In the last few months, AI (Artificial Intelligence) based technologies and products such as OpenAI’s ChatGPT and Google’s Bard have been hot topics across the media. AI, which has seen exponential development and growth over the last several decades, has recently reached a zenith in terms of hype and ubiquitous use that includes industry, science, medicine, education, and government to name a few. AI is being touted as the next technology that will revolutionize the world and has been compared to the technological innovations initiated with the rapid rise in internet companies during the dotcom boom, the advent of virtual and augmented reality, and the widespread adoption of cryptocurrencies and blockchain. Today, many experts believe that AI is set to be the next generational disruptor with some predicting its effect to be ground-breaking in several applications and fields that may even lead to the redundancy of entire professions.
We at TECH5 recognize that AI is an invaluable technology that can be used to great effect to optimize a wide range of activities, which in turn will speed progress, help professionals in their daily work as well as aid researchers like us to develop innovative technologies. However, AI can also be used with different levels of success, as more than just using some AI approach and standard methods for training may be required to achieve spectacular results.
Today, it is already clear that many technology companies claim that they are using AI in their products, and with Big Tech gearing up for a new AI arms race, more and more players will feel the need to sprinkle AI references into everything they do to appear relevant. Unfortunately, this will quickly lead to the devaluation of belonging to an AI league, blurring of positioning, and confusion in the market.
In this article, we will explore the real impact of AI on the biometric industry, as well as share our vision and explain how TECH5 has long been using AI and Machine Learning (ML) to develop best-in-class contactless capture and matching algorithms across various biometric modalities.
AI in Biometrics
The application of AI for the training of biometric algorithms is not new. The industry started using AI in the early 2000s, when researchers began developing algorithms for face recognition that incorporated ML techniques such as support vector machines (SVMs), allowing computers to learn and recognize faces with increasing accuracy. A decade later, the industry incorporated the use of deep learning-based neural networks for extracting information-rich features from faces. This move towards resource-intensive but accurate algorithms was mainly due to the availability of large-scale training datasets and compute devices such as Graphical Processing Units (GPUs). Following the success with face recognition, researchers started exploring the use of AI for fingerprint recognition – a much more niche domain.
DESPITE ACCESS TO KNOWLEDGE AND OPEN AVAILABILITY OF NEURAL NETWORK MODELS, NOT ALL BIOMETRIC ALGORITHMS AVAILABLE ON THE MARKET PERFORM AT THE SAME LEVEL.
Optimal performance of a biometric algorithm is contingent upon the utilization of specialized domain knowledge for the creation of robust features, bias mitigation using appropriate training strategies, as well as ensuring viability for deployment. Therefore, when analysing any vendor’s technology, it is critical to consider technical aspects, such as matching speed and recognition accuracy that have been determined in international tests/evaluations, the size of biometric templates that can affect hardware footprint and total cost of ownership, along with the crucial but often underestimated legal aspect, that is, the collection of biometric data for training of neural networks.
In addition, it is crucial to ensure that biometric systems are developed and deployed ethically and transparently, with appropriate safeguards in place to protect individuals’ data given the ongoing concerns about the potential misuse of AI-based biometric technologies and data, as well as the privacy and security implications of collecting, storing, and analysing large amounts of sensitive personal information.
Data for Training
The ability of a neural network to learn and accurately match faces, fingerprints, irises, and other biometrics is made possible through training using large amounts of diverse and representative data for training. The origin of these data has been the subject of much scrutiny and at times controversy. In terms of face recognition, for example, the internet has a plethora of freely available sources of face images – like social networking sites, and other channels. As a result, some companies scrape these face images without any concern as to the legality of the use of the images, and certainly without any official consent from the owners.
In reaction to these practices, several countries are starting to create and implement new legislation to protect citizens’ biometric data and rights, and to provide guidelines for these data’s fair and legal use. Nevertheless, the fact remains that each company must develop its own ethical policies outlining how they choose to use images responsibly and obtain biometric data for training fairly and legally.
Why not Every Biometric Technology and Platform is Equally Accurate and Fast
There are three main factors that contribute to the speed and accuracy of biometric technologies.
First, obtaining consent-based biometric data for training is expensive, and there is minimal sharing of these data across industry and academia. The lack of access to these kind of data leads to the creation of unreliable and poor-performing algorithms which can be heavily biased towards certain genders, races, or ethnicities.
Second, the development of a high-performing algorithm that will be used in, for example, an Automatic Biometric Identification System (ABIS), and is capable of matching potentially billions of people with the same high speed and recognition accuracy requires a Research and Development team that has biometric domain knowledge and deep expertise in the design, development, and implementation of such a system. This kind of experience can only be gained through hands on creation of national-scale projects.
Lastly, the development of best biometric algorithms requires constant investment in research, testing, and improvements. There are several independent internationally recognised biometric testing laboratories and institutions, such as NIST (National Institute of Standards and Technology), BixeLab, iBeta, and others, where vendors can test their technologies to ensure quality and understand their position in the market.
Leading the Path of Innovation: AI-Based Biometric Technologies of TECH5
TECH5 is an international technology company founded by biometrics industry professionals who have played major roles in some of the world’s largest biometric projects, including the India Aadhaar project and Indonesia’s National ID. Our team combines 500+ years of experience in biometric and secure credentialing programs design and execution, including research, development, sales, and marketing expertise.
FROM ITS INCEPTION, THE COMPANY HAS FOCUSED ON DEVELOPING DISRUPTIVE BIOMETRIC AND DIGITAL ID OFFERINGS BY APPLYING AI AND MACHINE LEARNING TECHNOLOGIES.
