SIST-TS CEN/TS 16634:2014

SLOVENSKI STANDARD
SIST-TS CEN/TS 16634:2014
01-september-2014
2VHEQDLGHQWLILNDFLMD3ULSRURþLOD]DXSRUDERELRPHWULMHSULHYURSVNHP
DYWRPDWL]LUDQHPPHMQHPQDG]RUX
Personal identification - Recommendations for using biometrics in European Automated
Border Control
Persönliche Identifikation - Empfehlungen für den Einsatz von Biometrie bei der
automatisierten Grenzübergangskontrolle in Europa
Identification personnelle - Recommandations pour l’utilisation de la biométrie dans les
contrôles aux frontières automatisés en Europe
Ta slovenski standard je istoveten z: CEN/TS 16634:2014
ICS:
35.240.15 Identifikacijske kartice in Identification cards and
sorodne naprave related devices
SIST-TS CEN/TS 16634:2014 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TS CEN/TS 16634:2014

---------------------- Page: 2 ----------------------

SIST-TS CEN/TS 16634:2014

TECHNICAL SPECIFICATION
CEN/TS 16634

SPÉCIFICATION TECHNIQUE

TECHNISCHE SPEZIFIKATION
April 2014
ICS 35.240.15
English Version
Personal identification - Recommendations for using biometrics
in European Automated Border Control
Identification personnelle - Recommandations pour l'usage Persönliche Identifikation - Empfehlungen für den Einsatz
de la biométrie lors des contrôles automatisés aux von Biometrie bei der automatisierten
frontières de l'Europe Grenzübergangskontrolle in Europa
This Technical Specification (CEN/TS) was approved by CEN on 11 November 2013 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 16634:2014 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST-TS CEN/TS 16634:2014
CEN/TS 16634:2014 (E)
Contents Page
Foreword .3
Introduction .4
1 Scope .5
2 Terms and definitions .5
3 Abbreviated terms .8
4 ABC systems - an overview .9
4.1 Concept .9
4.2 Biometric references .9
4.3 Types of travel documents . 10
4.3.1 General . 10
4.3.2 National identity cards . 10
4.3.3 Biometric passports . 10
4.3.4 Schengen visa . 11
4.4 Topologies of ABC systems . 11
5 Biometric systems in ABC . 11
5.1 General recommendations . 11
5.1.1 Usability and accessibility . 11
5.1.2 Architecture . 13
5.1.3 Biometric security functions . 15
5.1.4 Logging, data protection and privacy. 20
5.2 Recommendations for face biometrics . 20
5.2.1 Condition for good quality sample acquisition . 20
5.2.2 Biometric verification and process design . 21
5.2.3 Security . 22
5.2.4 Usability and environment . 23
5.3 Recommendations for fingerprint biometrics . 23
5.3.1 Condition for good quality sample acquisition . 23
5.3.2 Biometric verification and process design . 24
5.3.3 Usability and environment . 24
5.4 Recommendations for iris biometrics . 25
5.4.1 Condition for good quality sample acquisition . 25
5.4.2 Biometric verification and process design . 26
5.4.3 Security . 27
5.4.4 Usability and environment . 27
Annex A (informative) Testing examples — Facial Images. 29
Annex B (informative) Example process for multi-camera systems for 3D face recognition . 30
Bibliography . 32

2

---------------------- Page: 4 ----------------------

SIST-TS CEN/TS 16634:2014
CEN/TS 16634:2014 (E)
Foreword
This document (CEN/TS 16634:2014) has been prepared by Technical Committee CEN/TC 224 “Personal
identification, electronic signature and cards and their related systems and operations”, the secretariat of
which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus,
Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany,
Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
3

