e-GIF 6.2 TSC: e-services access

7. e-Services access doi:10.1790/353454640701

Bookmark this section

Technical policies for e-Services access are outlined in the e-GIF.

Table 6 Specifications for computer workstations doi:10.1790/310354637810

Bookmark this table

Component	Specification	Status
	A = Adopted R = Recommended U = Under review F = For future consideration
Hypertext interchange formats	HTML v4.01 and XHTML v1.0	A
Document file types	Rich Text Format as (.rtf) files Plain/Formatted Text as (.txt) files Hypertext documents as (.htm) files 01 Acrobat (.pdf) viewer minimum version 4 Word (.doc) viewer/reader for Windows XP, Windows 2000,, Windows 98, Windows 95, Windows NT, with minimum support for Word97 format Lotus Notes Web Access (.nsf) Multimedia Message formats (.mht), see IETF RFC 2557 for further information Other file formats may be used in addition to the above list, provided they meet the technical policy for document handling defined in the e-GIF.	A
Spreadsheet file types	Hypertext documents as (.htm) files 01 Delimited files as (.csv) file Excel (.xls) viewer/reader minimum support for Windows XP, Window 2000. Other file formats may be used in addition to the above list, provided they meet the technical policy for document handling defined in the e-GIF.	A
Presentation file types	Hypertext documents as (.htm) files 01 PowerPoint (.pps and .pps) viewer/reader minimum support for Window XP,Window 2000 Windows 97 Other file formats may be used in addition to the above list, provided they meet the technical policy for document handling defined in the e-GIF.	A
Character sets and alphabets	UNICODE ISO/IEC 10646-1:2000 Transformation Format for 16 planes of group 00 (UTF-16)	A
Graphical/still image information exchange specifications	Joint Photographic Experts Group/ISO 10918 (.jpg) Graphics Interchange Format (.gif) Portable Network Graphics (.png) For images that will not tolerate information loss use Tag Image File format (.tif) When highly compressed imaging is required use Enhanced Compressed Wavelet (.ecw)	A
Scripting	ECMA 262 Script	A
Vector graphics	Scalable Vector Graphics (.svg) Vector Markup Language (vml)	A
Moving image and audio/visual information exchange specifications	Moving Picture Experts Group (.mpg) MPEG-1/ISO 11172 Conversion is provided by most mainstream packages	A
Audio/video streaming data	RealAudio/RealVideo (.ra, .ram, .rm, .rmm) Macromedia Shockwave (.swf) Windows media formats (.asf, .wma, .wmv) Apple Quicktime (.avi, .mov, .qt) Waveform Audio File Format (.wav) ISO-MPEG Audio Layer-3 (.mp3), Also published as: ISO/IEC 11172-3:1993 and Co1:1996 ISO/IEC 13818-3:1998 8µ Law H263, see video conferencing standards Ogg Vorbis Speex	A
Animation	Macromedia Flash (.swf) Apple Quicktime (.avi, .mov, .qt) Macromedia Shockwave (.swf)	A
Extended programming	When extended programming facilities at the browser are absolutely essential alternative suitable programming languages or technology may be used, but they must comply with the other provisions and policy requirements of the e-GIF, e.g. free downloads of plug-ins	A
General purpose files and compression	File types (.zip), (.gz), (.tgz), (.tar)	A

Note: In accordance with the technical policy on downloadable viewers and plug-ins, converters and viewers for Microsoft Office products.

Table 7 Specifications for other channels* doi:10.1790/531777125428

Bookmark this table

Component	Specification	Status
	A = Adopted R = Recommended U = Under review F = For future consideration
Hypertext interchange formats	HTML v3.2	A
Document file types	Plain/Formatted Text as (.txt) files Hypertext documents as (.htm) files	A
Spreadsheet file types	Hypertext documents as (.htm) files	A
Presentation file types	Hypertext documents as (.htm) files	A
Character sets and alphabets	UNICODE ISO/IEC 10646-1:2000 Transformation Format for 16 planes of group 00 (UTF-16)	A
Graphical/still image information exchange specifications	Joint Photographic Experts Group/ISO 10918 (.jpg) Graphics Interchange Format (.gif) Portable Network Graphics (.png)	A
Scripting	ECMA 262 Script	A

*Specifications are for access channels with restricted facilities, such as kiosks, PDAs, Smart Phones (PDA/mobiles) and iDTV. If a service requires the facilities of a more sophisticated access device, reasonable alternative ways of delivering a more limited service should also be provided following the standards defined in Table 7.

