Mobile News

NIST Unveils Guide to Mobile Device Authentication for First Responders

An increasing number of organizations are employing mobile devices to give first responders immediate access to data. NIST insights shed light on the role of biometrics for authentication.

NIST guidance and insights on mobile biometrics for authentication of first responders

By Jessica Davis

- A new NIST report sheds light on the role of mobile device biometrics for authentication to provide first responders immediate access to sensitive data, as an increasing number of public safety organizations adopt mobile devices to increase access to data.

“Public safety organizations face technology challenges that hinder their ability to accomplish their missions,” according to the report. “These professionals… need immediate access to critical information from the wide variety of systems technology available... to make the best possible decisions and protect themselves and the public.”

“Hand in hand with access challenges is the imperative to ensure robust internal controls on security,” it continued. “To address these challenges, all PSOs need to improve their identity, credential, and access management (ICAM) capabilities.”

To accomplish this, many of these entities have turned to biometrics, but the tool faces its own hurdles. The insights examine the role of authentication requirements and possible, inadvertent challenges caused by access requirements, such as inputting complex passwords.

NIST explained that many of these entities are turning to biometric authentication for users, but the use and deployment must be accomplished through an informed risk decision plan. As such, NIST partnered with the NCCoE and Public Safety Communications Research (PSCR) Division to explore the role of biometrics for authentication purposes.

The guidance shines a light on biometrics and biometric authentication basics, including various factors, the role it plays in verifying identity, system components, and the potential privacy impacts.

NIST also shines a light on the future of biometrics, from wearable sensors and quality metrics, to biometric fusion.

But importantly, the insights provide key challenges facing implementation of the tool, particularly around efficacy and possible verification errors, such as failure to capture, extract, enroll, or even false matches.

Administrators can also review the insights to better understand the unlocking performance of biometrics, documented by Google for Android devices and Apple for iOS.

NIST also provides guidance on needed measures for shared mobile devices, in addition to the privacy challenges posed by the practice -- and possible mitigation measures.

“To use biometrics in authentication, reasonable confidence is needed that the biometric system will correctly verify authorized persons and will not verify unauthorized persons,” according to the guide. “The combination of these errors defines the overall accuracy of the biometric system.”

“It is currently challenging to understand the efficacy of a biometric system. The details of the biometric systems in mobile devices are considered proprietary,” it added. “Confidence in mobile device biometric systems would increase if these systems could be independently verified.”

NIST is urging industry stakeholders to provide feedback on the insights. The comment period is open through July 19, 2021.