Upload
others
View
13
Download
0
Embed Size (px)
Citation preview
OFFICIAL
OFFICIAL
05 - Biometric Binding Requirements and Guidance
Trusted Digital Identity Framework (TDIF) Release 4 (R4) January 2020, version 0.1
CONSULTATION DRAFT
Digital Transformation Agency — TDIF Release 4 – Biometric Requirements and Guidance iii
OFFICIAL
OFFICIAL
Digital Transformation Agency
This work is copyright. Apart from any use as permitted under the Copyright Act 1968
and the rights explicitly granted below, all rights are reserved.
Licence
With the exception of the Commonwealth Coat of Arms and where otherwise noted,
this product is provided under a Creative Commons Attribution 4.0 International
Licence. (http://creativecommons.org/licenses/by/4.0/legalcode)
This licence lets you distribute, remix, tweak and build upon this work, even
commercially, as long as they credit the DTA for the original creation. Except where
otherwise noted, any reference to, reuse or distribution of part or all of this work must
include the following attribution:
Trusted Digital Identity Framework (TDIF)™: 05 – Biometric Binding Requirements
and Guidance © Commonwealth of Australia (Digital Transformation Agency) 2019
Use of the Coat of Arms
The terms under which the Coat of Arms can be used are detailed on the It’s an Honour website (http://www.itsanhonour.gov.au)
Conventions
TDIF documents refenced by this document are denoted in italics. For example,
TDIF: 02 - Overview is a reference to the TDIF document titled ‘02 – Overview’.
The abbreviations and terms used in this document including the key words “MUST”,
“MUST NOT”, and “MAY” are to be interpreted as described in the current published
version of the TDIF: 01 – Glossary of Abbreviations and Terms.
Contact us
The Digital Transformation Agency is committed to providing web accessible content
wherever possible. This document has undergone an accessibility check however, if
you are having difficulties with accessing the document, or have questions or
comments regarding the document please email the Director, Digital Identity Policy at
Digital Transformation Agency — TDIF Release 4 – Biometric Requirements and Guidance iv
OFFICIAL
OFFICIAL
Document management
The Trust Framework Accreditation Authority (TFAA) has reviewed and endorsed this
document for release.
Change log
Version Date Author Description of the changes
0.1 Jan 2020 BB/JCS Initial version
Digital Transformation Agency — TDIF Release 4 – Biometric Requirements and Guidance v
OFFICIAL
OFFICIAL
Contents
1 Add to Glossary ................................................................................................................ 1
2 Add to Role Requirements 2.9 ......................................................................................... 3
2.1 Requirements for biometric binding Usage terms ......................................................................... 3
2.1.1 Unsupervised Biometric binding.............................................................................................. 3
2.1.2 Requirements for presentation attack detection ..................................................................... 3
2.1.3 Specific Requirements of unsupervised biometric binding ..................................................... 4
Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 1
OFFICIAL
OFFICIAL
1 Add to Glossary 1
Acquired image. An image of the individual’s face that is used as the sample for 2
biometric matching. Source: TDIF. 3
Biometric binding. The process of linking a biometric with a validated identity, for 4
instance by performing a biometric match of the face recorded on the acquired image 5
of the individual with the face recorded on the relevant photo ID. Source: TDIF. 6
Biometric binding personnel. Personnel within the Applicant’s identity service that 7
perform a function in the biometric binding process. Source: TDIF. 8
Biometric capability. The product used by the Applicant for the purposes of identity 9
proofing and biometric binding. Source: TDIF. 10
Document biometric matching. The process of verifying that the individual’s 11
acquired image biometrically matches the corresponding image recorded in the 12
individual’s claimed document. This process includes only claimed documents that 13
contain a government issued and cryptographically signed image, such as a passport. 14
Source: TDIF. 15
Liveness detection. A type of presentation attack detection that measures and 16
analyses anatomical characteristics, involuntary or voluntary reactions. Liveness 17
detection is used in order to determine if a biometric sample is being captured from a 18
living subject present at the point of capture. Source ISO 30107. 19
Manual face comparison. The process of Biometric Binding Personnel visually 20
verifying that the physically present applicant’s likeness matches the corresponding 21
