Biometrics, Creepy or Convenient? - Goode Intelligence

Presented by

Goode Intelligence

April 4th 2019

Rise New York

43 W 23rd St

New York

NY 10010

USA

Strategic Partner

Biometrics, Creepy or Convenient?

Creepy Tech

#creepyorconvenient

#creepyorconvenient

#creepyorconvenient

https://twitter.com/mbrennanchina/status/1109741811310837760

#creepyorconvenient

Powered by

Are biometrics creepy or convenient?• Thursday, March 14, 2019

Q1: Scenario one: While waiting in a queue to pay at a petrol (gas) station a screen displays personalized adverts based on your age, gender and ethnic background. A camera located at the entrance of the petrol station captures your face and then passes this to an algorithm that determines your age,

gender and ethnic background. It then uses this data to display personalized ads to you. Do you find this creepy or convenient?

Q2: Scenario two: A high-profile VIP is attacked by a weaponized automated drone that uses facial recognition to identify its target.Do you find this creepy or convenient?

Q3: Scenario three: While you are accessing your online banking account, a behavioural biometric system is learning about how you interact with technology, use your smartphone or typing on your keyboard to develop a unique profile that can be used to identity you and prevent imposters from

accessing your account. Do you find this creepy or convenient?

Summary

• There are plenty of grey areas

• Cultural differences

• Regional differences

• Impact of regulation

• Consumer opinion is important

#creepyorconvenient

b-secur.com

All information is strictly confidential and proprietary to B-Secur

“The Global ECG equipment market is anticipated to grow from $ 4645 million in 2017 to $8050 million by 2026, at a CAGR of 6.34% for the forecast year of 2018 and 2026.”(Inkwood Research, 2017)

“THE YEAR OF ELECTROCARDIOGRAM TECH IS UNDERWAY.” (CNET, 2019)

“We’re going to see about a 1,600- fold increase in data over the next decade and we’re starting to think about what it would really mean to harness this information that’s coming from the clinic, home and remotely.” (Mobile Health News, 2019)

Smart Worker Market worth 4.40 Billion USD by 2023(Market and Markets, 2019)

ECG Feature in Apple Watch is already saving lives. (Apple Insider, 2018)

Withings launched the Move ECG at CES 2019, a smartwatch with both activity tracking and the ability to measure electrocardiograms (ECGs), and send them directly to your doctor. Plus, the watch can detect atrial fibrillation, or irregular heartbeats. (Business Insider, 2019)

ECG is Going Mainstream


Who are B-Secur?


B-Secur are expertsin ECG technologyUsing the heart to enable

secure health & wellness insights

in the connected world


HeartKey is our solution: a collection of ECG algorithms and analytics

securing health and wellness insights


ECGAdvantages

Accurate User ID

Medical Grade HR

Accurate HRV

Accurate Arrhythmia detection

Disadvantages

Requires two points of contact

PPGAdvantages

Single point of contact

Easy continuous monitoring

Disadvantages

Can provide inaccurate HR

Cannot be used for accurate HRV

ECG and PPG CombinationAdvantages

Continuous HR and Stress Monitoring

User ID

Accurate HR and HRV

Blood Pressure Monitoring

Accurate Arrhythmia detection

Market Ready and building

Multiple OEMs developing

Eco-system into Auto, Healthcare, Insurance etc

Significant Data platform play

Benefits of ECG & PPG for Secure VSM


ECG BiometricApplications

Genuine

User ID

Identification,

Liveness

Detection

HeartKey™️ for Automotive

Health & WellnessContinuous / Passive Identification

Early

Detection,

Prevention

Payments /

Insurance

HeartKey™️ for Wearables

Continuous / Passive Identification Health & Wellness

Genuine

User ID

Asset

Tracking/

Critical

mission

Stress,

Fatigue,

H.R.V.

HeartKey™️ for Smartwear

Health & WellnessContinuous / Passive Identification


HeartKey Platform


Connected Worker Control


Connected Worker Employee

The information on this slide is strictly confidential and proprietary to B-Secur

Stress Log X-Devices

AI-DRIVEN IDENTITY REVOLUTION

No need to introduce yourself.

New Interface Emerging

“Speech is a new primary interface” – John Chambers, Cisco ex-CEO

3

Conversational UI Everywhere!

3

Virtual

Assistants

Messengers

IoT Devices (cars,

smart homes,

appliances)

of US adults already

use conversational

interfaces

50% NEW ID CHALLENGES

Strong User authentication

Frictionless / Noncollaborative

Good UX = No UX

4

Authentication Needs to Be Simple

5

Biometrics Solve UX and Security

ID R&D combines best in class biometric technology (Voice, Behavioral and Face*) with Liveness Detection for continuous authentication and

a frictionless UX

Our industry leading AI-based voice biometric engine developed by

NIST winning team delivers high accuracy, low footprint and

robustness to noise.

ID R&D is a leader in voice and face anti-spoofing with a unique AI-

based approach that can distinguish a human voice / face from a

digital representation (recording, photo)

Biometrics for Conversational Interface

Voice

Transfer ID complexity from user to AI

AI-DRIVEN BIOMETRIC TECHNOLOGIES FOR

ENHANCED SECURITY AND FRICTIONLESS UX

Biometrics for Secure Login

Behavioral

Face*

Voice

Behavioral

Liveness

*Licensed

6

Best-In-Class Voice Biometrics

Methods – x-vector, DNN, CNN

Short utterances – 1-2 sec of speech

Text-dependent and Text-independent

Accuracy – EER-0.3%

Template size – 1.6KB

ML based Model Enrichment

6

ID R&D voice biometric engine utilizes a number of AI and

traditional techniques to provide the best in class performance.

