BT/ New Apple patents for emotion recognition and MacBook face authentication

Paradigm

Follow

Published in

Paradigm

22 min readAug 28, 2023

--

Biometrics biweekly vol. 71, 14th August -28th August

TL;DR

Apple may be inching closer to including Face ID biometrics in its MacBook laptops, based on a newly granted patent
Algorithm for repelling future quantum data raids proposed by Google
Au10tix selfie biometrics for identity verification coming to X
Onfido’s selfie-based identity verification technology is being used in Web3 infrastructure. The company’s partner 0xKYC leveraged Onfido’s tech in a plugin, called “1VOTE”, designed for Aragon
Worldcoin biometrics collection faces more scrutiny in Kenya, skepticism in India
Walmart Spark delivery platform picks Persona selfie biometrics for driver verification
Thales introduces a multimodal biometric evidence suite for mobile forensics
Deloitte nets £16M from UK government in latest One Login contract win
US Army tests Idemia NSS facial recognition for multi-person in-vehicle identification
Tech5 contactless mobile fingerprint biometrics capture system patented
NFL tackles access security with staff face biometrics pilot
Trust Stamp launches biometric facial image quality assessment API
Test of mDL interoperability organized by SpruceID, AAMVA
OwnID certified for FIDO2 to boost passwordless online authentication
Accura Scan passes iBeta biometric liveness test, announces free checks for startups
VisionLabs launches upgraded biometric access control terminal, lands deal in UAE
BeyondID automates critical monitoring and reporting for digital ID system security
Axiad, Journey, SDO and Oliu update passwordless digital ID management software
Australia launches platform with identity verification for betting self-exclusion
Shufti Pro adds identity verification service to fraud prevention portfolio
Amazon takes a small BIPA win; ID scan provider for weed store accused
SecureAuth inks new partners to grow the reach of biometric passwordless authentication
Dock partners with Feedzai to bring behavioral biometrics to LatAm AML customers
German kids’ passports all go biometric next year
UNICEF praises easier birth registration for Nigerians through digitization
Biometric authentication app for national ID soon to launch in Philippines
Indian central bank to pilot open banking platform using Aadhaar KYC
Tanzania president demands faster digital ID harmonization, online service delivery
Researchers reveal PVC pipe spoof threat to voice biometrics
AI vs. AI: MIT researchers combat image manipulation
US studies possible accessibility hurdles for remote ID verification
Biometric industry events. And more!

Biometrics Market

The Biometric system market size is projected to grow from USD 36.6 billion in 2020 to USD 68.6 billion by 2025; it is estimated to grow at a CAGR of 13.4% during the forecast period. Increasing use of biometrics in consumer electronic devices for authentication and identification purposes, the growing need for surveillance and security with the heightened threat of terrorist attacks, and the surging adoption of biometric technology in automotive applications are the major factors propelling the growth of the biometric system market.

Biometric Research & Development

Latest Research:

Researchers reveal PVC pipe spoof threat to voice biometrics

Digital security engineers at the University of Wisconsin-Madison have discovered a weakness in automatic speaker identification systems that can be exploited using PVC pipes readily available at most hardware stores according to the UW-Madison news.

The team, led by Ph.D. student Shimaa Ahmed and Kassem Fawaz, a professor of electrical and computer engineering, presented their findings last week at the USENIX Security Symposium in Anaheim, California.

“The systems are advertised now as secure as a fingerprint, but that’s not very accurate,” says Ahmed. “All of those are susceptible to attacks on speaker identification. The attack we developed is very cheap; just get a tube from the hardware store and change your voice.”

The risks posed to voice biometrics by analog security holes could be far-reaching. Ahmed points out that many commercial companies already sell the technology, with financial institutions among their early customers. The technology is also used for AI-supported personal assistants like Apple’s Siri.

Shimaa Ahmed, a PhD student working in the lab of Professor Kassem Fawaz, determined a method of defeating automatic speaker identification systems using the sort of PVC pipe found at any hardware store. Todd Brown

Ahmed led a team that conducted an experiment to assess whether altering the resonance of a voice could deceive a voice biometrics system. Ph.D. student Yash Wani was asked to help modify PVC pipes at the UW Makerspace to assist them in their project. Adjusting the length and diameter of pipes purchased from a nearby hardware store, the team replicated the same resonance as the voice they sought to imitate.

