< Previous standard ^ Up a level ^ Next standard >
ISO/IEC 27553 — Information technology — Security techniques — Security and privacy requirements for authentication using biometrics on mobile devices [2 parts, both DRAFT]
Introduction
This standard will provide high-level requirements for biometric authentication on mobile devices, including functional components and communications.
Biometrics are increasingly used for user authentication on mobile devices. They are easier to use and harder to steal or fake than conventional passwords and tokens. However, proliferating devices and approaches are fragmenting the market, hence standardization offers advantages for users and manufacturers.
This standard will outline commonplace information risks that biometric authentication methods should normally address.
ISO/IEC 27553-1 — Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using biometrics on mobile devices — Part 1: Local modes [DRAFT]
- Abstract: [TBA]
- Scope: the standard “provides high-level security and privacy requirements for authentication using biometrics on mobile devices, including security and privacy requirements for functional components and for communication.”. It “is applicable to the cases that the biometric data and derived biometric data do not leave the device, i.e. local modes.”
Content: the main sections are
- Security challenges
- System description
- Information assets
- Threat analysis
- Security requirements and recommendations
- Privacy considerations
and annexes:
- Implementation example
- Security issues related to communication between agents and servers for authentication using biometric on mobile devices (!)
- An example of Authentication assurance and assurance levels
Status: drafting started in 2018. The standard is at Final Draft International Standard stage and is due to be published by November 2022.
ISO/IEC 27553-2 — Information technology — Security techniques — Security and Privacy requirements for authentication using biometrics on mobile devices — Part 2: Remote modes [DRAFT]
- Abstract: [TBA]
- Scope: [TBA]
- Content: [TBA]
- Status: part 2 is at Preliminary Work Item stage.
< Previous standard ^ Up a level ^ Next standard >
|