Hi, I have queries regarding the biometric enrollment flow requirements imposed by FIDO.
we are working on a solution that targets biometric capture on physical device, but actual identification/authentication is On-cloud. This necessarily means, the biometrics are stored/processed on-cloud.
We have some concerns regarding the enrolment restrictions imposed by FIDO:
Questions:- Does FIDO mandate 1:1 comparison in register/authenticate flows ? ( we can achieve this )
- is it ok to do 1:N comparison on-cloud for duplicate checks as part of enrollment ?
Questions based on references : FIDO Privacy principles state: "Biometric data must never leave the user’s personal computing environment"
- what is the personal computing environment here ? can it be on cloud ?
The
FIDO biometric requirements state :
- Speaking of a biometric Reference it states:
"For example, in a duplicate enrolment check a biometric reference will be used as the subject for comparison against all other biometric references in the database."- what does it mean by comparison here, does FIDO allow 1:N comparison in enrollment flow ?
- "The biometric reference is stored locally on the device" - does FIDO mandate that the biometrics NEVER leave the physical device ?