ISO/IEC JTC 1/SC 37/WG 4 - Technical Implementation of Biometric Systems

This document establishes requirements for the development of biometric solutions for verification and identification processes for secure access without physical contact with any device at any time. The solutions acquire biometric characteristics that are captured while the data subjects are in motion to verify or identify the individuals requiring access, thus controlling access using contactless biometrics.

This document describes the history and purpose of biometrics, the various biometric technologies in general use today (for example, fingerprint recognition, face recognition and iris recognition) and the architecture of the systems and the system processes that allow automated recognition using those technologies. It provides information on the application of biometrics in various business domains, such as border management, law enforcement and driver licencing. It also provides information on the societal and jurisdictional considerations that are typically taken into account in biometric systems. Additionally, this document provides guidance on the use of the International Standards that underpin the use of biometric recognition systems.

The ISO/IEC 30137 series is applicable to the use of biometrics in VSSs (also known as closed circuit television or CCTV systems) for a number of scenarios, including real-time operation against watchlists and in post-event analysis of video data. In most cases, the biometric mode of choice will be face recognition, but this document also provides guidance for other modalities, such as gait recognition. This document: — defines the key terms for use in the specification of biometric technologies in a VSS, including metrics for defining performance; — provides guidance on the selection of camera types, placement of cameras, image specification, etc., for the operation of a biometric recognition capability in conjunction with a VSS; — provides guidance on the composition of the gallery (or watchlist) against which facial images from the VSS are compared, including the selection of appropriate images of sufficient quality, and the size of the gallery in relation to performance requirements; — makes recommendations on data formats for facial images and other relevant information (including metadata) obtained from video footage, used in watchlist images, or from observations made by human operators; — establishes general principles for supporting the operator of the VSS, including user interfaces and processes to ensure efficient and effective operation, and highlights the need to have suitably trained personnel; — highlights the need for robust governance processes to provide assurance that the implemented security, privacy and personal data protection measures specific to the use of biometric technologies with a VSS (e.g. internationally recognizable signage) are fit for purpose, and that societal considerations are reflected in the deployed system. This document also provides information on related recognition and detection tasks in a VSS, such as: — estimation of crowd densities; — determination of patterns of movement of individuals; — identification of individuals appearing in more than one camera; — use of other biometric modalities such as gait or iris; — use of specialized software to infer attributes of individuals, e.g. estimation of gender and age; — interfaces to another related functionality, e.g. video analytics to measure queue lengths or to provide alerts for abandoned baggage.

This document establishes requirements for development of biometric solutions for verification and identification processes for secure access without physical contact with any device at any time. The solution acquires the biometric characteristics that are captured while the data subjects are in motion to verify or identify the individuals requiring access, and thus controlling access using contactless biometrics.

This document provides transition examples from ISO/IEC 19794-4:2005 and ISO/IEC 19794-5:2005 formats to ISO/IEC 39794-4:2019 and ISO/IEC 39794-5:2019 formats for eMRTD application. This document also provides an implementation example for the ISO/IEC 39794-6:2021 format. This document includes: — information for eMRTD issuers and eMRTD-reader vendors; — summarized tables of data elements of ISO/IEC 19794-4:2005 and ISO/IEC 19794-5:2005 and ISO/IEC 39794-4:2019, ISO/IEC 39794-5:2019 and ISO/IEC 39794-6:2021; — correspondence tables of data elements between ISO/IEC 19794-4:2005 and ISO/IEC 19794-5:2005 and ISO/IEC 39794-4:2019 and ISO/IEC 39794-5:2019, providing: — information on whether each data element is normative or optional, and — a brief note of each data element from the viewpoint of transition; — tag, length, value (TLV) data examples of ISO/IEC 39794-4:2019, ISO/IEC 39794-5:2019 and ISO/IEC 39794-6:2021 for implementation, and, — tag lists of ISO/IEC 39794-4:2019, ISO/IEC 39794-5:2019 and ISO/IEC 39794-6:2021, and an extended example of ISO/IEC 39794-5 as informative annexes. The following are not within the scope of this document: — second and later editions of the ISO/IEC 19794 series (2011 and after), and, — ASN.1 formats and XML formats specified in the ISO/IEC 39794 series.

In order to support a globally interoperable system of seafarers' identity documents, ISO/IEC 24713-3:2009 establishes a biometric profile to define how to use biometrics for verification and identification of seafarers at the various stages of document issuance and inspection. It defines a set of base standards and criteria for applying those standards in applications where identity documents are issued to seafarers and biometrics are used to link each document to the seafarer to whom it was issued. It attempts to provide information on the processes surrounding the enrolment and verification or identification of seafarers so that the biometric components of the system can be used in a proper context. It also addresses other system components such as the storage medium for the biometric data and the security of the system, since these will affect the use of the biometric technology.

ISO/IEC 24713-2:2008 specifies the application profile including necessary parameters and interfaces between function modules (i.e. BioAPI based modules and an external interface) in support of token-based biometric identification and verification of employees, at local access points (i.e. doors or other controlled entrances) and across local boundaries within the defined area of control in an airport. The token is expected to contain one or more reference biometrics, one or more operational biometrics, or both.

ISO/IEC 24713-1:2008 provides common definitions used within the profile standards and references other standards applicable to the successful implementation of a generic biometric system. A harmonized (with the other part 1 standards in WG 3 and WG5) generic biometric system is described and a diagram is present. The description includes detail of the individual components present in a generic biometric system. ISO/IEC 24713-1:2008 furthermore describes the generic functions of the biometric system and the relationship between a biometric system and the application that uses that system. Lastly, ISO/IEC 24713-1:2008 details the possible interfaces into a biometric system as well as the relationship that exists between the various base standards currently under development within SC37.