BT/ Series of passwordless authentication tools and partnerships unveiled

Paradigm
Paradigm
Published in
43 min readJun 20, 2022

Biometrics biweekly vol. 41, 6th June — 20th June

TL;DR

  • Apple is making good on its recent statements about the virtue and attainability of no-password biometric credentials. Passkeys for MacOS Ventura are in beta testing now or soon will be, according to Apple, with final code ready by yearend
  • LastPass is adding Authenticator, a password manager that enables passwordless access to data, to its product portfolio
  • FIDO has grown by two passwordless sign-in evangelists: Toronto-based 1Password and Paris-based startup Valmido have joined as members
  • Innovatrics reports successful NIST fingerprint biometrics algorithm evaluations
  • Nuggets integrates iProov selfie biometrics with a self-sovereign ID platform
  • Advance.AI liveness detection first in Southeast Asia to pass iBeta test
  • Humanode Testnet v3 — “Ramiel” is now live and open for public testing
  • Delta teases airport screen with face biometrics for each viewer’s personal flight info
  • Suprema builds back-end stability feature into biometric access control platform
  • Automakers preview biometric integration; study sees growth in that market
  • French digital ID’s cybersecurity put to the test with a bug bounty program
  • Biometric vending machine for grains wins WFP innovation award
  • Joint speech recognition solution from STM and Sensory to ease embedded voice control
  • Paravision gets some shadowy funding to develop deepfake detection
  • Fingerprint Cards expands Feitian biometric payment card partnership
  • Incode selfie biometrics get a thumb’s up from German regulator for age verification
  • Taliware upgrades Biombeat heartbeat biometrics API with NFT support
  • Pindrop releases biometric voice authentication, and analytics features to the platform
  • Yoti, Post Office digital ID service first certified by the UK for employee vetting
  • AiLECS Lab to create an ethically-sourced face biometric database to fight child abuse
  • First look: IN Groupe launches ‘inclusive’ SMS-based SSI birth registration at ID4Africa 2022
  • Dermalog smart border camera system earns innovation award
  • The market for photos of masked people to train biometric algorithms surging
  • An Independent test by BixeLab shows ID R&D liveness detection mitigates demographic bias
  • BioConnect to update biometric enrollment software for broader regulatory compliance
  • 1Kosmos receives strategic investment to push passwordless authentication, zero trust
  • Tech5 face biometrics integrated for onboarding to South African businesses
  • Persona launches biometric KYB/KYC automation platform
  • Miaxis launches FAP30 fingerprint biometrics scanner with FBI-PIV certification
  • Daon, Gateway ID Africa team on a biometric platform for financial inclusion
  • Entrust buys e-signature, biometric ID verification company Evidos
  • Motorola Solutions biometric tech deployed by Surrey and Sussex Police
  • Face biometrics solutions launched by CycurID for onboarding, Veriff for authentication
  • IDology adds, Trulioo updates biometric authentication for KYB
  • Stripe launches service to delegate online payment authentication with device biometrics
  • TISA gains more member mass in bid to create a digital ID for the finance sector
  • Incode selfie biometrics get a thumb’s up from German regulator for age verification
  • Minister says Nigeria’s ambitious digital ID registry should be complete by 2025
  • OIX, Trust Over IP Foundation form digital identity pact
  • Sri Lanka digital ID contract bids open soon: only Indian firms need to apply
  • Biometric SIM registration slows Kenyan mobile subscriptions, Namibia seeks a different path
  • SADC to begin production of biometric passports for staff with Botswana facilities
  • Jamaica, and Pakistan look to ease cash assistance programs with digital ID
  • Pakistan gives 1M Afghan refugees biometric IDs for government services
  • UK government allocates $5M to retire Verify’s digital ID infrastructure
  • Public face biometrics increase in Brazil, scrutinized for biases, rights impact
  • BriefCam video search with limited facial recognition licensed by Canadian police force
  • A study has revealed that an AI medical diagnostics system can recognize the race of a person just from an X-ray with over 90 percent accuracy
  • A team of researchers says they have developed a vision sensor that closely emulates how human retinas adjust to the light, something they say will improve machine vision for facial recognition
  • Sybil resistance with biometrics: Interview with Paradigm and Humanode co-founder Dato Kavazi
  • Can facial recognition do right by trans, non-binary subjects? There is doubt
  • Biometric industry events. And more!

Biometrics Market

The Biometric system market size is projected to grow from USD 36.6 billion in 2020 to USD 68.6 billion by 2025; it is estimated to grow at a CAGR of 13.4% during the forecast period. Increasing use of biometrics in consumer electronic devices for authentication and identification purposes, the growing need for surveillance and security with the heightened threat of terrorist attacks, and the surging adoption of biometric technology in automotive applications are the major factors propelling the growth of the biometric system market.

Biometric Research & Development

Latest Research:

Researchers question how AI system can determine race from X-rays

A study has revealed that an artificial intelligence (AI) medical diagnostics system can recognize the race of a person just from an X-ray with over 90 percent accuracy.

Concerns have been raised that the AI-powered diagnostic process could generate inherently biased results with the possibility of misleading human doctors by recommending a particular course of treatment for patients of a particular race.

Researchers from the Massachusetts Institute of Technology (MIT) and Harvard Medical School were part of the research project which included scientists from the United States, Australia, Canada, and Taiwan. A paper explaining the findings of the study was published last month in The Lancet Digital Health medical journal.

As the Boston Globe reports, the researchers began the process by training algorithms using standard data sets of X-rays and CT scans where each image, taken of different parts of the human body, was labeled with the person’s race. But the diagnostic images processed by the computer software had no obvious indications of the race of the persons from which the images were taken.

The system was able to tell the race of the people in the X-ray images, differentiating black and white patients, after it had examined race-labeled images and another set of unlabeled images.

Marzyeh Ghassemi, an MIT assistant professor of electrical engineering and computer science, and Leo Anthony Celi, an associate professor at Harvard Medical School, who co-authored the research report, say those who carried out the study are unable to explain exactly how the AI system was able to recognize patients’ races from their X-ray images. Ghassemi speculates that the scans may pick up the skin pigment melanin, even though it is not visible in them to human observers.

