Progressing on ISO-standards

The working groups of ISO/IEC JTC1 Subcommittee 37 (SC37) on biometrics met in January 2023 for its virtual meetings and progressed a number of relevant standards.
Again, virtual meetings were organised with an interleaved schedule that allowed experts to participate in multiple working groups, and as a result the involvement of experts was increased. Working Group 3 (Biometric Data Interchange Formats) hosted up to 70 registered experts over five days of meetings.
In addition to the (extensible) biometric data interchange formats, a second working area of the group is the field of biometric sample quality. WG3 discussed the revision of ISO/IEC 29794-1 Biometric sample quality – Part 1: Framework. The discussion resulted in clarification of the distinction between (unified) quality scores, which are predictive of recognition performance and are represented as integers in the range 0 to 100 (with higher being better) on the one hand, and quality components, which are measurements of certain information contained in a biometric sample. Quality components are not necessarily represented in the range 0 to 100, and higher values of quality components do not necessarily imply higher biometric utility. Quality components contribute to computation of (unified) quality scores and facilitate actionable feedback. The concept of error-versus-discard characteristics and the need for reporting the operational relevance of quality measures along with other evaluation methodologies are included in the revision of this standard. Working Group 3 decided to promote ISO/IEC 29794-1 to the next level Draft International Standard (DIS).
Regarding the project ISO/IEC 29794-4 Information technology — Biometric sample quality — Part 4: Finger image data, several comments were discussed to consolidate the text. The definitions of the quality components (a.k.a. NFIQ2 features) are now refined to align with ISO/IEC 29794-1. The group looked at the test report from the AdHoc group on BlockSize and decided that further investigation is recommended. Regarding the reference implementation of ISO/IEC 29794-4, it was reported that the revised software in GitHub now compiles with OpenCV4.6 and on new operating systems, as expected. After disposition of comments, WG3 decided to promote ISO/IEC 29794-4 to the next level, which is Committee Draft (CD). The NFIQ2.0 NIST Interagency Report (NISTIR 8382) remains published here.
ISO/IEC JTC1 SC37 WG3 made good progress on the revision project ISO/IEC 29794-5 Biometric sample quality – Part 5: Face image data. This part is developed as an international standard and will relate to quality requirements from both ISO/IEC 19794-5:2010 and ISO/IEC 39794-5:2019. It will also be applicable to scenarios with relaxed quality requirements such as surveillance applications. Good progress was achieved on the definition of numerous quality components, which will provide accurate and specific elements in a quality vector such as information on the correctness of a pose or the sharpness of the face image (and many others). ISO/IEC 29794-5 is now distributed as Sixth Working Draft (WD6) and seeking more contributions.
In the joint meeting of WG1, WG2, WG3, WG4 and WG5 the liaison report SC17-SC37 was discussed. While the Doc 9303 MRTD 9th edition is under preparation, the established SC17-SC37 ad hoc group coordinates the transition from ISO/IEC 19794 to ISO/IEC 39794 in Doc 9303, with the intent to publish an ISO/IEC 39794 application profile.
Of high interest is the project ISO/IEC 9868 Biometric identification systems involving passive capture subject. This project is relevant for biometric identification systems that will be covered under EU AI Act legislation. Comments on the 7th WD were discussed. One focus was the clarification of responsibilities of system provider (i.e., the manufacturer or integrator) and the system owner (i.e., the operator or user) to undertake risk assessment. However, management aspects such as role definitions and processes are out of scope for this standard. Another focus were mechanisms to monitor the system operation. The 8th working draft is now seeking contributions in order to complete this standard quickly and align the timing of its completion with the legislative process.
Furthermore, the revision project ISO/IEC 30107-1 Biometric presentation attack detection – Part 1: Framework was discussed. The revision has harmonised the standard with the harmonized biometric vocabulary ISO/IEC 2382-37 to integrate the concept of bona fide presentation. The project was previously balloted at DIS level and is now ready to be published.
The revision project ISO/IEC 30107-3 Biometric presentation attack detection – Part 3: Testing and reporting is now completed. The standard establishes principles and methods for the performance assessment of presentation attack detection (PAD) mechanisms as well defines reporting of testing results from evaluations of PAD mechanisms. The published standard is available here.
Moreover, the revision of ISO/IEC 30107-4 was under discussion. This Part 4 is a testing profile for evaluation of mobile devices. It was agreed that the profile shall serve both for general mobile device PAD testing and also FIDO specific testing, which is defined in an Annex. The document will be circulated as Draft International Standard (DIS).
The next set of working group meetings will be hybrid (physical and virtual) and will take place from June 26 to 30 at eu-LISA in Tallinn.