User Device
From MgmtWiki
Full Title or Meme
A portable User held computer with capability acting as or including a User Authenticator.
Context
- While it is possible to program a User Device to function with more than one user, this page will focus on a purely personal device.
- Both separate user held devices, like FIDO U2F late binding tokens, or user credential held securely in a Trusted Execution Environment on a User Device like a Smart Phone are considered.
- Biometric Attributes are taken to be exclusively the measure of human characteristics like fingerprint, facial and behavior patterns.
- The human characteristics are another factor that can be a part of Multi-factor Authentication.
- So the human characteristics can be considered to be a Credential.
- The measurements of the characteristic are compared against a template of the characteristics using some Assurance level to produce a Validated claim.
Problems
- False positives
- False negatives
- Attacks against the sensor capabilities. Various movie and television plots have shown the attacks like taking someone's eyeball, or using a thin-film replica of a finger print to complete an Authentication which Authorizes access.
Solutions
- ISO 30107-3:2017 describes testing of Biometric Attribute presentations.
