ISO IEC 30107-2-2017 PDF

Full title and description

ISO/IEC 30107-2:2017 — Information technology — Biometric presentation attack detection — Part 2: Data formats. This part of the ISO/IEC 30107 series specifies generic data interchange formats (a binary format and an XML schema) for conveying the mechanism used in presentation attack detection (PAD) at the sensor and for recording PAD results. It defines how PAD metadata and detection outcomes are structured for storage and exchange between systems and components.

Abstract

Defines data formats to represent presentation attack detection mechanisms and results for biometric systems. The document provides a binary representation and an XML schema to enable interoperable exchange of PAD information across applications and platforms. The scope is limited to attacks that occur at the sensor during presentation; cryptographic protection of PAD data is outside the standard's scope (though PAD data may be embedded in biometric information records that include optional security blocks).

General information

• Status: Published (International Standard; confirmed following systematic review).
• Publication date: December 2017 (published 2017-12); confirmation of the publication recorded in 2024 (systematic review completed 6 September 2024).
• Publisher: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), developed by ISO/IEC JTC 1/SC 37.
• ICS / categories: 35.240.15 (Biometrics).
• Edition / version: Edition 1 (2017).
• Number of pages: 17.

Scope

Specifies generic data interchange formats for representing (1) the PAD mechanism or method used during biometric capture at the sensor, and (2) the results produced by PAD methods. The formats (binary and XML) are application‑agnostic and intended to support a wide range of modalities and deployment scenarios. The standard only addresses presentation attacks that occur at the sensor during the presentation of biometric characteristics; other attack types and cryptographic protections for stored/transmitted PAD data are explicitly out of scope.

Key topics and requirements

• Definition of two PAD data interchange formats: a compact binary format and an XML schema for descriptive and transportable PAD data.
• Structures for encoding PAD method descriptors (mechanism metadata), configuration parameters and versioning.
• Structures for encoding PAD outcomes and result metadata (e.g., classification result, confidence scores, timestamps, sensor identifiers).
• Interoperability considerations to allow exchange of PAD data between sensors, middleware, evaluators and archive systems.
• Specification limits: focuses on sensor‑level presentation attacks during capture; does not mandate application‑specific requirements or provide cryptographic safeguards.
• Reference and alignment options for embedding PAD data into biometric information records (for example, via established biometric interchange frameworks).

Typical use and users

Implementers of biometric systems (device manufacturers, SDK authors), integrators, identity verification providers, test and evaluation laboratories, conformity assessment bodies, and researchers. Typical uses include: recording PAD method metadata alongside captured biometric samples, exporting PAD results for reporting or auditing, exchanging PAD results between sensor and backend systems, and feeding PAD outcomes into higher‑level decision or logging systems.

Related standards

ISO/IEC 30107-2 is part of the ISO/IEC 30107 series on biometric presentation attack detection. Closely related documents include ISO/IEC 30107-1 (Terminology and concepts) and ISO/IEC 30107-3 (Testing and reporting). It is also commonly used alongside biometric interchange and information record standards (for example ISO/IEC 19785 series) and other JTC 1/SC 37 deliverables covering modalities, formats and performance testing.

Keywords

presentation attack detection; PAD; liveness detection; biometric security; data formats; XML schema; binary format; PAD results; PAD mechanism; biometric interchange; ISO/IEC 30107; JTC 1/SC 37; APCER; BPCER; presentation attack instrument (PAI).

FAQ

Q: What is this standard?

A: ISO/IEC 30107-2:2017 defines standard data formats (binary and XML) for conveying presentation attack detection mechanisms and the results of PAD methods for biometric systems, enabling interoperable storage and exchange of PAD-related information.

Q: What does it cover?

A: It covers the structure and content of PAD metadata and result records for attacks that occur at the sensor during a biometric presentation. It specifies a binary representation and an XML schema for PAD data but does not set application-specific policies or cryptographic protections.

Q: Who typically uses it?

A: Biometric device and SDK vendors, system integrators, identity verification providers, testing labs, conformity assessment bodies and researchers who need a standardized way to record, exchange or archive PAD methods and results.

Q: Is it current or superseded?

A: ISO/IEC 30107-2:2017 was published in December 2017 and the publication was confirmed following ISO's systematic review process (confirmation recorded 6 September 2024). As of the confirmation date it remained current. Users should check with the ISO/IEC catalog or national standards bodies for any later amendments or replacements beyond that confirmation.

Q: Is it part of a series?

A: Yes. It is Part 2 of the ISO/IEC 30107 series on Biometric presentation attack detection. Other parts include Part 1 (terminology and concepts) and Part 3 (testing and reporting), which together cover the conceptual, data and test/reporting aspects of PAD.

Q: What are the key keywords?

A: PAD, presentation attack detection, liveness detection, biometric, XML schema, binary format, PAD results, PAD metadata, biometric interchange, ISO/IEC 30107.