ISO/IEC 27533
Full Title
Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using Biometric on mobile devices.
Context
This standard, currently in two parts, provides a collection of high-level requirements for biometric authentication on mobile devices.
Part 1 focuses on what the standard refers to as ‘local modes,’ biometric data and derived biometric data do not leave the device. In other words, the standard focuses on the protection of biometric data on the device itself, not as it relates to access to remote, off-device services. This standard was approved and published in November 2022.88[1]
Part 2, still under development, picks up where Part 1 leaves off and focuses on remote modes where the biometric data “the biometric data or derived biometric data are transmitted between the mobile devices and the remote services in either or both directions.”89 ISO has additional standards that focus more on biometric attacks and testing biometric algorithms (see the ISO/IEC 30107 Biometric presentation attack detection family and ISO/IEC 19795-1:2021 for testing biometric verification performance).90 Reviewing these criteria in these standards may go a long way to helping governments and businesses use biometric data safely and equitably.[2]
ISO has additional standards that focus more on biometric attacks and testing biometric algorithms (see the ISO/IEC 30107 Biometric presentation attack detection family and ISO/IEC 19795-1:2021 for testing biometric verification performance)[3]
References
- ↑ ISO/IEC 27553-1:2022 Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using Biometric on mobile devices — Part 1: Local modes. ISO/IEC JTC 1/SC 27. Geneva, Switzerland: ISO, published November 2022. https://www.iso.org/standard/71671.html
- ↑ ISO/IEC WD 27553-2 Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using biometrics on mobile devices — Part 2: Remote modes. ISO/IEC JTC 1/SC 27. Under development. https://www.iso.org/standard/71670.html
- ↑ ISO/IEC 30107-1:2016 Information technology — Biometric presentation attack detection — Part 1: Framework. ISO/IEC JTC 1/SC 37. Geneva, Switzerland: ISO, January 2016. https://www.iso.org/standard/53227.html and ISO/IEC 19795-1:2021 Information technology — Biometric performance testing and reporting — Part 1: Principles and framework. ISO/IEC JTC 1/SC 37. Geneva, Switzerland: ISO, May 2021. https://www.iso.org/standard/73515.html
Other Material
- See will page on Biometric Factor for how Biometrics are used in Authentication