1. Introduction
2. Biometric System-on-Card
3. Other Relevant Standards
4. AppsCard Digital Identity – Standards Compliance and Certifications
5. Bibliography
6. Frequently asked questions

How APPSCARD products align with global standards required in governmental and corporate security-critical applications.

Introduction

Billions of smart cards are shipped every year into various markets including payment, government ID, transport, industry and other applications. Standardization is essential for the smart card’s wide acceptance. It enables interoperability and establishes well-defined metrics for testing and certification of products.

This is particularly important for government and corporate use cases. Such customers typically do not want to depend on a single source supplier with a proprietary solution. They prefer open standards, having a choice and trust in the specified functions and qualities of a compliant product.

Biometric System-on-Card

Every biometric system includes the entities shown in the following figure 1.

The user presents her biometric sample to a biometric capture device like a fingerprint sensor. The raw image is subject to image and signal processing, which yields biometric probe data, e.g. fingerprint minutiae. The biometric probe data is compared with a biometric reference previously stored in a database or ideally a portable data carrier. The biometric comparison results in a similarity assessment and the system then performs a decision, whether the biometric verification is considered successful or not. This depends on the security policy of the application. Finally, after positive biometric verification, an action is performed like e.g. opening of a door or digital signature of a file or a transaction. On-card biometric comparison (see ISO/IEC 24787) means that the steps of biometric comparison, decision and action plus storage of the biometric reference all take place inside a smart card. A Biometric System-on-Card (BSoC) (see ISO/IEC 17839-1) is a functional extension of on-card biometric comparison by including also the biometric capture device and image/signal processing within the card. As a complete decentralized biometric system, this technology improves security, privacy and safety.

The first edition of the BSoC multi-part standard has been developed in the ISO working group ISO/IEC SC17 WG11 “Applied biometrics for cards and personal identification” and published by ISO in 2014-2016. Is has undergone a revision cycle with the second edition being published 2024-2026. The standard consists of the following parts:

• ISO/IEC 17839-1: Information technology — Biometric System-on-Card — Core requirements
• ISO/IEC 17839-2: Information technology — Biometric System-on-Card — Physical characteristics
• ISO/IEC 17839-3: Information technology — Biometric System-on-Card — Logical information interchange mechanism

Other Relevant Standards

Form Factor

During the development of the BSoC standard, two aspects became clear very soon:

Firstly, it is very difficult to integrate high-end biometric capture devices into an ID-1 form factor as defined in ISO/IEC 7810. Secondly, most operations of a biometric card by design will happen contactless. Therefore, the ISO sub-committee proposed an alternative form factor with maintained card width and length but increased thickness and relaxed requirements to flexibility. This was then handed to a different working group by liaison and led to the ID-T form factor specified in ISO/IEC 18328-2. It has a thickness between 2.25 mm and 3.25 mm and allows integration of rigid and thicker components into a card-sized format.

Fingerprint Sensor

The biometric capture device in the BSoC is usually a fingerprint sensor and a key component besides the secure element. Most biometric cards offered today focus on convenience applications and rely on small fingerprint sensors.

Security sensitive market segments require access systems to be secure and mandatory for all users. By nature of fingerprinting, serving all users fingerprints demands a large sensor area. This to capture enough data, also in contexts where users may have fingers that are worn, cut or for other reasons have a low density of time robust unique features available for the biometric algorithms. For this reason, the US standardization body NIST and the FBI have specified and published minimum requirements of fingerprint sensors for use in governmental applications. The basic requirements for fingerprint capture devices are summarized in the following table.

Table 1: Basic requirements of biometric capture devices, from pivspec

Parameter	Requirement
Capture size	≥ 12.8 mm wide by ≥ 16.5 mm high
True optical or native resolution	≥ 500 ppi in columns and rows
Resolution scale	490 to 510 ppi in both directions
Image type	8 bits per pixel, 256 gray levels

These numbers define a FAP 10 (fingerprint acquisition profile) sensor, which is the smallest allowed category. The BSoC standard acknowledges there are different applications and different needs. Therefore, the physical characteristics specify the following classes of Biometric-System-on-Card depending on the specifications of the fingerprint sensor.

Table 2: Area fingerprint sensor class, from ISO/IEC 17839-2

Class	Minimum capture area in mm²	Minimum native resolution in ppi
B	other	other
C	169 (approx. 0,262 in²)	320
D	210 (approx. 0,326 in²)	500

A Class B sensor can be substantially smaller than an adult subject fingerprint, meaning that two captured samples from the same subject may have no overlap. BSoC products using this sensor technology typically include a combination of multi-touch enrollment, proprietary pattern matcher and enrollment updates. Such sensors are originally designed for use convenience focused markets like smartphones and payment cards and are not certified for use in governmental markets. Security sensitive corporate applications should also not rely on this sensor category, since the requirements are very similar to governmental use.

Class C sensors have a proven biometric performance in some independent third-party tests based on minutiae or hybrid comparison algorithms. They were considered the minimum viable sensors in the first edition of the standard. Such sensors are again not compliant with the NIST standard and therefore not approved for government applications. While these sensors have been tested with minutiae and hybrid algorithms by credible third-party tests, they may not allow the necessary tolerance for working reliable for almost the entire user population. Therefore, they are also not recommended for security sensitive corporate markets.

