BT/ Chrome Password Manager now supports face, fingerprint biometric security

Paradigm

Follow

Published in

Paradigm

24 min readFeb 13, 2023

--

Biometrics biweekly vol. 57, 30th January — 13th February

TL;DR

Google has announced several new security features to the Chrome browser, including one to enable users to leverage a computer’s connected or integrated biometric authentication devices to access credentials stored on Chrome’s Password Manager
FaceTec triples scope and payout in Spoof Bounty to thwart biometric liveness attacks. FaceTec quarterly revenue up 106% y-o-y to close 2022
iBeta examines the impact of PAD standard updates for biometrics developers and labs
Mantra unveils new optical FAP30 fingerprint scanner with liveness detection
Neurotechnology upgrades biometric PAD features to expand compatibility
Oz Forensics pitches liveness detection to the channel with a reseller program launch
Yoti integrates selfie verification checks into the electronic signature process
Patent awarded to ID R&D for securing voice interactions with biometrics and liveness
Tech5 and uqudo develop biometric remote voter verification system for Oman election
Biometric liveness detection from OCR Labs shows no bias in BixeLab testing
Worldcoin shares details of open-source, iris biometrics-scanning ‘Orb’
Precise integrates biometric access control with Genetec to tackle the US market
1Password expands support for biometrics with passkeys addition
India approves Alcatraz AI access control biometrics for entry into a growing market
Aratek rolls out ‘TruFace’ biometric access control system
Identity verification customer wins unveiled by Shufti Pro, Jumio, Yoti, Trustmatic
Fintechs sign up for biometric customer onboarding from Ondato, Onfido, ID-Pal
The new biometric identity verification platform from Trulioo promises easier compliance
Sumsub says digital ID can speed up onboarding in emerging markets
TrinamiX under-display face biometrics to debut at MWC
BixeLab launches online training courses for biometrics professionals
Aratek rolls out ‘TruFace’ biometric access control system
Identomat passes the level 2 biometric PAD compliance test from iBeta
Adera’s face biometrics rises through the ranks in NIST visa border testing
CardLab licenses biometric access card technology to Italian cybersecurity startup
Regula ID document template database grows as Innovatrics, ID R&D pitch strengths
Kenya to clear a backlog of biometric passports, new ‘smart and digital ID’ system coming
Italian postal service launches project to ease issuance of digital ID, other services
Thailand approves mobile digital ID for domestic air travel
Rank One biometric algorithms integrated with MOSIP foundational digital ID platform
Colombian civil registry adopting face biometric authentication for remote processes
Next for Nigeria’s NIN: location tracking and smart cities
Sprawling US intel project to improve long-distance biometrics on a college campus
Rapid digital identity certifications in the UK indicate pent-up demand: DCMS
EU Digital Identity Wallet pilots pull in big names, but questions emerge
Thales, Idemia, Veridos reportedly jostle for mega biometric ID card contract in DR Congo
Philippines ramps up PhilID issuance efforts as over 50M physical, and digital cards issued
French Senators okay AI surveillance bill excluding facial recognition for 2024 Olympics
Biometric industry events. And more!

Biometrics Market

The Biometric system market size is projected to grow from USD 36.6 billion in 2020 to USD 68.6 billion by 2025; it is estimated to grow at a CAGR of 13.4% during the forecast period. Increasing use of biometrics in consumer electronic devices for authentication and identification purposes, the growing need for surveillance and security with the heightened threat of terrorist attacks, and the surging adoption of biometric technology in automotive applications are the major factors propelling the growth of the biometric system market.

Biometric Research & Development

Latest Research:

Main News:

Chrome Password Manager now supports face, fingerprint biometric security

Google has announced several new security features to the Chrome browser, including one to enable users to leverage a computer’s connected or integrated biometric authentication devices to access credentials stored on Chrome’s Password Manager.

“Google Password Manager is built into Chrome and Android to help you securely create, remember and autofill passwords on your computer or phone,” the company wrote in a blog post this week.

Creating a safer internet for everyone

Including more privacy protections and new tools to keep families safe online Every day, we work hard to keep you safe…

blog.google

“Now, for supported computers, we’re adding the option to use biometric authentication (to verify it’s you) before filling [in] your saved password.”

Google also confirmed that the capability could be used to reveal, copy or edit passwords saved via the Google Password Manager in both Chrome and Android (without typing in a computer password).

Further, the tech giant writes that it will soon add a new layer of biometric security to the Google app for iOS devices.

