ISO/IEC 30107: A certification scheme for biometric products and services
May 2023 is marked by the official launch of our ISO/IEC 30107 standard certification scheme, made in partnership with CLR Labs, and our first certificate was issued for the VideoIdent, a product from IDnow.
What is the ISO/IEC 30107 standard? How does the LSTI/CLR Labs partnership work on this certification scheme? Who is concerned about this certification? Here are some answers.
The standard
Published in 2017, the ISO/IEC 30107 standard defines the security measures and the tests that need to be carried out to prevent attacks and protect remote identity verification systems.
It defines the possible attacks during the capture of biometric data during the process of identity verification. These attacks are called “Presentation attacks” and the mechanisms to detect them are called “Presentation Attacks Detection” or PAD. This is the reason why the standard covers both the security measures to be put in place and the tests to be carried out to assess their safety.
The certification
The certification scheme on this standard is possible thanks to the partnership between CLR Labs and LSTI.
All tests and evaluation work are carried out by CLR Labs, which includes testing with presenting attacks (type 1 attacks) but also by injecting biometric data (type 2 attacks).
LSTI then steps in to assess the conformity of these evaluations and issue the ISO/IEC 30107 certificate for the product or service assessed.
To this date, the only certification scheme available was from the United States. In Europe, only compliance projects have been carried out so far. A certification offer made in Europe is therefore now on the market to certify and guarantee remote identity verification offers.
The products and services concerned
This certification scheme can apply to many products and services such as:
- Identity enrollment stations and booths
- Automatic border crossing gates,
- Biometric readers,
- “Entry-exit” systems,
- Digital wallets,
- Trust service providers
- And all other products with biometric technologies.
This certification is therefore aimed at any company in the field of remote identity verification that wishes to offer an additional guarantee of the security of its products and services.