ISO/IEC JTC 1/SC 37

ISO/IEC JTC 1/SC 37 Biometrics is a standardization subcommittee in the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), which develops and facilitates standards within the field of biometrics. The international secretariat of ISO/IEC JTC 1/SC 37 is the American National Standards Institute (ANSI), located in the United States.

History
ISO/IEC JTC 1/SC 37 was established in August 2002, after the approval of a proposal submitted by ANSI to ISO/IEC JTC 1 for the establishment of a new JTC 1 subcommittee on biometrics. The main purpose of the new subcommittee was to provide an international venue that would harmonize and accelerate formal international biometric standardization, resulting in better interoperability, reliability, usability, and security for future standards based systems and applications. With better interoperability between biometrics systems, the success of these applications would be much more likely. ISO/IEC JTC 1/SC 37 was created with the intent that it would create standards that could support the rapid deployment of open systems, standard-based security solutions for a number of purposes, such as prevention of ID theft and homeland defense. Standards developed by ISO/IEC JTC 1/SC 37 provide support to a wide range of systems and applications that provide accurate and reliable verification and identification of individuals. The subcommittee has published a number of standards pertaining to biometrics in the areas of technical interfaces, data interchange formats, performance testing and application profiles. Other topics within biometrics that have already, or are currently, being addressed by ISO/IEC JTC 1/SC 37 are performance and conformance testing methodology standards, sample quality standards, and standards and technical reports in support of technical implementation issues and cross jurisdictional issues related to the utilization of biometric technologies in commercial applications.

Scope and mission
The scope of ISO/IEC JTC 1/SC 37 is the "Standardization of generic biometric technologies pertaining to human beings to support interoperability and data interchange among applications and systems." Generic human biometric standards include:
 * Common file frameworks
 * Biometric application programming interfaces
 * Biometric data interchange formats
 * Related biometric profiles
 * Application of evaluation criteria to biometric technologies
 * Methodologies for performance testing and reporting and cross jurisdictional and societal aspects

The mission of ISO/IEC JTC 1/SC 37 is to ensure a comprehensive and high priority, worldwide approach for the development and approval of international biometric standards.

Work done by ISO/IEC JTC 1/SC 37 does not include:
 * Work covered by ISO/IEC JTC 1/SC 17 for applying biometric technologies to cards and personal identification
 * Work covered by ISO/IEC JTC 1/SC 27 for biometric data protections techniques, biometric security testing, evaluations, and evaluations methodologies

ISO/IEC JTC 1/SC 37 Roadmap – 12 August 2015

Structure
ISO/IEC JTC 1/SC 37 is made up of six working groups (WGs), each of which carries out specific tasks in standards development within the field of biometrics. The focus of each working group is described in the group's terms of reference. Working groups of ISO/IEC JTC 1/SC 37 are:

Collaborations
ISO/IEC JTC 1/SC 37 works in close collaboration with a number of other JTC 1 subcommittees, specifically ISO/IEC JTC 1/SC 17: Cards and Personal Identification, and ISO/IEC JTC 1/SC 27: IT Security Techniques. The standard ISO/IEC 7816-11:2004, Identification cards – Integrated circuit cards – Part 11: Personal verification through biometric methods, developed by ISO/IEC JTC 1/SC 17 includes an instantiation of a biometric data encapsulator developed by ISO/IEC JTC 1/SC 37. ISO/IEC JTC 1/SC 37 has also developed standards with external organizations, such as the International Labour Organization (ILO). External organizations, such as the International Civil Aviation Organization (ICAO), have also adopted many of the standards developed by ISO/IEC JTC 1/SC 37. In 2011, ICAO published the sixth edition of Document 9303 Part 1, which specifies requirements for passports (specifically, Machine-readable passports) within the realms of physical security features, biometrics, and data storage media. Many of the specifications for biometrics developed and facilitated by ISO/IEC JTC 1/SC 37 were integrated into the document, specifically those pertaining to face, finger, and iris images.

Organizations internal to ISO or IEC that collaborate with or are in liaison to ISO/IEC JTC 1/SC 37 include:
 * ISO/IEC JTC 1
 * ISO/IEC JTC 1/SC 17
 * ISO/IEC JTC 1/SC 27
 * ISO/IEC JTC 1/SC 31
 * ISO/IEC JTC 1/SC 35
 * ISO/IEC JTC 1/SC 38
 * ISO/IEC JTC 1/SC 42
 * IEC TC 79
 * TC 272
 * IEC/SC 3C

Organizations external to ISO or IEC that collaborate with, or are in liaison to, ISO/IEC JTC 1/SC 37 include:
 * International Biometric Industry Association (IBIA)
 * International Telecommunication Union (ITU) (SG 17)
 * Organization for the Advancement of Structured Information Standards (OASIS)
 * FIDO Alliance (FIDO Alliance)
 * CEN TC 224 / WG 18
 * Frontex