The Globe however quotes Alan Goodman, a professor of biological anthropology at Hampshire College and another co-author of the research report, as saying he does not believe the results of the study are a reflection of the inborn differences that exist among people of different races. Goodman thinks the differences detected are likely caused by geography rather than race.

“Instead of using race, if they looked at somebody’s geographic coordinates, would the machine do just as well? My sense is the machine would do just as well. You call this race. I call this geographical variation,” said Goodman, although he also expressed uncertainty over how an AI system can determine geographical differences from just X-rays.

The researchers have advised medics against rushing to embrace such AI-based diagnostic systems that have the potential to automatically produce skewed results based on differences in certain human features, the Globe mentions.

Researchers think their sensor could rival human vision in some ways

A team of researchers says they have developed a vision sensor that closely emulates how human retinas adjust to the light, something they say will improve machine vision for facial recognition.

The team comes from The Hong Kong Polytechnic University and Yonsei University in South Korea and is led by Chai Yang, an associate professor in PolyU’s applied physics department.

Core object recognition is the ability to rapidly (<200 ms viewing duration) discriminate a given visual object (e.g., a car, top row) from all other possible visual objects (e.g. bottom row) without any object-specific or location-specific pre-cuing (e.g. (DiCarlo and Cox, 2007). Primates perform this task remarkably well, even in the face of identity-preserving transformations (e.g., changes in object position, size, viewpoint, and visual context).

Together they worked to enhance illumination adaptation in machine vision systems that use circuitry and algorithms. This adaptability would enable machine vision to recognize objects more efficiently in complex environments.

The researchers developed bio-inspired systems that use light detectors, known as phototransistors, using a dual-layer of ultrathin molybdenum disulphide, a semiconductor with unique electrical and optical properties. There, the team added “charge trap states,” which are impurities or imperfections in a solid’s crystalline structure that restrict the movement of a charge, to the dual-layer.

The trap states can store light information and dynamically modulate the optoelectronic properties of a device at the pixel level. Effectively, the trap states control of the movement of electrons to adjust the amount of electricity conducted by the phototransistors. This allowed the scientists to control the device’s ability to detect light, and its photosensitivity.

Just as the human eye is comprised of rod and cone cells that detect dim and bright light respectively, the new vision sensors have arrays of phototransistors. In their paper, the team writes that the vision sensor can make out objects in less-optimal light conditions and can switch between and adapt to varying levels of brightness.

Face biometrics remain relatively dependent on good lighting conditions for high-accuracy matching.

The experimental sensor reportedly not only surpasses current sensors but even the human eye. The human eye has a range of about 160 decibels (dB), while conventional silicon-based sensors reach 70 dB. The vision sensor developed by the researchers is said to have an effective range of up to 199 dB, exceeding both.

“The sensors reduce hardware complexity and greatly increase the image contrast under different lighting conditions, thus delivering high image recognition efficiency,” says Chai.

Potential applications for the sensors, according to the research paper, are facial recognition, autonomous vehicles, the Internet of Things, and edge computing environments.

Can facial recognition do right by trans, non-binary subjects? There is doubt

A disparate pair of publications are questioning if facial recognition can be used reliably when it comes to LGBTQ+ subjects.

One point of view is a podcast from the conservative-libertarian Cato Institute think tank and the other is a blog posted on the site of digital ID verification provider Mitek.

In the podcast, Caleb Brown, director of Cato’s multimedia operations, says of facial recognition “is, for the most part, not ready for prime time.” Brown is talking with a Cato colleague, Matthew Feeney, director of the Project on Emerging Technologies.

Feeney says studies indicate that facial-analysis business tools may be better at determining sexual orientations than people.

That has convinced some outfits to find related problems to solve with AI code. But better is not perfect.

But the risks of humiliation or harm for people who are not cis-male are many, he says. For example, in 2019, the Berlin Transportation Co. wanted to make a supportive statement on Germany’s Equal Pay Day, by offering all women riding a 21 percent discount, presumably the average pay differential between women and men in that nation.

Automated kiosks decided genders. Error rates were not publicized, but there is little doubt that the software misidentified some riders’ orientation, causing some resentment.

Similarly, some U.S. state governments have or would like to enact so-called bathroom bills requiring people to use the gendered bathroom corresponding to the gender assigned on a birth certificate, Feeney says.

The only feasible way to accomplish this would be to plac face biometric cameras at a restroom door. And that, of course, invites police to act on what an algorithm decided. A transparent law enforcement agency that engenders trust in facial recognition could keep this and other situations from blowing up into protests.

Mitek has come to a similar conclusion: “Facial recognition is an ineffective biometric for LGBTQ+.”

It is only going to get better, according to Mitek’s post, if the industry can be “open continually listening to the needs and challenges faced by all demographics as we develop products.”

That seems like a commonsense plan, but this topic splits more hairs than a barber.

In the meantime, everyone involved has to understand that “facial recognition isn’t always the right solution.” That is a refreshing point of view from any corner of the technology industry.

The post cites the results of design sessions conducted at the University of Illinois and the University of Michigan with 21 people in the trans community. Trans-inclusive technologies include those for changing bodies, safety, and finding resources as well as those changing appearances and/or gender expressions.

Main News:

Series of passwordless authentication tools and partnerships unveiled

Apple is making good on its recent statements about the virtue and attainability of no-password biometric credentials. Passkeys for MacOS Ventura are in beta testing now or soon will be, according to Apple, with the final code ready by yearend.

According to numerous reports, passkeys for iOS 16 and iPadOS 16 could follow the same timeline.

Passkeys will replace the need for password authentication for each device, app and online service that a person uses by employing the Web Authentication API, which uses cryptographic key pairs. Each passkey is “intrinsically” and uniquely created for each account created for an app or website, according to Apple.

The public half of each key pair is stored on secured servers, making theft unlikely. The secret portion of the key is on the user’s device. Apple claims passkeys cannot be guessed or reused.

Verification takes place with Apple’s Face ID and Touch ID. As far as most users are concerned, thumb and face biometrics take the place of a password when setting up an account or logging in somewhere.

