BT/ Apple files patents to enhance iris biometrics authenticator, let systems read lips

Biometrics biweekly vol. 70, 31st July — 14th August

TL;DR

• Apple has had three patent applications published that could enhance its biometric authenticator Optic ID feature and equip its devices to reads lips
• Google patents an under-display camera for its Pixel smartphone
• Fingerprint Cards locks in an exclusive deal with BenjiLock. Moreover, FPC supplies iris recognition software for driver monitoring systems
• ROC ai scores high marks with the fingerprint segmentation algorithm in the NIST evaluation
• Yoti and AVPA call for bias measurement in NIST age estimation assessments. On top of that, Yoti achieves accessibility standards for digital identity verification
• Worldcoin to make iris biometrics device design available to developers. Also, Kenya bans Worldcoin activities as citizens trade biometrics for tokens
• Eyecool fingerprint biometrics module certified to FBI PIV and FAP20 specs
• Token begins production of its biometric authentication ring
• Toyota has had a patent for using vital sign biometrics to unlock a vehicle published by the U.S. Patent and Trademark Organization
• IDNow, Veridas, Vouched, AuthenticID, SQR Group announce certifications
• BioWave software from Arana Security integrated with Suprema biometric terminal
• ComplyCube integrates ID document liveness detection to boost fraud protection
• India deploys fingerprint liveness detection to combat Aadhaar payment fraud
• Paravision improves facial recognition accuracy by 30% with Gen 6 suite launch
• eConnect and CasinoTrac integrate facial recognition to improve casino experiences
• California tests, Iowa launches digital IDs, while Michigan considers legislation
• Washington prepares to tender remote ID proofing upgrade for Login.gov
• UAE makes its single sign-on service at the front door for 6K private, and public services
• NXP Semiconductors explores chip-based biometric authentication with India’s UIDAI
• The Philippines ID system expands across government agencies and social benefit programs
• Biometric authentication accuracy bar rises, assurance levels evolve in NIST guidance
• Smart Engines upgrades document scanning for high accuracy in digital data formats
• Aware, Signzy, and iDenfy strike deals to deploy face biometrics for gambling compliance
• BioCatch says its anti-fraud app improves fraud detection by 1500%
• Digital identity becomes an option for most Singaporeans when they vote
• China has unveiled proposed regulations aimed at enhancing the oversight and responsible use of face recognition technology
• Nigeria signs MOU on biometric cards for payments in healthcare, agriculture
• Dominican bill would modernize national ID, aid electoral reform
• Pakistan expands project for biometric identification of unidentified bodies and patients
• Rwanda’s planned digital ID could both increase and decrease exclusion
• Papua New Guinea to tap India’s digital public infrastructure experience
• Details of Guyana’s biometric digital ID cards, Veridos $35.4M contract amount revealed
• Bermuda adds live facial recognition to CCTV network
• OnlyFans, online safety and hashing: How do they fit within the identity ecosystem?
• Biometric identification: How DNA provides best-in-class security
• Biometric industry events. And more!

Biometrics Market

The Biometric system market size is projected to grow from USD 36.6 billion in 2020 to USD 68.6 billion by 2025; it is estimated to grow at a CAGR of 13.4% during the forecast period. Increasing use of biometrics in consumer electronic devices for authentication and identification purposes, the growing need for surveillance and security with the heightened threat of terrorist attacks, and the surging adoption of biometric technology in automotive applications are the major factors propelling the growth of the biometric system market.

Biometric Research & Development

Latest Research:

Main News:

Apple files patents to enhance iris biometrics authenticator, let systems read lips

Apple has had three patent applications published that could enhance its biometric authenticator Optic ID feature and equip its devices to reads lips.

The first two patent filings could be used in its mixed-reality headset Vision Pro, according to trade publication Patently Apple.

Two Apple Vision Pro Patents Surface in Europe Detailing Optic ID, Apple's latest form of Biometric…

The first patent published describes a multi-camera biometric imaging system while the second one describes the “automatic selection of biometric based on the quality of an acquired image.” Both patents are designed for biometric authentication and eye tracking. The two patent documents were published by the European patent office last week.

The Vision Pro was revealed in June at the company’s annual developers’ conference. It uses the iris-identifying Optic ID, enabling owners to unlock the Vision Pro by putting it on. Eye tracking is performed by two infrared cameras and a ring of LEDs in the mask. The headset is expected to ship early next year for US$3,499.

Apple’s third patent filing was published by the U.S. patent office and describes how devices, and presumably its digital assistant Siri, could use motion sensors to detect a user’s mouth. The “Keyword Detection Using Motion Sensing” patent could save power as accelerometers and gyroscopes expend relatively little power compared to audio sensors such as microphones. The patent was unearthed last week by Apple Insider.

