BT/ Apple biometrics developments: iris in VR headset; heart rate, blood oxygen in glass laptops

Paradigm

Follow

Published in

Paradigm

38 min readOct 24, 2022

--

Biometrics biweekly vol. 50, 10th October — 24th October

TL;DR

Apple’s upcoming mixed reality headset will contain iris recognition cameras and movement trackers that will enable easy login and payments for users of the hardware that is expected to debut in 2023
A new patent application covered by Patently Apple describes future laptops with glass surfaces
Apple patents deepfakes as researchers try to stay a step ahead of bad actors
Google has launched biometric passkeys to replace passwords with FIDO-based credentials on mobile devices running Android and Chrome
Microsoft, Amazon granted summary judgment in biometric data privacy lawsuits
Mastercard introduces a crypto trading platform with biometrics for banks. Moreover, Mastercard digital identity network plans detailed at Authenticate 2022
LG is developing a platform with voice biometrics to communicate with digital twins
NIST forensics body lauds Ideal Innovations’ voluntary face biometrics standards adoption
Instagram use of Yoti facial age verification spreads to India, Brazil
FaceCheck launches API to bring face biometrics web searches to developers
Fime updates the biometric card personalization testing tool
DIACC launches certified trustmark program for Canadian digital ID services
Thales continues biometric card R&D in France, approved by Mastercard for quantum security
Canadian digital identity council seeks feedback on infrastructure criteria
Intigriti pentest service supports certifications as biometrics providers approved
ITU-T to recommend OSIA specifications for national digital identity systems
New spec pushed to speed the evolution of biometric cards and mobile payments
Arana and Vaylia collaborate on turnkey biometric access security systems
Zwipe forms an aviation partnership to supply biometric cards for access control
Iris biometrics deployed by PayEye for retail payments, GalvanEyes for financial services
A distribution deal with payments provider to supply BioCatch behavioral biometrics in ANZ
AuthID combines cloud biometrics and FIDO2 for Human Factor Authentication
GBG introduces no-code biometric onboarding tool
FaceTec biometrics revenue nearly doubles YoY, the usage grows even more
Pricing plans for SMB biometric onboarding, and compliance services launched by ComplyCube
Local NHS unit contract for DBS checks with face biometrics and liveness detection opens
ID R&D claims first place in the global voice biometrics competition for ‘in the wild’ samples
Humanode’s public sale is here. Mainnet on November 15th
DoorBird acquisition expands Assa Abloy smart home portfolio as new standard published
SecuGen expands Hamster fingerprint biometrics scanner line with 3-in-1 device for ID cards
IronVest raises $23M for a decentralized biometric password manager
DoorBird acquisition expands Assa Abloy smart home portfolio as new standard published
India renews push for a national civil registry, Aadhaar enrollment for kids soon nationwide
Japan to integrate health insurance cards into My Number digital ID in digitization push
NADRA cracks down on suspect IDs, collects biometrics from relatives
Philippines distributes 16M biometric ID cards, downloadable version coming soon
Cameroon election agency wants huge ID card backlog cleared ahead of polls
ITU-T to recommend OSIA specifications for national digital identity systems
UAE governments support biometrics expansion for online services, age verification
EU Parliament meeting shows facial recognition still at the center of AI Act
San Francisco, Cancún now direct travelers through face biometrics checks
Yole report predicts an $11B consumer biometrics market by 2027 with a boost from new sensors
Privacy protection system for biometrics developed to better ICRC humanitarian aid
Researchers progress further on iris biometric liveness detection with multi-class networks. A three-class serial model for presentation attack detection to protect iris biometric systems shows benefits over the two-class approach that was proven effective in international competition
A team dominated by Microsoft scientists has published research indicating that anyone scraping the internet for faces with which to train facial recognition algorithms might be wasting their time and money
Sound method for measuring biometric bias important, tricky, and in progress
Biometric industry events. And more!

Biometrics Market

The Biometric system market size is projected to grow from USD 36.6 billion in 2020 to USD 68.6 billion by 2025; it is estimated to grow at a CAGR of 13.4% during the forecast period. Increasing use of biometrics in consumer electronic devices for authentication and identification purposes, the growing need for surveillance and security with the heightened threat of terrorist attacks, and the surging adoption of biometric technology in automotive applications are the major factors propelling the growth of the biometric system market.

Biometric Research & Development

Latest Research:

Researchers progress further on iris biometric liveness detection with multi-class networks

A three-class serial model for presentation attack detection to protect iris biometric systems shows benefits over the two-class approach that was proven effective in international competition.

A paper on ‘Iris Liveness Detection Using a Cascade of Dedicated Deep Learning Networks’ describes the technique that won the LivDet-Iris 2020 competition and extends it with three and four-class models. The paper was authored by Juan Tapia Farias, Sebastián González Sandoval, and Christoph Busch, and presented this week at the International Joint Conference on Biometrics (IJCB 2022) in Abu Dhabi.

The researchers built a large iris presentation attack dataset and focussed on detecting bona fide images. This contrasts with existing studies on iris PAD, which tend to address a specific attack vector.

The two-class model achieved BPCER10 (Bona Fide Classification Error Rate) of 0.99 percent, the three-class model returned 0.16 percent, and the four-class model scored 0.83 percent. For BPCER20, the values for the two- and four-class models rose above 3 percent, but the three-class model again returned 0.16 percent.