Table 8 Specifications for mobile phones* doi:10.1790/603887350113

Bookmark this table

Component	Specification	Status
	A = Adopted R = Recommended U = Under review F = For future consideration
WAP specifications	The specifications to be used are defined by the WAP Forum Note: Only when the standards defined for smart phones in Table 7 other channels are not applicable	A
GPRS	The General Packet Radio Service specifications as defined by European Telecommunications Standard Institute (ETSI) for Mobile Stations including: EN No: 301 113, 301 344, 301 347 and TS 101 297, 101 351	A
SMS	The Short Message Service specifications as defined by European Telecommunications Standard Institute (ETSI) for Mobile Stations including: ETS 300 536, 537, 300 559, 300 560	A
MMS	The Multimedia Messaging Service specifications as defined by European Telecommunications Standard Institute (ETSI) for Mobile Stations including: TS 122 140, 123 140, 126 140	A

*The specifications for the delivery of services to the citizen via mobile phones are dependent on the evolution and availability of new technologies like 3G. If there is a need for service provision via mobile phone is not provided by those listed in Table 7 Specifications for other channels, then the standards defined by the WAP specifications are appropriate.

Table 9 Specifications for conferencing systems over IP* doi:10.1790/023421312337

Bookmark this table

Component	Specification	Status
	A = Adopted R = Recommended U = Under review F = For future consideration
Assembly	ITU H .323 (07/03), version 5 Standards for the assembly of Audio, Video, Data and Control (AVDC)	R
Audio	The minimum audio standards required are ITU G.723.1 and G.722	R
Video	The video standards required are ITU H.261 and H.263	R
Data	The data standards required are ITU T.120	R
Control and signalling	The control and signalling standards required are ITU T.H.225 and H.245	R
Call control signalling	The call control signalling standards required are ITU T.Q.931 Note: When call control signalling is required	U

Note: Copies of the ITU specifications can be found at www.itu.int/publications/index.html

*Many government projects are requiring videoconferencing facilities; Table 9 specifications for conferencing systems over IP defines the basic standards required. Multimedia conferencing services with integrated real time sound, video, data services using a verity of terminals are evolving in the marketplace. Many of the standards for multimedia conferencing are being developed under the general voice over IP (VoIP) activity in the IETF and ITU. Current standards proposed as defined in Table 10 Specifications for Voice over IP (VoIP) systems. Future versions will refine Table 9 in line with market lead product developments.

Table 10 Specifications for Voice over IP (VoIP) systems doi:10.1790/664646465282