Apple is teaching Siri how to lip read

Google patents under-display camera for its Pixel smartphone

Google has filed a patent that describes a new under-display front-facing camera that could be used in its Pixel smartphone. The patent application describes how its devices can be equipped with an emissive display that transmits light into the camera sensors, allowing them to get rid of holes in the display.

Under-display cameras already exist in smartphones such as those made by Samsung and ZTE. Google’s version, however, is intended to maximize camera quality by introducing deliberate light-blocking elements and distortions. Google lays out how it can improve photo and video quality by using two parts of the display with different shapes and patterns to block or distort the light while it passes through the screen. The patent also mentions image correction algorithms that could be applied to images captured by camera sensors located under the light-emitting display.

Smartphone biometrics have largely bifurcated into under-display fingerprints and facial recognition delivered from hardware set apart from the display. A recent Apple patent application suggests a way to capture fingerprint, face and iris biometrics from under the display, and the Pixel 7, released in the second half of 2022, features face and fingerprint modalities, but the front-facing camera is held under a hole in the display.

Google’s patent application, filed at the European Patent Office, was unearthed by Forbes.

Google Details New iPhone-Beating 'Holy Grail' Technology For Pixel Smartphones

Fingerprint Cards locks in exclusive deal with BenjiLock

U.S.-based BenjiLock plans to incorporate Fingerprint Lock’s biometric sensor, software and algorithm into its access security solutions. The two companies hope the exclusive deal will provide them with licensing opportunities for products such as TSA-accepted biometric locks and equipment cases. In April, BenjiLock announced it will be providing its locks to instrument cases supplier TKL.

“We are excited to partner with BenjiLock and contribute our advanced sensors and software to its product portfolio,” says Michel Roig, Fingerprint Cards’ president of payment and access.

Following mixed financial results in the first half of the year, Fingerprint Cards has reorganized and is hoping to strike more deals with new business partners. In the second quarter of 2023, the Swedish biometrics firm recorded a gross profit of around US$2.64 million.

Earlier this year, during an interview with Biometric Update, Fingerprint Cards’ CEO Ted Hanson laid out the company’s plans for diversification, including its leap into mobile phone sensors. The firm recently signed an agreement with an undisclosed automotive supplier that plans to integrate Fingerprint Cards’ iris-scanning technology into driver monitoring systems (DMS).

In September, Fingerprint Cards will welcome a new President and CEO, former McAfee Chief Revenue Officer Adam Philpott, who will take over the helm from Hansson.

ROC.ai scores high mark with fingerprint segmentation algorithm in NIST evaluation

A tenprint fingerprint segmentation algorithm from Rank One Computing has topped the results of an evaluation by the U.S. National Institute of Standards and Technology for accurate segmentation of biometrics, and placed the company in the top 3 worldwide, according to an announcement.

The Slap Fingerprint Segmentation (SlapSeg) Evaluation performed on ROC.ai’s algorithm on July 5 showed 95.7 percent accuracy for detecting 8 fingers with three-inch identification flats. Seven other vendors have scored accuracy between 95.2 percent and 95.6 percent for the same task.

Fingerprint segmentation is a process in which an image of the friction ridge structure of a subject’s hand is separated into individual images of the tops of each finger. NIST’s evaluation also covers two-inch, five-inch and eight-inch scans

The result demonstrates ROC.ai’s status as a developer of advanced biometric software and leadership in the domestic market, the company says.

“We’re elated with the standout results we’ve achieved with this nascent capability,” says ROC.ai CEO Scott Swann. “The commendations we’ve received both domestically and internationally speak volumes about the precision and dependability of our fingerprint segmentation algorithm. It’s a tribute to our team’s incredible skill, commitment, and trailblazing ethos.”

The algorithm tested by NIST is the one provided in ROC SDK v2.5.0.

ROC.ai says it will enhance the SDK this year, along with its live video biometrics and analytics platform, ROC Watch.

Yoti and AVPA call for bias measurement in NIST age estimation assessments

The planned assessment of age estimation algorithms by the U.S. National Institute of Standards and Technology should note the distribution of errors, include different age targets, and include a measurement of bias, according to comments from industry stakeholders.

NIST received 49 comments, including from human rights organizations, age estimation providers like Paravision and Yoti, and leading industry group the Age Verification Providers Association (AVPA), in response to a call for feedback on a Face Recognition Vendor Test track in development.

In comments provided to Biometric Update, the AVPA urges NIST to consider releasing some of the data it holds for use in algorithm training, noting that “(a)ccess to training data is a huge barrier to entry in this field.” The organization also calls on NIST to consider the output of the euCONSENT trials of age interoperable age assurance as one of its 12 points of feedback.

Yoti and the AVPA are united in calling for ages other than the ones specified so far by NIST; 12, 18, 21 and 70. COPPA applies to children aged 13, and an amendment to extend it to 16 years of age is under consideration, the AVPA points out. Rights groups similarly noted the importance of age 18 as a boundary.

