OFFICIAL

OFFICIAL

05 - Biometric Binding Requirements and Guidance

Trusted Digital Identity Framework (TDIF) Release 4 (R4) January 2020, version 0.1

CONSULTATION DRAFT

Digital Transformation Agency — TDIF Release 4 – Biometric Requirements and Guidance iii

OFFICIAL

OFFICIAL

Digital Transformation Agency

This work is copyright. Apart from any use as permitted under the Copyright Act 1968

and the rights explicitly granted below, all rights are reserved.

Licence

With the exception of the Commonwealth Coat of Arms and where otherwise noted,

this product is provided under a Creative Commons Attribution 4.0 International

Licence. (http://creativecommons.org/licenses/by/4.0/legalcode)

This licence lets you distribute, remix, tweak and build upon this work, even

commercially, as long as they credit the DTA for the original creation. Except where

otherwise noted, any reference to, reuse or distribution of part or all of this work must

include the following attribution:

Trusted Digital Identity Framework (TDIF)™: 05 – Biometric Binding Requirements

and Guidance © Commonwealth of Australia (Digital Transformation Agency) 2019

Use of the Coat of Arms

The terms under which the Coat of Arms can be used are detailed on the It’s an Honour website (http://www.itsanhonour.gov.au)

Conventions

TDIF documents refenced by this document are denoted in italics. For example,

TDIF: 02 - Overview is a reference to the TDIF document titled ‘02 – Overview’.

The abbreviations and terms used in this document including the key words “MUST”,

“MUST NOT”, and “MAY” are to be interpreted as described in the current published

version of the TDIF: 01 – Glossary of Abbreviations and Terms.

Contact us

The Digital Transformation Agency is committed to providing web accessible content

wherever possible. This document has undergone an accessibility check however, if

you are having difficulties with accessing the document, or have questions or

comments regarding the document please email the Director, Digital Identity Policy at

identity@dta.gov.au.

Digital Transformation Agency — TDIF Release 4 – Biometric Requirements and Guidance iv

OFFICIAL

OFFICIAL

Document management

The Trust Framework Accreditation Authority (TFAA) has reviewed and endorsed this

document for release.

Change log

Version Date Author Description of the changes

0.1 Jan 2020 BB/JCS Initial version

Digital Transformation Agency — TDIF Release 4 – Biometric Requirements and Guidance v

OFFICIAL

OFFICIAL

Contents

1 Add to Glossary ................................................................................................................ 1

2 Add to Role Requirements 2.9 ......................................................................................... 3

2.1 Requirements for biometric binding Usage terms ......................................................................... 3

2.1.1 Unsupervised Biometric binding.............................................................................................. 3

2.1.2 Requirements for presentation attack detection ..................................................................... 3

2.1.3 Specific Requirements of unsupervised biometric binding ..................................................... 4

Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 1

OFFICIAL

OFFICIAL

1 Add to Glossary 1

Acquired image. An image of the individual’s face that is used as the sample for 2

biometric matching. Source: TDIF. 3

Biometric binding. The process of linking a biometric with a validated identity, for 4

instance by performing a biometric match of the face recorded on the acquired image 5

of the individual with the face recorded on the relevant photo ID. Source: TDIF. 6

Biometric binding personnel. Personnel within the Applicant’s identity service that 7

perform a function in the biometric binding process. Source: TDIF. 8

Biometric capability. The product used by the Applicant for the purposes of identity 9

proofing and biometric binding. Source: TDIF. 10

Document biometric matching. The process of verifying that the individual’s 11

acquired image biometrically matches the corresponding image recorded in the 12

individual’s claimed document. This process includes only claimed documents that 13

contain a government issued and cryptographically signed image, such as a passport. 14

Source: TDIF. 15

Liveness detection. A type of presentation attack detection that measures and 16

analyses anatomical characteristics, involuntary or voluntary reactions. Liveness 17

detection is used in order to determine if a biometric sample is being captured from a 18

living subject present at the point of capture. Source ISO 30107. 19

Manual face comparison. The process of Biometric Binding Personnel visually 20

verifying that the physically present applicant’s likeness matches the corresponding 21

image recorded in the individual’s photo ID. Source: TDIF. 22

Presentation attack (against a biometric system). The use of an artificial object to 23

mimic the characteristics of a valid biometric in order to subvert a biometric system. 24

Source ISO 30107. 25

Presentation attack detection. The automated detection of a presentation attack 26

