BT/ Amazon announces passkey rollout for biometric passwordless login

Paradigm

Follow

Published in

Paradigm

21 min readNov 6, 2023

--

Biometrics biweekly vol. 76, 23rd October — 6th November

TL;DR

Amazon has now formally announced that it supports passkeys on browsers and the iOS Amazon Shopping App
Worldcoin’s digital ID wallet reaches 4M downloads in 6 months
Civic introduces Proof of Personhood with FaceTec biometrics and liveness
Jumio launches new predictive fraud analytics tool that looks at billions of data points
SecureAuth reveals BeyondTrust behavioral biometrics integration, 3 new patents
Suprema updates BioStation for access control with edge fingerprint biometrics
Metalenz captures facial signature with new Polar ID imaging system for face unlock
Mindtech’s Digital Humans 2.0 aims to mitigate bias in synthetic datasets
Fingerprint Cards strengthens partnership with Infineon to develop biometric authentication
Telpo touts a biometric visitor registration terminal for efficient check-in, access control
Partnerships for secure access control signed by Alcatraz, IdRamp, PlainID
Veriff, authID announce biometric identity verification platform updates
Imprivata, Idemia, and Aware launch facial recognition for mobile prescriptions
Idex reports new and advancing biometric payment card partnerships
Entersekt announces authentication integrations for financial institutions
OneID to provide IDV for more digital signatures as their availability, and scope grows
Mastercard’s Community Pass founder says digital ID platform improving lives, digital inclusion
UNDP launching inclusive digital public infrastructure development initiative
Yubico joins EWC’s large-scale pilot for EU digital ID wallets ahead of eIDAS 2.0
Implement behavioral biometrics to stop money mules, says UK’s financial regulator
Denmark shifts to MitID as legacy digital ID becomes inactive at midnight, Nov. 1
Nepal’s takeover of Migrant Resource Centres highlights digital transformation challenge
Jamaica embracing digital transformation, revises national ID draft regulation
Oman holds first remote elections with biometric IDs from Tech5 and uqudo
Namibia, and Zambia partner to share expertise on CRVS, identity management
Kenya gazettes new digital ID legislation, adds face and iris biometrics
UAE’s growing emphasis on biometrics for travel on display at Gitex Global
A hacker claimed to be selling a database containing the sensitive Aadhaar records of more than 815M Indian citizens on the dark web
A seemingly impossibly small radar sensor capable of detecting biometrics including the heart beats has been created by researchers at the University of California, Davis
Biometrics research could gain from an open science approach to data management
Biometric industry events. And more!

Biometrics Market

The Biometric system market size is projected to grow from USD 36.6 billion in 2020 to USD 68.6 billion by 2025; it is estimated to grow at a CAGR of 13.4% during the forecast period. Increasing use of biometrics in consumer electronic devices for authentication and identification purposes, the growing need for surveillance and security with the heightened threat of terrorist attacks, and the surging adoption of biometric technology in automotive applications are the major factors propelling the growth of the biometric system market.

Biometric Research & Development

Latest Research:

Tiny radar biometric sensor could identify people by their heartbeat — researchers

A seemingly impossibly small radar sensor capable of detecting biometrics including heartbeats has been created by researchers at the University of California, Davis.

The sensor is described as being the size of a sesame seed and funded by the Foundation for Food & Agriculture Research.

While that seems random, the battery-powered sensor, which was built in the school’s Electrical and Computer Engineering Department, is so sensitive, that it can hear a small leaf thinning as it runs out of water.

*The new sensor is energy-efficient and cheap to produce.*

It can detect vibrations that are a hundred times as small as a human hair. According to UC Davis, the millimeter-wave sensor the team created is inexpensive to manufacture at scale.

The researchers say they are building on previous designs that used more power than was desirable and that had difficulty separating signal from noise.

Instead of working on a hardware answer to the noise problem, which would have increased the need for power, they used software on the sensor itself to cancel noise.

It is considered a short-range sensor, but it is unclear just how short the range is.

'Impossible' Millimeter Wave Sensor Has Wide Potential

A millimeter wave radar sensor developed at UC Davis can detect vibrations a thousand times smaller and movement a…

www.ucdavis.edu

Biometrics research could gain from open science approach to data management

Open science approaches to handling data could make biometrics research more efficient, reproducible and applicable to real-world conditions, the audience of the EAB’s latest online presentation heard.