The industry stakeholders are also aligned in asking for measurements of differences for people with different skin color and gender.

Yoti’s feedback includes a request for more information on how error rates will be computed, and a recommendation to add a plot based on the ROC metric that shows the challenge age (legal age plus buffer), true pass rate and false pass rate in a single figure.

Yoti achieves accessibility standard for digital identity verification

London-based digital ID software company Yoti says its Identity Verification solution has achieved Web Content Accessibility Guidelines (WCAG) 2.2, an internationally recognized set of recommendations for improving web accessibility.

To achieve WCAG 2.2, Yoti had to meet two sets of criteria: Level A requirements, which prohibit elements that make the product inaccessible for people with disabilities to use, and Level AA requirements, which confirm products are usable and understandable for the majority of people with or without disabilities.

Yoti gives the example of changing the text used in instructions for people submitting selfie biometrics to make it more readable for people with a range of disabilities in a blog post.

Yoti has yet to reach the advanced Level AAA but said in a release it is determined to reach Level AA across the majority of its products, which aside from Identity Verification also include Age Verification and a Digital ID app.

Yoti Identity Verification achieves WCAG 2.2 Level AA for accessibility · Yoti

Worldcoin to make iris biometrics device design available to developers

Worldcoin, the company that aims to enroll the whole world in its World ID digital identity service, is exploring the decentralization of its proprietary biometric device that people use to scan their irises in exchange for some of its crypto tokens.

Open-sourcing the Orb will be a big focus for the company in the next 12 months, Worldcoin co-founder Alex Blania told digital assets industry outlet The Block.

“You need other entities to essentially take the design of the Orb, build their own implementations of the Orb, and operate it,” says Blania. The other entities “can be really everything from small manufacturing companies to tech giants.”

The Orb was developed by a team at Tools for Humanity, the parent of Worldcoin. The engineers tested facial recognition, palm vein recognition and other prototypes before settling on iris scanning as the only option that was suitable for the scale of the project, according to Blania.

Worldcoin executives, who have enrolled more than 2 million people, want to scan the irises of all 8 billion people on Earth to verify their personhood. Their proof-of-personhood protocol can be used anonymously to prove uniqueness and humanness. In exchange for enrollment, the company is giving subscribers Worldcoin cryptocurrency, which launched in July.

The company has around 250 Orb devices in cities around the world and plans to ramp up their availability, despite warnings from some about the dangers of counterfeit devices. In March, it partnered with Jabil, in the U.S. state of Florida, to increase Orb production in Germany.

Executives ultimately want to build a massive financial and identity community, allowing others to use its technology. It’s aiming at unbanked people globally and has pitched itself as a solution to universal basic income and even “global democratic processes.”

Worldcoin says will allow companies, governments to use its ID system

Blania describes Worldcoin as the “cypherpunk alternative” to KYC, adding that his World ID could be used to authenticate anonymously for many online services.

“One of our theses from the beginning really was that the internet needs a foundational kind of proof-of-human, proof-of-personhood layer,” he says, “We essentially don’t have another fundamental solution to the problem other than KYC government identities, and even those we don’t have in many countries around the world, right?”

But critics caution that many countries may not want or need Silicon Valley-made identity and payments infrastructure. Some are building their own centralized system, such as the India Stack, which includes the country’s biometric ID system Aadhaar, and an open-source money transfer back-end called the Universal Payments Interface.

Governments may also find it hard to integrate Worldcoin’s vision of blockchain identity with their national infrastructure, trade publication Rest of World reports. Other countries are already adopting the technology behind India’s UPI, with Japan the latest to express its interest.

Worldcoin has a problem

India has made exporting its digital public infrastructure, which includes UPI and the Aadhaar-enabled payment system (AePS), a priority of its foreign relations and G20 presidency.

Worldcoin is already seeing regulatory pushback in the United Kingdom, France, Germany and elsewhere. Wednesday, Kenya, which has its own digital ID scheme inspired by India Stack, announced it is suspending Worldcoin’s enrollments and cryptocurrency issuance while the government assesses its risk to the public. The company has paused registrations in Kenya.

Eyecool fingerprint biometrics module certified to FBI PIV and FAP20 specs

An optical fingerprint module from Beijing-based Eyecool Technology has been certified to the standard for biometric image quality set by the U.S. Federal Bureau of Investigations.

The ECO320 has passed FBI PIV (Personal Identity Verification) and FAP20 assessments. The module uses Eyecool’s proprietary dynamic fingerprint template fusion technology, which has won a major technology innovation award in China. During the certification test, the ECO320 maintained performance in environments with bright light and on dirty fingers, according to a company announcement. Eyecool says the module also provides clear fingerprint images with fast acquisition speed, accurate recognition performance, and tolerance of dry, wet and rough fingertips, making it appropriate for large-scale fingerprint collection and biometric authentication.

