iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 30107-3:2023

(Main)

Information technology — Biometric presentation attack detection — Part 3: Testing and reporting

Information technology — Biometric presentation attack detection — Part 3: Testing and reporting

This document establishes: — principles and methods for the performance assessment of presentation attack detection (PAD) mechanisms; — reporting of testing results from evaluations of PAD mechanisms; and — a classification of known attack types (Annex A). Outside the scope are: — standardization of specific PAD mechanisms; — detailed information about countermeasures (i.e. anti-spoofing techniques), algorithms or sensors; and — overall system-level security or vulnerability assessment. The attacks considered in this document take place at the biometric capture device during presentation. Any other attacks are considered outside the scope of this document.

Technologies de l'information — Détection d'attaque de présentation en biométrie — Partie 3: Essais et rapports d'essai

General Information

Status
Published
Publication Date
09-Jan-2023
ICS
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
ISO/IEC JTC 1/SC 37 - Biometrics
Drafting Committee
ISO/IEC JTC 1/SC 37/WG 3 - Biometric data interchange formats
Current Stage
6060 - International Standard published
Start Date
10-Jan-2023
Due Date
19-Sep-2023
Completion Date
10-Jan-2023
Ref Project

Relations

Revises
ISO/IEC 30107-3:2017 - Information technology — Biometric presentation attack detection — Part 3: Testing and reporting
Effective Date
23-Apr-2020
ISO/IEC 30107-3:2023 - Information technology — Biometric presentation attack detection — Part 3: Testing and reporting Released:10. 01. 2023ISO/IEC 30107-3:2023 - Information technology — Biometric presentation attack detection — Part 3: Testing and reporting Released:10. 01. 2023
PreviousNext
Standard
ISO/IEC 30107-3:2023 - Information technology — Biometric presentation attack detection — Part 3: Testing and reporting Released:10. 01. 2023
English language
39 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 30107-3
Second edition
2023-01
Information technology — Biometric
presentation attack detection —
Part 3:
Testing and reporting
Technologies de l'information — Détection d'attaque de présentation
en biométrie —
Partie 3: Essais et rapports d'essai
Reference number
© ISO/IEC 2023
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2023 – All rights reserved

Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
3.1 Attack elements . 2
3.2 Metrics . 3
3.3 Test roles . 5
4 Abbreviated terms . 6
5 Conformance . 7
6 Presentation attack detection (PAD) overview . 7
7 Levels of evaluation of PAD mechanisms . 8
7.1 Overview . 8
7.2 General principles of evaluation of PAD mechanisms . 9
7.3 PAD subsystem evaluation. 9
7.4 Data capture subsystem evaluation . 10
7.5 Full system evaluation . 10
8 Artefact properties .11
8.1 Properties of PAIs in biometric impostor attacks . 11
8.2 Properties of PAIs in biometric concealer attacks .12
8.3 Properties of synthesized biometric samples with abnormal characteristics .12
9 Considerations in non-conformant capture attempts of biometric characteristics .13
9.1 Methods of presentation .13
9.2 Methods of assessment .13
10 Artefact creation and usage in evaluations of PAD mechanisms .13
10.1 General .13
10.2 Artefact creation and preparation . 13
10.3 Artefact usage . 14
10.4 Iterative testing to identity effective artefacts . 15
11 Process-dependent evaluation factors .15
11.1 Overview . 15
11.2 Evaluating the enrolment process . 15
11.3 Evaluating the verification process . 16
11.4 Evaluating the identification process . 16
11.5 Evaluating offline PAD mechanisms . 17
12 Evaluation using Common Criteria framework .17
12.1 General . 17
12.2 Common Criteria and biometrics . 18
12.2.1 Overview . 18
12.2.2 General evaluation aspects . 19
12.2.3 Error rates in testing . 19
12.2.4 PAD evaluation . 19
12.2.5 Vulnerability assessment . 20
13 Metrics for the evaluation of biometric systems with PAD mechanisms .21
13.1 General . 21
13.2 Metrics for PAD subsystem evaluation . 22
13.2.1 General .22
13.2.2 Classification metrics .22
13.2.3 Non-response metrics . 25
iii
© ISO/IEC 2023 – All rights reserved