1

4

2

3

5

Key Performance metrics (up to)

Access to large data sets would allow to further enhance the

solution

Text independent algorithms from ID R&D a “complete gamechanger” – Opus Research

Leading accuracy and shortest utterances for voice verification using new AI

techniques

ASVSpoof-2017 Results

ID R&DD01

77

Best-In-Class Voice Biometric Liveness

ASVspoof 2017: Automatic Speaker Verification Spoofing and Countermeasures Challenge designed to test biometric technology

capabilities for "replay attack" detection (live voice vs a recording).

The Challenge was designed to test an ability to

distinguish between human voice and a recording of a

human voice

ID R&D is one of the clear

leaders in the largest voice

biometric anti-spoofing

challenge (2017)

Top Performer in 2017 Liveness Testing

Closer to zero point is better

88

Best-in-Class Voice Liveness Again in 2019

ASVspoof 2019: Automatic Speaker Verification Spoofing and Countermeasures Challenge,

Logical Test

The Challenge was designed to test an ability to

distinguish between human voice and synthesized voices

ID R&D is a clear leader in

the largest voice biometric

anti-spoofing challenge to

date

ID R&D

Large performance gap compared to next best system

▪ World’s First Frictionless, continuous, multi-modal biometric verification▪ Chatbots (typing)

▪ Virtual Assistants (voice)

▪ No User Experience ( UX) ▪ Requires no input from a user for authentication

▪ High Security▪ Multi-modal biometrics

▪ Voice, Behavioral, Face

▪ Man in the middle attack prevention

▪ Ideal solution for Conversational Interface

SafeChat™ Conversational Interface for mobile or web showing Text

Independent capability:

Excerpt SafeChat Video Demo

https://drive.google.com/open?id=1Em94HVcTRQiuNdyjNg3OEtWuBEyj14-L

10

SafeChat™ – Biometric Virtual Assistant

Please follow to link to preview this solution: SafeChat10

BIOMETRIC VIRTUAL

ASSISTANT ASK A QUESTION

(TYPE OR SPEAK)

REAL TIME FRICTIONLESS

BIOMETRIC ID

Biometric

Matching

Scores

11

SafeChat – HOW IT WORKS

Enabling frictionless (“Friend”) experience 11

CAMERA

ACCELEROMETER/GYRO

KEYBOARD

MICROPHONE

CONFIDENCE

SCORE

Ensemble of Deep Neural Networks

1

Iris ID Systems Inc.

8 Clarke Drive, Cranbury, NJ 08512

Iris Recognition comes of age

Identity – Access – Workforce

Iris Recognition TechnologyIdentity Authentication

2

• US-directed global business unit

• Established in 2002 (US)

• Reflecting importance of security post 9-11, and US/G-20 influence driving

technology adoption

• Spin-off unit created form LG to Iris ID Systems Inc in Dec. 2010.

• Commands attention of senior management previously from LG IRIS

• Focus on future development of the technology

• Creating Alliances with best of breed ID companies

• GBU is IRT experience-rich

• In technology

• In marketing and sales

• In support and service

• Vision, mission, growth reflect core Iris ID core competence

• Identity authentication, not iris, biometrics, security, access control, or identity

management at scale

• Identity – Access – Workforce

• Technology – Partnership – Innovation

• Cranbury NJ, Dubai, Mexico City, Singapore, Seoul , Bangalore

About Iris ID

3

Accepted & Deployed Worldwide 1 of 2 (commercial market)

Asset ProtectionData Center Security

Lab Security &Bio Hazard

Containment

InfrastructureProtection

WorkforceManagement

Hotels ClubsPOS & Retails

This is a partial list, for representation only

http://images.google.com/imgres?imgurl=http://www.honda.net.my/images/contact_honda_logo.jpg&imgrefurl=http://www.honda.net.my/press_new_register.htm&h=212&w=307&sz=8&tbnid=-Jh5wcV2jcAJ:&tbnh=77&tbnw=112&hl=en&start=10&prev=/images?q=honda+logo&svnum=10&hl=en&lr=&rls=GGLD,GGLD:2004-43,GGLD:en

http://images.google.com/imgres?imgurl=http://www.gct.org/images/rolex_logo.jpg&imgrefurl=http://www.gct.org/gday02.html&h=176&w=277&sz=6&tbnid=jPCdrCMef60J:&tbnh=69&tbnw=109&hl=en&start=1&prev=/images?q=rolex+logo&svnum=10&hl=en&lr=&rls=GGLD,GGLD:2004-43,GGLD:en

http://images.google.com/imgres?imgurl=http://www.ngwa.org/images/logo/cdc%20color%202.gif&imgrefurl=http://www.ngwa.org/education/aware.html&h=146&w=201&sz=8&tbnid=vxGudE_vnjwJ:&tbnh=71&tbnw=99&hl=en&start=5&prev=/images?q=CDC+logo&svnum=10&hl=en&lr=&rls=GGLD,GGLD:2004-43,GGLD:en

http://chronicle.augusta.com/images/headlines/033198/srs_logoLR.gif

http://www.pg.com/

4

VietnamMulti-stage

Government ID

Kingdom of Jordan

Kingdom of Saudi Arabia

State of Qatar

Sultanate of Oman

India

UIDIA

Accepted & Deployed Worldwide 2 of 2 (government market)

TransportationSecurity

Government &Public Safety

CivilIdentity

This is a partial list, for representation only

Canada/USBorder

Mexico National ID Program

http://images.google.com/imgres?imgurl=http://www.westac.com/sacw/CATSA-Logo-(text).gif&imgrefurl=http://www.westac.com/sacw/sacw.html&h=323&w=540&sz=11&tbnid=MEr_toHP31gJ:&tbnh=77&tbnw=130&hl=en&start=3&prev=/images?q=CATSA&svnum=10&hl=en&lr=&rls=GGLD,GGLD:2004-43,GGLD:en&sa=N

http://www.tjack.com/assets/images/db_images/db_PentagonLogo1.jpg

http://lebanon.usembassy.gov/

5

Applications – Devices

Multimodal Trend• Field applications require different devices.

