NIST Publishes Guidance for First Responders on the Use of Biometric Authentication for Mobile Devices

The National Institute of Standards and Technology (NIST) has published a new report on the use of biometric authentication on mobile devices to allow first responders to gain rapid access to sensitive data, while ensuring that information can only be accessed by authorized individuals.

Many public safety organizations (PSOs) are now using mobile devices to access sensitive data from any location, but ensuring access is secure and only authorized individuals can use the devices to view that information has previously relied on the use of passwords.

Passwords can be secure; however, passwords need to be complex to resist brute force attempts to guess passwords. Having to type in a long and complex password can hinder access to essential data. Oftentimes, access to sensitive data needs to be provided immediately. It is not practical for first responders to have to type in a password. Any delay, even one that lasts just a few seconds, has potential to exacerbate an emergency.

Biometrics offers a more secure authentication option than passwords and could allow access to data much more quickly. Biometric authentication such as face, fingerprint, and iris scanning solutions have been incorporated into many smartphones and Apple devices, but while the use of biometric identifiers can improve identity, credential, and access management (ICAM) capabilities and speed up access to critical data, there can be many challenges implementing mobile device biometric authentication and specific challenges for first responders.

The report, developed in joint partnership between the National Cybersecurity Center of Excellence (NCCoE) and the Public Safety Communications Research (PSCR), explores the authentication challenges faced by first responders and provides advice on how authentication solutions can be implemented.

Typically, biometric authentication is achieved through the use of wearable sensors and scanners built into devices; however, there is potential for verification errors. Scanners may fail to capture fingerprints or even grant access for false matches.

“To use biometrics in authentication, reasonable confidence is needed that the biometric system will correctly verify authorized persons and will not verify unauthorized persons,” explained NIST in its report. “The combination of these errors defines the overall accuracy of the biometric system.”

The guidance document provides insights into the efficacy of biometric authentication solutions, explains how verification errors can arise with capture, extraction, and enrolment, as the potential for false matches. The report also provides insights to allow administrators to implement biometric authentication on shared mobile devices and explains the potential privacy issues and how to mitigate those issues.

The aim of the report is to provide first responders with further information on the use of biometric device authentication and the challenges they may experience switching from passwords to allow them to make better-informed decisions about the best method of authentication to meet their needs.

NIST is seeking feedback on the report. Comments should be submitted By July 19, 2021.

Image Source: J. Stoughton/NIST

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.