Biometrics, Creepy or Convenient? - Goode Intelligence
-
Upload
khangminh22 -
Category
Documents
-
view
0 -
download
0
Transcript of Biometrics, Creepy or Convenient? - Goode Intelligence
Presented by
Goode Intelligence
April 4th 2019
Rise New York
43 W 23rd St
New York
NY 10010
USA
Strategic Partner
Q1: Scenario one: While waiting in a queue to pay at a petrol (gas) station a screen displays personalized adverts based on your age, gender and ethnic background. A camera located at the entrance of the petrol station captures your face and then passes this to an algorithm that determines your age,
gender and ethnic background. It then uses this data to display personalized ads to you. Do you find this creepy or convenient?
Q2: Scenario two: A high-profile VIP is attacked by a weaponized automated drone that uses facial recognition to identify its target.Do you find this creepy or convenient?
Q3: Scenario three: While you are accessing your online banking account, a behavioural biometric system is learning about how you interact with technology, use your smartphone or typing on your keyboard to develop a unique profile that can be used to identity you and prevent imposters from
accessing your account. Do you find this creepy or convenient?
Summary
• There are plenty of grey areas
• Cultural differences
• Regional differences
• Impact of regulation
• Consumer opinion is important
#creepyorconvenient
All information is strictly confidential and proprietary to B-Secur
“The Global ECG equipment market is anticipated to grow from $ 4645 million in 2017 to $8050 million by 2026, at a CAGR of 6.34% for the forecast year of 2018 and 2026.”(Inkwood Research, 2017)
“THE YEAR OF ELECTROCARDIOGRAM TECH IS UNDERWAY.” (CNET, 2019)
“We’re going to see about a 1,600- fold increase in data over the next decade and we’re starting to think about what it would really mean to harness this information that’s coming from the clinic, home and remotely.” (Mobile Health News, 2019)
Smart Worker Market worth 4.40 Billion USD by 2023(Market and Markets, 2019)
ECG Feature in Apple Watch is already saving lives. (Apple Insider, 2018)
Withings launched the Move ECG at CES 2019, a smartwatch with both activity tracking and the ability to measure electrocardiograms (ECGs), and send them directly to your doctor. Plus, the watch can detect atrial fibrillation, or irregular heartbeats. (Business Insider, 2019)
ECG is Going Mainstream
All information is strictly confidential and proprietary to B-Secur
B-Secur are expertsin ECG technologyUsing the heart to enable
secure health & wellness insights
in the connected world
All information is strictly confidential and proprietary to B-Secur
HeartKey is our solution: a collection of ECG algorithms and analytics
securing health and wellness insights
All information is strictly confidential and proprietary to B-Secur
ECGAdvantages
Accurate User ID
Medical Grade HR
Accurate HRV
Accurate Arrhythmia detection
Disadvantages
Requires two points of contact
PPGAdvantages
Single point of contact
Easy continuous monitoring
Disadvantages
Can provide inaccurate HR
Cannot be used for accurate HRV
ECG and PPG CombinationAdvantages
Continuous HR and Stress Monitoring
User ID
Accurate HR and HRV
Blood Pressure Monitoring
Accurate Arrhythmia detection
Market Ready and building
Multiple OEMs developing
Eco-system into Auto, Healthcare, Insurance etc
Significant Data platform play
Benefits of ECG & PPG for Secure VSM
Genuine
User ID
Identification,
Liveness
Detection
HeartKey™️ for Automotive
Health & WellnessContinuous / Passive Identification
Early
Detection,
Prevention
Payments /
Insurance
HeartKey™️ for Wearables
Continuous / Passive Identification Health & Wellness
Genuine
User ID
Asset
Tracking/
Critical
mission
Stress,
Fatigue,
H.R.V.
HeartKey™️ for Smartwear
Health & WellnessContinuous / Passive Identification
The information on this slide is strictly confidential and proprietary to B-Secur
Stress Log X-Devices
3
Conversational UI Everywhere!
3
Virtual
Assistants
Messengers
IoT Devices (cars,
smart homes,
appliances)
of US adults already
use conversational
interfaces
50% NEW ID CHALLENGES
Strong User authentication
Frictionless / Noncollaborative
5
Biometrics Solve UX and Security
ID R&D combines best in class biometric technology (Voice, Behavioral and Face*) with Liveness Detection for continuous authentication and
a frictionless UX
Our industry leading AI-based voice biometric engine developed by
NIST winning team delivers high accuracy, low footprint and
robustness to noise.
ID R&D is a leader in voice and face anti-spoofing with a unique AI-
based approach that can distinguish a human voice / face from a
digital representation (recording, photo)
Biometrics for Conversational Interface
Voice
Transfer ID complexity from user to AI
AI-DRIVEN BIOMETRIC TECHNOLOGIES FOR
ENHANCED SECURITY AND FRICTIONLESS UX
Biometrics for Secure Login
Behavioral
Face*
Voice
Behavioral
Liveness
*Licensed
6
Best-In-Class Voice Biometrics
Methods – x-vector, DNN, CNN
Short utterances – 1-2 sec of speech
Text-dependent and Text-independent
Accuracy – EER-0.3%
Template size – 1.6KB
ML based Model Enrichment
6
ID R&D voice biometric engine utilizes a number of AI and
traditional techniques to provide the best in class performance.