The research also revealed that input images 224 by 224 pixels are adequate to detect bona fide irises, but PAD results improve with 448 by 448-pixel images.

The report authors used aggressive data augmentation to train modified MobileNetV2 networks, and ran five experiments with networks fine-tuned or trained from scratch.

“When trained from scratch, our suggested networks allow us to complement the results of the LivDet-Iris 2020 competition by using more challenging PAI species,” the researchers conclude. “When using fine-tuning, model performance worsens in proportion to the number of layers from the network that were frozen. Nonetheless, results using fine-tuning are competitive with the literature.”

Iris Liveness Detection Using a Cascade of Dedicated Deep Learning Networks

Iris pattern recognition has significantly improved the biometric authentication field due to its high stability and…

ieeexplore.ieee.org

Mixing synthetic, real faces make biometric recognition pretty good

A team dominated by Microsoft scientists has published research indicating that anyone scraping the internet for faces with which to train facial recognition algorithms might be wasting their time and money.

The research, led by a scientist from the University of Cambridge, has not been peer-reviewed. In the paper, the team says a large-scale dataset of synthetic faces has produced an accuracy of 96.17 percent. That is still short of the 99.8 percent accuracy that others get using billions of facial images scraped from social media and other areas of the web.

Pairing a dataset of 500,000 to 1.22 million synthetic digital busts with groups of real images ranging from 200 to 2,000 (with 20 images for each identity) boosted their result to rough par with datasets holding myriad images, according to the paper.

The authors make the point that it is far easier to ethically request images from 2,000 people compared to doing the same with all the images currently harvested without consent by companies like Clearview AI.

The team says that images collected randomly and in unprecedented bulk come with not-so-hidden costs like bias and source quality deficiencies as well as label noise.

And, of course, that process has been called unethical at best by privacy advocates because all major Western social media prohibit face scraping of their subscribers’ accounts. It is a violation of their terms of service.

In an email exchange, Clearview CEO Hoan Ton-That says he is “impressed” with academic research using generated faces generally.

But “current research shows that the accuracy of the algorithms created from generated faces are lower compared to the current state of the art algorithms.”

Ton-That tipped his hat at combining generated with real images to improve performance and accuracy.

Sound method for measuring biometric bias important, tricky, and in progress

Important work on measuring biometric bias is waiting, once methods for measuring it are worked out, says Stephanie Schuckers, director of the Center of Identification Technology Research (CITeR) at Clarkson University as well as the FIDO Alliance’s standards development director.

Schuckers gave a presentation on ‘Bias in biometric recognition: Challenges and Opportunities’ at the Authenticate 2022 event last week.

She credits Joy Buolamwini’s 2018 Gender Shades study with drawing attention to the problem while indicting those in the media who have conflated gender classification with facial recognition.

Looking at a table from a recent NIST report that shows variabilities in false non-match rates among different demographics, Schuckers emphasized that “error rates vary strongly by algorithm,” quoting NIST.

Concerns about fairness and bias also vary, depending on the implementation.

Because FIDO is concerned with authentication, rather than identification, some concerns related to biometric bias are not central to the Alliance’s approach to password replacement. In verification scenarios, false negatives are what must be considered first, according to Schuckers, due to their impact on user experience. False positives are also important, as a security consideration, but should be a secondary consideration.

Bias should be considered at the levels of biometric capture, matching, and databases, Schuckers says.

She also played an educational video on biometric bias in access control, produced by CITeR and soon to be uploaded to its YouTube channel.

The presentation reviewed efforts to build standards around the problem, and the importance of considering system effectiveness along with equitability. That likely means setting thresholds for both overall biometric effectiveness and for low variability between different demographic groups.

The more groups are considered, the more likely a difference will be found, Schuckers says, which complicates work to measure true differentials. Some differences are likely, and some are outliers, and telling whether a differential is isolated or systematic is a classic statistics problem.

An ad hoc group was stood up at the event, after the agenda was published, to help advance the field towards an ISO standard, currently at the working draft stage.

Privacy protection system for biometrics developed to better ICRC humanitarian aid

The results of six scientific research projects carried out under an initiative dubbed Engineering for Humanitarian Action are expected to be useful to the International Committee of the Red Cross (ICRC) in its mission of providing better humanitarian assistance around the world, including aid distribution using biometrics.

One of the six is a system to use privately-held biometrics for aid distribution.

The projects, which are an initiative of the ICRC, the ETH Zurich and the EPFL (both public research universities in Switzerland), are meant to help the ICRC better plan and implement its humanitarian activities in intervention settings, such as during wars and conflicts, using technologies, according to the project result summary published by the ICRC.

Results of the projects already completed will among other things help the ICRT handle logistical issues in the provision of healthcare, protect refugees through biometrics, make its construction projects more sustainable, as well as create new digital infrastructure to protect against cyber-attacks.

Specifically, one of the projects was to develop a biometric system that protects personal information and is suitable for deployment in humanitarian settings as a way of easily verifying the identity of aid beneficiaries in emergency situations, while safeguarding their personal data.

Developers of the system say data privacy is enhanced thanks to two factors: a decentralized system in which users hold their data as tokens to reduce the chances of data leaks, as well as improved accountability from small-scale data collection.

“This work is critical to us because leaked data in the wrong hands can be used for harmful purposes and even put people’s lives in danger,” says ICRC project partner Vincent Graf Narbel.