They are based on standards created by FIDO Alliance and the World Wide Web Consortium. Executives at Apple, Google and Microsoft said last month they would work together to deliver the final replacement for one of life’s moderate but aggravatingly persistent headaches.

A third-party passkey app has been posted as a preview on the App Store.

  • LastPass unveils passwordless Authenticator manager

LastPass is adding Authenticator, a password manager that enables passwordless access to data, to its product portfolio.

Pointing to the day’s announcements by “tech giants and identity providers unveiling their plans to enable passwordless (options) across their operating systems, web browsers, devices and applications,” says Chris Hoff, LastPass’ chief security technology officer says his company is already there.

LastPass is early on the scene with a password manager that makes possible secure and “effortless” logins.

Authenticator reportedly makes it easier to manage account credentials and get quick access to the accounts.

The app uses two-factor authentication bolstered with contextual factors like geolocation and IP address.

Later this year, according to LastPass executives, they will add biometric face and fingerprint ID options and hardware security keys that allow users to access their vault of passwords without a master password.

LastPass has had a seat on the FIDO Alliance‘s board of directors since September 2020 and says it is building FIDO2-compliant components.

  • 1Password and Valmido join FIDO

FIDO has grown by two passwordless sign-in evangelists: Toronto-based 1Password and Paris-based startup Valmido have joined as members.

1Password sells passwordless authentication through biometrics or physical tokens like Yubikeys.

Executives are previewing their latest development — enabling 1Password’s desktop app to function as a WebAuthn device. Rather than using dedicated hardware for WebAuthn, which 1Password says creates the risk of being lost, stolen or absent when needed, the private keys are integrated into 1Password instead.

Year-old Valmido sells a multi-app device with biometrics for mobile and web services.

Apple patent could have you authenticated whether you consent or not

Apple has been awarded a U.S. patent for a two-step authentication process involving the face and possibly finger biometrics.

In one example, a store could use face biometrics to scan a shopper. That could occur without the person’s consent, but also before any payment information is presented to the store.

The patent for ‘Biometric authentication with user input’ states that a secure circuit would perform the authentication and more or less hold steady until the shopper pressed a mechanical button.

If no button is pushed, the positive authentication is reversed. A timer could be set, too, rejecting the authentication if the subject waits too long or perhaps moves away.

Authentication could be used for payments, and Apple notes a potential embodiment in a point-of-sale terminal with NFC communication, which would allow it to interact with payment cards.

Reporting by Patently Apple makes a direct connection between this patent and Face and Touch ID — and the innovation no doubt will work with those biometric sensors, but the patent reads like two or more systems could be at play. The set up would work well for automated kiosks, for instance.

Some world leaders take the hint and start building bulwarks against deepfake danger

The European Union, Reddit, and Google are taking steps to do something about deepfakes. Exactly what they will accomplish is not clear.

The EU wants platform companies including Facebook and Twitter “to take measures to counter deepfakes” on their turfs, according to exclusive reporting by Reuters.

In fact, officials reportedly are changing a 2018 voluntary practice code for combatting disinformation to a co-regulation scheme that holds all signatories accountable. It also now spells out deepfakes as part of disinformation.

Signatories to the code include the EU, Google, Twitter, Facebook, Mozilla, and advertising firms.

They will “adopt, reinforce and implement clear policies regarding impermissible manipulative behaviors and practices on their services, based on the latest evidence on conducts and tactics, techniques and procedures” behind malicious deepfake acts, according to Reuters.

The EU would use its Digital Services Act to fine companies up to six percent of global profits if they do not fulfill their obligations. They will have six months to get in gear.

As it happens, Google last month told DeepFaceLab users that they can no longer use Colab coding services to train deepfakes, according to trade publisher Unite AI. The publication describes DeepFaceLab as “notorious.”

Colab, is designed as more of an educational tool for students, allowing them to run very large code projects on fast, high-bandwidth hardware without charge. The implication is that people were using heavy-duty systems to create high-resolution deepfakes.

Reddit, once an outlaw posting service, has banned the r/deepfakesfw community. The suffix means safe for work.

Four years ago, Reddit shut down another deepfake forum, but that one was about making and viewing forged video porn, according to Unite AI in another article.

The publication notes that Reddit has not banned r/DeepFakesSFW (double “s”) or r/SFWdeepfakes, which has many times the readers than the other two mentioned here.

It seems that what tripped Reddit’s wire was that people in r/deepfakesfw were using the forum to request custom-banned porn.

Then there is the computer vision company Paravision, which specializes in facial and activity recognition. This month, it posted a marketing essay on why the company is working to tackle deepfakes.

The post says that Paravision has partnered with “a Five Eyes government agency” to write deepfake-detection algorithms. The Five Eyes, a decades-old intelligence alliance, are Australia, Canada, New Zealand, the United Kingdom and the United States.

Members of the Five eyes are already sharing biometric data to boost national security.

The company last week said it had received funding by an unnamed partner of the Five Eyes to develop software to detect deepfake videos. Neither the size of the deal nor the name of the organization was disclosed.

All of the developments are good news for anyone worried about how much chaos could be unleashed by deepfakes. But, for the most part, the aims and methods are vague.

Even the likely punishments that the EU reportedly is ready to levy on its disinformation partners are fuzzy. Could Google get blindsided by a deepfake coder? Sure. It is not immune to any other kinds of cyber abuse.

Does that mean Google or its partners get fined because someone was cleverer than their employees? Must all code developed for this mission be open source?

Google shut down another deepfake community, but apparently for very specific reasons — because the community became a marketplace for porn.

And Paravision almost certainly will end up working on Chinese (OK, and North Korean) forgeries and counter-forgeries so much that much of its staff will soon be fluent in Cantonese.

Taken together, these developments feel like a net through which very dangerous content will swim.

Selfie biometrics firms add location verification, release new offerings

Two selfie identity authenticators, Sumsub and Incognia, have announced the addition of location-based authentication as another two, CycurID and Nametag, introduce new KYC products and identification for customer support.

