Topic-specific policies
ISO/IEC 27553


Search this site
 
ISMS templates

< Previous standard      ^ Up a level ^      Next standard >

 

ISO/IEC 27553 — Information technology — Security techniques — Security and privacy requirements for authentication using biometrics on mobile devices [2 parts, both DRAFT]

 

Introduction

This standard will provide high-level requirements for biometric authentication on mobile devices, including functional components and communications.

Biometrics are increasingly used for user authentication on mobile devices.  They are easier to use and harder to steal or fake than conventional passwords and tokens. However, proliferating devices and approaches are fragmenting the market, hence standardization offers advantages for users and manufacturers.

This standard will outline commonplace information risks that biometric authentication methods should normally address.

 

 

ISO/IEC 27553-1  — Information technology — Security techniques — Security and Privacy requirements for authentication using biometrics on mobile devices Part 1: Local modes [DRAFT]

  • Abstract: “This document provides high-level security and privacy requirements for authentication using biometrics on mobile devices, including security and privacy requirements for functional components and for communication. This document is applicable to the cases that the biometric data and derived biometric data does not leave the device, i.e., local modes.” [Source: SC 27 Standing Document 11 (2021)]
  • Scope: TBA.
  • Content: TBA.
  • Status update April Status: drafting started in 2018. The standard is at Draft International Standard stage and is due to be published by November 2022.

 

 

ISO/IEC 27553-2  — Information technology — Security techniques — Security and Privacy requirements for authentication using biometrics on mobile devices Part 2: Remote modes [DRAFT]

  • Abstract: “This document provides high-level security and privacy requirements for authentication using biometrics on mobile devices, including security and privacy requirements for functional components, for communication and for remote processing. This document is applicable to remote modes, i.e., the cases that:
    • the biometric sample is captured through mobile devices;
    • the biometric data or derived biometric data are transmitted between the mobile devices and the remote services in either or both directions.
       

    The cases that the biometric data or derived biometric data never leave the mobile devices (i.e., local modes) are out of scope for this document”

    [Source: SC 27 Standing Document 11 (2021)]

  • Scope: TBA.
  • Content: TBA.
  • Status: this part is at Preliminary Work Item stage.

 

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2022 IsecT Ltd.