Eventually, the team created an algorithm that can determine the PVC pipe dimensions necessary to transform the resonance of nearly any voice to imitate another. In a test set of 91 voices, the researchers successfully deceived security systems with the PVC tube attack 60 percent of the time, while unaltered human impersonators only succeeded six percent of the time.

The success of the spoof attack can be attributed to a couple of key factors. First, because the sound is analog, it easily circumvents the digital attack filters of the voice authentication system. Second, the tube doesn’t replicate the voice precisely; it solely mimics the resonance of the target voice. This level of mimicry is sufficient to confound the machine-learning algorithm, resulting in the misidentification of the attacking voice.

According to Fawaz, the project aims to inform the security community that voice identification is less secure than commonly believed.

He states, “Generally, all machine-learning applications that are analyzing speech signals make an assumption that the voice is coming from a speaker, through the air to a microphone. But you shouldn’t make assumptions that the voice is what you expect it to be. There are all sorts of potential transformations in the physical world to that speech signal. If that breaks the assumptions underlying the system, then the system will misbehave.”

Down the tubes: Common PVC pipes can hack voice identification systems

Machine learning algorithms can ward off a host of digital impersonators trying to hack voice recognition software, but…

news.wisc.edu

AI vs. AI: MIT researchers combat image manipulation

A team from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) has designed a new tool to jam AI image generators, using invisible “perturbations” at the pixel level of an image.

A release describes how the PhotoGuard technique uses a combination of offensive and defensive tactics to block AI tools such as DALL-E or Midjourney from manipulating photos to create deepfakes and other compromised images. In the encoding tactic, perturbations are small alterations to the latent representation of an image that an AI engine “sees” in mathematical code. By making changes to the code, PhotoGuard “immunizes” the image by making it incomprehensible to AI, which can then only perceive it as a random entity. The resulting output will be unrealistic and recognizably altered — faces on a grey field, for instance, or unblended into a blurred background.

On a defensive level, PhotoGuard creates perturbations in the original input image that are checked against during the inference process, which causes the AI to confuse the two images. This more complex biometric “diffusion attack” uses significantly more memory than encoding.

In either case, the process is undetectable in the original image.

While the training of facial recognition algorithms is not mentioned in MIT’s release, PhotoGuard would presumably also block this application of AI to online images.

“The progress in AI that we are witnessing is truly breathtaking,” says MIT professor Aleksander Madry, who co-authored the PhotoGuard research paper. “But it enables beneficial and malicious uses of AI alike. It is thus urgent that we work towards identifying and mitigating the latter.”

The PhotoGuard team, however, emphasized that truly robust protection against AI will require cooperation and coordination across the sector. Hadi Salman, the graduate student in electrical engineering and computer science and the paper’s lead author, says policymakers should consider regulating safeguards against manipulation, pointing to PhotoGuard as an example.

“Companies that develop these models need to invest in engineering robust immunizations against the possible threats posed by these AI tools,” he says. “As we tread into this new era of generative models, let’s strive for potential and protection in equal measures.”

US studies possible accessibility hurdles for remote ID verification

The U.S. Government Services Administration, which is responsible for the nation’s problematic single sign-in program, is studying how to make biometric identity verification systems work better for minority and marginalized populations.

Companies participating in the research include Jumio, LexisNexis, Socure, Incode and TransUnion. The National Institute of Standards and Technology’s rules for remote one-to-one ID proofing — SP 800–63–3A — set the requirements the GSA must meet.

The question is whether any demographic factors interfere with proofing. Data will be handled according to the GSA’s rules for collecting biometric information.

There’s no heavy lifting for participants. People accepted for the study are asked to take a picture of their ID and a selfie, repeating that process five times. They volunteer some additional personal data and then choose how they want to receive $25 in compensation.

The GSA Equity Study on Remote Identity Proofing

We know that technology doesn't work equally for everyone. By participating in GSA's study on identity verification…

identityequitystudy.gsa.gov

GSA officials want all digital government identity verification processes to work equally well for all segments of the population in order to reduce fraud and operational costs and make it as easy as possible for residents to work with the government.

The private-sector partners will judge each participant’s success in verifying their biometric data and send the results to the GSA.

Main News:

New Apple patents for emotion recognition and MacBook face authentication

Apple may be inching closer to including Face ID biometrics in its MacBook laptops, based on a newly granted patent.

Tuesday, the U.S. patent office granted Apple patent 11727718, “Light Recognition Module for Determining a User of a Computing Device.” It describes a biometric authentication module built into the MacBook screen’s notch.

