ISO/IEC TR 30117:2021

TECHNICAL ISO/IEC TR
REPORT 30117
Second edition
2021-08
Information technology — Standards
and applications for the integration
of biometrics and integrated circuit
cards (ICCs)
Technologies de l'information — Normes et applications pour
l’intégration des données biométriques et cartes à circuits intégrés
Reference number
©
ISO/IEC 2021
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2021 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 1
5 Relationships between biometrics and ICCs . 3
5.1 Architectures for the joint use of biometrics and ICCs . 3
5.2 Considerations to be addressed when designing the application . 3
6 Data formats . 6
6.1 General . 6
6.2 Single modality plain biometric data formats . 6
6.3 Encapsulation of multiple modalities and/or security mechanisms . 8
6.4 ICC-specific definitions on biometric data formats . 9
7 Privacy and security . 9
8 Outside-ICC application development .11
8.1 General overview .11
8.2 Local applications .11
8.3 Client-server implementations .11
9 Use cases profiles .12
10 Technology evaluation .13
11 Implementing solutions merging the use of ICCs and biometrics.14
11.1 Spanish national ID card (DNIe) .14
11.1.1 General.14
11.1.2 Biometric services provided .15
11.1.3 Biometric modalities and data formats .15
11.1.4 Security mechanisms and operations .16
11.1.5 Evaluations and results .16
11.2 ePassport.16
11.2.1 General.16
11.2.2 Biometric services provided .17
11.2.3 Biometric modality and data formats .18
11.2.4 Security mechanisms and operations .18
Bibliography .20
© ISO/IEC 2021 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO's adherence to the WTO principles in the Technical
Barriers to Trade (TBT) see www .iso .org/ iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 17, Cards and security devices for personal identification.
This second edition cancels and replaces the first edition (ISO/IEC TR 30117:2014) which has been
technically revised.
The main changes compared to the previous edition are as follows:
— Addition and update of references to the related projects in all relevant standardization bodies.
— Addition to the Scope, to include not only on-card biometric comparison, but all other interactions
of biometrics and integrated circuit cards (ICCs).
— Addition of the example of the ePassport, which is a widely-deployed application using off-card
biometric comparison.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html and www .iec .ch/ national
-committees.
iv © ISO/IEC 2021 – All rights reserved

Introduction
There are a large number of applications where the need for implementing jointly integrated circuit
cards (ICC) and biometrics can arise. In those cases, system designers and integrators need to be aware
of the range of international standards and technical reports that are applicable. All of these potential
reference documents have been developed by different standardization bodies and committees. ISO/
IEC JTC1 (Joint Technical Committee) subcommittees develop standards in the following areas:
ICCs:
ISO/IEC JTC 1 SC 17 (Information technology — Cards and security devices for personal identification)
Security aspects:
ISO/IEC JTC 1 SC 27 (Information technology — Information security, cybersecurity and privacy protection)
Biometrics:
ISO/IEC JTC 1 SC 37 (Information technology — Biometrics)
Other regional or sectoral standardization bodies are also applicable.
In this context, the system designer and developer have a large number of documents at their disposal,
but with little information about which of them is really applicable. There are no general rules, as
depending on the application, different alternatives are available.
This document provides information on the published documents and relates them to the kind of
application to be developed. When referring to different applications, these will be classified attending
to the verification needs of the application, not to the final sector where the application is to be deployed.
This document provides information on the published documents and relates them to the kind of
application to be developed.
Interactions among standards cover different implementation levels, from data formats to be used to
the application profiles, including application programming interfaces (APIs) and security mechanisms.
This document places special emphasis on providing recommendations and policies needed by
developers to integrate the use of both biometrics and ICCs in applications.
The structure of this document is as follows:
— Clause 5 provides a first overview to the different decisions that have to be taken when developing
an application that can involve the use of ICCs and biometrics.
— Clauses 6 to 10 provide an overview to the different International Standards and Technical Reports
that can be applicable to the application to be developed.
— Clause 11 provides examples of implementations that can be used by application designers and
developers as guidelines.
All ISO/IEC documents mentioned in this document are listed in the Bibliography at the end of this
document.
NOTE Future editions of this document will add more information about Biometric System-on-Card
technology and the use of the PBO command.
© ISO/IEC 2021 – All rights reserved v

TECHNICAL REPORT ISO/IEC TR 30117:2021(E)
Information technology — Standards and applications for
the integration of biometrics and integrated circuit cards
(ICCs)
1 Scope
This document summarizes how some of the main international standards and recommendations
approach personal identification and its related information security, with regard to the integration of
biometrics and integrated circuit cards (ICCs). It also provides examples of how biometrics and ICCs are
integrated in applications.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 2382-37, Information technology — Vocabulary — Part 37: Biometrics
3 Terms and definitions
For the purpose of this document, the terms and definitions given in ISO/IEC 2382-37 and the following
apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
NOTE ISO/IEC 2382-37 is freely available at https:// standards .iso .org/ ittf/ Publicl yAvailable Standards/
index .html
3.1
biometric template
set of stored biometric features comparable directly to probe biometric features
Note 1 to entry: In the ISO/IEC 7816 series, the term "template" has a completely different meaning, being
...