Oosto’s Open Letter to the White House

Oosto’s Open Letter to the White House

Leading visual artificial intelligence company answers U.S. government’s Request for Information on use cases in biometrics-based recognition and identification of individuals in public and private sectors

The United States government is seeking information from both the public and private sector on how biometric data is being used for identification purposes, according to a request for information (RFI) recently posted on the Federal Register. The Office of Science and Technology Policy (OSTP), led by Dr. Eric Lander – 11th Director of the OSTP, the first in U.S. history to serve in the President’s Cabinet, and to serve as the President’s Science Advisor – issued the RFI. The White House OSTP is seeking input on any “past deployments, proposals, pilots or trials,” as well as any “current use of biometric technologies for…identity verification, identification of individuals, and inference of attributes including individual mental and emotional states,” according to the RFI.

Oosto responded to the RFI to emphasize the company’s mission in developing and deploying facial recognition technology that serves the best interests of society by helping to protect and preserve lives, properties, employee safety, and intellectual assets. The company defined commercial use cases as uniquely distinct from law enforcement use cases to help underscore how facial recognition technology is an asset to physical security, and how its application varies within different societal contexts.

diagram showing the scale of sensitivity in many facial recognition use cases. The range is from innocent, to sensitive, to illegal in some places, to human rights violation.

In the open letter, Oosto CEO, Avi Golan, issued a call to action for regulatory authorities to implement responsible and meaningful policies that support the deployment of ethical facial recognition technologies which positively impact safety and security, productivity, and customer experience, with appropriate safeguards to privacy and personal identity.

“It is critical that government leaders recognize the power of visual AI to save and sustain lives,” stated Golan. “Visual AI today is often misunderstood or misrepresented. As a world-leading firm in this space, we encourage regulators to conduct thoughtful due diligence in order to provide meaningful guidance and an appropriate legal framework regulating the use of biometrics in context-specific scenarios. Moreover, we need a cohesive national policy for the ethical use of facial recognition vs. a patchwork quilt of differing state-level regulations which make commercial compliance challenging.”

Facial recognition technology offers numerous operational benefits that enhance the safety and productivity of commercial entities, the public service sector, and law-abiding citizens. Context-specific use cases, however, have been cited as a key distinguishing factor in determining public favor, or opposition to, its use. Research has shown that public trust or mistrust in biometrics is not driven by a specific type of biometric technology, but rather by the contextual factors involved in the application.

There has also been considerable discourse about the role of demographic bias and how that influences facial recognition – such claims have been overstated. The Security Industry Association (SIA) has noted that the top-tier vendors of facial recognition algorithms have demonstrated “undetectable” demographic differences, while a lead researcher from the U.S. National Institute of Standards and Technology (NIST) found that results from bias studies were being “overgeneralized and misinterpreted” by some media entities.

Golan continued, “Facial biometrics technology can empower businesses and government agencies with a safe and holistic solution while continuing to safeguard civil liberties and human privacy rights; one is not exclusive of the other. We are confident that as the facial recognition industry matures, and adoption rates continue to increase, optimal outcomes will be achievable for all stakeholders. This starts with a common definition of what constitutes “ethical facial recognition.”

X Infotech on the future of mobile eID

X Infotech on the future of mobile eID

EU-based X Infotech, a globally recognised provider of software solutions for issuance and verification of electronic identity documents, digital identity and payment solutions, has taken a leading role in numerous national identity projects around the world in recent years.

The company has developed and implemented eID applications and services in several high-profile projects. For instance, last October X Infotech revealed that it supplied the most advanced and sophisticated end-to-end software system dedicated to ePassport and eID card issuance for the new biometric identity documents for Belarus, where the population reaches 9 million citizens.

IDWeek.net caught up with Sergey Yeliseyev – Company co-founder and Business development director for government eID – to hear about the latest trends in digital and mobile identity.

In which segment do you expect growth post-COVID 19?

I would say the first market is electronic IDs, and everything related to remote services and distant proof of identity, including the voting programmes. Now as we see everywhere, governments are pushing citizens to do as much as possible remotely without physical contact.

Private organizations are also moving away from their physical offices to remote working, and it’s working fine – the only important aspect is to ensure strong security. Thankfully, our authentication mechanisms can allow people to connect in certain working environments, and continue working without any difference.

What eID trends are you focused on right now?

I am seeing that nations, already issuing or just figuring out the issuance eID cards are already thinking about the next step – which is Mobile ID. This is inevitable as the world is driven by the mobile. Even small children have smartphones nowadays. Mobile devices are constantly being held in hands round-the-day. This sends a strong message that humans won’t give up on mobile devices anymore, and this is seen in the growth of the number of mobile payment activities worldwide. It is not new anymore to identify yourself with the mobile device. But electronic signatures, biometric verification – everything will be moving to mobile platforms.

What challenges does digital identity face at the moment?

The biggest challenge is still there! –Usually, in many counties, different ministries have their own targets and objectives from national identity programmes. Typically The Ministry of the Interior might be responsible for electronic citizen ID because it is an internal document, while The Communication ministry may be responsible for building up the digital government ecosystem.

Meanwhile, Ministries of Health or other ministries are tended to increase their role, being, however, a little suspicious regarding the usage of ID cards. Why? Because it’s seen as ‘their’ project. They want to issue their own cards.

Sometimes an introduction of a new identity programme is moved by the certain minister just to be claimed afterwards as the project brought by the certain ministry and to gain political credits, popularity in trust, without real practical interest to collaborate within the ministries. This raises more challenges than benefits to the national identity development.

In some countries, governments are putting parallel, different biometric databases in place and several API infrastructures. Some have three, four or even more infrastructures for digital signatures. And each department claims its infrastructure as the best.

If talking about Digital ID platforms – the legislation should be settled before the actual implementation of such transformation projects. Not all the nations are ready for this, as we are talking about the brave new world here – a new approach towards proving the identity and protection of personal data. X Infotech PKI-based solutions, for example, provide the highest security level.

And how do you think mobile and digital ID will evolve over the next five years?

The ideal would be for a person to have a certain control on what information is presented to the authorities. If only age information is required by the authority , it should not be mandatory to disclose the complete personal information. . For entering the building, it should be enough to demonstrate access rights at the mobile device, instead of carrying and presenting personal ID. Reaching the ability to give more control to citizens, will be an important moment for identity development and trust of the people In the nearest years we will see the growth of citizen onboarding into digital, identity document equivalents in mobile devices, remote authentication, document signing from mobile phones. And we are looking so much forward to be a technological part of this new world!

