Interview with Dr Andreas Wolf, Chair ISO/IEC JTC 1 SC/27 – IT security techniques

Posted by on Jun 4, 2018 in News | 0 comments

Why are standards important for IT security and privacy?

Standards are essential for human civilization. Standards enable the global interoperability of technical solutions while ensuring that the technical progress can be applied smoothly on a global scale. Without international standards it would be much more difficult to interact with partners in different countries or on different continents. This proved to be important for the first time during the industrial revolution more than 100 years ago, and became even more important as globalization progressed. In the past, we have seen that any technology of importance has been accompanied by mechanisms to ensure its safety and security, and that the availability of such mechanisms was an indication for the maturity of these technologies. These former technologies included the steam engine and the automobile, to mention but a few. Today, information and communication technology is one of the key technologies and may very well be the most important one of our time.

In terms of function, computer networks have now reached tremendous performance levels, computers are everywhere, and artificial intelligence is leveraging the algorithmic capabilities of IT systems to unprecedented levels. Some people say that these developments are at least as important as the industrial revolution a century ago. Similar to the mechanisms that ensured the safety of steam engines in the past, society today needs mechanisms to protect us from the risks we face due to IT systems. And this is where IT security and privacy standards come into play. Since the very Web itself is global, IT security and privacy need to be considered on a global level too. International standards have proven to be a good tool when it comes to reaching a global scale.
Neither IT security nor privacy can be addressed in a simple manner. There is no such thing as: “The IT security”. There are many approaches to a vast range of challenges. But they can all be categorized and their impact can be measured and evaluated with respect to common rules developed by an international community of experts. Requirements and recommendations like these determine the value of international standards because they were developed by applying best practices and the wisdom of a countless number of experts from many different countries. In this sense, standards educate the industry, they help avoid unnecessary mistakes, and they support the efficient use of intellectual resources.

The aspect of privacy is even more complicated. While IT security aspects are evaluated more or less similarly around the globe, privacy issues are influenced by cultural and societal factors. It is a matter of fact that different countries or regions have different cultural backgrounds, different traditions, and different legislation on data protection and privacy. This makes it all the more important to define a common vocabulary on privacy concepts, and to make the privacy features and properties of IT systems or applications measurable and comparable. The best way to achieve this is to develop sound and appropriate international standards.

IT security has departed from its niche as a topic of interest merely for governments, the military and the financial sector and has become relevant to everyone who owns a computer or smartphone, i.e. virtually to all of us. Coming full circle with the industrial revolution: IT technology will reach maturity and will be trusted by society as soon as we have a set of well-established international standards in place that covers all relevant aspects of IT security and privacy.

What is ISO/IEC JTC1’s role in IT security and privacy standards? What part is SC 27 playing?
In global terms, JTC 1, the parent committee of SC 27, is, as its name “Information Technology” suggests, the leading committee on IT standardization. Within JTC 1/SC 27 is responsible for developing standards on information security management, IT security, cryptography, security management, IT security evaluation, data protection, privacy and other related topics. Past experience has shown that security and privacy related topics like these have become more and more cross-sectional and interdisciplinary. This means that topics covered by SC 27 become more relevant for many application areas, not just for information technology. This importance is indicated by the more than 70 committees and organizations liaising with SC 27, proving that there is a need to support many standardization domains with IT security and privacy standards. Almost half of these liaisons connect SC 27 with other JTC 1 committees.
Admittedly SC 27 does attract a large number of highly renowned experts in their respective fields who have been delegated to SC 27 by its current 52 Participating and 25 Observing Members but maintaining these liaisons would consume a lot of resources. JTC 1 serves as a platform that enables easier exchange with its other committees and bundles the forces of its committees in order to develop standards much faster, easier and with optimal quality. What’s more, SC 27 is in the comfortable position that many of our expert delegates work in several standardization committees, complementing the official liaison efforts in a very target-oriented manner.

But our liaisons are not one-way streets. SC 27 too supports other committees, providing them with the expertise of SC 27 and regularly making use of their domain knowledge in our standards.
SC 27 has meanwhile published 178 International Standards, and is currently running projects to develop 64 new standards. This perfectly illustrates the high and even growing importance of SC27 in standardization business. As we all know, standards are developed by contributions that come from individual experts who dedicate time and effort to the topics they are heavily involved with. The large and growing number of published standards indicates that SC 27 is continuously attracting contributing experts who are delegated by many National Bodies and who represent more or less the entire IT industry – once again demonstrating the enormous importance of the activities by SC 27.

What lies ahead for SC 27 in the years to come?
If we take a closer look at SC 27 and its history, we can see how SC 27 evolved over the past 25 years. It has grown in terms of the experts participating in its standardization projects, in terms of the Participating and Observing Members, the projects under preparation, and in terms of the different topics addressed. This development is highlighted by the structure of SC 27, which is made up of five working groups:
• WG 1 Information security management systems
• WG 2 Cryptography and security mechanisms
• WG 3 Security evaluation, testing and specification
• WG 4 Security controls and services
• WG 5 Identity management and privacy technologies
These working groups cover several aspects of SC 27’s focus areas of work. All of these aspects have ongoing relevance to our work while their impact on technology and society is increasing. SC 27 started out with information security techniques and cryptography, security management systems were included at a later stage; its newest field of work is the thematic complex of identity management and privacy. Many of our projects have to be continuously maintained and extended to new application fields. It would be not fair to mention only a few of these projects; SC 27 is currently working on many important projects. Some of them might be more well-known than others, e. g. the information security management standards covered by ISO/IEC 27000 series and the evaluation criteria for IT security (Common Criteria) in the multipart standard ISO/IEC 15408.