• Fixed – Desktop - Handheld – Mobile – Distance - Harsh Environment

• All devices are standards compliant for Iris & Face Capture

6

Sclera

Iris

Retina

Choroid

Lens

OpticNerve

AqueousHumor

Cornea

Ciliary Muscle

Iris

Retina

• The donut shape of the eye except the black part(pupil) is the iris.• Iris recognition technology is different from the retina scan. It is same as taking pictures

using normal digital camera - no worry about eye safety.

Iris Recognition – Not Retina !

7

Iris Recognition comes of age for National ID

8

Boundary of Upper Eyelid

Boundary of the sclera (limbus)

Boundary of Lower Eyelid

Boundary of Pupil

* limited data on newborns, also barring trauma/surgery/low incidence disease.

• Extremely small outlier population• Physical variances have low impact• Age: stable template: 1 -> 99 *• One time lasting enrollment• Fastest authentication• 1:N Identification and 1:1 Verification• Single or two-factor mode• Low FAR (false accept ratio) and low FRR (false reject ratio)


9

After 12 months of age, the iris pattern is completed and does not change through life. The iris pattern is unique - left and right iris are different, the irides of twins are not the same

Positive Identification

The probability of two individuals having the same iris pattern is 1 in 1072 . The most accurate biometric technology commercially available as of today.

Most Accurate

Just take a look from a distance of 12-14 inches (31-35cm) for recognition up to a one meter.

Identification is possible even when wearing sunglasses or contact lens.Easy of Use

Iris recognition is especially powerful in a large scale environment such as airport or borderline

where high throughput is needed (1:N recognition in 10’s of millions database - less than 2 seconds)Rapid Speed of Throughput

Iris recognition is non-contact and non-invasive which means it is safe from any harmful

contamination among people.Non-Invasive

It's highly scalable from mid/small size office environment to large scale enterprise system or

ultra large scale national ID project.Highly Scalable

Iris ID becomes higher standard of biometric security solution. IrisAccess has perfect countermeasure solution for filtering photo, video or fake eye intrusion.

Countermeasure

Iris Recognition why use it ?

10

After 12 months of age, the iris pattern is completed and does not change through life. The iris pattern is unique - left and right iris are different, the irides of twins are not the same

CLEAR

The probability of two individuals having the same iris pattern is 1 in 1072 . The most accurate biometric technology commercially available as of today.

Schiphol

Just take a look from a distance of 12-14 inches (31-35cm) for recognition up to a one meter.

Identification is possible even when wearing sunglasses or contact lens.Schiiphol 2

DHS Pedestrian Exit Trial in Southern CaliforniaOtay Mesa

Iris recognition is non-contact and non-invasive which means it is safe from any harmful

contamination among people.Non-Invasive

Iris Recognition - Who is using it ?

11

Iris Recognition Smaller Outlier Population

12

• Border Patrol – E3

• US DOD – BAT A

• DMDC – CAC/PIV Card

• CJIS/FBI Iris Integration

• CLEAR

• NYPD – Arraignment

• LASD Multimode Livescan

• York County – Book and Release

• George W. Hill Correctional Book and Release

• Georgia Dept. of Corrections

• Larimer County Correctional

• DHS S&T Biometric Technology Rally

And the list goes on……..

US Government & International Programs

Multimodal Trend

• UIDAI –AADHAR

• NEXUS Air – Canada

• Doha Airport

• Mexico National ID (RENAPO)

• Mexico Driver License Program

• Mexico Pension Program

• Iraq Citizen ID ( Pension Program)

• Somaliland Voter Registration

• Mali Immigration (rollout underway)

• Qatar Immigration - Hammad

• Turkmenistan Immigration and R Gate

• Schiphol Privium – Amsterdam

• Yonkfa Project – Ghana – Heathcare

And the list goes on……..

13

• NIST AGING REPORT: – IREX VI: Mixed-effects Longitudinal Models for Iris Aging:

• “Using two large operation datasets, we find no evidence of a widespread iris ageing affect,” the report notes. “Specifically, the population statistics (mean and variance) are constant over periods of up to nine years. “

– Quantifying Biometric Permanence Using Operational Data

Iris Recognition Stable Over Time

https://www.nist.gov/sites/default/files/documents/2016/12/01/06_thursday_grother_2014_04_03_1125_30min_ageing3_final.pdf

http://ws680.nist.gov/publication/get_pdf.cfm?pub_id=918919

https://www.nist.gov/sites/default/files/documents/2016/12/01/06_thursday_grother_2014_04_03_1125_30min_ageing3_final.pdf

14


• Questions ?

Additional program details and photos follow….

Tim MeyerhoffIris ID Systems Inc.

[email protected]

908 803 4596 c

•

mailto:[email protected]

recognize people by the way they type

Raul PopaCEO & Data Scientist

Passwords are not enough

Over 80% of ATOs are related to weak passwords.

3bn passwords are compromised yearly.

Up to 2% of stuffing is successful.

Identity theft causes losses of $16 bn/yr.

Account takeover fraud rises by 31%/yr.

We type more than ever

Recognize people when they type

Our vision is to be the passive authentication of the future, to improve and secure the world in the next age of typing-based communication.

Let’s see how it works

How it works

Mobile Desktop

We record typing behavior on mobiles and desktops/laptops.

How it works

Typing behavior recording

Data engineering Machine learning Authentication

Stellar security, great user experience

UX

Security

x TypingDNA

Vulnerabilities of AI recognition systems

Some things to consider

Security - accuracy is not enough, data storage, anonymization



Versatility - environment changes (location, time, personal)




Ease of use - onboarding process, enrolling users, fallbacks




Ease of use - onboarding process, enrolling users, fallbacks

Maintenance - critical updates

The future of authentication

Thank you!