image recorded in the individual’s photo ID. Source: TDIF. 22
Presentation attack (against a biometric system). The use of an artificial object to 23
mimic the characteristics of a valid biometric in order to subvert a biometric system. 24
Source ISO 30107. 25
Presentation attack detection. The automated detection of a presentation attack 26
Source ISO 30107. 27
Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 2
OFFICIAL
OFFICIAL
Source biometric matching. The process of verifying that the individual’s acquired 28
image biometrically matches the corresponding image recorded in the individual’s 29
photo ID. Source matching is performed by the Biometric Capability. Source: TDIF. 30
Supervised biometric binding. Biometric binding performed with the individual in the 31
physical presence of the IdP. Source: TDIF. 32
[update term] Technical Verification. The act of verifying documentation using a 33
cryptographically secure technical mechanism of the document, such as a secure 34
chip or pdf document signature. Document biometric matching is one type of 35
Technical Verification. Source: TDIF. 36
Unsupervised biometric binding. Biometric binding performed remotely via the 37
internet. Source: TDIF. 38
Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 3
OFFICIAL
OFFICIAL
2 Role Specific Requirements (insert at 3.9) 39
2.1 Requirements for biometric binding 40
2.1.1 Unsupervised biometric binding 41
TDIF Req: ID-03-09-01; Updated: Jan-2020; Applicability: I 42
The Applicant MUST restrict access to the control of any aspects of the biometric 43
binding capability exclusively to personnel that have completed the appropriate 44
training pertaining to the exercise of such control. 45
TDIF Req: ID-03-09-02; Updated: Jan-2020; Applicability: I 46
The Applicant MUST acquire the image and complete source biometric matching or 47
source document matching when performing unsupervised biometric binding. 48
TDIF Req: ID-03-09-03; Updated: Jan-2020; Applicability: I 49
The Applicant MUST undertake presentation attack detection when performing 50
unsupervised biometric binding. 51
TDIF Req: ID-03-09-04; Updated: Jan-2020; Applicability: I 52
The Applicant MUST complete the image capture and presentation attack detection 53
processes as part of the same process before submission to unsupervised biometric 54
binding. This is to prevent attacks that would exploit the separation of the presentation 55
attack detection and the image acquisition. 56
2.1.2 Requirements for presentation attack detection 57
TDIF Req: ID-03-09-05; Updated: Jan-2020; Applicability: I 58
The Applicant MUST employ presentation attack detection technology to ensure the 59
acquired image is of a living human subject present at the point of capture. 60
TDIF Req: ID-03-09-06; Updated: Jan-2020; Applicability: I 61
The Applicant MUST include liveness detection processes as part of presentation 62
attack detection. 63
TDIF Req: ID-03-09-07; Updated: Jan-2020; Applicability: I 64
The Applicant MUST employ presentation attack detection technology that includes 65
data capture and system level monitoring as described by ISO 30107-1. 66
TDIF Req: ID-03-09-08; Updated: Jan-2020; Applicability: I 67
Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 4
OFFICIAL
OFFICIAL
The Applicant MUST ensure that the presentation attack detection technology meets 68
the requirements of at least Evaluation Assurance Level 1 as described by ISO 69
30107-3. 70
TDIF Req: ID-03-09-09; Updated: Jan-2020; Applicability: I 71
The Applicant MUST employ a qualified third-party testing entity with experience in 72
biometric testing and ISO 30107 to test that the presentation attack detection 73
technology meets the requirements for at least Evaluation Assurance Level 1 of ISO 74
30107-3. 75
TDIF Req: ID-03-09-09a; Updated: Jan-2020; Applicability: I 76
The Applicant MUST determine presentation attack detection outcomes in a trusted 77
computing environment. 78
TDIF Req: ID-03-09-09b; Updated: Jan-2020; Applicability: I 79
All testing performed by the Applicant MUST be performed on an end-to-end solution 80
that includes the presentation attack detection technology. 81
TDIF Req: ID-03-09-10; Updated: Jan-2020; Applicability: I 82
The Applicant MUST provide a report to the TFAA from the qualified third-party 83
testing entity outlining that the Applicant’s presentation attack detection technology 84
has been suitably tested to the specifications of at least Evaluation Assurance Level 1 85
of ISO 30107-3 and the test cases that were completed. 86
TDIF Req: ID-03-09-11; Updated: Jan-2020; Applicability: I 87
The Applicant MUST provide the TFAA with a report describing the completed 88
presentation attack detection evaluation and corresponding results. 89
TDIF Req: ID-03-09-11a; Updated: Jan-2020; Applicability: I 90