---------------------- Page: 5 ----------------------

SIST-TS CEN/TS 16634:2014
CEN/TS 16634:2014 (E)
Introduction
European countries are increasingly deploying technological solutions to support border guard officers in
fulfilling their duties. Such solutions can consist of inspection systems that directly assist the officers in
screening travellers or of electronic kiosk and gates offering various degrees of automation.
Electronic Machine Readable Travel Documents (eMRTD) as defined in ICAO Document 9303 [27] can
contribute to a high degree of border automation. Under Council Regulation (EC) No 2252/2004 [21], EU
Member States nowadays issue electronic passports containing biometric data (facial image, two fingerprint
images). Ireland and UK are not bound by the Regulation and issue ePassports storing only the facial image
of the holder. Currently a number of European countries have deployed ABC systems which automate border
checks for EU citizens in possession of an electronic passport. The upcoming “Smart Borders Package” will
foresee the introduction of an EU Registered Traveller Programme [23]. This would allow certain groups of
frequent travellers (i.e. business travellers, family members, etc.) from third countries to enter the EU, subject
to appropriate pre-screening, using simplified border checks at ABC systems. The European Commission
proposes that this RTP makes maximum use of existing systems and tools, such as the Biometric Matching
System which underpins the Visa Information System (VIS) and the fingerprint scanners which are used for
this system.
There is a need to harmonize processes containing biometric elements, biometric technology tests and
reporting frameworks (in accordance with Bibliographical Entries [11], [12], [13]) and to link biometric
characteristics with supervision requirements.
This Technical Specification focuses on automated systems that can be supervised by an operator, but such
supervision is not a requirement for the biometric comparison subsystem. The level of supervision is an
operational decision that can be changed according to the needs of the operating authorities.
ABC systems can be classified into four profiles based on their document requirements:
• eMRTD based,
• MRTD based,
• Token other than MRTD - physical and logical, transferable,
• Tokenless.
Regarding the location of the eligibility check, ABC systems can be implemented as:
• One-Step Process,
• Integrated Two-Step Process,
• Segregated Two-Step Process.
This document has been drafted with the contribution of the European Agency for the Management of
Operational Cooperation at the External Borders of the Member States of the European Union (Frontex) and
was adopted by CEN after public enquiry and formal vote according to the CEN Rules of Procedure.
4

---------------------- Page: 6 ----------------------

SIST-TS CEN/TS 16634:2014
CEN/TS 16634:2014 (E)
1 Scope
This Technical Specification primarily focuses on biometric aspects of Automated Border Control (ABC)
systems. Drawing on the first European and international ABC deployments, it aims to disseminate best
practice experiences with a view to ensure consistent security levels in European ABC deployments.
Furthermore, the best practice recommendations given here shall help make border control authorities'
processes more efficient, speeding up border clearance, and delivering an improved experience to travellers.
ISO/IEC JTC1/SC 37 has published a series of standards dealing with biometric data coding, interfaces,
performance tests as well as compliance tests. In order to promote global interoperability it is essential that all
these standards are applied in European deployments. However, these standards do not consider national or
regional characteristics; in particular, they do not consider European Union privacy and data protection
regulation as well as European accessibility and usability requirements [22]. Thus, this Technical Specification
amends the ISO standards with respect to special European conditions and constraints.
The Technical Specification systematically discusses issues to be considered when planning and deploying
biometric systems for ABC and gives best practice recommendations for those types of systems that are or
will be in use in Europe. The document deals with personal identification including ergonomic aspects that
have an impact on the acquisition of biometric data.
Communication, infrastructure scalability and security aspects other than those related to biometrics are not
considered. This document also does not consider hardware and security requirements of biometric
equipment and does not recommend general border crossing procedures.
The enrolment process, e. g. for electronic passports, is out of scope of this document.
2 Terms and definitions
2.1
Automated Border Control (ABC) system
automated system which authenticates the electronic machine readable travel document or token, establishes
that the passenger is the rightful holder of the document or token, queries border control records, then
determines eligibility of border crossing according to the pre-defines rules
2.2
biometric capture
collection of, or attempt to collect a signal(s) from a biometric characteristic(s), or a representation(s) of a
biometric characteristic(s,) and conversion of the signal(s) to a captured biometric sample set [4]
2.3
biometric verification
process of confirming a biometric claim of the holder of an eMRTD through biometric comparison
2.4
border checks
checks carried out at border crossing points, to ensure that persons, including their means of transport and
the objects in their possession, may be authorized to enter the territory of the Member States or authorized to
leave it [24]
Note 1 to entry: See also “Border crossing point (BCP)”.
2.5
Border Crossing Point
BCP
crossing point authorized by the competent authorities for the crossing of external borders [24]
5