Bookmark this table

Component	Specification	Status
	A = Adopted R = Recommended U = Under review F = For future consideration
Assembly	ITU H.323 (07/03), version 5 Standards for the assembly of Audio, Video, Data and Control (AVDC)	R
Gateway control	The following define standards for multimedia gateways: Media Gateway Control Protocol (MGCP): RFC 3435 Media Gateway: RFC 2805 Simple Gateway Control Protocol: RFC 3525 Megaco Protocol version 1.0: RFC 3015 Signalling System 7 (SS7) Message Transfer Part 3 (MTP3) User Adaptation Layer (M3UA): RFC 3332 Megaco: ITU H.248*	R
Application layer signalling	Session Initiation Protocol (SIP): RFC 3261 An application-layer control (signalling) protocol for creating, modifying, and terminating sessions with one or more participants	R
Resource setup	Resource ReSerVation Protocol (RSVP): RFC 2205 and RFC 2750. A resource reservation setup protocol designed for an integrated services Internet. RSVP provides receiver-initiated setup of resource reservations for multicast or unicast data flows	R
Transport and control protocol	Real Time Protocol (RTP) and Real Time Control Protocol (RTCP): RFC 3550 RTP and RTCP provide end-to-end network transport functions suitable for applications transmitting real-time data, such as audio, video or simulation data, over multicast or unicast network services	R
Delivery control	Real Time Streaming Protocol (RTSP): RFC 2326 RTSP is an application-level protocol for control over the delivery of data with real-time properties. RTSP provides an extensible framework to enable controlled, on-demand delivery of real-time data, such as audio and video	R
Announcement protocol	Session Announcement Protocol (SAP): RFC 2974 An experimental RFC for multicast announcement of session description information and defines an announcement protocol	U
Session description	Session Description Protocol (SDP): RFC 2327 SDP is intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of multimedia session initiation. Other SDP RFCs include RFC 3524	U
Extended RTCP	RTP Control Protocol Extended Reports (RTCP XR): RFC 3611 Defines the Extended Report (XR) packet type for the RTP Control Protocol (RTCP), and defines how the use of XR packets can be signalled by an application if it employs the Session Description Protocol (SDP)	U
*SIP works in conjunction with RSVP (Resource Reservation Protocol), RTP/RTCP (Real-time Control Protocol), RTSP (Real-time Streaming Protocol), SAP (Session Announcement Protocol) and SDP (Session Description Protocol). RTP/RTCP is used for transporting real time data, RSVP for reserving resources, RTSP for controlled delivery of streams, SAP for advertising multimedia sessions and SDP for describing multimedia sessions. H.323 also works in conjunction with RTP and RTCP (Real-time Control Protocol). The present day voice gateways usually comprises two parts: the signalling gateway and the media gateway. The signalling gateway communicates with the media gateway using MGCP (Media Gateway Control Protocol). MGCP can interoperate with both SIP and H.323.

Note: Copies of the IETF RFCs can be found at www.ietf.org/rfc.html
Copies of the ITU specifications can be found at www.itu.int/publications/index.html

Table 11a Specifications for smart cards - data definition doi:10.1790/033417711427

Bookmark this table

Specification	Status A = Adopted R = Recommended U = Under review F = For future consideration	Applicable to	Notes
Definitions - Government Data Standards Catalogue, provides data definitions and XML Schema fragments	A	All	Government Data Standards Catalogue takes precedence should a conflict of data definitions occur
ISO/IEC 7816-6: 2004 Identification cards - Integrated circuit(s) cards with contacts Part 6: Inter industry data elements for interchange*	R	All
ISO/IEC 7812-1:2000 Identification cards Identification of issuers Part 1: Numbering system	R	All	Cor 1: 2001
EN 1546-3: 2000 Identification Card Systems - Inter-sector Electronic Purse – Part 3: Data elements and interchanges	U	All
EN 1546-4:1999 Identification Card Systems - Inter-sector Electronic Purse - Part 4: Data objects	U	All
CEN-ISSS: CWA 13987-1: 2003 Smart Card Systems - Interoperable Citizen Services - User Related Information Part 1: Definition of User Related Information and Implementation	R	All	This document provides a specification and guidance for setting up a card community
EN 1545-1 - Identification card systems - Surface transport applications. Part 1: Elementary data types, general codelists and general data elements	R	Transport applications	Defines the codification of data elements used for public transport (such as date, time, validation event, transport contact, etc.)
EN 1545-2 - Identification card systems - Surface transport applications. Part 2 Transport and travel payment related data elements and codelists	R	Transport applications
*These standards have security implications

Table 11b Specifications for smart cards - applications including multi-applications doi:10.1790/460540632034