In a recent article, a civil society researcher called on African governments to put in place safeguards against risks that come with the use of biometrics and digital ID in humanitarian settings.

Commenting on the new research, ICRC vice president Gilles Carbonnier says: “Fast advances in science and technology offer huge potential to unlock innovation for greater humanitarian impact. As we turn research findings into action, there is much more to come.”
“We are very much looking forward to seeing the real-world impact of the projects already completed or in progress, as well as new proposals. Our researchers are hugely motivated to contribute to a better world in these turbulent times,” says EPFL president Martin Vetterli.
His counterpart of ETH Zurich remarks: “The collaboration shows how digital technologies and scientific expertise support the ICRC in carrying out its important work and thus help people in need.”

Andreas Dracopoulos, co-president of the Stavros Niarchos Foundation, one of the donors to the research project, remarks that “bringing humanitarian action and science closer together, as this collaborative initiative will do, is how we ensure that technological development helps improve life for those that need it the most.”

The other research projects are intended to develop systems that can secure digital infrastructure, counter harmful information used against humanitarian organizations, ensure better medical care through efficient logistics, come up with AI systems to estimate population density in crisis areas, as well as ensure more sustainable construction in the humanitarian aid milieu such as the construction of healthcare facilities and other basic infrastructure.

Main News:

Apple biometrics developments: iris in VR headset; heartrate, blood oxygen in glass laptops

Rumor has it Apple’s upcoming mixed reality headset will contain iris recognition cameras and movement trackers that will enable easy login and payments for users (or sharers) of the hardware that could cost US$4,000 when it is expected to debut in 2023, reported The Information. In response, Patently Apple has published a roundup of all its coverage of Apple’s patents — biometric and otherwise — that have led up to this.

Patents and Rumors point to Apple's Future Headset eventually introducing Pop-In Prescription…

Over the years Patently Apple has posted 370 Apple patents covering all aspects of the technology being developed for…

www.patentlyapple.com

A miniature camera in a VR/AR headset, such as those developed by IriTech, could constantly track eye movement to both follow a user’s attention and make their avatar’s eye movements more accurate and could decode iris biometrics to verify the wearer’s identity for any use in the metaverse such as payments. Biometrics in the metaverse seems increasingly unavoidable.

Patently Apple has posted 370 Apple patents covering the firm’s activities on headsets and smartglasses, including iris biometrics, even via under-display sensors for the iPhone or via developments of the Touch Bar range.

Apple’s patents did not describe the use of iris biometrics for head-mounted display/device authorization, but Patently Apple notes that the biometric patents for iPhone and iMac did, “So it’s a not a leap to believe that Apple will use this in their future headset at some point in time.”

Glass-bodied laptops for biometric monitoring, palm ID

A new patent application covered by Patently Apple describes future laptops with glass surfaces that house not just Touch ID sensors, but larger arrays possibly for palm biometrics or to monitor other biometrics such as heart rate, body temperature and even blood oxygen levels.

Diagrams included in the patent filing for a ‘Device Having Integrated Interface System,’ application number 20220326777, show the sensors located in the palm rest area in front of the current location of keyboards on MacBooks.

The laptop designs would offer virtual keyboards or other control arrays depending on how the computer is being used. A magnetically attached physical keyboard could be attached. The glass top for the keyboard or interface part of the laptop may also allow for wireless charging through it.

Biometric device unlocking

People firmly ensconced in Apple’s walled orchard can use biometrics in one of their devices to unlock another device, describes Macworld.

With a few tweaks to settings, users can unlock an iPhone with an Apple Watch and vice versa, and unlock a Mac via an Apple Watch. Proximity (10 meters, 33 feet) and somewhat specific use cases are required.

How to use your Apple Watch, Mac, and iPhone to unlock each other

Apple made the iPhone the center of your digital life, turning into a sort of media, email, health, and security hub…

www.macworld.com

Apple patents deepfakes as researchers try to stay a step ahead of bad actors

Apple has been awarded a patent for making deepfakes, and the best the world can hope for out of this is Apple using it only as a way to bankrupt criminal synthetic media rings.

Two reasons: There is no more reason to trust Apple with deepfakes than any other company. And the world’s proposed defenses to malicious algorithms are either extremely short-term fixes or hopes.

Compare what Apple is likely to do with its patent (spotted by Patently Apple) to what bright minds are toying with to detect deepfake videos, particularly those used to defraud. The patent covers changing the expression and pose of a facial image.

Apple produces live-action and animated video content and owns display space on millions of palms and on a lot of wrists. It soon will own the space belted to people’s foreheads. Without a doubt, Apple will be digitizing faces for the metaverse, games, movies, and app avatars.

In other words, it will normalize the biggest threat to a collective reality since Facebook. Look how that is playing out. Again and again, information technologies deliver new dangers with each advance.

Then there is Gotcha, a system and practices proposed by well-meaning New York University researchers (working downstream from similar research at Ben-Gurion University) hoping to tame the deepfake threat.

Gotcha attacks real-time deepfake streaming algorithms by forcing the code to reveal itself.

There are many examples of how this might be done, and they can be found in an excellent look at the development by AI industry publisher Unite.AI. But arguably the best one is this: Two people get on a video call. Each pushes a finger into his or her cheek or makes an unusual face.

GOTCHA- A CAPTCHA System for Live Deepfakes - Unite.AI

New research from New York University adds to the growing indications that we may soon have to take the deepfake…

www.unite.ai

Because the training of a deepfake algorithm today is unlikely to include mimicking all gestures and expressions, it is going to display something screwy.

