BT/ Final vote passes eIDAS 2.0 proposal

Paradigm

Follow

Published in

Paradigm

22 min readMar 11, 2024

--

Biometrics biweekly vol. 84, 26th February — 11th February

TL;DR

One of the most important European regulations has been adopted after a vote passing revisions to the eIDAS 2.0 proposal. The amendments to the framework will unify standards for European digital identity services, in particular for the EU Digital ID wallet which will condense common digital credentials into one mobile application
FIDO Alliance ensures the long-term value of its specifications in post-quantum era
Accura Scan reports strong face biometric accuracy results across NIST categories
Trust Stamp listed as fraud mitigation provider for Federal Reserve
Oz Forensics, Regula update liveness detection portfolios
BioID launches new version of deepfake detection software
Identiv launches biometric MFA reader for federal government access control
Fingerprint Cards, Precise Biometrics agreements to expand fingerprint access control
Metalenz-Samsung camera combo could make smartphone biometrics cheaper
Identity verification integrations unveiled by Socure, OneID, Persona and uqudo
Visa says palm biometric payments have a promising future
Generative AI injection attacks best tackled at source, says new Yoti white paper
‘Frictionless SCA’ patent awarded to Entersekt
Anonybit launching next-generation decentralized biometrics cloud
VoxelSensors demonstrate Spatial Awareness system at Mobile World Congress 2024
BrainChip showcases AI-enabled human behavioral analysis with Akida neuromorphic computing
OpenCRVS launches new version, resources and partner program to boost ecosystem
UK government defines areas of priority for digital identity and AI
Trust report shows UK public wants digital identity to be inclusive
Biometric patent lawsuit against Google stays in Texas
Biometric chip passports launching in Malta and Jordan this year
Princeton Identity launches edge multimodal biometric scanner to North American market
Nepal to assign unique ID number at birth as part of the digital ID program
MOSIP rallies stakeholders to foster discourse on inclusive digital ID development
Spain’s national police introduce multi-faceted digital ID plan
Au10tix researchers discover relaunched fake ID generation site OnlyFake
Australia’s opposition wants stronger controls built into the Digital ID Bill
Illinois is the latest US state to move on mobile driver’s licenses
Biometric industry events. And more!

Biometrics Market

The Biometric system market size is projected to grow from USD 36.6 billion in 2020 to USD 68.6 billion by 2025; it is estimated to grow at a CAGR of 13.4% during the forecast period. Increasing use of biometrics in consumer electronic devices for authentication and identification purposes, the growing need for surveillance and security with the heightened threat of terrorist attacks, and the surging adoption of biometric technology in automotive applications are the major factors propelling the growth of the biometric system market.

Biometric Research & Development

Final vote passes eIDAS 2.0 proposal

One of the most important European regulations has been adopted after a vote passing revisions to the eIDAS 2.0 proposal.

The amendments to the framework will unify standards for European digital identity services, in particular for the EU Digital ID wallet which will condense common digital credentials into one mobile application.

Businesses and governments will build services into the wallet, having been sold on its interoperable and cross-border capabilities to improve users’ experiences.

As the standard has promised from the start of negotiations, adoption will be on a purely voluntary basis for EU citizens although traction of the wallet and its credentials has rocketed as digital services fully embrace verification.

Across converging mobile apps in the wallet, data collected, stored and processed by providers will be owned by the individual themselves.

The four main wallet pilots are expanded with the inclusion of “qualified electronic signatures” for users. The Cloud Signature Consortium advocates for e-signatures being a significant opportunity for the wallet, given the need for users to sign ID and other digital documents required by many sectors e.g. banking and travel.

Rapporteur Romana Jerković commented on the standard, which will now be formally endorsed by the EU Council of Ministers to become law: “This legislation aims to empower citizens by putting them in full control of the use and sharing of their data. Digital identity has evolved from being a mere convenience to becoming a catalyst for civic involvement, social empowerment, and a means to foster inclusivity in the digital age”.

UK government defines areas of priority for digital identity and AI

How can the UK ensure that its artificial intelligence technology reduces bias and how can the digital identity ecosystem become more inclusive? These are some of the questions that the UK government officially defined as its technological priorities in 2024.

Last week, the Department for Science, Innovation and Technology (DSIT) released its first-ever document detailing areas of research interest (ARI), covering industries such as digital identity and artificial intelligence. The policy document was created to fill knowledge gaps within the agency, which was tasked last year with boosting the UK’s global position in cutting-edge technologies.