“You’ll be able to set up Face ID to protect the privacy of your Google app so that if someone has your device, they won’t be able to open it and gain access to your data,” reads the blog post.

Both biometric features are not widely available yet, but Google confirmed they will be rolled out to all supported devices in the “coming weeks.”

Additional features unveiled in the blog post include virtual card numbers, an expanded SafeSearch setting, a new partnership with the National Parent Teacher Association (PTA), and a new YouTube Kids Playlist.

The novel capabilities come months after Google announced biometric passkeys support for Android and Chrome devices.

FaceTec triples scope and payout in Spoof Bounty to thwart biometric liveness attacks

FaceTec has expanded its Spoof Bounty to both iOS and Android operating systems and tripled the total payouts available from $200,000 to $600,000 to help it identify potential vulnerabilities in biometric liveness detection.

Participants hunt for ways to defeat Facetec’s 3D Liveness software in real-world conditions, demonstrating and improving upon its security in real-world conditions, not just in the lab, the company says. Rewards are paid out for any spoof or camera bypass attack that beats the system.

The company told that about 10,000 people have participated in the program, including professors, competitors, government agencies and hackers. Two $30,000 bounties were paid about two and a half years ago for Level 1 attacks.

They revealed that certain kinds of screens could pose a problem when manipulated in a certain way, so FaceTec retrained its neural network models to catch this particular attack. The company has also learned from unsuccessful attempts, mostly about the popularity of different attack methods.

“We put our AI to the test so that users of the FaceTec software can be shown — and not just told — just how secure FaceTec’s 3D Liveness Detection is,” says Kevin Alan Tussy, FaceTec CEO. “We don’t hide our product behind ‘Request A Demo’ forms. FaceTec stands behind its 3D Liveness software in a way that no 2D Liveness vendor will ever be able to replicate. After rebuffing more than 130,000 bounty program attacks over the last three years, we’ve learned a tremendous amount about potential threat vectors and how to stay ahead of them.”

The Spoof Bounty program operates at five levels, the first three covering spoof artefacts of increasing complexity, and the last two addressing bypasses. Level 4 is for decrypting and editing the contents of the 3D ‘FaceMap’ with synthetic data, while Level 5 is for successfully taking over the camera feed and injecting images, in each case leading to a Liveness Success response.

The program doubled in investment from $100,000 to $200,000 last year.

Worldcoin shares details of open-source, iris biometrics-scanning ‘Orb’

Cryptocurrency company Worldcoin has published a new blog post describing the “Orb,” the company’s iris biometric imaging device.

“After three years of R&D, we’re excited to showcase the Orb, explain at a high level how it works and release corresponding hardware engineering files,” the company writes.
“We see this as an important step on our journey to making our commitment to transparency more credible to the global community.”

The company explains that creating such a device was not in its initial plans, particularly considering that building custom biometric hardware is both challenging and expensive.

“It was only after concluding that biometrics are the sole realistic way of achieving our goal that we set out to create the Orb,” Worldcoin writes.

Among biometric technologies, the company chose iris scanning as it believes it offers the most accurate modality to provide a solid user experience that has also been successfully tested at scale.

“This is because the iris has strong fraud resistance and data richness, meaning it can be used to accurately differentiate between billions of unique humans. The more data-rich the biometric marker (e.g., the iris), the fairer and more inclusive the system.”

At the same time, to prevent the technology from being used for surveillance purposes, Worldcoin licensed the Orb under a modified version of the MIT license that prohibits the use of the technology and related materials for any applications that “could be harmful to the rights of individuals.”

From a technical standpoint, the Orb contains a two-camera system with a wide-angle camera and a telephoto camera with an adjustable ~5 degree field of view via a 2D gimbal. The wide-angle camera is responsible for capturing the scene, while a neural network predicts the location of both eyes. A captured, high-resolution image of the iris is further processed by the Orb into a unique identifier.

**Explosion CAD of all relevant components of the Orb. Supplied by Worldcoin.**

Worldcoin clarified that after testing many off-the-shelf products, they partnered with an unnamed “specialist in the machine vision industry” to build a customized lens.

“The lens is optimized for the near-infrared spectrum and has an integrated custom liquid lens which allows for neural network controlled millisecond-autofocus,” the company writes.“It is paired with a global shutter sensor to capture high resolution, distortion-free images.”

