Biometric verification methods
Identity proofing stands on two pillars: document authentication and biometric verification. Biometric verification performs various procedures to match a live facial presentation to a portrait extracted from a verified identity document, thus ensuring that the holder of the document is the individual named on the identity document.
Due to the prevalence of portraits on identity documents, matching a live capture of the holder's face — a selfie — to the portrait on the identity document is a valuable user biometric verification.
Selfie capture is done using the IDEMIA SDK, which offers the following functions:
-
Automatic capture of the face once satisfactory conditions have been achieved (light, distance, centering, angle)
-
Local check of the biometric quality of the picture, with recapture if needed
Anti-spoofing features include:
-
Liveness detection based on 3D shape reconstruction
-
Guiding the user to move their head correctly
-
Video stream capture (a few seconds)
-
Local verification of the video to check that this is a 3D face (rather than, for example, a photo of a face)
-
Protection against still-image and video attacks
As discussed in Face matching configuration, the configuration affects biometric verification methods by its impact on the false acceptance rate (FAR) and false rejection rate (FRR).
Liveness detection
IDEMIA Identity Proofing platform offers a service for capturing and validating a user’s portrait. IDEMIA’s selfie liveness detection technology has successfully passed independent third-party testing for presentation attack detection (PAD) in accordance with ISO/IEC 30107-3 standards. See International standards for more information.This service performs the following:
- Captures the user’s portrait during a video stream.
- Verifies that the user is a live person.
- Verifies that the face corresponds to the face that is displayed on a reference identity document (evidence).
That reference identity document must have been previously verified by the Identity Proofing platform.
The best image is extracted from a liveness portrait video capture, which can be performed from a mobile browser or a native application. The Identity Proofing platform uses this best image internally in the same way as it uses a selfie capture image in biometric matching for user verification.
Facial recognition is the most accessible of biometric modalities. In terms of performance, it is now more accurate than untrained human examination. As images of a person are hardly difficult to come by in an age of social media, the use of presentation attack detection (PAD) technology is essential. IDEMIA strives continuously to develop and refine two different (though not mutually exclusive) approaches to liveness detection:
-
The physical approach: detect clues based on physical phenomena: reflection, focal blur, inconsistencies between scene and illumination, and inconsistencies between movement detected by the phone accelerometer and scene movement in the camera.
-
The cognitive approach: leverage the user’s cognitive abilities to differentiate between the human and the artificial: action request, sequence variation.
Liveness detection is an ongoing effort to prevent fraud, and IDEMIA is continuously improving the algorithms used. With each release, the sophistication of IDEMIA liveness detection increases, and the defense against still images and video attack improves with it.
Fraud prevention
To prevent fraud, IDEMIA's liveness detection method called LIVENESS_HIGH
, or join-the-dots, where the user must move their head in sequence following randomly generated dots on their device screen. A training mode guides the user in using the liveness detection function.
IDEMIA extends the fraud classification of Fido Biometrics Requirements as shown in the the following table:
Fraud level | Fraud types | Instances of fraud detected | Impact for user |
---|---|---|---|
Level A Simple fraud — low expertise, data easy to find | Paper printout of face image, device display of face photo | > 95% | Passive liveness detection analyzes that the head is moving as a 3D object |
Level B Intermediate fraud — data difficult to find | Simple paper masks | 80% – 90% | Passive liveness detection analyzes that the head is moving as a 3D object |
Level C Intermediate fraud — data more difficult to find | Video display of face (with movement and blinking) | 80% – 90% | Active liveness detection asks the user to turn their head in randomly chosen directions and analyzes whether the head movements are correctly executed |
Level D Difficult or sophisticated fraud | Silicone masks | N/A | Matching rejects some instances of fraud. |
User interface
Organization can select their preferred liveness detection user interface (UI) based on specific requirements and security trade-off based on the following specifications:
- The number of challenges (join-the-dots).
- The time limit for successfully completing the challenge.
- The face visibility (the user focuses on join-the-dots).
The UI is fully customizable through IDEMIA's full sample app in source code with graphic assets for reference.
Requirements for selfie liveness detection
Selfie liveness detection provides the confidence that the person authenticating is the owner of the digital credential. Below are the requirements for optimal selfie liveness detection performance:
-
The minimal resolution for the camera is HD 1280 x 720 pixels.
-
For online matching, the minimal upload connectivity is 400 kilobits per second.
-
The user’s smartphone should have access to Wi-Fi, 4G, or late-version 3G.
-
Face capture should be performed in normal, well-lit conditions to provide proper color saturation in the photo. Using a low-end smartphone or trying to do a face capture in a low-light environment may cause issues.
-
The lighting should be uniform around the user’s face, rather than strong illumination on just one side.
-
The user’s face should not be too dark, such as when a photo is taken of a face with the lighting in the direct background.
-
The user should not be wearing sunglasses or perform a face capture while their prescription glasses are dark tinted.
The feature is available for smartphones with a working camera. This technology is not compatible with slower 3G. Some smartphones, those lacking adequate hardware or software capabilities, are not supported.
User biometric portrait matching
This authentication method compares a candidate portrait against the portrait from the identity document, the reference portrait. The matching is performed in two steps:
- Check the quality of both portraits
- Match candidate portraits against a reference portrait
The verification can only be performed if a portrait and an identity document are submitted.
Applications can use the Identity Proofing platform API to verify an individual’s claimed identity by using biometric matching between the user portrait (selfie) and the portrait extracted from a reference identity document.