Our sustained investment in and single-minded dedication to developing biometric modalities capitalizing on AI brought TECH5’s technologies to the top of the NIST rankings and led us to create a suite of novel products and platforms addressing the digital ID management challenges of the 21st century.
For years, we have invested in AI-based technologies across three biometric modalities – face, fingerprint, and iris, with the goal of developing fully inclusive identification and authentication platforms with a zero-error rate. And we believe AI has a significant role to play in the biometric matching field, serving people and businesses globally in their daily needs, biometrically verifying individuals securely and accurately, providing access to data and services, and preventing fraud.
On the Frontier of AI
Algorithms
TECH5 is committed to ensuring its technologies are highly accurate, robust, and inclusive. Our IP-protected face, fingerprint, and iris matching algorithms are consistently ranked in the top tier in NIST testing, and one of the keys to our success is our innovative approach to data training: to achieve the best results, TECH5’s research team focuses on unique and novel amalgamation of AI/Machine Learning and specialized domain knowledge from traditional methods.
The new fingerprint matching algorithm, submitted by TECH5 to NIST PFT III, is rated as the 2nd fastest and one of the most accurate technologies in the world. This algorithm is based on state-of-the-art AI/machine learning networks infused with fingerprint-specific domain knowledge.
This combination allows for higher matching speed and improved accuracy of the technology, which results in a reduced server hardware footprint and a lower total cost of ownership (TCO) for the entity deploying the platform of TECH5. The TECH5 fingerprint algorithm is 400% faster than the next-fastest algorithm in the report, has a 66% lower error rate, and requires only 50% of the memory resources due to the smaller template size.
The result of submitting our fingerprint matching algorithm to the NIST PFT III evaluation proves our claim that AI/NN (neural network) plays a pivotal role in all biometric modalities to make them robust.
Furthermore, TECH5 has developed an algorithm for fast and accurate contactless fingerprint capture that can be performed using a simple camera of a mobile device. The technology allows for accurate biometric acquisition by capturing a fingerprint(s) image(s) with a smartphone’s built-in camera, checking and enhancing the quality of the captured image(s), running a liveness check, and then packaging and sending the data for verification or registration, all within seconds. The process ensures that the data is taken from a real person and that the image(s) are of acceptable quality, suitable for use with legacy datasets, and comply with applicable standards and customer requirements. This proprietary and patent-pending contactless fingerprint capture technology, called T5-AirSnap Finger, incorporates Machine Learning and Computer Vision with novel image processing techniques to bridge the gap between contactless and contact-based fingerprint capture and recognition and eliminates the need for purpose-built devices for the capture of fingerprint biometric data
Our face matching algorithm is also consistently ranked top tier in NIST evaluations. It was ranked second fastest in the world in NIST FRVT 1:1 and is among the most accurate for face recognition with face masks.
These technologies across all 3 biometric modalities – face, fingerprint, and iris – are used in the T5-OmniMatch ABIS matching platform for National ID-scale projects, as well as in every biometric platform within the T5-Digital ID offering, ensuring inclusion across the globe, and are available for certified partners of the company as part of the flagship capture, identification, and verification offerings.
The iris matching algorithm of TECH5, also a combination of AI and traditional approaches, shows the highest matching speed among all vendors participating in the NIST IREX 10 evaluation.
Data
TECH5 is in a unique position because the company has legal access to depersonalized data for training of its algorithms through partners and projects where our technology is used, academia, and biometric data acquisition.
TECH5 CONTINUOUSLY INVESTS IN MILLIONS OF CONSENT-BASED, DEPERSONALIZED BIOMETRIC IMAGES TO TRAIN ITS AI-BASED ALGORITHMS.
The company is obtaining the necessary rights for millions of images and is regularly training and benchmarking the algorithms using this data.
Access to supersized datasets and expertise of the team ensure that our technologies are not only highly accurate and robust but also inclusive. Furthermore, we believe that only the implementation of ethically trained algorithms can help to develop a transparent and secure biometric market.
Why TECH5 is Different and How it Benefits our Partners and Customers
TECH5 has capitalized on its expertise, knowledge, and access to data for training to develop all three core biometric algorithms based on AI and Machine learning. Not only has TECH5 been one of the first companies to use AI across the three biometric modalities but has also been a leader in combining AI and traditional approaches for training biometric algorithms, which has led to achieving the best results on the market in accordance with NIST testing.
One of TECH5’s goals as a company has been to create a greater understanding within the industry of biometric technologies and its benefits for the users. To that end, TECH5 regularly contributes its expertise and market knowledge as a member of different international organizations such as OIX (Open Identity Exchange), SIA (Secure Identity Alliance), Biometrics Institute, EAB (European Association for Biometrics), and others.
TECH5 works only with certified partners worldwide, which permits us to maintain control over the use of our technologies and contribute to the ethical use of biometrics.
Our high performing algorithms power all of TECH5’s biometric and digital ID platforms, ensuring the highest matching speed and accuracy and lowest hardware footprint among algorithms available on the market.
THE INTEGRATION OF TECH5’S TECHNOLOGIES LEADS TO SIGNIFICANT OPTIMIZATION AND LOWER TOTAL COST OF OWNERSHIP, WHICH IS CRITICAL FOR LARGE-SCALE IDENTITY MANAGEMENT PROJECTS.