Opening the Orb: A look inside Worldcoin's biometric imaging device

Given the scope of Worldcoin's mission, we approach everything from a set of founding principles based on privacy…

worldcoin.org

According to Worldcoin, the device uses a near-infrared wide-angle camera, a 3D time of flight camera and a thermal camera to prevent fraud and identify individuals correctly. The Orb is also reportedly privacy-focused as the fraud prevention algorithms only run locally.

“No images ever leave the device unless a person explicitly requests to back up their data for future upgrades and agrees to help us improve the system and increase fairness for everyone,” Worldcoin explains.

Moving forward, the company intends to open source as much of its technology “as possible” and ultimately fully decentralize the project.

Regula ID document template database grows as Innovatrics, ID R&D pitch strengths

Regula has increased the coverage of its ID document scanning, while Innovatrics says it can accurately extract data from one of the world’s more challenging identity credentials, and ID R&D has won an award for its technology ensuring an ID document submission is not a presentation attack.

Regula ID document template database grows as Innovatrics, ID R&D pitch strengths | Biometric…

Regula has increased the coverage of its ID document scanning, while Innovatrics says it can accurately extract data…

www.biometricupdate.com

Precise integrates biometric access control with Genetec to tackle US market

Precise Biometrics has joined Genetec’s partner program and integrated its biometric access control technology with the security system provider’s portfolio to expand its engagement with the U.S. market.

The YOUNiQ access control solution has been integrated with Genetec Security Center, establishing a new sales channel for Precise, and helping its go-to-market strategy in the U.S., according to the announcement. The integration makes Precise’ access control biometrics available to Genetec Security Center’s new and existing customers.

Genetec notes on its partner page for Precise that the integration also enables the simple addition of facial recognition or two-factor authentication to Genetec’s Synergis platform.

Increasing sales in the mature U.S. biometrics market has been a focus for Precise lately. The company won its first U.S. contract in 2022, with St. Lawrence Health in New York State.

“The U.S. market is a large and mature market when it comes to adoption of biometric solutions and is, therefore, an interesting market for Precise,” says Patrick Höijer, CEO of Precise. “We have therefore been focusing on establishing new sales channels through technological and commercial partnerships — and joining the Genetec Technology Partner Program is a result of this focus. We are now looking forward to expanding our YOUNiQ solution across the attractive U.S. market.”

TrinamiX under-display face biometrics to debut at MWC

Face authentication software maker trinamiX says it will showcase under-display sensing at the Mobile World Congress (MWC) event, which will take place in Barcelona between February 27 and March 2.

The company, a German subsidiary of chemical giant BASF, says it will be the first live demonstration of its product.

The sensor is designed for future, notchless phones. Developed with chipmaker STMicroelectronics and vehicle aftermarket firm Continental, the authentication sensor can be integrated beneath a phone’s display.

TrinamiX also says that MWC conferencegoers will be able to test firsthand the company’s presentation attack detection (PAD) capabilities by wearing three-dimensional masks.

STMicroelectronics will use the event to show the practical integration of trinamiX’s face authentication with consumer electronics.

TrinamiX‘s under-display biometrics reportedly can provide personal health and fitness insights as well. The sensor will use near-infrared spectroscopy in phones and watches to measure physical conditions.

It is the first time, according to trinamiX, that it has mounted a functional prototype of this miniaturized spectrometer inside a phone-like environment.

Other companies reportedly working on under-display biometric technologies include Apple, Fingerprint Cards, and Samsung.

BixeLab launches online training courses for biometrics professionals

A new training service for professionals in biometrics, digital identity and risk management has been announced by BixeLab.

The new BixeAcademy offers educational resources on “biometric testing, bias, risk, and identity frameworks,” explains Dr. Ted Dunstone, CEO of BixeLab in a video announcement.

Courses are designed by subject matter experts and taught by experienced instructors, BixeLab says, and are provided through a flexible online platform.

BixeAcademy is launching with nine courses in three categories; ‘essentials,’ ‘intermediate,’ and ‘advanced.’ The first category includes courses on ‘biometric fundamentals,’ bias and vulnerabilities. Intermediate courses focus on the Trusted Digital Identity Framework (TDIF), vulnerability evaluation, and performance analysis. The advanced courses cover identity operations training, standardized testing, and red teaming to assess robustness against presentation attacks.

