BS ISO/IEC 24713-2:2008

BS ISO/IEC 24713-2:2008

Information technology. Biometric profiles for interoperability and data interchange. Physical access control for employees at airports

Status : Confirmed, Current   Published : July 2008



Visit BSI's Biometrics homepageBiometric data interchange format standards and biometric interface standards are both necessary to achieve full data interchange and interoperability for biometric recognition in an open systems environment.

BS ISO/IEC 24713 is a standard in three parts, under the general title Information technology — Biometric profiles for interoperability and data interchange:

Part 2 of ISO/IEC 24713 is one of a family of International standards being developed by ISO/IEC JTC 1/SC 37 that support interoperability and data interchange among biometrics applications and systems.

The BS ISO/IEC 24713 series of standards specify the requirements that solve the complexities of applying biometrics to a wide variety of personal recognition applications, whether such applications operate in an open systems environment or consist of a single, closed system.

The series of biometric standards includes a layered set of standards consisting of biometric data interchange formats and biometric interfaces, as well as biometric profiles that describe the use of these standards in specific application areas.

The biometric data interchange format standards specify biometric data interchange records for different biometric modalities. Parties that agree in advance to exchange biometric data interchange records as specified in a subset of the ISO/IEC JTC 1/SC 37 biometric data interchange format standards should be able to perform biometric recognition with each other’s data. Parties should also be able to perform biometric recognition even without advance agreement on the specific biometric data interchange format standards to be used, provided they have built their systems on the layered ISO/IEC JTC 1/SC 37 family of biometric standards.

The biometric interface standards include ISO/IEC 19785, the Common Biometric Exchange Formats Framework (CBEFF) and ISO/IEC 19784, the Biometric Application Programming Interface (BioAPI). These standards support exchange of biometric data within a system or among systems. ISO/IEC 19785 specifies the basic structure of a standardized Biometric Information Record (BIR) which includes the biometric data interchange record with added metadata, such as when it was captured, its expiry date, whether it is encrypted, etc. ISO/IEC 19784 specifies an open system API that supports communications between software applications and underlying biometric technology services. BioAPI also specifies a CBEFF BIR format for the storage and transmission of BioAPI-produced data.

The biometric profile standards facilitate implementations of the base standards (e.g. the ISO/IEC JTC 1/SC 37 biometric data interchange format and biometric interface standards, and possibly non-biometric standards) for defined applications. These profile standards define the functions of an application (e.g. physical access control for employees at airports) and then specify use of options in the base standards to ensure biometric interoperability.

This part of ISO/IEC 24713 specifies the biometric profile including necessary parameters and interfaces between function modules (i.e. BioAPI based modules and an external interface) in support of token-based biometric identification and verification of employees, at local access points (i.e. doors or other controlled entrances) and across local boundaries within the defined area of control in an airport. The token is expected to contain one or more biometric references.

This part of ISO/IEC 24713 does not specify a complete Access Control System for deployment at access points within the secure area of an airport. It is assumed that such systems exist and that a biometric component that is the subject of this part of ISO/IEC 24713 is being added to an existing system. It therefore excludes such things as device features, and exception and incident reporting and handling. This information is contained in Annex C for information only.

This part of ISO/IEC 24713 includes recommended practices for enrolment, watch list checking, duplicate issuance prevention, and verification of the identity of employees at airports. It also describes architectures and business processes appropriate to the support of token-based identity management in the secure environment of an airport.

It is recommended that the confidentiality, integrity, and availability of biometric data be safeguarded in accordance with local, regional, or national policy considerations.

Part 2 of BS ISO/IEC 24713 does not preclude users building applications based on this standard from being able to meet such privacy/data protection requirements as may apply to their application. The specification of privacy/data protection requirements that may apply is outside the scope of this part of BS ISO/IEC 24713.

A system conforms to this part of ISO/IEC 24713 if it correctly performs all the mandatory capabilities defined in the requirements list and supplies the profile specific Implementation Conformance Statement (ICS) in Annex A. Note that more capabilities may be required than in the base standards.