Source ISO 30107. 27

Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 2

OFFICIAL

OFFICIAL

Source biometric matching. The process of verifying that the individual’s acquired 28

image biometrically matches the corresponding image recorded in the individual’s 29

photo ID. Source matching is performed by the Biometric Capability. Source: TDIF. 30

Supervised biometric binding. Biometric binding performed with the individual in the 31

physical presence of the IdP. Source: TDIF. 32

[update term] Technical Verification. The act of verifying documentation using a 33

cryptographically secure technical mechanism of the document, such as a secure 34

chip or pdf document signature. Document biometric matching is one type of 35

Technical Verification. Source: TDIF. 36

Unsupervised biometric binding. Biometric binding performed remotely via the 37

internet. Source: TDIF. 38

Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 3

OFFICIAL

OFFICIAL

2 Role Specific Requirements (insert at 3.9) 39

2.1 Requirements for biometric binding 40

2.1.1 Unsupervised biometric binding 41

TDIF Req: ID-03-09-01; Updated: Jan-2020; Applicability: I 42

The Applicant MUST restrict access to the control of any aspects of the biometric 43

binding capability exclusively to personnel that have completed the appropriate 44

training pertaining to the exercise of such control. 45

TDIF Req: ID-03-09-02; Updated: Jan-2020; Applicability: I 46

The Applicant MUST acquire the image and complete source biometric matching or 47

source document matching when performing unsupervised biometric binding. 48

TDIF Req: ID-03-09-03; Updated: Jan-2020; Applicability: I 49

The Applicant MUST undertake presentation attack detection when performing 50

unsupervised biometric binding. 51

TDIF Req: ID-03-09-04; Updated: Jan-2020; Applicability: I 52

The Applicant MUST complete the image capture and presentation attack detection 53

processes as part of the same process before submission to unsupervised biometric 54

binding. This is to prevent attacks that would exploit the separation of the presentation 55

attack detection and the image acquisition. 56

2.1.2 Requirements for presentation attack detection 57

TDIF Req: ID-03-09-05; Updated: Jan-2020; Applicability: I 58

The Applicant MUST employ presentation attack detection technology to ensure the 59

acquired image is of a living human subject present at the point of capture. 60

TDIF Req: ID-03-09-06; Updated: Jan-2020; Applicability: I 61

The Applicant MUST include liveness detection processes as part of presentation 62

attack detection. 63

TDIF Req: ID-03-09-07; Updated: Jan-2020; Applicability: I 64

The Applicant MUST employ presentation attack detection technology that includes 65

data capture and system level monitoring as described by ISO 30107-1. 66

TDIF Req: ID-03-09-08; Updated: Jan-2020; Applicability: I 67

Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 4

OFFICIAL

OFFICIAL

The Applicant MUST ensure that the presentation attack detection technology meets 68

the requirements of at least Evaluation Assurance Level 1 as described by ISO 69

30107-3. 70

TDIF Req: ID-03-09-09; Updated: Jan-2020; Applicability: I 71

The Applicant MUST employ a qualified third-party testing entity with experience in 72

biometric testing and ISO 30107 to test that the presentation attack detection 73

technology meets the requirements for at least Evaluation Assurance Level 1 of ISO 74

30107-3. 75

TDIF Req: ID-03-09-09a; Updated: Jan-2020; Applicability: I 76

The Applicant MUST determine presentation attack detection outcomes in a trusted 77

computing environment. 78

TDIF Req: ID-03-09-09b; Updated: Jan-2020; Applicability: I 79

All testing performed by the Applicant MUST be performed on an end-to-end solution 80

that includes the presentation attack detection technology. 81

TDIF Req: ID-03-09-10; Updated: Jan-2020; Applicability: I 82

The Applicant MUST provide a report to the TFAA from the qualified third-party 83

testing entity outlining that the Applicant’s presentation attack detection technology 84

has been suitably tested to the specifications of at least Evaluation Assurance Level 1 85

of ISO 30107-3 and the test cases that were completed. 86

TDIF Req: ID-03-09-11; Updated: Jan-2020; Applicability: I 87

The Applicant MUST provide the TFAA with a report describing the completed 88

presentation attack detection evaluation and corresponding results. 89

TDIF Req: ID-03-09-11a; Updated: Jan-2020; Applicability: I 90

This report MUST provide results for each presentation attack type with the closest 91

possible adherence to reporting specifications as described in ISO 30107-3. 92

2.1.3 Specific Requirements of unsupervised biometric binding 93

TDIF Req: ID-03-09-12; Updated: Jan-2020; Applicability: I 94

To complete unsupervised biometric binding the Applicant MUST either: 95

• send the acquired image to the Photo ID Issuing Authority (or proxy) in the case 96