Innovatrics reports successful NIST fingerprint biometrics algorithm evaluations

The National Institute of Standards and Technology (NIST) published the results for its MINEX III extractor and PFT III tests for Innovatrics’ algorithms, which the company says confirm rankings among the tops in the biometrics industry.

Specifically, the MINEX III evaluation checks for generating and matching interoperable fingerprint templates, while PFT III tests check the capabilities of proprietary templates. Innovatrix ranked first and second in these benchmarks, respectively.

“The performance of all our fingerprint algorithms, from extraction to matching, is consistently among the global elite, even ranking first in several tests,” comments Innovatrics Director of ABIS Business Unit, Matus Kapusta. “Apart from our top-scoring fingerprint matcher and extractor, we are one of the few companies that offer NIST-benchmarked algorithms for facial and iris recognition in their ABIS.”

The results, explains Marian Beszedes, head of Innovatrics R&D, are a testament to the improvements to the company’s biometric technology in recent months.

“The next generation of our fingerprint verification algorithm has been significantly improved by incorporating deep neural networks into the process, and the current fingerprint matcher is the best matcher worldwide as measured by NIST,” Beszedes says.

The announcement comes weeks after Innovatrics released a semi-passive liveness check as a presentation attack detection (PAD) method.

Biometric vending machine for grains wins WFP innovation award

A biometric vending machine to distribute grains directly to rations recipients has won an award from the WFP Innovation Accelerator as one of the top innovations for helping prevent hunger, India Education Diary reports.

The ‘GrainATM,’ otherwise known as the Annapurti automated grain dispensing solution, can dispense subsidized grain allotments around the clock, and was developed with support from the India CO, the Government of India, the Ministry of Consumer Affairs, Food and Public Distribution, the Department of Food and Public Distribution, and the WFP Innovation Accelerator.

Beneficiaries use their Aadhaar or ration card to claim eligibility using a built-in touchscreen, according to News18.com, and authenticate their identity with biometrics. The GrainATM can reportedly issue 70kg of grains in as little as five minutes with negligible error in measurement.

When the biometric vending machine was first developed, TechRepublic referred to the GrainATM authenticating users through a fingerprint biometric scanner.

GrainATMs are deployed in Fair Price Shops in Haryana and Odisha to deliver monthly benefits from India’s Public Distribution System.

Joint speech recognition solution from STM and Sensory to ease embedded voice control

STMicroelectronics and partner Sensory have announced a collaboration to enable developers to build voice-based user interfaces into smart embedded products with the STM32 microcontroller.

The companies say Sensory’s voice technologies and the STM32 hardware and software can be used to create speech recognition models for custom wake words, voice control commands, and natural language grammar in just under 20 languages and dialects.

The solution utilizes the STM32H7 MCU and the STM32Cube software extension portfolio, which can increase the accuracy of voice control applications and reduce command-recognition time, according to the announcement. Voice application and speech models can also be stored in the MCU’s on-chip memory for easy integration and lower total ownership costs.

“This collaboration sets to jump-start the development of embedded-voice user interfaces, adding friction-free command control and custom wake word to any device, from wearables to smart-home appliances,” says Ricardo De Sa Earp, executive vice president, General-Purpose Microcontroller Sub-Group Vice President, STMicroelectronics. “The unique combination of ST and Sensory technologies will enable the STM32 user community to deploy ‘Voice AI on the edge’ without any programming, data-science, or machine-learning expertise, for free in prototypes and with favorable licensing terms in production.”

The announcement does not refer to voice recognition, but Sensory also launched a cloud service platform to deliver its voice (as well as face) biometrics at the beginning of 2022.

Delta teases airport screen with face biometrics for each viewer’s personal flight info

Delta Air Lines will test a screen at the Detroit Metropolitan Airport designed to recognize the faces of passengers and tailor content for each person looking at it at the same time.

Delta says the beta version of the Parallel Reality technology was made with Misapplied Sciences and will display information — in the language of a person’s choice — about their flight and gate information for up to 100 consenting adults at once.

Delta will be using face biometrics to check in passengers and match a customer’s face to their digital ID, which will include passport and TSA PreCheck membership numbers. It is part of a broader push for convenience and expediency using biometric systems.

The Parallel Reality kiosk will stand beyond the security field. Those biometrically enrolled in the beta via the Fly Delta app will be able to scan their boarding pass and face at the kiosk.

The airline announced the Parallel Reality kiosk in 2020, and the test begins later this month.

Matt Muta, vice president of innovation at Delta, says, “With the Parallel Reality technology, we saw an opportunity to transform another aspect of the airport journey into (being) seamless, personalized and wholly unexpected.”

Suprema builds back-end stability feature into biometric access control platform

Suprema announced the integration of its BioStar 2 biometric access control system with an automated failover server to ensure backup and stability in case of service disruptions.

The South Korean biometrics company says it successfully integrated the Mantech Continuous Cluster Server (MCCS) with BioStar 2. MCCS uses automated failover (the switch to a backup server upon an abnormal shutdown of an active server) and an instant data copying process called real-time replication to help prevent server downtime, data loss, and system failure.

It can detect the failure of servers, storage, networks, application services, and operating systems. When failure occurs, it automatically switches to a backup system and replicates data in real-time so the company can protect mission-critical data 24/7 with no downtime.

“Integrating with MCCS has enabled BioStar 2 to provide an even safer and more secure platform service than ever for our enterprise customers,” says Suprema CEO Hanchul Kim, “Suprema will continuously make efforts to enhance BioStar 2 capabilities, meeting the needs of all our customers, from small offices to the largest organizations.”

Suprema also picked up a pair of ISO certifications for BioStar 2 earlier this year to ensure GDPR-compliant handling of sensitive data like biometrics.

Advance.AI liveness detection first in Southeast Asia to pass iBeta test

Singapore-based digital identity verification provider Advance.AI announced its biometric liveness detection products have passed iBeta’s Presentation Attack Detection (PAD) test in compliance with the International Organization for Standardization (ISO) 30107–3 standard.

ISO 30107–3 describes a testing and reporting framework, and sits in the middle between Part 1, which establishes a framework for biometric presentation attack detection, and part 2 which refers to data formats. Part 4 extends the testing profile to mobile devices.

