The Biometric Certification Component Program introduces biometric requirements to the FIDO Certification Program. The goal of the Biometric Certification Component Program is to provide a framework for the certification of biometric subsystems that can in turn be integrated into FIDO Certified authenticators.
The documents for Authenticator Certification include:
|Biometric Component Certification Policy
This policy governs the biometric certification aspects of the FIDO Certification Program. It defines the overall process of the biometric certification and also answers questions around recertification.
|FIDO Authenticator Vendor NDA
Non-disclosure Agreement to be signed by Authenticator Vendors (Implementers) completing Biometric Certification.
|FIDO Biometric Certification Requirements
This document defines the requirements and test procedures for biometric component certification. It contains the requirements for the performance of the biometric authenticator as well as requirements on Presentation Attack Detection.
|FIDO Authenticator Metadata Requirements
This document defines the authenticator metadata requirements referenced in the biometric component certification requirements.
Biometric Component Certification Process
FIDO Alliance’s Biometric Component Certification Program is independent of its other certification programs. There are no FIDO certification prerequisites to apply for biometric component certification for a subsystem. Once a biometric subsystem has been certified, there are rules for how it can be integrated into an authenticator seeking FIDO Authenticator Certification. These rules are described in the Allowed Integration Document and are defined by the biometric vendor during the biometric component certification process.
The use of a certified biometric component is optional for level 1 and level 2 FIDO authenticator. At level 3 and higher an authenticator shall use a certified biometric component if a biometric modality is used for authentication.
The following figure and paragraphs explain the overall process certification of a biometric component.
FIDO Alliance’s biometric component certification secretariat reviews the application, notifies the Vendor if it is approved, rejected, or requires clarification.
In this step of the overall process the vendor submits the biometric component to a FIDO accredited biometric laboratory along with its required documentation. A time estimate is provided by the accredited laboratory; vendor and laboratory agree on the cost involved for testing.
The FIDO Accredited biometric laboratory is responsible for testing against the requirements through a combination of online and offline live subject testing. The first step in the certification process is demonstrated below.
An allowed integration document is used to document the changes that may be necessary to accommodate integration of the biometric component into an authenticator. The allowed integration document must be drafted by the vendor and provided to the accredited biometric laboratory.
A list of FIDO Accredited Biometric Laboratories is available on the FIDO website.
The accredited laboratory performs testing and returns a laboratory report to the vendor and to FIDO’s biometric certification secretariat. The report also includes the review of the allowed integration document. The laboratory must validate that the changes will not impact fulfilling the requirements.
FIDO Alliance’s biometric component certification secretariat reviews the laboratory report and makes a decision to approve, reject, or ask for clarification.
After the laboratory report has been approved, the vendor completes a certification request. The certification request also includes metadata to be added to the metadata service to describe the certified biometric subsystem (see FIDO Metadata Service).
FIDO Alliance provides information to relying parties regarding FIDO authenticators through the FIDO Metadata Service. This information can be used by relying parties for purposes such as determining whether it accepts the authenticator or enables certain privileges (e.g., checking an account balance vs. transferring funds).
The biometric-related information that the FIDO Metadata Service provides includes the following:
- Biometric Certification Level
- Self-Attested False Accept Rate (FAR)
- Self-Attested False Reject Rate (FRR)
Submitting metadata to the FIDO Metadata Service is optional. However, metadata must be submitted during the biometric component certification process and will be verified for accuracy and completeness during the laboratory evaluation.
FIDO Alliance reviews and, if complete, approves the certification request and issues a biometric compontent certificate.
Metadata Submission to MDS (Optional)
The vendor has the option to submit Metadata to the FIDO Metadata Service (MDS).
Biometric Certification Fees
- FIDO Member: $10,000 USD
- Non-Member: $13,000 USD
Biometric Implementer Dashboard
Implementers can Login to view their Dashboard.