1
4
2
3
5
Key Performance metrics (up to)
Access to large data sets would allow to further enhance the
solution
Text independent algorithms from ID R&D a “complete gamechanger” – Opus Research
Leading accuracy and shortest utterances for voice verification using new AI
techniques
ASVSpoof-2017 Results
ID R&DD01
77
Best-In-Class Voice Biometric Liveness
ASVspoof 2017: Automatic Speaker Verification Spoofing and Countermeasures Challenge designed to test biometric technology
capabilities for "replay attack" detection (live voice vs a recording).
The Challenge was designed to test an ability to
distinguish between human voice and a recording of a
human voice
ID R&D is one of the clear
leaders in the largest voice
biometric anti-spoofing
challenge (2017)
Top Performer in 2017 Liveness Testing
Closer to zero point is better
88
Best-in-Class Voice Liveness Again in 2019
ASVspoof 2019: Automatic Speaker Verification Spoofing and Countermeasures Challenge,
Logical Test
The Challenge was designed to test an ability to
distinguish between human voice and synthesized voices
ID R&D is a clear leader in
the largest voice biometric
anti-spoofing challenge to
date
ID R&D
Large performance gap compared to next best system
▪ World’s First Frictionless, continuous, multi-modal biometric verification▪ Chatbots (typing)
▪ Virtual Assistants (voice)
▪ No User Experience ( UX) ▪ Requires no input from a user for authentication
▪ High Security▪ Multi-modal biometrics
▪ Voice, Behavioral, Face
▪ Man in the middle attack prevention
▪ Ideal solution for Conversational Interface
SafeChat™ Conversational Interface for mobile or web showing Text
Independent capability:
Excerpt SafeChat Video Demo
10
SafeChat™ – Biometric Virtual Assistant
Please follow to link to preview this solution: SafeChat10
BIOMETRIC VIRTUAL
ASSISTANT ASK A QUESTION
(TYPE OR SPEAK)
REAL TIME FRICTIONLESS
BIOMETRIC ID
Biometric
Matching
Scores
11
SafeChat – HOW IT WORKS
Enabling frictionless (“Friend”) experience 11
CAMERA
ACCELEROMETER/GYRO
KEYBOARD
MICROPHONE
CONFIDENCE
SCORE
Ensemble of Deep Neural Networks
1
Iris ID Systems Inc.
8 Clarke Drive, Cranbury, NJ 08512
Iris Recognition comes of age
Identity – Access – Workforce
Iris Recognition TechnologyIdentity Authentication
2
• US-directed global business unit
• Established in 2002 (US)
• Reflecting importance of security post 9-11, and US/G-20 influence driving
technology adoption
• Spin-off unit created form LG to Iris ID Systems Inc in Dec. 2010.
• Commands attention of senior management previously from LG IRIS
• Focus on future development of the technology
• Creating Alliances with best of breed ID companies
• GBU is IRT experience-rich
• In technology
• In marketing and sales
• In support and service
• Vision, mission, growth reflect core Iris ID core competence
• Identity authentication, not iris, biometrics, security, access control, or identity
management at scale
• Identity – Access – Workforce
• Technology – Partnership – Innovation
• Cranbury NJ, Dubai, Mexico City, Singapore, Seoul , Bangalore
About Iris ID
3
Accepted & Deployed Worldwide 1 of 2 (commercial market)
Asset ProtectionData Center Security
Lab Security &Bio Hazard
Containment
InfrastructureProtection
WorkforceManagement
Hotels ClubsPOS & Retails
This is a partial list, for representation only
4
VietnamMulti-stage
Government ID
Kingdom of Jordan
Kingdom of Saudi Arabia
State of Qatar
Sultanate of Oman
India
UIDIA
Accepted & Deployed Worldwide 2 of 2 (government market)
TransportationSecurity
Government &Public Safety
CivilIdentity
This is a partial list, for representation only
Canada/USBorder
Mexico National ID Program
5
Applications – Devices
Multimodal Trend• Field applications require different devices.
• Fixed – Desktop - Handheld – Mobile – Distance - Harsh Environment
• All devices are standards compliant for Iris & Face Capture
6
Sclera
Iris
Retina
Choroid
Lens
OpticNerve
AqueousHumor
Cornea
Ciliary Muscle
Iris
Retina
• The donut shape of the eye except the black part(pupil) is the iris.• Iris recognition technology is different from the retina scan. It is same as taking pictures
using normal digital camera - no worry about eye safety.
Iris Recognition – Not Retina !
8
Boundary of Upper Eyelid
Boundary of the sclera (limbus)
Boundary of Lower Eyelid
Boundary of Pupil
* limited data on newborns, also barring trauma/surgery/low incidence disease.
• Extremely small outlier population• Physical variances have low impact• Age: stable template: 1 -> 99 *• One time lasting enrollment• Fastest authentication• 1:N Identification and 1:1 Verification• Single or two-factor mode• Low FAR (false accept ratio) and low FRR (false reject ratio)
Iris Recognition comes of age for National ID
9
After 12 months of age, the iris pattern is completed and does not change through life. The iris pattern is unique - left and right iris are different, the irides of twins are not the same
Positive Identification
The probability of two individuals having the same iris pattern is 1 in 1072 . The most accurate biometric technology commercially available as of today.
Most Accurate
Just take a look from a distance of 12-14 inches (31-35cm) for recognition up to a one meter.