The Future
In the coming years, AI is expected to continue to improve the accuracy, speed, and versatility of biometric systems. AI-based algorithms will be used increasingly more to enhance the analysis and interpretation of currently used biometric data as well as improve innovative biometric modalities such as behavioural biometrics, that are not yet widely used.
The AI-based approaches will also help develop new modalities that are not traditional and work in non-ideal conditions. For example, palm recognition works with low-resolution cameras as it does not require stringent capture requirements like traditional fingerprint algorithms. In addition, the rate of algorithm improvements will significantly increase in the areas where traditional algorithms take years compared to AI-based ones taking months. AI will also allow efficiently combining modalities to create robust and high-accuracy algorithms.
TECH5 will continue to lead the field in biometrics, constantly investing in research and improving our AI-based algorithms and adding new technologies to our portfolio, providing our partners and customers globally with the best-in-class biometric matching and digital ID technologies and platforms.
OUR ULTIMATE GOAL IN DEVELOPING AI-BASED ALGORITHMS IS TO ACHIEVE RACE-TO-ZERO-ERROR ACROSS ALL OUR BIOMETRIC MODALITIES.
These platforms will ensure that biometric authentication becomes fool proof, preventing anyone from impersonating another person or gaining unauthorized access.
Guest article provided by Jack Oliver, ShuftiPro.com
Thе gaming industry has sееn еxponеntial growth in rеcеnt yеars, with millions of playеrs еngaging in onlinе gaming platforms worldwide. Howеvеr, with this growth, comеs thе nееd for robust gaming compliancе mеasurеs to prеvеnt fraud and еnsurе fair play. This article will еxplorе thе significancе of gaming compliancе and thе procеss of gaming ID vеrification and also discuss thе bеnеfits of implеmеnting gaming ID vеrification for both playеrs and gaming platforms.
Importancе of compliancе in thе gaming industry
Gaming compliance rеfеrs to thе adhеrеncе to lеgal, rеgulatory, and еthical standards within thе gaming industry. It is crucial to maintain a safe and fair gaming environment for players, protect against fraud, and uphold the reputation of gaming platforms. By implеmеnting еffеctivе compliancе mеasurеs, gaming platforms can еstablish trust, prеvеnt illеgal activitiеs, and safеguard thе intеrеsts of both playеrs and onlinе opеrators.
Onlinе gaming fraud
Onlinе gaming fraud rеfеrs to a sеriеs of scams affеcting thе gaming community to еxtort and еxploit pеrsonal information for monеtary gain. Whеn a person’s identity or personal information, such as credit card or social security numbеrs, is compromisеd, scammеrs could profit from this data rеvеal and cause damagе to thе scamming victim. Onlinе gamеrs arе a common scamming targеt bеcausе many gamеs involvе in-app purchasеs, rеquiring playеrs to providе financial information, such as thеir crеdit card numbеrs.
Gaming scams pose a significant threat to thе intеgrity of onlinе gaming platforms.
This occurs when unauthorizеd individuals gain access to a playеr’s account, еnabling thеm to manipulatе gamеplay, stеal virtual assеts, or еngagе in fraudulеnt activitiеs.
2. Paymеnt fraud
This involvеs fraudulеnt transactions, such as using stolеn crеdit card information or еngaging in chargеback schеmеs, to acquirе in-gamе currеncy or makе unauthorizеd purchasеs.
3. Collusion
Collusion occurs whеn playеrs conspirе to gain an unfair advantage over others, oftеn by sharing information or coordinating gamеplay strategies to manipulatе outcomes.
4. Idеntity thеft
In this type of fraud, individuals usе stolеn idеntitiеs to crеatе gaming accounts or participate in onlinе gaming platforms, oftеn for illicit purposеs.
Gaming ID vеrification procеss
To combat gaming fraud and еnsurе compliancе, gaming platforms implеmеnt a thorough playеr ID vеrification process. This process typically involves the following stеps:
1. Rеgistration
Playеrs arе rеquirеd to crеatе an account by providing basic information such as namе, еmail address, and datе of birth.
2. Documеnt submission
Playеrs arе askеd to submit official idеntification documеnts such as a passport, drivеr’s license, or national ID card. Thеsе documеnts hеlp vеrify thе playеr’s identity and agе.
3. Addrеss verification
Playеrs may bе askеd to provide proof of address, such as a utility bill or bank statement, to confirm their rеsidеntial address.
4. Facial rеcognition
Gaming platforms may еmploy facial rеcognition technology to match thе playеr’s livе imagе with thе photo on thеir idеntification documеnt, еnsuring thе authеnticity of thе idеntity.
5. Background chеcks
In some cases, gaming platforms conduct background chеcks to vеrify thе playеr’s history and еnsurе thеy arе not involvеd in any fraudulеnt or illеgal activitiеs.
Bеnеfits of gaming ID vеrification
Implеmеnting gaming ID vеrification offеrs sеvеral advantagеs for both playеrs and gaming platforms:
1. Fraud prеvеntion
Gaming ID vеrification acts against fraudstеrs, making it morе challеnging for thеm to еngagе in illеgal activitiеs. It hеlps prеvеnt account takеovеrs, paymеnt fraud, bonusеs, and idеntity thеft, еnsuring a fair gaming еnvironmеnt for all playеrs. It maintains online gaming safety.
2. UndеrAgе vеrification
By vеrifying thе agе of playеrs, gaming ID vеrification hеlps comply with lеgal and rеgulatory rеquirеmеnts. It prеvеnts individuals from accеssing agе-rеstrictеd contеnt and protеcts thеm from potеntial harm.
