Topic-specific policies
ISO/IEC 27553


Search this site
 
ISMS templates

< Previous standard      ^ Up a level ^      Next standard >

 

ISO/IEC 27553 — Information technology — Security techniques — Security and privacy requirements for authentication using biometrics on mobile devices [2 parts, both DRAFT]

 

Introduction

This standard will provide high-level requirements for biometric authentication on mobile devices, including functional components and communications.

Biometrics are increasingly used for user authentication on mobile devices.  They are easier to use and harder to steal or fake than conventional passwords and tokens. However, proliferating devices and approaches are fragmenting the market, hence standardization offers advantages for users and manufacturers.

This standard will outline commonplace information risks that biometric authentication methods should normally address.

 

 

ISO/IEC 27553-1  — Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using biometrics on mobile devices Part 1: Local modes [DRAFT]

  • Abstract: [TBA]
  • Scope: the standard “provides high-level security and privacy requirements for authentication using biometrics on mobile devices, including security and privacy requirements for functional components and for communication.”.  It “is applicable to the cases that the biometric data and derived biometric data do not leave the device, i.e. local modes.”
  • Update June Content: the main sections are
    • Security challenges
    • System description
    • Information assets
    • Threat analysis
    • Security requirements and recommendations
    • Privacy considerations

    and annexes:

    • Implementation example
    • Security issues related to communication between agents and servers for authentication using biometric on mobile devices (!)
    • An example of Authentication assurance and assurance levels
  • Status update June Status: drafting started in 2018. The standard is at Final Draft International Standard stage and is due to be published by November 2022.

 

 

ISO/IEC 27553-2  — Information technology — Security techniques — Security and Privacy requirements for authentication using biometrics on mobile devices Part 2: Remote modes [DRAFT]

  • Abstract: [TBA]
  • Scope: [TBA]
  • Content: [TBA]
  • Status: part 2 is at Preliminary Work Item stage.

 

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2022 IsecT Ltd.