Identification is possible even when wearing sunglasses or contact lens.Easy of Use
Iris recognition is especially powerful in a large scale environment such as airport or borderline
where high throughput is needed (1:N recognition in 10’s of millions database - less than 2 seconds)Rapid Speed of Throughput
Iris recognition is non-contact and non-invasive which means it is safe from any harmful
contamination among people.Non-Invasive
It's highly scalable from mid/small size office environment to large scale enterprise system or
ultra large scale national ID project.Highly Scalable
Iris ID becomes higher standard of biometric security solution. IrisAccess has perfect countermeasure solution for filtering photo, video or fake eye intrusion.
Countermeasure
Iris Recognition why use it ?
10
After 12 months of age, the iris pattern is completed and does not change through life. The iris pattern is unique - left and right iris are different, the irides of twins are not the same
CLEAR
The probability of two individuals having the same iris pattern is 1 in 1072 . The most accurate biometric technology commercially available as of today.
Schiphol
Just take a look from a distance of 12-14 inches (31-35cm) for recognition up to a one meter.
Identification is possible even when wearing sunglasses or contact lens.Schiiphol 2
DHS Pedestrian Exit Trial in Southern CaliforniaOtay Mesa
Iris recognition is non-contact and non-invasive which means it is safe from any harmful
contamination among people.Non-Invasive
Iris Recognition - Who is using it ?
12
• Border Patrol – E3
• US DOD – BAT A
• DMDC – CAC/PIV Card
• CJIS/FBI Iris Integration
• CLEAR
• NYPD – Arraignment
• LASD Multimode Livescan
• York County – Book and Release
• George W. Hill Correctional Book and Release
• Georgia Dept. of Corrections
• Larimer County Correctional
• DHS S&T Biometric Technology Rally
And the list goes on……..
US Government & International Programs
Multimodal Trend
• UIDAI –AADHAR
• NEXUS Air – Canada
• Doha Airport
• Mexico National ID (RENAPO)
• Mexico Driver License Program
• Mexico Pension Program
• Iraq Citizen ID ( Pension Program)
• Somaliland Voter Registration
• Mali Immigration (rollout underway)
• Qatar Immigration - Hammad
• Turkmenistan Immigration and R Gate
• Schiphol Privium – Amsterdam
• Yonkfa Project – Ghana – Heathcare
And the list goes on……..
13
• NIST AGING REPORT: – IREX VI: Mixed-effects Longitudinal Models for Iris Aging:
• “Using two large operation datasets, we find no evidence of a widespread iris ageing affect,” the report notes. “Specifically, the population statistics (mean and variance) are constant over periods of up to nine years. “
– Quantifying Biometric Permanence Using Operational Data
Iris Recognition Stable Over Time
https://www.nist.gov/sites/default/files/documents/2016/12/01/06_thursday_grother_2014_04_03_1125_30min_ageing3_final.pdf
14
Iris Recognition comes of age for National ID
• Questions ?
Additional program details and photos follow….
Tim MeyerhoffIris ID Systems Inc.
908 803 4596 c
•
Passwords are not enough
Over 80% of ATOs are related to weak passwords.
3bn passwords are compromised yearly.
Up to 2% of stuffing is successful.
Identity theft causes losses of $16 bn/yr.
Account takeover fraud rises by 31%/yr.
Recognize people when they type
Our vision is to be the passive authentication of the future, to improve and secure the world in the next age of typing-based communication.
Some things to consider
Security - accuracy is not enough, data storage, anonymization
Versatility - environment changes (location, time, personal)
Some things to consider
Security - accuracy is not enough, data storage, anonymization
Versatility - environment changes (location, time, personal)
Ease of use - onboarding process, enrolling users, fallbacks
Some things to consider
Security - accuracy is not enough, data storage, anonymization
Versatility - environment changes (location, time, personal)
Ease of use - onboarding process, enrolling users, fallbacks
Maintenance - critical updates
Thank you!
[email protected]@typingdnawww.linkedin.com/company/typingdna
Raul PopaCEO & Data Scientist@raulpopa
Our vision is to be the passive authentication of the future, to improve and secure the world in the next age of typing-based communication.
1Confidential 2018
Genuine Presence
Assurance -
securing banks
and customers
4th April 2019
Andrew Bud
Founder & CEO,
iProov
Confidential 2019
About iProov
2
Award winning
Trading in London since 2013
World-class team of 30 staff
Proprietary in-house technology
with 12 granted patents
Background
Recognised leaders in
biometric anti-spoofing
Or is it a…
→ photo or digital image?
→ doctored recording?
→ synthetic video?
→ corrupted device?
Genuine Presence Is at the Heart of Biometric Verification
Is this a
real person
Genuine presence detection is the next frontier of cyber security
?
Confidential 2019
Biometrics in Strong Authentication
Match?
Genuine? Present?