Within SC 27, we maintain cooperation between the working groups through regular exchange between the delegated experts. As all SC 27 working groups meet parallel twice a year, the experts may move between the groups, keeping information flowing. However, we have come to see that the growing number of topics calls for the involvement of experts from several communities and committees. In order to address such close cooperation and to accelerate the joint development of standards, we will need to travel down new roads. One option could be to set up joint working groups between SC 27 and other committees. SC 27 has already initialized such a joint working group with ISO TC 307 “Blockchain and distributed ledger technologies” and we are hopeful that this will be successful. It is quite likely, however, that we will need other mechanisms as well if we are to be able to responsively develop more new standards in line with needs in an even shorter space of time.

SC 27 will face a number of technological challenges in the coming years. Emerging technologies will grow and need to be enhanced with security aspects. These technologies include, for instance, the Internet of Things, Smart Cities, or Distributed Ledger technologies, to name just a few. It is foreseeable that any item that can be distinguished and seen as an individual will soon have to have its own identity. And that identity will need to be a secure identity. There are some expectations that the transition brought about by emerging technologies will be quite disruptive; SC 27’s task is to enable the maintenance of IT security aspects and to support the development of interoperable IT security methods required to serve future needs.

But this is only one aspect. SC 27 and its experts are also aware of their responsibility to develop good standards that allow privacy aspects to be considered in an appropriate manner. In the past, preventing harm meant ensuring that a steam engine did not explode. In today’s IT systems, this also means preventing data misuse, especially the misuse of personal data. Even if there is no international consent on the exact content of privacy rules, SC 27 is determined to provide best practice experiences and to develop measures to describe and evaluate different, conceivable levels of privacy protecting technology in order to allow a precise description and a useful comparison of products and systems.

Last, but not least, SC 27 has what could be described as a luxury problem. As the SC 27 community is growing rapidly, and as our meetings attract an ever-increasing number of experts, it is becoming more and more difficult for the National Bodies to host upcoming events. The perfect organization with excellent logistics, which is provided by the meeting hosts and which is highly appreciated by all participants, requires enormous effort, and is in no way trivial. Sometimes, simply finding meeting facilities and hotel rooms to host five working groups and their experts is a challenge, not to mention that almost all of the working groups are additionally split into sub-groups. A perfectly organized event for participants involves an incredible amount of hard work behind the scenes for the host.

Meeting time is limited, and the number of projects is growing. We now need to find new ways to make our work more efficient, e.g. by focusing meetings on the work that needs to be carried out there and preparing as much as possible in advance, or by organizing meetings in a more compact way. This kind of optimized organization is a task for management staff: the chairpersons, the secretariat, and the conveners. Fortunately, they are supported by the Management Advisory Group, a panel of highly renowned SC 27 experts.

Can you tell us about your experience in developing standards, and why you are interested in IT security and privacy?
The first time I consciously came across an International Standard in my business life was more than a decade ago when I was responsible for the Common Criteria evaluation of a biometric speaker recognition system from the manufacturer’s perspective. As it happened, CC is today an SC 27 standard. This brought me in touch with some standardization groups at DIN, the German Institute for Standardization. The one I decided to become a member of was NIA-37, the mirror of SC 37 “Biometrics”. During that time, I started working with one of the major players in the fingerprint industry, and so it was quite a logical decision for me to become involved in biometrics standardization. At the same time, I also developed an affinity to border control technologies which brought me closer to SC 17 “Cards and security devices for personal identification” and SC 31 “Automatic identification and data capture techniques”.

Now, working for Bundesdruckerei, the German State Printer, I am the editor of ISO/IEC 19794-5 and ISO/IEC 39794-5, the facial image data format standards which are mostly applied in passports and other Machine Readable Travel Documents (MRTDs). Furthermore, I am the editor of ISO/IEC TR 29196 “Guidance for biometric enrolment” in SC 37. In SC 17, I am the editor of the ICAO Portrait Quality TR and in SC 31 one of the two editors of ISO/IEC 30116 which deals with the machine readability of the Machine Readable Zone of an MRTD. I am the liaison officer between SC 37 and CEN/TC 224 and from SC 37 to SC 17. Additionally, I convene CEN/TC224 Working Group 19 which deals with breeder documents.

All of these topics have certain security aspects which are becoming increasingly important. It was therefore a natural step for me to extend my standardization work to SC 27. I especially saw for myself the close connection between IT security, privacy, and biometrics since I was involved in the development of passport, passport inspection, and border control technology. Several projects, the most important one probably being FIDELITY, funded by the European Commission in the Seventh Framework Programme, led me closer into the interconnection between new ID management technologies, data handling, IT security, and privacy considerations.

Participating in SC 27, I saw that I already knew many of the experts working in this committee from my standardization activities in the past. Taking into account the cross-sectional character of IT security and privacy, this did not come as a surprise. In recent years, and fulfilling several roles in standardization groups, I have learned a lot about the power of qualified consent as the fundamental concept on how to write good standards. It is therefore both a challenge and a pleasure to me to chair SC 27, and to support our experts in their effort to strive for good IT security and privacy standards. The chairmanship is mostly a service role, and sometimes it is a guidance and leadership role. But it is always a task that allows me to work with many good experts from all over the world, where I can learn from them and share my experiences with them. In that sense, I am happy to be elected to serve as the next Chair of SC 27.

Are there other organizations or committees also working in this area? What are their relationships to SC 27?
As information security management, IT security and privacy have always been cross-sectional and interdisciplinary issues, it is no wonder that SC 27 has many interfaces with other organizations. Besides traditionally IT-sensitive sectors (banking, government or the military), upcoming application domains (smart home, smart cities or IoT) have now come to understand their need for IT security. This means that the number of partners applying SC 27 standards or referring to SC 27 standards in their own products is growing quickly. Additionally, SC 27 receives more and more requests to develop products for specific application domains.

