ISO IEC TR 30125-2016 PDF

Full title and description

ISO/IEC TR 30125:2016 — Information technology — Biometrics used with mobile devices. A Technical Report that provides guidance for developing consistent and secure biometric enrolment and authentication practices in mobile and other uncontrolled environments, including remote/unsupervised enrolment, capture guidance, secure storage and transmission of biometric and supporting biographic data, and architectural considerations for mobile biometric systems.

Abstract

ISO/IEC TR 30125:2016 offers recommendations for the capture, processing and use of biometric data on mobile platforms (smartphones, tablets and other personal computing devices) where the user environment is not physically controlled by the relying organization. It covers 1:1 verification and limited positive identification, guidance on sample capture under uncontrolled conditions, multi-factor combinations of biometric and non-biometric authentication, remote and unsupervised enrolment approaches, secure storage and transmission of biometric data, and a generic architecture identifying functional elements of mobile biometric systems.

General information

• Status: Published (Technical Report)
• Publication date: 29 April 2016 (Edition 1.0)
• Publisher: ISO and IEC (prepared by ISO/IEC JTC 1/SC 37 — Biometrics)
• ICS / categories: 35.240.15
• Edition / version: Edition 1.0 (2016)
• Number of pages: 29

Scope

This Technical Report applies to biometric systems and processes that use mobile and other consumer devices for enrolment, verification and limited identification where the operating environment is not physically controlled by the organization that will rely on the biometric evidence. It addresses modalities and capture scenarios not fully covered by interchange-format standards and sample-quality reports, and it provides a framework for remote/unsupervised enrolment, secure handling of biometric and biographic data (both online and offline modes), and the definition of functional elements in a generic mobile biometric architecture. The report is intended to complement existing biometric standards and to guide procurement and implementation of biometric solutions in open-market mobile contexts.

Key topics and requirements

• Guidance for 1:1 verification and limited 1:few positive identification on mobile devices.
• Recommendations for biometric sample capture in uncontrolled or variable lighting, posture and environment typical of mobile use.
• Frameworks and approaches for remote and unsupervised enrolment, including enrolment verification considerations.
• Security requirements for storage and transmission of biometric and supporting biographic data (considering online and offline modes).
• Definition of functional elements and components of a generic mobile biometric system and their distinct characteristics.
• Advice on combining biometric and non-biometric authentication (multi-factor) to improve resilience and usability.
• Interoperability considerations and cross-references to biometric interchange and sample-quality standards.
• Recommendations to mitigate risks arising from uncontrolled capture, including basic privacy and anti-spoofing awareness (to be used alongside presentation-attack detection standards).

Typical use and users

Used by standards implementers, system architects, product managers, procurement teams, integrators and security/privacy officers who are designing, procuring or evaluating biometric solutions that operate on mobile or consumer devices. Typical applications include mobile authentication for financial services, identity verification for government and commercial services, remote enrolment for identity programs, mobile-based access control, and developers of biometric-enabled applications seeking guidance for secure and interoperable implementation.

Related standards

Commonly referenced standards and reports used alongside ISO/IEC TR 30125:2016 include the ISO/IEC 19794 series (biometric data interchange formats), ISO/IEC 30108 (biometric performance and related guidance), ISO/IEC 29794 (sample quality), ISO/IEC 24745 (biometric information protection), ISO/IEC 29115 (entity authentication assurance), ISO/IEC 30107 (presentation-attack detection), and relevant NIST publications such as architecture guidance. Implementers should consult the specific parts of 19794 and other SC 37 deliverables for modality-specific and interchange-format requirements.

Keywords

biometrics, mobile devices, enrolment, remote enrolment, authentication, verification, sample capture, sample quality, biometric data security, multifactor authentication, mobile biometric architecture, ISO/IEC JTC 1/SC 37

FAQ

Q: What is this standard?

A: ISO/IEC TR 30125:2016 is a Technical Report providing guidance on the use of biometrics with mobile and other uncontrolled-user-environment devices, covering capture, enrolment, authentication and architectural considerations.

Q: What does it cover?

A: It covers best-practice guidance for biometric sample capture in uncontrolled mobile environments, 1:1 and limited 1:few use cases, remote and unsupervised enrolment approaches, secure storage and transmission of biometric and biographic data, and the functional elements of a generic mobile biometric system, with references to relevant modality and interchange standards.

Q: Who typically uses it?

A: System architects, solution designers, product managers, procurement teams, integrators, security and privacy officers, and others involved in implementing or evaluating biometric solutions on mobile and consumer devices.

Q: Is it current or superseded?

A: The 2016 Technical Report was reviewed and confirmed in 2022 and remains the current published version as of 2 March 2026. Organizations should check the ISO/IEC status pages or national standards bodies for any later revisions or related work before procurement.

Q: Is it part of a series?

A: It is a Technical Report produced under ISO/IEC JTC 1/SC 37 (Biometrics) and is intended to be used alongside related SC 37 standards (for example the ISO/IEC 19794 series, ISO/IEC 30108, ISO/IEC 29794 and ISO/IEC 24745) rather than being a numbered multipart standard in itself.

Q: What are the key keywords?

A: Biometrics, mobile devices, enrolment, authentication, sample capture, sample quality, remote enrolment, secure storage, multifactor authentication, mobile biometric architecture.