For more information about PAD and the ISO 30107 standards, you can follow this link.

According to the company’s Product Director, Steven Zhou, the presentation attack detection accreditation is testament to Advance.AI’s liveness detection’s capabilities to help customers meet global standards when deploying biometrics.

“Navigating complex regulatory and compliance standards is one of the biggest challenges for today’s businesses, especially in the financial services, fintech and Web3.0 industries,” the executive explains, commenting on the news.

“Receiving this globally recognised security standard gives our clients and partners the re-assurance that our comprehensive market-leading solutions are compliant, high quality and meet global standards.”

The accreditation comes months after Advance.AI’s parent company Advance Intelligence Group announced it was in preliminary talks with financers to raise US$300 million.

Automakers preview biometric integration; study sees growth in that market

Car makers are showing off innovations in biometric integration for drivers, ranging from facial recognition that spots distracted or drowsy drivers, enhanced voice recognition and Lidar capabilities.

That action is reflected in a market study from Polaris Market Research suggesting the automotive biometrics market will continue to grow rapidly.

Paravision gets some shadowy funding to develop deepfake detection

Computer vision and facial recognition company Paravision announced it received funding from an unnamed partner of the so-called Five Eyes alliance to develop technology to detect deepfake videos.

Paravision is a top-performer in the U.S. National Institute of Standard and Technology’s Face Recognition Vendor Test 1:N test, where it was among the best-performing U.S. biometrics vendors in the 2022 report.

The company says it received funding from the partner of an unnamed Five Eyes member, which is an intelligence-sharing group comprised of national security agencies in the U.S., the UK, Canada, Australia and New Zealand, to discern video forgeries known as deepfakes.

Joey Pritikin, Paravision’s chief product officer, says deepfakes “pose significant new threats to democracy, national security, identity and personal privacy. They contribute to an atmosphere of uncertainty and distrust that can be exploited by malicious actors.”

Pritikin adds that Paravision is, “proud to partner with a major Five Eyes government to deliver an impactful, high-accuracy capability for deepfake detection and to have the opportunity to apply our team and technology to address this urgent need.”

Fingerprint Cards expands Feitian biometric payment card partnership

Biometric sensor maker Fingerprint Cards has announced an expansion of its collaboration with cyber security products provider Feitian. The companies plan to jointly develop an advanced biometric card solution for the global payment and access markets.

The cards will run on Fingerprint Cards’ software and a Feitian operating system. Biometric authentication is enabled via Infineon’s newly approved secure element (SLC38) and Fingerprint Cards’ T-Shape (T2) sensor module.

The companies confirmed the new biometric cards will be offered as a pre-laminated solution to card manufacturers, who will reportedly be able to integrate them in payment and access cards using standard automated manufacturing processes.

“The volume ramp of Fingerprints’ and Feitian’s advanced biometric card solution is an important milestone for biometric payment cards and is an early fruit of a far-reaching collaboration with our strategic partner Fingerprints,” says Head of Payment Solutions at Infineon Tolgahan Yildiz.

“Our dedicated collaboration has resulted in a Biometric System-on-Card (BSoC) platform without the need of an additional microcontroller, which is a major contribution to the whole payment ecosystem.”

A graphic accompanying the announcement depicts a Mastercard. The payments network approved the T2 module as meeting its updated security standards earlier this year.

Fingerprint Cards recently participated in IFSEC 2022 in May, jointly presenting its solutions with biometric smart cards manufacturer Freevolt.

Last week, the company wrote a blog post about its participation in the event. The article is an interview between Fingerprint Cards Marketing Director, Maria Pihlström, and Freevolt’s Head of Product and Business Development, Gonzalo de Gisbert, and explores the collaboration between the firms further.

For context, Freevolt’s main product is S-Key, a batteryless biometric smart card that runs on Fingerprint Cards software.

“Having built a smart card from the ground up, using our Freevolt energy harvesting technology, our company now has the opportunity to build on this platform for other use cases such as cryptocurrency, healthcare, payments etc,” de Gisbert told Fingerprint Cards.

The interview also explores the key issues facing the access control industry today, among which the Freevolt executive mentioned lower footfall in offices and hygiene worries around shared surfaces.

Additionally, de Gisbert outlined the reasons behind Freevolt’s partnership with Fingerprint Cards.

“Traditionally, biometric solutions present a challenge with data protection, especially for regulations such as the UK and European GDPR,” the executive said.

“Yet with the S-Key, this is not an issue as we use the on-device approach championed by Fingerprints, where the biometric data is enrolled, securely stored, matched and authenticated on the card itself. That means no databases of data in the cloud.”

Looking to the future, the Freevolt executive said the company intends to keep developing products for the access control industry, as well as for healthcare and cryptocurrency spaces.

Incode selfie biometrics get a thumb’s up from German regulator for age verification

German regulators reportedly have given a “positive assessment” of age verification software based on selfie biometrics by San Francisco-based Incode Technologies.

The Commission for the Protection of Minors in Media, or KJM, is a central supervisory group working to protect minors from inappropriate content on privately owned broadcasting and online entities. The assessment opens up the German market for age-restricted online service providers to Incode.

Incode is an identity firm makes ID verification software as part of an automated orchestration platform that is designed to eliminate friction for users and cut fraud in onboarding, authentication and payment verification.

The company’s age verification technology works similarly, validating an ID card and matching selfie biometrics against it, providing visual cues to users to make sure the images are of good enough quality to perform a match.

In a statement announcing the German body’s evaluation, Incode‘s CEO, Ricardo Amper, says his age verification software will, among other roles, improve adult onboarding on gambling sites while catching more of the adolescents trying to get past the gates.

It is no small thing for businesses online to comply with anti-money laundering and know your customer regulations, swat away minors and still provide a sign-on process that feels light-handed, Amper says. His goal is to make the swatting as painless for legitimate gamblers as possible.

Other digital identity technology providers approved for age verification by the German authority include Trulioo and Yoti.