SC 27 liaises with more than 70 organizations, including JTC 1 sister committees and other groups from other standardization organizations like ISO, IEC, ITU, CEN, CENELEC, or ETSI, to mention but a few. We also liaise with industrial organizations and project consortia. All this illustrates the recognition that SC 27 has in the IT security and privacy community. We always strive to make everyone aware of our standardization topics and to avoid duplicate work. Finally, it does not necessarily matter that much who wrote a certain standard, as long as there are no competing standards and as long as standards are comprehensive, applicable and accepted. Sometimes, it is the best choice to develop standards in SC 27, while at other times, it makes more sense to liaise with a partner and to ensure SC 27’s expertise is reflected in the partner’s document. Developing standards is not a purely academic exercise; it is performed by stakeholders who have strong interests, both commercial and political. After all, the market needs standards that support stakeholders working on certain problems, and these standards are needed quickly, in high quality, and tailored to the needs of all countries.

All the standardization committees I have worked with in the past have developed a very enjoyable culture of cooperation. Arguments are the major force, and consensus is reached by moderating the interests of all stakeholders. This does not mean that there are no conflicts between the participating experts and National Bodies. But SC 27, like all other standardization committees, and in particular, all of its experts and officers, is committed to resolving such conflicts, to reaching consensus and to developing standards that are as good as possible. This is one of the sources of joy when working with SC 27.

122nd JTC 1/ SC 29/WG 11 meeting

Posted by on May 31, 2018 in News | 0 comments

San Diego, CA, US, 16 – 20 April 2018

Versatile Video Coding (VVC) project starts strongly in the Joint Video Experts Team
The Joint Video Experts Team (JVET), a collaborative team formed by MPEG and ITU-T Study Group 16’s VCEG commenced work on a new video coding standard to be known as Versatile Video Coding (VVC) at this meeting. The primary objective of VVC is to provide a significant improvement in compression performance over the existing HEVC standard, aiding in deployment of higher-quality video services and emerging applications such as 360° omnidirectional immersive multimedia and high-dynamic-range (HDR) video.

The development of the VVC standard is expected to be completed in 2020. The two bodies issued a joint Call for Proposals, and the responses were evaluated at the San Diego meeting. Responses to the call were received from 32 organizations, with some demonstrating compression efficiency gains of typically 40% or more when compared to using HEVC. The gain was measured in extensive formal subjective tests conducted by independent test labs. Both 360° omnidirectional video and HDR video were tested as well as conventional dynamic range video. Particular effectiveness was shown on ultra-high definition (UHD) video test material.

The results of this very successful call led to creation of a first draft, a test model for simulation experiments, and a technology benchmark set for the VVC project. The new standard is expected to enable the delivery of UHD services at bit rates that today are used to carry HDTV. Alternatively, using VVC would enable twice as much video content to be stored on a server or sent through a streaming service.

MPEG-G standards reach Draft International Standard for transport and compression technologies
The extensive usage of high-throughput deoxyribonucleic acid (DNA) sequencing technologies opens up new perspectives in the treatment of several diseases and enables “precision medicine”. As DNA sequencing technologies produce extremely large amounts of raw data, the ICT costs for the storage, transmission, and processing of DNA sequence data and related information, result to be very high due to the lack of universal standards preventing timely application of effective treatments.

The MPEG-G standard jointly developed by MPEG and ISO Technical Committee for biotechnology standards (ISO TC 276/WG 5) is the first international standard to address and solve the problem of efficient and cost-effective handling of genomic data by providing, not only new compression and transport technologies, but also a family of standard specifications associating relevant information in the form of metadata and a rich set of Application Programming Interfaces (APIs) for building a full ecosystem of interoperable applications and services capable of efficiently processing sequencing data.

At its 122nd meeting, MPEG promoted its core set of MPEG-G specifications, i.e., transport and compression technologies, to Draft International Standard (DIS) stage. Such parts of the standard provide new transport technologies (ISO/IEC 23092-1) and compression technologies (ISO/IEC 23092-2) supporting rich functionality for the access and transport including streaming of genomic data by interoperable applications. This will enable the industry to rely on a final specification in October 2018. Reference software (ISO/IEC 23092-4) and conformance (ISO/IEC 23092-5) will reach this stage in the next 12 months.

Beside standardization achievements, a workshop on the “applications of genomic information processing” has been held in conjunction with the 122nd MPEG meeting discussing requirements, open problems of genome information processing, and solutions provided by MPEG-G standards. Use cases representative of selective remote access with streaming and the execution of the Genome Analysis Toolkit (GATK) and equivalent processing pipelines using sequencing data in MPEG-G compressed forms have also been demonstrated.

MPEG issues Call for Proposals on Network-based Media Processing
Recent developments in multimedia have brought significant innovation and disruption to the way multimedia content is created and consumed. With the emergence of virtual reality (VR), augmented reality (AR), and mixed reality (MR) applications, users can interact with and navigate within the consumed content along multiple degrees of freedom.

At its 122nd meeting, MPEG has issued a Call for Proposals (CfP) on Network-based Media Processing (MPEG-I part 8). This CfP addresses advanced media processing technologies (e.g., network stitching for VR service, super resolution for enhanced visual quality, transcoding, viewport extraction for 360° video) within the network environment that allows service providers and end users to describe media processing operations that are to be performed by the network.

To achieve this objective, MPEG is working on a NBMP standard that will allow end user devices to offload certain kinds of processing to the network. NBMP describes the composition of network-based media processing services out of a set of network-based media processing functions and makes these network-based media processing services accessible through Application Programming Interfaces (APIs). Responses to the NBMP CfP will be evaluated on the weekend prior to and decisions made at the 123rd MPEG meeting in July 2018 (Ljubljana, SI).

