BT/ X and LinkedIn prepare for passkeys adoption

September 11th 2023

Biometrics biweekly vol. 72, 28th August — 11th September

TL;DR

X, formerly known as Twitter, and LinkedIn are taking steps to support passkeys according to The Tape Drive‘s findings in backend code updates to each app
ID R&D brings voice recognition to ChatGPT
Meta suggests an AI computer vision fairness standard, opens a model to all, proposing FACET as the standard for image classification and semantic segmentation “at an unprecedented scale”
Idemia asserts top results for biometric performance across modalities in NIST tests
Idex’ biometric payment card receives full certification from Mastercard
NFL’s Tennessee Titans and Verizon to use face biometrics for fan access control
Corsight AI collaborates on free compliance-focused facial recognition solution
BIO-key connects with AWS sales reps
AWT, a Swedish physical security company, has established a partnership with Zwipe
OIX wants a global standard for digital identity data to underpin interoperability
ROC.ai passes the Level 2 PAD assessment from iBeta without missing an attack
Neurodactyl releases high-speed biometric deduplication tool for large-scale databases
Keyless partners with Ping Identity to help defend against account takeover threats
Pixsur wants to make iris recognition affordable for small businesses
Jumio, IDnow take steps to address age verification for responsible online gambling
Regula to provide ID document verification for InScope-AML
IDVerse signs up regtech, banking platforms for biometric ID verification
Incode selfie biometrics to secure reusable digital identity for travel
ASEAN launches talks on regionwide digital public infrastructure development agreement
US wants word from vendors that can speed digital ID security standards creation
User-controlled ID verification comes to Alaska Air via Airside
Japan to trial My Number digital ID for entertainment tickets amid growing controversy
Unveiling proposal plans to create a ‘Digital Identity System’ for the metaverse and Web3, Beijing is copying Shanghai’s pathway into the immersive virtual worlds
Philippines launches ‘eGov’ super app, tests biometric authentication for national IDs
Vietnam introduces e-visa for all nationalities
Jordan’s drive for digital govt services reaches 40% completion
India’s Gujarat State to assign family digital ID numbers for social service access
Nigeria to strengthen digital ID enrollment operations to ease access to govt services
Over 1M in Kuwait register fingerprints as biometric database project progresses
Infinite ID acquired by background checks specialist in $41M deal
Researchers in the U.S. have managed to preserve genuine facial identifiers while aging images of people’s faces
EU court rules research can be trade secret in lie detector biometrics project
Biometric industry events. And more!

Biometrics Market

The Biometric system market size is projected to grow from USD 36.6 billion in 2020 to USD 68.6 billion by 2025; it is estimated to grow at a CAGR of 13.4% during the forecast period. Increasing use of biometrics in consumer electronic devices for authentication and identification purposes, the growing need for surveillance and security with the heightened threat of terrorist attacks, and the surging adoption of biometric technology in automotive applications are the major factors propelling the growth of the biometric system market.

Biometric Research & Development

Latest Research:

NYU research combines subject and age sets to improve aged-face imaging

Biometrics researchers in the U.S. have managed to preserve genuine facial identifiers while aging images of people’s faces.

A team working at New York University’s Tandon engineering school say they have developed a latent diffusion model that knows how to pull off the task. Code like that could help identify people who have been missing for years or more realistically augment actors’ faces in movies. In theory, it could also be used to spoof remote facial age estimation systems.

This process has been hampered by having too few photographs of a person over time to create authentic-looking age progressions. Here, the scientists relied on two teaching datasets with relatively modest numbers of images.

The first set of about 20 images contained all available images of the subject over time, teaching the algorithm to identify the person using facial recognition. The second, regularization, set of images — about 600 in experiments carried age captions, teaching the code the ways human faces age.

False non-matches were cut about 44 percent in experiments compared to modern baseline generative models, according to the researchers.

In fact, the researchers say, their method outperforms self-organizing tree algorithms for image editing including face-aging biometrics-preserving conditional (IPCGAN), attribute-editing (attGAN) and talk-to-edit GANs.

EU court rules research can be trade secret in lie detector biometrics project

An EU panel of judges has rejected an appeal to overturn a court judgment preventing the release of details about government efforts to build video lie detectors.