The lunch talk on the “Desperate Need for Biometric and Identity-Related Data” was presented by Dr. Wojciech Wodo of the Wroclaw University of Science and Technology. Wodo conducts his research in collaboration with industry, in particular in payments and financial services, and he previously served as head of research and development for PayEye.

He began by introducing the concept of open science, in which methodology, sources, data, access, peer review and educational resources are all openly shared. More open data is needed in the field of biometrics and digital identity, according to Wodo. In part, this is because knowledge is dispersed, and much is held “somewhere in between domains, in between areas.”

This approach is also supported by European Commission grant programs to improve research quality, efficiency and flexibility. Repurposing previously-collected data can also speed up the pace of innovation, Wodo argues, and improve reproducibility.

Law enforcement and border control organizations have huge collections of biometric data at their disposal, and are working on sharing them, he points out, but they are not willing or able to share that wealth of data with the private sector.

Despite the prominence of platforms like GitHub and Launchpad, more open source software and datasets are needed among industry and academic researchers to speed up the pace of innovation.

The realism needed to establish ground truth in challenging research areas, such as how to effectively block biometric injection attacks, also requires the development of an open-source biometrics repository, Wodo says. Only this amount of data can enable the accurate simulation of the noise, similarity and ambiguity faced by researchers working on problems like presentation attack detection.

Wodo acknowledges that there are open biometric datasets, software and competitions in use today, and he points to the efforts of groups like OpenBR, as well as the EAB itself. However, he says, the maintenance of datasets and software presents a challenge to the research community.

If efforts to open up the science of biometrics were more coordinated than the independent initiatives seen so far, it would be easier to make them complete or sufficient to satisfy researchers’ needs.

General-purpose data repositories are cropping up in response to the demand for more open data, but they are not yet filled with the specific datasets that most biometrics researchers seek.

Wodo proposes the design and community endorsement of data principles based on findability, accessibility, interoperability and reusability, or FAIR. The FAIR principles could help automate searches for data, in addition to satisfying the conditions included in the acronym.

Emphasis on good data management practices is growing in the research community, Wodo says, but their implementation is still generally left to the owner of the data or the repository it is stored in.

Main News:

Amazon announces passkey rollout for biometric passwordless login

Following a quiet rollout last week, Amazon has now formally announced that it supports passkeys on browsers and the iOS Amazon Shopping App. Passkeys for Android users are coming soon, but the company did not provide a timeline for when this would be.

Passkeys allow individuals to use their face, fingerprint, or PIN to sign into apps and websites without passwords. Passkeys are also more secure as they are less susceptible to phishing attacks than passwords and one-time text message codes. Using a passkey also proves the user has their device and is able to unlock it.

To set up passkeys, users should go to their browser or iOS Amazon Shopping app with the passkey update. Then they can select “your account,” go into “login & security,” and then select “set up” next to the passkey options. They will be prompted to follow a set of instructions. Once added to their account, customers can sign in with passkeys using a PIN or biometrics.

Amazon joins Microsoft, X, Google, and countless other companies adding passkey capabilities to their apps in the recent months. While the addition of passkeys is a step toward fully passwordless accounts, at this time, most companies are still retaining passwords on accounts even after adding passkeys.

Research from the FIDO Alliance shows that consumers are tired of passwords and “are excited to embrace passkey sign-ins, which enable them to simply and securely access online services and stands to turn the tide against the ongoing plague of data breaches and identity theft,” says the alliance’s executive director and CMO Andrew Shikiar.
“Seeing Amazon roll out passkeys is evidence of its commitment to its customers’ time, experiences, and security across Amazon web and mobile shopping experiences.”

Civic introduces Proof of Personhood with FaceTec biometrics and liveness

On-chain digital ID service provider Civic announced Proof of Personhood for decentralized apps (or “dApps”) building on Solana to verify users’ identities, screen out AI, and protect their services from abuse.

Proof of Personhood establishes that an individual wallet belongs to a unique human. First, a wallet owner proves their personhood by taking a live video selfie. The owner will biometrically re-authenticate from time to time to prove that the wallet is not taken over by an AI agent or bot at a later point.

Proof of Personhood, as well as all Civic Passes, are soulbound tokens that are issued and added to a user’s wallet after their credentials have been verified. A description of Civic Passes on the company’s website clearly depicts the selfie biometrics and liveness detection process of FaceTec’s ZoOm. Civic partnered with Onfido to integrate face biometrics in 2019, and FaceTec is listed among its partners.

More than 62,000 unique individuals have already completed their Proof of Personhood checks across the Solana, Polygon, Ethereum, Arbitrum, Fantom and XDC platforms.