“The science and technology landscape is vast and complex — we require the strongest research and data to underpin our policymaking,” National Technology Adviser Dave Smith said in a statement.

According to the document, digital identity will be covered by the Cyber Security and Digital Identity (CSDI) directorate. Its main task will be to examine how to create secure and more inclusive digital ID services, from age checks for age-regulated products to pre-employment checks and opening a bank account.

The agency makes it clear that it will not be mandating specific approaches but will rely on the UK Digital Identity and Attributes Trust Framework (DIATF) and the Office for Digital Identities and Attributes (OfDIA) to ensure organizations meet standards.

Instead, the directorate will attempt to reveal what are the barriers to inclusivity, what are the consequences of leaving some groups excluded from digital services, how to build trust in digital identity solutions, and minimize security and privacy risks. DSIT has also recently updated its guidance on the DSIT Digital Identity Programme.

Working on issues related to AI, including bias will be the Digital Technology and Telecoms Group. Its main task will be to assess risks posed by the technology and ensure AI ethics.

DIST will operate a sizable budget for pushing the UK’s “global leadership” in AI technology. At the beginning of February, the government announced it would invest over £100 million (US$126.6 million) to support regulators and advance AI.

Around £90 million ($114 million) will be used to establish nine research hubs to foster homegrown AI innovation in areas such as healthcare, mathematics and chemistry. Another £10 million ($12.6 million) will be used to upskill regulators who will be working on defining AI risks and opportunities.

In addition, the government has invested another £100 million in the country’s AI Safety Institute which will evaluate risks of new AI models.

Trust report shows UK public wants digital identity to be inclusive

The UK Department for Science, Innovation & Technology (DSIT) has released a findings report summarizing a public consultation on trust in digital identity services. The results support a basic idea often emphasized in discussions about public education on biometrics and digital identity: the more people know about digital identity, the better they understand it, and the more likely they are to trust it.

Over five online workshops held from April to June 2023, participants’ attitudes towards identification and digital identity services shifted with the dialogue.

“Many participants began the dialogue believing that having identity documents is purely practical,” reads the report. “As participants’ discussions developed, many began to think of identity documentation as a basic human right.”
Key findings are divided into two broad classes: “Attitudes, benefits and concerns” and “Policy expectations, solutions and implications”.

The first of these yielded three key findings, which can be summarized as follows. Number one, trust in a digital identity service cannot be seen in isolation, but is tied to general trust in government. Number two, people need to trust that the data they share in adopting their digital identity will be protected: per the report, “participants believe the importance of identity data is not simply practical but also instrumental in people having control over their lives and life chances.” Number three, people want to know that digital identity service providers are motivated by more than money, and seek the establishment of a transparent trust framework to enshrine public good as a core tenet of any digital ID program.

“Participants do not see convenience on its own as a compelling enough reason for increased use of digital identities,” says the report. “They want to know how digital identity services are going to benefit society by making proving identity more inclusive.”

In terms of policy, two key findings emerged: people want accountability and transparency in government and management of digital ID, and accessibility, agency and involvement for the complete spectrum of the public.

Specific amendments to the trust framework recommended by participants gesture in the same direction: clearly articulate the benefits of digital ID beyond convenience; make the language easy to understand; provide a clear statement on how users own and control their data; be explicit in describing what is expected of service providers in relation to their complaints procedures; future-proof the system against misuse, misinterpretation and overreach; and prioritize inclusion.

Biometric patent lawsuit against Google stays in Texas

Google has lost its bid to move its biometrics patent fight with Proxense from Waco, Texas, to Northern California, the search company’s home turf.

Lawyers for Google feel that recent patent decisions in the Western District of Texas portend a loss for their client, according to trade publisher Bloomberg Law. But the judge in the case found no compelling reason to make a move.

Proxense is the plaintiff in the case (docket numbers 23–319 and 23–430). It alleges that Google and others infringed on six of its face and fingerprint biometric authentication patents in their mobile device systems.

The allegations specifically relate to the implementation of FIDO passkeys. Google argued that its employees with the most knowledge in that area are based in Northern California. The judge ruled that an employee in Texas identified by Proxense is a sufficient link to the current court’s jurisdiction.

The company is described in directories as a maker of proximity-based technology. Much of its attention reportedly is on health care.

Proxense’s headquarters is in Pompano Beach, Fla., and Bend, Ore., according to business directory publisher Dun & Bradstreet.