Bookmark this table

Specification	Status A = Adopted R = Recommended U = Under review F = For future consideration	Applicable to	Notes
ISO/IEC 7816-4: 2005 Identification cards-- Integrated circuit(s) cards with contacts – Part 4: Organization, security and commands for interchange*	R	Integrated circuit(s) cards with contacts	This standard specifies the contents of command-response, means of data retrieval, structure of operational characteristics of the card, structure of application data, methods of file access. A secure architecture defining access rights to files and data in the card, means and mechanisms for identifying and addressing applications in the card, methods for secure messaging, access methods to the algorithms processed by the card. It does not describe these algorithms.
ISO/IEC 7816-5: 2004 Identification cards -- Integrated circuit(s) cards with contacts Part 5: Registration of Application Providers*	R	Integrated circuit(s) cards with contacts	A register of application providers is kept by KTAS† in Denmark and used for application selection through the use of unique application identifier numbers. Registration in the UK is via BSI, and has been delegated to APACS. The current edition was published in June 1994. There is also an amendment ISO/IEC 7816-5/AM1 Registered application provider identifiers (RIDs) which was published in December 1996
ISO/IEC 7816-7: 1999 Identification cards -- Integrated circuit(s) cards with contacts Part 7: Inter industry commands for Structured Card Query Language (SCQL)*	R	Integrated circuit(s) cards with contacts	Draft Amd 1: Extended Card Data Base (ECDB)
ISO/IEC 7813: 2001 Identification cards, Financial transaction cards	R	Financial cards
ISO/IEC 7812-2: 2000 Identification cards Identification of issuers Part 2: Application and registration procedures	R	All
EN 1332-1: 1999 Identification card systems – Man machine interface Part 1: Design principles for the user interface	R	All
EN 1332-4: 1999 Identification card systems – Man machine interface Part 4: Coding of user requirements for people with special needs	R	All
Integrated Transport Smartcard Organisation (ITSO) Specification TS 1000 (version 2.1) ITSO/1000-0 Concept and Content ITSO/1000-1 General Reference ITSO/1000-2 Customer Media Data and Customer Media Architecture ITSO/1000-3 Terminals ITSO/1000-4 HOPS ITSO/1000-5 Customer Media, Data Record Definitions ITSO/1000-6 Message Data ITSO/1000-7 ITSO Security Subsystem ITSO/1000-8 ISAM Detailed Operation (available on request from ITSO) ITSO/1000-9 ITSO Communications ITSO/1000-10 Customer Media Definitions	R	Public transport smart cards	These standards are Crown copyright and have been developed for use in the public transport sector. Applications developed using these standards can reside on multi-application cards. Some elements of these standards could be used in areas other than transport
CEN-ISSS: CWA 13987-2: 2003 Smart Card Systems - Interoperable Citizen Services – Extended User Related Information Part 2: Implementation Guidelines	F	All	This document provides guidance for setting up a card community
CEN-ISSS: CWA 13987-3: 2003 Smart Card Systems - Interoperable Citizen Services - Extended User Related Information Part 3: Guidelines to Creating, Operating and Maintaining an Interoperable Card Community	F	All	This document provides a specification and guidance for setting up a card community
*These standards have security implications

Table 11c Specifications for smart cards - electrical doi:10.1790/261231766743

Bookmark this table

Specification	Status A = Adopted R = Recommended U = Under review F = For future consideration	Applicable to	Notes
ISO/IEC 7816-10: 1999 Identification cards – Integrated circuit(s) cards with contacts Part 10: Electronic signals and answer to reset for synchronous cards*	R	Integrated circuit(s) cards with contacts
ISO/IEC 7816-12 Identification cards – Integrated circuit(s) cards with contacts Part 12: USB electrical interface and operating procedures*	F	Integrated circuit(s) cards with contacts
ISO/IEC 14443-2: 2001 Identification cards – Contactless integrated circuit(s) cards – Proximity cards Part 2: Radio frequency power and signal interface	R	Proximity integrated circuit(s) cards	This part defines the radio frequency interface, and contains two quite different modulation techniques (Types A and B) for data communication between card and terminal. Type A is based on the Philips Mifare technology (widely licensed to other manufacturers). Type B is a new concept. These two types run in parallel through this part of the standard and through part 3. In addition, some Type A specific items appear in part 4
ISO/IEC 15693-2: 2000 Identification cards - Contactless integrated circuit(s) cards - Vicinity cards {Vicinity integrated circuit(s) cards (VICC)} Part 2: Air interface and initialisation ISO/IEC 15693-2: 2000/Cor1:2001	U	Vicinity contactless integrated circuit(s) cards
*These standards have security implications

Table 11d Specifications for smart cards - communication protocols doi:10.1790/142784436403