3. Enhancеd sеcurity
Gaming ID vеrification еnhancеs thе ovеrall sеcurity of gaming platforms by еnsuring that only lеgitimatе playеrs with vеrifiеd idеntitiеs can participatе. This hеlps protеct thе intеgrity of gamеplay and prеvеnts unauthorizеd accеss to sеnsitivе information.
4. Trust and reputation
Implеmеnting robust gaming ID vеrification hеlps in dеvеloping trust among playеrs, promoting a positivе rеputation for gaming platforms. Playеrs fееl confidеnt that thеy arе еngaging in a sеcurе and fair gaming еnvironmеnt, еncouraging long-tеrm loyalty.
5. Rеgulatory compliancе
Gaming Idеntity vеrification hеlps gaming platforms comply with lеgal and rеgulatory obligations, such as anti-monеy laundеring (AML) and countеr-tеrrorism financing (CTF) rеgulations. This еnablеs platforms to opеratе within thе boundariеs of thе law and avoid potential lеgal consеquеncеs.
Conclusion
Gaming compliancе in gaming vеrification is crucial in maintaining a sеcurе and fair gaming еnvironmеnt. By prеvеnting fraud, vеrifying playеr idеntitiеs, and complying with lеgal rеgulations, gaming platforms can еnsurе thе intеgrity of gamеplay and protеct thе intеrеsts of both playеrs and opеrators. Implеmеnting robust gaming ID vеrification procеssеs not only еnhancеs sеcurity and trust but also hеlps gaming platforms еstablish a positivе rеputation within thе industry. As the gaming industry continues to еvolvе, gaming compliancе mеasurеs will bе еssеntial in еnsuring a safe and еnjoyablе gaming еxpеriеncе for all.
Phishing had become unmanageable for businesses long before the emergence of Large Language Models and generative AI. Now this cyberattack technique, already responsible for over 90% of data breaches, has been supercharged by a technology that makes it near-impossible to detect. The industry can no longer contend with fraudsters the way it has for nearly two decades. The advancement of generative AI calls for something more…advanced.
To provide some sense of the scale to the problem, the average company experiences 700 social engineering attacks per year – in which an average of 57 are aimed at the CEO. In 2022, we saw a 38% increase in the global volume of cyberattacks, reaching an all-time high in Q4 2022. In the past, many phishing attacks could be easily identified through poor grammar or localization, or through unrealistic schemes. But now that generative AI tools have hit the scene, bad actors have powerful assets to make phishing attacks far more convincing and scalable. In other words, an already monumental problem is getting bigger and, thanks to generative AI, it’s getting smarter too.
Generative AI has changed the security game
When used for good, technologies like ChatGPT have the potential to save businesses valuable time, money and labor, thanks to its content creation and language processing abilities. However, we increasingly see it being misused and weaponised to make phishing scams that much harder to detect.
While generative AI tools can be used by cyber criminals in their public release version, we have already seen ‘innovations’ result in tools like FraudGPT and WormGPT, which have been created and shared on the dark web explicitly for use in cyber crime. These tools jailbreak the official service so that it can be used for purposes that go far beyond the technology’s intended use and bypass any restrictions. In this case, it used to develop business email compromise (BEC) attacks by creating highly convincing phishing emails and even phishing websites.
In the past, it was possible to detect a large proportion of phishing emails or text messages using the eye-test. But now, poor spelling and grammar that normally arouse suspicion are effectively eliminated, and even awkward phrasing ironed out to make phishing messages more convincing. Not only that, but they can be carried out in almost any language desired. This means phishing attacks can and will increase exponentially – in volume, sophistication and overall efficacy.
AI experts often talk about the singularity, where AI surpasses human intelligence and control. While this remains a hypothetical scenario, we have arguably reached this point when it comes to identifying phishing and social engineering attacks. Fuelled by advancements in generative AI, it is now inevitable that a person within an organisation will at some stage inadvertently divulge their credentials as a result.
Some will argue that businesses can fight AI with AI, adopting software that claims to identify content written by generative AI. Even ignoring the mixed results these tools provide, this is a fundamentally flawed approach. Fighting AI with AI creates another round of the same game where success relies on detecting all, or at least a significant number, of phishing attacks. This will lead to an arms race, where phishing attacks and the technology behind them will adapt and become ever more sophisticated and harder to detect in response.
Why we need to rewrite the rulebook
The problem lies in the act of trying to detect phishing emails and social engineering. No amount of training or detection software will ever be a silver bullet. Businesses, and especially leaders responsible for cyber security, need to accept that they are playing the game on fraudsters’ terms, and to begin thinking about the problem differently.
Boiling it down to its basics, the primary reason fraudsters engage in social engineering is so they can get hold of people’s credentials – in order to then take over accounts, access sensitive resources and/or perpetrate further crimes. Typically, this sort of credential attack will involve a victim being sufficiently convinced to click a link to a seemingly legitimate website, and entering their user ID and password – an approach that worked on half of surveyed enterprises in 2022.
Now the fraudster is free to use these credentials on a range of accounts and in a range of scenarios to gain access to a business’ systems and ultimately extract money or data, or both. It is only by going back to the root of the problem that businesses can begin to rewrite the rules – by making credentials un-phishable in the first place.
How do we get there?
