FB pixel

New Zealand Digital Identity Services Trust Framework goes live this week

New Zealand Digital Identity Services Trust Framework goes live this week
 

The new rules and accreditation system for digital identity in New Zealand will take effect on Friday, November 8, when the Digital Identity Services Trust Framework (DISTF) takes effect.

A webpage dedicated to the Trust Framework on the Department of Internal Affairs site sets out the benefits of digital ID, how it can be used and the complaints process. It shows the accreditation mark that identifies trusted service providers and lists the key concepts and principles behind the Framework.

The law establishing the Trust Framework was passed last March to regulate the issuance and use of digital IDs for on and offline interactions. That legislation took effect on July 1, and Digital Identity New Zealand Executive Director Colin Wallis said for the scheme to serve New Zealanders it will need “a chunky number of identity service providers.”

Minister for Digitising Government Judith Collins noted in announcing the launch of the Trust Framework that it also sets the stage for future launches of mobile driver’s licenses, bank IDs or trade certifications.

New Zealand’s Digital Identity Services Trust Framework stipulates that digital identity services are offered on an opt-in basis, requires that users consent to any use of their digital ID, and specifies that personal and organizational data are not stored in a central database. Instead, the system uses a decentralized model, with users initiating each transaction with a request for access or to share information.

Applications for digital identity service accreditation are filed with the Trust Framework Authority, and are expected to be available before the end of the year. Assessments consider the provider’s operational capacity, conformance to identification management standards, privacy protections and security. The trust mark the Authority grants would expire after three years under current proposals.

Information is also available on the page for providers interested in going through the accreditation process. Accreditation is not mandatory to sell digital identity services in New Zealand, however.

The Framework’s authentication assurance standard, which took effect on October 1, specifies four levels of authentication assurance (LoAAs) and requirements for each. Relying parties are required to assess the authentication risk posed by their service to determine which level they must meet.

The first two levels have modest requirements, but level three requires multifactor authentication, and level four requires that one of multiple factors be biometric. Whatever authentication method is used, 30 consecutive failures to authenticate must trigger a block on the account and investigation by the relying party. Relying parties must also provide a way for people to report a compromised authenticator, and deregister the user if a biometric was used as an authenticator but not protected with presentation attack detection.

Rules for identity binding, authenticator lifecycles and limits to the knowledge authentication factor are also included in the Framework.

Biometrics must be accompanied by liveness software that complies with the ISO/IEC 30107-3 biometric presentation attack detection standard, and demonstrates effectiveness against 90 percent of attacks.

Biometric authentication systems must also have a false positive rate below 0.01 percent.

The DIA also provides a page for templates and guidance for identity service providers, which are expected to be published soon.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

IntelliVision censured for misleading biometric accuracy and bias claims by FTC

The U.S. Federal Trade Commission has slapped IntelliVision with a consent order to halt claims about the accuracy of its…

 

DHS seeks wired interconnection for mobile devices to secure biometric data

The Department of Homeland Security (DHS) is spearheading an initiative to develop a wired interconnection cable/adapter that supports secure and…

 

BixeLab offers guidance on engaging APAC digital ID market

A series of digital identity verification frameworks, regulations and laws are taking effect across the Asia-Pacific region, presenting a sizeable…

 

Unissey first to receive Injection Attack Detection certification

Liveness detection from Unissey has become the first to achieve compliance certification under the Injection Attack Detection (IAD) program as…

 

Dominican Republic biometric passport plans advance, supplier to front costs

The Dominican Republic is preparing to launch its biometric passports with embedded electronic chips to replace the machine-readable version, with…

 

Ghana upgrades to chip-embedded passport for enhanced security

Ghana has rolled out an upgraded version of its passport which is embedded with a microprocessor chip containing the holder’s…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events