Class D sensor characteristics are a subset of FAP 10 requirements specified in ANSI-NIST ITL 1-2011 and PIV specification. BSoC products based on Class D sensors prioritize biometric performance over cost or complexity and target security sensitive mass market applications. In contrast to Class B and C sensors, the Class D sensor is derived from the industry standard defined by NIST (for FAP10 category). They are proven to be mass market robust for applications where a given fingerprint needs to be compared against a small number of enrolled prints. Such sensors:

• are thus compliant with government certification standards
• have been proven over years in daily use by millions of users around the world
• are recognized by biometric scientists as applicable in security sensitive markets
• allows one-touch enrollments, instead of 12-20 finger placements
• offer tolerance for varying environmental and finger conditions for reliable operation.
• can use algorithms with standardized biometric data formats

Fingerprint Template

The ISO working group JTC1 SC37 WG3 “Biometric data interchange formats” has developed a framework and several formats for the standardized interchange of biometric data. This includes ISO/IEC 19794-4 for finger image data and ISO/IEC 19794-2 for finger minutiae data. The successor standards ISO/IEC 39794-4 and ISO/IEC 39794-2 define extensible XML encoding while inheriting the minutia format for on-card biometric comparison. The data formats developed by ISO (and American ANSI) are used in most government applications like storage of biometric data in passports and other machine-readable travel documents. The minutiae standard is also used by AADHAAR, the largest biometric program by the government of India with more than 1 billion enrolled individuals.

Why should one use a standardized biometric data format in a BSoC where everything takes place in the card? There are a few advantages:

1. There is a proven methodology for biometric performance evaluation and results.
2. Secondly, standardized data enables interoperability and eliminates dependency from a single source. Migration to a different vendor or technology is much easier when relying on standards at every interface even card internal.
3. Many serious applications have a requirement to export data assuming appropriate security status. This allows implementing de-duplication to prevent a single person is issued two digital identities on two BSoCs.
4. Another use case is importing of enrolment data from an existing database of standardized minutiae templates.

The leading fingerprint minutiae algorithms in the world are submitted to independent testing by ANSI/NIST and the results published. This initiative is called NIST MINEX III and an algorithm passing the criteria (FMR 0.01% and FNMR 2%) achieves certification (and publication).

Common Criteria

The Common Criteria for Information Technology Evaluation (ISO/IEC 15408) is an international standard for evaluation the security of IT products and system including smart cards or cryptographic modules. The core concepts include a target of evaluation, a protection profile, and an evaluation assurance level (EAL) from 1 to 7. It is applicable for secure elements, operating systems, finished products like smart cards or tokens.

FIDO

FIDO is an abbreviation for Fast Identity Online. It is a set of open authentication standards developed and published by the FIDO consortium. The FIDO2 standard relies on cryptography, authenticators (smartphone, USB token, smart card) and offers a password less secure web authentication.

Card Operating System

Smart card development mostly used proprietary operating systems until the JavaCard technology by Oracle allowed development and execution of applets with a well-defined interface, written in a subset of the Java programming language. A virtual machine interprets Java Code and executes it on the secure element. JavaCard technology allows customers to easily develop their own applets and install them on a secure element.

Global platform is an industry consortium defining secure management and interoperability architecture for secure elements as used in smart cards, USB tokens and embedded secure elements in smart phones. Installation, personalization and management of applets is defined in the Global platform specification.

AppsCard Digital Identity – Standards Compliance and Certifications

The AppsCard Digital Identity platform targets high security applications. Compliance with inter-industry standards and requirements is an integral design directive for our product. The following table lists standards and certifications achieved and targeted for the platform.

Table 3: AppsCard Digital Identity standards compliance

Characteristic	Industry standard compliance
architecture BSoC	ISO/IEC 17839-1
physical characteristics BSoC	ISO/IEC 17839-2 class D
logical interface BSoC	ISO/IEC 17839-3
form factor ID-T	ISO/IEC 18328-2
fingerprint sensor FAP 10	NIST SP 500-290e3
fingerprint template format	ISO/IEC 19794-2
card operating system	JavaCard 3.1.0 Global Platform 2.3.1

Table 4: AppsCard Digital Identity product/component certifications

Component / item	Certification
secure element hardware	CC EAL 6+
secure element OS	CC EAL 4+ (target 2026)
fingerprint algorithm	NIST Minex III
web authentication	FIDO2 (target 2026)

Bibliography

The following is recommended reading.

1. ISO/IEC 17839-1, Information technology – Biometric System-on-Card -part 1: Core requirements, FDIS 2025
2. ISO/IEC 17839-2, Information technology – Biometric System-on-Card -part 2: Physical characteristics, 2024
3. ISO/IEC 17839-3, Information technology – Biometric System-on-Card -part 3: Logical information interchange mechanism, DIS 2025
4. ISO/IEC 18328-2, Identification cards — ICC managed devices — part 2: Physical characteristics and test methods for cards with devices, 2021
5. NIST special publication 500-290 edition 3, Data format for the Interchange of Fingerprint, Facial & Other Biometric Information, 2015
   NIST.SP.500-290e3.pdf
6. PIV spec, Image Quality Specifications for Single Finger Capture Devices, 2006
   https://fbibiospecs.fbi.gov/file-repository/specifications/pivspec.pdf/view
7. ISO/IEC 19794-2: Information technology — Biometric data interchange formats — part 2: Finger minutiae data, 2005
8. ISO/IEC 39794-2: Information technology — Extensible biometric data interchange formats — part 2: Finger minutiae data, 2023
9. Common criteria: https://www.commoncriteriaportal.org
10. JavaCard Platform Runtime Environment Specification, Classic Edition, Version 3.1, 2021
    F12651_05.pdf
11. GlobalPlatform Technology Card Specification Version 2.3.1, 2018
    GPC_CardSpecification_v2.3.1_PublicRelease_CC.pdf

Copies and licenses for ISO standards can be obtained from https://ISO.org