This document provides high-level security and privacy requirements for authentication using biometrics on mobile devices, in particular, for functional components, communication, storage and remote processing.

This document is applicable to remote modes, i.e. the cases where:

—     the biometric sample is captured through mobile devices, and

—     the biometric data or derived biometric data are transmitted between the mobile devices and the remote services in either or both directions.

The following are out of scope of this document:

—     the cases where the biometric data or derived biometric data never leave the mobile devices (i.e. local modes),

—     the preliminary steps for biometric enrolment before authentication procedure, and

—     the use of biometric identification as part of the authentication.