Taliware upgrades Biombeat heartbeat biometrics API with NFT support

Deep learning biometrics and geolocation startup Taliware has updated its Biombeat heartbeat biometrics’ application programming interface (API) with the introduction of NFT support.

More specifically, Biombeat’s API V2.0 now supports NFT Fabric, with all data available as tokens on the Cardano Blockchain Network.

According to the California-based company, the decentralized authentication information-sharing system for NFTs is designed to overcome various limitations of existing technology in simplifying NFTs’ identity compliance. In particular, the new API will enable developers to build tools that allow the secure sharing of information for compliance with know your customer (KYC), anti-fraud, and anti-money laundering (AML) regulations.

The API will enable these applications by combining biometrics attributes and tethering technology to provide spoof-proof identity as a service (IDaaS), and helping the industry move further steps towards the adoption of passwordless authentication solutions, according to the announcement.

“We just released Biombeat API V2.0, it supports location-based heart rhythm ECG [electrocardiogram] authentication, Touch ID and Face ID authentication,” comments Taliware CEO, Tarik Tali.

“When paired with a smartphone and an ECG-enabled smartwatch, Biombeat authenticates, tethers and time stamps a person to their device and location. It is a USPTO award-winning technology.”

Taliware released the first version of the Biombeat software development kit (SDK) in March 2021.

The biometric technology is currently compatible with the Apple Watch, but Taliware said it intends to introduce compatibility to other electrocardiogram (ECG)-capable smartwatches in the future, including devices from Google, Samsung and Withings.

The use of ECG as a biometric marker for security purposes is expected to expand as more people have health monitoring devices and accuracy improves, according to B-Secur.

Pindrop releases biometric voice authentication, analytics features to platform

Pindrop has unveiled its latest authentication and demographic analytics additions to its biometric platform, alongside case management and improvements to its spoofing detection and metadata analysis.

The company showcased the additions at RSA Conference 2022, a cybersecurity event. They include voice analysis on its Deep Voice Engine to gain demographic insights like a predicted age range and the spoken language of the user with API-driven requests. Pindrop says the feature will streamline the user experience with personalization to the caller’s language and further intelligence for enhanced authentication processes. It can also aid with intelligence on possible security threats from account takeover when paired with Pindrop’s other solutions, the company says.

Pindrop also showed a voice mismatch feature for contact centers on Pindrop Passport that detects deceptive callers and alerts when a voice is mismatched to enrolled users. The company says accounts with multiple enrolled users can also sound an alert if a mismatched voice attempts to authenticate.

Additional new features include case management that allows calibration to call scoring that can help with efficiency and productivity by leading to predictable alert and case creation rates. Pindrop will also make custom data tags available in the summer of 2022, which will allow Pindrop customers to attach custom tags to accounts to aid in investigations.

Improvements to the Pindrop Intelligence Network (PIN), the company’s metadata analysis for risk assessment, and enhanced spoof detection for phone numbers are also included. These features are said to help contact center agents and fraud investigators for authentication and fraud policies, fraud investigations, and case management.

“With access to deeper intelligence and enhanced investigative tools, Pindrop has strengthened its ability to protect the customer authentication process and help push further into a passwordless, voice driven world,” says Vijay Balasubramaniyan, CEO of Pindrop. “Data breaches fuel fraud, and in 2021, the volume of data breaches hit record levels. Pindrop’s platform advancements can improve account security, customer experience, feed other systems with improved intelligence and reduce the effectiveness of omni-channel fraud attacks.”

Yoti, Post Office digital ID service first certified by UK for employee vetting

Britain-based Yoti has announced it and partner Post Office are the first digital identity service providers (IDSPs) in the UK to be certified by the government to perform identity checks for employment.

The two partnered companies will have their combined biometric ID verification service made available for employment vetting through a web-based identity verification, an app-based reusable digital identity, and in-person verification in Post Office branches. These checks are performed by Document Validation Technology (IDVT) provided by an IDSP that verifies the Right to Work for British and Irish citizens who hold a valid passport.

The two digital ID providers are certified as IDSPs to meet the needs for Right to Work, Right to Rent and DBS (Disclosure and Barring Service) schemes implemented by the UK government. The Right to Work scheme looks to prevent illegal working by having employers check to ensure their permanent, full or part time, contract, zero hours, and work experience students and interns have the right to work in the UK. The schemes follow in line with the Department for Digital, Culture, Media and Sport’s UK Digital Identity and Attributes Trust Framework.

Yoti’s digital ID apps secured with biometrics and Post Office’s EasyID are also said to be viable for Right to Work by sending a verified image of the individuals’ passport to be stored and verified by an employer to meet Home Office requirements for ‘statutory excuse.’

“Being one of the first IDSPs to be certified shows our commitment to the market and is a testament to the quality of our digital identity technology,” says John Abbott, chief commercial officer of Yoti. Abbott notes the maximum fine of hiring illegal workers at £20,000 (approximately US$25,072) per worker. “Certification under the Digital Identity and Attributes Trust Framework represents the gold standard of Digital Identity service provision with security and privacy prioritised, meaning clients have no concerns about GDPR,” he says.

Companies that will be using the Yoti and Post Office IDVT include HireRight, People Check, and Atlantic Data, among many more. Over three million people are said to have joined the Yoti and Post Office digital ID network.

Elinor Hull, identity services director at Post Office, says, “At a time when the hospitality and retail sectors in particular are struggling to recruit and get staff onto the shop floor, having the ability to digitally check candidates’ Right to Work speeds up the recruitment process, is more secure and could enable them to start sooner than if the candidate has to travel and then have their documents photocopied and physically checked.”

Yoti also announced a partnership with First Advantage in February for Right to Work and DBS to integrate its selfie biometrics into First Advantage’s platform.

AiLECS Lab to create ethically-sourced face biometric database to fight child abuse

The Australian Federal Police (AFP) and Monash University entered a new collaboration aimed at creating an ethically-sourced face biometrics database to combat child exploitation.

The project is a brainchild of the AiLECS Lab (AI for Law Enforcement and Community Safety), an entity designed to bring together researchers from Monash University’s Faculty of Information Technology and AFP, with a particular focus on artificial intelligence (AI)-based projects for public safety.