[email protected]@typingdnawww.linkedin.com/company/typingdna

Raul PopaCEO & Data Scientist@raulpopa

Our vision is to be the passive authentication of the future, to improve and secure the world in the next age of typing-based communication.

mailto:[email protected]

https://www.typingdna.com

https://twitter.com/typingdna

1Confidential 2018

Genuine Presence

Assurance -

securing banks

and customers

4th April 2019

Andrew Bud

Founder & CEO,

iProov

Confidential 2019

About iProov

2

Award winning

Trading in London since 2013

World-class team of 30 staff

Proprietary in-house technology

with 12 granted patents

Background

Recognised leaders in

biometric anti-spoofing

Confidential 2019

Serving Leading Banking & Government Customers

Confidential 2018

How can we trust in the

genuine presence of a

remote user?4Confidential 2018

Confidential 2019

Better Authentication

Confidential 2019

Or is it a…

→ photo or digital image?

→ doctored recording?

→ synthetic video?

→ corrupted device?

Genuine Presence Is at the Heart of Biometric Verification

Is this a

real person

Genuine presence detection is the next frontier of cyber security

?

Confidential 2019

Biometrics in Strong Authentication

Match?

Genuine? Present?

Impostors

(low intensity driveby)

Copies:

Physical, digital, direct injection

Replays:

Recordings and deepfakes

Confidential 2019

The Solution: iProov’s Flashmark controlled illumination

Covered by 12 granted patents

Passed

Azure Cloud

iProov SOC and SaaS Provide Sustainable Security

Detection and adaptation to new attacks

Continuous learning eliminates

zero-day risk

Growing data set of

millions of application images

Confidential 2019

Impartially tested and assessed

Face

Level A Time: short

Expertise: anyone

Equipment: readily

available

Paper printout of face

image, mobile phone

display of face photo

Source of biometric

characteristic: easy to

obtain

Photo from social

media

Level B Time: > 3 days

Expertise: moderate skill

and practice needed

Equipment: available but

requires planning

Paper masks, video

display of face (with

movement and

blinking)

Source of biometric

characteristic: more difficult

to obtain

Video of subject, high

quality photo

660 different attacks on iProov

Tested to NIST SOFA-B level B

100% Resilience

ISO/IEC 19795-1:2006

ISO/IEC 30107-3: 2017

FIDO Biometric Requirements

With live user/real attack data:

FRR < 0.5% and

FAR < 0.25% for

print/screen/video attacks

Zero critical or high vulnerabilities

Confidential 2019

The User at the Heart of Authentication delivers

Maximum Conversion

Amidst a Crowded Stack, We Are a

Mission-Critical Layer

Complementary

User ID Inputs

Corroboration

& Assessment

Orchestration

Platform

Onboarding/Border Control

→ ID Matcher → Verifier

Authentication

Document & Credential Specialists

(ReadID, Mitek, Jumio, ID.me, Acuant)

Online Data Providers

(Lexis Nexis Risk, Experian, Trulioo)

Workflow Orchestration

Banks, enterprise self-supply,

solution providers

(GBG, Onfido, Idology, Chekr)

MFA Orchestration

Banks, enterprise self-

supply, solution providers

(Duo, Callsign, Daon)

Risk Measurement

(ThreatMetrix, Behavioural, Biocatch)

Multi-Factor Authentication

(Handset & software providers)

Is this the right

real person?

Confidential 2019

iProov across the whole lifecycle of customer authentication:

simple, secure, accessible

19

1. Digital customer

onboarding

2. Account access

3. Step-up 2nd factor authentication

5. Unlock account or payment card

4. Bind new device to account

Confidential 2018

Thank You

20

Making Convenience SecureHow biometric payment cards and biometric enabled wearable devices will make contactless payment even more prevalent

André Løvestam, CEO

With a mission of “Making Convenience Secure”, Zwipe is at the forefront of battery-less biometric authentication

Note: (1) BPC is an abbreviation for biometric payment cards.

• First-mover with industry leading energy harvesting and power

management technology for BPC’s(1) - launching the world’s first pilots 1

• A simple, consistent, frictionless and secure user experience with no

batteries or fixed power supply required2

• Strong market momentum for biometric payment cards with growing

commitments from leading industry stakeholders

• Partnering with world leading industry players like Gemalto and VISA3

• Solid management team with leading industry experience4

• Additional upside potential in increased product offering into wearables,

digital authentication and licensing of IP5

2

Our core technology is at the heart of secure convenienceZwipe’s technology solution enables

battery-less, contactless, ultra-low power,

self-contained biometric authentication

solutions in constrained environments

3

It’s all about the user

4

What is the problem?

Contactless is booming…

…but consumers want a fast and frictionless experience without having to sacrifice security or privacy

5

38%Say contactless doesn’t feel secure

6

51%Are very or extremely concerned about fraud on contactless cards

7

Source: RBR study Global Payment Cards Data and Forecasts to 2023

Global card expenditure to reach 45 trillion USD by 2023 on back of contactless payments

8

Disruptive change does not need to be felt by the consumer

9

What is a biometric payment card?

