ISO/IEC 18013 & 19794

In the digital age, the establishment of secure, reliable and interoperable digital identities has become an essential building block to guarantee trust in the services provided online. The development and management of digital identity and biometric data in a secure, smooth and globally adoptable part of the ISO/IEC 18013 and ISO/IEC 19794 family of standards is sure to be a pivotal part of all use cases associated with your digital identity, whether that is mobile driver’s licenses (mDL), biometric template protection, secure identity management systems and the like.

In this blog we will take a look at how ISO/IEC 18013, ISO/IEC 19794 and standards that also contributes to active or developing digital identity frameworks, such as ISO 27032 (cybersecurity), ISO 24745 (privacy) and similar standards, will further contribute to the secure, reliable and interoperable development of a globally digital identity framework with security and privacy to comply with globally applicable legal regulations."

For assistance, contact us at support@pacificcert.com.

Introduction

Digital identity is at the core of how people engage with services in banking, health care and government. A digital identity needs to be safe, secure and easily verifiable. ISO/IEC 18013 and ISO/IEC 19794 International Standards provide a common approach to managing and protecting digital identities, including biometrics.

For example, ISO/IEC 18013 focuses on mobile driver’s licensing (mDL) use for identity verification while ISO/IEC 19794 outlines a set of biometric data formats that govern how data can be collected, stored and exchanged while protecting privacy and security. Together, this terminology and protocols form a strong suite of standards that support digital trust in global identity ecosystems when including related standards such as ISO 27032 (cybersecurity) and ISO 24745 (biometric data).

Mobile Driver’s License (mDL) Under ISO 18013‑5

ISO 18013 5 is one of several in the ISO 18013 family of standards for mobile driver's licenses (mDL) and provides a valid means of issuing and using a mobile driver’s license.  an mDL is an electronic version of a driver's license, meaning it is a version of a driver’s license that is stored and accessed via a mobile device. mDLs serve as an alternative to traditional plastic driver’s licenses and provide a more secure and convenient option for governments and citizens.

ISO 18013 5 also ensures the mDL is difficult to modified and counterfeit by offering various encryption and authentication methods. ISO 18013 5 prescribes a uniform structure for data encoded on an mDL to ensure that it is machine-readable and can be processed by compliant systems in other parts of the world.

Biometrics Data Quality Requirements with ISO/IEC 29794

ISO/IEC 29794 provides essential guidelines for ensuring the quality of biometric data used in identity verification systems. As biometric data becomes increasingly integrated into identity management, ensuring its quality is critical to maintaining both accuracy and security.

Requirements with ISO/IEC 29794

Key aspects of biometric data quality addressed by ISO/IEC 29794 include:

1. Identifies minimum quality requirements for biometric images to be sufficiently adequate for matching and verification (e.g. fingerprints, facial images, iris scans).

2. Describes procedures that ensure biometric data maintain their quality during collection, transmission and storage and that they are not altered or corrupted.

3. Establishes that biometric data need to be consistent across capture devices and environments to reliability improve biometric matching.

4. Defines performance standards for a biometric system (e.g. false match rates and false non-match rates), to account for the effectiveness and accuracy of biometric identity verification.

FIDO2 vs ISO 18013: MFA Strategies Explained

Multi-factor authentication (MFA) is a critical component of securing digital identities. Both FIDO2 and ISO 18013 provide frameworks for enhancing the security of identity verification processes, though they approach MFA in different ways.

Aspect

FIDO2

ISO 18013

Primary Use Case

Password less authentication for web applications

Digital identity management, including mDL and biometrics

Authentication Method

Public key cryptography (password less login)

Multi-factor authentication (PIN, mobile device, biometrics)

Interoperability

Cross-platform support for websites and applications

Focus on cross-border identity verification with mDLs

Security Features

Strong encryption, phishing-resistant

Secure issuance of mDLs, encrypted data storage

Target Audience

Primarily digital services and web applications

Governments, transportation agencies and  identity providers

Certification Standard

FIDO Alliance’s FIDO2 standard

ISO/IEC 18013-5 for mDLs

ISO 24745 for Biometric Template Protection

ISO 24745 is an important standard in the area of protection of biometric templates which are digital data files of someone's biometric characteristics (e.g., fingerprints, iris scan, face characteristics).  Biometric templates constitute sensitive personal information so protecting them is very important to privacy and security in a digital identity system.