Dubbed ‘My Pictures Matter,’ the crowdsourcing campaign is asking individuals aged 18 and above to submit photographs of themselves as children.

The files will then be utilized to train biometric AI models that will potentially “recognize the presence of children in ‘safe’ situations, to help identify ‘unsafe’ situations and potentially flag child exploitation material.”

The creation of the database was prompted by the fact that often, AiLECS Lab Co-Director Associate Professor Campbell Wilson explains, similar machine learning models are trained with images that are scraped off the internet or without documented consent for their use.

“Sourcing these images from the internet is problematic when there is no way of knowing if the children in those pictures have actually consented for their photographs to be uploaded or used for research,” Wilson adds.

“By obtaining photographs from adults, through informed consent, we are trying to build technologies that are ethically accountable and transparent.”

For context, the AFP admitted using Clearview’s facial recognition technology in 2020. Since then, the company has been involved in a series of court cases for allegedly scraping users’ face biometrics data from social media.

Most recently, Clearview has been fined approximately £7.5 million (US$9.5 million) by the UK’s Information Commissioner’s Office (ICO).

To avoid scenarios like this, and to enable user control over their privacy, all data collected as part of the My Pictures Matter is going to be stored and managed according to the principles of data minimization.

“We are not collecting any personal information from contributors other than the email addresses associated with consent for research use, and these email IDs will be stored separate to the images,” explains Project lead, Dr Nina Lewis.

According to these guidelines, contributors will be able to get details and updates about each stage of the research, as well as opt to change user permissions or revoke their research consent and withdraw images from the database at a later date.

The project aims to build a database of 100,000 ethically-sourced images by the end of 2022.

Yoti began building a database of images of children submitted by their parents to train its age estimation technology in 2021.

First look: IN Groupe launches ‘inclusive’ SMS-based SSI birth registration at ID4Africa 2022

IN Groupe has revealed its inclusive SMS, biometrics and cloud-based birth registration that aims to empower civil registries as much as parents and their babies, explained Jean-Noël Malborougt, from the firm’s identity innovation unit, during a demo at the firm’s ID4Africa 2022 stand.

Called ID4Life, the new system can register a birth from just SMS messages from a simple mobile phone in chatbot-type conversations with the local, authorized birth registration and certification issuer, which could mean a maternity ward, civic center or civil register.

The parent first registers with the system which then calls the person to take a voice sample as a biometric registration marker of that parent. Future authentication requirements in the birth registration and certification process trigger outgoing calls to the parent.

The system begins creating verified credentials in a cloud-based wallet for the parent. A witness is needed to confirm that the birth took place. This could be a doctor, staff from the maternity ward, a village chief. They need to also be registered.

Interaction with the civil registry then creates a birth certificate and a cloud-based wallet for the baby. The infant will be able to add his or her own biometrics later in life (age depending on jurisdiction) and the parent consents to the child taking control. Only the parent can control the link between their cloud-based wallets.

If the users have a smartphone, there is a digital, self-sovereign identity wallet app which makes viewing and managing the verifiable credentials simpler. Yet when the birth certificate is needed, such as for school enrolment, the parent engages in an SMS exchange with the civil registry to give permissions for certain elements of their child’s identity to be shared with the education authority.

Malborougt explained that the ID4Life approach means that further verifiable credentials can be added to a user’s SSI cloud- or phone-based wallet, such as marriage.

Humanode Testnet v3 — “Ramiel” is now live and open for public testing

Ramiel is the next major step towards the launch of the Humanode Mainnet this summer. The team is focusing on brushing up the system, moving from permissioned Proof of Authority where nodes are supposed to trust each other, to a trustless permissionless system, and bringing EVM-compatibility to the Humanode testnet.

Some of the protocol-level features that live upon release of Ramiel are moving from Aura to BABE block production engine and GRANDPA for block finalization. Ethereum Virtual Machine compatibility enables Solidity smart contracts on the Humanode chain. Users are also able to analyze their node activities in polkadot.js explorer: from bioauth status to block production and finalization.

Naturally, builders are able to deploy and test their bio-auth enabled Dapps on the Humanode testnet. The Humanode Hackathon is a great chance to work with both the chain and the biometric authorization service and gain rewards for your efforts!

Ramiel is also scheduled to have a number of (highly anticipated) minor upgrades in the upcoming months.

Ramiel is ready for the public. Be the first human nodes to test it out. Th team will be inviting people in batches to join Humanode Testnet Ramiel. If you think you suit the role as a human node, apply now!

If you were among the lucky people who attended the first-ever Humanode conference, then you know what a ground-breaking event it was. The unique conference aimed to let people meet the minds and builders behind the Humanode project and brought together some of the top blockchain and cryptocurrency experts.

From insightful panel discussions to exciting keynote speeches and workshops, there was plenty to keep attendees engaged and inspired. If you couldn’t make it to the Humanode conference this year, don’t worry — the team has got you covered!

Dermalog smart border camera system earns innovation award

Dermalog took home a second innovation award in a row from the German Design Council for its border check biometric camera system.

The German biometrics company was recognized for its CT1 Camera Tower, an automated face capture device that automatically adjusts to the person’s height. It can capture faces from up to two meters away and features presentation attack detection to prevent spoofing attempts, and a non-contact body temperature check.

Demalog was awarded the German Innovation Award 2021 in the GOLD category for its multi-biometric camera technology from the German Design Council, making this a repeat award.

“Biometrics is becoming increasingly important in the field of border control. For example, biometric data is an important component of the future European Union entry/exit system. Our automated solutions significantly contribute to secure and fast data processing and ensure a seamless process at border crossings,” says Dermalog CEO Günther Mull.

Market for photos of masked people to train biometric algorithms surging

One of the largest stock photo platforms in Japan is building a database of images of individuals wearing masks to train facial recognition algorithms, The Asahi Shimbun reports.

Named Pixta, the Tokyo-based company reportedly started training its face biometric systems in 2018.