A payment card that features a fingerprint sensor that allows cardholders to complete both contact and contactless transactions by authenticating themselves via the fingerprint sensor, instead of using a PIN or other form of authentication

16 April 2019 Strictly Confidential10

Biometric payment cards are addressing the needs of the whole value chain

By enabling seamless commerce to its customers’ customers

FOR PAYMENT

SCHEMES

Drives

contactless and

cashless

transactions

FOR

BANKS

Branding

Fraud reduction

Offers

cardholders

peace of mind

Top of wallet

FOR

CONSUMERS

Convenience

Peace of mind

FOR

MERCHANTS

Speed

Revenue

12

Biometric authentication is fast becoming a necessity for all devices

• When looking at banking and payments, fingerprint authentication is moving from mobiles to payment cards to wearables and other devices

13

Biometrics perceived as delivering superior security

Source: AYTM Market Research, April 2018, among pilot participants

31.9%

66.7%

4.4%

46.4%

15.9%

5.8% 14.5%

14.5%13.0%

40.6%24.6%

4.4%4.4%

49.3%

52.2%

7.3%2.9%

Numeric PINSignature

100.0%

No authentication

1.5%

Biometrics

100.0% 100.0% 100.0%

Very insecure NeutralInsecure Secure Very secure

Customer ratings of perceived security among pilot participants

14

Source: Goodbye passwords, a VISA study

Consumers are ready and asking for biometrics

About half of consumers surveyed

are likely to switch away from

providers (card network, bank, or

mobile phone provider) if the

provider does not offer biometric in

the future

Source: Overcoming Mobile Biometric Challenges

a Mastercard study

93% of consumers prefer

biometrics to passwords,

further showcasing the

excitment and looking to

adopt

15

https://usa.visa.com/dam/VCOM/global/visa-everywhere/documents/visa-biometrics-payments-study.pdf

https://newsroom.mastercard.com/news-briefs/overcoming-mobile-biometric-challenges-mastercard-and-university-of-oxford-collaborate-on-new-research-initiative/

Securing payment cards and the way forward

Magnetic stripe• High fraud risk

• Slow, requires signature

• New and better alternatives available

EMV• Safer than magnetic

• CHIP + PIN is safe, but time consuming

Contactless• EMV + RFID

• Allows fast transactions, just tap card

• Low transaction limits with no PIN/signature

Biometric Dual-Interface• EMV + RFID + Biometric authentication

• Speed of contactless with safer authentication

• No transaction limits

Biometric Dual-Interface

with Dynamic CVX

• EMV+RFID + Biometric authentication + Dynamic card security

code integration

• Directly addresses card not present fraud, enabling safer online

commerce

In Development

Currently being trialed

16

What kind of biometric cards are currently in development?

Battery-powered

Battery-less

17

Why Biometric Payment Cards?

Convenience

Allows for a frictionless and more secure checkout experience thanks to biometrics

Privacy

Functions without the need for a centralized database, all biometric information are stored only on the card and nowhere else

Works with existing infrastructure

No need to change the current checkout experience or infrastructure, as it works with all point of sale terminals with both contact and contactless transactions

Addresses new Regulations

New industry and government regulations around the world are pushing for contactless and for much stronger consumer authentication in payment while retaining the user’s right to privacy

18

Competition is pushing banks to adopt new technology

19

20

Innovation is a door opener to new customers

20

Biometrics could be key to attracting millennial consumer interests

• Biometrics is increasingly being utilized not just for security but for driving convenience

• Millennials have shown preferences to utilize means of authentication that are more convenient

• The use of fingerprint biometrics is increasingly seen as the most convenient means of authenticating yourself

21

Secure at-home biometric payment card enrolment solution is key

An innovative offering that enables cardholders to register their fingerprint on their biometric payment card at home without needing to visit a bank branch

16 April 2019 Strictly Confidential

Fits inside a traditional envelope and functions like a powered greeting card, turning the card on when you open the enrolment kit

22

Not only payment cards…

Zwipe is partnering with Tappy Technologies to jointly develop and launch biometric enabled wearable payment devices as well

23

Find out more about us at zwipe.com

©2019 Aware, Inc.

Rethinking the Blink

An Update on Spoof Detection for

Mobile Biometric Authentication

…and Beyond

David BeniniVP, Marketing & Product

©2019 Aware, Inc.

Introduction to Aware, Inc.

• Founded in 1986 by MIT mathematicians

• Biometrics software supplier since 1993

• Publicly traded since 1996 (NASDAQ:AWRE)

• Headquartered near Boston, USA

• Strong balance sheet (US$50M) and profitable

• 50+ research scientists and software engineers

• Leading provider of military-grade biometric solutions for public and private sector

©2019 Aware, Inc.

Our Long History of Innovation in Biometrics 1990s

• Founding supplier to a

small biometrics community

• Helped FBI design WSQ

fingerprint image

compression algorithm for

first large-scale US Federal

Government AFIS

• First successful supplier of

COTS biometric SDKs

2000s

• Among first companies to

enable biometric e-passports

• First to license a COTS

biometric services platform

(BioSP)

• First to license biometric

enrollment applets and .NET

controls

• Primary supplier of biometric

PIV software for USG

2010s

• First to commercialize browser-based biometric enrollment

• Ground-breaking innovations in mobile authentication and liveness detection

©2019 Aware, Inc.

How Aware Is Different

• One-stop shop for wide range of biometric software solutions

• Agile and innovative

• Modular products enable extremely open architecture

• Independence from hardware peripherals and algorithms

• Cooperative, collaborative customer relationships

• Transparent, accessible organization

• Highly responsive technical support

©2019 Aware, Inc.

Goode NYC 2019 6

The password was invented in 1961.

The password breach was invented in 1962.

Let’s retire them both!

©2019 Aware, Inc.

What Do Mobile Biometrics Aim To Achieve?

To Change the economics of an attack

• Reduces the ROI for the fraudster

• More time, risk, expense, accountability

• Makes the attack more trouble than it’s worth*

*but not necessarily impossible

Goode NYC 2019 7

©2019 Aware, Inc.

Replacing Passwords: A Multidimensional Challenge

1. Must be convenient. No false non-matches

No failures to capture

Fast and easy, anywhere

2. Must be secure. No false matches

3. Must be spoof-resistant. No PAD vulnerabilities

Goode NYC 2019 8

©2019 Aware, Inc.

