Archived TD0210: FIA_BMG_EXT.1.2 - SAFAR Update
The Biometric Authentication Factor (BAF) System Authentication FAR (SAFAR) requirement (FIA_BMG_EXT.1.2) in version 3.0, can never be met if the biometric is utilized separately from the password factor, even when the lowest FAR is chosen for BAF (1:10000 in FIA_BMG_EXT.1.1) and the highest SAFAR is chosen (1:10000 in FIA_BMG_EXT.1.2), when there is more than one allowed attempt at biometric authentication.
Please note that the AA contained in this TD also includes the AA for FIA_BMG_EXT.1.1, since there is a single AA for FIA_BMG_EXT.1 in version 3.0.
Appendix I remained unchanged.
FIA_BMG_EXT.1.2 The overall System Authentication False Accept Rate (SAFAR) shall be no greater than 1 in [assignment: a SAFAR no greater than 1:500] within a 1% margin.
Application Note: If “biometric fingerprint” or "hybrid" is selected in FIA_UAU.5.1, FIA_BMG_EXT.1.2 must be included in the ST.
System Authentication False Accept Rate (SAFAR) is defined by the combination of individual error rates for each authentication factor and attempts used for access to a single session on the device. Accessing a single session may involve a single authentication factor, in which case the SAFAR for a single attempt will be equal to the false accept rate (FAR) of that authentication factor and the SAFAR for n attempts will be 1-(1-FAR)n, assuming independence.
Accessing a single session on the device may involve the ability to use multiple authentication factors. It may be the case that only one authentication factor is needed to access a single session on the device (i.e., both a password and a BAF can be used, but only one is needed) or that both authentication factors are needed to access a single session on the device (i.e., both the BAF and a PIN must be entered). The full equations for calculating the SAFAR can be found in Appendix I.3. A fully worked-out example that applies the equations in Appendix I.3 for calculating the SAFAR can be found in Appendix I.4.
The 1% margin is included for cases where a biometric modality is not a critical authentication factor and thus both biometric and password can be used in a session without exceeding the declared SAFAR.
The evaluator shall verify that the TSS contains evidence supporting the testing and calculations completed to determine the FAR, FRR and SAFAR. Adequate documentation is required to demonstrate that testing was completed to support the claimed FAR and FRR.
The evaluator shall verify that the TSS indicates which SAFAR the TOE is targeting and contains evidence supporting the calculations, per Appendix I.3, completed to determine the SAFAR. The evaluator shall verify that the TSS contains evidence of how the authentication factors interact, per FIA_UAU.5.2 and FIA_AFL_EXT.1. The evaluator shall verify that the TSS, contains the combination(s) of authentication factors needed to meet the SAFAR, and the number of attempts for each authentication factor the TOE is configured to allow. Adequate documentation is required to demonstrate the calculations completed to support the claimed SAFAR.
Generally either the password or biometric can independently be used to unlock the device, thus the SAFAR was modified to allow this.