As MacBooks are typically thin, the imaging hardware would need to be compact without sacrificing accuracy and user recognition, Apple notes in the filing.

On the same day, an Apple patent application was published for emotion detection. The filing, 11727724, outlines software that estimates emotions in images of faces and imbues avatars with that data.

There is controversy around the idea that algorithms could accurately discern emotions.

The company says it could obtain a latent vector for the image by using an expression convolutional neural network.

Apple also revealed that the algorithm used for estimating emotions may rely on data from some unusual sources. The company lists demographic data, location, phone number, home addresses, social media IDs and even health and fitness data. The collection of this private data needs to comply with local privacy laws, and the patent filing notes.

Patents filings from Apple that have recently been published include innovations around iris biometrics and lip-reading.

Au10tix selfie biometrics for identity verification coming to X

X, the social media platform formerly known as Twitter, is rumored to have introduced a new selfie biometrics and ID document verification process, according to app researcher Nima Owji (@nima_owji). Owji notes via screenshots that the new identity verification process will require users to take a selfie and photograph a government-issued ID. These images will be sent to third-party service Au10tix, which will handle face biometrics matching. It is reported that X will store these images for a maximum of 30 days.

This new feature is especially noteworthy for Blue/Premium subscribers, as verification will become mandatory to access premium features. For other users, biometric ID verification appears to be optional, according to platform news account X News Daily.

According to the screenshot, the identity verification process is expected to take about 5 minutes.

This move follows the platform’s recent efforts to increase user accountability and foster a more trustworthy and secure online environment and is inevitable, given the platform’s “super app” ambitions. Critics are raising concerns about potential privacy issues associated with storing sensitive personal information.

Algorithm for repelling future quantum data raids proposed by Google

Google says there is “a clear path” to protecting public key cryptography against the moment when quantum computers are used for hacking.

The company is promoting its implementation of the method and has posted it. (There are other ideas.) At stake are all the world’s collective databases of biometric and other identity data.

Google bases its conclusion on the creation of the Dilithium algorithm and the standardization of other recent public-key quantum-resilient cryptography.

Much of the cybersecurity community assumes that practical quantum computing, while unavailable now, will arrive before long and quickly tear through standard public-key cryptography like it was wet tissue paper.

Ideally, internet-scale resistance to quantum attacks will arrive before the attacks arrive, says a post by Google.

Toward Quantum Resilient Security Keys

Elie Bursztein, cybersecurity and AI research director, Fabian Kaczmarczyck, software engineer As part of our effort to…

security.googleblog.com

For that to happen, people will need new security keys after the FIDO Alliance standardizes post-quantum resilient cryptography and browser vendors adopt the standard.

That will be a lengthy process, even for a movement that’s been around since the early 2000s.

Google’s implementation combines strong nesting with classical and post-quantum cryptographical schemes. That is, a hybrid of the Ecdsa signature algorithm, which Google considers battle-tested, and Dilithium.

Company executives say they hope some iteration of their proposal will get baked into the FIDO2 key specification and, of course, win the acceptance of browser companies.

They have invited the community to push their algorithm around in OpenSK, Google’s open-source implementation for keys written in Rust supporting FIDO U2F and FIDO2 standards.

Tech5 contactless mobile fingerprint biometrics capture system patented

Tech5 has been granted a patent by the U.S. Patent and Trademark Office for contactless fingerprint capture and biometric liveness detection on a standard mobile device.

The patent for “Contactless fingerprint capture using artificial intelligence and image processing on integrated camera systems” (11721120) describes a series of machine learning algorithms based on neural networks, which detect the fingers, which side of the hand is being held up to the camera, and generate fixed-length fingerprint templates for biometric matching. A 3D depth map of the fingerprints is created, which delivers a resolution of 500 dpi and eliminates distortions in the image caused by the curvature of the fingers.

The system can be used for contactless-to-contactless fingerprint matching or contact-to-contactless matching, the patent document states. Tech5 also says the algorithms meet interoperability standards, and can be used for both enrollment and authentication.

The patent protects the technology used in the T5-AirSnap Finger software, according to the announcement.

“Our expert R&D team is committed to advancing contactless fingerprint capture and liveness detection, integral to critical applications such as national enrollments, law enforcement, eKYC, and decentralized digital ID,” comments Tech5 Co-founder, Chairman and CTO Rahul Parthe. “We take pride in leading the way in this exciting new field of research.”