If this sounds like video Captcha, the best most-hated reality check on the internet, that is because it is.

In fairness to the NYU scientists, they admit that no one from a branch manager or village mayor on up would ever submit to making faces in front of a camera — even doing something benign like craning to look up or cover some of their face with a hand.

Passive methods of pushing models beyond their training include superimposing text, hiding portions of faces behind digital cutouts and overloading frames being processed.

The researchers say their method has shown it can push malicious software to the point that anyone looking at even a single frame would know they were looking at code and not a person.

The problem here is that comprehensive training of models — implanting most or all of the unexpected things a person could do in front of a camera — is probably coming sooner than anyone imagines.

Microsoft, Amazon granted summary judgement in biometric data privacy lawsuits

A Washington federal judge last Monday dismissed two putative class actions by Chicago residents Steven Vance and Tim Janecyk, accusing Microsoft and Amazon of violating Illinois’ Biometric Information Privacy Act (BIPA) by using IBM’s Diversity in Faces Dataset, which contains residents face biometrics, without their permission.

The renewed and granted motions for summary judgement from both companies, spotted by Law360, argue that under Illinois law, a statute does not apply outside the state unless it expressly provides to do so, and BIPA includes no provision of this kind.

Microsoft, Amazon Grab Early Wins In Face ID Privacy Suits - Law360

By Bonnie Eslinger (October 17, 2022, 8:33 PM EDT) -- A Washington federal judge on Monday tossed a pair of putative…

www.law360.com

Additionally, U.S. District Judge James L. Robart agreed that there was not sufficient evidence to support that Microsoft’s actions related to the BIPA claims occurred primarily in Illinois, confirming the tech giant’s claims that its relevant actions related to the photo data at issue took place in data centers in Washington and New York.

Vance and Janecyk also submitted an unjust enrichment claim against Microsoft, but Judge Robart ruled against it.

“Viewing the evidence in the light most favorable to plaintiffs, the court concludes plaintiffs have not met their burden to identify specific facts from which a jury could reasonably find that Microsoft unjustly retained a benefit to plaintiffs’ detriment,” the judge said in his Monday ruling.

As for Amazon, the company told the court it never used the data set to develop or improve any of its products or services so that it could not have been unjustly enriched by it.

“Even if the information in the [Diversity in Faces] Dataset constituted biometric information or identifiers (a contested fact), Amazon simply received no ‘benefit’ or ‘profit’ from it,” Amazon states.

On this basis, Judge Robart also granted the company’s summary judgement motion, along with a request from the company to have his order sealed.

The granted motions mean both defendants will avoid trials, and the lawsuits are likely to be dismissed.

The decisions could set a precedent making it difficult for Illinois’ residents to sue companies that do not have operations within Illinois under BIPA.

Google pushes passwordless authentication with biometric passkeys

Google announced last Wednesday that it is bringing biometric passkeys to Android and Chrome devices.

Writing on the Android developers’ website, Google says passkeys are significantly safer and more secure than passwords and other phishable authentication factors.

Bringing passkeys to Android & Chrome

Posted by Diego Zavala, Product Manager (Android), Christiaan Brand, Product Manager (Account Security), Ali Naddaf…

android-developers.googleblog.com

Google says the biometric data used for authentication never leaves the user’s device and that passkey protocols prevent information shared with sites from being used for tracking.

Moreover, passkeys can also replace a password and a second factor in a single step, making the user experience as simple as auto-filling a password form.

“For the end-user, creating a passkey requires just two steps,” Google writes, “confirm the passkey account information and present their fingerprint, face or screen lock when prompted.”

Users with a passkey can sign into their account and present their fingerprint, face, or screen lock using phone sensors instead of inserting a password.

Google says that Chrome on Android stores passkeys in the password manager app, which synchronizes passkeys between Android devices that are signed into the same Google account.

A passkey on a phone can also be used to sign on to a nearby device, Google explains.

“For example, an Android user can now sign into a passkey-enabled site using Safari on a Mac.”

Passkey support in Chrome means that a Chrome user, for instance, on Windows, can do the same using a passkey stored on their iOS device.

The company also confirmed that, since it uses industry standards, passkeys work across platforms and browsers, including Windows, macOS, iOS and ChromeOS.

Developers can enroll in Google’s Play Services beta and use Chrome Canary to start building apps enabling biometric passkeys. The features will be generally available on stable channels later this year.

“We have worked with others in the industry, including Apple and Microsoft, and members within the FIDO Alliance and the W3C to drive secure authentication standards for years. We have shipped support for W3C WebAuthn and FIDO standards since their inception,” Google writes. “Google remains committed to a world where users can choose where their passwords, and now passkeys, are stored.”

Mastercard introduces crypto trading platform with biometrics for banks

Mastercard has unveiled the availability of its new platform of crypto trading tools for financial institutions. Crypto Source, the new solution, will rely on partnerships with regulated and licensed crypto custody providers to furnish Mastercard’s financial institution (FI) partners with a suite of buy, hold and sell services for select crypto assets.

The payments provider confirmed in an announcement that Crypto Source would also support a series of identity, cyber, security and advisory services. Some services are powered by biometrics via Mastercard’s accompanying Crypto Secure technology, designed to deliver insights to improve the safety of crypto purchases and bring additional security to the digital ecosystem.