Google is one of three companies that Proxense has sued for stealing its authentication intellectual property.

Proxense settled a similar patent-infringement case with Samsung in January although the money involved, if any, was not disclosed. According to Bloomberg Law, Proxense CEO John Giobbi was awarded three disputed patents. The company then filed suits against both Google and Microsoft.

FIDO Alliance ensures long-term value of its specifications in post quantum era

Cryptography plays a fundamental role in securing data within computer systems, particularly those involving biometric technologies. It ensures the confidentiality, integrity and authenticity of sensitive data, whether it’s processed locally at the edge or sent to cloud servers for further analysis and storage.

However, the introduction of quantum computing, which has rapidly advanced in computational capabilities, present a significant threat to these cryptographic methods. Large-scale quantum computers have the potential to break several established cryptographic algorithms, including RSA and ECC, by solving the complex mathematical problems upon which their security relies.

In response to the threats, the cryptographic community and various organizations are actively developing post-quantum cryptographic (PQC) algorithms. These algorithms are designed to withstand quantum computing attacks, offering a replacement for existing algorithms and ensuring continued security in the quantum era.

In a parallel effort, the FIDO Alliance is working to address the impact of quantum computing on its specifications, aiming to preserve the long-term value efficacy of products and services built on these specifications. The specifications are expected to rely on standards developed by other organizations such as NIST and ISO, which are monitoring the process of PQC algorithms and their implications for existing specifications.

FIDO Alliance has outlined a strategy for integrating post-quantum cryptography into its standards. The Alliance aims to facilitate a smooth transition from current cryotpgraphic algorithms to post-quantum croyptographic algorithms. Despite the fact that the timeline for availability of quantum computers capable of breaking a classical cryptographic algorithm is debatable, but experts believe this can happen within 10 years. However, FIDO Alliance believes that the migration of security strategies take time, and a post-quantum strategy for migration is necessary.

As part of its strategy, the Alliance will monitor the development of various PQC algorithms, including lattice-based systems, coding-based systems, supersingular isogenies, and hash-based signatures. They acknowledge that not every PQC algorithms will be compatible with their specifications, and they plan to assess the recommendations of security agencies such as NIST to determine the effectiveness for integration into FIDO standards.

The FIDO Alliance also intends to form working groups tasked with understanding the implications of transitioning to PQC algorithms and crypto-agility. The crypto-agility here refers to the ability to manage multiple algorithms for the same function. These working groups will be charged with developing strategies for migration.

Furthermore, an additional objective of the FIDO Alliance for post-quantum cryptography is to provide guidance to its members and stakeholders as the development and standardization of PQC algorithms advance.

Accura Scan reports strong face biometric accuracy results across NIST categories

Accura Scan says the biometric accuracy results for its newest algorithm across all categories in testing by the U.S. National Institute of Standards and Technology show the company is solidifying a leadership position in facial recognition.

The company submitted a new version of its face biometrics algorithm to NIST’S Face Recognition Technology Evaluation (FRTE) 1:1 in December.

The “accurascan-003” algorithm was found among the top 40 most accurate in the world in the mugshot at or above 12 years and border categories out of 560 algorithms entered as of the February 22 update. It was in the top 50 in the mugshot category, the top 60 in the visa yaw at or greater than 45 degrees and border-kiosk categories, sixty-third in the visa and seventy-seventh in the visa-border categories.

Accura Scan’s NIST evaluation result, along with liveness detection confirmed compliant with the ISO/IEC 30107 standard Level 2 in testing by iBeta, makes it unique among developers from the Asia-Pacific (APAC) and Middle East and North Africa (MENA), according to the announcement.

The strong results across all datasets also indicate the effectiveness of Accura Scan’s biometric technology for identity verification and authentication in government, corporate and civil applications, including image checks for visas, deduplication checks on passport photographs, and customer onboarding to crypto and fintech platforms.

Trust Stamp listed as fraud mitigation provider for Federal Reserve

Digital identity and trust provider Trust Stamp has announced it has been listed by the Federal Reserve as a synthetic identity fraud mitigation provider. This follows after the company partook in a call for participation in September 2022.

Synthetic fraud could cost $23 billion in losses by 2030.

“We work with close to fifty US banks and are currently participating in the ICBA ThinkTECH Accelerator; therefore, synthetic identity fraud is of critical importance to our clients,” said Trust Stamp president Andrew Gowasack. “AI-powered solutions are at the cutting edge of combating the ever-evolving cybercrime threat.”

