjects need to be protected, it must also be ensured that the GDPR is complied
with when data is transferred to third countries. Special attention is drawn to the following articles:
• Article 44 for the general principles for the data transfer to third countries;
• Article 45 for information which third countries are deemed safe to transfer data to without further
authorization;
• Article 46 for information about the appropriate safeguards the transferor shall follow when trans-
ferring data to third countries;
• Article 49 for exceptions to these rules.
6.5 Saving data for statistical reasons
To permanently maintain a high quality of the biometric application, data has to be kept for statistical
purposes. Special attention is drawn to Article 89(2) of GDPR [3], as Union or Member State law may
provide for exceptions to the rights under Articles 15, 16, 18 and 21, as these rights may render the pos-
sibility of statistical collection impossible.
NOTE Article 89 of GDPR [3] concerns the keeping of personal data for statistical purposes pertaining to bio-
metric application.
Additionally, please take note of Recital 162 of the GDPR [3] for information about what statistical pur-
poses include.
7 Biometric systems used for recognition
7.1 General requirements and recommendations
7.1.1 Usability and accessibility
In semi-automated and automated systems, the usability of the system for the capture subject is a key
factor for system performance as well as for capture subject acceptance.
Usability consists of:
• Ergonomic aspects of the user interfaces (e.g. capture devices, input devices, displays).
• Aspects of user guidance (e.g. signage, feedback, user information).
To enhance the usability of systems, the following factors regarding the system environment should be
considered:
• Climate.
• Contamination.
• External or public areas.
• Throughput and data subject population.
• Access to the devices (position and location of the devices).
• Illumination.
NOTE Further guidance on these aspects is given in ISO/IEC 24714 [9].
The use of the system should be intuitive, and the sequence of actions should be logical.
The EN 1332 series [10] specifies requirements for the user interface of identification card systems and
should be applied when designing a biometric system. Regarding the ergonomic aspects of user guidance
displays, the relevant standards of the ISO 9241 series [11] should also be taken into account. Specific
attention should be paid to legibility (e.g. font size and contrast) and colour coding. Colour and shape
based information should always be used simultaneously. Multiple colours or harsh contrasts within
graphics should be avoided to enable capture subjects with visual impairment to use the system easily.
To maximize accessibility, systems should be designed to cater for capture subjects who have permanent
or temporary physical or psychological disabilities. They should be easy to use and flexible enough to
deal with handling errors. For capture subjects that cannot use the biometric system alternative systems
are necessary and should be provided.
Disabled capture subjects might need extra assistance on the use of biometric systems. Furthermore, the
specific needs of disabled capture subjects should be considered during the specification phase of a sys-
tem and tests should be performed as early as possible.
Consideration should be given to capture subject ergonomics as these will impact on usage and transac-
tion times. Recommendations are listed below [12]:
• Identity document readers should be at a height, which makes them easy to reach by the majority of
capture subjects. Special care should be taken to ensure that people of short stature and wheelchair
users can use the identity document reader without effort.
• The usage of biometric systems should require the minimum essential number of physical interac-
tions.
EXAMPLE 1: For an ABC system, reduced interactions reduce the number of times that a traveller must swap
hands with baggage.
EXAMPLE 2: A deployed ABC system considers the prevalence of large trolley bags with travellers.
• Biometric systems should be usable with low physical effort.
• Implementations of biometric systems should be designed to be inclusive of capture subject height.
Minimum and maximum acquisition height should be as wide as possible. In addition, the system
should be wide enough to be accessible for self-propelled wheelchairs.
User guidance should be given by:
• Early information of eligibility to use the system.
• Information about the status of the system and the current step to be performed by the capture sub-
ject in the whole process.
EXAMPLE 3: The system displays a progress bar for transaction completion with information that the capture
subject is at step n out of m.
• Clear, intuitive, and self-explanatory instructions in visual form. These instructions may also be given
in audible form but if several systems are installed in the same place, special care shall be taken when
using audible to ensure each remain understandable.
• If used, the audio instructions should consider languages that are likely to be understood by the cap-
ture subject, using simple wording.
• Feedback modules can improve the facial image acquisition. A diagram of the hand, with the finger
required for the verification properly marked can avoid wrong finger placement errors. Further in-
formation is given in 7.2.1.
• Enhancements such as blinking lights or soft tones to attract the attention of capture subjects at crit-
ical stages should also be considered.
• Feedback that indicates success or failure as well as actions expected from the capture subject.
• An indication that biometric capture is taking place, as discussed in 6.2 (especially when the capture
subject is not required to take actions).
• The availability of a help or support facility.
• Adequate signage and user information that is clear and carefully positioned for maximum visibility.
For consistency and understanding, standardized symbols, icons and pictograms should be used. Exam-
ples are given in reference [13].
When implementing ABC systems in parallel one should avoid or at least minimize any interference be-
tween systems (i.e. audible information or light emission originated in other installations in the sur-
rounding area).
