ISO/IEC TS 19795-9:2019 情報技術—生体認証のパフォーマンステストとレポート—パート9：モバイルデバイスでのテスト | ページ 2

Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives ).

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents ) or the IEC list of patent declarations received (see http://patents.iec.ch ).

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html .

This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 37, Biometrics.

A list of all parts in the ISO/IEC 19795 series can be found on the ISO website.

Introduction

The development of a mass-market in connected mobile devices, e.g. smartphones and tablets, has allowed users the convenience of accessing remotely a variety of services which previously needed face-to-face interactions or to have physical access to the service provider’s infrastructure.

For some services, convenience should nevertheless remain secondary to the security needs. These services include for example remote payment on commercial websites, banking transactions or certified signing of official documents. To allow these trustful interactions, the need of reliable user authentication is of paramount importance.

One way to certify the user’s identity is to implement biometric authentication ability in the device.

It is then important to properly evaluate the accuracy of biometric authentication to ensure that security is strong enough to allow mobile sensible transactions.

Several biometric modalities are widely utilized in consumer-focused mobile devices. Evaluation of biometric performance for all of these modalities should be consistent and follow the same guidelines, methodologies and requirements. Nevertheless, some modality specific considerations should also be addressed when conducting an evaluation. This document provides a general framework usable for all modalities as well as dedicated recommendations when needed.

ISO/IEC 19795-1 describes three types of biometric performance evaluations: technology, scenario and operational evaluations. ISO/IEC TR 30125^[1] recommends scenario evaluation as the most proper type of evaluation for testing biometric performance on mobile devices.

A scenario evaluation is an “end-to-end” biometrics evaluation in which the full system is tested with a careful control of the surrounding conditions. However, when applying this type of evaluation to biometric systems working on mobile devices, testing and reporting methods should consider the particularities and constraints of these use cases.

1 Scope

This document provides guidance for performance testing of biometrics when this technology is used on mobile devices with local biometric authentication to improve authentication assurance.

This document aims to:

• Provide guidance for affordable and cost-efficient testing and reporting methods for performance assessment at a full system level of biometric systems embedded in mobile devices with offline evaluation of false accept rate (FAR) claims.
• Define modality-specific considerations of these methods.
• This document is applicable to:
• verification use cases related to secure transactions.

This document is not applicable to:

• privacy aspects;
• secure authentication from mobile device to server;
• testing and reporting for presentation attack detection (PAD) mechanisms in mobile devices;
• performance testing of biometric sub-systems such as acquisition sub-system or comparison sub-system;
• continuous authentication.

2 Normative references

The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 2382-37, ISO/IEC 19795-1 and the following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

Bibliography