BT/ Mastercard launches biometric authentication via passkeys, X announces passkey support

Paradigm

Follow

Published in

Paradigm

21 min readJan 29, 2024

--

Biometrics biweekly vol. 81, 15th January — 29th January

TL;DR

Mastercard announces its passkey service, while X also announces passkey support
Android phone users can enable the security key feature on their phones to confirm when they are logging into Chrome
A group of researchers is breathing life into a new biometric system that could identify a person by measuring the way they breathe, specifically their exhalations
Fingerprint biometrics get a 3D upgrade from digital holographic imaging
Demographic-agnostic tool for deepfake detection shows promise
Biometric card enrollment device from FPC ready for distribution
Idemia scores top fingerprint biometric accuracy marks across PFT III datasets
Qualcomm builds smart car biometrics system, partners with Daon on insurance
Expertum’s SaaS face biometrics engine posts near-perfect accuracy
Zwipe dials back biometric pay product, access cards are now the focus
Oliu and IDnow announce integrations with fintech for ID verification
Regula integrating biometric liveness detection, and document validation with the bank platform
DHS S&T reveals liveness detection track details for remote ID validation assessment
Paravision launches facial liveness detection software after iBeta Level 2 success
Phonexia launches voice biometrics product for forensic investigations
ETSI standard for mobile biometrics and security certified by French authority
NADRA partners with a local university to promote biometrics research, development
Yubico is taking cybersecurity to Hollywood
Ireland moving steadily on digital initiatives with 2.3M verified MyGovID accounts
Czech Republic rolls out new digital ID app with over 70K downloads on the first day
Beijing implements facial recognition for foreigners registering a business
India govt blocks plans to procure facial recognition, drones to monitor election
Cambodia introduces CRVS law to expand legal ID issuance
Trans Indonesians to receive physical and digital IDs in time for elections
Facial recognition planned for all stadiums in Italy’s top football league
Digital identity and passkey startup Dapple raises $2.3 million in pre-seed round
Biometric industry events. And more!

Biometrics Market

The Biometric system market size is projected to grow from USD 36.6 billion in 2020 to USD 68.6 billion by 2025; it is estimated to grow at a CAGR of 13.4% during the forecast period. Increasing use of biometrics in consumer electronic devices for authentication and identification purposes, the growing need for surveillance and security with the heightened threat of terrorist attacks, and the surging adoption of biometric technology in automotive applications are the major factors propelling the growth of the biometric system market.

Biometric Research & Development

Latest Research:

A breath of fresh air? Breath biometrics proposed by Indian researchers

A group of researchers is breathing life into a new biometric system that could identify a person by measuring the way they breathe, specifically their exhalations.

Each of us breathes differently. During exhalation, air passes from the lungs through the complex internal structures of our airways which creates turbulence signatures — a unique biomarker. Scientists from the Indian Institute of Technology Madras in India have now created a biometric algorithm based on measuring the turbulence in an exhaled breath which can be used to authenticate and identify a user, according to research published in open-access repository arXiv.

To evaluate the performance of the algorithm, scientists measured exhaled breath from 94 human subjects. The group used a hot-wire anemometer to collect their breath data, a research tool for measuring fluid dynamics.

“The user confirmation algorithms performed exceedingly well for the given dataset with over 97 percent true confirmation rate,” the research paper notes. “The user identification algorithm performs reasonably well with the provided dataset with over 50 percent of the users identified as being within two possible suspects.”

More samples from a larger population would be necessary to build an algorithm for user identification algorithm, where the test user’s identity is not revealed beforehand, the paper adds.

In the future, the application could be used in personalized medicine. Exhalations are used as a non-invasive diagnostic tool for several medical issues, such as malaria, lung disease and even diabetes. A benefit of the new biometric system is that it would be difficult to reconstruct the original time series that create individual biometric traits, according to the scientists.

“Since the input of the exhaled breath-based biometric system is correlated with the internal morphology of the human body, it is impossible for a hacker to spoof-authenticate a user,” the researchers write.

And if the latest research doesn’t take your breath away, perhaps it’s time to get your toothbrush ready.

Fingerprint biometrics get a 3D upgrade from digital holographic imaging

At a microscopic level, a fingerprint is like a mountain range; so is its forensic biometric mark, which is made of oil accumulated in ridges that have depth and fine detail beyond what a standard 2D fingermark reveals — even if those ridges are only microns high.