The influence of daylight coming through windows should be considered in particular to not disturb cap-
ture subjects during acquisition or to not make instructions more difficult to read.
7.1.2 Quality or score driven approaches
To optimize the time required for the verification of a capture subject, all technical processes should be
carried out in parallel to the extent possible if it speeds up the overall process.
The biometric verification process is composed of two separate steps:
• Biometric capture sub-process, carried out by the face or fingerprint capture unit.
• Biometric verification sub-process, carried out by the face or fingerprint verification unit.
In general, there are two recommended options for the implementation of a biometric verification pro-
cess within a biometric recognition system. Within the modular approach separate units for capture and
verification are used, which provides a high degree of flexibility to the deployed solution, i.e. an easier
migration of the comparison algorithm. In this scenario the capture system needs to be able to do pre-
qualification and pre-processing to ensure that only images of sufficient quality are provided to the veri-
fication process (see Figure 1).
In the “score driven” method, biometric characteristics from multiple capture attempts are compared
with a biometric reference until the comparison score reaches a threshold or a timeout is exceeded. In
each capture attempt biometric characteristics are searched for and, if found, encoded, and compared
against the reference from the passport. If the comparison score is above a threshold, entry is granted,
data may be recorded and/or printed and the process is stopped. If the score is not above the threshold,
then entry is not granted, and the capture subject is directed to an alternative process.
In the “quality driven” method, biometric characteristics from multiple capture attempts are assessed for
quality until a quality level above a threshold is achieved or a timeout is exceeded. In each capture attempt
biometric characteristics are searched for and, if found, assessed for their quality. If the quality is above
a threshold, the biometric characteristics are encoded, and compared against the biometric reference. If
the comparison score is above a threshold, entry is granted, data may be recorded and/or printed and
the process is stopped. If the score is not above the threshold, then entry is not granted and the capture
subject is directed to an alternative process.
Those two basic methods can be enhanced or mixed.
By choosing a “quality driven” method, the template generation depends only on the quality of the acqui-
sition and is not linked in any way to quality measured on the reference image.
It is recommended to use standardized interfaces for capturing biometric data, for instance BioAPI [14],
object-oriented BioAPI [15] or identity attributes verification services [16]. However, the ABC operator
may also allow proprietary vendor-specific SDK interfaces for the integration of the capture unit if this
leads to reasonable advantages.

(a) (b)
Figure 1 — Verification with a quality driven approach (a) and score driven approach (b)
7.1.3 Evaluation
When a “score driven” method is used, there is a difference between the FAR computed in an offline eval-
uation (as the reference biometric characteristic is used all along the process to determine if the acquisi-
tion should end or not) and the operational FAR as the template generated during a genuine acquisition
would not necessarily be the same as the one generated if the acquisition had been of an imposter.
For the “quality driven” method a DET curve corresponding to the operational performance can be com-
puted offline, as the used and logged image does not depend on the passport image or the acceptance
threshold. That way, the impact of a threshold modification on FRR and FAR can be estimated. This allows
an analysis of the influence of external factors, such as passport origin, airport environment, frequent
users, or passport aging on the performance of the biometric subsystem, including their evolution across
time.
For the “score driven” method, the FAR cannot be computed offline as the acquisition process relies on
the reference image read from the passport. According to ISO/IEC 19795-1:2021 (Annex B.1.2) [22] sev-
eral thousands of independent tests are necessary to claim a FAR of 0,5 %. It does not seem feasible to
have so many people using the system with someone else's passport. Moreover, it is not possible to ana-
lyse the influence of other factors on the performance of the biometric subsystem.
Another option to measure the operational FAR for a “score driven” method would be to compute FAR
based on logged data and to estimate the maximum bias with operational performances.
7.1.4 Biometric security functions
7.1.4.1 General
The reduction of human interactions in automated systems causes new security threats which have to be
addressed and treated differently than threats on systems with human interaction. For that reason, it is
essential to perform a complete security assessment for any recognition solution in its application con-
text.
7.1.4.2 Unicity check
The unicity check is crucial to ensure the uniqueness and non-duplicity of stored biometric features. It
aims to prevent multiple individuals from being associated with the same biometric template and ensures
accurate and reliable recognition processes while mitigating the risk of identity theft.
Ways to ensure unicity consist of:
• Maintaining a low FMR to minimize incorrect template associations. By choosing an ideal threshold
the system can help rejecting biometric captures, which are too similar. However, keep in mind that
by over-optimizing the system for a low FMR increases the FNMR, so a balanced setting should be
chosen to meet the desired system performance.
• Implementing measures to prevent tailgating, where unauthorized individuals gain access by closely
following authorized individuals. This may include physical barriers, surveillance, or additional ver-
ification methods to ensure individual authentication.
• Regular compliance audits and performan
...