ISO/IEC 27533

Full Title

Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using Biometric on mobile devices.

Context

This standard, currently in two parts, provides a collection of high-level requirements for biometric authentication on mobile devices.

Part 1 focuses on what the standard refers to as ‘local modes,’ biometric data and derived biometric data do not leave the device. In other words, the standard focuses on the protection of biometric data on the device itself, not as it relates to access to remote, off-device services. This standard was approved and published in November 2022.88^[1]

Part 2, still under development, picks up where Part 1 leaves off and focuses on remote modes where the biometric data “the biometric data or derived biometric data are transmitted between the mobile devices and the remote services in either or both directions.”89 ISO has additional standards that focus more on biometric attacks and testing biometric algorithms (see the ISO/IEC 30107 Biometric presentation attack detection family and ISO/IEC 19795-1:2021 for testing biometric verification performance).90 Reviewing these criteria in these standards may go a long way to helping governments and businesses use biometric data safely and equitably.^[2]

ISO has additional standards that focus more on biometric attacks and testing biometric algorithms (see the ISO/IEC 30107 Biometric presentation attack detection family and ISO/IEC 19795-1:2021 for testing biometric verification performance)^[3]

References

↑ ISO/IEC 27553-1:2022 Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using Biometric on mobile devices — Part 1: Local modes. ISO/IEC JTC 1/SC 27. Geneva, Switzerland: ISO, published November 2022. https://www.iso.org/standard/71671.html
↑ ISO/IEC WD 27553-2 Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using biometrics on mobile devices — Part 2: Remote modes. ISO/IEC JTC 1/SC 27. Under development. https://www.iso.org/standard/71670.html
↑ ISO/IEC 30107-1:2016 Information technology — Biometric presentation attack detection — Part 1: Framework. ISO/IEC JTC 1/SC 37. Geneva, Switzerland: ISO, January 2016. https://www.iso.org/standard/53227.html and ISO/IEC 19795-1:2021 Information technology — Biometric performance testing and reporting — Part 1: Principles and framework. ISO/IEC JTC 1/SC 37. Geneva, Switzerland: ISO, May 2021. https://www.iso.org/standard/73515.html

Other Material

See wiki page on Biometric Factor for how Biometrics are used in Authentication

[1] ISO/IEC 27553-1:2022 Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using Biometric on mobile devices — Part 1: Local modes. ISO/IEC JTC 1/SC 27. Geneva, Switzerland: ISO, published November 2022. https://www.iso.org/standard/71671.html

[2] ISO/IEC WD 27553-2 Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using biometrics on mobile devices — Part 2: Remote modes. ISO/IEC JTC 1/SC 27. Under development. https://www.iso.org/standard/71670.html

[3] ISO/IEC 30107-1:2016 Information technology — Biometric presentation attack detection — Part 1: Framework. ISO/IEC JTC 1/SC 37. Geneva, Switzerland: ISO, January 2016. https://www.iso.org/standard/53227.html and ISO/IEC 19795-1:2021 Information technology — Biometric performance testing and reporting — Part 1: Principles and framework. ISO/IEC JTC 1/SC 37. Geneva, Switzerland: ISO, May 2021. https://www.iso.org/standard/73515.html

[1]

[2]

[3]

ISO/IEC 27533

Contents

Full Title

Context

References

Other Material

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

Sidebar Links