Professor Partha Banerjee, director of the Holography and Metamaterials Laboratory at the University of Dayton, believes that with only two dimensions to a fingerprint, too much is missing from the complete biometric picture. In an article for The Conversation, he describes a process for using digital holography to map and visualize fingermarks in 360-degree 3D.

“Biometric identifiers record fingermarks only as 2D pictures,” writes the professor. “A 2D fingerprint neglects the depth of the fingermark, including pores and scars buried in the ridges of fingers that are difficult to see.”

Your fingerprint is actually 3D − research into holograms could improve forensic fingerprint…

Using fingerprints to catch criminals isn't 100% accurate, but analyzing fingerprints in 3D, rather than 2D, could…

theconversation.com

Banerjee defines the three types of fingermarks based on visibility: patent marks are the most visible (like bloody prints at a crime scene), plastic are embedded in soft surfaces like Play-Doh or silicon, and latent are the barely visible kind that detectives have to dust for. Similarly, there are three levels of geometric detail in a fingermark. Level 1 covers visible ridge patterns such as loops, whorls and arches. Level 2 applies to minute details such as bifurcations, endings, eyes and hooks. Features at Level 3, which are not visible to the naked human eye, include pores, scars and creases.

Digital holography works on a scale that can accommodate Level 3 details, and is therefore able to show all of the 3D topological characteristics of a fingermark. In collaboration with Akhlesh Lakhtakia, a professor at Penn State, Banerjee’s lab developed a technique for preserving fingermarks using a layer of nanoscale columnar thin film (CTF). To achieve this, fingermarks on glass, wood and plastic were aged in different environments, at various temperatures and humidity levels, then harvested with a coating of CTF. Described as “pillars of glassy material that uniformly cover the fingermark, like a dense growth of identical trees in a forest,” CTF conforms to the topology of the fingermark in the same way a Pin Art toy captures the impression of a hand.

The next step is to create a hologram from the preserved mark. This is achieved by splitting green and blue light wavelengths from a laser, so that light reflected from the fingermark is also superimposed onto a reference wave directed into a digital camera. The resulting interference pattern creates what is called a hologram: a 2D image recorded on the digital camera.

“Researchers then import the hologram to a computer, where they can use the physical laws of wave propagation to figure out where the light waves from the laser bounced off different parts of the object,” explains Banerjee. They can then reconstruct the fingerprint as a 3D image that can be viewed from any perspective on a digital screen.

The Miami Valley Regional Crime Lab in Dayton, Ohio, has developed grading systems for the collection process performed by Lakhtakia and his team at Penn State and is working toward a similar grading system for Banerjee’s digital holographic images, to measure features such as clarity.

Demographic-agnostic tool for deepfake detection shows promise

A group of U.S. researchers say they have created the first deepfake detection algorithms successfully designed to be less biased.

The team tested their idea on a well-known algorithm and dataset and reported overall detection accuracy from 91.49 percent to 94.17 percent. Citing separate algorithm research, they said a 10.7 percent difference has been found in deepfake detection error rates between races.

The scientists work at the University of Buffalo, Indiana University-Purdue University and Carnegie Mellon University.

UB researcher Yan Ju says that in focusing on bias in face recognition detection tools — a critical priority –past efforts have paid too little attention to deepfake detector bias. The team’s perspective differed from conventional thought in another way.

Study: New deepfake detector designed to be less biased

New algorithms close accuracy performance gaps across different races and genders.

www.buffalo.edu

Rather than try to balance biometric databases, make algorithms more fair. The team claims this is a first.

For the project, supported in part by the U.S. Defense Advanced Research Projects Agency (DARPA), the researchers created two machine-learning methods. One made algorithms aware of various demographics while the other was “demographic agnostic.”

They reportedly improved accuracy disparities “across races and genders.” Overall accuracy improved, too.

“We’re essentially telling the algorithms that we care about overall performance, but we also want to guarantee that the performance of every group meets certain thresholds, or at least is only so much below the overall performance,” says the study’s lead author, UB computer scientist Siwei Lyu.
What’s more, the agnostic algorithm is freed from datasets’ demographic bias by classifying deepfake videos on features in a segments’ “not immediately visible to the human eye.”

The researchers used the Xception algorithm with multiple datasets and the FaceForensics++ datasets with other algorithms in their work and the new methods largely held up.

