ISO IEC TR 30117 pdf – Information technology — Standards and applications for the integration of biometrics and integrated circuit cards (ICCs)
1) lf an identification scheme is used, then there is no need for a further relationship between
biometrics and ICCs, and in such case this document is not applicable.
b) ls the system considering the use of a centralized database, or is it going to be implemented in a
1) lf a centralized database is going to be used and such database is going to be contacted at
every single verification attempt, then the need for a further relationship between biometricinformation and lCC is not needed. Therefore, this document is not applicable. The ICC will actonly as a means to claim the user identity.
)ls there an initial requirement of the biometric modality to be used?
1) with an initial requirement, a set of further decisions can already be taken,such as the
possibility of using on-card biometric comparison，work-sharing on-card comparison orbiometric system-on-card.
2) lf there is no initial requirement, the decision on the modality can be taken as any other
requirements are satisfied.
3) Once the modality is chosen, then the interoperable data formats have to be checked (see
4)Once the modality is chosen, it can also be important to address whether the ICC is expected to
also support other biometric verification types on lCC(e.g. off-card comparison) for the samemodality.
NOTE NIST SP 800-76-2 (see 5.4 Finger selection for details) specification for PlN card (furtheralso referenced within Clause 9 of this document) describes ICC platform with optional fingerprint on-card comparison and mandatory storage of the off-card comparison dedicated fingerprint templates.lt also addresses the subject stated above, that using the same reference finger positions for bothenrolled for off-card comparison and enrolled for on-card comparison biometric data can lead tosecurity vulnerabilities, if off-card templates would be read-out by an inappropriate party.Therefore,it recommends using different positions for off-card and on-card comparison reference templates.However, it also does not prohibit using the same positions because of usability (the same two positionshave to be presented by the cardholder despite the off-card or on-card verification method utilized).5) ln practice, multiple modalities can be used to address a higher level of security,flexibility
and also interoperability, i.e. face + fingerprints, where the latter enables interoperability atcompact format feature (minutiae) set level if face proprietary feature set encoding is used.6) Although theoretically possible, the use of multiple biometrics in on-card biometric comparison
or in BSoC can raise usability issues. Not only can an excessive interaction be requested, butalso delays in decision taking can appear due to the increase in computational needs.
7) ln either case, data quality control has to be considered for both the biometric reference and
the biometric probe, prior to applying any biometric operation.
dwhat are the initial requirements of ICC’s resources?
1) lf there is the requirement of using an ICC with insufficient processing capability,then
alternatives such as off-card comparison or work-sharing on-card comparison can becompromised.
2) lf there is the requirement of using an ICC with limited storage capacity, then the number of
references to be stored on the ICC, or the modalities to be used can be limited and/or the useof compact data formats can become a major requirement (see Clause 6).Attention is drawn tothe face that the limitations imposed by compact data formats also have to be considered (e.g.ISO/IEC 19794-2 compact card format maximum value for the minutiae x and y coordinate is 25,5 mm). Steps to be followed to reach interoperability:
1) If there is no need, then the designer can decide to create his/her own solution without following any standard. Therefore, this document cannot be applicable. This option is not recommended as the need for interoperability can arise at any time during the project, or when applying the development done for the current project to future ones.
2) If interoperability is required for exchanging data, then refer to Clause 6 . As it will be seen, it can happen that for reaching global interoperability in a specific modality, being independent on the algorithm to be used, the use of captured sample data in standardized format can become the only viable solution (e.g. the face image coded as ISO/IEC 19794-5, instead of a proprietary feature-based information).