Facial Biometrics for Mobile

©2019 Aware, Inc.

Two Use Case Categories

Mobile authentication

Prevent impersonation of the targeted fraud victim

Mobile onboarding

Identity proofing via matching to IDs

Duplicate prevention, blacklist checks (1:N search)

Goode NYC 2019 10

©2019 Aware, Inc.

Facial Matching Algorithm Performance Over Time

Goode NYC 2019 11

Matching

Accuracy

2000 2010 2020

High-res digital facial

images proliferate

Machine learning

goes mainstream

Everyone gets a (really good!)

camera in their pocket

Facial recognition as

“Machine Learning 101”

©2019 Aware, Inc.

Goode NYC 2019 12

“Between 2014 and 2018, facial recognition

software got 20 times better at searching [1:N] a

database to find a matching photograph”

©2019 Aware, Inc.

Goode NYC 2019 13

©2019 Aware, Inc.

NIST FRVT1 (1:1) Club

Goode NYC 2019 14

• 3Divi

• Anke Investments

• Anyvision

• Aware

• Ayonix

• Bitmain

• Camvi

• Gemalto Cogent

• CyberExtruder

• Dahua Tech

• Dermalog

• Digital Barriers

• Ever AI

• Fudan Univ

• Glory Ltd.

• Gorilla

• ID3 Tech

• Idemia

• Incode Tech

• Innovatrics

• Intellivision

• IsItYou

• Innovat’n Systems

• ITMO

• Lookman Electroplast

• Megvii/Face++

• MicroFocus

• Neurotech

• Noblis

• NTechLab

• Ping An Tech

• Panasonic

• Rank One

• Real Networks

• Saffe Ltd

• Samtech

• Shaman

• Shenzhen

• Smilart

• Synesis

• Tech5

• Tevian

• TigerIT

• Tong Yi Trans

• Toshiba

• Ultinous

• Vcognition

• Visidon

• Vigilant Solutions

• VisionLabs

• Vocord

• Zhuhai Yisheng

• Shanghai Yitu

©2019 Aware, Inc.

Goode NYC 2019

©2019 Aware, Inc.

How Does an Algorithm Achieve “Convenience”?

Goode NYC 2019 16

Convenience ~ lower bar for quantity and quality of biometric dataLots of Signal Lots of Noise

Professionally Captured Selfie

©2019 Aware, Inc.

Facial Recognition on Mobiles: The Good and the Bad

Goode NYC 2019 18

Facial biometrics are ideal

for mobile authentication…

Accurate, familiar, and

convenient!

…but they are relatively

easy to spoof

Trillions of HD digital images

of our faces are out there

©2019 Aware, Inc.

What is Liveness? Why Is It Important?

• Security of biometrics must not depend on their secrecy

• Biometrics are useful ONLY to the degree they are:

– INHERENT

• ergonomically viable for reliable presentation by the genuine owner

– DETECTABLE

• can be economically sensed/detected; reasonable signal-to-noise ratio

– UNIQUE

• not easily/accidentally produced by a fraudster/imposter

• Spoofing vulnerability degrades their UNIQUENESS

Goode NYC 2019 20

©2019 Aware, Inc.

Liveness for Authentication Vs. Registration

Authentication

• Trusted reference sample

previously registered

• Biometric non-match

prevents false-match

spoofs

• No match, no spoof

Registration

• No reference sample

• Many banks want to use faces

for mobile onboarding…

• Face image should be

ABIS-searchable

• Image should be

citable in court

Goode NYC 2019 25

©2019 Aware, Inc.

Must Prevent False Non-Matches for Onboarding

Goode NYC 2019 26

False MatchFalse Non-Match

Authentication

Registration

Low utility Spoof attack

Identity theftAvoid detection

Fraudulent duplicates

Fraudster’s Desired Outcome

For mobile onboarding, must detect the large universe of

non-matchable face images to prevent false non-matches

©2019 Aware, Inc.

PAD Is a Hard Problem (Harder Than Matching!?)

• Technical constraints

– Mobile CPU, sensor performance, device variety, network bandwidth, server scalability

• Unpredictable real-world environments

– E.g. bright sun or darkness

• Noisy data

• Friction! Consumers are very sensitive to it

• Wide variety of attacks to address

• No abundance of ready-made scrapable training data

Goode NYC 2019 27

©2019 Aware, Inc.

First, Let’s Get Better at Measurement!

Goode NYC 2019 30

NIST SOFA-B

Strength of Function

For Authenticators –

Biometrics

The concept of

“Effort”

ISO 30107-1/3

Presentation

Attack Detection

Testing methods

and metrics

FIDO Biometrics

Requirements

Performance

thresholds

ISO 19795-1/2

Biometric

performance

Testing methods

and metrics

BEAT-EU

Biometric

Evaluation

& Testing

Testing methods

and metrics

©2019 Aware, Inc.

Contrasting Ways to Measure: IAPMR vs APCER

IAPMR

Impostor Attack Presentation Match Rate

• Proportion of presentation attacks in which the target reference is matched.

• No match, no spoof.

APCER

Attack Presentation Classification Error Rate

• Attacks incorrectly classified as normal presentations

Goode NYC 2019 34

©2019 Aware, Inc.

PAD Testing per FIDO – IAPMR-Based

• 10 Subjects

• Five of the six selected Level A PAI species SHALL achieve an IAPMR of less than 20%.

• In addition, all selected Level A PAI species SHALL achieve an IAPMR of less than 50%.

• Three of the four selected Level B PAI species SHALL achieve an IAPMR of less than 20%.

• In addition, all selected Level B PAI species SHALL achieve an IAPMR of less than 50%.

