Daon

We’re very pleased to announce that our 3D face liveness solution passed ISO/IEC 30170-3 Presentation Attack Detection (PAD) level 1 testing. 

iBeta, an independent NIST-certified biometric testing laboratory in Colorado, recently conducted the testing, and Daon’s solution was able to detect 100% of the 1,800 face attacks including photos, paper masks, and videos.

Generally, it’s best if blogs cover best practices, industry trends, and helpful tips, rather than focusing exclusively on our tech (or so my marketing team tells me). However, we’re making an exception today to share some details on our solution and how we achieved such noteworthy performance.

Presentation Attacks and Liveness Detection

When people ask if their biometrics could be compromised, the simple answer is no. Your biometrics can’t be compromised, because they aren’t secrets. 

But this simple answer makes a rather large assumption—that your biometric system can reliably differentiate between the real you and some imposter with a picture of your face or a recording of your voice. We call this detecting “liveness,” and not every biometric system can do it well.

Without liveness detection, your system is vulnerable to a category of attack known as a presentation attack—an attempt to impersonate a valid user by presenting a fabricated biometric characteristic such as 2D prints, paper cutout masks, static images, video screen replays, or even 3D masks.

Anti-Spoofing in Two Seconds

Daon’s IdentityX platform uses several Presentation Attack Detection (PAD) algorithms to combat spoofing by detecting genuine live users. These liveness detection/anti-spoofing techniques are used in conjunction with our authentication algorithms and can be performed either actively (i.e., done with the user’s active participation) or passively.

Daon’s newest liveness solution is called 3D face liveness and is primarily designed for use on a mobile device—either running in a native app or in a browser. 

3D face liveness simply asks the user to move their smartphone closer or further from their face so that it fits into an oval displayed on their screen. The algorithm intelligently detects and tracks the user’s face position relative to their smartphone so that it knows which oval size to display and when the movement has been completed.

Throughout, IdentityX automatically captures a sequence of video frames, then analyzes the frames for complex geometric distortions that should occur naturally as a three-dimensional face moves closer to or further away from the camera lens. 

For even greater mitigation of presentation attacks, IdentityX combines the 3D face liveness algorithm with other passive techniques (such as detecting reflections, screen bezel edges, unusual textures and colors in the face region, lack of face micro-movements, etc).

Testing a Range of Real-World Situations

For just the latest release of our 3D face liveness algorithm, Daon built a testing database of more than 50,000 captured videos—40% genuine samples and 60% spoofing attack samples—with data representing a broad array of challenging capture conditions in real-world situations and uncontrolled environments, as well as a wide range of devices, cameras, and user demographics (age, gender, racial background, etc.).

The testing conducted by iBeta was limited to eight hours for each PAD test per presentation attack instrument (PAI), which is a Level 1 PAD effort (the first of three levels). As noted, Daon’s solution was able to detect 100% of the 1,800 face attacks including photos, paper masks, and videos—using both Android and iOS smartphones

The Limits of Lab Testing

It’s one thing to evaluate technology in pristine laboratory conditions, but quite another for a system to perform (at scale) in the wild—where a constantly evolving multitude of low-, middle-, and high-end Android and iOS devices churns throughout the world. 

So while we’re quite proud of our ISO/IEC 30170-3 compliance, we can also be more or less certain that liveness standards and testing will continue to evolve, and today’s compliant solutions may fail to meet the escalating requirements of next year, or even next quarter. Even in the best of circumstances, the testing and evaluation process can take months to complete, at which point (given the pace of innovation) a brand-new test result is already a lagging indicator of performance.

Given these realities, we strongly recommend choosing a liveness technology with not just laboratory certification, but also a track record of proven customer success in large-scale deployments over time. Unlike static third-party conformance tests, the real-world “customer test” is a dynamic evaluation that will surely present the broadest and most credible proof of a technology’s likelihood to perform as advertised.

In the meantime, if you happen to encounter our 3D liveness technology out in the world, now you’ll know what it is and why it’s asking you to move your phone closer to or further from your face. You might also appreciate knowing that the technology is proactively protecting your identity and reducing the risk of fraud—and the organization using it is on the cutting edge of risk reduction. 

---

Ready to learn more? Click here to get our full, free ebook on Digital Customer Acquisition with 3D Liveness.