The Proof of Personhood feature was designed for organizations to suppress trading bots, stop Sybil attacks, and conduct secure decentralized autonomous organization voting. It can also be used to ensure online communities consist of actual humans.

Civic Passes can be managed on Civic.me, the provider’s identity management platform. Users can also add and link wallets to their digital identity using the platform.

dApps can manage user access to their services using preset or custom requirements through the platform. They can also issue, freeze, or revoke custom Civic Passes as well. The IAM provider’s product suite includes uniqueness assurance and age verifications.

Solana’s speed and low gas fees allow for Proof of Personhood to be established and managed on-chain.

“In a world where it’s increasingly challenging to understand who or what may be on the other side of a transaction or even a social media post, we believe that our take on solving the unique-human problem offers essential benefits for the ecosystem,” said Civic CEO Chris Hart. “It’s a win for both human users and dApps.”

Suprema updates BioStation for access control with edge fingerprint biometrics

Suprema is touting a new fingerprint recognition scanner that leverages deep learning algorithms for biometric access control.

The Suprema BioStation 2a is the latest in the South Korean biometrics provider’s line of scanners, terminals and other hardware for access control. A company release says the BioStation 2a’s AI-optimized neural processor allows it to employ deep learning to extract templates from low-quality fingerprints marred by noise or distortion, improving accuracy by 30 percent. Suprema says the AI engine is designed to be lightweight for edge deployment, and to make processing more efficient, with improved fingerprint recognition speed provided by a 1.5GHz Quad CPU, and support for both one-to-one and one-to-many matching. Credential options for the product include fingerprint, plus RFI and mobile access (BLE/NFC).

On top of its computing power and security, it is designed for flexibility in its environment, with an IP65 rating and operating temperature range from -20℃ to 60℃.

“This innovative solution represents the future of fingerprint recognition technology and empowers our customers to feel the power of AI within their fingers,” says Suprema Inc. CEO Hanchul Kim. “With BioStation 2a Suprema will enhance its position in the market as the global leader in AI-based biometric solutions setting new standards in the security industry.”

Suprema launched its BioStation 3 with face biometrics for access control a year ago.

Yubico joins EWC’s large-scale pilot for EU digital ID wallets ahead of eIDAS 2.0

Hardware security key firm Yubico is joining one of four large-scale pilots (LSPs) developing the underlying technology for the incoming EU Digital Identity (EUDI) framework for wallets, and has released a working demo.

In a blog post, Yubico’s Stina Ehrensvard says the company has been invited to join as an associate partner in the EU Digital Identity Wallet Consortium, or EWC, an LSP co-founded by agencies of the Swedish government including the Agency for Digital Government, to codify digital wallet frameworks in anticipation of the rollout of eIDAS 2.0 in 2025–26. The Finnish Ministry of Finance is also helping coordinate the project.

The goal of the EUDI wallet LSPs is to develop and demonstrate an architecture for digital wallets that gives the user comprehensive control over where and with whom their personal data is being shared while remaining compliant with the European Digital Identity Wallet Architecture and Reference Framework, independent of major smartphone and platform providers, secure, and user-friendly.

Yubico will support ECW’s specific use case of a wallet for which multiple entities require shared control.

“This is sometimes referred to as an ‘organizational wallet’ or a ‘legal person wallet’,” Ehrensvard writes. “The goal is to then develop more use cases across government and commercial services where users cannot or do not want to rely on a mobile platform.”

It will draw on research conducted in collaboration with Greek Universities Network, around adding FIDO-based authentication and encryption to the latter’s open source web-based ID wallet.

Yubico, which manufactures its FIDO security keys near its offices in Sweden and the U.S., says that FIDO security keys can play a crucial role in user authentication and securing identity wallets.

“A wallet’s contents can be encrypted and decrypted using cryptographic keys derived from secrets bound to the secure hardware of a FIDO security key,” Ehrensvard explains. “Additional security keys can be added to protect an individual’s wallet as a backup, or users sharing an organizational wallet can use their own FIDO security key to access that wallet.”

The long and short of it is that the secure external hardware key can load a digital wallet on a device as a web application independent of the mobile platform, with no other client application required.

“This means citizens are truly in control of their own identity, without any dependencies on app store politics or vendor locks,” Ehrensvard writes.

It also means less dependency on the tech giants of Silicon Valley — a stated desire of the European Commission, which has set 2026 as the deadline to enable all EU citizens with systemically interoperable EUDI wallets.