ISO 24745 for Biometric Template Protection

Additionally, ISO 24745 establishes secure systems of demonstrating biometric templates and comparison matching between live biometric data and stored biometric data present during authentication so no sensitive information is reviewed or revealed. It also supports aligning with privacy regulations such as the European Union's General Data Protection Regulation (GDPR), to ensure the safe and consenting management of biometric data.

For assistance, contact us at support@pacificcert.com.

Zero Trust Architecture and ISO 27032

Zero Trust Architecture (ZTA) is a cybersecurity model that assumes no device or user is inherently trusted, even if they are inside the network. ISO 27032, which focuses on cybersecurity, complements the Zero Trust model by providing guidelines for ensuring the security of digital identities and data during interactions across various digital platforms.

Key aspects of integrating Zero Trust Architecture with ISO 27032 include:

  • In a Zero Trust model, every request for access is authenticated and authorized, ensuring that only verified users can access sensitive systems or data.
  • ISO 27032 provides best practices for managing digital identities, ensuring that access controls are enforced in line with the Zero Trust model.
  • Zero Trust requires constant monitoring of users and devices to detect suspicious behaviour. ISO 27032 helps organizations implement monitoring systems to protect digital identities and prevent unauthorized access.
  • Both Zero Trust and ISO 27032 emphasize encrypting data both in transit and at rest to prevent data breaches and unauthorized access.

Government eID Programs Using ISO 18013

Government electronic identity (eID) programs are among the most significant ways that governments can provide secure, digital access to government services such as healthcare, taxes and public records. ISO 18013 defines how to issue and manage eID systems, ensuring that digital identities used by governments are secure, interoperable and compliant with relevant privacy regulations.

Some critical components of government eID programs using ISO 18013 include; Interoperability which allows citizens to provide a single eID to multiple government services across multiple agencies or jurisdictions. Security which ensures that the eID is secured using strong encryption and multi-factor authentication which helps ensure that the citizens' personal data is protected.

Contact Us

Pacific Certifications can assist your organization in navigating the ISO/IEC 18013 and ISO/IEC 19794 certification process. Our team of experts will help you build secure, interoperable and compliant digital identity systems, ensuring that your AI and identity management systems are trustworthy and aligned with global standards.

For assistance, contact us at support@pacificcert.com.
Visit our website at www.pacificcert.com.

FAQs

Q1: What is ISO 18013‑5?

ISO 18013‑5 is part of the ISO 18013 series, focusing on mobile driver’s licenses (mDL). It provides guidelines for secure, standardized issuance and management of mDLs, ensuring they can be used as a trusted form of digital identity.

Q2: How does ISO 27032 relate to digital identity?

ISO 27032 provides guidelines for cybersecurity in the context of digital identity, helping organizations ensure that their identity systems are secure, protecting against cyber threats and unauthorized access.

Q3: What is the cost of implementing ISO 42001 for startups?

The cost of ISO 42001 certification for startups can vary depending on factors such as the complexity of the AI systems, the resources required for implementation and audit fees. Startups should plan for both direct costs (e.g., certification fees) and indirect costs (e.g., system updates, training).

Q4: How do biometric template protections work under ISO 24745?

ISO 24745 outlines methods for protecting biometric templates, ensuring data security and privacy. It includes protocols for encrypting templates, preventing unauthorized access and ensuring that templates are used only in secure, verified processes.

Ready to get ISO certified?

Contact Pacific Certifications to begin your certification journey today!

Suggested Certifications –

  1. ISO 9001:2015
  2. ISO 14001:2015
  3. ISO 45001:2018
  4. ISO 22000:2018
  5. ISO 27001:2022
  6. ISO 13485:2016
  7. ISO 50001:2018

 

Read more: Pacific Blogs