This report MUST provide results for each presentation attack type with the closest 91
possible adherence to reporting specifications as described in ISO 30107-3. 92
2.1.3 Specific Requirements of unsupervised biometric binding 93
TDIF Req: ID-03-09-12; Updated: Jan-2020; Applicability: I 94
To complete unsupervised biometric binding the Applicant MUST either: 95
• send the acquired image to the Photo ID Issuing Authority (or proxy) in the case 96
of from source biometric matching; or, 97
Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 5
OFFICIAL
OFFICIAL
• perform from document biometric matching of the acquired image against the 98
image read directly from the photo ID RFID chip. 99
2.1.3.1 Requirements of from document biometric matching 100
TDIF Req: ID-03-09-13; Updated: Jan-2020; Applicability: I 101
The Applicant MUST verify the authenticity of the image read from the photo ID RFID 102
chip according to the Photo ID Issuing Authority’s instructions. 103
TDIF Req: ID-03-09-14; Updated: Jan-2020; Applicability: I 104
The Applicant MUST only process claimed documents through from document 105
biometric matching that contain a government issued and cryptographically signed 106
image, such as a passport. 107
TDIF Req: ID-03-09-15; Updated: Jan-2020; Applicability: I 108
The Applicant MUST use a biometric matching algorithm to perform one-to-one 109
(verification) matching between the acquired image and the photo ID image. 110
TDIF Req: ID-03-09-16; Updated: Jan-2020; Applicability: I 111
The Applicant MUST NOT use a biometric matching algorithm to perform one-to-112
many matching against a database of reference images as part of the biometric 113
binding process. 114
TDIF Req: ID-03-09-17; Updated: Jan-2020; Applicability: I 115
The Applicant MUST ensure their biometric matching algorithm is tested to determine 116
the failure to enroll rate (if applicable), failure to acquire rate, false match rate and 117
false non-match rate of the capability as per the reporting specification described in 118
ISO 19795. 119
TDIF Req: ID-03-09-17a; Updated: Jan-2020; Applicability: I 120
This testing MUST be of a statistically significant volume in a verification scenario with 121
comparable image types to production expectations. 122
TDIF Req: ID-03-09-18; Updated: Jan-2020; Applicability: I 123
The Applicant MUST achieve a false match rate equivalent to ISO 19795-5 test grade 124
Level 2. This requires a false match rate of not more than 0.1% and a false non-125
match rate of not more than 5%. 126
TDIF Req: ID-03-09-018a; Updated: Jan-2020; Applicability: I 127
Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 6
OFFICIAL
OFFICIAL
The Applicant MUST record biometric matching outcomes in a trusted computing 128
environment. 129
2.1.3.1 Photo ID specific requirements 130
TDIF Req: ID-03-09-19; Updated: Jan-2020; Applicability: I 131
The Applicant MUST perform a successful match of the acquired image against the 132
image read directly from the photo ID RFID chip. 133
TDIF Req: ID-03-09-19a; Updated: Jan-2020; Applicability: I 134
The photo ID image used for biometric matching MUST NOT be from a scan of a 135
physical document. 136
TDIF Req: ID-03-09-20; Updated: Jan-2020; Applicability: I 137
Where the photo ID used is an Australian ePassport, the Applicant MUST check the 138
Country Signing Certification Authority (CSCA) Certificate as per ICAO document 139
validation guidelines OR perform a DVS check. Where the Australian passport 140
security certificate is checked, the Australian Certificate Revocation List must also be 141
checked. 142
TDIF Req: ID-03-09-20a; Updated: Jan-2020; Applicability: I 143
A DVS check MUST be performed by the Applicant where the photo ID used has no 144
readable RFID chip available or the document security is lower than that of the 145
Australian passport. 146
TDIF Req: ID-03-09-20b; Updated: Jan-2020; Applicability: I 147
A DVS check MUST be performed by the Applicant where the photo ID used is a 148
foreign passport to ensure that the foreign passport is linked to a current visa. 149
2.1.3.2 Image Quality 150
TDIF Req: ID-03-09-21; Updated: Jan-2020; Applicability: I 151
The Applicant MUST produce an acquired image quality profile which details a set of 152
minimum standards that the acquired image must meet before biometric matching. 153
TDIF Req: ID-03-09-21a; Updated: Jan-2020; Applicability: I 154
The acquired image quality profile MUST be informed by the properties and 155
characteristics described by ISO 29794-5. 156
TDIF Req: ID-03-09-22; Updated: Jan-2020; Applicability: I 157
Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 7
OFFICIAL
OFFICIAL
The Applicant capability MUST include automated quality controls and appropriate 158
user-interface instructions that directs applicants to provide an image that meets the 159
acquired image quality profile. 160
2.1.4 Requirements for manual face comparison 161