MPEG finalizes 7th edition of MPEG-2 Systems Standard
At its 122nd meeting, MPEG promoted a new edition of its award-winning MPEG-2 Systems standard to Final Draft International Standard (FDIS), the final stage of development. As MPEG- 2 Systems is one of the most crucial standard for various digital media services, it has been constantly revised to support additional features after its first publication.

The currently published 6th edition was a result of incremental integration of 29 amendments to the first edition in 1996. The new edition will integrate three amendments to the 6th edition. Technologies to be integrated in this edition include support of transport of JPEG 2000 video with 4K resolution and ultra-low latency, carriage of media orchestration related metadata, carriage of sample variance, and carriage of HEVC tiles.

MPEG enhances ISO Base Media File Format (ISOBMFF) with two new features
At its 122nd meeting, MPEG has promoted two new technologies enhancing the power of ISOBMFF to Final Draft International Standard (FDIS), the final stage of development.

The Partial File Format (ISO/IEC 23001-14) enables the description of an ISOBMFF file partially received over lossy communication channels. It is intended to serve as a storage and exchange format for other file formats delivered over lossy channels. The format provides tools to describe reception data, the received data and document transmission information such as received or lost byte ranges and whether the corrupted/lost bytes are present in the file and repair information such as location of the source file, possible byte offsets in that source, byte stream position at which a parser can try processing a corrupted file. Depending on the communication channel, this information may be setup by the receiver or through out-of-band means.

Another technology that has been promoted to the final stage is the 2nd edition of storage of sample variants (ISO/IEC 23001-12). Sample variants are typically used to provide forensic information in the rendered sample data that can, for example, identify the specific Digital Rights Management (DRM) client which has decrypted the content. This variant framework is intended to be fully compatible with MPEG’s Common Encryption (CENC), as specified by ISO/IEC 23001-7, and agnostic to the particular forensic marking system used.

How to contact MPEG, learn more, and find other MPEG facts
To learn about MPEG basics, discover how to participate in the committee, or find out more about the array of technologies developed or currently under development by MPEG at the home page. There you will find information publicly available from MPEG experts past and present including tutorials, white papers, vision documents, and requirements under consideration for new standards efforts. You can also find useful information in many public documents by using the search window including publicly available output documents of each meeting (note: some may have editing periods and in case of questions please contact Dr. Christian Timmerer).

Examples of tutorials that can be found there include tutorials for: High Efficiency Video Coding, Advanced Audio Coding, Universal Speech and Audio Coding, and DASH to name a few. A rich repository of white papers can also be found and continues to grow. You can find these papers and tutorials for many of MPEG’s standards freely available. Press releases from previous MPEG meetings are also available.

Journalists that wish to receive MPEG Press Releases by email should contact Dr. Christian Timmerer at or

79th JPEG Meeting, La Jolla, CA, US

Posted by on May 31, 2018 in News | 0 comments


JPEG issues a new Call for Proposals to define the next generation image coding format

The 79th JPEG meeting was held in La Jolla, CA, U.S.A. A Call for Proposals (CfP) was issued for a next generation image compression standard reflecting recent evolutions in image compression technologies. The issuance of the CfP coincides with the celebration of the 25th anniversary of the first JPEG standard (JPEG-1). This call continues the JPEG tradition of requesting royalty-free image coding tools.

The following summarizes various highlights during JPEG’s La Jolla meeting.

Billions of images are captured, stored and shared on a daily basis demonstrating the self- evident need for efficient image compression. Applications, websites and user interfaces are increasingly relying on images to share experiences, stories, visual information and appealing designs.

User interfaces can target devices with stringent constraints on network connection and/or power consumption in bandwidth constrained environments. Even though network capacities are improving globally, bandwidth is constrained to levels that inhibit application responsiveness in many situations. User interfaces that utilize images containing larger resolutions, higher dynamic ranges, wider color gamuts and higher bit depths, further contribute to larger volumes of data in higher bandwidth environments.

The JPEG Committee has launched a Next Generation Image Coding activity, referred to as JPEG XL. This activity aims to develop a standard for image coding that offers substantially better compression efficiency than existing image formats (e.g. more than 60% improvement when compared to the widely used legacy JPEG format), along with features desirable for web distribution and efficient compression of high-quality images.

To this end, the JPEG Committee has issued a Call for Proposals following its 79th meeting in April 2018, with the objective of seeking technologies that fulfill the objectives and scope of a Next Generation Image Coding. The Call for Proposals (CfP), with all related info, can be found at The deadline for expression of interest and registration is August 15, 2018, and submissions to the Call are due September 1, 2018. To stay posted on the action plan for JPEG XL, please regularly consult our website at and/or subscribe to our e-mail reflector.

This project aims at the standardization of a visually lossless low-latency lightweight compression scheme that can be used as a mezzanine codec for the broadcast industry, Pro- AV and other markets such as VR/AR/MR applications and autonomous cars. Among important use cases identified one can mention in particular video transport over professional video links (SDI, IP, Ethernet), real-time video storage, memory buffers, omnidirectional video capture and rendering, and sensor compression in the automotive industry.

During the La Jolla meeting, profiles and levels have been defined to help implementers accurately size their design for their specific use cases. Transport of JPEG XS over IP networks or SDI infrastructures, are also being specified and will be finalized during the next JPEG meeting in Berlin (July 9-13, 2018). The JPEG committee therefore invites interested parties, in particular coding experts, codec providers, system integrators and potential users of the foreseen solutions, to contribute to the specification process. Publication of the core coding system as an International Standard is expected in Q4 2018.

JPEG Systems – JPEG 360
The JPEG Committee continues to make progress towards its goals to define a common framework and definitions for metadata which will improve the ability to share 360 images and provide the basis to enable new user interaction with images. At the 79th JPEG meeting in La Jolla, the JPEG committee received responses to a call for proposals it issued for JPEG 360 metadata.