The online course for ‘biometric fundamentals’ is now open for registration, at a cost of $1,000. A free preview of the materials is also available through the BixeAcademy website, and the organization is accepting registrations of interest in the other courses.

iBeta examines impact of PAD standard update for biometrics developers and labs

The January update to the ISO/IEC 30107–3 standard for biometric presentation attack detection makes a series of small but significant changes to one of the most important assessments available in biometrics today.

iBeta has published a white paper to help organizations understand the changes to the standard, and how they may be affected by them. The 2023 update is the first since the original publication of part 3 of the standard in 2017.

Important changes, according to the forward to the standard document, include the addition of the relative imposter attack presentation accept rate, information on roles in PAD testing, and general technical clarifications.

The three-page white paper addresses what organizations developing PAD technologies need to know, and how the changes impact testing laboratories. iBeta compares how the first edition, published in 2017, relates to the new edition and explains how accreditation for testing to the new standard works. Finally, advice on the next steps is provided for organizations developing and testing biometric technologies.

Some terminology and reporting requirements under the standard have changed, and while developers and laboratories should purchase a copy of the new standard to fully understand the changes, iBeta says, the white paper addresses potential questions arising from the changes.

iBeta anticipates it will be accredited for testing to the new standard in the spring of this year.

Identomat passes level 2 biometric PAD compliance test from iBeta

Biometric onboarding and KYC solution provider Identomat has announced it has received confirmation of ISO/IEC 30107–03 compliance after passing a presentation attack detection (PAD) iBeta Level 2 audit.

As part of the testing procedure, which aims to assess the performance and reliability of biometric liveness systems, Identomat’s algorithms were pitted against various types and forms of spoofing attempts. These include 3D-printed and curved masks, silicone and paper masks, ‘CrazyTalk’ video avatars, and pre-recorded videos of real subjects.

From a technical standpoint, the ISO 30107–3 framework measures biometric systems’ false acceptance rate (FAR) and false rejection rate (FRR) at the point of presentation. Compliance requires that both metrics are below certain thresholds.

According to Identomat, passing the evaluation is a testament to the fact that the company’s biometric algorithms have reached a high level of spoof resistance in both controlled and uncontrolled environments.

“We are incredibly proud of this achievement as it shows our team’s dedication to providing top-quality, reliable solutions and services to our partners and their customers,” comments Rezo Imnadze, CTO and co-founder of Identomat.
“Obtaining the ISO 30107–03 standard after passing the rigorous iBeta level 2 test demonstrates our technology’s quality and effectiveness against spoofing attacks.”

The achievement comes exactly one year after Identomat raised $3.2 million in a Seed Round. Just last week, the company partnered with Ukrainian compliance technology provider YouControl.

Adera’s face biometrics rises through the ranks in NIST visa border testing

Singaporean biometric provider Adera Global Smart Tech (AGST) has achieved high levels of precision and performance in the latest Face Recognition Vendor Test (FRVT) 1:1 by the National Institute of Standards and Technology (NIST).

Adera ranked 12th in the visa border category with a false non-match rate (FNMR) of 0.0023, as of the February 2 update. The company was also in the top 30 for biometric accuracy in the wild, visa, and visa border 45 degree yaw categories on the leaderboard.

“We are really proud of this achievement as we have come a long way from proving ourselves amongst the bigger players,” comments the company’s CEO, Anthony Ong.
“The decision to send our algorithm to NIST is significant in benchmarking Adera against the best in the world of facial recognition.”

In terms of applications, Adera specializes in digital solutions for digital automation, digital identity and digital payment projects. The company also revealed plans to develop secure digital automation and identification systems for the healthcare industry.

“I am really proud and grateful to our tech team, who has not relented on our goal of being the best FR company in both security and accuracy,” Ong adds.

CardLab licenses biometric access card technology to Italian cybersecurity startup

Biometric card technologies from CardLab have been licensed by Italy-based WiBioCard to build a fully integrated card and back-end authentication solution.

Under the new partnership, CardLab staff in Denmark will work with startup WiBioCard’s (or ‘Wibio Card’’s) personnel in Italy to combine their respective solutions.

“CardLab has created card solutions to help fight fraud and identity theft, provide unique identity, and simultaneously offer full privacy protection,” says CardLab CEO Frank Sandeløv in the announcement. “During the recent pandemic we saw the importance of secure authentication as remote work and other evolving workplace environments prompted hacker attacks to skyrocket, causing huge losses for companies and individuals. The collaboration between WiBioCard and CardLab provides a valuable new opportunity for our customers, which range from companies to government institutions, to solidify a far more convenient solution, superior protections, and employ efficient cybersecurity tools to safeguard their critical data in a highly secure system.”