The specifications are used as a reference standard for public procurement in most countries, and often for enterprise contracts, the company notes.

Eyecool’s EC-FPD103 module and ECSM329 scanner have each previously been FBI PIV certified, and the ECO500 FAP60 livescan biometric capture device is certified to the Appendix F specification.

The company also sells an ABIS, and has deployed facial recognition systems for banks, educational institutions, and government agencies. An iris recognition algorithm submitted by Eyecool also sits 15th on the two-eye accuracy leaderboard of the U.S. National Institute of Standards and Technology’s IREX 10: Identification Track as of press time.

IREX 10: Identification Track

Token begins production of its biometric authentication ring

Biometric wearables creator Token has announced that it has begun production of its multifactor authentication Smart Ring.

The New York-based company said that almost 200 organizations have joined the wait list for the NFC-enabled ring, which is equipped with a fingerprint sensor. Launched in 2017, the smart ring is designed for secure contactless transactions at point-of-sale (POS) terminals. The rings, which will be produced in the US, can also be used for access control and passwordless login thanks to its compliance with FIDO2.

“Starting production is a major milestone for Token, reflecting the hard work and dedication of a very talented team, and marking a critical step toward stopping the cyberattacks that are devastating so many businesses,” says Token CEO, John Gunn. “We are seeing incredible demand from the market, with a significant portion of our first production run already committed.”

Token has secured $43 million in financing, including a $30 million funding round from Grand Oaks Capital in April of this year. The company says it has won six awards for its wearable.

Automotive biometrics developers show work with many modalities

A new technology partnership brings together SiLC’s Eyeonic computer vision sensor and the Surya system-on-chip (SoC) from automotive tech developed indie Semiconductor.

The integration will deliver high-performance computer vision in a compact form factor, the partners say. Performance is ten times higher, while the integration also reduces power usage and cost over existing implementations, according to the announcement.

SiLC’s sensor uses frequency-modulated continuous wave (FMCW) detection and light detection and ranging (LiDAR) to perform time-of-flight image processing functions, like face biometrics. Other possible markets include industrial automation, mobile robotics and automotive applications such as driver monitoring and self-driving.

“By combining the software-defined high-performance — but low power — analog and digital processing and system control capabilities of Surya, coupled with SiLC’s Eyeonic vision solution, system integrators and OEMs are enabled with 4D FMCW imaging for mass market deployment into multiple applications,” says Chet Babla, senior vice president, strategic marketing at indie Semiconductor.

“We are excited to partner with indie to bring industry-leading FMCW-based LiDAR platforms to market,” says Ralf Muenster, vice president, business development and marketing at SiLC. “Our state-of-the-art FMCW LiDAR sensor features the highest integration, resolution, precision, and longest range of any other competing approach, while remaining the only commercially available solution to offer polarization information.”

Fingerprint Cards has signed up a customer it calls a “tier 1 automotive supplier” to integrate its iris biometrics into driver monitoring systems (DMS).

Under the agreement, iris recognition software from Fingerprint Cards will be built into an existing DMS, according to a company announcement, and marketed to automotive OEMs. The unnamed partner will carry the non-recurring engineering fee for the project’s development.

Vehicles will be required to include driver monitoring systems by forthcoming regulations, according to Fingerprint Cards, and iris biometrics are appropriate for them as the infrared cameras used to check the driver’s status can also be used to illuminate the iris. Automotive companies are becoming more interested in the possibility of implementing biometrics for in-car payments and personalization, the company says.

“Over the past year, our technical team has managed to implement significant improvements to our iris authentication asset, both in terms of performance and convenience. This means that our system now performs well even with low-resolution infrared cameras in noisy environments, and with a significantly larger field of view than before. I am thrilled about the opportunities in the automotive space, as we anticipate a significant deployment of affordable infrared cameras in cars, driven by legal requirements,” comments Thomas Rex, executive vice president of new business at Fingerprint Cards.

Biometric access control for automobiles gets low marks in a review of the Genesis GV60 by Business Insider.

The GV60 locks and unlocks with face and fingerprint biometrics, and while reviewer Tim Levin found the feature worked well overall and was sometimes useful, it “wasn’t seamless enough” to convince him that other carmakers will follow Genesis’ lead. He describes fast and easy biometrics enrollment, particularly for face, but each authentication added a few seconds to the process of starting the car.

I drove a new Tesla rival that uses facial recognition and fingerprints instead of a key - but I…

Toyota has had a patent for using vital sign biometrics to unlock a vehicle published by the U.S. Patent and Trademark Organization.

