Programme certifies that biometric recognition systems meet globally recognised performance standards and are fit for commercial use
Biometric user verification has become a popular way to replace passwords and PINs, but the lack of an industry-defined programme to validate performance claims has led to concerns over variances in the accuracy and reliability of these solutions.
To fill this gap, the FIDO Alliance today announced its Biometric Component Certification Programme – the first such programme for the industry at large. The programme utilises accredited independent labs to certify that biometric subcomponents meet globally recognised performance standards1 for biometric recognition performance and Presentation Attack Detection (PAD)2 and are fit for commercial use.
The FIDO Alliance aims to deliver several benefits to providers and users of biometric recognition systems through the new Biometric Component Certification Programme. Until now, due diligence was performed by enterprise customers who had the capacity to conduct such reviews. This required biometric vendors to repeatedly prove performance for each customer. The FIDO Alliance programme allows vendors to test and certify only once to validate their system’s performance and re-use that third-party validation across their potential and existing customer base, resulting in substantial time and cost savings. For customers, such as regulated online service providers, OEM’s and enterprises, it provides a standardised way to trust that the biometric systems they are relying upon for fingerprint, iris, face and/or voice recognition can reliably identify users and detect presentation attacks.
“The lack of standards has long been an issue in biometrics, forcing security professionals to ‘get deep in the weeds’ to not only understand the attributes that are important but subsequently evaluate vendors on those attributes. An unbiased Alliance-based certification programme expedites solution evaluation for companies but also eases adoption by providing assurances to the C-suite of proper choice,” said Frank Dickson, research vice president, IDC.
“With biometrics being a popular option for mobile and web applications implementing FIDO Authentication, there is a growing need for those service providers to appropriately assess the risk of fraud from lost or stolen devices. While border control and law enforcement markets have mature assessment programmes for their biometric systems, we were surprised that no such programme existed for this rapidly growing consumer market,” said Brett McDowell, executive director of the FIDO Alliance. “As an organisation that is driven by our members’ real-world business requirements, and already experienced at delivering globally scalable high-quality certification programme, the FIDO Alliance was the organisation our members chose to fill this gap in the market.”
The Biometric Component Certification Programme is open to all biometric authenticator subcomponents. Those vendors who achieve certification receive a Biometric Subcomponent Certificate to show they have passed the well-defined testing administered by the FIDO Alliance and accredited labs.
To fully meet anticipated customer requirements, a vendor may also choose to go through the FIDO Authenticator Certification Programme to validate that the biometric authenticator conforms to cryptographic FIDO specifications, interoperates with other products in the market and meets certain security requirements in addition to biometric performance. For authenticators that incorporate biometric sensors, the biometric subcomponent certificate is required in order to achieve the highest levels of FIDO Authenticator security certification but remains optional for the lower levels of assurance. Only those that successfully complete the FIDO Authenticator Certification Programme can use the FIDO or FIDO Certified trademarks.
Biometric technology suppliers interested in participating in the programme can visit https://fidoalliance.org/biometric-component-certification-programmeme to get started.
The FIDO Alliance is set to host a webinar on its certification programmes on September 12, 2018 at 6:00 p.m. BST. Registration information can be found at https://fidoalliance.org/events/certification-webinar/.