CardLab’s $10 million equity offering managed by US Capital Global Securities LLC is still open to eligible investors, the company notes in the announcement.

Sprawling US intel project to improve long-distance biometrics on college campus

A face, gait and whole-body biometric recognition project begun in 2019 by U.S. national labs continues. Research teams across the nation are working on better ways to more accurately identify subjects outdoors and from a distance.

The latest news comes from a community college, College of DuPage, west of Chicago. Scientists from the Oak Ridge National Lab have been working with school volunteers for the last month.

Students were given play money and told to move around as naturally as possible, visiting a faux bank, eating a snack and re-arranging the contents of a car, according to College of DuPage marketing material.

National Lab Develops Face and Body Recognition Technology at COD

Does your smartphone camera sometimes struggle to recognize your face a few inches away with Face ID? Imagine if you…

codcourier.org

The project, known as BRIAR, or Biometric Recognition and Identification at Altitude and Range, is supposed to come up with better situational awareness for United States intelligence agencies and the military.

That boost in awareness at up to 300 meters or 900 feet could be used by snipers.

BRIAR is managed by the Intelligence Advanced Research Projects Activity, or IARPA. It includes tests involving cameras posted high in the air and on drones to find ways of seeing through the wavering effect of air turbulence.

Oak Ridge scientists are part of a nationwide set of BRIAR projects overseen by the National Institute of Standards and Technology (NIST), and the Army Combat Capabilities Development Command C5ISR Center and the Research and Technology Integration Directorate

BRIAR contracts were awarded to private enterprises Accenture Federal Services, Intelligent Automation, and Kitware, and universities such as Michigan State University, the University of Houston and the University of Southern California to address the full range of research objectives. Focused research grants were given to teams from Carnegie Mellon University and General Electric Research.

Rapid digital identity certifications in the UK indicate pent-up demand: DCMS

A new accreditation system for digital identity products is leading to the rapid approval of new products, indicating high demand. Regulators are collaborating to understand what digital identity means for their remits, and for public education on using and trusting digital identity it is a matter of “wait and see,” said Erika Lewis. Lewis is director for Cyber Security and Digital Identity, at the UK’s Department for Culture, Media and Sport (DCMS), which oversees identity, and was speaking at a recent Westminster eForum.

The UK is developing its Digital Identity and Attributes Trust Framework (DIATF) to guide the country’s public and private digital identity development. The UK does not have a national identity scheme and so does not have an identity database, meaning it needs to allow identity providers to access separate government databases to build an identity. Providers need to be assessed and certified to be granted access.

The DCMS has been working with the UK Accreditation Service to recognize five certification bodies. They have now certified 33 products against the trust framework.

“The British Standards Institute has told us that they’ve never seen a new certification scheme prompt so much interest so quickly,” said Lewis.
“I think that is testament to the work my lovely team is doing, but I think it’s also testament to the fact that this is a real market where there is a real need.”

Products are already in use for the country’s Right to Rent and Right to Work Check as well as background checks. Lewis quoted data from recruitment firm Reed Screening that has found its hiring checks are down to four minutes and that employers and employees are saving around 30,000 hours a year with digital checks.

Next for Nigeria’s NIN: location tracking and smart cities

The Nigerian Communication Commission (NCC) has launched a call for proposals from the country’s academics with the aim of developing solutions in areas including smart cities as well as identity management and location tracking systems using the national identification number (NIN).

One of the areas of the research is the development of sensors which can be used for smart city applications such as traffic management systems, smart parking, smart grid, smart homes, smart institutions, smart public services, public safety and emergency response and smart network management.

In the area of ID management, the NCC is looking for proposals on how telecommunication networks can be used for ID management and location tracking using the country’s digital ID system. The solution to be developed in this area should be able to help in ID verification and authentication, location tracking and privacy, and be easily integrated with other systems, according to the request for proposals document.

Other focus areas of the research initiative include the design and implementation of efficient solar mobile phone or battery chargers; solutions for the commercial production of high capacity batteries for telecommunication equipment; design and implementation of artificial intelligence-based predictive maintenance solutions for telecoms infrastructure; the development of cybersecurity solutions to curb cyber-attacks; and the development of smart intrusion detection and alarm systems to curb theft and vandalization of telecoms infrastructure.

The NCC is Nigeria’s telecommunications industry regulator and has the mandate to support telecommunications-based innovations and research from tertiary institutions in the country capable of developing the telecommunications space.