Biometric data interchange format standards and biometric interface standards are both necessary to achieve full data interchange and interoperability for biometric recognition in an open systems environment.
The BS ISO/IEC 24713 comes in three parts, under the general title ‘Information Technology: Biometric profiles for interoperability and data interchange’.
Family of international standards
Part 2 of ISO/IEC 24713 is one of a family of international standards being developed by ISO/IEC JTC 1/SC 37 that support interoperability and data interchange among biometrics applications and systems.
The BS ISO/IEC 24713 series of standards specify the requirements that solve the complexities of applying biometrics to a wide variety of personal recognition applications, whether such applications operate in an open systems environment or consist of a single, closed system.
The series of standards includes a layered set of standards consisting of biometric data interchange formats and biometric interfaces, as well as biometric profiles that describe the use of these standards in specific application areas.
The biometric data interchange format standards specify biometric data interchange records for different biometric modalities. Parties that agree in advance to exchange biometric data interchange records as specified in a subset of the ISO/IEC JTC 1/SC 37 biometric data interchange format standards should be able to perform biometric recognition with each other’s data.
What the biometric interface standards include
Parties should also be able to perform biometric recognition even without advance agreement on the specific biometric data interchange format standards to be used, provided they have built their systems on the layered ISO/IEC JTC 1/SC 37 family of biometric standards.
The biometric interface standards include ISO/IEC 19785, the Common Biometric Exchange Formats Framework (CBEFF) and ISO/IEC 19784, the Biometric Application Programming Interface (BioAPI). These standards support the exchange of biometric data within a system or among systems.
ISO/IEC 19785 specifies the basic structure of a standardised Biometric Information Record (BIR) which includes the biometric data interchange record with added metadata, such as when it was captured, its expiry date and whether or not it’s encrypted, etc.
ISO/IEC 19784 specifies an open system API that supports communications between software applications and underlying biometric technology services. BioAPI also specifies a CBEFF BIR format for the storage and transmission of BioAPI-produced data.
Biometric data interchange formats
The biometric profile standards facilitate implementations of the base standards (eg the ISO/IEC JTC 1/SC 37 biometric data interchange format and biometric interface standards, and possibly non-biometric standards) for defined applications. These profile standards define the functions of an application (eg physical access control for employees at airports) and then specify use of options in the base standards to ensure biometric interoperability.
This part of ISO/IEC 24713 specifies the biometric profile including necessary parameters and interfaces between function modules (ie BioAPI based modules and an external interface) in support of token-based biometric identification and verification of employees, at local access points (ie doors or other controlled entrances) and across local boundaries within the defined area of control in an airport. The token is expected to contain one or more biometric references.
However, this part of ISO/IEC 24713 does not specify a complete access control system for deployment at access points within the secure area of an airport. It’s assumed that such systems exist, and that a biometric component which is the subject of this part of ISO/IEC 24713 is being added to an existing system. It therefore excludes such things as device features, and exception and incident reporting and handling.
In addition, this part of ISO/IEC 24713 includes recommended practices for enrolment, watch list checking, duplicate issuance prevention and verification of the identity of employees at airports. It also describes architectures and business processes appropriate to the support of token-based identity management in the secure environment of an airport.
Confidentiality, integrity, availability
It’s recommended that the confidentiality, integrity and availability of biometric data be safeguarded in accordance with local, regional or national policy considerations.
Part 2 of BS ISO/IEC 24713 does not preclude users building applications based on this standard from being able to meet such privacy/data protection requirements as may apply to their application. The specification of privacy/data protection requirements that may apply is outside the scope of this part of BS ISO/IEC 24713.
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