Impostors
(low intensity driveby)
Copies:
Physical, digital, direct injection
Replays:
Recordings and deepfakes
Confidential 2019
The Solution: iProov’s Flashmark controlled illumination
Covered by 12 granted patents
Passed
Azure Cloud
iProov SOC and SaaS Provide Sustainable Security
Detection and adaptation to new attacks
Continuous learning eliminates
zero-day risk
Growing data set of
millions of application images
Confidential 2019
Impartially tested and assessed
Face
Level A Time: short
Expertise: anyone
Equipment: readily
available
Paper printout of face
image, mobile phone
display of face photo
Source of biometric
characteristic: easy to
obtain
Photo from social
media
Level B Time: > 3 days
Expertise: moderate skill
and practice needed
Equipment: available but
requires planning
Paper masks, video
display of face (with
movement and
blinking)
Source of biometric
characteristic: more difficult
to obtain
Video of subject, high
quality photo
660 different attacks on iProov
Tested to NIST SOFA-B level B
100% Resilience
ISO/IEC 19795-1:2006
ISO/IEC 30107-3: 2017
FIDO Biometric Requirements
With live user/real attack data:
FRR < 0.5% and
FAR < 0.25% for
print/screen/video attacks
Zero critical or high vulnerabilities
Amidst a Crowded Stack, We Are a
Mission-Critical Layer
Complementary
User ID Inputs
Corroboration
& Assessment
Orchestration
Platform
Onboarding/Border Control
→ ID Matcher → Verifier
Authentication
Document & Credential Specialists
(ReadID, Mitek, Jumio, ID.me, Acuant)
Online Data Providers
(Lexis Nexis Risk, Experian, Trulioo)
Workflow Orchestration
Banks, enterprise self-supply,
solution providers
(GBG, Onfido, Idology, Chekr)
MFA Orchestration
Banks, enterprise self-
supply, solution providers
(Duo, Callsign, Daon)
Risk Measurement
(ThreatMetrix, Behavioural, Biocatch)
Multi-Factor Authentication
(Handset & software providers)
Is this the right
real person?
Confidential 2019
iProov across the whole lifecycle of customer authentication:
simple, secure, accessible
19
1. Digital customer
onboarding
2. Account access
3. Step-up 2nd factor authentication
5. Unlock account or payment card
4. Bind new device to account
Making Convenience SecureHow biometric payment cards and biometric enabled wearable devices will make contactless payment even more prevalent
André Løvestam, CEO
With a mission of “Making Convenience Secure”, Zwipe is at the forefront of battery-less biometric authentication
Note: (1) BPC is an abbreviation for biometric payment cards.
• First-mover with industry leading energy harvesting and power
management technology for BPC’s(1) - launching the world’s first pilots 1
• A simple, consistent, frictionless and secure user experience with no
batteries or fixed power supply required2
• Strong market momentum for biometric payment cards with growing
commitments from leading industry stakeholders
• Partnering with world leading industry players like Gemalto and VISA3
• Solid management team with leading industry experience4
• Additional upside potential in increased product offering into wearables,
digital authentication and licensing of IP5
2
Our core technology is at the heart of secure convenienceZwipe’s technology solution enables
battery-less, contactless, ultra-low power,
self-contained biometric authentication
solutions in constrained environments
3
What is the problem?
Contactless is booming…
…but consumers want a fast and frictionless experience without having to sacrifice security or privacy
5
Source: RBR study Global Payment Cards Data and Forecasts to 2023
Global card expenditure to reach 45 trillion USD by 2023 on back of contactless payments
8
What is a biometric payment card?
A payment card that features a fingerprint sensor that allows cardholders to complete both contact and contactless transactions by authenticating themselves via the fingerprint sensor, instead of using a PIN or other form of authentication
16 April 2019 Strictly Confidential10
Biometric payment cards are addressing the needs of the whole value chain
By enabling seamless commerce to its customers’ customers
FOR PAYMENT
SCHEMES
Drives
contactless and
cashless
transactions
FOR
BANKS
Branding
Fraud reduction
Offers
cardholders
peace of mind
Top of wallet
FOR
CONSUMERS
Convenience
Peace of mind
FOR
MERCHANTS
Speed
Revenue
12
Biometric authentication is fast becoming a necessity for all devices
• When looking at banking and payments, fingerprint authentication is moving from mobiles to payment cards to wearables and other devices
13
Biometrics perceived as delivering superior security
Source: AYTM Market Research, April 2018, among pilot participants
31.9%
66.7%
4.4%
46.4%
15.9%
5.8% 14.5%
14.5%13.0%
40.6%24.6%
4.4%4.4%
49.3%
52.2%
7.3%2.9%
Numeric PINSignature
100.0%
No authentication
1.5%
Biometrics
100.0% 100.0% 100.0%
Very insecure NeutralInsecure Secure Very secure
Customer ratings of perceived security among pilot participants
14
Source: Goodbye passwords, a VISA study
Consumers are ready and asking for biometrics
About half of consumers surveyed
are likely to switch away from
providers (card network, bank, or
mobile phone provider) if the
provider does not offer biometric in
the future
Source: Overcoming Mobile Biometric Challenges
a Mastercard study
93% of consumers prefer
biometrics to passwords,
further showcasing the
excitment and looking to
adopt
15
Securing payment cards and the way forward
Magnetic stripe• High fraud risk
• Slow, requires signature
• New and better alternatives available
EMV• Safer than magnetic
• CHIP + PIN is safe, but time consuming
Contactless• EMV + RFID
• Allows fast transactions, just tap card
• Low transaction limits with no PIN/signature
Biometric Dual-Interface• EMV + RFID + Biometric authentication
• Speed of contactless with safer authentication
• No transaction limits
Biometric Dual-Interface
with Dynamic CVX
• EMV+RFID + Biometric authentication + Dynamic card security
code integration
• Directly addresses card not present fraud, enabling safer online
commerce
In Development
Currently being trialed
16
Why Biometric Payment Cards?