As a reminder, 74% of all breaches are caused by human error, privilege misuse, use of stolen credentials or social engineering – the vast majority of which take advantage of knowledge-based “secrets” such as passwords. By eliminating this very weak link in the corporate security chain, we can remove the possibility of fraudsters cashing-in should they succeed in duping somebody with an email or message. The good news is that technology is now available for users to authenticate themselves through simpler, yet stronger passwordless verification methods.
Passkeys are one example of this, using cryptography coupled with on-device biometrics or PINs that people already use to unlock their phone or other devices. The result is that with just a touch of a finger or a quick facial scan, users can log into their accounts safely and seamlessly – without fear of unwittingly handing over their credentials to scammers or through spoofed websites. Passkeys as a primary authentication method bring far greater security – and usability – than passwords.
For example, at an organisation that has adopted passkeys, should an employee follow a link to a fraudulent site they would not be able to enter a password because they simply don’t have one. It is also not possible for fraudsters to instead ask for their biometrics in an attempt to capture and use it, because the associated credentials remain hidden and secure on the employee’s device.
Device-bound passkeys, such as those found on hardware security keys from companies like Yubico, Google and many other vendors, can also function as an unphishable second factor on top of enterprise Single Sign-On platforms such as those from Okta, Duo and Ping identity. These SSO platforms enable other second factor options such as one-time passcodes sent through SMS or an authentication app; such options are stronger than a password alone, but are susceptible to social engineering – as was the case in last year’s 0ktapus attack. FIDO Security Keys, on the other hand, feature device-bound passkeys that are immune to such attacks.
The industry is putting its support behind passkeys, which are built upon open standards from the FIDO Alliance and W3C WebAuthn communities, having played a major role in helping develop the standards. Google recently announced that passkeys are now available for all its users to move away from passwords and two-step verification, as has Apple. Windows 10 and 11 have long supported device-bound passkeys in Windows Hello – and passkeys from iOS or Android devices can also be used to sign into sites in Chrome or Edge on Windows.
We must not let apathy reign: Inaction is Indefensible
Many security leaders understand the impact of phishing attacks fuelled by generative AI on their business, and may already be planning to guard against this. The solution won’t be found in technology alone – in fact, one may argue that this is as much of a communication and education challenge as it is a technical one. These security leads need to convince key people in their organisation that a threat as old as the internet itself has become business critical, and the game has changed to such a degree that the old tactics are woefully outdated.
Others will continue to prioritise other IT and security imperatives – perhaps assuming that there’s little they can do to outwit well-armed attackers. But such apathy should not be tolerated as it is entirely in one’s power to block the vast majority of credential attacks.
For companies that have not yet moved to eliminate passwords and other knowledge-based credentials for user authentication, not taking action now borders on negligence as the attacks are most certainly coming, and solutions to harden one’s enterprise are readily available. To continue using passwords or moving to a more secure technology like passkeys is a choice, afterall. And this choice will have major repercussions if not met head-on very soon.
Every day, Department of Homeland Security officers across the U.S. rely on technology tools to inspect or screen more than 2 million air travellers, including biometrics. SAIC’s Identity and Data Sciences Lab (IDSL) puts these technologies through their paces at our Maryland Test Facility (MdTF), ensuring they will perform as advertised.
Sponsored by DHS’s Science and Technology Directorate (DHS S&T), our lab provides independent testing and evaluation of commercial biometric products for DHS and its components such as Customs and Border Protection and the Transportation Security Administration.
As a trusted partner between biometric technology vendors and federal government users, the IDSL team at the MdTF:
Recruits and hosts a diverse population who give their consent to try out new technologies.
Evaluates biometric sensors and algorithms to see how effectively, efficiently, and equitably they collect and handle data.
Examines human factors–whether volunteers are receptive and responsive to the technologies.
Determines how well the technologies stand up to real-world operating conditions. Our IDSL team also plans and conducts pilot projects and field tests.
Develops the concepts of operations, or CONOPS, for biometric operations.
Briefs customers on product test results and expedites knowledge sharing across government and industry.
Jerry Tipton, SAIC program manager and IDSL’s director said: “We are a proving ground, helping DHS understand which biometric technologies will work in public-facing environments”.
“DHS S&T shares our reports with DHS components and other federal agencies like the FBI, and once the information is made public, vendors use it to improve their products.”
Making security efficient and reliable
DHS is deploying biometric technologies, like face recognition, to modernise security and improve the passenger experience not just at airports but also at land crossings and seaports. Security officers will benefit from more automated and robust verification processes to meet evolving threats and rising travel volumes.
The IDSL team at the MdTF is at the forefront supporting these initiatives. It has worked with face, fingerprint, and iris recognition systems now in use, and serves as a trusted third-party expert in biometric sensors and algorithms, data analytics, and human factors in the testing and evaluation (T&E) services market.
Tipton credits the IDSL’s success to the robust T&E processes and infrastructure that the team of data scientists, neuroscientists, human factors experts, software engineers, and systems engineers—many with intelligence community, Department of Defence, and DHS backgrounds—has built up.
Together, they answer queries about a device or system that could include:
How fast and accurately does it gather biometric information?
How well does it perform at different times of the day, under various conditions?
Does the technology integrate into a security officer’s existing screening or inspection process? Will it perform in an updated process either staffed or unstaffed?
How will it be accepted by the public? Is it intuitive or intimidating?
All of these are real-world factors on the throughput of hundreds of millions of travellers screened or inspected by DHS. As the majority of travellers does not pose security risks, DHS is sensitive to expediting screenings while ensuring security.