Mobai and Keesing Technologies partner on ID verification

Mobai and Keesing Technologies partner on ID verification

Mobai AS and Keesing Technologies team up to prevent identity fraud and enhance KYC processes by launching frictionless end-to-end identity verification. The partnership adds cutting-edge face verification technology to one of the world’s premier identity verification platforms, providing a highly secure and trusted means of customer screening and onboarding for both on-site and remote settings.

Mobai, provider of leading biometric solutions, and Keesing Technologies, a leading global identity verification provider, announce a partnership to support businesses all over the world to securely onboard customers face-to-face as well as online with seamless end-to-end identity verification. By joining forces, they offer (online) service providers a frictionless and highly secure Know-Your-Customer (KYC) process that is based on Keesing’s trusted identity verification and state-of-the-art face verification technology from Mobai.

In 2019, Keesing introduced biometric technology to its roster of identity verification solutions. The partnership with Mobai enables the identity verification provider to boost its AuthentiScan product suite with the latest biometric technologies for facial verification. By adding Mobai’s technology, Keesing accommodates the surge in requests from its customers and the market for a secure solution that supports seamless identity verification for both remote and on-premises customer screening and onboarding.

“Businesses around the world are faced with the need to verify identities – whether digital or document-based – to protect their business and ensure the right person has access to their service.  As the user experience in the verification, validation and onboarding process is crucial to the success of a business, we see it as our responsibility to provide them with best-in-class identity verification to prevent fraud in a way that’s user-friendly, secure, and effective for them and their customers, and that’s one of the benefits of teaming up with Mobai,”

Jan Lindeman, Managing Director of Keesing Technologies.

AuthentiScan is Keesing’s flagship solution for automated identity verification. It offers reliable and real-time results, guiding the customer through a seamless identity proofing process– using Mobai’s facial verification technology – and Keesing’s extensive ID document verification technology. Based on a comparison of a selfie with the photo on the ID document the face verification technology ensures biological identifiers are from the proper user and not from someone else. As this check is seamlessly integrated in the process and ease-to-use, it instantly boosts efficiency and does not interfere with the user experience. Keesing’s identity verification offers the highest level of document authentication and verification by submitting the document to several thorough cross-checks and verifying it against Keesing’s ID reference database including ID documents from over 200 countries. This accurate and comprehensive document verification process allows for extremely reliable results that contribute to security and fraud prevention for the business and its customers. Together, the Norwegian and Dutch companies bring a unique combination of best-in-class technologies that allows businesses to establish someone’s true identity from anywhere in the world and brings trust in business relationships again.

“We are thrilled with the integration of our face verification technology in the Keesing AuthentiScan product suite and are excited to see how our partnership results in a holistic solution for businesses looking for a highly secure means of ID verification. It’s fantastic to see that regardless of the situation, whether it’s face-to-face or remote, we can contribute to the security of a business and at the same time give their users a convenient user experience when onboarding. During the integration project over the past months, we have learned to appreciate the expertise, transparency, and professionalism of Keesing Technologies, which is really reflected in the low friction and modern user experience of the solution we are now bringing to market”, says Brage Strand, founder and CEO of Mobai AS.

  “We are confident that Keesing’s longstanding expertise and trusted business combined with Mobai’s innovative and advanced face verification services are a perfect fit for existing and new clients”.

Brage Strand, Founder and CEO of Mobai AS

Jan Lindeman adds to this: “We know how crucial a secure and smooth onboarding process is for users, and that a trusted means of identity verification is key in this respect. The solution enabled by this partnership reflects the core values Keesing stands for: security, trust, accuracy, and ease of use. Mobai is known for providing its customers with safe and accessible biometric services and we are very pleased with the addition of Mobai biometrics to our solutions, increasing the level of trust in identity for our customers and the customers of our customers.”

Mobai’s mission is to make digital services safe and available to everyone. “By introducing face verification as a means of identity proofing, we may also offer support to groups that struggle with more traditional password-based solutions such as elderly. In addition, face verification reduces the need to physically touch and handle keyboards tokens and other devices. By doing so, we can contribute to enabling a wider range of non-traditional and new users to join our digital society,” says Brage Strand.

The new service, Keesing AuthentiScan with face verification, is available from today. Initially, AuthentiScan will use Mobai Face Verification that includes liveness detection checks from Mobai’s Presentation Attack Detection Service (PAD). Future AuthentiScan releases may include Mobai Morphing Attack Service (MAD) providing customers with a unique and enhanced protection of personal data and privacy by using biometric template protection technologies.

Iris ID’s New ID authentication readers speed travel

Iris ID’s New ID authentication readers speed travel

Quickly and conveniently moving large numbers of people through airports, across borders or accessing many other locations will be easier with two new Iris ID IrisAccess™ products – the iCAM D2000 and the IrisBar (OU60B). Both compact and touchless readers accurately identify people through advanced multi-modal biometric technologies. Iris ID, for more than 20 years the global leader in iris recognition technology, introduced the readers today at the Intersec Dubai tradeshow in Dubai, United Arab Emirates.

The iCAM D2000 and the IrisBar represent a new class of fused iris and face identification systems. The self-serve iCAM D2000 is easy to use, with large capture volume and audio/visual prompts guiding users to a frictionless experience. The unit also provides automatic face mask detection and an addon thermal sensor option to grant or deny entry based on a pre-programmed acceptable temperature range.

The IrisBar, a slim, multi-modal reader, is intended for easy kiosk mounting, helping transportation and other industries to integrate it in existing or future kiosks to provide an unparalleled authentication experience.

“We refer to the iCAM D2000 as “Lighthouse” for its ability to help people navigate airport checkpoints while providing fast, flexible and accurate high-quality images for enrollment and identification for travel and access solutions,” said Mohammed Murad, vice president, global sales and business development for Iris ID. “Also, the iCAM D2000 seamlessly integrates with other identity authentication systems to strengthen the bridge between legacy and future solutions.

“IrisBar is designed to provide the highest quality authentication experience in existing self-service kiosks. The new IrisBar will enable facilities to add high quality and accurate authentication to millions of self-serving kiosks around the world.”

