FB pixel

PCTF authentication component ready for inclusion in DIACC program

Tech-agnostic document establishes criteria for trusted authentication processes
PCTF authentication component ready for inclusion in DIACC program
 

The Digital ID Authentication Council of Canada (DIACC) has released its Pan-Canadian Trust Framework (PCTF) Authentication Final Recommendation V1.2, making its authentication component ready to be added to the DIACC’s certification program.

In its own words, the PCTF Authentication Component defines “a set of processes that enable access to digital systems” and “a set of conformance criteria for each process that, when a process is shown to be compliant, enable the process to be trusted.” Criteria measure success and accuracy of authentication at login through an authentication service provider, as well as predictability and continuity in login processes.

The DIACC makes a point to note that trusted processes defined for the authentication component are “agnostic with respect to how digital IDs are issued and managed at the technology level. Each participant will need to determine which technologies and methods are best suited to the requirements of their constituents and their own target business outcomes.”

In other words, you may use biometrics, cryptographic security keys or other systems for authentication; the DIACC will only assess whether the processes can be trusted against its criteria.

However, a note on biometrics says “industry standards relevant to this PCTF component generally do not recommend the use of biometrics as the only Authentication Factor in a given system. Rather, current guidance suggests an appropriate use of biometrics is a means to unlock a local Authenticator (perhaps existing on a local device) to facilitate Authentication to a remote service.”

In this, it says, it aligns with guidance from the U.S. National Institute of Standards and Technology (NIST)’s publication 800-63-3 on digital identity, and from the Canadian Communications Security Establishment publication Information Technology Security Guidance for the Practitioner 30.031 V3 on authentication, in considering “biometric authentication appropriate only in combination with another authentication factor.”

An example of biometric authentication used in combination with another authentication factor “would be to employ a biometric solution that works across channels via facial, fingerprint or voice recognition (something you are) in addition to another authentication method such as control and possession of a mobile device (something you have).”

The DIACC believes that, by providing a reliable method for authentication, the PCTF will “foster trust and confidence among users, service providers, and stakeholders,” which is “crucial for the widespread adoption of digital services.”

The DIACC’s website has a link to access the full PCTF Authentication Component Overview Final Recommendation V1.2 document.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Edge computing firm Blaze IPOs, announces security deal with Vsblty

AI-powered edge computing company Blaize, known for its collaborations with biometric surveillance developers, went public on the Nasdaq on Tuesday….

 

Illinois to get mobile driver’s licenses in Apple Wallet by end of 2025

Illinois is “working to bring IDs in Apple Wallet to Illinois residents in the future with the goal of launching…

 

Singapore slaps app stores with age verification requirement for adult apps

Singapore will impose age assurance requirements on app stores starting in April 2025, blocking underage users from downloading social media…

 

Paravision’s next generation algorithm cracks top 5 on NIST FRTE 1:N benchmark

Facial recognition from San Francisco-based Paravision has landed in the global top 5 in the primary benchmark of the latest…

 

Age assurance legislation drives talk on how to create an age-aware internet

There are few hotter topics in biometrics and regulatory circles right now than the issue of age assurance as a…

 

Breach exposes privacy risk from de-anonymization of location data

Gravy Analytics, a prominent location data broker, has disclosed that a significant data breach potentially exposed through de-anonymization the precise…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events