We have been a longtime, responsible biometrics advisor to DHS. To date, our 24,000-square-foot facility has welcomed over 3,100 volunteers from 75 countries of origin across five continents to provide their input on identification technologies.
The MdTF hosts a variety of small to big T&E projects each year. Large-scale evaluations can last several months and involve a group of products from multiple vendors.
The goal of each test, however, is the same: enhance DHS security operations and make the process as, equitable, efficient, and hassle-free as possible for citizens.
During the forecast period of 2023-2033, the global facial recognitionmarket is expected to reach an estimated value of ~USD 24 billion by 2033, by expanding at a CAGR of ~16%. The market further generated a revenue of ~USD 5 billion in the year 2022. Major key factors propelling the growth of facial recognition market worldwide are the notable growth in the electronics sector globally and the rising cases of security breaches.
Market Definition of Facial Recognition
Facial recognition is a contactless biometric, contactless solution is a way of identifying or confirming an individual’s identity using their face. Contactless solutions enable easy deployment in consumer devices and is effortless and convenient to use. Apart from individual identities, the technology can gather demographic data on crowds; thus, increasing its usability.
Global Facial Recognition Market: Growth Drivers
The growth of the global facial recognition market can majorly be attributed to the launch of several advanced facial recognition products by the key players operating in the market. For instance, PopID, Inc. and Visa has entered into a partnership to launch facial verification payment acceptance in the Middle East region. Further, the aim is to provide cardholders with new safe, secure, and innovative ways to pay. On the other hand, the market growth can also be attributed several collaborations occurring in the field of facial recognition is also projected to drive the market growth. For instance, SAFR has entered with a collaboration with Geutebruck Pacific to expand the company’s competency.
The global facial recognition market is also estimated to grow majorly on account of the following:
Rising Demand of Smart Phones
Growing Concerns of Cybersecurity
Surging Market Capitalization of Banking Sector
Increased Digitization
Global Facial Recognition Market: Restraining Factor
There is a low adoption rate of facial recognition in developing countries. Hence this factor is expected to be the major hindrance for the growth of the global facial recognition market during the forecast period.
Global Facial Recognition Market Segmentation
By End User (Healthcare, Education, Automotive, Banking, Financial Services and Insurance, Retail & E-commerce, and Others)
The healthcare segment, amongst all the other segments, is anticipated to garner the largest revenue by the end of 2033. The growth of the segment can be attributed to the expansion of healthcare sector across the world. Lately, it was estimated that revenue generation by healthcare segment stood up at approximately USD 60 billion in 2022.
By Application (Law Enforcement, Access Control, Emotion Recognition, Attendance Tracking, and Others)
By Component (Software & Tools, 2D Facial Recognition, 3D Facial Recognition, and Others)
By Region
The North America facial recognition market is anticipated to hold the largest market share by the end of 2033 among the market in all the other regions. expansion of electronics sector in the region. In 2019, the U.S. consumer electronics industry was predicted to garner almost USD 300 billion. Further, the rising digitization and industrialization are also expected to increase the adoption rate of facial recognition in the assessment period. The United States industrial production rose 4% YoY in July 2022, with an increment of 3.5% YoY from the previous month.
The market research report on global facial recognition also includes the market size, market revenue, Y-o-Y growth, and key player analysis applicable for the market in North America (U.S., and Canada), Latin America (Brazil, Mexico, Argentina, Rest of Latin America), Asia-Pacific (China, India, Japan, South Korea, Singapore, Indonesia, Malaysia, Australia, New Zealand, Rest of Asia-Pacific), Europe (U.K., Germany, France, Italy, Spain, Hungary, Belgium, Netherlands & Luxembourg, NORDIC (Finland, Sweden, Norway, Denmark), Ireland, Switzerland, Austria, Poland, Turkey, Russia, Rest of Europe), and Middle East and Africa (Israel, GCC (Saudi Arabia, UAE, Bahrain, Kuwait, Qatar, Oman), North Africa, South Africa, Rest of Middle East and Africa).
Key Market Players Featured in the Global Facial Recognition Market
Some of the key players of the global facial recognition market are PopID, Inc., SAFR (RealNetworks), Inc., Aware, Inc., Ayonix Corporation, Cognitec Systems GmbH, FACEPHI BIOMETRICS Ltd., Fujitsu Limited, THALES, IDEMIA Group, NEC Corporation, Onfido, and others.
Whether it’s airport security checks or facial recognition on smartphones, biometric identification solutions are an integral part of our everyday lives, and the next generation is ready and waiting. DNA-based processes not only enable the accurate identification of citizens, but also raise data protection to a new level.
By Corinna Schindler, Head of Verification at Veridos
While the term ‘DNA Identification’ is usually associated with forensic investigations, the identification of disaster victims or for genetic relationship analysis, the next generation of solutions is providing a new range of capabilities for the public services sector.
Accurate personal identification allows citizens to gain access to government services, mobility and education. The reality in politically unstable countries, however, is that not everyone has a legal identity which can be proved by a birth certificate or passport. Nevertheless, their DNA is unique, so it can lead to a clear conclusion in uncertain situations. The latest technologies can lead to important progresses in this field.
Rapid DNA technologies on the rise
Although the DNA-based method of personal identification has been successfully used in forensics since the 1980s, highly automated technologies have only been available for a few years.
Today, certified “Rapid DNA Technology” solutions using mobile devices and fully automated processes make it possible to generate DNA profiles (known as DNA IDs) from human DNA samples practically anywhere and in the shortest possible time. The processes require no technical and scientific knowledge and without any loss of quality.