Convenience
Allows for a frictionless and more secure checkout experience thanks to biometrics
Privacy
Functions without the need for a centralized database, all biometric information are stored only on the card and nowhere else
Works with existing infrastructure
No need to change the current checkout experience or infrastructure, as it works with all point of sale terminals with both contact and contactless transactions
Addresses new Regulations
New industry and government regulations around the world are pushing for contactless and for much stronger consumer authentication in payment while retaining the user’s right to privacy
18
Biometrics could be key to attracting millennial consumer interests
• Biometrics is increasingly being utilized not just for security but for driving convenience
• Millennials have shown preferences to utilize means of authentication that are more convenient
• The use of fingerprint biometrics is increasingly seen as the most convenient means of authenticating yourself
21
Secure at-home biometric payment card enrolment solution is key
An innovative offering that enables cardholders to register their fingerprint on their biometric payment card at home without needing to visit a bank branch
16 April 2019 Strictly Confidential
Fits inside a traditional envelope and functions like a powered greeting card, turning the card on when you open the enrolment kit
22
Not only payment cards…
Zwipe is partnering with Tappy Technologies to jointly develop and launch biometric enabled wearable payment devices as well
23
©2019 Aware, Inc.
Rethinking the Blink
An Update on Spoof Detection for
Mobile Biometric Authentication
…and Beyond
David BeniniVP, Marketing & Product
©2019 Aware, Inc.
Introduction to Aware, Inc.
• Founded in 1986 by MIT mathematicians
• Biometrics software supplier since 1993
• Publicly traded since 1996 (NASDAQ:AWRE)
• Headquartered near Boston, USA
• Strong balance sheet (US$50M) and profitable
• 50+ research scientists and software engineers
• Leading provider of military-grade biometric solutions for public and private sector
©2019 Aware, Inc.
Our Long History of Innovation in Biometrics 1990s
• Founding supplier to a
small biometrics community
• Helped FBI design WSQ
fingerprint image
compression algorithm for
first large-scale US Federal
Government AFIS
• First successful supplier of
COTS biometric SDKs
2000s
• Among first companies to
enable biometric e-passports
• First to license a COTS
biometric services platform
(BioSP)
• First to license biometric
enrollment applets and .NET
controls
• Primary supplier of biometric
PIV software for USG
2010s
• First to commercialize browser-based biometric enrollment
• Ground-breaking innovations in mobile authentication and liveness detection
©2019 Aware, Inc.
How Aware Is Different
• One-stop shop for wide range of biometric software solutions
• Agile and innovative
• Modular products enable extremely open architecture
• Independence from hardware peripherals and algorithms
• Cooperative, collaborative customer relationships
• Transparent, accessible organization
• Highly responsive technical support
©2019 Aware, Inc.
Goode NYC 2019 6
The password was invented in 1961.
The password breach was invented in 1962.
Let’s retire them both!
©2019 Aware, Inc.
What Do Mobile Biometrics Aim To Achieve?
To Change the economics of an attack
• Reduces the ROI for the fraudster
• More time, risk, expense, accountability
• Makes the attack more trouble than it’s worth*
*but not necessarily impossible
Goode NYC 2019 7
©2019 Aware, Inc.
Replacing Passwords: A Multidimensional Challenge
1. Must be convenient. No false non-matches
No failures to capture
Fast and easy, anywhere
2. Must be secure. No false matches
3. Must be spoof-resistant. No PAD vulnerabilities
Goode NYC 2019 8
©2019 Aware, Inc.
Two Use Case Categories
Mobile authentication
Prevent impersonation of the targeted fraud victim
Mobile onboarding
Identity proofing via matching to IDs
Duplicate prevention, blacklist checks (1:N search)
Goode NYC 2019 10
©2019 Aware, Inc.
Facial Matching Algorithm Performance Over Time
Goode NYC 2019 11
Matching
Accuracy
2000 2010 2020
High-res digital facial
images proliferate
Machine learning
goes mainstream
Everyone gets a (really good!)
camera in their pocket
Facial recognition as
“Machine Learning 101”
©2019 Aware, Inc.
Goode NYC 2019 12
“Between 2014 and 2018, facial recognition
software got 20 times better at searching [1:N] a
database to find a matching photograph”
©2019 Aware, Inc.
NIST FRVT1 (1:1) Club
Goode NYC 2019 14
• 3Divi
• Anke Investments
• Anyvision
• Aware
• Ayonix
• Bitmain
• Camvi
• Gemalto Cogent
• CyberExtruder
• Dahua Tech
• Dermalog
• Digital Barriers
• Ever AI
• Fudan Univ
• Glory Ltd.
• Gorilla
• ID3 Tech
• Idemia
• Incode Tech
• Innovatrics
• Intellivision
• IsItYou
• Innovat’n Systems
• ITMO
• Lookman Electroplast
• Megvii/Face++
• MicroFocus
• Neurotech
• Noblis
• NTechLab
• Ping An Tech
• Panasonic
• Rank One
• Real Networks
• Saffe Ltd
• Samtech
• Shaman
• Shenzhen
• Smilart
• Synesis
• Tech5
• Tevian
• TigerIT
• Tong Yi Trans
• Toshiba
• Ultinous
• Vcognition
• Visidon
• Vigilant Solutions
• VisionLabs
• Vocord
• Zhuhai Yisheng
• Shanghai Yitu
©2019 Aware, Inc.
