""

ISO/IEC 30107: A certification scheme for biometric products and services

Top News05/23/2023
May 2023 sees the official launch of the ISO/IEC 30107 certification scheme in partnership with CLR Labs, with our first certificate issued for IDnow's VideoIdent product.

But what is the 30107 standard? How does the LSTI/CLR Labs partnership work on this certification scheme? Who is concerned by this certification? Here are some answers.

The standard

Published in 2017, ISO/IEC 30107 defines the security measures and tests to be carried out for the prevention and protection of remote identity verification systems.

It defines possible attacks when capturing biometric data for identity verification. These attacks are called "Presentation attacks", and the mechanisms for detecting them are called "Presentation Attacks Detection" or PAD. For this reason, it covers both the security measures to be implemented, and the tests to be carried out to assess their security.

Certification

The certification scheme for this standard is made possible by a partnership between CLR Labs and LSTI.

All testing and evaluation work is carried out by CLR Labs, including presentation attacks (type 1 attacks) and biometric data injection tests (type 2 attacks).

LSTI then assesses the conformity of these evaluations and issues the ISO/IEC 30107 certificate for the evaluated product or service.

To date, this certification scheme is the only one of its kind in Europe. Until the creation of this initiative, audits, tests and conformity assessments were the norm in Europe. A certification option existed, but the offer in question was American.

A made-in-Europe certification offer is now on the market to certify and guarantee remote identity verification services.

  • 1 - Project definition
    1 - Project definition

    The project definition includes all three parties: the customer being assessed, the laboratory and the conformity assessment body.

  • 2 - Laboratory tests
    2 - Laboratory tests

    Presentation attacks and biometric data injection tests carried out by CLR Labs.

  • 3 - Conformity assessment
    3 - Conformity assessment

    LSTI assesses the conformity of tests and evaluations carried out by CLR Labs, to ensure compliance with ISO/IEC 30107.

  • 4 - Adjustments
    4 - Adjustments

    As with any cyber compliance certification project, numerous inspection reports are issued. These must be taken into account by the company as it moves towards compliance.

  • 5 - Issuing the certificate
    5 - Issuing the certificate

    If the evaluated biometric product or service meets all the evaluation criteria, a certificate of conformity to ISO/IEC 30107 is issued by LSTI, valid for 3 years.

  • 1 - Project definition
    1 - Project definition

    The project definition includes all three parties: the customer being assessed, the laboratory and the conformity assessment body.

  • 2 - Laboratory tests
    2 - Laboratory tests

    Presentation attacks and biometric data injection tests carried out by CLR Labs.

  • 3 - Conformity assessment
    3 - Conformity assessment

    LSTI assesses the conformity of tests and evaluations carried out by CLR Labs, to ensure compliance with ISO/IEC 30107.

  • 4 - Adjustments
    4 - Adjustments

    As with any cyber compliance certification project, numerous inspection reports are issued. These must be taken into account by the company as it moves towards compliance.

  • 5 - Issuing the certificate
    5 - Issuing the certificate

    If the evaluated biometric product or service meets all the evaluation criteria, a certificate of conformity to ISO/IEC 30107 is issued by LSTI, valid for 3 years.

  • 1 - Project definition
    1 - Project definition

    The project definition includes all three parties: the customer being assessed, the laboratory and the conformity assessment body.

  • 2 - Laboratory tests
    2 - Laboratory tests

    Presentation attacks and biometric data injection tests carried out by CLR Labs.

  • 3 - Conformity assessment
    3 - Conformity assessment

    LSTI assesses the conformity of tests and evaluations carried out by CLR Labs, to ensure compliance with ISO/IEC 30107.

  • 4 - Adjustments
    4 - Adjustments

    As with any cyber compliance certification project, numerous inspection reports are issued. These must be taken into account by the company as it moves towards compliance.

  • 5 - Issuing the certificate
    5 - Issuing the certificate

    If the evaluated biometric product or service meets all the evaluation criteria, a certificate of conformity to ISO/IEC 30107 is issued by LSTI, valid for 3 years.

Products and services concerned

This certification scheme can be applied tò many products and services such as:

  • Identity enrolment stations and booths,
  • Automatic border crossing gates,
  • Biometric readers,
  • entry-exit systems,
  • Digital Wallets,
  • Trusted service providers,
  • And all other products incorporating biometric technologies.

It is therefore aimed at all companies in the remote identity verification sector who wish to offer an additional guarantee of the security of their products and services.

Discover our news