As a result, JPEG Systems is readying a committee draft of “JPEG Universal Metadata Box Format (JUMBF)” as ISO/IEC 19566-5, and “JPEG 360” as ISO/IEC 19566-6. The box structure defined by JUMBF allows JPEG 360 to define a flexible metadata schema and the ability to link JPEG code streams embedded in the file. It also allows keeping unstitched image elements for omnidirectional captures together with the main image and descriptive metadata in a single file. Furthermore, JUMBF lays the groundwork for a uniform approach to integrate tools satisfying the emerging requirements for privacy and security metadata.
To stay posted on JPEG 360, please regularly consult our website at and/or subscribe to the JPEG 360 e-mail reflector.

High Throughput JPEG 2000 (HTJ2K) aims to develop an alternate block-coding algorithm that can be used in place of the existing block coding algorithm specified in ISO/IEC 15444-1 (JPEG 2000 Part 1). The objective is to significantly increase the throughput of JPEG 2000, at the expense of a small reduction in coding efficiency, while allowing mathematically lossless transcoding to and from codestreams using the existing block coding algorithm.

As a result of a Call for Proposals issued at its 76th meeting, the JPEG Committee has selected a block-coding algorithm as the basis for Part 15 of the JPEG 2000 suite of standards, known as High Throughput JPEG 2000 (HTJ2K). The algorithm has demonstrated an average tenfold increase in encoding and decoding throughput, compared to the algorithms based on JPEG 2000 Part 1.

This increase in throughput results in less than 15% average loss in coding efficiency, and allows mathematically lossless transcoding to and from JPEG 2000 Part 1 codestreams.
A Working Draft of Part 15 to the JPEG 2000 suite of standards is now under development.

JPEG Pleno
The JPEG Committee is currently pursuing three activities in the framework of the JPEG Pleno Standardization: Light Field, Point Cloud and Holographic content coding.

JPEG Pleno Light Field finished a third round of core experiments for assessing the impact of individual coding modules and started work on creating software for a verification model. Moreover, additional test data has been studied and approved for use in future core experiments.

Working Draft documents for JPEG Pleno specifications Part 1 and Part 2 were updated. A JPEG Pleno Light Field AhG was established with mandates to create a common test conditions document; perform exploration studies on new datasets, quality metrics, and random-access performance indicators; and to update the working draft documents for Part 1 and Part 2.
Furthermore, use cases were studied and are under consideration for JPEG Pleno Point Cloud. A current draft list is under discussion for the next period and will be updated and mapped to the JPEG Pleno requirements. A final document on use cases and requirements for JPEG Pleno Point Cloud is expected at the next meeting.

JPEG Pleno Holography has reviewed the draft of a holography overview document. Moreover, the current databases were classified according to use cases, and plans to analyse numerical reconstruction tools were established.

The JPEG Committee released two corrigenda to JPEG XT Part 1 (core coding system) and JPEG XT Part 8 (lossless extension JPEG-1). These corrigenda clarify the upsampling procedure for chroma-subsampled images by adopting the centred upsampling in use by JFIF.

JPEG Reference Software
The JPEG Committee is pleased to announce that the CD ballot for Reference Software has been issued for the original JPEG-1 standard. This initiative closes a long-standing gap in the legacy JPEG standard by providing two reference implementations for this widely used and popular image coding format.

JPEG 25th anniversary of the first JPEG standard

The third and final ceremony to mark the 25th anniversary of the first JPEG standard was celebrated in La Jolla, CA, USA. The anniversary included an informative two-hour JPEG Technologies Workshop on Friday April 13, 2018, with the following programme:
• 4:00-4:15 Overview of JPEG activities (Touradj Ebrahimi)
• 4:15-4:30 JPEG XS (Antonin Descampe, Thomas Richter)
• 4:30-4:45 HTJ2K (Pierre-Anthony Lemieux)
• 4:45-5:15 JPEG Pleno – Light Field, Point Cloud, Holography (Ioan Tabus, Antonio Pinheiro, Peter Schelkens)
• 5:15-5:45 JPEG Systems – Privacy and Security, 360 (Siegfried Foessel, Frederik Temmermans, Andy Kuzma)
• 5:45-6:00 JPEG XL (Fernando Pereira, Jan De Cock)
The workshop was followed by a social event where a past JPEG committee Convenor, Eric Hamilton was recognized for key contributions to the JPEG standardization.

“The JPEG Committee is hopeful to see its recently launched Next Generation Image Coding, JPEG XL, can result in a format that will become as important for imaging products and services as its predecessor was; the widely used and popular legacy JPEG format which has been in service for a quarter of century.” said Prof. Touradj Ebrahimi, the Convenor of the JPEG Committee.

About JPEG
The Joint Photographic Experts Group (JPEG) is a Working Group of ISO/IEC, the International Organisation for Standardization / International Electrotechnical Commission, (ISO/IEC JTC 1/SC 29/WG 1) and of the International Telecommunication Union (ITU-T SG16), responsible for the popular JBIG, JPEG, JPEG 2000, JPEG XR, JPSearch and more recently, the JPEG XT, JPEG XS, JPEG Systems and JPEG Pleno families of imaging standards.
The JPEG Committee nominally meets four times a year, in different world locations. The 79th JPEG Meeting was held on 9-15 April 2018, in La Jolla, California, USA. The next 80th JPEG Meeting will be held on 7-13, July 2018, in Berlin, Germany.