How Does an Algorithm Achieve “Convenience”?
Goode NYC 2019 16
Convenience ~ lower bar for quantity and quality of biometric dataLots of Signal Lots of Noise
Professionally Captured Selfie
©2019 Aware, Inc.
Facial Recognition on Mobiles: The Good and the Bad
Goode NYC 2019 18
Facial biometrics are ideal
for mobile authentication…
Accurate, familiar, and
convenient!
…but they are relatively
easy to spoof
Trillions of HD digital images
of our faces are out there
©2019 Aware, Inc.
What is Liveness? Why Is It Important?
• Security of biometrics must not depend on their secrecy
• Biometrics are useful ONLY to the degree they are:
– INHERENT
• ergonomically viable for reliable presentation by the genuine owner
– DETECTABLE
• can be economically sensed/detected; reasonable signal-to-noise ratio
– UNIQUE
• not easily/accidentally produced by a fraudster/imposter
• Spoofing vulnerability degrades their UNIQUENESS
Goode NYC 2019 20
©2019 Aware, Inc.
Liveness for Authentication Vs. Registration
Authentication
• Trusted reference sample
previously registered
• Biometric non-match
prevents false-match
spoofs
• No match, no spoof
Registration
• No reference sample
• Many banks want to use faces
for mobile onboarding…
• Face image should be
ABIS-searchable
• Image should be
citable in court
Goode NYC 2019 25
©2019 Aware, Inc.
Must Prevent False Non-Matches for Onboarding
Goode NYC 2019 26
False MatchFalse Non-Match
Authentication
Registration
Low utility Spoof attack
Identity theftAvoid detection
Fraudulent duplicates
Fraudster’s Desired Outcome
For mobile onboarding, must detect the large universe of
non-matchable face images to prevent false non-matches
©2019 Aware, Inc.
PAD Is a Hard Problem (Harder Than Matching!?)
• Technical constraints
– Mobile CPU, sensor performance, device variety, network bandwidth, server scalability
• Unpredictable real-world environments
– E.g. bright sun or darkness
• Noisy data
• Friction! Consumers are very sensitive to it
• Wide variety of attacks to address
• No abundance of ready-made scrapable training data
Goode NYC 2019 27
©2019 Aware, Inc.
First, Let’s Get Better at Measurement!
Goode NYC 2019 30
NIST SOFA-B
Strength of Function
For Authenticators –
Biometrics
The concept of
“Effort”
ISO 30107-1/3
Presentation
Attack Detection
Testing methods
and metrics
FIDO Biometrics
Requirements
Performance
thresholds
ISO 19795-1/2
Biometric
performance
Testing methods
and metrics
BEAT-EU
Biometric
Evaluation
& Testing
Testing methods
and metrics
©2019 Aware, Inc.
Contrasting Ways to Measure: IAPMR vs APCER
IAPMR
Impostor Attack Presentation Match Rate
• Proportion of presentation attacks in which the target reference is matched.
• No match, no spoof.
APCER
Attack Presentation Classification Error Rate
• Attacks incorrectly classified as normal presentations
Goode NYC 2019 34
©2019 Aware, Inc.
PAD Testing per FIDO – IAPMR-Based
• 10 Subjects
• Five of the six selected Level A PAI species SHALL achieve an IAPMR of less than 20%.
• In addition, all selected Level A PAI species SHALL achieve an IAPMR of less than 50%.
• Three of the four selected Level B PAI species SHALL achieve an IAPMR of less than 20%.
• In addition, all selected Level B PAI species SHALL achieve an IAPMR of less than 50%.
Goode NYC 2019 35
Level A Level B
IAPMR Max20% 20% 20% 20% 20% 50% 20% 20% 20% 50%
©2019 Aware, Inc.
Lots of Approaches
• “Active” – physical user challenge/response
– Challenge/response (blink, smile, motion)
• “Passive” – in the background; little/no user awareness
– Skin color and texture
– Sharpness
– Parallax
– Artifacts (e.g. cutouts)
– Machine learning-based approaches are promising…
Goode NYC 2019 36
©2019 Aware, Inc.
Machine Learning for PAD
• ML is accelerating improvements to spoof detection
– Similar trajectory as matching
– But arguably more difficult algorithmic challenge
• Some ML approaches avoid user friction, security
vulnerabilities
• Need more data! Nowhere near as much exists as for
genuine faces
Goode NYC 2019 37
©2019 Aware, Inc.
Multimodal Approach: Face + Voice/Keystroke
Face+
Voice
Face+
Keystroke
Dynamics
Goode NYC 2019 39
©2019 Aware, Inc.
Voice Authentication Performance
Goode NYC 2019 43
FIDO
biometric
performance
requirement
3/100
1/10,000
voice
©2019 Aware, Inc.
Voice Spoof Detection - Classify
• Live and recorded human voice
• Human and synthetic voice
• Check out Lyrebird.ai
Goode NYC 2019 46
©2019 Aware, Inc.
Voice Spoof Detection Competition: ASVSpoof-2017
Goode NYC 2019 47
False Pos. = 2%
False Neg. = 15%
©2019 Aware, Inc.