Bookmark this table

Specification	Status A = Adopted R = Recommended U = Under review F = For future consideration	Applicable to	Notes
ISO/IEC 7816-3: 1997 Identification cards -- Integrated circuit(s) cards with contacts Part 3: Electronic signals and transmission protocols*	R	Integrated circuit(s) cards with contacts	Amd 1 and Amd 2: 2002 Electrical characteristics and class indication for integrated circuit(s) cards operating at 5 V, 3 V and 1,8 V. Draft Amd 3 USB electrical interface and operating procedures withdrawn and ISO/IEC 7816-12 created in its place. This version of ISO/IEC 7816-3, Amd 1 and Amd 2: 2002 are due to be superseded by a revised version of which a draft copy is due to be submitted to ISO for FDIS ballot
ISO/IEC 14443-3: 2001 Identification cards - Contactless integrated circuit(s) cards - Proximity cards Part 3: Initialisation and anticollision	R	Proximity integrated circuit(s) cards	This part continues the Type A and Type B duopoly, defining card initialisation, anti-collision procedures and basic communications protocols. Anti-collision procedures are the methods used to identify and select one card when several cards are active within the RF field of the terminal
ISO/IEC 14443-4: 2001 Identification cards - Contactless integrated circuit(s) cards - Proximity cards Part 4: Transmission protocols	R	Proximity integrated circuit(s) cards	This contains higher level (message level) data transmission protocol information, equivalent to ISO/IEC 7816’s T=1 protocol, and is a bridge across to ISO 7816-4. For Type A cards only, ISO/IEC 14443-4 includes a protocol initialisation procedure
ISO/IEC 15693-3: 2001 Identification cards - Contactless integrated circuit(s) cards - Vicinity cards Part 3: Anti-collision and transmission protocol	U	Vicinity contactless integrated circuit(s) cards
ISO 8583-1: 2003 Financial transaction card originated message – interchange message specification	R	All
*These standards have security implications

Table 11e Specifications for smart cards - physical* doi:10.1790/140261271507

Bookmark this table

Specification	Status A = Adopted R = Recommended U = Under review F = For future consideration	Applicable to	Notes
Physical characteristics ISO/IEC 7810: 2003 Identification cards physical characteristics	R	All contact and combination cards	To ensure that they can be read in a standard reader, all cards should be in ID-1 format as defined in this standard
Embossing ISO/IEC 7811-1: 2002 Identification cards Recording technique Part 1: Embossing. ISO/IEC 7811-3 Identification cards Recording technique Part 3: Location of embossed characters on standard ID-1 cards	R	Any card where embossing is required	Embossing should be in the standard location as defined for the benefit of the visually impaired and for interoperability reasons and should conform to the standard in other respects such as height and depth of embossing. It should be noted, however, that not all smart card readers can accept embossed cards; the decision to emboss should be taken with care Note: ISO/IEC 7811-3 will be incorporated into ISO/IEC 7811-1 from the next edition
ISO/IEC 7816-1: 1998 Identification cards – Integrated circuit(s) cards with contacts Part 1: Physical characteristics*	R	Integrated circuit(s) cards with contacts	This part supplements ISO/IEC 7810, setting out the particular physical characteristics of IC cards with contacts. Amd 1: 2003 Maximum height of IC contact surface
ISO/IEC 7816-2: 1999 Identification cards – Integrated circuit(s) cards with contacts Part 2: Dimensions and location of the contacts*	R	Integrated circuit(s) cards with contacts	This part has been revised recently to reduce some of its options, especially in the area of embossing (which has been shown to be detrimental to embedded silicon) and phasing out of the original contact positions Amd 1: 2004 Assignment of contacts C4 and C8
ISO/IEC 14443-1: 2000 Identification cards – Contactless integrated circuit(s) cards – Proximity cards Part 1: Physical characteristics	R	Proximity integrated circuit(s) cards	This part supplements the physical characteristics defined in ISO/IEC 7810, a draft Amd 1 under production
ISO/IEC 15693-1: 2000 Identification cards – Contactless integrated circuit(s) cards – Vicinity cards Part 1: Physical characteristics	U	Vicinity contactless integrated circuit(s) cards
Tactile identifiers BS EN 1332-2 Identification card systems – Man-machine interface Part 2: Dimensions and location of a tactile identifier for ID-1 cards	R	Recommended for contact cards	Where embossing is not used and there is a requirement for the user to present the card in a particular orientation, a tactile identifier should be provided as an aid to those with impaired vision
*These standards have security implications

*Physical and interface standards cover card's dimensions; location and layout of contacts.