of from source biometric matching; or, 97

Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 5

OFFICIAL

OFFICIAL

• perform from document biometric matching of the acquired image against the 98

image read directly from the photo ID RFID chip. 99

2.1.3.1 Requirements of from document biometric matching 100

TDIF Req: ID-03-09-13; Updated: Jan-2020; Applicability: I 101

The Applicant MUST verify the authenticity of the image read from the photo ID RFID 102

chip according to the Photo ID Issuing Authority’s instructions. 103

TDIF Req: ID-03-09-14; Updated: Jan-2020; Applicability: I 104

The Applicant MUST only process claimed documents through from document 105

biometric matching that contain a government issued and cryptographically signed 106

image, such as a passport. 107

TDIF Req: ID-03-09-15; Updated: Jan-2020; Applicability: I 108

The Applicant MUST use a biometric matching algorithm to perform one-to-one 109

(verification) matching between the acquired image and the photo ID image. 110

TDIF Req: ID-03-09-16; Updated: Jan-2020; Applicability: I 111

The Applicant MUST NOT use a biometric matching algorithm to perform one-to-112

many matching against a database of reference images as part of the biometric 113

binding process. 114

TDIF Req: ID-03-09-17; Updated: Jan-2020; Applicability: I 115

The Applicant MUST ensure their biometric matching algorithm is tested to determine 116

the failure to enroll rate (if applicable), failure to acquire rate, false match rate and 117

false non-match rate of the capability as per the reporting specification described in 118

ISO 19795. 119

TDIF Req: ID-03-09-17a; Updated: Jan-2020; Applicability: I 120

This testing MUST be of a statistically significant volume in a verification scenario with 121

comparable image types to production expectations. 122

TDIF Req: ID-03-09-18; Updated: Jan-2020; Applicability: I 123

The Applicant MUST achieve a false match rate equivalent to ISO 19795-5 test grade 124

Level 2. This requires a false match rate of not more than 0.1% and a false non-125

match rate of not more than 5%. 126

TDIF Req: ID-03-09-018a; Updated: Jan-2020; Applicability: I 127

Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 6

OFFICIAL

OFFICIAL

The Applicant MUST record biometric matching outcomes in a trusted computing 128

environment. 129

2.1.3.1 Photo ID specific requirements 130

TDIF Req: ID-03-09-19; Updated: Jan-2020; Applicability: I 131

The Applicant MUST perform a successful match of the acquired image against the 132

image read directly from the photo ID RFID chip. 133

TDIF Req: ID-03-09-19a; Updated: Jan-2020; Applicability: I 134

The photo ID image used for biometric matching MUST NOT be from a scan of a 135

physical document. 136

TDIF Req: ID-03-09-20; Updated: Jan-2020; Applicability: I 137

Where the photo ID used is an Australian ePassport, the Applicant MUST check the 138

Country Signing Certification Authority (CSCA) Certificate as per ICAO document 139

validation guidelines OR perform a DVS check. Where the Australian passport 140

security certificate is checked, the Australian Certificate Revocation List must also be 141

checked. 142

TDIF Req: ID-03-09-20a; Updated: Jan-2020; Applicability: I 143

A DVS check MUST be performed by the Applicant where the photo ID used has no 144

readable RFID chip available or the document security is lower than that of the 145

Australian passport. 146

TDIF Req: ID-03-09-20b; Updated: Jan-2020; Applicability: I 147

A DVS check MUST be performed by the Applicant where the photo ID used is a 148

foreign passport to ensure that the foreign passport is linked to a current visa. 149

2.1.3.2 Image Quality 150

TDIF Req: ID-03-09-21; Updated: Jan-2020; Applicability: I 151

The Applicant MUST produce an acquired image quality profile which details a set of 152

minimum standards that the acquired image must meet before biometric matching. 153