The first working demo of a web based EU digital identity wallet leveraging FIDO open…

The first working demo of a web based EU digital identity wallet leveraging FIDO open authentication standards

www.yubico.com

Metalenz captures facial signature with new Polar ID imaging system for face unlock

At Qualcomm Technologies’ annual Snapdragon Summit, Boston-based optical semiconductor firm Metalenz introduced Polar ID, a new consumer-grade biometric imaging system that can sense the full polarization state of light.

A press release announcing the launch describes something like a 3D facial heat map or ellipsometry, explaining that Polar ID uses meta-optic capability to capture the “polarization signature” of a human face, which includes biometric data such as facial contour details and human tissue liveness detection.

“With this additional layer of information, even the most sophisticated 3D masks and spoof instruments are immediately detected as non-human,” says the release.

Size is a key feature, with Polar ID aiming for lightweight, cost-effective face verification tech.

“Size, cost, and performance, those are the key metrics in the consumer industry”, says Rob Devlin, CEO of Metalenz. “Polar ID offers an advantage in all three. It is small enough to fit in the most challenging form factors, eliminating the need for a large notch in the display. It is substantially higher resolution than existing facial authentication solutions, so even if you’re wearing sunglasses and a surgical mask, the system still works.” As a result, the release says, “Polar ID has the efficiency, footprint, and price point to enable any Android smartphone Original Equipment Managers (OEM) to bring the convenience and security of face unlock to the 100s of millions of mobile devices that currently use fingerprint sensors.”

Pawel Latawiec, CTO of Metalenz, points out that Polar ID’s combination of the firm’s polarization image sensor with post-processing algorithms and sophisticated machine learning models allows for reliable and secure authentication of a phone’s registered user.

“Working closely with Qualcomm Technologies to implement our solution on their reference smartphone powered by Snapdragon 8 Gen 3,” he said, “we were able to leverage the advanced image signal processing capabilities of the Qualcomm Spectra ISP while also implementing mission critical aspects of our algorithms in the secure framework of the Qualcomm Hexagon NPU, to ensure that the solution is not only spoof-proof but also essentially unhackable.”

Per the release, Polar ID is under early evaluation with several top smartphone OEMs, and more evaluation kits will be made available early in the new year.

Mindtech’s Digital Humans 2.0 aims to mitigate bias in synthetic datasets

Mindtech, the developer of a synthetic data creation platform for training computer vision systems, has announced the launch of its Digital Humans 2.0 as part of its DataOps Platform.

Mindtech creates digital humans with varied digital DNA elements like age, physical size and features associated with ethnicity such as facial build and features. It uses the Monk skin tone scale to measure diversity in its skin variance.

Synthetic data like the avatars created by generative AI models is produced from an algorithm and is still subject to potential bias. The models may be trained on datasets of a lower visual quality or that have inherent biases that can affect performance.

“The ability to create diverse digital humans in precise and controlled ways is revolutionary for the creation of data sets,” said Mindtech VP of product Chris Longstaff. “Our platform, analyses and identifies bias in existing datasets, and allows data scientists to rapidly address diverse digital humans, improving AI model accuracy.”

Some potential use cases include in-cabin automotive testing, retail spaces like Just Walk Out stores, and identifying lost children in a shopping mall, the release states.

Fingerprint Cards strengthens partnership with Infineon to develop biometric authentication

Biometric sensor firm Fingerprint Cards is now a Premium Partner of semiconductor manufacturer Infineon Technologies, according to a release touting the two companies’ ongoing “collaboration, development and innovation in bringing biometric technologies for authentication into payments, broader IoT (Internet of Things) applications and beyond.”

“Deeper collaboration with Infineon and its partners will help us bring stronger, more convenient authentication to a broader range of applications to make our lives simpler, and safer,” says Michel Roig, President of Payment & Access at Fingerprint Cards. “We will focus on driving innovation in current and future production lines, including access control, payment cards and other applications within the high-security ecosystem.”

FPC, which as of last year has shipped more than 1.5 billion biometric sensors, joins other companies in the Infineon Partner Ecosystem, which connects specialized engineering companies that the release says must demonstrate “a proven availability designing solutions and services corresponding to the needs of the market and customer.”

“Biometrics can be a trusted link between the physical and digital worlds to help us unleash the full potential of digitization,” says Tolgahan Yildiz, VP of Trusted Mobile Connectivity & Transactions at Infineon Technologies AG. “Our partnership with Fingerprints will strengthen the collaboration and help ensure innovation and growth for trusted biometric solutions for years to come.