ISO/IEC 24787:2010 pdf – Information technology — Identification cards — On-card biometric comparison.
1 Scope This International Standard establishes ⎯ requirements for performing comparisons of biometric samples and returning decisions on an integrated circuit card, and ⎯ security policies for on-card biometric comparison It also establishes commands and rules to permit pre-comparison computations to be done off-card. This International Standard does not establish ⎯ requirements for off-card comparison implementations, ⎯ requirements for system-on-card implementations, or ⎯ modality-specific requirements for storage and comparison. 2 Conformance An on-card comparison system claiming conformance to this International Standard shall conform to the requirements of 7.1.2 to 7.1.5, 7.2.1 to 7.2.8, 8.1, and 8.2.2 to 8.2.3, as applicable. A card conforming to this International Standard shall 1. Be personalized with two sets of data: Biometric reference object handling data, as described in 7.1.2 Configuration data for biometric verification, as described in 7.1.3 2. Support a shared interface for ICCs with multiple applications, as described in 7.1.4 3. Support retry counter management, as described in 7.1.5 4. Comply with the requirements set forth in 7.2.1 and 7.2.8 for on-card comparison implementations 5. Comply with the requirements set forth in 8.1, 8.2.2. and 8.2.3 for work-sharing implementations. Biometric authentication might coexist with other authentication mechanisms, such as PIN. The rules for such coexistence shall comply with ISO/IEC 7816-4:2005. The biometric data shall be organized and managed using either a file structure or data objects as per ISO/IEC 7816-4.
a) If the biometric data is organized as a file structure then the system shall also be fully compliant with the provisions in ISO/IEC 7816-11. b) If the biometric data are organized and managed as data objects then the card shall comply with the provisions in ISO/IEC 7816-4 for data object handling. The encoding of biometric data objects shall comply with ISO/IEC 7816-11 and ISO/IEC 19785-3. 3 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 7816-4:2005, Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange ISO/IEC 7816-11:2004, Identification cards — Integrated circuit cards — Part 11: Personal verification through biometric methods ISO/IEC 19785-1, Information technology — Common Biometric Exchange Formats Framework — Part 1: Data element specification ISO/IEC 19785-3:2007, Information technology — Common Biometric Exchange Formats Framework — Part 3: Patron format specifications ISO/IEC 19794 (all parts), Information technology — Biometric data interchange formats ISO/IEC 29794-1:2009, Information technology — Biometric sample quality — Part 1: Framework 4 Terms and definitions For the purposes of this document, the following terms and definitions apply. 4.1 auxiliary data data that is dependent on biometric modality and related to the biometric reference but does not include the biometric reference or a biometric sample EXAMPLE Data such as orientation, scaling, etc. 4.2 biometric, adj. of or having to do with biometrics [SC37 SD2 Harmonised biometric vocabulary] NOTE “biometric” is never used as a noun.
4.4 biometric claim claim that a biometric capture subject is or is not the bodily source of a specified or unspecified biometric reference [SC37 SD2 Harmonised biometric vocabulary] 4.5 biometric data biometric sample or aggregations of biometric samples at any stage of processing, biometric reference, biometric feature or biometric property [SC37 SD2 Harmonised biometric vocabulary] 4.6 biometric data format structure for representing biometric data 4.7 biometric Information template descriptive information regarding the associated biometric data [ISO/IEC 7816-11:2004] 4.8 biometric product identifier unique identifier registered with the registration authority in accordance with ISO/IEC 19785-1 4.9 biometric property descriptive attributes of the biometric data subject estimated or derived from the biometric sample by automated means [SC37 SD2 Harmonised biometric vocabulary] 4.10 biometric reference one or more stored biometric samples, biometric templates or biometric models attributed to a biometric data subject and used for comparison [SC37 SD2 Harmonised biometric vocabulary] 4.11 biometric verification system system that aims to perform the process of confirming a biometric claim [SC37 SD2 Harmonised biometric vocabulary] 4.12 installation writing of the required parameters into the non-volatile memory inside an integrated circuit card (ICC) by the card OS executing the installation procedure after the application has been uploaded to the ICC 4.13 on-card comparison performing comparison and decision making on an integrated circuit card where the biometric reference data is retained on-card in order to enhance security and privacy