“What we are announcing today is a connected approach to services that will help bring users safely and securely into the crypto ecosystem,” explains Ajay Bhalla, Mastercard president of cyber and intelligence.
“Our recent investments in this space, such as the acquisition of CipherTrace and Ekata, are providing us with a unique set of capabilities to help provide our customers and consumers with the most technically advanced solutions available in the market.”

Additionally, Crypto Source will see the expansion of Mastercard’s partnership with blockchain infrastructure platform Paxos, which launched a pilot version of the biometrics-backed digital wallet app Novi with Facebook last year.

As a result of the new partnership, Mastercard will now integrate Paxos’s technology into banks’ interfaces to further improve the consumer experience.

“Mastercard has a powerful network of financial institutions around the world,” comments Walter Hessert, head of strategy at Paxos.
“This exciting offering developed by Paxos and Mastercard will give FIs the fastest and most trusted way to offer safe, reliable crypto access for their consumers globally. We’re thrilled to partner with Mastercard to further accelerate the mainstream adoption of digital assets.”

Crypto Source is currently undergoing preparations for various pilot programs. Mastercard says additional details on broader availability will be shared soon.

Beyond crypto, the financial giant is also working on several additional projects leveraging bleeding-edge technologies. Last month, Mastercard approved payment card maker Tag Systems to deploy biometric products using the Zwipe Pay platform.

Mastercard digital identity network plans detailed at Authenticate 2022

“My business is actually responsible for building a new network for Mastercard: the identity network,” Mastercard SVP of Digital Identity Sarah Clark said during a presentation at Authenticate 2022 that provided the clearest picture yet of the global enterprise’s ambitions.

The digital identity network will not just be for those with Mastercards, as the presentation on ‘Use of FIDO in a Reusable Digital Identity Network’ made clear.

From a normal consumer’s standpoint, Clark says, the network is “not directly related” to Mastercard’s payment network at all.

The network is focussed for now on those that already have proof of who they are in the form of a government-issued ID. This evidence is then checked and supplemented by other signals.

Mastercard plans for its digital IDs to be reusable for in-person interactions, online, through the phone and all other channels.

The network is already “fully” live in two markets, and “active” in seven around the world, according to Clark. The company was accredited to the Australian government’s TDIF earlier this year. Brazil is the other country Mastercard’s digital identity has launched in.

Opportunities around digital ID are many, Clark says, and largely driven by the poor user experience most interactions provide. They also include age verification. People are becoming more aware of cyber threats and fraud, and therefore interested in privacy-preserving digital identity.

That means, in Mastercard’s view, a decentralized system in which users own their own digital identity, store it on their mobile devices, and consent to share it with requesting parties.

Mastercard is also engaging with governments as they stand up digital identity projects, and consider public-private partnerships.

The reusable digital identity service is called ‘ID,’ presumably to make it difficult to find with an internet search engine.

‘ID’ is unlocked with a biometric, and passwords are not involved.

The network also includes “identity providers,” which provide the apps individuals manage and share their digital ID.

Mastercard turned to FIDO to provide standards that align with its user experience and trust priorities. FIDO benefits Mastercard ID with faster performance than proprietary biometric authentication systems, cost effective scalability, and the ability to add new biometric modalities with minimal development.

“We have plugged in FIDO via our Mastercard biometric authentication service,” Clark notes, which is a shared service within the organization.

Eventually, Mastercard plans to shift its authentication focus beyond face biometrics.

LG developing platform with voice biometrics to communicate with digital twins

LG Electronics has signed a memorandum of understanding with real-time 3D content tool maker Unity to develop a platform on which people can build metaverse homes and digital humans that communicate with their creators using voice biometrics.

LG’s angle in the proposed partnership would be that metaverse houses could be created as a ‘digital twin’ to closely mirror a player’s real home, including all LG goods.

LG product settings in the metaverse would be synchronized with settings of physical LG products.

The company says digital humans would be “ultra-lifelike,” featuring situationally appropriate facial expressions and gestures. They also would be able to offer digital support if the characters detected signs that a user needed assistance, according to the consumer products company.

Unity would bring its real-time 3D engine and graphics.

LG would supply its biometric voice recognition code, natural language processing and contextual learning algorithms as well as its “in-depth understanding of consumers and the home environment,” says LG Chief Technology Officer Kim Byoung-hoon.

Other companies working at the intersection of metaverse and biometrics include Liquid Avatar, Reltime and IriTech.

NIST forensics body lauds Ideal Innovations’ voluntary face biometrics standards adoption

The Face Center of Excellence (FaCE) operated by Ideal Innovations, Inc. has been acknowledged as a “Registry Implementer” by the Organization of Scientific Area Committees (OSAC) for Forensic Science due to its voluntary adoption of the group’s biometric Face Identification standards.

OSAC is America’s forensic science standards body, and is part of the National Institute of Standards and Technology (NIST).

I3 says that implementing the biometric standards is a natural step for I3 FaCE given the involvement of its leadership in OSAC. I3 FaCE is utilizing the OSAC Registry standards in different sections, from examinations to training.

“I3’s commitment to the Facial Identification discipline extends to creating, editing, and implementing the standards from OSAC into our daily practices. This standardization helps to improve consistency in our work and, therefore, reduces the possibility of errors,” stated Bob Kocher, CEO of Ideal Innovations, Inc.

The standards are also intended for implementation by laboratories.