Other features of the iCAM D2000 include:

• Two illuminator bars to assist in clear facial recognition and to automatically accommodate for dimly lit areas

• A customizable interactive touchscreen option to provide an exceptional user experience

• Automatic height accommodation between 1.2 and 2.1 meters

• Security countermeasures with industry standard-setting and globally proven set of anti-spoofing and liveness detection

• Installation flexibility with mounting options for speed gates, kiosks, desks and other locations.

• Integration tools – a robust REST API makes it easy for developers to create unprecedented user experiences.

The unique feature set results from 20-plus years of research and development, leveraging Iris ID’s experience processing billions of identities through its extensive existing product line.

The IrisBar shares many of the same D2000 features, including automatic height adjustment and security countermeasures. A high-power infrared LCD provides illumination for biometric capture, while an LCD display and speaker guide users through the identification process with visual and audio prompts. The slim unit captures biometric data from distances up to 750 millimeters.

“The IrisBar’s multi-biometric module, compact size and advanced features make it the premier choice for kiosks requiring identity authentication in aviation and transportation settings,” said Murad. “Facilities using the iCAM D2000 and the IrisBar can say goodbye to long lines due to slow, repetitive identification processes,” Murad said.

Sevenoaks District Council modernises document processing

Sevenoaks District Council modernises document processing

In a bid to modernise its document processing, Sevenoaks District Council has today announced a move to implement digital signature technology from Yoti across its Housing department.

The Council, located in Kent, is keen to cut admin-intensive processes using a secure approach. Currently an organiser of public services for 120,000 citizens and employing approximately 425 staff across 16 departments, the decision to incorporate Yoti’s eSign and eWitnessing platform will ensure smoother operations council-wide.

The move will support the council in reducing time and costs relating to sending, signing and managing documents, as well as reducing daily paper use, providing a more environmentally friendly approach to their work.

Previously, officers relied on printing and sending documents via post – both proving time absorbing and difficult to manage during remote working. Yoti’s eSignature platform allows documents to be managed from a central location and for a digital copy to be sent to the customer via email.

On average, businesses using Yoti benefit from improved document signing speeds with 85 per cent of documents being signed within the first 24 hours.

Given customers will now be able to access sensitive documents via email, enabling them to sign quickly and securely, the entire customer experience promises to be a more seamless one.

Based in London, Yoti provides identity verification, eSignature and age verification technology. It  boasts a rapidly growing eSignature division delivering services for several prominent organisations including Connells group, RIBA, GiGroup and Countrywide. The company has recently launched its ground-breaking electronic witnessing solution.

Cllr Kevin Maskell, Sevenoaks District Council’s Cabinet Member for Housing, said: “We’re always looking for more efficient and innovative ways of working, and Yoti’s eSign technology ticks both of these boxes. At a time when there is greater demand for our housing services than ever, eSign is speeding up the processing of applications while providing a more convenient service for our clients. It also cuts down on paper, helping with our ambitions to become a Net Zero carbon council by 2030”.

Matthew Gilbery Commercial Director at Yoti commented: “Our collaboration with Sevenoaks District Council follows the successful transformation of Ashford Borough Council in 2020, another local authority in Kent that adopted Yoti’s eSignatures platform and saw a reduction in costs and increase in efficiency. It’s exciting to see just how transformative digital identity services can be – and the citizens of Sevenoaks District Council should expect to see greater efficiencies moving forwards.”

NIDP Ethiopia implements TECH5 solution

NIDP Ethiopia implements TECH5 solution

TECH5, an innovator in the field of biometrics and digital identity management, has become an international partner and technology supplier for the National ID Program of the Ethiopian Government Entity (NIDP Ethiopia). NIDP Ethiopia has implemented a limited pilot program with TECH5 biometric and digital ID technologies for enrollment and authentication of residents as well as digital ID issuance.

This pilot program has at its core an IDMS (Identity Management System named Fayida) based on MOSIP. The National ID Program of Ethiopia has been working on customizing the MOSIP open- source platform for more than a year and has now reached the position of launching a pilot. Individuals participating in the pilot program can be enrolled by providing their biometric and demographic data. Face, fingerprint, and iris images are captured, checked for quality using the TECH5 SDK, and then de-duplicated through a 1:N check against data in the National ID system using the TECH5 identification system (T5-ABIS BE) that is integrated into the MOSIP platform.

TECH5 has also deployed the T5-IDencode platform integrated with MOSIP for Digital ID generation. Once enrolled, an individual receives a digital ID which can be presented in an electronic or printed format and verified completely offline using an authorized verifier application on a smartphone. All data collected, stored in the NID database, and/or published in the ID credential is limited to the minimum data required to identify an individual. All data remains secure under NIDP and is owned by the individual who has sole and total control over how the data is managed and used.

The Ethiopian Identity program is working in compliance with international principles of data privacy, minimal data retention, inclusion and consent. Current working principles are made public here http://www.id.gov.et/principles.

“This entire program is aimed at creating and implementing a Foundational Digital ID system for Ethiopia at the national level, the culmination of which results in the enrollment of millions of consenting individuals as part of national priority use-cases in the banking, insurance, education, residential services and other sectors. “We are glad to partner with the TECH5 team, who have demonstrated innovative solutions in the biometrics industry.” – comments Yodahe Zemichael, Executive Director of the NID Program. “We are fully supporting the Ethiopian National ID Program with our expertise and latest technologies because we share the same principles of inclusion that provide individuals with a universal digital identity that is easily accessible and controlled solely by them.” – says Machiel van der Harst, Co-founder and CEO of TECH5.

NamaChain launches identity system

NamaChain launches identity system

NamaChain, a WEB 3.0, privacy-driven, socially responsible, blockchain-powered, and environmentally conscious technology company, announces the launch of a device-agnostic platform that provides for a self-sovereign identity (SSI) technology.

NamaChain, a non-custodial solution, provides a trusted digital identity on the blockchain, guaranteeing all stakeholders privacy, security, and convenience. Its platform is globally compliant and interoperable with every platform and has multiple use cases across any vertical that requires a trusted identity. NamaChain not only provides a universal portable digital identity but a protected utility to participate, communicate, and transact on the patented platform without exposing any PII data. The self-sustaining platform does not rely on centralized providers and solves the most prevailing challenges of digital privacy, security, user control, and verification.