13.2.4 Efficiency metrics .25
13.2.5 Summary . 25
13.3 Metrics for data capture subsystem evaluation . 25
13.3.1 General . 25
13.3.2 Acquisition metrics .26
13.3.3 Non-response metrics . 26
13.3.4 Efficiency metrics .26
13.3.5 Summary . 26
13.4 Metrics for full system evaluation . 27
13.4.1 General . 27
13.4.2 Accuracy metrics. 27
13.4.3 Efficiency metrics . 27
13.4.4 Generalized full-system evaluation performance .28
13.4.5 Summary . 30
Annex A (informative) Classification of attack types .32
Annex B (informative) Examples of artefact species used in a PAD subsystem evaluation
for fingerprint capture devices .36
Annex C (informative) Roles in PAD testing .37
Bibliography .38
iv
© ISO/IEC 2023 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
Attention is drawn to
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 20059:2025(Main)
Information technology — Methodologies to evaluate the resistance of biometric systems to morphing attacks

This document establishes a methodology to evaluate the resistance of BSs to morphing attacks, including multiple identity attacks. The document is limited to image-based morphing attacks. The term "image-based" includes modalities such as face, iris and finger image data. The document establishes: — a definition of biometric sample modifications and manipulation with a specific focus on manipulations that constitute a multiple identity attack. This can be, for instance, an enrolment attack with face image morphing; — a methodology to measure the morphing attack potential of a morphing method. The document also describes how morphing algorithms can be used for system evaluation.

  • Standard
    16 pages
    English language
    sale 15% off
  • Draft
    17 pages
    English language
    sale 15% off
  • Draft
    17 pages
    English language
    sale 15% off
ISO
ISO/IEC 19785-4:2025(Main)
Information technology — Common Biometric Exchange Formats Framework — Part 4: Security block format specifications

This document specifies security block (SB) formats (see ISO/IEC 19785-1) registered in accordance with ISO/IEC 19785-2 as formats defined by the Common Biometric Exchange Formats Framework (CBEFF) biometric organization ISO/IEC JTC 1/SC 37. This document also specifies registered SB format identifiers. NOTE The SB format identifier is recorded in the standard biometric header (SBH) of a patron format (or defined by that patron format as the only available SB format). The general-purpose SB format specifies whether the biometric data block (BDB) is encrypted or the SBH and BDB have integrity applied (or both). The general-purpose SB format can include ACBio instances (see ISO/IEC 24761). This SB provides all necessary security parameters, including those used for encryption or integrity. This document does not restrict the algorithms and parameters used for encryption or integrity, but it provides for the recording of such algorithms and parameter values. This document does not cover profiling to determine what algorithms and parameter ranges can be used by the generator of an SB for a particular application area, and hence what algorithms and parameter ranges have to be supported by the user of an SB. The second SB format is more limited but simpler. In particular, it cannot contain ACBio instances and does not support encryption of the BDB. The general-purpose SB format in XML provides for specification of whether the BDB is encrypted or the SBH and BDB have integrity applied (or both).

  • Standard
    20 pages
    English language
    sale 15% off
  • Draft
    18 pages
    English language
    sale 15% off
  • Draft
    18 pages
    English language
    sale 15% off
ISO
ISO/IEC 19785-3:2025(Main)
Information technology — Common Biometric Exchange Formats Framework — Part 3: Patron format specifications

This document specifies and publishes registered Common Biometric Exchange Formats Framework (CBEFF) patron formats defined by the CBEFF patron ISO/IEC JTC 1/SC 37, and specifies their registered CBEFF patron format types (see ISO/IEC 19785-1) and resulting full ASN.1 OIDs. See Annex A for rules on how patron formats are defined using CBEFF data elements.

  • Standard
    142 pages
    English language
    sale 15% off
  • Draft
    139 pages
    English language
    sale 15% off
  • Draft
    139 pages
    English language
    sale 15% off
ISO
ISO/IEC 29794-5:2025(Main)
Information technology — Biometric sample quality — Part 5: Face image data

This document establishes requirements on implementations that quantify how a face image’s properties conform with those of canonical face images, for example those specified in ISO/IEC 39794-5:2019, Clause D.1, for three use-cases: 1) collection of reference samples for ID documents; 2) sample system enrolment; and 3) probes for instantaneous response. This document also establishes terms and definitions for quantifying face image quality and specifies methods for quantifying the quality of face images. This document does not establish requirements on: — assessing the quality of pairs or sequences of images; NOTE This document establishes requirements for software that inspects exactly one image. This document does not establish requirements for software that compares two or more images (such as biometric recognition). However, the computations of this document can be applied separately to each image in a pair or sequence. — assessing the quality of 3D captures; — encodings of face image quality data; — performance evaluation of face image quality assessment algorithms. The use cases within scope of this document primarily address the assessment of images from data capture subjects who consent to processing of their biometric data, or for whom biometric capture is operationally authorized.