“Forensic science experts at the Ideal Innovations Face Center of Excellence are providing leadership by implementing the latest technical forensic science standards listed on the OSAC Registry,” says OSAC Program Manager John Paul Jones. “Their experts are also providing a valuable service by participating as members of OSAC to help generate these standards and assess their technical merit. We are honored to work with the experts at the Face Center of Excellence and their peers from other forensic laboratories, as well as OSAC’s researchers, statisticians, and legal practitioners, on this important activity.”

I3 has more than 20 years of experience providing biometrics and forensic examination support services to the U.S. Government, foreign governments, and commercial organizations.

The company also recently won a $63 million contract for multi-modal biometrics collection from the U.S. Defense Department.

Instagram use of Yoti facial age verification spreads to India, Brazil

Instagram’s use of tests to attempt to verify age in certain cases, including the use of biometric facial analysis provided by British firm Yoti, has spread from the U.S. to additional countries including India and Brazil. But the recently-introduced “Social Vouching” approach has been removed as an age verification option “to make some improvements,” according to a statement.

Back in June, the initial Instagram pilot was introduced in the U.S. It applied — and presumably still does — to users who attempt to edit their date of birth to take them from being under the age of 18 to over 18. This would trigger the need to go undergo facial analysis via Yoti, having their ages confirmed by three adult contacts on the platform or uploading identity documents.

The latest update from Instagram removes that vouching mechanism without explaining why, other than to improve it. It also does not clarify what ages trigger the age verification in other countries or even what the countries are beyond India, Brazil and the U.S. The statement says that Instagram hopes to bring the service to the UK and European Union by the end of the year.

New Ways to Verify Your Age on Instagram | Instagram Blog

Update on October 13, 2022: Starting today, we're expanding this test to additional countries including India and…

about.instagram.com

Yoti has published a new set of FAQs on how its age estimation technology and service work as well as use cases where it is deployed.

Indian civil society members point out that it is rare in India for children to have access to their own devices for using the internet and ask parents to borrow theirs. The onus of consent has lain with parents.

A recent study by the UK telecoms regulator Ofcom found that 32 percent of British children from eight to 17 lie to create an adult account, and 47 percent of eight-to-fifteen-year-olds have user ages of 16 and over and parents help their children circumnavigate some restrictions.

FaceCheck launches API to bring face biometrics web searches to developers

Indonesia-based biometrics firm FaceCheck has launched an application programming interface (API) for reverse image facial recognition search.

According to a company announcement, FaceCheck’s algorithms can accurately identify faces from images and video, even when images are low-quality or contain visual obstructions like hats, beards, masks, or sunglasses.

The company also said that via the new API, developers will be able to integrate FaceCheck’s search-by-face capabilities into their applications, portals, and websites to provide businesses with several face biometric services.

These include the ability to search for people using photos on social media (via FaceCheck’s own database), news and video websites, and blogs, but also for law enforcement to identify criminals, registered offenders, and catfishing and fraudulent profiles.

The announcement of the FaceCheck API follows the launch of FaceCheck’s search-by-face official website, which enables users to test its services.

“The launch of our API marks a major milestone for FaceCheck. We can now offer our facial search technology to many developers,” comments FaceCheck Spokesperson, Lee Chong.

Called RESTful, the company’s API uses the OpenAPI specification, allowing programming languages such as Python, Java, Javascript, C#, C++, Swift, and all others to be used to run search-by-face queries.

As a result, the company says the API is easy to use, with minimal code required to get started and enables developers to create a free account and run facial search queries within minutes.

“It will enable developers to tap into our powerful facial recognition technology and use it to build innovative new applications in the open-source intelligence (OSINT) space,” Chong adds. “We believe this will open a new world of possibilities for how our facial recognition technology can be used.”

FaceCheck is charging developers in bitcoin for credits that can be used on API calls. Each search is pegged to US$0.30.

Fime updates biometric card personalization testing tool

Fime has updated its biometric card personalization validation (CPV) tool PersevalPro Issuer to meet the latest requirements defined by both international and domestic payment schemes.

According to the company website, the solution is designed to fully automate testing and help developers detect, understand and correct errors before submission to the payment networks for CPV.

Further, EMV (Europay, Mastercard and Visa) cards and mobile payment application testers can use PersevalPro to retrieve personalization data and tags and detect parameters that are not in line with scheme specifications. EMVCo published a new specification covering biometric payment cards earlier this month.

“Banks, card manufacturers and personalization bureaus must ensure that cards not only meet payment scheme requirements but also avoid personalization issues that impact user experience,” says Stéphanie El Rhomri, VP of services at Fime.

After the new update, PersevalPro Issuer can now provide developers with additional personalization, biometric, cryptographic and security features.

“PersevalPro Issuer goes beyond ensuring that your product meets the standards defined by the global and local payment schemes. Its Quality Control module helps to build confidence that it will perform as intended,” El Rhomri adds.

Specifically, the tool is now officially qualified against the latest test tool requirements from ATH, CUP, Discover, eftpos, GIE-CB, GIMAC, Interac, JCB, Mastercard, NETS, PayPal, RuPay, Troy and Visa.

“Our customers can leverage our 15 years of expertise and a worldwide team of experts to effectively use PersevalPro Issuer to improve Quality Assurance and streamline the compliance process,” El Rhomri concludes.

The update comes months after Fime worked with Secure Identity Alliance (SIA) to develop a digital infrastructure initiative to aid governments in choosing biometrics and other technologies for their digital identity initiatives.