NamaChain aggregates physical and digital identities into one identity that provides the user total control from any device. The solution provides an authenticated and verified digital identity for users and KYC/AML verification for stakeholders. With built-in security safeguards providing total privacy and security, NamaChain gives users complete control and the sovereign right to choose who can access their data.

NamaChain revolutionizes the manner in which people and organizations create, interact, authenticate, and manage their digital identities. It provides secure access to any applications that require a trusted Single Sign-on. Organizations can utilize Nama’s Identity gateway to provide their customers, employees, and supplier access, while enhancing security, improving customer experience, and reducing operating costs associated with regulatory compliance.

With a global team of passionate, socially-aware technology specialists and recognized and respected industry advisers, NamaChain is now ready to start its revolutionary journey to disrupt the global digital identity space.

BAXE partners with IDEMIA and Haventec

BAXE partners with IDEMIA and Haventec

BAXE, an Australian FinTech, has partnered with IDEMIA, the global leader in Augmented Identity, and Haventec, an Australian software company that decentralises sensitive data and credentials, to launch the first decentralised blockchain ecosystem using a facial authentication solution for identity verification in Australia. With this solution, BAXE users around the world will be able to authenticate high-value transactions, reclaim lost passwords or regain access to locked accounts using their face as a secure identification method. This solution will enable face verification in just a matter of seconds, resulting in faster, seamless service.

Haventec’s platform will be integrated into IDEMIA’s Identity Management platform, which helps BAXE securely store and manage the created digital identities. Utilising IDEMIA’s Identity Management solution provides BAXE with the ability to create, store and manage digital identities in a secure space with high assurance. This simplifies the digital identity authentication processes and helps comply with various Know-Your-Customer (KYC) and data privacy regulations.

Supported by IDEMIA, the biometric authentication solution is designed to streamline the re-identification process for BAXE users, eliminating traditionally lengthy verification processes, such as having to contact support teams and manually re-verify identity to approve transactions and restore account access.

With Australians increasingly embracing digital financial services, the time is right for the user experience to evolve as well. Traditionally, financial services are highly dependent on authentication for security and manual verification can be very time-consuming. Our solution will address these issues as it leverages biometric technology to ensure security while greatly enhancing convenience. It was important for us to work with proven technology partners to bring this vision to life, and IDEMIA was the natural choice for their distinguished track record in digital identity management.
Dylan Blankenship CTO of BAXE

BAXE is currently developing an extensive ecosystem of applications across a decentralised finance (DeFi) blockchain network. With the highest degree of personal security and privacy at the forefront of design, the BAXE applications consist of communications, storage, payments, ecommerce applications. Through this ecosystem, BAXE offers users products and services to invest, buy, sell and trade within the emerging web 3.0 digital economy. BAXE will use Haventec’s Authenticate platform to perform two-factor authentication within the ecosystem, which includes a facial authentication check via a self-taken photo.

As the world becomes more digitized, so too will our identities. It is more important than ever for companies to take the necessary steps to secure the protection of the digital identities of their users in order to maintain trust in the relationship. Through our world-class Identity Management platform, IDEMIA is pleased to support BAXE and Haventec in delivering a revolutionary new authentication solution for users in Australia, which enables them to reap the twin benefits of convenience and security via innovation.
Alexi Paxinos, Head of the Digital Business Unit, Australia and New Zealand, at IDEMIA

There is no more sensitive data than that which defines your identity in the digital realm, and data protection must be a core focus of any modern digital innovation to boost user confidence. With the rolling key encryption and multi-factor protection of our Authenticate platform, we decentralise digital identities to ensure maximum security. It is our pleasure to collaborate with fellow technology partners IDEMIA and BAXE to bring truly cutting-edge innovations to life and ensure that they are protected against modern digital threats for better resilience.
David Maunsell, CEO of Haventec

FDIC and FinCEN launch Digital Identity Tech Sprint

FDIC and FinCEN launch Digital Identity Tech Sprint

The Federal Deposit Insurance Corporation (FDIC) and the Financial Crimes Enforcement Network (FinCEN) today announced a Tech Sprint to develop solutions for financial institutions and regulators to help measure the effectiveness of digital identity proofing—the process used to collect, validate, and verify information about a person. Through the Tech Sprint, FDIC’s tech lab (FDITECH) and FinCEN seek to increase efficiency and account security; reduce fraud and other forms of identity-related crime, money laundering, and  terrorist financing; and foster customer confidence in the digital banking environment.

Digital identity proofing is a foundational element to enable digital financial services to function properly. This element is challenged by the proliferation of compromised personally identifiable information (PII), the increasing use of synthetic identities, and the presence of multiple, varied approaches for identity proofing. The FDIC and FinCEN ask Tech Sprint participants to answer the following question:

“What is a scalable, cost-efficient, risk-based solution to measure the effectiveness of digital identity proofing to ensure that individuals who remotely (i.e., not in person) present themselves for financial activities are who they claim to be?”

In the coming weeks, FDIC and FinCEN will open registration for this Tech Sprint. Interested individuals will have approximately two weeks to submit applications. The Tech Sprint will encompass a review of applications, grouping of individuals into teams that will work together over approximately three weeks to develop solutions to this challenge question, and invitations to participate in a virtual “Demo Day” of short team presentations to a panel of experts for evaluation.

At the conclusion of the Tech Sprint, the FDIC will publish all team presentations and recognize teams based on several criteria detailed in the forthcoming prize notice. Neither the FDIC nor FinCEN are offering monetary prizes associated with the Tech Sprint. Additional questions about the Tech Sprint can be sent to Innovation@FDIC.gov.  Read more about FDIC and FinCEN’s Tech Sprint, Measuring the Effectiveness of Digital Identity Proofing for Digital Financial Services.

FacePhi and Valencia CF reach agreement

FacePhi and Valencia CF reach agreement

FacePhi and Valencia CF have reached a collaboration agreement whereby the Spanish football club will become a global ambassador for FacePhi technology, promoting innovative digital identity verification solutions with other entities with which the team have a relationship -both nationally and internationally.

Valencia CF will expose the technology solutions to companies in the field of sporting events. The largest football event of the year will be the 2022 World Cup in Qatar, which will be held in Doha and feature the participation of 32 teams from around the world.

The strategic alliance was signed by Javier Mira, CEO and president of FacePhi, and Anil Murthy, president of Valencia CF. In 2021, FacePhi was selected to be part of the VCF Innovation Hub, within the club’s Fan Engagement category, thanks to its project to implement a biometric access system to Mestalla; a pioneering initiative in Spain that marked the company’s entry into the sports events industry.