More information about JPEG and its work is available at or by contacting Antonio Pinheiro or Frederik Temmermans ( of the JPEG Communication Subgroup.
If you would like to stay posted on JPEG activities, please subscribe to the jpeg-news mailing list on

Future JPEG meetings are planned as follows:
• No 80, Berlin, Germany, July 7 to13, 2018
• No 81, Vancouver, Canada, October 13 to 19, 2018
• No 82, Lisbon, Portugal, January 19 to 25, 2019

SC 27 Meetings in Wuhan, China

Posted by on May 31, 2018 in News | 0 comments

16-24th April 2018
Dr Walter Fumy (SC 27 Chair)
Prof. Edward Humphreys (SC 27 Communications Officer and WG 1 Convenor)

ISO/IEC JTC 1/SC 27 and its five working groups meet in the impressive Chinese city of Wuhan in the Hubei Province during April 2018. The meetings were held in the area of the East Lake, a site of outstanding natural beauty and an ideal location for inspirational development and progression of the standards of SC 27.

Delegates and experts from thirty countries and eleven liaison organizations attended the meeting, including many from the Chinese SC 27 mirror committee TC260. Chinese delegates and experts came from government, businesses and industry. The facilities provided by the Chinese hosts for the meetings were first rate and world class, and this was a major contributor to the success of the meetings.

The Opening Ceremony was moderated by Dr Walter Fumy (SC 27 Chair) with opening speeches from Yang Xiaowei (Vice-Minister of Cyberspace Administration of China/Chairman of TC260), Yin Minghan (Vice-Administrator of Standardisation Administration of the PRC) and Li Youxiang (Standing Committee of Wuhan Municipal Committee/Vice-Mayor of Wuhan).

Today’s world of business contains lots of changes and challenges, involving many emerging technologies and innovations, and the growing need for new ideas to deal with the cyber risks associated with these challenges. SC 27 has always been at the forefront of cyber security and privacy standardization, an international centre of excellent and always ready and prepared to address the requirements of business for security solutions for the digital age.

The SC 27 working group meetings in Wuhan made substantial progress in many areas including security and privacy in Internet of Things (IoT), Big Data security and privacy, cybersecurity, enhancement of ISO/IEC
27001 for privacy protection, revision of ISO/IEC 27002:2013 and ISO/IEC 27009, revision of ‘Common Criteria’ (ISO/IEC 15048) and cryptographic techniques. The SC 27 meetings in Wuhan resourcefully moved forward to address current and future expectations of its stakeholders and its international standardization partners: finding common-ground through collaboration and consensus to deliver ‘fit-for-purpose’ solutions for cyber security and privacy.

As with previous meetings, China made many noteworthy contributions to the on-going project developments and also proposed new areas of work including the important topic of data security. The close collaboration between SC27 and the Chinese National Body mirror committee TC260 continues to develop in an enterprising and progressive way reflecting China’s role as a global player in cyberspace standards and technology.

The meetings marked a significant milestone regarding leadership of SC 27. Dr Walter Fumy has served as chair of SC 27 for 23 years during which time his professional leadership and direction of the committee has resulted in some outstanding achievements. The SC 27 Plenary held on the 23-24th was his last as chair and in recognition of his long-standing leadership he was bestowed the honorary title of SC 27 Chairman Emeritus.

The proposed future chair of SC 27 is Dr Andreas Wolf, also from Germany.
The Chinese hosted SC 27 gala dinner in Wuhan was a most memorable event. The master of gala dinner ceremonies was Yan Zhongxing (Director General of Cyberspace Administration of Wuhan) who introduces the speeches given by the Yang Jianjun, Head of the Chinese Delegation, and Xu Honglan, the Deputy-Mayor of Wuhan Municipal People’s Government. This was followed by a special recognition ceremony organized by the host to acknowledge Dr Fumy’s achievements – with a presentation by Prof. Edward Humphreys in honour of Dr Fumy, a special celebration cake and thank-you gifts from the host and SC 27. Finally, SC 27 delegates were given a spectacular Chinese cultural show involving a Chinese dance performance, traditional opera, puppet show and acrobats.

Adjacent to the meetings an International Cybersecurity Standardization Forum was held on the 15th April, bringing together speakers and experts from Chinese business and government, and from SC 27. This Forum was a great success attracting over 680 delegates. It provided the ideal opportunity for China and SC 27 to share ideas and collaborate on a range of topics that are central to today’s cyberspace world of technology and business innovation. There were key note talks from Wan Yong (Mayor of Wuhan), Yang Xiaowei (Vice-Minister of Cyberspace Administration of China/Chairman of TC260), and Yin Minghan (Vice- Administrator of Standardization Administration of the PRC).

About JTC 1/SC 42 Artificial intelligence

Posted by on May 30, 2018 in News | 0 comments

By W. Diab, Chair JTC 1/SC 42

Why are standards important for Artificial Intelligence?

Artificial Intelligence (AI) is an enabling horizontal technology. Many industry experts and analysts believe that the rapid growth in AI will enable the next digital transformation. While the field of AI is not new, an international standards committee looking at the entire AI ecosystem is a recent development.

To get a better picture of why standards in this area are important, it is helpful to identify the diverse stakeholders involved that include research, academia, industry, practitioners, policy makers, ethics advocates and more. Moreover, the application areas of AI technology are equally as diverse and numerous. These include consumer, industrial and commercial amongst others. To use the industrial sector as an example, we are seeing IT become more pervasive in the various industry verticals, including manufacturing, healthcare, robotics, and financial. To enable mass deployment and adoption of AI in these fields, standards are required. For example, on the foundational side, having common terminology that can be used by all stakeholders enables clear communication and sound decision making. Gathering use cases, their requirements and best practices for application of the technology will guide technology development. Like other transformational IT technologies, AI will be pervasive, thus addressing issues of trustworthiness from the get-go is needed. Finally, looking at the core of AI, standardization of algorithms and computational techniques will allow a higher level of adoption, use and interoperability.