---------------------- Page: 7 ----------------------

SIST-TS CEN/TS 16634:2014
CEN/TS 16634:2014 (E)
2.6
border guard
public official assigned, in accordance with national law, to a border crossing point or along the border or the
immediate vicinity of that border who carries out, in accordance with the Schengen Borders Code and national
law, border control tasks [24]
2.7
border management authority
public law enforcement institution which, in accordance with national law, is responsible for border control
2.8
database
application storing a structured set of data and allowing for the management and retrieval of such data
EXAMPLE The Schengen Information System (SIS) is a joint information system that enables the competent
authorities in each Member State of the Schengen area, by means of an automated search procedure, to have access to
alerts on persons and property for the purposes of border checks and other police and customs checks carried out within
the country in accordance with national law and, for some specific categories of alerts (those defined in Article 96 of the
Schengen Convention), for the purposes of issuing visas, residence permits and the administration of legislation on aliens
in the context of the application of the provisions of the Schengen Convention relating to the movement of persons.
Note 1 to entry: See also “Schengen area” and “Watch List”.
2.9
database hit
instance of identifying an item of data which matches the requirements of a search
Note 1 to entry: See also “Database” and “Watch List”.
2.10
digital mirror
display showing the horizontally mirrored live image of the camera's capturing area
2.11
eGate
one of the components of an ABC system, consisting of a physical barrier operated by electronic means
2.12
eID
electronically enabled card that may be used as an identity document (typically compliant to ICAO Doc 9303
Part 3 [27])
2.13
ePassport
A machine readable passport (MRP) containing a contactless integrated circuit (IC) chip within which is stored
data from the MRP data page, one or more biometric samples of the passport holder, and a security object to
protect the data with Public Key Infrastructure (PKI) cryptographic technology, and which conforms to the
specifications of ICAO Doc 9303, Part 1 [27]
2.14
EU citizen
person having the nationality of an EU Member State, within the meaning of Article 20(1) of the Treaty on the
Functioning of the European Union
2.15
Frontex
European Agency for the Management of Operational Cooperation at the External Borders of the Member
States of the European Union [29]
6

---------------------- Page: 8 ----------------------

SIST-TS CEN/TS 16634:2014
CEN/TS 16634:2014 (E)
2.16
impostor
subversive biometric capture subject who attempts to be matched to someone else’s biometric reference [4]
2.17
Machine Readable Zone
MRZ
area on a passport containing two lines of data (three lines on a TD-1 card) that are printed using a standard
format and font as explained in ICAO Doc 9303
Note 1 to entry: See also “Visual Inspection Zone (VIZ)”.
2.18
member state
country which is member of the European Union
Note 1 to entry: Within the context of the present Recommendations, the term also applies to those countries that, not
being EU members, take part in the Schengen area. See also “Schengen area”.
2.19
Machine Readable Travel Document
MRTD
official document (e.g. passport, visa), conforming with the specifications contained in ICAO Doc 9303, issued
by a State or organization which is used by the holder for international travel (e.g. passport, visa, MRTD) and
which contains mandatory visual (eye readable) data and a separate mandatory data summary in a format
which is capable of being read by machine
2.20
operator
border guard officer who is responsible for the remote monitoring and control of the ABC system and whose
tasks typically include:
a) monitor the user interface of the application;
b) react upon any notification given by the application;
c) manage exceptions and make decisions about them;
d) communicate with the assisting personnel for the handling of exceptions at the eGates;
e) monitor and profile travellers queuing in the ABC line and using the eGates looking for suspicious
behaviour in travellers; and
f) communicate with the border guards responsible for second line checks whenever their service is needed
2.21
presentation attack
person can conduct a presentation attack by using artificial or non-living biometrics [4]
2.22
Registered Traveller Programme
RTP
scheme aiming to facilitate border crossing for frequent, pre-vetted and pre-screened travellers, often making
use of ABC systems
7

