woodbe
commented
1 year ago PAD testing program comment
Closed woodbe closed 1 year ago
woodbe
commented
1 year ago PAD testing program comment
woodbe
commented
1 year ago Are mobile devices considered multi-factor when used as a biometric and something you have?
woodbe
commented
1 year ago Timeout period of forced 30 seconds after initial limit has been reached
woodbe
commented
1 year ago 50 attempts without PAD seems very high if the system is on the low-end of acceptable FMR, even with it being part of MFA
woodbe
commented
1 year ago What are the expectations for proof on PAD (beyond the 90% success at detection)? Self-attest or validated?
woodbe
commented
1 year ago How is the relation between no-PAD and PAD (the 1:2 relation) determined? Is this the correct ratio?
woodbe
commented
1 year ago sp800-63-4-suite-ipd-comment-BIO-iTC.xlsx
Initial version of the comment sheet.
woodbe
commented
1 year ago sp800-63-4-suite-ipd-comment-BIO-iTC-0222.xlsx
I have updated the comments based on the latest update from @n-kai. Please take a look.
gfiumara
commented
1 year ago I don't have any issue putting forward Comments 1-8.
Comment 7
Comment 9
In lieu of published standards on how to achieve statistically-sound demographic biometric performance testing, testing reports of biometric authentication technologies SHALL provide information about the demographic breakdown of test subjects whose biometrics were used in performance analysis.
woodbe
commented
1 year ago sp800-63-4-suite-ipd-comment-BIO-iTC-0303.xlsx
I have made the changes as suggested by @gfiumara in this version of the document.
gregott
commented
1 year ago The comments look ok to me.
We can add that in 63A lines 943 and 948 are duplicates. This is in section 5.1.8., page 22.
woodbe
commented
1 year ago sp800-63-4-suite-ipd-comment-BIO-iTC-0307.xlsx
Updated with @gregott comment
woodbe
commented
1 year ago Comments sent
Place to record draft comments
Comments that everyone agrees with will be submitted as from the iTC. Others should be submitted individually.