  • Standard
    63 pages
    English language
    sale 15% off
ISO
ISO/IEC 19794-14:2022/Amd 1:2025(Amendment)
Information technology — Biometric data interchange formats — Part 14: DNA data — Amendment 1: Conformance requirements
  • Standard
    15 pages
    English language
    sale 15% off
ISO
ISO/IEC 9868:2025(Main)
Information technology — Design, development, use and maintenance of biometric identification systems involving passive capture subjects

This document provides recommendations and requirements for the design, development, use and maintenance of biometric identification systems involving passive capture subjects, including pre- and post-deployment evaluation. While the emphasis is on surveillance systems, this document is also applicable to other types of biometric identification systems involving passive capture subjects, regardless of biometric characteristic or sensing technology. This includes systems involving passive capture of subjects where some capture subjects enrolled voluntarily. This document does not apply to biometric verification systems and biometric identification systems only involving capture subjects deliberately taking part in the capture. This document does not define specific services, platforms or tools.

  • Standard
    30 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 24722:2024(Main)
Information technology — Biometrics — Multimodal and other multibiometric fusion

This document provides descriptions and analyses of current practices on multimodal and other multibiometric fusion, including (as appropriate) references to more detailed descriptions. This document contains descriptions and explanations of high-level multibiometric concepts to aid in the explanation of multibiometric fusion approaches including: multi-characteristic-type, multi-instance, multi-sensorial, multialgorithmic, decision-level and score-level logic.

  • Technical report
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 22604:2024(Main)
Information technology — Biometric recognition of subjects in motion in access-related systems

This document establishes requirements for the development of biometric solutions for verification and identification processes for secure access without physical contact with any device at any time. The solutions acquire biometric characteristics that are captured while the data subjects are in motion to verify or identify the individuals requiring access, thus controlling access using contactless biometrics.

  • Technical specification
    15 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 21419:2024(Main)
Information technology — Cross-jurisdictional and societal aspects of implementation of biometric technologies — Use of biometrics for identity management in healthcare

This document describes potential applications of biometrics in identity management systems used for medical and healthcare purposes. It provides feedback from healthcare practitioners on the advantages, disadvantages, risks and priority of implementing certain use cases of healthcare with biometrics. For those use cases, information related to the selection of biometric type and associated measures related to security and privacy protection is provided to system designers. The document concentrates on aspects of the subject which apply to the good management of healthcare services for patients who need monitoring, treatment and care in hospitals, clinics or at home, but can be incapacitated. It does not cover the measurement and interpretation of symptoms and biological data for the purposes of medical treatment or research. The document is intended to be useful for the management of public and private healthcare systems anywhere in the world, and to commercial providers of identity management services and equipment. It is also potentially relevant to regulatory stakeholders addressing issues of privacy and legality, and the assessment of potential vulnerabilities in biometrics and identity management systems applied in the healthcare sector.

  • Technical specification
    25 pages
    English language
    sale 15% off
ISO
ISO/IEC 19795-10:2024(Main)
Information technology — Biometric performance testing and reporting — Part 10: Quantifying biometric system performance variation across demographic groups

This document establishes requirements for estimating and reporting on performance variations observed when cohorts belonging to different demographic groups engage with biometric enrolment and recognition systems. In this context, performance refers to failure-to-enrol rate, failure-to-acquire rate, shifts in comparison score, recognition error rates, and aspects of response and processing time (throughput). This document is applicable to the following: — demographic group membership; — using phenotypic measures; — reporting on tests; — stating statistical uncertainty estimates; — operational thresholds settings; — equitability; — procurement agency activities. This document also provides terms and definitions to be used when reporting performance variation across demographic groups. This document is applicable to: — technology evaluations of algorithms, subsystems and systems; — scenario evaluations of systems; — operational evaluations of fielded systems. Application of this document does not require detailed knowledge of a system’s algorithms but it does require specific knowledge of the demographic characteristics for the population of interest.

  • Standard
    25 pages
    English language
    sale 15% off