ISO IEC 24787:2010 pdf download – Information technology — Identification cards — On-card biometric comparison
1 Scope
This International Standard establishes
⎯ requirements for performing comparisons of biometric samples and returning decisions on an integrated circuit card, and
⎯ security policies for on-card biometric comparison
It also establishes commands and rules to permit pre-comparison computations to be done off-card.
This International Standard does not establish
⎯ requirements for off-card comparison implementations,
⎯ requirements for system-on-card implementations, or
⎯ modality-specific requirements for storage and comparison.
2 Conformance
An on-card comparison system claiming conformance to this International Standard shall conform to the
requirements of 7.1.2 to 7.1.5, 7.2.1 to 7.2.8, 8.1, and 8.2.2 to 8.2.3, as applicable.
A card conforming to this International Standard shall
1. Be personalized with two sets of data:
Biometric reference object handling data, as described in 7.1.2
Configuration data for biometric verification, as described in 7.1.3
2. Support a shared interface for ICCs with multiple applications, as described in 7.1.4
3. Support retry counter management, as described in 7.1.5
4. Comply with the requirements set forth in 7.2.1 and 7.2.8 for on-card comparison implementations 5. Comply with the requirements set forth in 8.1, 8.2.2. and 8.2.3 for work-sharing implementations.
Biometric authentication might coexist with other authentication mechanisms, such as PIN. The rules for such coexistence shall comply with ISO/IEC 7816-4:2005.
The biometric data shall be organized and managed using either a file structure or data objects as per ISO/IEC 7816-4.
a) If the biometric data is organized as a file structure then the system shall also be fully compliant with
the provisions in ISO/IEC 7816-11.
b) If the biometric data are organized and managed as data objects then the card shall comply with the provisions in ISO/IEC 7816-4 for data object handling.
The encoding of biometric data objects shall comply with ISO/IEC 7816-11 and ISO/IEC 19785-3.
3 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 7816-4:2005, Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange
ISO/IEC 7816-11:2004, Identification cards — Integrated circuit cards — Part 11: Personal verification through biometric methods
ISO/IEC 19785-1, Information technology — Common Biometric Exchange Formats Framework — Part 1: Data element specification
ISO/IEC 19785-3:2007, Information technology — Common Biometric Exchange Formats Framework — Part 3: Patron format specifications
ISO/IEC 19794 (all parts), Information technology — Biometric data interchange formats
ISO/IEC 29794-1:2009, Information technology — Biometric sample quality — Part 1: Framework
4 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
4.1
auxiliary data
data that is dependent on biometric modality and related to the biometric reference but does not include the biometric reference or a biometric sample
EXAMPLE Data such as orientation, scaling, etc.
4.2
biometric, adj.
of or having to do with biometrics
[SC37 SD2 Harmonised biometric vocabulary]
NOTE “biometric” is never used as a noun.
4.3
biometrics
automated recognition of individuals based on their behavioral and biological characteristics
[SC37 SD2 Harmonised biometric vocabulary]
5 Abbreviated terms
AID application identifier
ADF application dedicated file
APDU application protocol data unit
AUT authenticate
BER basic encoding rules
BIT biometric information template
CRT control reference template
CPU central processing unit
DF dedicated file
DF.CIA dedicated file, cryptographic information application
EF elementary file
FCI file control information
FCP file control parameter
FMR false match rate
6 Architecture of biometric matching using an ICC
6.1 General The following subclauses details, for the purposes of illustration, four methods for allocating the biometric matching functionality between an ISO/IEC 7816 conformant card and the biometric verification system. Only 6.3 and 6.4 are within the scope of this standard. To perform enrolment, the biometric sample from the user is captured for biometric reference creation, then the user’s information are uploaded to the card. This does not apply to system-on-card comparison as specified in 6.5.
6.2 Off-card comparison Off-card comparison means the biometric verification is performed on the biometric verification system side. The card acts as a storage device to store the biometric reference(s) of the user. Figure 1 provides a schematic of the various process steps. To perform verification, the biometric verification system will obtain access to the ICC and read the user’s biometric reference. The role of the biometric verification system is to capture the biometric sample and to perform biometric verification. If the biometric verification is successful, the biometric verification system will change its security status. This may include downloading further information from the card for a subsequent transaction. If unsuccessful, further access will be denied.ISO IEC 24787 pdf download.