Likewise, through this partnership, FacePhi becomes a sponsor to Valencia CF and a member of the VCF Business Club, which brings together a network of regional companies.

“Thanks to this collaboration with Valencia CF, our technology will be able to be present within any sporting entity worldwide, beyond the scope of Spanish football clubs. The signing of this agreement represents an excellent opportunity to reinforce our position within the sports events industry, working hand in hand with one of the biggest teams in Spanish football, and making clear that the application of our solutions improves the user experience in any industry -even in big sporting events,” said Mira, CEO and president of FacePhi.

Franco Segarra, Valencia CF’s director of innovation, highlighted the importance of this agreement. “FacePhi is a leader in digital identity. An innovative company from the Valencia region, it is present in the main financial institutions around the world. At the Valencia CF Innovation Hub, we identified FacePhi as a company that can help us to simplify digital procedures and facilitate technological processes for everyone (adults, children, and other fans). We always seek to improve the fan experience, making technology available to everyone. We are working together on projects that aim to add value to the entire fan community.”

Invixium expands touchless biometric portfolio

Invixium expands touchless biometric portfolio

Invixium, a leader in biometric access control and workforce management solutions, is expanding its portfolio of touchless biometric offerings with IXM TFACE, a highly versatile dual-biometric device. This solution provides the high security, convenience, and functionality of face recognition and fingerprint along with mobile credentials at an affordable price point. Inspired by IXM TITAN, TFACE is the ideal solution for enterprises of all sizes.

“TFACE is our latest answer to today’s strict demands for workplace security,” said Shiraz Kapadia, CEO & President at Invixium. “Not every workforce demands the power of TITAN – TFACE is our response to this because it combines the security of face recognition with an affordable price point for first-time biometric installations or new installations that replace antiquated biometrics with face recognition.”

TFACE is designed to satisfy a variety of access control and workforce management needs with fast and accurate dual-biometric authentication. The performance of TFACE is the result of two SONY 8MP cameras (RGB and infrared) and a 500dpi optical fingerprint sensor which ensure reliable and accurate face recognition and fingerprint authentication in less than 1 second. The solution is powered by a quad-core 2.2GHz processor and runs secure Android OS to expertly blend security for the business with ease of use for its staff. Other desirable features include high-speed touchless face recognition and mask detection, both of which are relevant to today’s ever-evolving mandates for touchless security and mask-wearing at worksites.

While TITAN is well suited for industrial applications, TFACE is better suited for enterprise applications. With a user capacity of up to 25,000 people for 1:N face recognition, TFACE is built with a 2.4” LCD touchscreen for tracking time or displaying notificiations, customizable LEDs for panel feedback, and up to four authentication factors (face + fingerprint + digital or RFID card + PIN) for a high level of security.

Additional features of IXM TFACE include:

  • Mobile credentials (digital card and dynamic QR code)
  • Mask detection
  • Liveness detection for anti-spoofing
  • Auto-on Time of Flight (ToF) sensor
  • PoE+ for ease of installation
  • Corning® Gorilla® Glass LCD
  • Intercom for door communication
ValidSoft recognized as a voice biometrics leader

ValidSoft recognized as a voice biometrics leader

ValidSoft, a transformative provider of voice identity and assurance solutions, has been recognized as a forward global leader for voice biometrics providers in the 2022 Opus Research Intelliview report: Intelligent Authentication and Fraud Prevention Analysis.

Pat Carroll, ValidSoft’s Founder, CEO and Executive Chairman, stated: “ValidSoft has a bold mission to enable truly reliable ‘Proof of Life authentication utilizing voice-based identity assurance. Ensuring that what we call ‘trusted agents,’ ‘trusted employees’ and ‘trusted customers,’ will all authenticate and interact easily and safely in the digital age. Across millions of contact center agents, worldwide, the trusted agent approach has the potential to end the proliferation of contact center fraud and many forms of other digital fraud worldwide. We are very proud of the momentum achieved and we truly appreciate the recognition of our approach and achievements by premier analyst firm Opus. The ValidSoft team works diligently each day to make voice identity the most secure yet elegant way to achieve ‘authentication alpha’ whilst delivering outstanding solutions to our customers and partners.”

Dan Miller, lead analyst & founder of Opus Research, stated: “Voice biometrics-based solutions have come a long way over the past few years. Today, intelligent voice solutions help combat fraud, validate remote and distributed employees, and help secure critical business operations. While we evaluated more vendors than ever before, ValidSoft stands out as one of the forward leaders in our voice biometrics category thanks to proven accuracy and speed and flexible deployment options spanning multiple channels and modalities. They have a long-standing emphasis on privacy-by-design that complies with tough European privacy seal standards. Our rating is reinforced by their market momentum, including significant Fortune 50 wins, many of which were accomplished through a strong partner ecosystem.”

This report evaluates 22 solution providers from across the voice technology spectrum who are actively deploying technologies that improve enterprise security, efficiency and customer experience.

Opus said a summary of reasons ValidSoft was selected as a leader include the following:

ValidSoft stands out with their emphasis on privacy-by-design and compliance with tough European privacy seal standards.
Significant Fortune 50 wins have recently recognized ValidSoft’s deep technical expertise.
They earn their space in the Leaders category because of these wins and their demonstrably strong partnerships with Five9, Talkdesk, Vonage and others, driving increased adoption.
Flexible deployment options make them very attractive to use – cloud, on-premise, hosted, and embedded/on-device applications.

HID forecasts 7 trends impacting security and identity in 2022

HID forecasts 7 trends impacting security and identity in 2022

HID Global, the worldwide leader in trusted identity and physical security solutions, outlines and discusses important trends that are set to reshape the security industry in 2022 and beyond.

WHO: With more than 30 years powering and protecting the physical and digital identities of the world’s people, places and things, HID Global is in a unique position to identify key enablers, disruptive events and game-changing developments that will shape the security landscape in 2022.

WHAT: By observing the market and listening to partner and customer feedback, HID Global believes the following seven topics will impact the security industry this year and beyond:

Supply Chain Issues: Supply chain issues will continue to be a dominating security trend, making 2022 a year when the industry must get creative. Semiconductor shortages, global logistics bottlenecks, and corresponding cost increases will impact everything from readers and control panels to sensors and detectors.