Trust Stamp also announced that at the end of January, it received a notice of allowance from the US Patent and Trademark Office for a new patent for facial recognition that can identify a subject even when their face is obscured by a mask or other covering.

“This unique technology was developed during the COVID pandemic, but the range of use cases is far wider than being able to identify a subject while wearing a surgical mask, and encompass both cultural and security considerations,” says Gowasack.

Because Trust Stamp uses a microservice approach to software development, the software can be implemented to existing biometric authentication systems on a low-code or even no-code basis, he says.

‘Frictionless SCA’ patent awarded to Entersekt

Financial-authentication company Entersekt has been awarded a U.S. patent for its software enabling what company executives call frictionless, multi-factor authentication.

Entersekt claims in a public statement that the patent is confirmation that its authentication approach “can qualify as possession ad inherence factors.”

The patent (Frictionless SCA 20220131857A1) also protects a mechanism that the South Africa company created to digitally sign a transaction on a bank customer’s device. The mechanism enables simultaneous dynamic linking, which heeds Europe’s PSD2 regulations.

A prime motivator for Entersekt is minimizing process abandonment for its banking clients. The overall goal, of course, is fighting payment fraud and other schemes.

Providing possession and inherence factors, according to Entersekt executives, makes for strong MFA with a minimum of friction for end customers compared to MFA options in the market.

There’s no active challenging needed, for instance, executives say.

Indeed, they say, the company can boast strong customer authentication “without any explicit user interaction.”

That’s made possible by, now, providing possession and inherence factors with behavioral biometric identifiers in Entersekt’s browser ID or mobile app ID software.

Anonybit launching next generation decentralized biometrics cloud

Anonybit, a decentralized authentication developer, has announced the launch of its next generation decentralized biometrics cloud, enabling greater scalability, more flexible deployment options, and support for 1:1 and 1:N biometric matching.

The biometrics cloud has already been deployed as the backend to the identity verification service provided by the company’s Latin America-based partner, Ado Technologies, a banking group with 14 million retail customers.

Anonybit’s patent-pending decentralized biometrics cloud uses multi-party computation and zero-knowledge proofs to store and manage biometric data. The system converts biometric data into anonymized bits and stores them in a multi-party cloud where they are matched within.

Anonybit supports third party algorithms and multiple modalities. It can also perform 1:1 and 1:N matching in one single architecture, allowing entities to prevent duplicate, synthetic, and blocked identities from registration in all channels.

“With flexible deployment options, we are able to seamlessly integrate the Anonybit backend into our existing workflows, and expand into different use cases over time, providing a consistent and secure user experience,” says Doron Abrahamson, general manager of Ado Technologies.

Anonybit was the recipient of the 2023 Enabling Technology Leadership Award from Frost & Sullivan, as well as a number of other recognitions, including from Fast Company’s World Changing Ideas and Women in Payments Unicorn Challenge.

VoxelSensors demonstrate Spatial Awareness system at Mobile World Congress 2024

VoxelSensors, a company specializing in sensing technology for mobile, XR, and industrial applications, is demonstrating its first Spatial Awareness system at the Mobile World Congress 2024. This system uses the company’s Single Photon Active Event Sensing (SPAES) technology alongside a single illuminator to enhance the user experience on mobile devices, making it more intuitive and immersive.

The technology improves the security and efficiency of face authentication systems through its rapid and accurate detection of facial features. SPAES sensors are designed for energy efficiency and can capture detailed information, thereby improving the quality of photos and videos with better focus, depth sensing, and low light performance.

Furthermore, integrating EyeWay Vision’s technology into the system elevates its potential to deliver an immersive experience. The combination of EyeWay Vision’s expertise in gaze tracking and projection technology with SPAES abilities enables devices to not only interpret the environment but also understand the user’s focus and intentions.

“The combined power of Single Photon Active Event Sensing and EyeWay Vision’s technology addresses customer demands for power-efficient, low-latency, and precise perception and interaction systems,” says Ward van der Tempel, chief technology officer at VoxelSensors.

VoxelSensors has made a strategic move to acquire EyeWay Vision, a company known for its advancements in gaze tracking for XR applications. The aim is to expand its technological portfolio further. By acquiring EyeWay Vision, the company will have access to intellectual and industrial property, allowing it to consolidate its expertise in the field.