The patent filing for “systems and methods for activating a digital key based on vital signs,” spotted by autoevolution, describes existing digital keys as vulnerable to biometric data theft or accidental unlocking, as digital keys on smartphones can be activated while the phone is locked. The car-maker proposes the use of vital signs like pulse rate, respiratory rate, and body temperature, possibly read by a health wearable, as biometrics.

As with any patent filing, there is no guarantee the concept ever makes it to the market. If it does, the sensitive health biometrics will have to be stored and transmitted with strong enough encryption to ensure both security and regulatory compliance.

The California Privacy Protection Agency is planning to review how automobile manufacturers handle the already-vast quantities of data hoovered up by vehicles as its first regulatory review, The Washington Post report.

Location and data, images from cameras, and information stored on or passing through mobile phones connected to cars could all represent privacy risks, if improperly handled, so the CPPA “is making enquiries” to make sure manufacturers comply with state law.

California privacy regulator's first case: Probing internet-connected cars

IDNow, Veridas, Vouched, AuthenticID, SQR Group announce certifications

As cybercrime and ID fraud rates continue to become more prevalent, IDnow and other digital ID companies including Vouched, AuthenticID, Veridas and SQR Group are demonstrating security through third-party certifications.

IDNow, Veridas, Vouched, AuthenticID, SQR Group announce certifications | Biometric Update

BioWave software from Arana Security integrated with Suprema biometric terminal

Arana Security has announced that its BioWave technology will be used in Suprema’s Biostation 3 terminal, according to a statement. The terminal features multiple contactless access methods, including facial recognition, mobile access, QR and barcode scanning, and RFID cards.

BioStation 3 | Suprema

Over 1 billion people are already using Suprema, which has been named one of the world’s top 50 security manufacturers. It has a sales network in over 140 countries and a top market share in biometric access control in the EMEA region.

The Biostation 3 terminal is 47 percent smaller than the FaceStation F2, Suprema’s previous bestselling terminal. It is compatible with any kind of door and can be used in both indoor and outdoor environments, as it has water resistance and the highest level of dust protection. It’s also won Detektor International’s Best Product 2022 award for ID and access control.

Arana’s BioWave technology is used within Biostation 3. It runs on cloud software for quick syncing with verification devices in multiple locations.

Those verification devices could include contactless biometrics scanners like the MorphoWave Compact, which was part of the initial integration of BioWave with Idemia scanners. Set-up and configuration of all biometric devices integrated with the BioWave software can be managed from a single portal.

The Biostation 3 features include 0.2-second pass-through authentication in high-traffic areas, dynamic face templates to increase matching performance across ethnicity and physical presentations, and protection against facial spoofing, the announcement says.

Ali Nasser, sales director of Arana Security, says, “we’re delighted that through our partnership with Suprema, our technology is going to be used within Biostation 3 on a global scale by millions of people daily.”

NXP Semiconductors explores chip-based biometric authentication with India’s UIDAI

In an interview with Times of India, Hitesh Garg, VP and country manager of NXP Semiconductors India, disclosed that NXP is currently engaged in preliminary discussions with the Indian government concerning a project linked to the Unique Identification Authority of India (UIDAI) authentication. The project under consideration aims to develop a chip-based UIDAI authentication system incorporating biometric data.

Dutch chipmaker proposes biometric UIDAI project | Ahmedabad News - Times of India

Garg revealed that NXP has already successfully implemented a biometric authentication system for electronic passports in India, Bangladesh, and Europe, which he believes could also be adapted for the UIDAI project. Peru is also issuing digital ID cards that support biometric authentication with NXP chips.

Furthermore, Garg expressed NXP Semiconductors’ commitment to becoming a technology partner in various upcoming Indian chip-manufacturing initiatives.

“Our research and development workforce globally stands at 12,000 people, with 35 percent of this talent based in India. We remain open to investing in Gujarat and collaborating with the local ecosystem when the right opportunity arises,” he states.

The potential implementation of a chip-based biometric authentication solution could significantly enhance the security and efficiency of UIDAI services, reinforcing the Indian government’s efforts to ensure secure digital identification for its citizens.

Biometric authentication accuracy bar rises, assurance levels evolve in NIST guidance

Biometrics performance requirements have been upgraded and identity assurance levels revised in the latest draft update to the U.S. National Institute of Standards and Technology’s Digital Identity Guidelines. NIST reviewed the changes so far, the numerous comments submitted about them, and possible further revisions in a recent webinar.

The changes to biometrics guidelines include a more stringent accuracy requirement for authentication to align with other standards advanced since the previous version was finalized in 2017.

The Base Volume for the 800–63 guideline introduces concepts and defines roles and responsibilities for digital identity proofing, enrollment, authentication and federation. It provides risk assessment methodology and sets assurance levels.

The key changes proposed by NIST include a revamp to the risk management approach to make it more process-oriented, and an amended process for assurance level selection, which also now includes tailoring, Connie LaSalle, senior technology policy advisor at NIST’s Information Technology Lab explains.

