Certified/Validated Products List

Palm Vein Authentication Software Windows Version
Ver2.00.s10

NORMEE Limited.
Product Name :
Palm Vein Authentication Software Windows Version
Version of TOE :
Ver2.00.s10
Product Type :
Biometric verification product
Certification No. :
C0663
Date :
2020-01-09
Version of Common Criteria:
3.1 Release5
Conformance Claim :
EAL2 Augmented by ALC_FLR.1
PP Identifier :
Protection Profile for Biometric Verification Product Version 1.2 (JISEC Certification No. C0501).

PRODUCT DESCRIPTION

Description of TOE

TOE is a biometric verification product for mobile devices with Windows OS and embedded front camera, such as note PC or tablets.
TOE is a software library, incorporated into application programs by application developers.

 

TOE security functionality

TOE provides biometric verification function with sufficiently low False Accept Rate and False Reject Rate, and presentation attack detection.
TOE provides the following functions.

- Extraction: Biometric features are extracted from captured raw data.
- PAD Feature Extraction: PAD feature data is extracted from raw data to determine whether it is a presentation attack or not.
- Quality Check: This function checks whether raw data have sufficient quality.
- Enrol: This function outputs extracted biometric features extracted from the Extraction function as a biometric template.
- GetRef:This function is responsible for getting the enrolled and stored biometric template corresponding to a user's ID.
- Comparator: This function compares the biometric features against the biometric template and calculates a similarity score.
- Decision: This function determines whether the verification succeeds or not based on the output from the Quality Check, the PAD Extraction and Comparator.
- Clear Memory: This function clears the content of memory which includes biometric templates, biometric features and raw data after use.

 

Security functional requirements

This TOE implements the following security functional requirements.

Security audit Non-repudiation of origin/receipt Cryptographic functionality Access control
Data authentication Export data protection Information flow control Import data protection
Internal transfer data protection Residual information protection Rollback Stored data integrity
Transfer data confidentiality Transfer data integrity Identification and authentication Security management
Privacy Control Security functionality protection Resource utilisation management TOE access control
Trusted path/channels Random number generation    
  • Enrolment of biometric template
  • Biometric verification