There was an improvement in “most fairness metrics” with “slightly reduced overall detection accuracy.” Lyu says the tradeoff is worth it as improvements are made to biometric datasets.

Main News:

Mastercard launches biometric authentication via passkeys

Mastercard has launched the Biometric Authentication Service, its passkey offering in line with FIDO standards. The service is designed to replace multi-factor authentication options that are less secure and cause friction.

Mastercard’s service uses the biometric systems already built into users’ phones and laptops. It allows them to use their face or fingerprint to log in to their accounts and make purchases more easily. The feature supports all card brands and other forms of payment. Merchants and financial institutions, says Mastercard, can expect to see reduced costs and improved customer experience.

The service could streamline scenarios such as when a customer makes a unique purchase that would typically trigger multi-factor authentication. Instead, the user would authenticate with their face or fingerprint. Merchants could also enable passkeys on all regular purchases to improve security without creating friction.

Mastercard Developers

Edit description

developer.mastercard.com

X announces passkey support

X has announced passkey support, according to TechCrunch. The feature can help combat recent high-profile account hacks, such as when a bad actor hacked the U.S. Securities and Exchange Commission’s X account to share a post claiming the SEC had approved Bitcoin ETFs.

Currently only available on X for iOS, users can set up the passkey feature by logging into the app and navigating through “your account,” “settings and privacy,” “security and account access,” to “security.” Under “additional password protection,” click “passkey,” enter the password, select “add a passkey” and then follow the prompts.

Users can go to the passkey page to delete passkeys as needed.

X removed SMS two-factor authentication for non-paying accounts when Elon Musk took ownership of the app, rebranding it from Twitter.

X adds support for passkeys on iOS after removing SMS 2FA support last year | TechCrunch

X, formerly Twitter, today announced support for passkeys, a new and more secure login method than traditional…

techcrunch.com

Android users can turn phone into a security key for Chrome

A ZDNet article explains how Android users can turn their phone into a security key for logging on to the Chrome browser. With security keys, users attempting to login to Google automatically receive a pop-up on their phone asking to verify the login attempt. The feature only secures the Google account itself. Those who use two-factor authentication for Google products on Android are already using the feature.

To add the security key, users must have the latest version of the Chrome browser and the phone linked to their Google account. Two-factor authentication must also already be set up. Then, open Chrome on the desktop, go to the “Privacy and Security” page in “Settings,” and click “Manage Security Keys.” Users can add PINs for physical security keys in this section, as well.

Open Chrome on mobile and go to myaccount.google.com/security. In the “How you sign in to Google” section tap 2-Step Verification. Then go to the Security Key entry page, tap Add Security Key, select the phone and tap add.

How to turn your Android phone into a security key for your Chrome browser

Want to make your Chrome browser more secure? Passwordless authentication is the answer, and your phone's built-in…

www.zdnet.com

Biometric card enrollment device from FPC ready for distribution

Fingerprint Cards has announced the launch of Smart’Nroll, a reusable enrollment device that registers fingerprints on biometric payment cards. Users can enroll their fingerprints on their card in under a minute.

The device gives users the ability to enroll their biometrics at home or in-branch. It’s also compliant with all biometric cards supporting the STPay-Topaz-Bio platform. The tech behind the platform won a CES Innovation Award in 2022.

Users can complete the enrollment process by following self-explanatory prompts and a progress bar displayed on the device’s screen. The use of non-linguistic visual cues allows users who speak any language to enroll, which facilitates global sales.

Smart’Nroll uses a replaceable battery and is compliant with multiple card configurations. No personal data is stored in the device, which meets the GDPR’s privacy and security requirements. Users insert their card into the rectangular device, which appears to be a couple of inches longer than a payment card.

“Over the last 10 years we have been perfecting the functionality of the biometric payment card,” says Fingerprint Cards CEO Adam Philpott. We’re pleased to have created a device that makes enrollment as smooth, convenient and secure as the payment card itself.”

DHS S&T reveals liveness detection track details for remote ID validation assessment

The Science & Technology Directorate at the U.S. Department of Homeland Security is expanding its evaluation of software for remote identity validation to presentation attack detection and spoof prevention.

Remote Identity Validation Technology Demonstration (RIVTD) Track 3 assesses the ability of selfie biometrics systems to tell legitimate users from attempts at impersonation.

Track 1 of RIVTD deals with identity document authentication, and Track 2 evaluates the capability to match a selfie to the image included on the document. The third track, assessing liveness and PAD technologies, was revealed in the initial announcement, but remained closed while the first two assessments were completed.