Contents of BS ISO/IEC 24712-2 include:

  • Scope
  • Conformance
  • Normative references
  • Terms and definitions
  • Environment
  • Employees in the targeted environment
  • Architecture
  • Token
  • Token management system
  • Command and control system
  • Command and control administration system
  • Infrastructure system
  • Process
  • Proofing
  • Registration
  • Issuance
  • Activation to a local access control system
  • Usage
  • Security Considerations
  • Requirements List
  • Relationship between RL and corresponding ICS proformas
  • Profile Specific Implementation Conformance Statement
  • Instruction for completing the ICS proforma
  • General structure of the ICS proforma
  • Additional Information
  • Exception Information
  • ICS proforma
  • Interchange Formats
  • Finger Image Data (ISO/IEC 19794-4:2005)
  • Finger Minutiae Data (ISO/IEC 19794-2:2005)
  • Finger Pattern Spectral Data (ISO/IEC 19794-3:2006)
  • Face Image Data (ISO/IEC19794-5:2005)
  • Iris Image Data (ISO/IEC 19794-6:2005)
  • Signature/Sign Time Series Data (ISO/IEC 19794-7:2007)
  • Finger Pattern Skeletal Data (ISO/IEC 19794-8:2006)
  • Vascular Image Data (ISO/IEC 19794-9:2007)
  • Hand Geometry Silhouette Data (ISO/IEC 19794-10:2007)
  • Technical Interface Standards
  • BioAPI (ISO/IEC 19784-1:2006)
  • CBEFF (ISO/IEC 19785-1:2006)
  • Additional information
  • Security Considerations
  • Approaches
  • Representative threat list
  • Bibliography

Visit BSI British Standards's Biometrics microsite and read about biometrics news, updates and standards developments.

Standard NumberBS ISO/IEC 24713-2:2008
TitleInformation technology. Biometric profiles for interoperability and data interchange. Physical access control for employees at airports
StatusConfirmed, Current
Publication Date31 July 2008
Confirm Date10 January 2020
Normative References(Required to achieve compliance to this standard)ISO/IEC 19795-2:2007, ISO/IEC 19785-3:2007, ISO/IEC 19794-3:2006, ISO/IEC 19794-7:2007, ISO/IEC 19784-1:2006, ISO/IEC 19794-6:2005, ISO/IEC 19794-8:2006, ISO/IEC 19795-1:2006, ISO/IEC 19794-4:2005, ISO/IEC 19785-1:2006, ISO/IEC 19794-2:2005, ISO/IEC 24713-1:2008, ISO/IEC 19794-9:2007, ISO/IEC 19794-5:2005, ISO/IEC 19794-10:2007
Informative References(Provided for Information)ISO/IEC 11770, ISO/IEC 7816-11:2004, ISO/IEC 7816, ITU-T X.509, NIST IR 6887, ISO 19092, ISO/IEC 18031:2005, ISO/IEC 9796:1991, ISO/IEC 9646-7:1995/Technical Corrigendum 1:1997, ISO/IEC 18033, ISO/IEC 18032:2005, ISO/IEC 15408, ISO/IEC 9646-7:1995
International RelationshipsISO/IEC 24713-2:2008
Draft Superseded By07/30107763 DC
DescriptorsData integrity, Data processing, Data representation, Security, Employees, Access control systems (buildings), Interfaces (data processing), Interoperability, Human body, Airports, Information exchange, Data security, Biometrics, Identification methods, Personnel
Title in FrenchTechnologies de l'information. Profils biométriques pour interopérabilité et échange de données. Contrôle d'accès physique pour les employés aux aéroports
Title in GermanBiometrische Profile für Interoperabilität und Datenaustausch. Physische Zugangskontrolle für auf Flughäfen Beschäftigte
ISBN978 0 580 54247 3
File Size612 KB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


The faster, easier way to work with standards

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version

Develop a PAS

Develop a fast-track standardization document in 9-12 months