The three appellate judges dismissed claims by a German member of the European Parliament that the public has a right to know about taxpayer-funded research into possible systems designed to read emotions and spot deception.

They sided with a previous judge who, in 2021, said commercial interests in the case outweigh the public’s interest in access to information. The work in question is merely government and commercial research.

At issue is the possibility of requiring people to make a video call before an international flight as part of iBorderCtrl, the Union’s ongoing project formed to find new data systems. Its goal is to apply novel data innovations to protection against illegal immigration and to border efficiencies.

Patrick Breyer, German member of the European Parliament, lost his appeal. He had named the Research Executive Agency as the defendant because it coordinated funding of the research under the seven-year-old iBorderCtrl program. iBorderCtrl, in turn, is part of the Horizon 2020 EU research project. The program appears to have ended in 2019.

Breyer describes himself as a “digital freedom fighter” on the Civil Liberties, Justice and Home Affairs Committee.

A post on his site says the emotion recognition research is less of a general what-if effort and more of a publicly acknowledged and growing EU interest in algorithms that have divided the biometrics community. Some see promise, some see certain failure and others see overreach.

Breyer says innocent travelers who fail the biometric test would have to defend themselves against an accusation by software. And there is no telling how widely that assessment (correct or not) would follow people.

Information reportedly being withheld includes the legal and ethical implications, how the software might prevent profiling, practices for collecting personal data and results assessments.

Main News:

X and LinkedIn prepare for passkeys adoption as MFA providers release new tools

X, formerly known as Twitter, and LinkedIn are taking steps to support passkeys according to The Tape Drive‘s findings in backend code updates to each app. The social media platforms have not announced when the apps will begin supporting Passkeys, but their impending adoption represents another major step towards mainstream consumer adoption.

Passkeys were developed based on FIDO Alliance standards to provide a phishing-resistant alternative to password authentication for account access by consumers and employees.

Apple, Google, and Microsoft are also in the process of supporting passkey on their platforms and apps. Android 14 users will have the option of using third party passkey providers, while Apple will automatically assign a passkey to all hardware owners with an Apple ID starting with version 17 of iOS. TikTok’s and GitHub’s passkey rollouts began last month.

“With two more major platforms with over a billion combined users planning to adopt passkeys, social is snowballing around offering a true passwordless option,” 1Password Chief Product Officer Steve Won wrote in a comment emailed to Biometric Update. “Not only will these companies have mastered reducing friction for users who sign in daily, but they’ll better safeguard the brand reputation of individuals and businesses that could be impacted by a single post. This marks a watershed moment that will move us closer toward making passkeys the new standard for authentication.”

The X and LinkedIn updates also come as passwordless authentication providers release tools to ease passkey usage.

MFA providers are taking steps to streamline the implementation of biometric passkeys. Keeper Security, a cloud-based cybersecurity software provider, announced expanded support for passkey management across all desktop browsers and for every customer.

Passkeys are stored and managed in the Keeper Vault and can be easily accessed to authenticate using a browser extension. Keeper also created a directory to identify where passkeys can be used.

In a similar vein, Beyond Identity, passwordless identity management provider, announced the launch of The Passkey Journey, a tool to help developers more efficiently adopt passkeys to optimize end user authentication experiences. The tool is both free and GDPR-compliant.

The Passkey Journey provides a JavaScript snippet that can be integrated into a website and analyze visitors’ browsers and devices to determine if they support WebAuthn and passkey usage.

The tool creates a report to show a percentage breakdown of visitors who can use passkeys with biometrics, with only security keys, or who can’t use Passkeys at all. It also gives recommendations to optimize Passkey rollout as well as UX insights.

“Driving passkey adoption is a critical goal for the FIDO Alliance” says the executive director and CMO of the FIDO Alliance, Andrew Shikiar. “Over the past year, we have published research-backed UX guidelines to support consumer deployments and best practice deployment papers to enable enterprise utilization. The Passkey Journey is a valuable development tool that stands to help enterprises make informed decisions on their passkey deployments.”