The RIVTD program as a whole is intended to assess and support the development of remote identity validation technologies that are secure, accurate, easy to use and resistant to identity fraud.

“The emergence of new, powerful, widely accessible technologies underscores the importance of facilitating the development and evaluation of tools to combat fraud,” says S&T Senior Engineering Advisor for Identity Technologies Arun Vemury. He also says the response from stakeholders has been robust.
“As remote ID validation technologies become more prevalent, liveness/presentation attack detection of bad actors or impersonators will be a critical component of remote, self-enrollment of an individual’s digital identity,” says TSA Identity Capability Manager Jason Lim.

Keyless claims first as split biometric hashing wins international patent

International companies including Keyless, Smart Engines and Trust Stamp, and academic researchers are securing patents for a host of AI-based applications, including biometric verification systems.

Keyless claims first as split biometric hashing wins international patent | Biometric Update

Keyless, Smart Engines and Trust Stamp, and academic researchers are securing patents for a host of AI-based…

www.biometricupdate.com

Qualcomm builds smart car biometrics system, partners with Daon on insurance

Qualcomm Technologies, Inc. is collaborating with Salesforce to connect its Snapdragon Digital Chassis to Salesforce Automotive Cloud, for a new biometrics-enabled smart vehicle system targeting consumer and enterprise drivers, passengers, automakers, fleet managers, mobility service providers and more. To generate more data-driven intelligence for drivers and create what a post on the company’s blog calls “contextually relevant travel experiences” through the use of biometric sensors and external data, Qualcomm’s intelligent in-vehicle assistant can make customized service recommendations. The platform also enables biometric authentication for payments by vehicle occupants.

Empowering the ecosystem to unlock potential for automotive services

Qualcomm Technologies, Inc. is collaborating with industry leaders to deliver a comprehensive platform for bringing…

www.qualcomm.com

“Combining real-time data collected from the vehicle and its surroundings with first-party data — such as website interaction, in-app usage and purchase or service history — allows automakers to deliver personalized experiences while strengthening trusted relationships with their customers,” says Achyut Jajoo, SVP and GM of manufacturing and automotive at Salesforce.

Continuously connected vehicles enable real-time alerts and analytics, user-specific offers, proactive maintenance and on-demand upgrades, says Qualcomm. Generative AI brings the feedback system to the next level: Snapdragon Car-to-Cloud Services now support enterprise plug-ins and large language model (LLM) operations on the vehicle through a partnership with Cognizant.

Payments system supported by J.P. Morgan for broad use cases

A new in-vehicle wallet also aims to streamline driver payments. Working with J.P. Morgan, Qualcomm’s tech uses a single biometric sign-on to enable purchases from luxury updates to streaming content and pre-ordered meals.

“Leveraging Qualcomm’s identity token management platform, we’re creating interfaces that allow automakers to integrate and brand their own in-vehicle wallet to provide a certified payment solution that uses biometrics to link purchases to each occupant,” says Ali Almakky, global head of payments solutions for mobility at J.P. Morgan. “The solution allows users to purchase in-vehicle and external services directly from apps on the vehicle’s infotainment screen, using biometrics to authenticate payments.”

Also on the biometrics front, Daon is providing biometric digital identity tech for insurance transactions in Snapdragon-equipped cars, allowing users to extend their policy on the fly.

Expertum’s SaaS face biometrics engine posts near-perfect accuracy

Cyprus-based Expertum, an AI-based facial recognition firm, says its Face.Match.Expert cloud search engine system delivers accurate face biometrics 99.98 percent of the time. An article on Tech.EU says the Face.Match.Expert API integration is designed to be accessible for programmers of all levels, making building and analyzing photo collections for facial recognition “a breeze.”

“Our ambition was to forge the leading facial recognition engine in the industry,” says Lukasz Kowalczyk, co-founder of Expertum.ai. “With our extensive background in advanced technologies, we’ve crafted the quickest and most accurate system for facial detection and recognition, achieving an extraordinary accuracy level of 99.98 percent. Additionally, it’s designed to manage 1,000 requests simultaneously.”

The SaaS offering includes limitless in-cloud storage and near-limitless database capacity care of its proprietary engine, which makes adding photo databases easy and indexing efficient for fast biometric matching. The firm emphasizes the importance it puts on GDPR compliance, prioritizing user privacy and the secure management of sensitive biometric data, and says Face.Match.Expert never stores personal data on servers in its original format.

