ISO IEC 30107-4-2024 PDF

Full title and description

ISO/IEC 30107-4:2024 — Information technology — Biometric presentation attack detection — Part 4: Profile for testing of mobile devices. This profile specifies requirements and test approaches for evaluating presentation attack detection (PAD) mechanisms implemented on mobile devices with local biometric recognition and on biometric modules integrated into mobile devices. It lists mobile-specific requirements drawn from ISO/IEC 30107-3 and introduces additional best-practice values and approaches tailored to closed mobile systems.

Abstract

This document provides a focused profile for PAD testing on mobile devices. It identifies which requirements of ISO/IEC 30107-3 apply to mobile contexts, defines an “Approach in PAD Tests for Mobile Devices” for each requirement, and—where appropriate—gives numeric guidance or ranges as best practices. The profile applies to closed/standalone mobile devices or biometric modules with on-device recognition and is not intended for devices that perform solely remote biometric recognition. The threat model is limited to attacks at the capture device during presentation.

General information

• Status: Published.
• Publication date: 7 February 2024 (Edition 2, 2024-02).
• Publisher: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) — JTC 1/SC 37 (Biometrics).
• ICS / categories: 35.240.15 (Identification cards; Chip cards; Biometrics).
• Edition / version: Edition 2 (2024).
• Number of pages: 14 (official ISO record).

Scope

The standard is a mobile-specific testing profile for biometric presentation attack detection. It applies to mobile devices that operate as closed systems (local, on-device biometric recognition) and to biometric modules embedded in mobile devices. It excludes mobile devices that rely exclusively on remote biometric recognition. The attacks considered are those performed at the capture device during presentation; system-level or network/remote attacks are outside the scope. For each applicable requirement from ISO/IEC 30107-3 the profile prescribes an approach to testing in the mobile context and, where useful, provides numeric guidance as best practice.

Key topics and requirements

• Defines mobile-focused test approaches for PAD requirements drawn from ISO/IEC 30107-3.
• Specifies applicability limits (closed/local recognition vs. remote-only systems) and the capture-device threat model.
• Provides best-practice numerical guidance or ranges for certain test parameters where appropriate for mobile sensors and user interactions.
• Addresses testing of biometric modules integrated into mobile devices as well as full mobile devices.
• Organizes test approaches as “Approach in PAD Tests for Mobile Devices” entries, linking test requirements to mobile-specific conditions (sensor type, user ergonomics, environment).

Typical use and users

Primary users include mobile device manufacturers, biometric sensor and module vendors, PAD algorithm developers, independent test laboratories and conformity assessment bodies, procurement teams evaluating mobile biometric solutions, security architects designing authentication flows, and regulators or certification schemes that reference international PAD testing profiles. Test labs use the profile to design and report mobile PAD evaluations; vendors use it to prepare implementations for testing and compliance.

Related standards

Part of the ISO/IEC 30107 series on biometric presentation attack detection. Closely related and referenced documents include: ISO/IEC 30107-1 (Framework and terms — Edition 2, 2023) and ISO/IEC 30107-3 (Testing and reporting — Edition 2, 2023). This part (‑4) takes test requirements from 30107-3 and adapts them for mobile devices. The 2024 edition of 30107-4 replaces the 2020 edition.

Keywords

presentation attack detection, PAD, biometric liveness, mobile devices, mobile biometrics, biometric module testing, ISO/IEC 30107-4, PAD testing profile, closed systems, on-device recognition.

FAQ

Q: What is this standard?

A: ISO/IEC 30107-4:2024 is the part of the ISO/IEC 30107 series that defines a testing profile for presentation attack detection mechanisms specifically on mobile devices and embedded biometric modules. It prescribes mobile-specific test approaches and best-practice guidance.

Q: What does it cover?

A: It covers requirements and recommended approaches for evaluating PAD on mobile devices that perform on-device biometric recognition (closed systems). It adapts and selects relevant requirements from ISO/IEC 30107-3 and adds mobile-specific guidance, and it limits the threat model to attacks at the capture device during presentation. Remote-only biometric systems are excluded.

Q: Who typically uses it?

A: Mobile OEMs, sensor/module vendors, biometric algorithm developers, independent conformity assessment and test laboratories, procurement and compliance teams, security architects and regulators referencing PAD test profiles. Test labs use it to design mobile PAD evaluations; vendors use it to prepare solutions for testing.

Q: Is it current or superseded?

A: Current. The 2024 edition (Edition 2, published February 2024) is the active version and replaces the earlier 2020 edition (which was withdrawn).

Q: Is it part of a series?

A: Yes — it is Part 4 of the ISO/IEC 30107 series on biometric presentation attack detection. Other parts include ISO/IEC 30107-1 (framework/terms) and ISO/IEC 30107-3 (testing and reporting), which are closely related.

Q: What are the key keywords?

A: PAD, presentation attack detection, mobile biometrics, on-device recognition, biometric module testing, liveness detection, ISO/IEC 30107-4.