Once created, a DNA ID offers a number of advantages over conventional biometric ID, such as fingerprinting or iris recognition. For example, it guarantees lifelong immutability and rules out manipulation. This is because the stored information is locked and protected directly in the nucleus of human cells.
In terms of data protection, a DNA ID achieves an unrivalled level of anonymity. The information stored in a forensic or civil database is purely numeric. It does not allow any conclusions to be drawn about ethnic origin, personal health or appearance but is nonetheless unique. Just the one unique sequence of numbers is recorded for each person, containing less personal data than a passport photo, for example.
While fingerprints, irises or facial shapes change over the course of a person’s life, or can be manipulated by surgical intervention, an unchangeable DNA ID is now the safest and most reliable method of biometric identification.
A simple application in practice
As outlined above, rapid DNA ID generation has become simpler than ever with new automated technological processes. It can be carried out directly on-site using mobile solutions, at official locations or in more remote regions. A laboratory is no longer necessary. All that is needed are the necessary DNA samples and the right device. The current processing time is less than two hours, which is a record in the field. Once created, DNA IDs can be enrolled and securely stored in government-controlled databases, without giving access to externals.
Because of its minimal data size – 200 bits – each DNA ID is easily stored in any conventional chip of smart biometric identification documents, such as passports.
Rapid DNA samples offer a lot of civilian applications. Besides providing secure border crossing processes, the technology can protect elections, clarify relationships between people or prevent identity theft through their use in the registration of new-born children.
But although DNA-based identification allows secure and unique verification of individuals, it is not a “stand-alone” solution. It is an additional tool that, in combination with other biometric identification methods, provides completely reliable information on an ad-hoc basis.
Acceptance through education and transparency
However, the popular association of DNA collection with its use in criminal applications, means there are still reservations about the technology. But DNA identification works much more anonymously and accurately than other biometric methods, raising data protection to a new level. Other biometric technologies such as fingerprint matching or iris scanning, also met with scepticism for a long time, but eventually public opinion changed completely. Today, users unlock their smartphones with biometric data and trust the security that comes with it.
It is fair to assume that as the benefits become known there will be much greater acceptance of identification using DNA IDs among the population.
The future of ID technology
Alongside the established biometric processes such as fingerprint, iris scan or facial recognition, DNA ID heralds the next big step in the identification and verification of people. The quick and reliable results that rapid DNA technologies provide will increase their acceptance, and we can expect to see the technology find its way into further areas of life, where citizens and governments alike will benefit from the advantages of rapid and reliable DNA-based personal identification.
Banking has been at the forefront of one of the most significant social changes in the digital era. Despite being a highly regulated sector, it also holds substantial influence over people’s lives.
Enhancing life in the digital era
The emergence of neobanks and the cloud-focused approach of traditional banks have reduced costs and helped foster financial inclusion in less privileged regions. Although digital banking’s penetration remains uneven, it faces common challenges worldwide. One of them is digital identity management, an area where companies like TrustCloud have a well-established track record.
To put the evolution of the industry in numbers, 1 in 4 bank customers worldwide now uses digital services. Asia leads the market, with a projection that by 2024 it will reach one billion users on the continent. This growth represents a staggering 20% increase in just four years. This quantum leap will also be supported by the development of robust video verification for account opening.
Emerging markets and new strategies
Increased investments in infrastructure and a growing financial culture have positioned Mexico as a prominent player in digital banking user growth. Other markets, such as the Philippines, United Arab Emirates, and India, are also making their mark. It will be worth observing the strategies these nations deploy in the coming years. Above all, however, Brazil stands out, with an impressive 42% of exclusively digital users.
According to various studies, the percentage of young people (born between 1995 and 2005) who have access to digital financial services is around 89% worldwide, compared to less than 40% for boomers (born between 1946 and 1964).
Digital identity at the core
The rise of digital banking is inherently linked to the need for improved digital onboarding processes. Opening an account swiftly and securely is only possible through the combined commitment of financial institutions and technology companies. As a specialist in video identification and secure digital transactions, TrustCloud offers solutions that strengthen new customer onboarding through biometrics, video identification for digital identity verification, and KYC analysis.
Statistics show a positive attitude among consumers towards digital banking and a greater trust in committed technology providers like TrustCloud, who provide convenience and privacy.
By Patrice Caine, Chairman and CEO of Thales Group
Name me a game-changing technology that hasn’t incited a heated debate…I’ll wait. Not that debate isn’t a good thing, it most definitely is – but it’s poorly argued stances that often grab the headlines, split public opinion, and erode trust.
So how do we reach a rational analysis of biometrics technologies and their impact on society? To my mind, the first thing to do is to clear up three sources of confusion; what it means, how it’s used, and how secure it is.
“Biometrics” still unfortunately has negative connotations to many, linked closely to totalitarian images of mass surveillance. But recognising a person from their physical characteristics is not necessarily negative, or even particularly new. Civilisations have been doing this in some way since the second millennium BC, although fingerprinting only became a standard police practice until the late 19th century.
There’s no getting away from the fact that the permanence and individually identifiable nature of biometric data separates it from other kinds of data. But that doesn’t automatically make it more sensitive than other types of personal information. Your location data, for instance – or your bank details – would likely spark more of a reaction from the typical user if they were stolen, compared to your face. Don’t forget many of us have likely posted that publicly of our own free will anyway.