ID R&D brings voice recognition to ChatGPT

ID R&D has been showcasing a new user authentication solution specifically designed for ChatGPT at an industry conference this week. IDVoice for ChatGPT leverages the company’s voice recognition technology to verify an end user during a speech-enabled ChatGPT session, in which a user can vocally interact with OpenAI’s famous chatbot.

“Verbal communication with chatbots will soon become commonplace, and securing chatbot sessions from unauthorized access — without burdening users with added friction — will make chatbots that much more useful for a variety of applications that warrant added security,” explains CEO Alexey Khitrov. The solution was demonstrated at the Voice & AI conference in Washington, D.C., which concludes today.

Meta suggests an AI computer vision fairness standard, opens a model to all

Meta made a couple of significant computer vision announcements last week. It introduced a proposed fairness benchmark, and it made vision model open source.

In both cases, the parent of Facebook wants to insinuate itself deeper into fabric of AI development.

Meta has proposed FACET as the standard for image classification and semantic segmentation “at unprecedented scale.” How much, if at all, Facebook benefits from this is an open question. The company famously swore off facial recognition for the social media service.

Presumably referring to its corporate self, Meta in an announcement said, “we have a responsibility to ensure that our AI systems are fair and equitable.”

Anyone using AI computer vision “may” have a bad experience because of their demographics, not because biometric recognition and related tasks are inherently complex.

FACET, an acronym only a human could dream up, stands for FAirness in Computer Vision EvaluaTion. It is written to better evaluate vision models for visual grounding, instance segmentation, detection and classification.

There are 50,000 people recorded in 32,000 images in the FACET database, according to Meta. Each image is labeled for demographic attributes by expert human annotators. The company did not explain how it defines “expert.”

Other physical attribute labels include perceived skin tone and hair style and “person-related” classification such as doctor and basketball player.

As well, the company says, there are labels for 69,000 SA-1B database masks. That stands for Segment Anything 1 Billion, and it was designed to train general-purpose object segmentation on images from the wild.

The announcement, also explains that Meta is expanding DINOv2, making it open-source. The computer vision model was trained using self-supervised learning to create universal features. It is covered by the Apache 2.0 license.

Idemia asserts top results for biometric performance across modalities in NIST tests

The results of testing by the U.S. National Institute of Standards and Technology show top-ranking accuracy for Idemia algorithms across iris, fingerprint and face biometric modalities, the company says in an announcement.

The recent update to NIST’s IREX 10 benchmark shows the company’s iris biometrics algorithms deliver the most accurate match results for single-eye comparisons. The same algorithm, submitted in June, sits third on the leaderboard for two-eye accuracy.

In the NIST Minutiae Interoperability Exchange (MINEX III) test, Idemia’s fingerprint template generator algorithm submitted on July 5 sits atop the list of results, while its template matcher is third as of the latest update on August 8. The company says these results align with strong performances in NIST’s PFT III and ELFT evaluations, for performance and accuracy of proprietary templates in the former case and evaluation of latent finger and palm prints in the latter.

Idemia also restates its claim from last year about having the most fair face biometrics algorithm among the 100 most accurate in the FRVT 1:1.

The Face Recognition Vendor Test is now known as the Face Recognition Technology Evaluation (FRTE), with non-identification tasks tested under the Face Analysis Technology Evaluation (FATE) program. NIST split the legacy FRVT program in August, following 24 years using the name.

“Our latest results once again attest to our capacity to develop ever more accurate and efficient technologies while always keeping fairness at the core of our products,” states Idemia Group CTO Jean-Christophe Fondeur. “With results outperforming all our rivals, we reaffirm our pledge to lead and promote the importance of social responsibility here. I’m immensely proud of our test results and would like to congratulate all our people for their outstanding work.”

NFL’s Tennessee Titans and Verizon to use face biometrics for fan access control

The National Football League’s Tennessee Titans and Verizon have announced they are partnering to verify guest identities using facial authentication for secure access through the 5G Edge Accelerated Access opt-in system along with dozens of 5G Ultra Wideband cell sites at the Nissan Stadium this season.

Verizon’s 2022 deal with Wicket accelerated the deployment of facial recognition ticket entry systems at sports venues that run on Verizon’s 5G network.The opt-in biometric system is already available at the Cleveland Browns’ and Atlanta Falcons’ stadiums.