---------------------- Page: 9 ----------------------

SIST-TS CEN/TS 16634:2014
CEN/TS 16634:2014 (E)
2.23
Schengen Area
area without internal border control which encompasses 26 European countries, including all EU Member
States except Bulgaria, Croatia, Cyprus, Ireland, Romania and the United Kingdom, as well as four non EU
countries, namely Iceland, Lichtenstein, Norway and Switzerland, and which takes its name from the
Schengen Agreement signed in Schengen, Luxembourg, in 1985 and later incorporated into the EU legal
framework by the 1997 Treaty of Amsterdam
2.24
spoof attack
attack on a biometric system wherein an artefact is presented to a sensor for the purpose of being enrolled or
recognized, or for the purpose of circumventing an enrolment or recognition process
2.25
third country national
person who is not an EU citizen within the meaning of Article 20(1) of the Treaty on the Functioning of the
European Union and who is not a person enjoying the Union right to freedom of movement, as defined in
Article 2(5) of the Schengen Borders Code
2.26
Visual Inspection Zone
VIZ
portions of the MRTD (data page in the case of an ePassport) designed for visual inspection, i.e. front and
back (where applicable), not defined as the MRZ
Note 1 to entry: See also “Machine Readable Zone (MRZ)”.
2.27
watch list
list of individuals, groups, or items that require close surveillance
3 Abbreviated terms
ABC Automated Border Control
BCP Border Crossing Point
CEN European Committee for Standardization
DG2 Data Group 2 (eMRTD face image)
DG3 Data Group 3 (eMRTD fingerprint image)
DET Detection Error Trade-off
EEA European Economic Area
eMRTD Electronic MRTD
EU European Union
EU/EEA/CH European Union/European Economic Area/ Switzerland
FAR False accept rate
FRR False reject rate
ICAO International Civil Aviation Organization
IR Infrared
ISO International Organization for Standardization
JPEG Joint Photographic Experts Group
8

---------------------- Page: 10 ----------------------

SIST-TS CEN/TS 16634:2014
CEN/TS 16634:2014 (E)
JPG JPEG compression format for images
JPG2000 JPEG 2000 compression format for images
MRTD Machine Readable Travel Document
MRZ Machine Readable Zone
MS Member State of the Schengen Agreement
PC Personal Computer
RFID Radio Frequency Identification
RTP Registered Traveller Programme
SC Subcommittee
SDK Software Development Kit
TC Technical Committee
TCN Third Country Nationals
TS Technical Specification
UV Ultraviolet
VIS Visa Information System
VIZ Visual Inspection Zone
WG Working Group
4 ABC systems - an overview
4.1 Concept
An ABC system “authenticates the eMRTD, establishes that the traveller is the rightful holder of the document,
queries border control records, then automatically determines eligibility for border crossing according to pre-
defined rules” [28].
An ABC solution checks the authenticity of the travel document presented by a traveller and the traveller's
ownership of that document using his/her biometric data. An eMRTD based ABC system may make use of all
the biometric modalities recommended by ICAO, i.e. face, finger and iris. While other biometric modalities
could be used for ABC, this TS concentrates on the ones approved by ICAO.
As ABC systems might also be based on another token than an eMRTD or might be tokenless, the
authenticity check of the travel document might have been done at the time of enrolment for the system.
An important issue concerns the need for clearly defined protocols when failures appear in a fully automatic
system (without human supervision). Failures can lead to genuine user rejection or problems with outliers
(i.e. people that have difficulty in fully showing their face due to cultural reasons). In such situations, and in
order to avoid raising acceptance issues, an alternative procedure can be needed. Such an alternative
procedure can consist of performing border checks in a dedicated, assisted border control booth. The
definition of these protocols is out of scope of this Technical Specification.
4.2 Biometric references
The use of biometric data is the key for ensuring a close binding between the person and the document.
As described in [26] two general types of ABC systems can be identified in relation to their use of biometric
references, token-based or tokenless:
9

