Evolving biometrics standards back new ICAO passport requirements

A new standard for biometric passports from the International Civil Aviation Organization (ICAO) is fast approaching. The passport standard is based on a range of biometrics standards, mostly supplied by the ISO and IEC, and those are adapting and being updated even as the new passport standard is established.

The European Association for Biometrics (EAB) convened members and standards group participants from around the world for a two-day event to inform stakeholders about the ICAO 2025 passport standard and the standards that inform it.

The genesis of the “ISO and the New ICAO Passport 2025 Standards” workshop comes from the uneven response to a question posed by Uwe Seidel of Bundeskriminalamt and ICAO at a meeting of government bodies earlier this year about how ready they were to begin using the passport readers they will be using by the end of 2025. The EAB convened a two-day event to help inform stakeholders, with the first day focusing on recent standards and revision, and the second examining the new standard in depth.

Day 1 focused on standards developed by ISO/IEC Joint Technical Committee One SC37 (Biometrics), and was moderated by Christoph Busch of Hochschule Darmstadt.

Fitting the puzzle together

Patrick Grother of the U.S. National Institute of Standards and Technology, who is also the chair of SC37, began by explaining the structure of the standards-formation group, and how it works with other government and non-governmental organizations. There are six working groups under SC37, one of which (data) is chaired by Busch.

Some of the main standards ICAO is concerned with are the Face Image Quality (ISO/IEC 39794-5) interoperability standard, 39794-4 for fingerprints and 39794-6 for iris biometrics, as well as the revision of ISO/IEC 19795-1, Grother says. Other important standards take in DNA and the vocabulary used, which is updated frequently. A technical report has been produced to help guide the transition from 19794 data formats to those specified in 39794. Presentation attack detection standards updates are also relevant to ICAO.

Standards in development and on the roadmap, such as for template protection tests, enrollment and injection attacks, were identified by Grother. The AI Act prompted work towards technical specifications for passive capture of biometrics in 1:N scenarios, ISO/IEC 9868, which is already nearing completion.

Jim Wayman of the U.S. DHS’ Office of Biometric Identity Management presented the work on standardizing vocabulary, starting with an example of real terminology used decades ago that is nearly incomprehensible due to the same word (match) being used in different senses. The 2022 version of ISO/IEC DIS 2382-27 defines just over 200 terms, he says.

Fairness, presentation attacks and image quality

John Howard of The Maryland Test Facility spoke about the ISO/IEC 19795-10 standard for fairness in biometric systems, the inherent complexity of the concept, and the increasing imposition of requirements for fairness evaluations in law, regulations and procurement practices.

The vote for the final draft international standard of ISO 19795-10 began on Monday, and publication is expected in August. It outlines planning, executing and reporting evaluations, threshold selection, metrics and comparisons in different scenarios. Because false negative and positive differentials typically occur at very different scales, based on the thresholds set, the standard recommends against aggregating the two stats to judge system fairness.

Busch reviewed the ISO/IEC 30107 biometric presentation attack detection standard, including how to properly express PAD effectiveness, and how not to. Presentation attacks with makeup still deserve more attention going forward, he suggests.

More generally, Busch says that recommended thresholds for PAD and other evaluations may be useful to system operators.

Greg Fiumara of NIST presented the ISO/IEC 29794-4:2024 standard for fingerprint image quality, and its reference implementation, NFIQ 2 v2.3.

The new versions are going through bug fixes, including to restore high scores with the latest version of NFIQ, which stopped returning high scores (above 70) after a recent update. He described how NFIQ was retrained, and the work on how retraining should proceed that had to be completed first. The retrained NFIQ model now gives a similar distribution of scores to the previous version.

The voting on the 2024 update to the standard is being completed this week. Fiumara also presented a wish-list for future work, and more items were raised in the question-and-answer discussion, including a possible move to deep learning for NFIQ, and the need for assessment of contactless fingerprint images.

In the final presentation of the day, Grother examined ISO/IEC 29794-5, which covers face image quality. Voting on the draft international standard closed on June 21, and a comment resolution meeting will be held on July 16, illustrating the moving target each standard represents. The deadline for publication from ISO is March 3, 2025.

The Open Source Face Image Quality (OFIQ) assessment tool, is the reference implementation for the standard. It was funded by Germany’s BSI with cooperation from EU-LISA, and functions similarly to NIST’s NFIQ for fingerprints. OFIQ was released to GitHub earlier this year.

The standard for image quality assessment is as aligned as possible with the interoperability standard for facial images, 39794-5, Grother says, but there are some quality requirements in the latter that are simply too hard to test to be included in the former.

New ICAO biometric passport standard adds flexibility

Article Topics

biometric matching  |  biometric passport  |  biometrics  |  EAB  |  EAB 2024  |  ICAO  |  ICAO Passport Standards  |  ISO 29794-5  |  ISO 39794-5  |  ISO standards  |  NIST  |  Open Source Face Image Quality (OFIQ)  |  presentation attack detection