TDIF Req: ID-03-09-23; Updated: Jan-2020; Applicability: I 162
The Applicant MUST NOT attempt manual face comparison except in cases where 163
source biometric matching or document biometric matching are not possible. 164
TDIF Req: ID-03-09-24; Updated: Jan-2020; Applicability: I 165
The Applicant MUST perform a DVS check as part of the manual face comparison to 166
confirm the authenticity of a photo ID. 167
TDIF Req: ID-03-09-25; Updated: Jan-2020; Applicability: I 168
The Applicant MUST train relevant biometric binding personnel on manual face 169
comparison techniques including, but not limited to: 170
• Techniques for individual feature comparison 171
• Awareness of racial and cognitive biases 172
• Presentation attack indicators 173
• Guided matching examples 174
TDIF Req: ID-03-09-26; Updated: Jan-2020; Applicability: I 175
The Applicant MUST maintain the information associated with each individual 176
biometric transaction, including a log of activities that details which personnel 177
collected data, what data was collected, when and where the data was collected. 178
TDIF Req: ID-03-09-27; Updated: Jan-2020; Applicability: I 179
The Applicant MUST have in place audit or random checking procedures to help 180
detect fraud or inadequate manual face comparison and verification by biometric 181
binding personnel. 182
TDIF Req: ID-03-09-28; Updated: Jan-2020; Applicability: I 183
The Applicant MAY retain a copy of an image of the person captured in supervised 184
biometric binding processes until it has undergone manual face comparison by a 185
specialist examiner or undergoes random checking. 186
TDIF Req: ID-03-09-28a; Updated: Jan-2020; Applicability: I 187
Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 8
OFFICIAL
OFFICIAL
If this process takes place, the image MUST then be destroyed consistent with TDIF 188
Req: PRIV-03-08-02. 189
Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 9
OFFICIAL
OFFICIAL
3 Role Specific Guidance (insert at 3.9) 190
3.1 Biometric Binding use case 191
The use case covers the IdP creation of an identity at IP 2 Plus. This includes the 192
generic use cases for unsupervised and supervised biometric binding. At a high level, 193
this includes a check of the document either via DVS, security certificate check, or 194
visual inspection, and a check of the face against either against the document RFID 195
chip, via FVS, or by visual inspection. 196
3.2 Roles 197
The roles associated with this use case are: 198
• Identity Service Provider 199
• Individual 200
• Governance Body 201
• Photo ID Issuing Authority 202
This use case covers the applicant’s provision of the acquired image, the IdP 203
processing of the acquired image, the matching of the acquired image to the image 204
held by the Photo ID Issuing Authority and the return of a matching result. 205
3.3 Pre-conditions 206
The individual has provided IP 2 plus information (two or more documents). (Note: 207
this is assumed to be legitimate and sufficient for this use case) 208
The individual is looking to establish IP 2 Plus. 209
The individual has access to IdP application. 210
3.4 Post conditions 211
The individual has obtained digital identity at IP2 Plus. 212
Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 10
OFFICIAL
OFFICIAL
3.5 Basic Flow 213
1. The individual accesses the IdP capability. 214
2. The individual completes pre-required information fulfilment on IdP capability, 215
including the provision of two or more documents. 216
3. The documents are verified either via DVS check, security certificate check 217
(passport only), or visual inspection. 218
4. The individual provides the acquired image through the IdP capability’s face 219
image acquisition process. 220
5. The IdP capability completes biometric quality assessment (unsupervised). 221
6. The IdP capability completes Presentation Attack Detection (unsupervised). 222
7. Matching is undertaken either against the document RFID chip, via FVS, or by 223
visual inspection. 224
8. The IdP collects required data for audit (matching, presentation attack data, 225
personnel details). Note that this does not include retention of face images. 226
9. IP2 Plus is granted to the individual’s digital identity. 227
At this point the individual can now complete the action that requires the IP2 Plus 228
privilege (e.g. large financial transaction). 229
Alternative flows are executed if there is a failure at any stage in the specified flow 230
(e.g. handling detection of presentation attacks). 231
3.6 Success Criteria 232
If the Applicant’s acquired image matches the image stored in the Issuing Authority’s 233
gallery/database, verification is successful and IP2 Plus is provided. 234
Else IP2 Plus is not provided. 235
Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 11
OFFICIAL
OFFICIAL
3.7 Flow Diagram 236
237