---------------------- Page: 11 ----------------------

SIST-TS CEN/TS 16634:2014
CEN/TS 16634:2014 (E)
• Token based systems require the traveller to present a token (eMRTD, MRTD or any other issued or
approved token) to the system, in order to provide additional authentication information or biometric
references.
• If local legislation does not require the presentation of a travel document for border crossing, it is possible
to rely only on live biometrics capture of pre-enrolled qualified (vetted) travellers at the time of the border
crossing. In this case immediate (1:N) comparison against an up-to-date list of authorized travellers would
take place without any document inspection during the ABC process. Legislation might require that
travellers carry a valid travel document even if this document does not have to be presented for
inspection.
This document focuses on the biometric aspects of both types of ABC solutions.
4.3 Types of travel documents
4.3.1 General
Usually, travellers wishing to enter the European Union are required to carry a passport as a travel document
compliant with the ICAO Doc 9303 attesting the holders’ nationality and their demographic data. Personal
identification information is available both in printed form on the data page of the document, as well as stored
in the RFID chip (ISO/IEC 14443 [6]) complying with the ICAO Doc 9303 for national identity documents. It
therefore carries the capabilities for biometric identification using a facial comparison system external to the
document itself. The following travel ID documents are currently in use or could be used in the future for ABC
in the Member States:
• ePassports issued to EU/EEA/CH citizens;
• National ID cards (in Germany and Spain for their own citizens).
In the future, if legislation and technical means allow it, other documents e.g. ePassports of third country
nationals (visa waiver), registered traveller cards and Schengen visa could also be used.
4.3.2 National identity cards
Electronic national identity cards are used in a number of countries including the EU/EEA/CH. Such cards
identify physically and/or electronically a person as a national of the issuing country, and accredit the
biographic data of that person. They store personal identification information both in the VIZ of the document
as well as in the MRZ according to ICAO Doc 9303 Part 3. National ID cards issued by the Member States are
accepted as travel documents entitling the holder to cross the external borders in the EU/Schengen context.
Some national ID cards provide eID capabilities using biometric functionality for “comparison-on-card” as well
as for “comparison-off-card” in accordance with the standards for 2nd generation electronic passports.
CEN/TS 15480 (all parts) standardizes these documents [2].
Currently, national eID cards can be used only in a limited number of ABC systems and by own citizens of the
deploying country although greater interoperability may be achieved in the future.
4.3.3 Biometric passports
Such passports are travel documents compliant with ICAO Doc 9303 Part 1. They attest the nationality and
the biographic data of a certain person. Personal identification information is stored in the VIZ and in the MRZ
of the document, as well as in the RFID chip complying with ICAO Doc 9303. Biometric passports carry
reference data for two types of biometric identification:
• a facial image is stored in all biometric passports.
10

---------------------- Page: 12 ----------------------

SIST-TS CEN/TS 16634:2014
CEN/TS 16634:2014 (E)
• depending on the country of issuance the passport may store, in addition, the images of the two (in the
most cases) index fingerprints, the two iris images, or both; using fingerprints is mandatory for all
countries bound by Regulation EC 2252/2004 [21].
Biometric passports have no biometric verification capabilities (facial, and/or fingerprint or iris), thus external
verification units are required for the automated biometric verification of the passport holder.
4.3.4 Schengen visa
Nationals of certain countries require a visa in order to cross the borders of the Schengen area. Personal
identification information is printed in the VIZ as well as in the MRZ of the document.
Additionally, the Schengen biometric visa, issued by EU/EEA/CH countries covered by Schengen
agreements, contains reference to fingerprint data stored in the European Visa Information System (VIS). If
future legislation allows it, such visas could be used in ABC systems.
4.4 Topologies of ABC systems
In general there are three topologies of ABC systems in use:
• one-step process which combines the verification of the traveller and their passage through the border;
this design allows the traveller to complete the whole transaction in one single process without the need
to move to another stage;
• integrated two-step process, which is a variation on the one-step design described above: the difference
between the two topologies is that in an ABC system designed as an integrat
...