Trust Stamp launches biometric facial image quality assessment API

Trust Stamp has published a white paper playing up its facial attribute and image quality assessment API, which the vendor says and be integrated with “any” relevant facial recognition, presentation attack detection or age verification apps.

The tools are designed to provide feedback when capturing facial images for systems (or, separately, people if the vendor’s work on large language models pay off). Better automated image capture should make for better biometric enrollments and re-authentications, according to the document, which spends more time on face algorithms and less time describing image-capture quality.

The software tools incorporate and modify portions of ISO/IEC 29794–5, but they also introduce new recommendations based on previous standardization efforts. A new international standard for facial image quality is currently under development by an ISO/IEC working group.

Focusing on face metrics in individual facial images can be computationally simpler than categorizing images by image quality — blurriness, for example, according to the white paper.

Trust Stamp claims in the white paper shared with Biometric Update that its software tools pull subject data from deep learning-based facial attribute classifiers, bringing to the surface the presence of facial hair, for instance. The company refers to the suite of tools as “FAIQA” (for “facial attribute and image quality assessment”).

The company sees its quality assessment tools addressing a number of use cases, including video-frame selection for both facial recognition and proof of liveness. Quality summarization can spotlight devices and systems that are underperforming.

Biometric tokenization patents given to Trust Stamp

Two U.S. patents for biometric identification, one for biometric tokenization, have been awarded to software maker Trust Stamp.

The first patent (11,741,263), published last week, protects “systems and processes for lossy biometric representation.” It’s now part of Trust Stamp‘s line of products that tokenize biometric data.

Tokenizing biometric data makes a fingerprint, for example, an abstract, anonymized vector image, eliminating exposure of the biometric. This process is also designed to be hard to reconstruct the original stored information used to create the token.

The vector image is compared to others to verify identity.

The patented process has been integrated into the company’s irreversibly transformed ID token, or IT2, software, which minimizes storage and use of biometric templates.

Also, this month, Trust Stamp won protection for privacy-secured biometric ID and verification (11,711,216). It is a biometric enrollment system, also part of the company’s IT2 portfolio, can produce multiple transformed, privacy-secured templates for storage.

Test of mDL interoperability organized by SpruceID, AAMVA

New York-based SpruceID is running a test of mobile driver’s license interoperability along with government officials and businesses working on digital identity standardization.

SpruceID provides open-source infrastructure for digital credentialing.

The test will be fully remote and asynchronous, and evaluate online identity verification with mDLs based on the ISO/IEC 18013–7 standard in development for mDL add-on functions. It is being carried out over a two-week duration at the end of August.

The American Association of Motor Vehicle Authorities (AAMVA) and members of ISO/IEC JTC 1/SC17/WG10 are collaborating with SpruceID on the test. Australian government transport agency group Austroads has endorsed the event, according to the announcement. SpruceID is working with the California DMV to jointly test online identity verification with the state’s recently launched mDL.

Participants in the test include the U.S. National Institute of Standards and Technology (NIST), while industry participants include Google, Panasonic, Samsung and Okta. The participants are encouraged to test their verifier or mDL app implementations with both OpenID4VP and RestAPIs.

Test guidelines and mDL implementation requirements are available from SpruceID.

OwnID certified for FIDO2 to boost passwordless online authentication

OwnID, a company specializing in passwordless identity verification, has achieved FIDO2 certification, emphasizing its commitment to industry standards and secure sign-in technology. This certification aligns OwnID with internationally recognized standards.

FIDO2 certification highlights the reliability and security of OwnID’s platform and indicates a critical move toward passwordless authentication, which can reduce the risk of phishing and other breaches.

OwnID’s platform is active on over 100 live websites, showing data that reveals a significant reduction in sign-in drop-off and cart abandonment rates and an increase in authenticated users by an average of 28 percent.

Whether as a stand-alone system or integrated into existing login forms, OwnID enables businesses of all sizes to offer a FIDO Alliance-certified login and registration process, thereby enhancing security and user experience simultaneously. The platform offered by OwnID can be integrated into websites within a few hours, the company says. It works with a range of authentication mechanisms, including passkeys, which are aligned with FIDO standards, offering users secure registration and login options using their preferred device unlock methods such as face and fingerprint biometrics and PINs.