What is ISO/IEC JTC1’s role in Artificial Intelligence standards? What part is SC 42 playing?

ISO/IEC JTC 1/SC 42 is the first of its kind international standards committee that is looking at the entire AI ecosystem. JTC 1 had the foresight to identify this area as a key field for IT standardization. In the creation of JTC 1/SC 42, JTC 1 scoped SC 42 to be a systems integration entity to work with other ISO, IEC and JTC 1 committees looking at AI applications. This is captured in the second bullet of JTC 1/SC 42’s scope, which reads:

Standardization in the area of Artificial Intelligence

  • Serve as the focus and proponent for JTC 1’s standardization program on Artificial Intelligence
  • Provide guidance to JTC 1, IEC, and ISO committees developing Artificial Intelligence applications

Mr. Wael William Diab was appointed as the Chairperson of the committee and Ms Heather Benko (ANSI) was appointed as the Secretariat.

From SC 42’s perspective, we serve as the focal point for AI standardization within JTC 1 and are embracing our role as a systems integration entity.

What is ahead for SC 42 in the next couple of years?

We have a lot to do. Our stakeholders include research, academia, industry, practitioners, policy makers, ethics advocates and more. AI, and by extension SC 42, is an emerging ICT area that is capturing mindshare around the world. The tremendous interest in AI is reflected by the membership of SC 42. SC 42 brings together 18 p-members and 6 o-members. At its inaugural meeting, held in Beijing, China, about 90 delegates attended from 15 p-members and 2 o-members. To address the anticipated program of work, the committee, during its inaugural meeting, setup the following structure to deal with the diverse work program it is embarking on:

  • foundational standards working group
  • computational approaches and characteristics of artificial intelligence systems study group
  • trustworthiness study group
  • use cases and applications study group

The foundational standards working group (SC 42/WG 1) will take on the two currently approved projects: Artificial Intelligence Concepts and Terminology ISO/IEC AWI 22989, and Framework for Artificial Intelligence Systems Using Machine Learning ISO/IEC AWI 23053. Mr. Paul Cotton (Canada) was appointed as Convenor of SC 42/WG 1.

With such a diverse set of stakeholders for AI, it is essential to have foundational standards that provide for a framework and common set of vocabulary. Not only does this enable stakeholders of different backgrounds and perspectives to talk the same language, it also sets the stage of how the different stakeholders and technology providers/users interact with one another. Progressing these two foundational standards is a priority of SC 42.

The computational approaches and characteristics of the artificial intelligence systems study group (SC 42/SG 1) will

  • Study different technologies (e.g., ML algorithms, reasoning etc.) used by the AI systems including their properties and characteristics.
  • Study existing specialized AI systems (e.g., NLP or computer vision) to understand and identify their underlying computational approaches, architectures, and characteristics.
  • Study industry practices, processes and methods for the application of AI systems.
  • Develop new work item proposals as appropriate and recommend placement.

Dr. Tangli Liu (China) was appointed as the Convenor of SC 42/SG 1.

At the heart of artificial intelligence are the computational approaches and algorithmic techniques that empower the insights provided by the AI engines.  The advances in ICT, specifically computational power, distributed computing methods and software capability techniques amongst others, allow for what once was science fiction to become science faction. Standardization and best practices in this area are essential to allow for innovation to occur over open standards.

The trustworthiness study group (SC 42/SG 2) will

  • Investigate approaches to establish trust in AI systems through transparency, verifiability, explainability, controllability, etc.
  • Investigate engineering pitfalls and assess typical associated threats and risks to AI systems with their mitigation techniques and methods.
  • Investigate approaches to achieve AI systems’ robustness, resiliency, reliability, accuracy, safety, security, privacy, etc.
  • Investigate types of sources of bias in AI systems with a goal of minimization, including but not limited to statistical bias in AI systems and AI aided decision making.
  • Develop new work item proposals as appropriate and recommend placement.

Dr. David Filip (Ireland) was appointed as Convenor of SC 42/SG 2.

Artificial intelligence is set to join other ICT technologies that have become ubiquitous in our lives. Recognizing this potential for AI, SC 42 took the proactive decision to form a study group to look at trustworthiness and related areas from a system perspective (such as robustness, resiliency, reliability, accuracy, safety, security, privacy) from the get-go. Leading industry experts in this field believe that one of the essential aspects to wide-spread adoption is the need to address such trustworthiness issues with standards and best practices. JTC 1/SC 42/SG 2 will work to develop new work items proposals in this area.

The use cases and applications study group (SC 42/SG 3) will

  • Identify different AI application domains (e.g., social networks and embedded systems) and the different context of their use (e.g., fintech, health care, smart home, and autonomous cars).
  • Collect representative use cases.
  • Describe applications and use cases using the terminology and concepts defined in ISO/IEC AWI 22989 and ISO/IEC AWI 23053 and extend the terms as necessary.
  • Develop new work item proposals as appropriate and recommend placement.

Dr. Fumihiro Maruyama (Japan) was appointed as Convenor of SC 42/SG 3.

Use cases are the currency by which standards development organizations collaborate with each other. As both the focal point of AI’s role as an enabling horizontal technology and in its role as an AI systems integration entity committee tasked with providing guidance to ISO, IEC and JTC 1 committees looking application areas, it is essential for SC 42 to collaborate with other committees and bring in their use cases. By way of example, use cases provided by other committees looking at different vertical application areas can allow for the distillation of technical requirements that the SC 42 committee can take into account as it drafts its standards, technical reports and best practices.

Moreover, while SC 42 will produce standards, technical reports and best practices that are ubiquitous in their nature from a horizontal technology perspective, there may be a need for producing deliverables that relate to the various applications.