The end-to-end encrypted system uses facial authentication software to identify a person using an image of a person’s face before granting facility access or ticket redemption. Accelerated Access can provide access control for fans with no interaction needed. It can provide ticket redemption through token-based access that does not require camera calibration.

The system can improve event security by keeping crowd flow safe while reducing congestion and staffing costs by automating check-ins. The cloud-based MEC infrastructure eliminates the need for on-premises servers and comes with the option of opening turnstiles with facial authentication.

The Accelerated Access system is part of a larger 5G investment in more than 75 large public venues throughout the US. It also comes as Verizon launches a managed private wireless network for coach-to-coach communications at 29 NFL stadiums.

Corsight AI collaborates on free compliance-focused facial recognition solution

Corsight AI has teamed up with Anekanta AI and Advent IM on a facial recognition service focused on compliance with ethical and regulatory guidelines. Anekanta AI is a UK-based consultancy offering guidance on such matters, particularly with respect to European Union regulations, while Advent IM — also based in the UK — is an IT and physical security consultancy.

Their “FaceComply” service developed in collaboration with Corsight will offer “effortless adherence to stringent requirements such as the EU General Data Protection Regulations”, says Corsight AI’s Chief Privacy Officer, Tony Porter. The basic service is being offered for free.

1Kosmos to demo ‘Reusable Verified Credential’ in NYC

1Kosmos executives will show off a ‘reusable verified credential‘ solution at the FinovateFall industry conference in New York City this week. The digital credential is stored in an end user’s digital wallet, and shared as needed in different use cases, such as confirming that the user is of age to purchase restricted goods, without actually having to share the user’s date of birth. It will be showcased by 1Kosmos Product Manager Sheetal Elangovan and North American Sales SVP Jens Hinrichsen in a session scheduled to begin at 5:28pm ET at the Marriott Marquis Times Square on September 11. 1Kosmos is best known for its BlockID digital identity solution, which was recently added to the NayaOne and AWS marketplaces.

BIO-key connects with AWS sales reps

BIO-key has joined the Amazon Web Services Independent Software Vendor Accelerate Program, which is meant to connect vendors offering software the runs on AWS with the AWS Sales organization, including its globally dispersed field sellers.

“BIO-key is thrilled to be accepted into the AWS ISV Accelerate Program, which validates the strength of our biometric authentication solutions and our commitment to innovation in the field of cybersecurity,” said BIO-key’s VP of Sales & Channel, Galen Rodgers.

The development comes a little over a year after BIO-key joined the Amazon Web Services Partner Network.

NEXT’s indian partner gets pivotal certification

NEXT Biometrics has revealed the name of its major Indian partner, which has just obtained an important certification. Access Computech Pvt. Ltd. (ACPL) was the firm involved in a $2.2 million order of NEXT’s FAP 20 fingerprint sensor announced in February of 2022. ACPL has now received L1 certification from the Indian government’s Ministry of Home Affairs, authorizing it to provide security services to clients in the country. NEXT says that its potential sales in India were largely dependent on this particular accreditation, and that it “now expects more recurring orders with shipments starting from Q4 2023 and into 2024.”

Zwipe teams with Swedish security company on biometric card access

AWT, a Swedish physical security company founded in 1993, has established a partnership with Zwipe, agreeing to offer the latter’s fingerprint-scanning access control cards to customers.

In announcing the arrangement, AWT CEO Per Lindstrand explained that “having modern capabilities or access to newer door technologies is critical,” adding that Zwipe offers “breakthrough technologies” for secure access and ID cards.

Zwipe has tended to focus on opportunities in the financial services market for its biometric card solution, but access control clearly offers room for growth as the more streamlined company strives toward mass commercialization.

OIX wants a global standard for digital identity data to underpin interoperability

While digital IDs are becoming increasingly popular, data standards for digital identities and credentials are still inconsistent, and sometimes non-existent. To ensure that our future digital IDs are interoperable, we will need to set common standards, including for biometric information, Open Identity Exchange (OIX) argues in a new paper.

The non-profit argues in its research, titled “Data Standards for Digital ID Interoperability,” that achieving global interoperability across different jurisdictions and ecosystems is a major challenge.