The update to the model supports additional deployment options, specifically including federation, adds a section on continuous system evaluation and improvement, and emphasizes a multi-disciplinary approach to risk assessment and management. Considerations for risk assessments for particular individuals and communities are also included.

In the new digital identity model, NIST refers to the “subject” of revision 3 as the “holder” of an ID, to better align with current industry terminology. The “credential service provider” becomes the “issuer,” and “relying parties” are “verifiers,” which include those doing the verifying and those who use the verified information.

NIST is also planning further consultations to provide guidance on equity within the Base Volume, and risk scoring metrics may be introduced.

LaSalle also noted that some of the feedback was contradictory, with for example organizations asking for decision trees to be reintroduced while others thank the agency for removing them.

The title for the NIST SP 800–63A guidelines is changing, with “Identity Proofing” and “Enrollment” switching places, says Ryan Galluzzo, identity program lead for NIST’s Applied Cybersecurity Division. That change is just the tip of the iceberg.

The concept of digital evidence has been introduced, and more clarity on that concept is coming, Galluzzo says. The trusted referee system has been mandated at the system level, and generally updated. A component identity proofing service can provide it, but the system must have a trusted referee, per NIST guidelines.

New biometric requirements for ID proofing have been added. They are specific to the identity proofing context, as opposed to those in volume B. Performance, testing, consent and privacy requirements for facial recognition have been integrated into the guidance.

Identity Assurance Level 1 has been overhauled, from “don’t do identity proofing” in Galluzzo’s words, to “a pretty robust set of controls.” IAL1 is still considered too high-friction by most submitting comments, and NIST is considering further adjustments.

He also reviewed the introduction of “Applicant References” who can vouch for others, and Galluzzo noted a variety of feedback, both positive and seeking more detail. Many commenters requested greater clarity for the main roles in identity proofing, including Applicant References but also Proofing Agents, Trusted Referees and Process Assistants. NIST is working on delineating the boundaries of each. Equity impact assessments and evaluations are also being added to volume A.

The structure of requirements has been updated for greater consistency by popular request, with assurance levels mapped against in-person attended, in-person unattended, remote attended and remote unattended methods.

Additional fraud checks are being considered, including transaction analytics and consortium data.

Some feedback suggested that NIST should define a baseline of core attributes, but in recognition of the specific needs of different businesses and applications and a desire to avoid mandating over-collection of personal information, it will stick to examples.

NIST is also still considering alternative non-biometric options for identity proofing.

Volume B is the closest to a final version release, and Andy Regenscheid, PIV technical lead for NIST’s Computer Security Division says it has less major conceptual changes than the others.

Phishing resistance is defined, as a restriction on cloning cryptographic authenticators out to organizations that can synch keys, and ineffective techniques around passwords, like expirations and complexity requirements, have been removed. Questions during this segment of the event touched on how to think of passkeys in the context of NIST’s guidelines.

Biometric performance requirements have been revised, with mandated false match rates strengthened from 1 in 1,000 to 1 in 10,000. This reflects improvements in the technology, and also better aligns with other standards, like those of the FIDO Alliance’s Biometric Certification Program.

Push authentication requirements have evolved, but SMS remains in the guidance as a multifactor authentication tool.

David Temoshok, who leads NIST’s SP 800–63 work from within the Applied Cybersecurity Division, reviewed the changes to volume C. Like the identity assurance levels, federation assurance levels 1, 2 and 3 have been updated to make them clearer and “more achievable,” and to include protection against injection attacks. Trust frameworks have been built into the guidance, and the responsibilities of different parties in trust agreements defined. Provisioning and identity APIs are considered in the revision, and the concept of federated relying party accounts and controls is now included. This volume will also include a section dedicated to new identity credentials, like the W3C’s verifiable credentials and mobile driver’s licenses, in response to submitted comments.

The public event was followed by a government-only meeting, and the finalized new versions are slated for publication next year.

Smart Engines upgrades document scanning for high accuracy in digital data formats

An upgraded version of Smart Engines’ artificial intelligence-based solutions for scanning ID cards, driver’s licenses, passports, credit cards, barcodes, accounting documents, and KYC questionnaires has been released.

The company’s three product lines are Smart ID Engine, Smart Code Engine and the Smart Document Engine SDKs, and the update now allows its technology to accurately recognize data from 2,511 ID document types and 3,907 templates from 230 ID issuing authorities.

According to an announcement, the Smart ID Engine upgrade comes with a reduced error rate of up to 23 percent for machine-readable zone recognition.

The company says that the upgrade to the Smart ID Engine SDK includes the addition of a passport RFID chip presence information feature to enable those scanning passports to quickly identify if a passport contains a biometric chip or not.