TDIF Req: ID-03-09-21a; Updated: Jan-2020; Applicability: I 154

The acquired image quality profile MUST be informed by the properties and 155

characteristics described by ISO 29794-5. 156

TDIF Req: ID-03-09-22; Updated: Jan-2020; Applicability: I 157

Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 7

OFFICIAL

OFFICIAL

The Applicant capability MUST include automated quality controls and appropriate 158

user-interface instructions that directs applicants to provide an image that meets the 159

acquired image quality profile. 160

2.1.4 Requirements for manual face comparison 161

TDIF Req: ID-03-09-23; Updated: Jan-2020; Applicability: I 162

The Applicant MUST NOT attempt manual face comparison except in cases where 163

source biometric matching or document biometric matching are not possible. 164

TDIF Req: ID-03-09-24; Updated: Jan-2020; Applicability: I 165

The Applicant MUST perform a DVS check as part of the manual face comparison to 166

confirm the authenticity of a photo ID. 167

TDIF Req: ID-03-09-25; Updated: Jan-2020; Applicability: I 168

The Applicant MUST train relevant biometric binding personnel on manual face 169

comparison techniques including, but not limited to: 170

• Techniques for individual feature comparison 171

• Awareness of racial and cognitive biases 172

• Presentation attack indicators 173

• Guided matching examples 174

TDIF Req: ID-03-09-26; Updated: Jan-2020; Applicability: I 175

The Applicant MUST maintain the information associated with each individual 176

biometric transaction, including a log of activities that details which personnel 177

collected data, what data was collected, when and where the data was collected. 178

TDIF Req: ID-03-09-27; Updated: Jan-2020; Applicability: I 179

The Applicant MUST have in place audit or random checking procedures to help 180

detect fraud or inadequate manual face comparison and verification by biometric 181

binding personnel. 182

TDIF Req: ID-03-09-28; Updated: Jan-2020; Applicability: I 183

The Applicant MAY retain a copy of an image of the person captured in supervised 184

biometric binding processes until it has undergone manual face comparison by a 185

specialist examiner or undergoes random checking. 186

TDIF Req: ID-03-09-28a; Updated: Jan-2020; Applicability: I 187

Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 8

OFFICIAL

OFFICIAL

If this process takes place, the image MUST then be destroyed consistent with TDIF 188

Req: PRIV-03-08-02. 189

Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 9

OFFICIAL

OFFICIAL

3 Role Specific Guidance (insert at 3.9) 190

3.1 Biometric Binding use case 191

The use case covers the IdP creation of an identity at IP 2 Plus. This includes the 192

generic use cases for unsupervised and supervised biometric binding. At a high level, 193

this includes a check of the document either via DVS, security certificate check, or 194

visual inspection, and a check of the face against either against the document RFID 195

chip, via FVS, or by visual inspection. 196

3.2 Roles 197

The roles associated with this use case are: 198

• Identity Service Provider 199

• Individual 200

• Governance Body 201

• Photo ID Issuing Authority 202

This use case covers the applicant’s provision of the acquired image, the IdP 203

processing of the acquired image, the matching of the acquired image to the image 204

held by the Photo ID Issuing Authority and the return of a matching result. 205

3.3 Pre-conditions 206

The individual has provided IP 2 plus information (two or more documents). (Note: 207

this is assumed to be legitimate and sufficient for this use case) 208

The individual is looking to establish IP 2 Plus. 209

The individual has access to IdP application. 210

3.4 Post conditions 211

The individual has obtained digital identity at IP2 Plus. 212

Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 10

OFFICIAL

OFFICIAL

3.5 Basic Flow 213

1. The individual accesses the IdP capability. 214

2. The individual completes pre-required information fulfilment on IdP capability, 215

including the provision of two or more documents. 216

3. The documents are verified either via DVS check, security certificate check 217

(passport only), or visual inspection. 218

4. The individual provides the acquired image through the IdP capability’s face 219

image acquisition process. 220

5. The IdP capability completes biometric quality assessment (unsupervised). 221

6. The IdP capability completes Presentation Attack Detection (unsupervised). 222

7. Matching is undertaken either against the document RFID chip, via FVS, or by 223

visual inspection. 224

8. The IdP collects required data for audit (matching, presentation attack data, 225

personnel details). Note that this does not include retention of face images. 226

9. IP2 Plus is granted to the individual’s digital identity. 227

At this point the individual can now complete the action that requires the IP2 Plus 228

privilege (e.g. large financial transaction). 229

Alternative flows are executed if there is a failure at any stage in the specified flow 230

(e.g. handling detection of presentation attacks). 231

3.6 Success Criteria 232

If the Applicant’s acquired image matches the image stored in the Issuing Authority’s 233

gallery/database, verification is successful and IP2 Plus is provided. 234

Else IP2 Plus is not provided. 235

Digital Transformation Agency — TDIF: 05 – Biometric Requirements and Guidance 11

OFFICIAL

OFFICIAL

3.7 Flow Diagram 236

237