Biometrics certification program launched
The FIDO Alliance was launched in February 2013 to address the lack of interoperability among strong authentication devices and the problems users face creating and remembering multiple usernames and passwords. Now, the organization has announced its Biometric Component Certification Program – offered as the first such program for the industry at large designed to address biometric user verification.
Biometric user verification has become a popular way to replace passwords and PINs, says the organization, but the lack of an industry-defined program to validate performance claims has led to concerns over variances in the accuracy and reliability of these solutions. The new certification program addresses this by using accredited independent labs to certify that biometric subcomponents meet globally recognized performance standards for biometric recognition performance and Presentation Attack Detection (PAD) and are fit for commercial use.
“With biometrics being a popular option for mobile and web applications implementing FIDO Authentication, there is a growing need for those service providers to appropriately assess the risk of fraud from lost or stolen devices,” says Brett McDowell, executive director of the FIDO Alliance. “While border control and law enforcement markets have mature assessment programs for their biometric systems, we were surprised that no such program existed for this rapidly growing consumer market.”
“As an organization that is driven by our members’ real-world business requirements,” says McDowell, “and already experienced at delivering globally scalable high-quality certification programs, the FIDO Alliance was the organization our members chose to fill this gap in the market.”
Until now, says the organization, due diligence was performed by enterprise customers who had the capacity to conduct such reviews, requiring biometric vendors to repeatedly prove performance for each customer. The FIDO Alliance program allows vendors to test and certify only once to validate their system’s performance and re-use that third-party validation across their potential and existing customer base.
For customers – such as regulated online service providers, OEMs, and enterprises – it provides a standardized way to trust that the biometric systems they are relying upon for fingerprint, iris, face, and/or voice recognition can reliably identify users and detect presentation attacks.
The Biometric Component Certification Program is open to all biometric authenticator subcomponents. Those vendors who achieve certification receive a Biometric Subcomponent Certificate to show they have passed the well-defined testing administered by the FIDO Alliance and accredited labs.
A vendor may also choose to go through the FIDO Authenticator Certification Program to validate that the biometric authenticator conforms to cryptographic FIDO specifications, interoperates with other products in the market, and meets certain security requirements in addition to biometric performance. For authenticators that incorporate biometric sensors, the biometric subcomponent certificate is required in order to achieve the highest levels of FIDO Authenticator security certification but remains optional for the lower levels of assurance.
The FIDO Alliance is set to host a webinar on its certification programs on September 12, 2018 at 1:00 PM eastern time.
Fingerprint security on smartphones more vulnerable than thought
ADI collaboration brings ECG biometric authentication to the car
Under-display fingerprint sensors coming to a smartphone near you
‘Three big predictions’ for sensors in security, surveillance markets
Biometrics market to double by 2021