Table 11f Specifications for smart cards - security doi:10.1790/320244401064

Bookmark this table

Specification	Status A = Adopted R = Recommended U = Under review F = For future consideration	Applicable to	Notes
ISO/IEC 7816-8: 2004 Identification cards – Integrated circuit cards Part 8: Security inter industry commands	R	All
ISO/IEC 7816-9: 2004 Identification cards – Integrated circuit cards Part 9: Commands for card management	R	All
ISO/IEC 7816-11: 2004 Identification cards – Integrated circuit(s) cards Part 11: Personal verification through biometric methods	F	Integrated circuit cards
ISO/IEC 7816-15: 2004 Identification cards – Integrated circuit cards Part 15: Cryptographic information application ISO/IEC 7816-15: 2004/Cor 1: 2004	F	Integrated circuit(s) cards with contacts	Cor 1 is an essential correction to the published standard
CEN-ISSS Secure networks and smart cards CWA 14355 Guidelines for the implementation of Secure Signature-Creation Devices CWA 14170 Security Requirements for Signature Creation Systems CWA 14169 Secure Signature-Creation Devices, version ‘EAL 4+’ CWA 14167 Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures Part 1: System Security Requirements Part 2 Cryptographic Module for CSP Signing Operations – Protection Profile (MCSO-PP) CWA 14890 - Application Interface for smart cards used as Secure Signature Creation Devices Part 1: Basic Requirements Part 2: Additional Services	U	All	These CWAs have now been submitted to CEN TC224 for development of a European Standard and possible transposition into an ISO standard
ISO 9564-1: 2002 Banking -- Personal Identification Number (PIN) management and security Part 1: Basic principles and requirements for online PIN handling in ATM and POS systems ISO 9564-2: Banking -- Personal Identification Number management and security Part 2: Approved algorithm(s) for PIN encipherment ISO 9564-3: 2003 Banking -- Personal Identification Number management and security Part 3: Requirements for offline PIN handling in ATM and POS systems ISO 9564-4: 2004 Banking -- Personal Identification Number management and security Part 4: Guidance for PIN handling in open networks	U	All	PIN management for online terminals in point-of-sale environments Part 2 revision under publication

*This list of smartcard security standards is not exhaustive and is dynamic in nature. Additional standards with a security implication for smartcards can be found in 'Security Standards for Smart cards, Issue 1.1, dated January 2004', namely CC, ETSI, FIPS and EMVCo, which is located on Govtalk.
Furthermore, NIST IT 6887 2003 Edition, GSC-ISS, Version 2.1 is an architectural model for interchangeable smartcard service provider modules. A life cycle security October 2003 guidelines paper for project managers can also be found on Govtalk.

Table 11g Specifications for smart cards - terminal infrastructure doi:10.1790/606543728810

Bookmark this table

Specification	Status A = Adopted R = Recommended U = Under review F = For future consideration	Applicable to	Notes
EN 1332-3: 1999 Identification card systems – Man machine interface Part 3: Key pads	R	All
PC/SC Standards Consortium standards PC/SC Workgroup Interoperability Specification for ICCs and Personal Computer Systems Part 1 Introduction and Architecture Overview Part 2 Interface Requirements for Compatible IC Cards and Interface Devices Part 3 Requirements for PC-Connected Interface Devices Part 4 IFD Design Considerations and Reference Design Information Part 5 ICC Resource Manager Definition Part 6 ICC Service Provider Interface Definition Part 7 Application Domain/Developer Design Considerations Part 8 Recommendation for Implementation of Security and Privacy ICC Devices Part 9 IFDs with Extended Capabilities Version 1 Public Review of version 2	U	All	For terminal equipment via personal computer systems with MS Windows operating system
MUSCLE Movement for the Use of Smart Cards in a Linux Environment	U	All	For terminal equipment via personal computer systems with other operating system
Unified POS Retail Peripheral Architecture Version 1.8 June 30, 2003 Association for Retail Technology Standards	U	Point-of-sale terminals	For point-of-sale terminal equipment via personal computer systems and point-of-sale systems
GSC-IS V2.1 The US Government Smart Card Interoperability Specification	U	Authentication	Also referred to as NISTIR 6887
OCF OpenCard Framework	U	Authentication