The strategic advantage of integrating EyeWay Vision’s gaze tracking with VoxelSensors’ SPAES technology is the capability to deliver precision and efficiency in spatial awareness and empathic interaction. According to VoxelSensors, the combination of depth sensing, gaze tracking, and empathic computing can potentially change how users interact with digital content across various devices.

“Together, these advancements position us as a major player in the rapidly evolving spatial and empathic computing market for mobile and XR devices. By combining our technologies, we can offer seamless and intuitive interactions in these domains, significantly enhancing user experience while utilizing our efficient SPAES sensor,” says Johannes Peeters, chief executive officer at VoxelSensors.

BrainChip showcases AI-enabled human behavioral analysis with Akida neuromorphic computing

BrainChip, a company known for its neuromorphic computing, has joined forces with NVISO Group Ltd., experts in AI software for analyzing human behavior. They demonstrated an AI-powered system capable of real-time human behavioral analysis at the CES 2024. This partnership combines the strengths of both companies to offer a solution with potential applications across consumer electronics, surveillance, and automotive industries.

From BrainChip, this collaboration benefits from the Akida IP and processors, which are based on neuromorphic computing. This technology enhances the efficiency of AI operations, particularly in pattern recognition and interpreting sensory data.

On the other hand, NVISO Group Ltd contributes its specialized human behavior analysis software, which can decode a broad spectrum of human behaviors. This includes facial recognition, emotion detection, identity verification, and analyzing head poses, gazes, gestures, and interactions with objects and activities.

“In our goal to driving machines to understand people and their behaviors, we have partnered with BrainChip to develop a high-performance system that enables efficient and effective human interaction with intelligent systems,” says Virpi Pennanen, chief executive officer at NVISO Group.

BrainChip has developed the Akida IP and processors, positioning it as one of the advanced neural processing solutions designed for accelerated AI processing at the edge. This system incorporates event-based neural processors, facilitating fast learning and addressing the limitations associated with traditional deep learning neural networks.

The latest iteration of the Akida platform represents the second generation of its AI technology, providing low power consumption and real-time processing, which is crucial for biometric applications such as facial recognition. Moreover, Akida processors are designed for integration into SoCs across various process technologies, offering advantages such as reduced latency, improved privacy, and enhanced data security.

In an effort to expand the accessibility to Akida, BrainChip has announced the relaunch of its product shopping portal for pre-orders of the Akida Edge AI Box. For the development of this hardware box, the company collaborated with VVDN Technologies to leverage their expertise in engineering and manufacturing. The device is designed to meet the diverse needs of several sectors, including retail and security, automotive, transportation, and industrial manufacturing.

“We are excited to officially launch pre-orders of the Akida Edge AI Box and bring this groundbreaking technology to market to empower customers in developing and deploying intelligent, secure, and customized devices and services for multi-sensor environments in real-time,” says Sean Hehir, chief executive officer at BrainChip.

Oz Forensics, Regula update liveness detection portfolios

Dubai-based Oz Forensics has made its face biometrics liveness detection software available for free on a trial basis. A release from the company says users who register for the trial license will gain access to 10,000 free transactions per year, plus useful technical articles. The trial offer is aimed at businesses including startups, universities, accelerators, charity and social projects, which Oz says can benefit from a test run of its facial recognition and authentication tools.

“At Oz Forensics, we are committed to fostering a secure digital ecosystem,” says Artem Gerasimov, CEO of Oz Forensics. “Through these trial offers, we aim to empower organizations, irrespective of their size or field, to protect themselves against identity fraud. We believe in enabling all entities to bolster their biometric security, thereby contributing to a safer digital world.”

Oz Liveness is available to trial in two versions. Its cloud-based tool, applicable for remote user authentication, provides real-time liveness detection for face biometrics-based identity verification in 2–3 seconds. Oz also offers an on-device version that works offline, on a wide range of devices. The company says the device-based software is best for scenarios in which secure on-premises data storage is the priority.

Per the release, Oz Liveness has been confirmed compliant with ISO 30107 in independent testing, and has 100 percent accuracy in detecting deepfakes and spoofing attacks. Interested parties can register for the free trial license on Oz Forensics’ website.

Latvia-headquartered Regula has released an update for its Regula Document Reader SDK, which includes enhanced document liveness detection features. A company release says improved neural networks have improved speed and enabled the mobile authentication tool to check dynamic security features that typically require on-site verification, to ensure the physicality of documents being presented. These include checks for Optically Variable Ink (OVI), lenticular images, and holograms.