Expertum delivers 99.98 percent accuracy in facial recognition

Face.Match.Expert from Expertum.ai is a revolutionary, easily implemented, in-cloud search engine that ensures facial…

tech.eu

Idemia scores top fingerprint biometric accuracy marks across PFT III datasets

A fingerprint recognition algorithm from Idemia has matched or bettered the top accuracy results against all four datasets in a test by the U.S. National Institute of Standards and Technology.

The latest algorithm submitted to the Proprietary Fingerprint Template (PFT) III evaluation by Idemia scored a false non-match rate (FNMR) of 0.0037 with a set of fingerprints from the Arizona Department of Public Safety, and an FNMR of 0.0061 with data from the Los Angeles County Sheriff’s Department. Each of those results topped the previous best. Idemia’s algorithm also matched the best results for matching the Port of Entry, BioVisa Application (FNMR 0.0048) and US Visit #2 (0.0050) datasets. All four tests were conducted with the false match rate (FMR) set at 0.0001.

The company also claims top-ranked fingerprint biometrics accuracy results in NIST’s ELFT test and the mFIT challenge, in addition to its PFT III results.

“These latest fingerprint recognition results, in line with our track record to date, testify to our ability to offer cutting edge algorithms that are both accurate and fair,” says Jean-Christophe Fondeur, Idemia’s chief technology officer.

Idemia algorithms for face and iris biometrics have also excelled in NIST testing. Interpol uses Idemia’s fingerprint and facial recognition software to assist police and border control operations.

ETSI standard for mobile biometrics and security certified by French authority

ETSI has had its suite of specifications for mobile device security and biometrics certified by France’s cybersecurity agency (ANSSI) under the Common Criteria framework.

The certification is the first by a national authority for comprehensive smartphone security assessments based on a comprehensive set of specifications, according to the announcement, setting up third-party certification tests.

ETSI’s Consumer Mobile Device Protection Profile standard is intended to identify the key security and privacy risks for users of mobile devices. Based on them, it provides criteria for security certification that manufacturers can use, and a methodology for evaluators to use in assessing consumer products. ETSI says it will be suitable for certifications under the European Cyber Resilience Act, when it enters into force this year later this year.

TS 103 732–1 and TS 103 732–2 are a “Base Protection Profile” and “Biometric Authentication Protection Profile Module,” respectively. The base profile defines what should be evaluated, the security challenges that need to be addressed, and the objectives for doing so. The biometric authentication profile sets false acceptance rate (FAR) of 1 in 50,000 for 2D face biometrics, 1 in 100,000 for 3D face, and 1 in 50,000 for fingerprints at a false rejection rate (FRR) of 1 in 20 for 2D face, 1 in 33 for 3D face, and 1 in 33 for fingerprint biometrics. Presentation attack detection (PAD) is out of scope for the specification.

TS 103 932–1 is a complementary technical specification defining the configuration for evaluations and merging the requirements of the other two.

The revised multi-part specification was written with contributions from stakeholders among OS developers, smartphone manufacturers, network operators, regulatory authorities and user associations, ETSI says.

NADRA partners with local university to promote biometrics research, development

Pakistan’s National Database and Registration Authority (NADRA) Technologies Limited (NTL) will share its expertise with the Islamabad National University of Sciences and Technology (NUST) in the domain of biometric technologies research, development and innovation.

This follows a Memorandum of Understanding (Mou) recently concluded between the two entities, according to a NADRA announcement, and the collaboration is aimed at encouraging and supporting local innovative approaches to the development of biometric and digital ID-related technologies in the country.

The purpose of the MoU is to establish a strong academic collaboration where the two parties are expected to bring in contributions from their respective domains of activity. While NTL has created an international reputation for itself with its digital ID solutions works at home and abroad, the NUST is a highly-ranked tertiary institution in the area of engineering and technology.

Per the announcement, NUST will contribute its research know-how in the area of contactless biometrics and face liveness detection technologies. Other areas in which the partners will combine their expertise are facial recognition, digital know-your-customer (e-KYC) checks, digital onboarding, Automated Fingerprint Identification Systems (AFIS) and Automated Biometric Identification Systems (ABIS), according to the announcement.

Both partners have underlined the significance of the partnership saying developing these biometric applications will enable the provision of better government and private sector services to the people of Pakistan.