Existing biometrics standards back emerging of digital ID frameworks
As frameworks for trusted online services with biometrics and digital identity systems gain traction, technology providers must understand the standards and specifications that underpin those guidelines, attendees of a recent webinar from BixeLab heard.
The workshop providing ‘Expert Tips on Biometric Certifications’ was hosted by Dr. Ted Dunstone, BixeLab managing director, with Somya Singh and Stewart Pope of BixeLab and Sanjith Sundaram, MOSIP’s head of Biometric Ecosystem.
BixeLab became a NIST-accredited lab earlier this year, and now tests to six ISO standards plus those of FIDO. Also in the past year, the lab performed what Dunstone said they believe is the first-ever voice presentation attack detection (PAD) test.
Dunstone spoke about the commonality between different modalities in terms of how they are assessed, and introduced some biometric risk factors and the process for managing them.
Pope presented the basics of biometric testing, and testing standardization.
As biometric technology proliferates, governance practices are expanding, attendees heard, as in other technologies. This goes beyond standards to also include national accreditation systems and frameworks, and digital ID systems, like MOSIP.
Assessment parameters break down into quality, accuracy and security requirements, such as the requirements for quality score, NFIQ v2.0 for registration devices, and NFIQ v1.0 for authentication devices demanded by MOSIP for image quality, Dunstone says. He also examined different ways of carrying out assessments to these parameters.
Dunstone also looked specifically into Australia’s Trusted Digital Identity Framework, and how ISO standards for biometric performance and other criteria fit into them.
Singh broke down the standardization and guidance activities of the U.S. National Institute of Standards and Technology (NIST) and testing lab requirements, and the FIDO specifications.
Sundaram covered the standards that MOSIP uses, noting its adoption in Morocco, Philippines, Sri Lanka, Guinea, Ethiopia and Togo, and predicting an exponential increase in adoption in the near future.
The MOSIP certification requirements for biometrics include standardized interfaces, image quality, hardware and other requirements. The latter also includes presentation attack detection. Some degree of flexibility is also baked into the system, however, Sundaram explains, saying “a good and new technology must not suffer just because there are no evaluation schemes.”
accuracy | biometric testing | biometrics | BixeLab | digital identity | Dr. Ted Dunstone | FIDO Alliance | MOSIP (Modular Open Source Identity Platform) | NIST | presentation attack detection | standards | trust framework