Goode NYC 2019 35

Level A Level B

IAPMR Max20% 20% 20% 20% 20% 50% 20% 20% 20% 50%

©2019 Aware, Inc.

Lots of Approaches

• “Active” – physical user challenge/response

– Challenge/response (blink, smile, motion)

• “Passive” – in the background; little/no user awareness

– Skin color and texture

– Sharpness

– Parallax

– Artifacts (e.g. cutouts)

– Machine learning-based approaches are promising…

Goode NYC 2019 36

©2019 Aware, Inc.

Machine Learning for PAD

• ML is accelerating improvements to spoof detection

– Similar trajectory as matching

– But arguably more difficult algorithmic challenge

• Some ML approaches avoid user friction, security

vulnerabilities

• Need more data! Nowhere near as much exists as for

genuine faces

Goode NYC 2019 37

©2019 Aware, Inc.

Multimodal Approach: Face + Voice/Keystroke

Face+

Voice

Face+

Keystroke

Dynamics

Goode NYC 2019 39

©2019 Aware, Inc.

Voice Authentication Performance

Goode NYC 2019 43

FIDO

biometric

performance

requirement

3/100

1/10,000

voice

©2019 Aware, Inc.

Voice Spoof Detection - Classify

• Live and recorded human voice

• Human and synthetic voice

• Check out Lyrebird.ai

Goode NYC 2019 46

©2019 Aware, Inc.

Voice Spoof Detection Competition: ASVSpoof-2017

Goode NYC 2019 47

False Pos. = 2%

False Neg. = 15%

©2019 Aware, Inc.

Benefits of Multimodal with Face + Voice

• ~10x lower error rates

• Convenient and familiar mobile activities

• Can be captured simultaneously

• Leverage generic sensors

– Camera + microphone

– Universal device coverage

• Exponentially more complicated to spoof

Goode NYC 2019 48

©2019 Aware, Inc.

Thank You!

[email protected] Reading

• Presentation Attack Detection Methods for Face Recognition Systems –A Comprehensive Survey; R. Raghavendra, C. Busch

• A Survey of Various Face Liveness Techniques for Biometric Antispoofing Applications; T. Anju, S. Sonekar

• Recent Advances in Biometric Security: A Case Study of Liveness Detection in Face Recognition; K. Ito, T. Okano, T. Aoki

• Automatic Speaker Verification Spoofing and Countermeasure Challenge (ASVSpoof 2017); http://www.asvspoof.org

Goode NYC 2019 53

http://www.asvspoof.org/

BUILDING TRUST WITH EVERY TRANSACTION

We create a Trust Anchor by authenticating government issued IDs so that you can verify who you are doing business with, the first time and every time.

We allow you to:▪ Minimize Risk & Prevent Fraud▪ Enhance Physical & Digital Security▪ Eliminate Keystrokes & Automate Processes

So that you can:▪ Automate Customer Onboarding▪ Instantly Verify Age, Address & Identities▪ Be Compliant with KYC, AML , PII, GDPR & more

Why Acuant

Our secure solutions are omnichannel & multiplatform for on premise & remote transactions, with no data being stored.

Acuant in Action: How it Works

CAPTURE CLASSIFY AUTO-FILL AUTHENTICATE VERIFY

Instant Authentication to:

✓ Catch counterfeit IDs and prevent fraud

✓ Eliminate manual ID verification processes

✓ Enable strong, multi-factor, password-free

authentication

✓ Obtain near 100% data extraction accuracy

Depending on the series, type & class of an identity document, Acuant will run between 10-50 unique forensic

tests averaging 5 seconds to

determine authenticity.

Powered by AI with Human Assisted Machine Learning

Ozone® provides the robust cryptographic security processing needed to support ePassports. Delivered through use case-specific software bundles or via the Acuant Trust Framework SaaS, Ozone® supports ePassport issuance, forensic analysis, and border crossing/inspection processes, as well as every document authentication process from identity verification and employment onboarding to disconnected document/identity validation via a mobile device.

The AssureID Ozone® offerings provide the trust framework to meet the security and vetting processes required by government (European Commission, USA, Canada, & Global) regulations.

ICAO Compliant Document Security Object (SOD) IssuanceICAO Compliant Quality Assurance Control3rd AMLFATFEU Right to WorkBank Secrecy Act

Currency & Foreign TransactionsRed Flag Rules (FTC/NCUA)Patriot ActAnti-Terrorism ActKYCCIPGramm-Leach-Billey Act

Meet Regulatory Requirements:

Ozone® Award Winning ePassport Solutions

Data Matters: The Most ID Coverage & Supported Documents

✓ Driver's Licenses✓ State IDs✓ National IDs✓ Military IDs

Acuant has the industry's largest Identity Document Library with over 6,000 Global Documents covering 196+ countries.

➢ We have the most data to provide the highest accuracy when it comes to passing or failing an ID

➢ We provide the most coverage with continuous updates

➢ Which means your transactions will be the most accurate and have the least amount of undeterminable responses

✓ Medical Insurance Cards✓ Auto Insurance Cards✓ Credit Cards

✓ Passports✓ ePassports✓ Passport Cards✓ Border Crossing Cards

✓ Voter ID Cards✓ Resident Cards✓ Visas✓ Govt: PIV, CAC, TWIC

Acuant in Action

Leading Global Financial Institutions chose Acuant for on premise, mobile and cloud customer workflows to meet regulations and improve customer experiences

More than 40% of the 18,000 new car auto dealers in North America chose Acuant

3 Top 20 Global Mobile Network Operators rely upon Acuant for account opening and

account fraud reduction

10 Top 30 EMR/EHR providers, several of the largest pharmacy operators and the

world’s leading clinical labs selected Acuant for security and process improvement

Across the globe in North and South America, APAC, Europe, the Middle East and Africa- Acuant is integral to securitizing critical and strategic points of entry/exit

Acuant supplies numerous providers of access control and secures facilities such the World Trade Center, The Hague and the Pentagon

You may not know us, but you use us. Acuant powers identity based workflows for world class institutions. We process millions of transactions daily in over 190 countries.

