Closed woodbe closed 1 year ago
This may be related to Comment 2 on #408. Perhaps we suggest in part A a requirement to evaluation biometric systems against published standards, like ours, which may answer the expectations for proof of PAD performance.
@n-kai will review the ISO document and update this with a possible suggestion (or a recommendation to drop the comment).
@woodbe, I want to suggest the below based on the above comment from @gfiumara.
Could you also close #410 if this comment is acceptable? #410 is merged into the comment below.
Clause 12 of [ISO/IEC30107-3:2017] mainly defines metrics (e.g., IAPAR) that should be reported for the performance testing of PAD but provides little information about how to perform “Testing of presentation attack resistance”.
Clause 9 of [ISO/IEC30107-3:2017] requires reporting how the PAIs (e.g., fake fingerprints) are created, however, this standard doesn’t tell anything about how the PAIs should be created (e.g, material or tools used for the creation of PAIs).
Primitive PAIs can be created easily but such PAIs are simply rejected by data capture or quality check before reaching to the PAD subsystem. That’s is the reason why the Biometrics Security iTC developed the various recipes for the creation of useful PAIs to conduct the meaningful PAD testing.
[ISO/IEC30107-3] doesn’t specify who should perform the PAD testing. The Biometrics Security iTC recommends that the testing should be done by the evaluation labs to confirm that the devices have adequate presentation attack resistance because it may be difficult for non-biometric experts to judge this decision.
[ISO/IEC30107-3:2017] has been revised by [ISO/IEC 30107-3:2023] and Clause 12 of [ISO/IEC 30107-3:2017] moves to Clause 13 of [ISO/IEC 30107-3:2023].
Testing of presentation attack resistance SHALL be in accordance with industry standards. Note that industry standards can include ISO/IEC 30107, FIDO, Biometrics Security iTC or similar programs.
I have updated the sheet, replacing the earlier comment with this one. Check #401 for the latest.
https://github.com/biometricITC/cPP-biometrics/issues/401#issuecomment-1402154234
Section - 5.2.3
Page - 33
Line - 1283-1289
Comment
What are the expectations for proof on PAD (beyond the 90% success at detection)? Self-attest or validated?
Suggested Change