Cyberattacks continue to increase globally, causing significant financial losses for individuals and organizations that face them.
Biometric technologies, which use unique markers to identify and verify each individual, such as fingerprints and irises, are increasingly being used to accurately authenticate users of various types of accounts. They can only be subject to cyberattacks if sufficient protective mechanisms and systems are not in place.
The ISO/IEC 30107-3 standard is an international standard that defines the principles and methods for evaluating the performance of cryptographic algorithms and for reporting the results. Cryptographic algorithm mechanisms, which are commonly integrated into mobile phones and use biometric technologies, have their own specific requirements, which are detailed in the recently updated ISO/IEC 30107-4 standard. This standard has been updated to reflect the latest technologies and practices used in mobile phones.
The ISO/IEC 30107-4 standard provides requirements for evaluating the performance of mechanisms and operating systems in mobile phones with local biometric recognition. It lists the requirements of the ISO/IEC 30107-3 standard, which are specific to mobile phones.
One of the updated specifications of the standard is the addition of biometric data and requirements for verification of identity over the Internet (FIDO). FIDO is a set of security specifications for data authentication developed by the FIDO Alliance, whose mission is to reduce the possibility of password theft. The FIDO Alliance promotes the development and use of standards for identification and authentication of mobile devices.
The ISO/IEC 30107-4 standard is one of a series of standards on cybersecurity developed by the joint ISO and IEC technical committee on biometric standards, SC 37. Technical Committee SC 37 has developed over 130 international standards, with many more in the pipeline, that support interoperability and data exchange between applications and systems. The committee also monitors factors affecting biometric technologies, such as cybersecurity, as well as ethical, cross-jurisdictional, and societal issues.
Shqip