DIACC launches certified trustmark program for Canadian digital ID services

Canadian digital identity framework compliance certification program the Voilà Verified Trustmark Program has reached its official launch by the Digital ID and Authentication Council of Canada (DIACC).

The program certifies digital identity service providers against the Pan-Canadian Trust Framework, and was developed by DIACC, which is a non-profit coalition consisting of more than 115 organizations from the public and private sectors. The PCTF defines the duties of care digital identity solutions take on for clients, customers and individuals. Voilà Verified is developed to align with ISO standards, according to the announcement.

PCTF-compliant vendors can be vetted and assessed through the Voilà Verified program to earn a public-facing trustmark.

“One size does not fit all when it comes to identity solutions — but ensuring a solution delivers upon a defined duty of care is critical,” says Joni Brennan, president of the DIACC. “With the PCTF, and now with Voilà Verified, there is an opportunity to adopt a framework rooted in trust — and to earn compliance recognition. Voilà Verified identifies those who are ‘walking the walk’ — those who are delivering safe and secure access to the global digital economy.”

DIACC sees Voilà Verified as an opportunity to boost provincial digital ID programs, indicating trust for identity services launched by provincial governments and providing a pool of trusted vendors that others can seek to launch their own systems.

“Going digital is a big step for governments — and now, with Voilà Verified, provincial leaders are empowered to do so with confidence by engaging solution vendors that will protect end-users first and foremost,” says DIACC Board Member and Province of New Brunswick Director of Digital Lab and Digital ID Programs, Public Services and Smart Government Colleen Boldon.

Entities assessing PCTF compliance for the Voilà Verified program are referred to as Accredited Assessors, Readiness Advisors, and Testing Laboratories. Privacy, security, and identity consulting firm Kuma is the first official Accredited Assessor and Readiness Advisor for the program, and according to the announcement is the first qualified assessor for the U.S., Canada and UK.

The decisions of assessors are subject to approval by the Voilà Verified Trustmark Oversight Board (TOB).

DIACC Board Chair Dave Nikolejsin says the launch of “Voilà Verified is a monumental stride for Canada to influence a safe and secure global digital economy.”

Thales continues biometric card R&D in France, approved by Mastercard for quantum security

Thales is developing biometric bank cards and working on eSIM technnologies at a French research facility in La Ciotat launched by Gemplus twenty years ago, the company tells La Provence. Gemplus then became Gemalto and was acquired by Thales.

The research center employs 600, among them engineers with advanced skills that focus on the development of biometric payment cards and other contactless mobile payment solutions.

The cybersecurity laboratory within La Ciotat’s design center is responsible, among other things, for improving the reliability of biometric bank cards.

According to La Provence, it was there that Thales developed the biometric technology that allows the payment of an invoice of more than 50 Euros during a contactless transaction using an imprint of a thumb or two fingers.

Further, the design center was also reportedly the cradle of the partnership between Handsome and Thales, which saw the creation of a voice payment card aimed at people with disabilities.

Finally, La Provence mentioned that the La Ciotat facility is being upgraded for 1 million euros (roughly US$985,000) as Thales develops software that works with an eSIM card to allow a person’s digital identity to be verified remotely through selfie biometrics.

The La Provence analysis comes weeks after Thales, in collaboration with Experian and Mitek, published a new survey indicating that deploying biometrics can help banks improve consumers’ trust.

Mastercard revealed the approval of the first cards that are compatible with the new EMVCo contactless specifications, a standard designed to describe technology capable of withstanding attacks from both traditional and quantum computers. The approved cards are developed by Giesecke+Devrient and Thales.

“Technology has the potential to open new opportunities for both consumers and fraudsters. That’s why future-proofing security is critical,” comments Ajay Bhalla, president of cyber and intelligence at Mastercard.

According to the executive, by bringing quantum-era technology to contactless payments, Mastercard is taking steps to future-proof transaction security and privacy protection.

“These new cards will deliver that greater peace of mind while also providing consumers and merchants a seamless transition from today’s contactless experience.”

Bhalla confirmed the new cards are designed to remain compatible with existing acceptance, network and issuer infrastructure.

Canadian digital identity council seeks feedback on infrastructure criteria

The Digital ID & Authentication Council of Canada is asking for comments on the conformance criteria for the technological and operational infrastructure that will allow digital identity to be used interoperably among public and private sector organizations. DIACC wants the criteria to be both clear and auditable.

The Infrastructure (Technology & Operations) component of the Pan-Canadian Trust Framework (PCTF) has been developed by DIACC’s Trust Framework Expert Committee, with a pair of documents approved as final recommendations.

The infrastructure component is supposed to identify the policies, plans, technology and requirements for its operation to support the realization of the Trust Framework’s principles in Canada’s digital identity ecosystem, according to the announcement.

The two documents comment is sought on are the ‘Component Overview Final Recommendation V1.1’ and the ‘Conformance Profile Final Recommendation V1.1.’

“Would you consider the Conformance Criteria as auditable or not?” DIACC asks. “That is, could you objectively evaluate if an organization was compliant with that criteria and what evidence would be used to justify that?”

The recommendations are expected to be updated based on public comments received.

Intigriti pentest service supports certifications as biometrics providers approved

Intigriti, a European crowdsourced security platform, has launched a Hybrid Pentesting service as part of its bug bounty program that can support certification to both the SOC2 and ISO/IEC 27001 standards, which many biometrics providers acquire to give their customers assurance of data protection.