Fast forward to June 2021, Pixta started offering datasets each containing 1,000 facial photos of Japanese wearing masks. In the following months, requests for such datasets increased threefold, signaling a definite market demand amidst the pandemic and related mask-wearing trends.

“We began receiving more inquiries for photos of people wearing masks, so we started offering them as a dataset,” Sayaka Fukumoto, a Pixta official in charge of customer services, told The Asahi Shimbun.

“We hope the service will help clients save time and energy collecting those photos for their research.”

Today, driven by this data, Pixta is now trying to expand its datasets further to help increase accuracy in identification rates for this specific demographic.

The price for a dataset of images edited for machine learning currently costs 165,000 yen (roughly $1,200) each, according to Fukumoto. Packages of unedited ones, on the other hand, are traditionally offered for 99,000 yen (roughly $730) each. Datasets are sometimes purchased ten at a time.

The call for images to enhance Pixta’s face biometrics dataset comes months after Getty Images introduced its Enhanced Model Release form, designed to help users consent to their photos being used to build biometric datasets.

“We must recognize that the increased use of biometric data contained in imagery to train AI/ML applications requires the need to ensure that we have obtained the model’s permission to use their image and data in this manner, and Getty Images is at the forefront of addressing these very real concerns,” Paul Reinitz, director of advocacy and legal operations counsel at Getty said in March.

Independent test by BixeLab shows ID R&D liveness detection mitigates demographic bias

An independent evaluation of demographic bias in ID R&D’s biometric facial liveness detection product has been performed by BixeLab, and shows that IDLive Face delivers fair performance for people regardless of their gender, age and race.

It is the first independent test of its kind in the industry, according to the announcement.

Liveness detection is required to prevent spoofing or presentation attacks against biometric systems used for identity verification and authentication, but like matching algorithms, can deliver higher rates of false positive or false negative results for individuals in particular demographic groups.

The bias evaluation performed by BixeLab serves as recognition of the potential negative impacts of demographic performance differentials of not just matching algorithms, but also liveness detection systems, the companies say. It also establishes test methodologies that can be used for future test standards and evaluations.

The test methodology is derived, where possible, from the ISO/IEC 19795–2 and ISO/IEC 30107–3 standards for accuracy and presentation attack detection effectiveness, respectively.

ID R&D says the evaluation demonstrates the fairness of IDLive Face’s passive liveness detection for target demographics, and will inform the company’s ongoing development of machine learning-based products as Responsible AI.

“Spoof detection can introduce bias just as biometric matching algorithms can, but was being neglected as a bias contributor until now,” comments Alexey Khitrov, CEO and co-founder of ID R&D. “We are delighted to see our products confirmed by experts to be fair, and we hope this groundbreaking work helps others in our industry achieve the same.”

Khitrov adds, “The ability of IDLive Face to operate with fairness across demographic groups is essential to its global success, and so we designed its development process specifically to prevent bias. It’s now being used in over 70 countries.”

BixeLab produced a comprehensive report that gives details about the testing methodology, and a confirmation letter for public attestation of the results. The letter refers to the evaluation as “a Level B Evaluation to assess liveness accuracy and bias in target demographics including gender, age group, and race.”

ID R&D has also produced a 13-page white paper that sets out the problem, as well as ID R&D’s primary tenets and principles for Responsible AI. The paper delves into issues around the constitution of datasets, the metrics used for calculating bias, and examples of successful bias reduction approach.

French digital ID’s cybersecurity put to the test with bug bounty program

A global cybersecurity community has announced it will launch a bug bounty program for France’s digital ID as an audit of its security and level of trust.

The YesWeHack community is set to scrutinize the France Identité mobile application, a digital ID that was launched as in a beta phase in May 2022. Though France Identité does not biometrically verify its users due to concerns raised by the French public, it can scan national ID cards, which contain a chip that stores biometric data in the form of a photograph and two fingerprints of the card holder.

YesWeHack is a French cybersecurity company that organizes crowdfunded audits through bug bounty programs. It sets a price on discovering security flaws in an app, website, or program, and pays out financial compensation to ethical hackers who disclose the vulnerabilities.

The bug bounty program will start from June 2022 in a private phase with about 30 hackers selected by YesWeHack and France Identité, according to a blog post by YesWeHack. From there, the private phase will add new researchers to the program. Finally, the digital ID app will move to a public bug bounty phase, where the whole YesWeHack community is open to probing its vulnerabilities.

The bug bounty program is said to run indefinitely, and France Identité will gradually open up its code to the public to identify vulnerabilities.

The most prominent bug bounty program in digital ID may be FaceTec’s liveness detection spoof bounty program.

These Weeks’ News by Categories

Access Control:

Consumer Electronics:

Mobile Biometrics:

Financial Services:

Civil / National ID:

Government Services & Elections:

Facial Recognition:

Fingerprint Recognition:

Voice Biometrics:

Liveness Detection:

Biometrics Industry Events

Identity Week Europe: Jun 28, 2022 — Jun 29, 2022

ICT Spring: Jun 30, 2022 — Jul 1, 2022

Identity India 2022: Jul 7, 2022 — Jul 8, 2022

Identity Week Asia: Sep 6, 2022 — Sep 7, 2022

Future Tech Expo & Summit: Sep 12, 2022 — Sep 13, 2022

MISC

  • Sybil Resistance With Biometrics: Interview with Paradigm and Humanode Co-founder Dato Kavazi: The interview begins with an overview of Humanode, and how it solves the problem of Sybil attacks, before digging into how biometrics and liveness detection work in its system. The conversation goes on to recap the recently concluded Humanode conference which set the stage for the ‘Hack the Sybil’ Hackathon currently underway with over $30,000 in prizes up for grabs.

Subscribe to Paradigm!

Medium. Twitter. Telegram. Telegram Chat. Reddit. LinkedIn.

Main sources

Research articles

Biometric Update

Science Daily

Identity Week

Find Biometrics

--

--

Paradigm
Paradigm

Published in Paradigm

Paradigm is an ecosystem that incorporates a venture fund, a research agency and an accelerator focused on crypto, DLT, neuroscience, space technologies, robotics, and biometrics — technologies that combined together will alter how we perceive reality.