In addition, JTC 1/SC 42 reinforced the decision by JTC 1 that the program of work on Big Data (JTC 1/WG 9) be transferred to JTC 1/SC 42. The JTC 1 and SC 42 leadership are in the process of developing a plan for the best and least disruptive way to move these Big Data projects into SC 42.

JTC 1’s program on Big Data, initiated a few years ago, has initiated two foundational multi-part projects around overview and vocabulary as well as a Big Data Reference Architecture (BDRA). These projects have received tremendous interest from the industry. As we look to the arc of future work, the roadmap for big data aligns well with that of SC 42. Moreover, from a data science perspective, expert participation, use cases and applications, future anticipated work on analytics, and the role of systems integration (working with other ISO, IEC and JTC 1 committees on application areas), the program of work of big data and the initial program of work identified for SC 42 line up well together. From an industry practice point of view, it is hard to imagine applications where one technology is present without the other.

As noted above under SC 42/WG 1, SC 42 currently has two approved projects in the foundational standards area that were assigned to SC 42 when it was created by JTC 1. Nonetheless, it is anticipated that the work program will grow significantly along the lines of the study groups highlighted. Moreover, as the work program and stakeholders expand, SC 42 may bring in new areas and evolve its structure accordingly.

Can you tell us about your experience in developing standards, and why you are interested in Artificial Intelligence?

My own background reflects a mix of business and technical evangelism as well as a love for innovation.[1] [2] I have always been fascinated by emerging technologies and its ability to change how we work, live and play. My experience in standards has included identifying and incubating new standardization areas; leading and participating in standards efforts; building industry ecosystems around emerging standards including collaborating with other SDOs, open source communities, consortia and government agencies; and participating in educational and research activities around standardization.

About two decades ago, I started attending standards committees where I was intrigued by how stakeholders of different backgrounds come together to not only create technical standards but in the process help grow the pie for everyone. As the application of ICT continues to become more ubiquitous across the different application areas, it is my belief that the best innovation occurs over open standards. A lesson that I learned over the years is the importance of collaboration. In the world of standards this means recognizing that no single committee can do it all. SDOs lend themselves very well to that by providing mechanisms, such as liaisons, that allow for collaboration.

In terms of my interest in AI, I have always been fascinated by the topic. The idea of having machines learn and help us live our lives better is something that is hard not to like. It is also a complex topic that brings together stakeholders of very diverse backgrounds and expertise. It is both an honor and rare opportunity to be able to work on a technology area that is at an inflection point in terms of the next digitization wave and can truly change how we live our lives in the future for generations to come.

Are there other organizations or committees also working in this area? What are their relationships to SC 42?

There are a number of organizations that include national, regional, international and industry consortia / industry alliances working on different aspects of AI. While SC 42 is looking at the AI ecosystem from an ICT perspective, it is key that we work with all these different organizations. Moreover, the application areas that both ISO and IEC oversee, which are looking at AI as an enabler for their space, is unparalleled.

At the its inaugural meeting in Beijing, China, earlier this month, SC 42 initiated the establishment of a significant number of diverse liaison relationships both internal (e.g. with ISO, IEC and JTC 1 committees) as well as external (e.g. IEEE). While SC 42 is the first international standards committee to look at the entire ecosystem, its members have recognized the need to collaborate with other premier industry leading committees working on specific aspects of AI as well as those dealing with the application of AI.

At the Digital Conference SXSW in Austin in March this year Tesla-Chef Musk said “Mark my words. AI is much more dangerous than nukes”.  Do you think he is right on that?

AI can mean different things to different people. I was not at SXSW so I cannot comment on the quote as I do not know the context nor the discussion. There are many examples of where science fiction and faction are converging. In many ways, AI fits that bill, in the sense that we can now do things computationally that were unimaginable just a few years ago. Nonetheless, to better understand AI, it is important to also look at how it is being applied. Examples include:

  • AI expert systems are helping healthcare professionals make better decisions for patients with proper trustworthiness measures designed into the system,
  • AI deployment in the industrial manufacturing sector where it is driving higher efficiencies by allowing robots to work alongside human workers with the proper safety measures designed into the system,
  • AI deployment in the financial ecosystem where it is enabling applications that range from asset management that takes into account factors such as the clients risk to fraud detection that reduces false-positives

The above examples are a very small number of use cases and application areas where AI is already being deployed. Not only are the applications more numerous and diverse (e.g. consumer, retail, digital assistants, expert systems such as smart grid, marketing intelligence tools, enterprise etc.), the demand for AI enabled applications both within these sectors and in new ones continues to rise. Recognizing the importance of understanding how AI is and will be used, SC 42 established a use cases and applications study group. The International Data Corporation (IDC) estimates that by 2019 40% of digital transformation initiatives will use AI services, estimates that by 2021 75% of enterprise applications will use AI and is forecasting that cognitive and AI spending will grow to $52.2 billion in 2021 achieving a compound annual growth rate (CAGR) of 46.2% over the 2016-2021 forecast period.[3] Taken as a whole, it is hard not to be optimistic about the benefit and positively impactful potential of AI.

Nevertheless, it is healthy to have skepticism of any new technology as this drives to make our selections better and, in the world of standards, more inclusive of all the concerns. ISO, IEC and JTC 1 provide an excellent venue to bring forth views that not only support the topic but also those that reflect such concerns. In fact, SC 42 established a trustworthiness study group to consider some of those issues and concerns. I would encourage anyone interested in AI, regardless of their view, to engage in our committee via their National Body. This broad participation will enhance the quality of the standards SC 42 develops.

[1] My educational background includes BS and MS degrees from Stanford in EE, a BA from Stanford in Economics and an MBA with honors from Wharton

[2] I have authored over 800 patents of which 300+ have been issued with the balance in examination

[3] Refer to