“The FIDO2 certification reflects our commitment to the FIDO Alliance’s vision of passwordless authentication,” said Dor Shany, CEO and co-founder of OwnID. “This isn’t just a step towards a more streamlined sign-in process. It signifies our dedication to enhancing the way businesses engage with their customers. We’re focused on making interactions smoother and more secure, ultimately transforming the customer engagement experience.”

Accura Scan passes iBeta biometric liveness test, announces free checks for startups

India-based authentication company Accura Scan has passed the Level 2 biometric presentation attack detection (PAD) iBeta Quality Assurance test. To celebrate, it is offering all startups some of its products for free.

By passing the assessment, Accura Scan obtained the ISO 30107–03 standard which measures a biometric system’s false acceptance rate (FAR) and false rejection rate (FRR) at the point of presentation. The company’s FAR score was 0 percent, making it the only firm in India, Singapore, Asia Pacific and Middle East regions to have reached this level, according to the announcement.

“Obtaining the ISO 30107–03 standard after passing the rigorous iBeta Level 2 test demonstrates the quality and effectiveness of our solutions against spoofing attacks,” the company’s CEO and founder Yasin Patel says in an announcement.

Level 2 PAD tests assess the technology’s effectiveness against sophisticated 3D masks and digital images.

The Mumbai-headquartered startup also says it is giving away its Identity Verification & Digital KYC Suite products for free to startups. More established companies would be offered different modules at a special price of US$5,000 a year.

In July, Accura Scan began offering its NFC Verification SDK for free to its customers after launching an NFC scanning feature for biometric passports.

During the past years, the company has been working across the Middle East and North Africa (MENA) region, including clients such as NEC Payments Bahrain, the Gulf Bank of Kuwait and Ahli Bank Qatar. In March, it sealed a deal for its 3D selfie biometrics with Danube Properties, one of the largest real estate developers in the United Arab Emirates.

Walmart Spark delivery platform picks Persona selfie biometrics for driver verification

Walmart delivery app Spark is implementing selfie biometrics checks from Persona for drivers to cut down on incidents of individuals using identity fraud to corner the market for delivery jobs.

The delivery platform has scaled quickly, with three times more drivers than a year ago, Business Insider reports. Several drivers who spoke to Insider say that as that has happened, they have been given less orders to complete through the crowdsourced delivery app. Meanwhile, Walmart employees claim to have seen other drivers using multiple identities and multiple phones to get more work by gaming the system.

Walmart's delivery program is having an identity crisis. Some drivers aren't who they say they are.

Walmart has tripled its delivery platform over the past year, but workers say it's become harder to make a living as…

www.businessinsider.com

In response, Walmart is instituting identity verification through ID document photos and selfie biometrics. The Spark driver app privacy statement reveals that the technology is provided by Persona.

Previously, some stores had begun checking drivers’ physical IDs before releasing orders, but others said they were not allowed to do so. A Walmart spokesperson told Insider that the company takes reports of fraud seriously and that fraudulent accounts are deactivated whenever they are found through active monitoring.

The change seems to include not just onboarding but biometric authentication, with Insider reporting that verifications include periodic selfie requests. How frequent authentication will be required remains unclear, with reports of selfies requested for each delivery at one store early last week, and much less frequently by the end of the week.

Delivery platforms including Amazon, Uber Eats and DoorDash already use selfie biometrics and ID checks.

Thales introduces multimodal biometric evidence suite for mobile forensics

A new software and hardware bundle to give police and security forces remote multimodal biometric identification capabilities has been unveiled by Thales, under the name Thales Evidence and Investigation Suite (TEIS).

The combined solution includes Cogent palm and fingerprint biometric scanners and other biometric capture devices, a workflow engine and database, a biometric matching engine and what the company describes as a full set of software tools for evidence enhancement and analysis. The software runs in the cloud to bring forensic capabilities to the mobile phones used by officers in the field, according to the announcement.

Thales says in the announcement that TEIS includes technology ranked highly by NIST, and delivers accuracy with customization and scalability.

TEIS supports iris and face biometrics, in addition to palm and fingerprints.

“Thanks to the ultra-mobile multifunction application, each investigator can benefit from having a biometric forensic lab at the palm of their hand that strives to simplify and accelerate the procedure,” says Thales Public Security Solutions Director Luc Tombal. “Time optimization is crucial in investigations, and this unique approach allows access to vital information within minutes, expediting criminal case resolutions compared to the traditional days-long process.”