ETSI standard for mobile biometrics and security certified by French authority

ETSI has had its suite of specifications for mobile device security and biometrics certified by France’s cybersecurity agency (ANSSI) under the Common Criteria framework.

The certification is the first by a national authority for comprehensive smartphone security assessments based on a comprehensive set of specifications, according to the announcement, setting up third-party certification tests.

ETSI’s Consumer Mobile Device Protection Profile standard is intended to identify the key security and privacy risks for users of mobile devices. Based on them, it provides criteria for security certification that manufacturers can use, and a methodology for evaluators to use in assessing consumer products. ETSI says it will be suitable for certifications under the European Cyber Resilience Act, when it enters into force this year later this year.

TS 103 732-1 and TS 103 732-2 are a “Base Protection Profile” and “Biometric Authentication Protection Profile Module,” respectively. The base profile defines what should be evaluated, the security challenges that need to be addressed, and the objectives for doing so. The biometric authentication profile sets false acceptance rate (FAR) of 1 in 50,000 for 2D face biometrics, 1 in 100,000 for 3D face, and 1 in 50,000 for fingerprints at a false rejection rate (FRR) of 1 in 20 for 2D face, 1 in 33 for 3D face, and 1 in 33 for fingerprint biometrics. Presentation attack detection (PAD) is out of scope for the specification.

TS 103 932-1 is a complementary technical specification defining the configuration for evaluations and merging the requirements of the other two.

The revised multi-part specification was written with contributions from stakeholders among OS developers, smartphone manufacturers, network operators, regulatory authorities and user associations, ETSI says.

ETSI Cybersecurity Technical Committee Chair Alex Leadbeater notes the prevalence of smartphones and tablets in people’s everyday lives. “Research by GSMA indicates that nine out of ten consumers globally are concerned over smartphone data security and privacy, with 64 percent of consumers citing security as being ‘very important’ in their criteria for buying a smartphone,” he says.

Article Topics

ANSSI  |  biometrics  |  cybersecurity  |  ETSI  |  France  |  mobile biometrics  |  smartphones  |  standards