How to develop a biometric system with claimed assurance

The article concerns the process of developing biometric devices with a view to submit them for certification in compliance with ISO/IEC 15408 Common Criteria. The author points at the assurance paradigm which shows that the source of assurance is a rigorous process of the product development along with methodical and independent evaluation in an accredited laboratory. The state of the art of certified biometric devices was discussed. There was some focus put on the issue of insufficient support that the developers get in this respect. Basic processes related to the Common Criteria methodology were described (IT security development, IT product development, IT product evaluation). These processes were illustrated by the elements of security specifications of certified biometric devices. The author proposes that development patterns can be used to prepare evidence material, while specialized devices supporting development processes - to deal with basic difficulties encountered by the developers of biometric devices.