Guidance for Authentication of Remote Biometrics
Designation Number:
CAN/CIOSC 120
Standard Type:
National Standard of Canada - Domestic
Standard Development Activity:
New Standard
ICS code(s):
35.020
35.240
35.240.15
Status:
Proceeding to development
SDO Comment Period Start Date:
SDO Comment Period End Date:
Posted On:
Scope:
Scope
Note: CIO Strategy Council announced an organizational name change to the Digital Governance Council (DGC), effective January 30, 2023 and the creation of a new standards development division, Digital Governance Standards Institute (DGSI).
This standard will define the minimum requirements of remote identity verification
using biometrics. It will also list various attack types and explain how they can subvert the
biometric verification process. Then it will define methods that can be used to detect or
invalidate the attacks, allowing the biometric verification to be authenticated remotely.
Authentication methods that have not yet been devised can also reference this standard if
they can demonstrate how they detect or invalidate the various attack types.
Project need:
Project Need
Biometric matching is used to verify the identity of individuals in many different applications.
Recently, more of these applications occur remotely, where the individual being verified is not
present at the point of verification. In these cases, the remote biometric matching needs to be
authenticated to ensure that the biometric collected is a live sample from a real person and
that the match result or comparison score is from a trusted source.
This standard proposes to explain various attacks on remote biometric systems and how they
can be mitigated. Depending on the types of mitigation and which attacks they cover, an
authentication score can be computed. Trust can be assigned to the remote biometric process
for different types of applications depending on its authentication score.
Note: The information provided above was obtained by the Standards Council of Canada (SCC) and is provided as part of a centralized, transparent notification system for new standards development. The system allows SCC-accredited Standards Development Organizations (SDOs), and members of the public, to be informed of new work in Canadian standards development, and allows SCC-accredited SDOs to identify and resolve potential duplication of standards and effort.
Individual SDOs are responsible for the content and accuracy of the information presented here. The text is presented in the language in which it was provided to SCC.