Benefits of Multimodal with Face + Voice
• ~10x lower error rates
• Convenient and familiar mobile activities
• Can be captured simultaneously
• Leverage generic sensors
– Camera + microphone
– Universal device coverage
• Exponentially more complicated to spoof
Goode NYC 2019 48
©2019 Aware, Inc.
Thank You!
[email protected] Reading
• Presentation Attack Detection Methods for Face Recognition Systems –A Comprehensive Survey; R. Raghavendra, C. Busch
• A Survey of Various Face Liveness Techniques for Biometric Antispoofing Applications; T. Anju, S. Sonekar
• Recent Advances in Biometric Security: A Case Study of Liveness Detection in Face Recognition; K. Ito, T. Okano, T. Aoki
• Automatic Speaker Verification Spoofing and Countermeasure Challenge (ASVSpoof 2017); http://www.asvspoof.org
Goode NYC 2019 53
We create a Trust Anchor by authenticating government issued IDs so that you can verify who you are doing business with, the first time and every time.
We allow you to:▪ Minimize Risk & Prevent Fraud▪ Enhance Physical & Digital Security▪ Eliminate Keystrokes & Automate Processes
So that you can:▪ Automate Customer Onboarding▪ Instantly Verify Age, Address & Identities▪ Be Compliant with KYC, AML , PII, GDPR & more
Why Acuant
Our secure solutions are omnichannel & multiplatform for on premise & remote transactions, with no data being stored.
Acuant in Action: How it Works
CAPTURE CLASSIFY AUTO-FILL AUTHENTICATE VERIFY
Instant Authentication to:
✓ Catch counterfeit IDs and prevent fraud
✓ Eliminate manual ID verification processes
✓ Enable strong, multi-factor, password-free
authentication
✓ Obtain near 100% data extraction accuracy
Depending on the series, type & class of an identity document, Acuant will run between 10-50 unique forensic
tests averaging 5 seconds to
determine authenticity.
Powered by AI with Human Assisted Machine Learning
Ozone® provides the robust cryptographic security processing needed to support ePassports. Delivered through use case-specific software bundles or via the Acuant Trust Framework SaaS, Ozone® supports ePassport issuance, forensic analysis, and border crossing/inspection processes, as well as every document authentication process from identity verification and employment onboarding to disconnected document/identity validation via a mobile device.
The AssureID Ozone® offerings provide the trust framework to meet the security and vetting processes required by government (European Commission, USA, Canada, & Global) regulations.
ICAO Compliant Document Security Object (SOD) IssuanceICAO Compliant Quality Assurance Control3rd AMLFATFEU Right to WorkBank Secrecy Act
Currency & Foreign TransactionsRed Flag Rules (FTC/NCUA)Patriot ActAnti-Terrorism ActKYCCIPGramm-Leach-Billey Act
Meet Regulatory Requirements:
Ozone® Award Winning ePassport Solutions
Data Matters: The Most ID Coverage & Supported Documents
✓ Driver's Licenses✓ State IDs✓ National IDs✓ Military IDs
Acuant has the industry's largest Identity Document Library with over 6,000 Global Documents covering 196+ countries.
➢ We have the most data to provide the highest accuracy when it comes to passing or failing an ID
➢ We provide the most coverage with continuous updates
➢ Which means your transactions will be the most accurate and have the least amount of undeterminable responses
✓ Medical Insurance Cards✓ Auto Insurance Cards✓ Credit Cards
✓ Passports✓ ePassports✓ Passport Cards✓ Border Crossing Cards
✓ Voter ID Cards✓ Resident Cards✓ Visas✓ Govt: PIV, CAC, TWIC
Acuant in Action
Leading Global Financial Institutions chose Acuant for on premise, mobile and cloud customer workflows to meet regulations and improve customer experiences
More than 40% of the 18,000 new car auto dealers in North America chose Acuant
3 Top 20 Global Mobile Network Operators rely upon Acuant for account opening and
account fraud reduction
10 Top 30 EMR/EHR providers, several of the largest pharmacy operators and the
world’s leading clinical labs selected Acuant for security and process improvement
Across the globe in North and South America, APAC, Europe, the Middle East and Africa- Acuant is integral to securitizing critical and strategic points of entry/exit
Acuant supplies numerous providers of access control and secures facilities such the World Trade Center, The Hague and the Pentagon
You may not know us, but you use us. Acuant powers identity based workflows for world class institutions. We process millions of transactions daily in over 190 countries.
We allow you to verify who you are doing business with, the first time and every time.
SAFEGUARD▪ Minimize Risk & Prevent Fraud
▪ Enhance Physical & Digital Security: stringent privacy standards to protect PII
▪ Be Compliant with KYC, AML , PII, GDPR & more
IMPROVE▪ Solutions are user friendly, low friction and easily adaptable to business needs with
easy integration in any environment
▪ Solutions are Omnichannel & Multiplatform for on premise /remote transactions
THE ACUANT ADVANTAGE▪ AI with Human Assisted Machine Learning for the Highest Speed & Accuracy Rates
▪ Secure, Simple, Scalable Multi–factor Authentication
▪ World class global partnerships & first class partner support
The Acuant Advantage: 20+ Years of Experience
CONTACT US+1.213.867.2625
6080 Center Drive Suite 850Los Angeles, CA 90045
[email protected] | acuantcorp.com
Steve Maloney, EVP Strategy & Business [email protected]
Company Confidential
Empowering Digital TransformationDr. Neil Costigan(833) 248-6732123 Mission St, San Francisco, CA
Company Confidential
What We Do. Authenticate Beyond One-Time.
