NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0301:  Updates to Administrator Management and Biometric Authenication

Publication Date

Protection Profiles

Other References

Issue Description

The Assurance Activity for FMT_SMF_EXT.3 in Appendix C adds additional actions that are not found in the SFR text.

For FIA_BMG_EXT.1.1, vendors shoud be allowed to assign their particular FAR as opposed to being forced to select one from the list. 

In Table 14 in Appendix H (H.1.3), the number of test subjects is incorrect in the corresponding row for 1:1,000,000.


MD PP v3.1 will be updated as follows:

1. The Assurance Activity for FMT_SMF_EXT.3 in Appendix C is replaced as follows:

The evaluator shall cause the TOE to be enrolled into management. The evaluator shall then invoke this mechanism and verify the ability to view that the device has been enrolled, view the management functions that the administrator is authorized to perform.

2. FIA_BMG_EXT.1.1 is modified as follows:


The one-attempt BAF False Accept Rate (FAR) for [assignment: biometric modality selected in FIA_UAU.5.1] shall not exceed [assignment: claimed FAR no greater than 1:100] with a one-attempt BAF False Reject Rate (FRR) not to exceed 1 in [assignment: claimed FRR no greater than 1:10].

The Application Note is replaced is follows:

Application Note: If a BAF or "hybrid" is selected in FIA_UAU.5.1, FIA_BMG_EXT.1.1 must be included in the ST. The assignment shall be completed for each biometric modality selected in FIA_UAU.5.1. If multiple biometric modalities are selected in FIA_UAU.5.1, it is acceptable for each modality to have a different FAR and FRR.

The False Accept Rate (FAR) is the measure of the likelihood that the biometric will incorrectly accept an authentication attempt by an unauthorized user. A system's FAR typically is stated as the proportion of verification transactions with wrongful claims of identity that are incorrectly confirmed.

The False Reject Rate (FRR) is the measure of the likelihood that the biometric security system will incorrectly reject an authentication attempt by an authorized user. A system's FRR typically is stated as the proportion of verification transactions with truthful claims of identity that are incorrectly denied.

Please note that without the use of hybrid authentication, multiple authentication attempts for a BAF that is claimed to have a one-attempt FAR between 1:100 and 1:500 inclusive will not produce an acceptable SAFAR in meeting FIA_BMG_EXT.1.2. More generally, depending on the number of authentication attempts allowed for the BAF, the claimed FAR must be strong (or equivalently, low) enough so that the SAFAR chosen in FIA_BMG_EXT.1.2 can be met within the 1% margin mandated.

Generally testing environments for a biometric system in a mobile device are based on a single legitimate user enrolling and test subjects attempt to authenticate. Since a thorough evaluation for FAR and FRR meeting all the conditions of statistical independence is not feasible in the timeframe of CC evaluations and in agreement with ISO/IEC 19795, the use of offline testing is acceptable even if this causes the biometric system to deviate slightly from the evaluated configuration. Additionally, full cross-comparison (i.e. all test subjects are compared to non-self) is acceptable.

Detailed explanations corresponding to the testing environments that are acceptable, to include the number of trials needed, can be found in Appendix H.1.

The AA is replaced as follows:

The evaluator shall verify that the TSS contains evidence supporting the testing and calculations completed to determine the FAR and FRR. Appendix H provides guidance to how this testing could be completed and to what error bars are expected when the Rule of 3 is applied. The evaluator shall consult Appendix H as a reference, but should not treat it as a mandate. The evaluator shall verify that the TSS contains evidence of whether online or offline testing was used. If offline testing was completed, evidence describing the differences between the biometric system used for testing and the TOE in the evaluated configuration, if any must be included.

The following documentation is not required to be part of the TSS - it may be submitted as a separate proprietary document.  The evaluator shall verify the evidence includes how many imposters were used for testing and that the testing describes how imposters are compared to enrolled users, for example, if multiple devices for online testing or full cross-comparison for offline testing was used. Adequate documentation is required to demonstrate that testing was completed to support the claimed FAR and FRR.



3. Table 14 in Appendix H (H.1.3) is replaced as follows:

False Error Rate False error rates, 90% confidence, c = 0.95 Number of errors (rounded) Number of test subjects needed
1% (1:100) 1% ± 0.95% 3 25
0.1% (1:1000) 0.1% ± 0.095% 3 78
0.01% (1:10000) 0.01% ± 0.0095% 3 246
0.001% (1:100000) 0.001% ± 0.00095% 3 776
0.0001% (1:1000000) 0.0001% ± 0.000095% 3 2450

See issue description.

Site Map              Contact Us              Home