“There are too many scenarios where the lack of comprehensive standards is creating significant difficulties for organizations trying to confirm a user’s identity,” says OIX Chief Identity Strategist Nick Mothershaw.

The digital ID advocacy organization offers a solution: Standard-setting bodies should adopt the recommendations on which it has been working for the past year.

Its suggestions include creating a single-protocol independent data standard called the Global Protocol Independent Data Standard. This would allow for core ID information and evidence to be communicated consistently, regardless of the security protocol used.

While deciding who should create, own and govern this standard is yet to be determined, OIX suggests it should be based on the OIDC for Identity Assurance. OIDC or OpenID Connect is developed by the OpenID Foundation, which includes companies like Google and Microsoft.

OIX also proposes using existing ISO and ICAO standards for core ID claims as far as possible. ISO should be encouraged to create a new structured global name and address schema to allow cross-mapping of local standards. The organization believes that ISO should also create a new global standard for communication of personal identifiers.

Proofing techniques, such as document scanning (with different light options), document optical character recognition, image capture liveness and biometric matching of faces, irises, fingerprints and veins also need standards. The standards will enable different trust frameworks to assemble sets of proofed credentials as part of their individual assurance policies, the paper notes.

“Relying parties are receiving the same data in different formats from different digital ID providers. Having to assess the data themselves, and code differently to accommodate for the differences, is creating problems around interpretation, translation and data normalization,” says Mothershaw. “This is forming a barrier to digital ID adoption. If we want relying parties to embrace and consume digital ID, we must make it easier for them to do so.”

ROC.ai passes Level 2 PAD assessment from iBeta without missing an attack

Presentation attack detection software from Rank One Computing has passed a compliance assessment to ISO/IEC 30107–3 Level 2 by iBeta Quality Assurance with a 100 percent success rate.

ROC.ai passed the assessment without any false acceptance errors, though the threshold for compliance is a 1 percent error rate. Level 2 tests PAD against more sophisticated attack methods than level 1, such as 3D printed or latex masks.

The company notes the importance of iBeta compliance assessments in the context of substantial growth in the digital identity sector, and the proliferation of fraud attacks on face biometrics systems.

The confirmation letter from iBeta states that the ROC SDK 2.6 is the application tested on an android device.

Neurodactyl releases high-speed biometric deduplication tool for large-scale databases

Neurodactyl, a Georgia-based tech startup specializing in contactless fingerprint recognition, has unveiled a new biometric deduplication tool that quickly identifies errors and duplicates in large-scale biometrics databases.

A distinctive feature is its direct all-to-all matching, where every fingerprint is compared to every other in the database, regardless of finger position.

In practical terms, for a database containing ten million people and 100 million fingerprints, this translates to a staggering five quadrillion matching operations. Neurodactyl’s deduplication algorithm uses neural networks to create compact biometric templates that can be quickly matched, according to the company announcement. Through batch processing, the deduplication software can perform up to a billion matching operations per second on a single CPU, and times as many on a GPU.

That means the tool can deduplicate a database with 100 million fingerprint templates in less than ten days, using a single computer with a high-end consumer GPU. If relying solely on a CPU, the process takes approximately two months.

Efficient deduplication of biometric databases helps to streamline authentication processes and enhances biometric database security and reliability. It is considered important for preventing fraud in applications from public benefits payments to voting.

US wants word from vendors that can speed digital ID security standards creation

Anyone with the expertise and products to get digital identities on mobile devices fast are being invited by the U.S. government to let NIST know their interest in working on related reference architectures.

The National Institute of Standards and Technology is managing the public/private project, which is expected to define and create privacy-focused digital ID architectures that are secure and equitable and easily adoptable and simple to use.

NIST’s National Cybersecurity Center of Excellence is running the project, which has identified cybersecurity challenges that are holding back digital ID adoption, according to the government.

Ultimately, Washington wants to rationalize a digital ID market that needs technical standardization if it’s going to address the needs of anyone needing to reliably verify someone’s identity digitally.

Organizations have until September 28 to submit their letters of interest. They will need to show their ability to support and demonstrate ISO/IEC 18013–5 and 18013–7 standards for mobile driver’s licenses.