It’s Continuous. And Transparent.
CONTINUOUSONE-TIME AUTHENTICATION
CUMBERSOME
TRANSPARENT
DIGITAL EXPERIENCE
INTEGRATED WITH YOUR APPS
Company Confidential
How We Do It. What We Look At.
Press Flight Sequence
Press Flight
Screen resolution
Language settings
Browser version
Surface
Gyroscope Accelerometer
Pressure Motion
Hit Zone
Platform version
User Agent
Sequence
IP Device BrowserInformation
Mouse
Account Takeover � New Account Fraud � Account Sharing ViolationsUnique Human Validation � Bots & Remote Access Threats
BEHAVIOSEC BEHAVIORAL BIOMETRICS PLATFORMC
ontin
uous
Aut
hent
icat
ion
–Tr
ansp
aren
t to
Use
rs
Host
ing On-Premise BehavioSec HostedPrivate Cloud
High Availability Enterprise Scalability Multi-Tenancy
Tech
Sta
ck
AndroidiOSWeb
JavaScript Client SDK, Mobile SDK & Framework Plugins
Core
Device & Network Reputation
Machine Learning Behavioral Profiling Engine
Global Profiling
Client
Server
Management
User Administration
Dashboards, Analytics and Reporting
Case Management
BehavioSec Open Risk Ecosystem
Platform Partner Examples(all in production Q4 2018):
RESTAPIs
Company Confidential
About BehavioSec
• Founded in 2008 out of academic research
• Based in San Francisco with operations throughout EMEA
• First to pioneer Behavioral Biometrics category
• First to have Global 2000 deployments verifying identity across billions of transactions and millions of users
• First and only to deliver Behavioral Biometrics for on-premises and hosted environments
• Strong patent portfolio on Behavioral Biometrics
• Best enterprise grade solution as validated by Global 2000’s evaluating vendors in this space
• Strong investment partners that include Trident/Forgepoint Capital, Cisco, ABN AMRO, Conor Ventures and Octopus Ventures.
• Rich R&D initiatives with entities like DARPA.
Company Confidential
Authentication needs in a Cashless SocietySweden is almost cashless. What does this mean for the Swedish banks?
Company Confidential
The Journey of Electronic Identification (eID) in Sweden
• 2003 – Soft Certificate eID• Jointly owned by the largest banks
• Mainly used for bank authentications
• 2005 – Smartcard eID• Mainly used for bank authentications
• 2011 – Mobile eID• Mainly used for bank authentications
• 2012 – Introduction of P2P Mobile Payments• People stop carrying cash
• Stores stop accepting cash in favor in Mobile Payments
Company Confidential
Company Confidential
The Journey of Electronic Identification (eID) in Sweden
• 2011 – Mobile eID
• Mainly used for bank authentications
• 1-2 Transactions per user per month
• 2012 – Introduction of P2P Mobile
Payments
• Transactions begin to take off
• Ease of use makes other entities turn to the
mobile eID for secure authentication
• 2018 – 3,3 billion authentications
• 2019
• Over 300,000,000 authentications per
month, est. to exceed 4 billion for the year
Company Confidential
Company Confidential
The BehavioSec Difference
Best of BreedBroad Patents | DARPA Awards
Enterprise GradeG2000 Deployments
Deployment FlexibilityG2000 Deployments
Broad IntegrationWeb, Mobile and Legacy Systems
Billions ofTransactions
Proven Production Scalability
Accurate DetectionLow False +/-
Dr. Rolf Lindemann, Sr. Director Products
The Trusted Leader in Next Generation Authentication
©2019 Nok Nok Labs
• Proven authentication platform with innovations based on the real world• Servers deployed globally at scale• 38 patents and 68 International patents issued or filed
• Most widely deployed B-to-C passwordless solution on the market• 150M+ Users• Billions of authentications
• Deep domain expertise in next-generation authentication• Invented standards-based authentication (FIDO)• Founder of FIDO Alliance • Editors of the specifications
Who is Nok Nok?
Passwordless, Strong, ScalableAny App, Any Device, Any Authenticator
2©2019 Nok Nok Labs
Digital Identity & Authentication System Components
Physical-to-digital identity
User Management
Authentication
Federation
SingleSign-On
Strong Risk BasedPasswords
Next Generation Authentication
3©2019 Nok Nok Labs
How does Next Generation Authentication work?
FIDO AuthenticationUser Verification Authenticator
©2019 Nok Nok Labs
How does Next Generation Authentication work?
FIDO AuthenticationUser Verification Authenticator
Support user preferred modalities©2019 Nok Nok Labs
How does Next Generation Authentication work?
FIDO AuthenticationUser Verification Authenticator
Support all relevant digital channels©2019 Nok Nok Labs
How does Next Generation Authentication work?
FIDO AuthenticationUser Verification Authenticator
Support multiple Authenticator form factors©2019 Nok Nok Labs
How does Next Generation Authentication work?
FIDO AuthenticationUser Verification Authenticator
Support different assurance levels and authentication scenarios©2019 Nok Nok Labs
How does Next Generation Authentication work?
FIDO AuthenticationUser Verification Authenticator
Support multiple authentication targets©2019 Nok Nok Labs