Sustainability: The past year has demonstrated a growing consensus that end users demand to work with suppliers that make sustainability a cornerstone of their business decisions and operations. In 2022, the focus on sustainability will grow, driving suppliers to increase focus on digital solutions, including end-to-end mobile and multi-application technologies that reduce the industry’s footprint.

SaaS-Delivered Identities: Digital transformation has brought with it a move to cloud deployments and service models, providing opportunities to manage access control for applications, physical assets, and data while new form factors enable seamless, trusted authentication. As digital-first mandates continue to impact the security landscape, 2022 will see SaaS-delivered identities become not just the norm, but the expectation. 

Digital IDs : Digital wallet adoption is at an all-time high. Big technology companies are increasing new credential functionality in applications. Enterprises and governments are adding new infrastructure to support digital transactions. In 2022, there will be a tipping point for digital IDs to outpace physical ones, and digital services will play a vital role as suppliers organize around service models and service-led growth.

Future of Work: Hybrid work models are the norm today and a zero trust approach for all is a top trend dominating the security industry in 2022. Leaders tasked with ensuring a safe environment for those returning to the office – and secure identity and access management for those working remotely – are looking to the latest physical access trends and the best practices enabling them. Touchless solutions, data protection, and visitor management technologies are ensuring healthy and secure on-site environments while multi-factor authentication solutions take center stage for remote applications.

Contactless Biometrics: Biometrics are already in widespread use, whether it’s to secure a mobile device, secure a driver’s license or other government ID, or to track fitness. In 2022, biometrics paired with cloud-based identity management solutions is poised to fuel much faster growth. Security’s role in delivering biometric technology that enables secure authentication and protects data privacy is emerging across sectors of the economy.

Data Science: The combination of IoT, cloud and mobile technologies is steadily driving digital transformation across the security industry. Balancing protection against the potential of new physical and digital cybersecurity threats has moved data science into the spotlight, as discussion turns from risk mitigation and prevention to threat prediction and aversion. In 2022, artificial intelligence (AI) and machine learning (ML) become more tightly woven into the fabric of trusted identity solutions across the physical and digital continuum, automating and optimizing performance, accuracy, safety, and security.

WHY: By understanding how each of these developments are forecasted to shape the industry, security professionals will be better prepared to capitalize on breakthrough innovations in solutions and services, ultimately delivering a higher level of security across the physical and digital realms.

Guest post: Vaccine Passport App Vulnerabilities: an Overview

Guest post: Vaccine Passport App Vulnerabilities: an Overview

Due to high demand, digital vaccine passports are rushed out worldwide. However, they often have serious data security and validity issues. Let’s see what some of these vulnerabilities are and how ID readers can help in spotting criminals exploiting vaccine passport apps with fake COVID certificates.

As countries are reopening their borders, there is a justifiable demand for digital versions of our vaccine passports. And states are answering that demand as fast as they can. But due to rushing out these apps, many of them come with severe vulnerability issues.

In this article, we collected the most notorious cases. We also propose a viable option for spotting convincing but forged analog and digital vaccine passports.

Why Is Vaccine Passport Vulnerability a Risk?

We all know that there is no such thing as a perfect mobile application. In many cases, a bug is nothing more than a nuisance. However, vulnerability becomes a priority for apps that store sensitive data, such as the vaccine passport.

New York Times correspondent Ceylan Yeğinsu writes that the main problem is that a passport is a government-issued document for certifying personal data. So “many people fear […] handing over personal and sensitive health information that data controllers can easily abuse.” And unlike medical facilities where laws strictly regulate how such information must be handled, businesses outside the health industry can do whatever they want with our health data.

Panda Security, a manufacturer of antivirus solutions conducted non-representative research regarding vaccine passports, It turned out that 56% of the people worry about the security of their data. Unfortunately, they have every reason to fear falling victim to data theft. In the early stages of the COVID-19 pandemic, four U.S. states suffered from cyberattacks targeting unemployment benefits applicants.

The results of Panda Security's study, showing that 56% of people have concerns for their data's safety
Courtesy of Panda Security

As such, digital COVID certificates should be bulletproof from the get-go. However, these apps had to be developed rapidly to lift travel and social restrictions as soon as possible This resulted in flaws of varying degrees of concern.

Examples of Known Digital Vaccine Passport Vulnerabilities

NYC Safe: One Photo to Fool Them All

It’s hard to tell from a printed vaccine passport whether it’s fake or not, let alone from a photo of the document. This was the case with New York’s NYC Safe application. Heavily criticized for being nothing more than photo storage for paper-based COVID passports, the application allowed individuals to upload any document, legitimate or forged. The weakness of the system became all too evident when it accepted a portrait of Mickey Mouse as proof of vaccination.

NYC Excelsior Pass Wallet: Fake Credentials

The infamous case of this U.S. digital vaccine passport for the citizens of New York State highlighted another type of risk. As discovered by the NCC Group, the NYC Excelsior Pass Wallet application allowed individuals to create and store fake vaccine credentials by simply scanning a phony document. Users could easily exploit the fact that the COVID certificate wasn’t appropriately verified.

Australia’s Express Plus Medicare: Replicating the Animated Validator

Ten minutes. This is all it took for Richard Nelson, a software engineer in Sydney, to expose the vulnerability of Australia’s Express Plus Medicare COVID-19 application. He also proved why QR codes are a must for vaccine passports. The main issue with the Australian COVID certificate is that aside from basic data, it features a supposedly unique animation to demonstrate the passport’s validity. Nelson could easily replicate this animation, allowing him to create as many fake digital vaccine passports as he liked.

A Set of Vaccine Passports Showing Their Respective Status Screen

Québec’s VaxiCode Verif: Forged Digital Signatures

Like many COVID certificate apps used worldwide, the digital vaccine passport issued by Québec, Canada, uses QR codes containing the necessary vaccination data combined with digital signatures. The digital signature features asymmetric cryptography, using two keys. Theoretically, this guarantees that the validator app doesn’t identify fake credentials as legit.

A cybersecurity expert still managed to fool VaxiCode Verif relatively easily. He generated a key pair and made the public key available at a given website. Then he created two QR codes. One was posing as a valid digital vaccine passport containing the public key and a plain fake COVID certificate. Then he presented the QR code with the public key to the app. It correctly rejected it as a valid COVID certificate but, simultaneously, forcefully downloaded the public key. After that, the app verified the other fake digital vaccine passport as being valid.