Certain countries represented within ISO/IEC JTC 1/SC 37 have also adopted a number of the subcommittee's standards. Two official documents of Spain, the electronic national identity card (DNIe) and the Spanish ePassport, store biometric data outlined in ISO/IEC JTC 1/SC 37's standard data interchange format. In addition, the Planning Commission of the Unique Identification Authority of India (UIDAI) has also planned to use ISO/IEC JTC 1/SC 37's biometric series of standards for fingerprints (ISO/IEC 19794-4:2005, Information technology – Biometric data interchange formats – Part 4: Finger image data), face (ISO/IEC 19794-5, Information technology – Biometric data interchange formats – Part 5: Face image data) and iris (ISO/IEC 19794-6:2005, Information technology – Biometric data interchange formats – Part 6: Iris image data) data interchange formats for the organization's unique identity project. The UIDAI is currently developing the Aadhaar ("Foundation") system and also plans to incorporate a number of other standards developed and facilitated by ISO/IEC JTC 1/SC 37, including, ISO/IEC 19785 CBEFF (Common Biometric Exchange Formats Framework), which provides the common structure, metadata, and security block in packaging the biometric data.

Member countries
Countries pay a fee to ISO to be members of subcommittees.

The 29 "P" (participating) members of ISO/IEC JTC 1/SC 37 are: Australia, Canada, China, Czech Republic, Denmark, Egypt, Finland, France, Germany, India, Israel, Italy, Japan, Republic of Korea, Malaysia, Netherlands, New Zealand, Norway, Poland, Portugal, Russian Federation, Singapore, South Africa, Spain, Sweden, Switzerland, Ukraine, United Kingdom, and United States of America.

The 13 "O" (observing) members of ISO/IEC JTC 1/SC 37 are: Austria, Belgium, Bosnia and Herzegovina, Ghana, Hungary, Indonesia, Islamic Republic of Iran, Ireland, Kenya, Romania, Serbia, Thailand, and Turkey.

Standards
As of May 2017, ISO/IEC JTC 1/SC 37 has 118 published standards (including amendments) in biometrics. The types of standards within biometrics published by ISO/IEC JTC 1/SC 37, by working group, are:


 * WG 1: Responsible for the development of a Harmonized Biometric Vocabulary: establish a systematic description of the concepts in the field of biometrics pertaining to recognition of human beings and reconcile variant terms in use in pre-existing biometric standards against the preferred terms, thereby clarifying the use of terms in this field (ISO/IEC 2382-37, Information technology – Vocabulary – Part 37: Biometrics, which is freely downloadable from the ISO website).
 * WG 2: Technical interface standards: address necessary interfaces and interactions between biometric components and sub-systems, as well as the possible use of security mechanisms to protect stored data and data transferred between systems. Standards under development include BioAPI for Object-oriented programming languages Part 1: Architecture, Part 2: Java implementation, and Part 3: C# implementation.
 * WG 3: Data interchange format standards: specify the content, meaning, and representation of biometric data formats which are specific to a particular biometric modality.
 * Biometric sample quality standards and technical reports: specify terms and definitions that are useful in the specification, use and testing of image quality metrics and define the purpose, intent, and interpretation of image quality scores for a particular biometric modality.
 * Conformance testing methodology standards: specify methods and procedures, assertion language definitions, test assertions, testing and reporting requirements, and other aspects of conformance testing methodologies.
 * Amendments to the data interchange formats to specify XML encoding.
 * Biometric presentation attack detection: the purpose of ISO/IEC 30107-1 is to provide a foundation for Presentation Attack Detection through defining terms and establishing a framework through which presentation attack events can be specified and detected so that they can be categorized, detailed and communicated for subsequent decision making and performance assessment activities. ISO/IEC 30107-1, Biometric presentation attack detection - Part 1: Framework, which is freely downloadable from the ISO website: http://standards.iso.org/ittf/PubliclyAvailableStandards/c053227_ISO_IEC_30107-1_2016.zip
 * WG 4: Technical implementation of biometric systems standards and guidance: develop technical best practices, guidance, implementation requirements and biometric profiles that support the successful use and interoperability of biometric applications. Standards and technical reports under development include the ISO/IEC standard ISO/IEC 30124 Code of practice for the implementation of a biometric system and the Technical Reports ISO/IEC TR 29196 Guidance for Biometric Enrolment and ISO/IEC TR 30125 Use of Mobile Biometrics for Personalization and Authentication
 * WG 5: Biometric performance testing and reporting methodology standards and technical reports: specify biometric performance metric definitions and calculations, approaches to test the performance, and requirements for reporting the test results. Standards under development include:
 * Specifications for Machine-readable test data for biometric testing and reporting
 * An evaluation methodology for environmental influence in biometric system performance
 * WG 6: Standards and technical reports related to cross-jurisdictional and societal issues: address the applications of biometric technologies, specifically in respect to, accessibility, health and safety, and support of legal requirements.