DTA seeks identity validation platform for Govpass program
Australians will soon be able to sign up for a national digital identity solution known as the Govpass program, touted by the federal government as making it easier for people to prove who they are when using government services.
The Digital Transformation Agency (DTA) outlined the process for applying for a Govpass in October, with the system expected to match a user's photograph, as well as Medicare, driver's licence, and birth certificate details, with information already held by various government entities.
After DTA CDO Peter Alexander revealed during Senate Estimates last month that the Govpass solution is currently non-existent, his agency is now getting the ball rolling, publishing a request for tender (RFT) overnight seeking a provider to deliver a "liveness capture" solution.
The DTA is seeking a digital credential and identity proofing solution that enables users to enrol and authenticate who they are with a "high level of confidence" through a biometrics tool that matches the person at the end of a camera to their government-issued identification, such as driver's licence and passport.
"Once proof of identity has been established, the client can use their credential to access to government services on any device using fingerprint or password," the RFT explains.
The liveness capture tool is required to work across mobile, tablet, and PC, and must possess the capability to prevent the creation of fraudulent identities.
As requested in the RFT, the software component will enable a person to capture an image of their face and include quality assurance functions such as notifying the user where image conditions are unsuitable for capture due to lighting, background, or other conditions; provide feedback to the user on pose, angle, facial expression, and other basic quality standards; and automatically crop the 1MB-max JPEG image to specified dimensions, and provide automated enhancements.
It also must force a series of checks whilst an image is being captured, the DTA explained, to detect and verify they're real; capture multiple face images or video to allow for "natural motion" checks; guide the user to follow instructions such as random head-turning; have the ability to detect audio from the user, such as voice recognition; and determine suspicious activity.
Suspicious activity could be where the user is presenting altered biometrics or printed images, digital photographs, video replays, or a digital avatar.
Out of scope for the liveness component is facial recognition or facial matching, the RFT states.
Facing the House of Representatives Standing Committee on Tax and Revenue in November, Alexander revealed that there are three providers that will be charged with the responsibility of Govpass in the first instance: The Australian Taxation Office, the Department of Human Services, and Australia Post.
"They hold a lot of identity data already," Alexander said. "It could easily be extended to jurisdictional providers and commercial providers, who are talking to banks, the Australian payment network, and others who can provide identity."
The Govpass program sits alongside the Trusted Digital Identity Framework (TDIF) that sets out the rules and standards for a nationally consistent approach to digital ID.
The liveness-proving contract is for a period of one year, with an option to extend for a further three years. Submissions close April 16, 2018, and the DTA wants the contract to begin on May 7, 2018.
RELATED COVERAGE
- Australia's digital identity platform moves into final beta
- DTA considering international 'brokerage' of digital identities
- ATO to work government's identity play into tax time requirements
- Australian government seeking digital identity credential-proofing
- RBA wants banks involved in Australian government digital identity solution
- Vault Systems to host Australia's digital identity solution
- Victoria adopts Australia Post digital proof-of-age card
- Dutton says facial recognition in lieu of passports 'very close' to reality
- Why identity management is one of the biggest challenges for blockchain (TechRepublic)
- iPhone's Face ID can be hacked, but here's why nobody needs to panic (TechRepublic)