We should add that the app’s developers reacted quickly. Soon after the incident, they released a new version that eliminated the problem.

EU Digital COVID Certificate: Vaccinating the Dead

When it comes to the European vaccine passport, called the EU digital COVID certificate, experts usually praise it for implementing the strict privacy rules of the GDPR, especially from overseas. In fact, allowing member states of the EU to develop their own versions of the COVID certificate was a risk, which eventually paid off. That doesn’t mean there were no flaws, however.

Tim Berghoff of GData, a German computer security company, pointed out many issues with the EU certificate’s German version. We’ll highlight two:

  1. In the case of paper-based COVID certificates issued by a pharmacy or a doctor’s office, the accuracy of the data transferred into the app wasn’t verified if the original. Cybersecurity experts managed to validate an EU vaccine passport even though it showed the same date for the test subject’s first and second vaccination.
  2. Berghoff and his team could create a vaccine passport for Robert Koch, a German microbiologist from the 19th century. The EU COVID certificate had no problem validating the vaccination of a long-gone person.
Example of a Vaccine Passport

Are Paper-Based Vaccine Passports the Answer?

Not quite. Granted, it seems like a logical step to forget digital vaccine passports and have our vaccination certificates in our pockets.

Like their digital counterparts, paper-based certificates were also rushed out. This led to analog vaccine passports being easily forgeable. In the U.S., the Centers for Disease Control and Prevention (CDC) issued a certificate with data written in ink. It isn’t surprising that scammers took their chance and flooded the black market with fake vaccine passports.

Consequentially, these fake certificates could quickly end up in COVID apps with minimal or no authenticity validation features. This allows unvaccinated people to enter places that require individuals to be vaccinated.

Verifying Vaccination Status

Application bugs and issues will always be discovered and eliminated sooner or later. This is what happened in the case the apps of Québec and the State of New York. Furthermore, virtual COVID certificates – at least those implementing digital signatures – are still more resistant to forgery than their paper-based counterparts. In any case, those who trust analog vaccine passports more should make sure they store them in a secure location.

Osmond Smart ID Reader and Scanner Banner

If you are part of a business and have to verify the validity of digital vaccine certificates, there are two things you should consider. First, check, and double-check the document in front of you. Although some national and international vaccine passports do not feature advanced security solutions like digital signature, they are in the minority. The number of states requiring vaccine passports is rising. Many of them are likely not to accept vulnerable certificates as valid travel documents.

One way to verify that an individual isn’t presenting a fake COVID certificate is by cross-checking it with another ID document. An advanced automated ID reader like Osmond can verify a travel passport’s authenticity while also obtaining virtually all data from travel passports via optical character recognition technology, including the traveler’s name, country of origin, and many more.

About the Author

Balázs Molnár

Hungary

As an International Sales Manager at Adaptive Recognition, I am responsible for the business development in several countries all over the world. We are market leaders in the OCR based technologies industry, and my task is to help our partners, customers find the most suitable solution for their needs in the ID reading & verification technology.

View profile

Greece to launch mobile ID, mDL

Greece to launch mobile ID, mDL

Greek citizens will be able to download a digital version of the full identity card and their driving license to their mobile phones by next Easter, Digital Governance Minister Kyriakos Pierrakakis revealed on January 6.

Pierrakakis told SKAI TV that, “We aim to have the biggest part of this work at the end of the first quarter of 2022, surely before Easter we will have these changes in terms of the new identity card … and in terms of the driving license.”

Currently, only part of the ID can be put on cell phones now to help people get into stores easier where showing a vaccination certificate or proof of recovery from the Coronavirus is required.

The new service will allow citizens to use their digital ID in any transaction with the state or institution requiring identification.

The launch follows the success of a COVID-19 free GR Wallet App which lets people put certificates of vaccination and other identification on their cell phones, which saw more than one million responses shortly after it was launched.

India ePassports to be rolled out ‘soon’

India ePassports to be rolled out ‘soon’

India’s Ministry of External Affairs on January 7 signed an agreement with Tata Consultancy Services Limited for the second phase of the Passport Seva Programme (PSP), one of the several Mission Mode Projects (MMPs) of the Government of India.

The $1 billion agreement will focus on faster delivery of passports to the citizens and aims create a more effective integration between various government ministries.

“India will soon introduce next-gen ePassports for citizens,” Sanjay Bhattacharyya, Secretary of the Consular, Passport & Visa (CPV) Division at the external affairs ministry, tweeted. The new e-passports will be based on secure biometric data and will ensure smooth immigration process globally, Bhattacharya said in his tweet.

“Smooth passage through immigration posts globally. ICAO compliant. Produced at India Security Press, Nashik,” Bhattacharya tweeted.

The current Indian passport is a printed booklet that falls under the category of machine-readable passports. The new regulation is to upgrade to international standards of the ICAO.

The ePassport will have a security chip embedded on the second page of the passport with personal data, including the biographical information of the holder. It will also have a digital signature unique to each country that can be verified using a certificate. In India, the ePassport was under trial and the government had issued about 20,000 of them for officials. The Indian Passport Authority issued the first ePassport to the then President of India, Pratibha Patil, in 2008.

 

Precise in collaboration with Infineon

Precise in collaboration with Infineon

Precise announced today a new collaboration with Infineon Technologies AG (“Infineon”) to jointly provide fingerprint technology, including Precise’s proprietary fingerprint algorithm, Precise BioMatch, to allow various applications, including automated adjustments of driver settings in vehicles.

“We are happy to collaborate with Infineon to enable tailor-made experiences for the driver in next generation vehicles. Together we will work closely to provide the market with innovative technology that strengthens the connection between humans and vehicles”, said Precise’s CEO Stefan K. Persson.

Infineon is a world leader in semiconductor solutions with long lasting relationships with several ODMs, providing sensor solutions to the car industry. The fingerprint technology developed by Precise and Infineon provides for a customized driving environment. By connecting information of driver preferences to be verified and enabled through the users fingerprints, the vehicle could for example automatically adjust various settings of the car, but also login to applications after verifying the identity of the driver.