It also includes 27 new features which were not supported in the previous version of the solution, which now makes it possible to scan other ID documents such as the Central African Republic ID card, the voter’s cards of Bhutan and Mozambique as well as the firearm and residence permits of North Dakota and Vanuatu respectively.

Following the upgrade, the French ID card can now also be read with an error reduction rate of 5 percent, while the data matrix code on the back side of the new version of the ID can be read with an error reduction rate of 35 percent.

Smart Engines further discloses that 45 new ID documents subtypes have been added, including documents from Australia, China, Republic of Korea, Finland, and the United States, among others.

Meanwhile, the upgrade to the Smart Document Engine solution has seen the full-text recognition speed increase by five percent.

Eco-friendly Form and Document Scanner - Smart Engines

These Weeks’ News by Categories

Access Control:

• US cyber safety board wants feds more involved in eliminating passwords
• Passkeys, biometrics deployed for passwordless logins to WhatsApp and more
• Vsblty, Oloid and Zwipe bring biometrics to workplace access control
• Digital ID security startup focused on cloud transactions pulls in $12M
• SecureAuth behavioral biometrics, passwordless authentication built into Citrix platform
• Hypr launches adaptive protection authentication product
• Israel issues draft guidelines on biometric data collection in the workplace
• BioWave software from Arana Security integrated with Suprema biometric terminal
• 1Password, Microsoft move to biometric authentication

Consumer Electronics:

• Apple files patents to enhance iris biometrics authenticator, let systems read lips
• Fingerprint Cards locks in an exclusive deal with BenjiLock
• Google patents under-display camera for its Pixel smartphone
• Automotive biometrics developers show work with many modalities
• TikTok’s owner broke fed, state privacy laws with consumer video tool, lawsuit alleges
• Grace period but no extension for linking SIMs to digital ID in Philippines

Mobile Biometrics:

• Aware, Signzy and iDenfy strike deals to deploy face biometrics for gambling compliance
• Selfie biometrics and KYC checks further expand beyond banking
• Biometrics’ increasing power and accuracy on full display across several sectors
• UAE makes its single sign-on service the front door for 6K private, public services
• Persona biometrics for random spot checks in UK scooter-service trial
• TikTok’s owner broke fed, state privacy laws with consumer video tool, lawsuit alleges
• CBP One app faces lawsuit from rights organizations

Financial Services:

• Accessible face biometrics can boost financial inclusion, iProov argues
• Credas updates AML platform for more customization, complex process orchestration
• Wells Fargo accused of scam involving racketeering, synthetic identity fraud
• EMVCo sets MFA security guidelines with encouragement and cautions for biometrics use
• Nigeria signs MOU on biometric cards for payments in healthcare, agriculture
• Worldcoin biometric enrollment frenzy sparks raid, concerns
• India supports AfDB’s digital financial inclusion drive in Africa with $2M
• BioCatch says its anti-fraud app improves fraud detection by 1500%
• Kenya bans Worldcoin activities as citizens trade biometrics for tokens
• Russia bans foreign online ID verification systems
• Lawmakers in Egypt and US addressing AML and KYC
• Liminal sees opportunities in financial services onboarding landscape

Civil / National ID:

• Japan trying to get it right with national digital ID, public losing faith
• Biometrics enrollment partners of Nigeria’s digital ID project claim payment backlog
• Arizona nonprofit, DoT work to provide homeless with state IDs
• Digital ID would streamline Kenya’s tax collection if policy priorities are defined
• Dominican bill would modernize national ID, aid electoral reform
• Pakistan expands project for biometric identification of unidentified bodies and patients
• The India Stack infrastructure roadshow stops in Trinidad and Tobago
• Kenyan lawmakers seek probe into flopped Huduma Namba digital ID project
• Feitian integrates Elyctis digital ID readers into biometric authentication terminals
• Rwanda’s planned digital ID could both increase and decrease exclusion
• Digital identity becomes option for most Singaporeans when they vote
• India advances Sri Lanka digital ID project $5.4M
• Mobile driver’s license adoption represents win for TSA
• UAE makes its single sign-on service the front door for 6K private, public services
• Philippines ID system expands across government agencies and social benefit programs
• Details of Guyana’s biometric digital ID cards, Veridos $35.4M contract amount revealed
• A tale of two MOSIP implementations: Philippines and Morocco
• Myanmar’s biometric data collection sparks rights violation fears
• California tests, Iowa launches digital IDs, while Michigan considers legislation
• Hills and valleys for global ID registration and digital transformation
• Rwanda seeks a contractor to digitize civil registration archiving system
• NXP Semiconductors explores chip-based biometric authentication with India’s UIDAI
• Still dealing with leak fallout, NADRA officials resist investigations
• Kenya targets Feb. 2024 for new digital ID rollout, sign-up optional
• Papua New Guinea to tap India’s digital public infrastructure experience
• Identity accessibility among barriers to financial inclusion for Nigeria’s rural women
• Cyberattack on Kenya’s digital infrastructure continues
• Smart Engines upgrades document scanning for high accuracy in digital data formats
• Biometrics integrations look to the future of account access, money, and digital ID