Table 12 Specifications for biometric data interchange doi:10.1790/653247855025

Bookmark this table

Specification	Status A = Adopted R = Recommended U = Under review F = For future consideration	Applicable to	Notes
OASIS XCBF 1.1 specification	F	Secure XML encoding for the exchanging biometric data	Secure XML encodings for the patron formats specified in CBEFF, the Common Biometric Exchange File Format (NISTIR 6529)
ISO/IEC 19785-1 Information Technology - Common Biometric Exchange Formats Framework – -- Part 1 : Data elements specification	F	Data element specification	Evolving international standards for biometric data interchange, format based on CBEFF.
ISO/IEC 19785-2 Information Technology - Common Biometric Exchange Formats Framework – -- Part 2: Procedures for the Operation of the Biometric Registration Authority	F	Registration authority procedures	Evolving international standard for the operation of the biometric registration authority
ISO/IEC 19794-1 Information Technology - Biometric data interchange formats – -- Part 1: Framework	F	Interchange Formats	Evolving international standard for the operation of the biometric data interchange format
ISO/IEC 19794-2 Information Technology - Biometric data interchange formats – -- Part 2: Finger minutiae data	F	Interchange Formats	Evolving international standard for the operation of the biometric data interchange format
ISO/IEC 19794-3 Information Technology - Biometric data interchange formats – -- Part 3: Finger pattern spectral	F	Interchange Formats	Evolving international standard for the operation of the biometric data interchange format)
ISO/IEC 19794-4 Information Technology - Biometric data interchange formats – -- Part 4: Finger image data	F	Interchange Formats	Evolving international standard for the operation of the biometric data interchange format
ISO/IEC 19794-5 Information Technology - Biometric data interchange formats – -- Part 5: Face image data	F	Interchange Formats	Evolving international standard for the operation of the biometric data interchange format
ISO/IEC 19794-6 Information Technology - Biometric data interchange formats – -- Part 6: Iris image data	F	Interchange Formats	Evolving international standard for the operation of the biometric data interchange format
ISO/IEC 19794-7 Information Technology - Biometric data interchange formats – -- Part 7: Signature/sign behavioural data	F	Interchange Formats	Evolving international standard for the operation of the biometric data interchange format
ISO/IEC 10918-1: 1994 Information Technology - Digital compression and coding of continous-tone still images: Requirements and Guidelines ISO/IEC 10918-1:1994/CD Cor 1 ISO/IEC 10918-2: 1995 Information Technology - Digital compression and coding of continous-tone still images: Compliance testing ISO/IEC 10918-3: 1997 Information Technology - Digital compression and coding of continous-tone still images: Extensions ISO/IEC 10918-3:1997/ Amd 1:1999 ISO/IEC 10918-4: 1999 Information Technology - Digital compression and coding of continous-tone still images: Registration of JPEG profiles, SPIFF profiles, SPIFF tags, SPIFF colour spaces, Appn markers, SPIFF compression types and Registration Authorities (REGAUT)	F	Graphical/still image information exchange specification	JPEG is an ISO image compression standard which may be appropriate for some image compression requirements for use in biometic data exchanges using the JFIF option
ISO/IEC 15444-1: 2004 Information Technology - JPEG 2000 image coding system -- Part 1: CORE coding system ISO/IEC 15444-2: 2004 Information Technology - JPEG 2000 image coding system -- Part 2: Extensions ISO/IEC 15444-4: 2004 Information Technology - JPEG 2000 image coding system -- Part 4: Conformance testing ISO/IEC 10918-3:1997/ Amd 1:1999 ISO/IEC 15444-12: 2004 Information Technology - JPEG 2000 image coding system -- Part 12: ISO base media file format	F	Graphical/still image information exchange specification
JPEG 200 (JP2) is an ISO image compression standard support by biometrics data exchange standards for image compression, providing superior performance as compared to JPEG for the compression of facial images. In addition, JP2 provides several other features useful for the capture and storage of facial images for biometric applications
ISO/CD 19092-1 Financial Services - Biometrics -- Part 1: Security Framework	F	Biometric Security	Evolving ISO standard
ISO/IEC CD 19092-2 Financial Services - Biometrics -- Part 2: Crytographic techniques	F	Biometric Security	Evolving ISO standard
ISO/IEC DIS 19784-1.2 Information Technology -- Biometric application programme interface -- Part 1: BioAPI specification	F	Biometric
Common Biometric Exchange File Format (CBEFF) April 5, 2004	F	Biometric	This is a US standard published by National Institute of Standards and Technology (NIST) as NISTIR 6529-A
ANSI X9.84-2003 Biometric Information Management and Security for the Financial Services Industry	F	Biometric	This is a US standard for safeguarding the security and privacy of all biometric data in the financial services industry
Biometric Device Protection Profile (DBPP)	F	Biometric	This is a UK Government Common Criteria Biometric Device Protection Profile being validated
Biometric Security Guidance	R	Security and Biometrics	For security Guidance Central government departments should refer to the Manual of Protective Security. Other parts of the public sector should refer to the e-Government strategy framework and guidance