“We are excited about the collaboration with Precise which forges a perfect combination of hardware and software,” said Ralf Koedel, Senior Director Product Marketing of Infineon’s Automotive Division. “Together, we can provide ODMs with cutting edge solutions for the authenticating of drivers using biometric data. These will initially be used in the sports and luxury car segment. Gradually, however, a significantly larger market will develop here, including outside of automobiles.

FPC secures latest Mastercard certification

FPC secures latest Mastercard certification

Fingerprint Cards second-generation T-Shape sensor module and software platform for biometric payment cards have achieved compliance with Mastercard’s new Fingerprint Sensor Evaluation Process. Having passed the former specifications last year, Fingerprints has proactively secured this updated approval to simplify the process for card manufacturers to launch second-generation biometric payment cards.

This development will minimize the time to market, lower related costs and is an important milestone for the deployment of biometric payment cards at scale, supporting greater convenience and security for consumers making in-store purchases.

The test was performed in line with Mastercard’s stricter anti-spoofing capabilities for biometric payment cards, which were issued last year. The Fingerprint Test Assessment Summary (FTAS) for sensor vendors confirms the performance of features that enhance the security, privacy, and user experience for cardholders.

“Yet again we are pushing technology boundaries by increasing the security features of our solution. This is an important achievement for our card partners, who can save time and money when launching and scaling second generation biometric cards. And ultimately for consumers, who will be able to enjoy a convenient and secure in-store payment experience”, says Michel Roig, President Fingerprint Cards Switzerland AG – Payment & Access.

The second-generation T-Shape technology combines extensive R&D investment with key learnings from successful market pilots and commercial rollouts. It delivers increased performance and power efficiency, enabling the most cost-effective biometric payment cards to be produced and integrated using standard manufacturing processes.

Nuance earns top spot in Opus Research 2022 report

Nuance earns top spot in Opus Research 2022 report

Nuance Communications has announced it was named the market Leader in Opus Research’s 2022 Intelligent Authentication and Fraud Prevention Report.1 Nuance Gatekeeper, a cloud–native biometric security solution that authenticates legitimate persons and detects fraudsters wherever and however they engage with brands, was recognized for its product completeness and flexibility, ranked highest among the 21 vendors evaluated in the report.

The latest Opus Research Intelliview, done in partnership with SymNex Consulting, put Nuance at the top of the platform provider category, defined as “technology that goes beyond voice authentication in Contact Centers or IVRs to support real-time use of multiple biometrics factors, informed by network intelligence and authentication.” Nuance was cited for its authentication and fraud prevention capabilities across all voice and digital channels, recognized as the major platform at the highly customized end of the market and noted for its AI-backed fraud detection, flexible cloud contact center integrations and increasingly developer-friendly cloud model.

“This year’s Intelliview found a market that is rapidly evolving with biometrics becoming a foundational piece of the authentication and fraud prevention strategy for organizations worldwide,” said Dan Miller, Lead Analyst, Opus Research. “Nuance has proven its dominance having the largest number of implementations and annual authentications while also continuing to innovate with new features and R&D investments that put the company in a leadership position today and set it up for future success in this space.”

“We are honored to once again be named a Leader in the latest report. Opus Research and SymNex Consulting have been following this market for a decade and deeply understand its complexities and the huge opportunity for biometrics in our connected future,” said Brett Beranek, General Manager and Vice President, Nuance. “I am proud of the Nuance team for continuing to innovate as we help organizations protect their entire customer journey by bringing biometric authentication and fraud prevention to every voice and digital channel in a streamlined way.”

Nuance’s biometric technology is built using state-of-the-art deep neural networks to authenticate a person with as little as 0.5 seconds of audio and achieve up to 99% authentication success rates. And it can accurately authenticate a person through background noise, illnesses, face masks, and other factors that can modulate the sound of a person’s voice. Over 500 organizations around the world have enrolled over 600 million biometric prints—securing over 8 billion customer engagements and preventing more than $2 billion in fraud losses annually.

Neurotechnology launches latest MegaMatcher 12.3

Neurotechnology launches latest MegaMatcher 12.3

Neurotechnology, a provider of deep learning-based solutions and high-precision biometric identification technologies, today announced the release of the new MegaMatcher 12.3 multi-biometric product line, including updates to the MegaMatcher software development kit (SDK) and to MegaMatcher Accelerator – a combined software and hardware solution that provides high-speed, high-volume biometric identification for national-scale projects. The latest versions include enhanced facial and iris recognition algorithms with improved liveness detection, a new voice recognition algorithm and a new inference engine that provides significantly better speed and performance across all biometric modalities.

“Every day our team aims to innovate technologies that make our products more accurate and robust while also being faster and less complex for our customers to use,” said Evaldas Borcovas, biometric research lead at Neurotechnology. “This latest version of MegaMatcher exemplifies these efforts, providing greater accuracy in verification and identification processes while enabling our customers’ systems to work faster.”

The MegaMatcher product line includes Neurotechnology’s top-ranked biometric algorithms providing high recognition and identification accuracy across fingerprint, face, iris, palm print and voice biometric modalities that can be used individually or in any combination.

The latest enhancements to the MegaMatcher 12.3 product line include:

A new Intel Inference Engine provides better all-around performance, particularly for extraction operations. Support for Mac M1 (ARM) with neural network framework is now significantly faster than any previous versions running on the macOS.

Fingerprint. The new fingerprint algorithm includes support for the latest NIST Fingerprint Image Quality (NFIQ) 2.1 biometric standard, offering a higher degree of compatibility and flexible application.
Passive Face Liveness Detection. Newly introduced passive face liveness algorithm (also known as Presentation Attack Detection – PAD) establishes a higher degree of fraud prevention in mobile and dynamic situations.
Face. Additional updates to the face algorithm include an improved face extraction algorithm, better face detection and significantly improved detection of specific facial attributes including: gender, beard, mustache, hat, blink, mouth open, smile, glasses and dark glasses. A new attribute for glasses with a heavy frame is also introduced.
Iris Liveness Detection. Upgraded iris liveness algorithm (PAD) brings new improvements to eye activity detection and potential deceit risks assessment.

Voice. An entirely new algorithm introduces Neurotechnology’s advanced capabilities for voice recognition with multiple times better EER results.

MegaMatcher Accelerator. In addition to the proprietary API, version 12.3 also adds support for gRPC API (HTTP 2.0), making it easier to add security, load balancers and enabling the product to be used with any language (including Python and PHP) without native C components.