ISO IEC 30107-1-2023 PDF

Full title and description

Information technology — Biometric presentation attack detection — Part 1: Framework. This international standard (ISO/IEC 30107-1:2023, 2nd edition) defines a common framework, vocabulary and basic concepts for presentation attack detection (PAD) in biometric systems — establishing terms and definitions useful for the specification, characterization and evaluation of PAD methods while explicitly excluding specification of particular algorithms, sensor designs or overall system‑level vulnerability assessments.

Abstract

This document establishes the terminology and conceptual framework used across the ISO/IEC 30107 series to describe presentation attacks (attacks at the biometric capture device) and PAD mechanisms. It is intended to enable consistent specification, reporting and discussion of PAD performance and behaviour; it does not standardize specific PAD algorithms, sensors, countermeasures or provide system‑level security assessments.

General information

• Status: Published.
• Publication date: 10 August 2023 (second edition published in August 2023).
• Publisher: Published as an ISO/IEC joint International Standard (ISO/IEC JTC 1/SC 37 — Biometrics).
• ICS / categories: 35.240.15 (Identification cards; Chip cards; Biometrics).
• Edition / version: Edition 2 (2023).
• Number of pages: 11 pages (ISO master text — national publications/adoptions may include additional national front matter).

Scope

ISO/IEC 30107-1:2023 covers presentation attacks that occur at the biometric capture device during the presentation and collection of biometric characteristics. It defines terms and concepts for PAD mechanisms, their inputs and outputs, and how PAD relates to biometric system architecture. Attacks or compromises outside the capture/presentation step (for example, network interception, template database attacks or sensor tampering outside the presentation event) are outside the scope of this part.

Key topics and requirements

• Standardized terminology and definitions for PAD concepts (e.g., bona‑fide presentation, presentation attack, presentation attack instrument, liveness, PAD decision/output).
• Framework for characterizing presentation attacks (taxonomies such as artefact vs human‑based attacks, impostor vs concealer presentations).
• Classification of PAD mechanism types and how PAD fits into the biometric acquisition and decision pipeline.
• Guidance on PAD outputs (decisions, scores and metadata) and conformance concepts to support consistent reporting and interoperability.
• Statement of exclusions — no prescription of specific countermeasures, algorithms, sensor designs or broader system vulnerability assessments.

Typical use and users

Used by standards adopters, biometrics system architects, PAD vendors, test laboratories, procurement teams and regulators to: clarify terminology; specify PAD requirements in procurement and product specifications; align reporting formats with Parts 2 and 3 of the series; and provide a consistent foundation for PAD testing, evaluation and interoperability work.

Related standards

ISO/IEC 30107 is a multipart series. Relevant companion parts include: Part 2 — Data formats (ISO/IEC 30107-2:2017) which defines PAD data interchange formats, and Part 3 — Testing and reporting (ISO/IEC 30107-3:2023) which specifies principles and methods for PAD performance assessment and reporting. Implementers should use Part 1 together with Parts 2 and 3 to ensure consistent specification, data exchange and evaluation.

Keywords

Biometrics, presentation attack detection (PAD), liveness, presentation attack instrument (PAI), spoof detection, PAD framework, biometric acquisition, PAD score, PAD decision, ISO/IEC 30107.

FAQ

Q: What is this standard?

A: ISO/IEC 30107-1:2023 is the second‑edition framework standard that defines the vocabulary, concepts and scope for biometric presentation attack detection (PAD) — the part of biometric security that addresses attacks presented to capture devices.

Q: What does it cover?

A: It covers definitions, conceptual frameworks and how PAD integrates into biometric systems. It addresses attacks that occur during presentation to the capture device and specifies what is in‑scope and out‑of‑scope for PAD standardization (it does not prescribe specific algorithms, sensors or system‑level security assessments).

Q: Who typically uses it?

A: System architects, PAD product developers, test labs, procurement officers and policy/regulatory bodies use this part to ensure consistent terminology, to write clear PAD requirements and to align testing and reporting with Parts 2 and 3.

Q: Is it current or superseded?

A: Current — ISO/IEC 30107-1:2023 is the active second edition, published in August 2023, and supersedes ISO/IEC 30107-1:2016.

Q: Is it part of a series?

A: Yes — it is Part 1 of the ISO/IEC 30107 series. See Part 2 (Data formats, 2017) and Part 3 (Testing and reporting, 2023) for complementary specifications that together support consistent PAD implementation, data interchange and evaluation.

Q: What are the key keywords?

A: Key keywords include: presentation attack detection, PAD, liveness detection, presentation attack instrument (PAI), spoofing, biometric acquisition, PAD score, PAD decision and biometric security.