Table 13 Specifications for smart travel documents doi:10.1790/653247855025

Bookmark this table

Specification	Status A = Adopted R = Recommended U = Under review F = For future consideration	Applicable to	Notes
ISO/IEC 7501-1 Identification cards – Machine readable travel documents Part 1 : Machine readable passport	R	Travel documents	This document is equivalent to ICAO 9303 part 1 for Passports, currently under revision
ISO/IEC 7501-2 Identification cards – Machine readable travel documents Part 2 : Machine readable visas	R	Travel documents	This document is equivalent to ICAO 9303 part 2 for Visas, currently under revision
ISO/IEC 7501-3 Identification cards – Machine readable travel documents Part 3 : Machine readable official travel documents	R	Travel documents	This document is equivalent to ICAO 9303 part 3 for Official Travel Documents (Cards), currently under revision

Table 14 Specifications for Accessibility and Usability doi:10.1790/310354637810

Bookmark this table

Component	Specification	Status
	A = Adopted R = Recommended U = Under review F = For future consideration
Human Computer Interfaces	ISO/TS 16071:2003 Ergonomics of human-system interaction -- Guidance on accessibility for human-computer interfaces	R
	Authoring Tool Accessibility Guidelines, version 1.0 (ATAG10) as defined by W3C	A
	Authoring Tool Accessibility Guidelines, version 2.0 (ATAG20) as defined by W3C.	F
	User Agent Accessibility Guidelines, version 1.0 (UAAG20) as defined by W3C.	A
Standard developers	CEN/CENELEC Guide 6 : January 2002 - Guidelines for standards developers to address the needs of older persons and persons with disabilities	R
Standard developers	ISO/IEC GUIDE 71:2001 Guidelines for standards developers to address the needs of older persons with disabilities	U
Web Content	Web Content Accessibility Guidelines 1.0 WCAG 1.0 Compliance to level AA is recommended, see the Cabinet Office e-Guidelines for UK Government websites for the full interpretation of WCAG.	A
	Web Content Accessibility Guidelines 2.0 WCAG 2.0	F
	Cabinet Office - Guidelines for the UK Government websites - Illustrative Handbook for web management teams.	A
	Contents Selection for Device Independence 1.0 DISelect 1.0, as defined by W3C	F
Usability	ISO 13407: 1999 Human-centred design processes for interactive systems	U
Usability	IS/TR 18529: 2000 Egonomics - Egonomics of human system interaction -- Human-centred lifecyle process	U

Cabinet Office Delivery and Transformation Group

Last updated: 2007-01-02