Customers seeking certification that pass the Hybrid Pentests are provided with a letter of attestation that they can share with certification bodies to prove the security maturity of their products.

According to a blog post on the company’s website, the Penetration Testing as a Service (PTaas) solution combines the pay-for-impact approach of bug bounty programs with the dedicated resourcing strategy of classic penetration testing.

“Pentesting remains the gold standard for companies and authorities focused on security compliance,” says Pascal Schulz, hybrid pentest manager at Intigriti.

Intigriti continues to innovate security testing with a redefined penetration testing offering …

Intigriti, Europe's leading crowdsourced security platform, today announced a significant expansion of its bug bounty…

blog.intigriti.com

iProov gains data security and privacy certification

iProov has announced that it is now compliant with the SOC (System and Organization Controls) 2 Type II standard.

Subject to an annual accreditation process, SOC 2 assures service providers can securely manage non-financial data in the cloud to protect organizations’ interests and their users’ privacy.

Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 Type II certification is the most rigorous of the auditing procedures conducted by the Institute.

“Independently certified security, trust and inclusion are the hallmarks of iProov’s services,” comments iProov CEO Andrew Bud. “Every department and process must contribute to our high-security culture, supported by training and controls.”

The SOC 2 news comes months after iProov announced in August it received a certification for its biometric face verification technology with liveness detection to Level of Assurance High (LoA High) per the eIDAS (Electronic Identification, Authentication and Trust Services) regulation.

Adhering to SOC 2 new standards will enable iProov to further improve its security and privacy posture for customers.

“This certification assures our customers, partners and their users that we are continuously monitoring and implementing robust controls over our security, processing integrity and privacy practices,” Bud concludes.

Suprema renews ISO/IEC 27001 and 27701 certifications

Another biometric company announcing new credentials this week is Suprema ID, which renewed two international standard certifications concerning information security management (ISO/IEC 27001) and privacy information management (ISO/IEC 27701), respectively.

The firm first acquired the certifications in 2019 and has now renewed them again this year, according to their renewal cycles.

Since first acquiring compliance for the two certifications, Suprema has reportedly enhanced its security policy at an enterprise-wide level, applying GDPR compliance to the company’s BioStar 2 software, as well as access control hardware devices, website, and internal security regulations.

“Suprema is making continuous efforts to invest in information security and personal information protection at all stages from product design and development,” comments Suprema CEO Hanchul Kim.

ITU-T to recommend OSIA specifications for national digital identity systems

The Secure Identity Alliance has been qualified to provide normative references for digital identity that would be International Telecommunication Union’s Standardization Division (ITU-T) recommendations.

The qualification under Procedure A.5 of the ITU-T effectively allows the organization to officially recommend Open Standards Identity API (OSIA) specifications.

SIA notes in the announcement that OSIA is a digital public good which consists of open standard interfaces for seamless connections between the building blocks of a digital identity management ecosystem. OSIA implementations are agnostic of technologies, solutions architecture and vendors.

The reference organization qualification is the result of a rigorous assessment process carried out by ITU-T Study Group 17, its security standardization expert group. Qualification reflects SIA’s open membership and participation model, IPR (intellectual property rights) Policy, and change management process, in addition to the maturity of OSIA.

“Our mission is to unlock the full power of identity so that people, economy, and society thrive,” comments SIA Chairman Matt Cole. “In 2019 we launched the OSIA initiative to develop a framework of open standards for the interoperability of identity systems. The ITU-T qualification is a testament of the good work we have done over the last few years and represents a stepping stone in the continued collaboration with ITU-T SG-17.”

A new OSIA compliance program for digital identity technology vendors was launched at ID4Africa’s annual General Meeting this year.

New spec pushed to speed evolution of biometric cards and mobile payments

EMVCo, which writes and manages voluntary Europay-Mastercard–Visa specifications for secure and interoperable card-based payments systems worldwide, has published a draft spec for biometric and mobile verification systems.

The so-called Contactless Kernel Specification applies to point-of-sale and ATM terminals. Kernels are core software that set basic software functions.

EMVCo is owned by Mastercard, Visa, American Express, Discover, JCB and UnionPay. Certification to EMVCo standards is a requirement for payment cards using their networks, and the organization has been working on specifications related to biometric cards for over five years.

According to trade publication NFCW, there are more than 20 contactless kernel systems in use globally. EMVco’s release says the proposed specification aims to “simplify global acceptance for merchants, solution providers and payment systems,” by addressing “industry demand for an EMVCo contactless kernel that can be used by all stakeholders.”

EMVCo releases draft contactless kernel specification for payment acceptance devices

EMVCo has released a draft specification for the contactless kernels used in payment acceptance devices to process…

www.nfcw.com

It supports the development of kernels that use existing terminal infrastructure, is compatible with legacy kernels and can be licensed royalty-free.

The payments industry is collaborating to deliver a specification that supports marketplace needs and advances seamless and secure payments globally, says Alisa Ellis, executive committee chair for EMVCo.

EMVCo also collaborated with the FIDO Alliance on a white paper published in late-2020 which explained the use of biometrics in the 3-D Secure protocol for online payments.

Biometric payment cards increase security by adding fingerprint recognition to the mix — which has the potential to shift payment thresholds, as adoption of contactless technology continues to increase.