The National Institute of Standards and Technology has updated biometric requirements in standards it is developing for digital identity.The body has released a major revision of its NIST SP 800-63-3 document this week.Speaking on a Fido Alliance webinar last night on government authentication, Elaine Newton, Standards Lead for Applied Cybersecurity at NIST, said there had been a number of changes.”With respect to biometrics, we have been asked by the community many times to update this guidance, so we have tried to address the false match rate, the presentation attack detection rate, and the ability to revoke a biometric.””For local matching, central matching and we have addressed some other privacy issues when it comes to biometrics”.NIST now states in the document:”Empirical testing of the biometric system to be deployed SHALL demonstrate an EER of 1 in 1000 or better with respect to matching performance. The biometric system SHALL operate with an FMR of 1 in 1000 or better”.”The biometric system SHOULD implement PAD. Testing of the biometric system to be deployed SHOULD demonstrate at least 90% resistance to presentation attacks for each relevant attack type (aka species), where resistance is defined as the number of thwarted presentation attacks divided by the number of trial presentation attacks.”In addition, NIST states:”If matching is performed centrally: Use of the biometric SHALL be limited to one or more specific devices that are identified using approved cryptography. ߪ Biometric revocation, referred to as biometric template protection in ISO/IEC 24745, SHALL be implemented.”To view these digital identity guidelines in full, see here

Also in the news:

Default ThumbnailJanssen Project launches to tackle digital ID Default ThumbnailOSPT Alliance launches CIPURSE training program with FIME Default ThumbnailFujitsu reveals new palm vein products