Government Services & Elections:

• US cyber safety board wants feds more involved in eliminating passwords
• Australia moves responsibility for federal biometrics to Attorney General’s Department
• Washington prepares to tender remote ID proofing upgrade for Login.gov
• Sterling and ID.me launch virtual US employment eligibility document review service
• Details of Guyana’s biometric digital ID cards, Veridos $35.4M contract amount revealed
• Rwanda seeks contractor to digitize civil registration archiving system
• General Dynamics lands $320M in visa service orders featuring biometric enrollment
• Nigeria’s INEC to deploy 11K biometric voter devices for November governorship polls
• Digital identity becomes option for most Singaporeans when they vote
• Biometric system good enough for Liberia voter registration, not voting yet — govt
• Group urges Nigerian govt to review ID requirements for voter verification
• Philippines urged to consider biometric voter authentication during 2025 polls

Facial Recognition:

• eConnect and CasinoTrac integrate facial recognition to improve casino experiences
• Aware, Signzy and iDenfy strike deals to deploy face biometrics for gambling compliance
• Detroit police change facial recognition procedure as falsely accused woman sues
• Vsblty, Oloid and Zwipe bring biometrics to workplace access control
• Google patents under-display camera for its Pixel smartphone
• Support for biometrics soft in New York schools
• Australia moves responsibility for federal biometrics to Attorney General’s Department
• China regulator floats curbs for face biometrics use, data storage
• US Homeland Security is using Clearview AI to crack pedophile cold cases
• Governments, vendors less skittish about promoting facial recognition sales
• Missing persons NGO alliance kicks off global facial recognition initiative
• Black woman matched by facial recognition alleges police misconduct in lawsuit
• Selfie biometrics and KYC checks further expand beyond banking
• Biometrics’ increasing power and accuracy on full display across several sectors
• US ambulance company adopts face biometrics for patient identification
• Paravision improves facial recognition accuracy by 30% with Gen 6 suite launch
• Face biometrics planned for Jamaica airport, may replace passport checks in Singapore
• Bermuda adds live facial recognition to CCTV network
• Vsblty pushes live facial recognition capability of retail analytics portfolio

Fingerprint Recognition:

• ROC.ai scores high mark with fingerprint segmentation algorithm in NIST evaluation
• Sentry merges with X-Core to combines biometric smart card, manufacturing capabilities
• Vsblty, Oloid and Zwipe bring biometrics to workplace access control
• Pakistan expands project for biometric identification of unidentified bodies and patients
• Fingerprint Cards locks in exclusive deal with BenjiLock
• Eyecool fingerprint biometrics module certified to FBI PIV and FAP20 specs
• India deploys fingerprint liveness detection to combat Aadhaar payment fraud

Iris / Eye Recognition:

• Worldcoin biometric enrollment frenzy sparks raid, concerns
• Kenya bans Worldcoin activities as citizens trade biometrics for tokens
• Macau tests iris recognition at border crossings
• Multiple regulators turn gaze to Worldcoin’s iris collection

Liveness Detection:

• Accessible face biometrics can boost financial inclusion, iProov argues
• Unleashing the power of liveness detection: A game-changer in the battle against deepfakes
• ComplyCube integrates ID document liveness detection to boost fraud protection
• India deploys fingerprint liveness detection to combat Aadhaar payment fraud
• BioID liveness detection to be used in Bavarian social robot study
• ID authentication vendor seeing fewer financial fraud attempts in Africa

Behavioral Biometrics:

• SecureAuth behavioral biometrics, passwordless authentication built into Citrix platform
• BioCatch says its anti-fraud app improves fraud detection by 1500%

Biometrics Industry Events

Cyber DSA 2023: Aug 15, 2023 — Aug 17, 2023

BIOSIG 2023–22nd international conference of the biometrics special interest group: Sep 20, 2023 — Sep 22, 2023

AI and Big Data Expo Europe: Sep 26, 2023 — Sep 27, 2023

TRUSTECH: Nov 28, 2023 — Nov 30, 2023

AI and Big Data Expo Global: Nov 30, 2023 — Dec 1, 2023

Egypt Defence Expo — EDEX: Dec 4, 2023 — Dec 7, 2023

MISC

• OnlyFans, online safety and hashing: How do they fit within the identity ecosystem?
• Biometric identification: How DNA provides best-in-class security

Read ‘Biometrics biweekly’ on Paradigm Platform.

Subscribe to Paradigm!

Medium, Twitter, Telegram, Telegram Chat, LinkedIn, and Reddit.

Main sources

Research articles

Biometric Update

Science Daily

Identity Week

Find Biometrics