We allow you to verify who you are doing business with, the first time and every time.

SAFEGUARD▪ Minimize Risk & Prevent Fraud

▪ Enhance Physical & Digital Security: stringent privacy standards to protect PII

▪ Be Compliant with KYC, AML , PII, GDPR & more

IMPROVE▪ Solutions are user friendly, low friction and easily adaptable to business needs with

easy integration in any environment

▪ Solutions are Omnichannel & Multiplatform for on premise /remote transactions

THE ACUANT ADVANTAGE▪ AI with Human Assisted Machine Learning for the Highest Speed & Accuracy Rates

▪ Secure, Simple, Scalable Multi–factor Authentication

▪ World class global partnerships & first class partner support

The Acuant Advantage: 20+ Years of Experience

CONTACT US+1.213.867.2625

6080 Center Drive Suite 850Los Angeles, CA 90045

[email protected] | acuantcorp.com

Steve Maloney, EVP Strategy & Business [email protected]

Company Confidential

Empowering Digital TransformationDr. Neil Costigan(833) 248-6732123 Mission St, San Francisco, CA


What We Do. Authenticate Beyond One-Time.

It’s Continuous. And Transparent.

CONTINUOUSONE-TIME AUTHENTICATION

CUMBERSOME

TRANSPARENT

DIGITAL EXPERIENCE

INTEGRATED WITH YOUR APPS


How We Do It. What We Look At.

Press Flight Sequence

Press Flight

Screen resolution

Language settings

Browser version

Surface

Gyroscope Accelerometer

Pressure Motion

Hit Zone

Platform version

User Agent

Sequence

IP Device BrowserInformation

Mouse

Account Takeover � New Account Fraud � Account Sharing ViolationsUnique Human Validation � Bots & Remote Access Threats

BEHAVIOSEC BEHAVIORAL BIOMETRICS PLATFORMC

ontin

uous

Aut

hent

icat

ion

–Tr

ansp

aren

t to

Use

rs

Host

ing On-Premise BehavioSec HostedPrivate Cloud

High Availability Enterprise Scalability Multi-Tenancy

Tech

Sta

ck

AndroidiOSWeb

JavaScript Client SDK, Mobile SDK & Framework Plugins

Core

Device & Network Reputation

Machine Learning Behavioral Profiling Engine

Global Profiling

Client

Server

Management

User Administration

Dashboards, Analytics and Reporting

Case Management

BehavioSec Open Risk Ecosystem

Platform Partner Examples(all in production Q4 2018):

RESTAPIs


About BehavioSec

• Founded in 2008 out of academic research

• Based in San Francisco with operations throughout EMEA

• First to pioneer Behavioral Biometrics category

• First to have Global 2000 deployments verifying identity across billions of transactions and millions of users

• First and only to deliver Behavioral Biometrics for on-premises and hosted environments

• Strong patent portfolio on Behavioral Biometrics

• Best enterprise grade solution as validated by Global 2000’s evaluating vendors in this space

• Strong investment partners that include Trident/Forgepoint Capital, Cisco, ABN AMRO, Conor Ventures and Octopus Ventures.

• Rich R&D initiatives with entities like DARPA.


Authentication needs in a Cashless SocietySweden is almost cashless. What does this mean for the Swedish banks?


The Journey of Electronic Identification (eID) in Sweden

• 2003 – Soft Certificate eID• Jointly owned by the largest banks

• Mainly used for bank authentications

• 2005 – Smartcard eID• Mainly used for bank authentications

• 2011 – Mobile eID• Mainly used for bank authentications

• 2012 – Introduction of P2P Mobile Payments• People stop carrying cash

• Stores stop accepting cash in favor in Mobile Payments



The Journey of Electronic Identification (eID) in Sweden

• 2011 – Mobile eID

• Mainly used for bank authentications

• 1-2 Transactions per user per month

• 2012 – Introduction of P2P Mobile

Payments

• Transactions begin to take off

• Ease of use makes other entities turn to the

mobile eID for secure authentication

• 2018 – 3,3 billion authentications

• 2019

• Over 300,000,000 authentications per

month, est. to exceed 4 billion for the year



Geographical Coverage


The BehavioSec Difference

Best of BreedBroad Patents | DARPA Awards

Enterprise GradeG2000 Deployments

Deployment FlexibilityG2000 Deployments

Broad IntegrationWeb, Mobile and Legacy Systems

Billions ofTransactions

Proven Production Scalability

Accurate DetectionLow False +/-

• Proven authentication platform with innovations based on the real world• Servers deployed globally at scale• 38 patents and 68 International patents issued or filed

• Most widely deployed B-to-C passwordless solution on the market• 150M+ Users• Billions of authentications

• Deep domain expertise in next-generation authentication• Invented standards-based authentication (FIDO)• Founder of FIDO Alliance • Editors of the specifications

Who is Nok Nok?

Passwordless, Strong, ScalableAny App, Any Device, Any Authenticator

2©2019 Nok Nok Labs

Digital Identity & Authentication System Components

Physical-to-digital identity

User Management

Authentication

Federation

SingleSign-On

Strong Risk BasedPasswords

Next Generation Authentication


Try it at https://www.noknok.com/trynow/


What is the Value of Knowing Who’s There …

11

Nok Nok Who’s There?

Next-Generation Standards-based (FIDO) Authentication

PSD2/ SCA Compliant

Passwordless, Secure

©2019 Nok Nok Labs

Biometrics, Creepy or Convenient? - Goode Intelligence

Documents

Transcript of Biometrics, Creepy or Convenient? - Goode Intelligence