The two primary uses of biometric data – authentication and identification – have little to do with one another. Authentication is about providing a secure way for an individual to prove their identity, and there are various use cases that most of us have got used to. Biometric passports, for example, have been with us for some time, and using our faces or fingerprints is a common practice now to unlock our smartphones. But biometric identification is another matter, and it’s distorting the public debate to such an extent that some people are starting to confuse the two.
Identification for some crosses a line, because it is about identifying a person in a crowd, for example, with no action taken by them, and in some cases simply because they happen to be in a public space. As we know, misuse of these applications comes with risks attached, such as invasion of privacy or the restriction of individual freedoms. But these risks are no more serious or unavoidable than the risks around many other technologies. The difference is that society chooses to limit the risks for those through a combination of regulation and technical improvements, and we must do the same with biometrics.
In terms of security, biometric data is typically encrypted to protect it from unauthorised access. Encryption involves transforming the data into a coded form that can only be deciphered with a specific key. This ensures that even if the encrypted biometric data is intercepted, it remains unreadable and unusable without the proper decryption key. Advanced encryption algorithms and techniques are employed to safeguard biometric information, adding an extra layer of protection.
Authentication, which is the primary use of biometric data, relies on secure protocols and processes. When biometrics are used for authentication purposes, such as unlocking a smartphone or accessing a secure facility, the biometric data is compared against a stored template. This comparison takes place within secure systems and does not involve transmitting the raw biometric data. The stored templates are often encrypted and stored in a secure manner, further protecting the biometric information.
To mitigate the risks associated with biometrics, technological advancements in areas such as data encryption continue to improve the security of biometric systems. Additionally, tighter regulations and governance frameworks are crucial in ensuring the responsible and secure use of biometric data. The UK Government’s Science and Technology Committee, through its ongoing inquiry into the governance of artificial intelligence, is working towards developing robust frameworks that address security concerns and protect individuals’ privacy rights.
The UK debate around biometrics has witnessed significant developments. One notable example is the controversy surrounding the use of facial recognition technology by police forces. In 2019, the South Wales Police faced a legal challenge over the deployment of facial recognition systems, raising concerns about legality, effectiveness, and potential privacy infringements. Another instance is the scrutiny around the use of biometric data in schools, where it is used for things like meal payments. In 2018, a secondary school’s trial of facial recognition technology sparked criticism.
The Metropolitan Police has come under similar criticism and legal pressure, and alongside South Wales commissioned research that was published in March 2023 by the National Physical Laboratory (NPL), finding that when the Live Facial Recognition is used at a threshold setting of 0.6 or above, there is a “substantial improvement” in its accuracy compared to previous iterations, with fewer false positives.
The efforts and advancements made in securing biometric data should be acknowledged. By combining encryption, secure protocols, and appropriate governance frameworks, we can strike a balance between maximising the benefits of biometrics and safeguarding individual privacy and security. It will take an open and well-informed dialogue to successfully shape responsible and effective use of biometrics in the UK and beyond.
Guest article provided by Tom Topol, Passport History Expert.
“In the process of crossing a border, one must offer a passport, a booklet, and engage in the task of substantiating to the border officer that they embody the very essence of the documents themselves. Contrary to common belief, many individuals hold the mistaken assumption that the authentication process operates in reverse. It is an intriguing concept that the epitome of one’s authoritative representation is not found within their tangible existence, but rather encapsulated within a mere sheet of paper.”
The word “passport” derives its significance from the notion of “passing a port,” originally associated with seaports but now predominantly linked to airports. Interestingly, “port” carries the additional meaning of “gate.” Consequently, when we find ourselves within airport premises, what do we traverse? Indeed, it is the “eGates” that await us. While the physical booklet serves as evidence to establish our identity as “the document,” the term “passport” persists, having endured for over five centuries. However, we must contemplate its suitability for the future that lies ahead.
Fast forward to 2035: “YOUR BIOMETRICS, PLEASE”.
By the year 2035, the concept of physical travel documents will have become obsolete, prompting border officers to request your biometrics instead, be it fingerprints, iris scans, or vein patterns, which will be captured using advanced scanning devices. However, it is crucial to recognise that this biometric request will not be your initial encounter with identity screening. From the moment you step foot into an airport facility, an intricate web of facial recognition cameras will have already identified you. The authorities will possess knowledge of your identity, prompting them to carry out a comprehensive personal security screening. Astonishingly, an officer may address you by name, even if you have never crossed paths before. They may inquire about your experience flying business class, seated at 9A, on Sky Airline 232 from New York to Tokyo, despite you never divulging this information.
They will even possess awareness of your stay in a compact room in Tokyo’s Shinjuku district, gleaned from reading your evaluation on TripAdvisor. This may sound like a work of fiction, but it is not, as U.S. authorities are already empowered to request preflight personal data, including access to your social media profiles, before you set foot on American soil.
The trajectory of travel documents in the forthcoming years promises to be an intriguing and captivating one, regardless of the specific form they may assume. The global market for passports is currently experiencing a remarkable surge, a trend that comes as no surprise given the post-pandemic surge in travellers, flights, and tourism.
Consequently, the demand for passports has soared, necessitating enhanced security measures and heightened levels of sophistication. Crafting a modern passport entails a multifaceted challenge, encompassing considerations such as graphic design, the integration of robust security features, and ensuring technical feasibility. Can you conceive of any other personal document that surpasses the biometric passport, also known as the electronic Machine Readable Travel Document (eMRTD), in terms of sheer technological advancement? It is truly remarkable how an assemblage of cutting-edge technologies is dedicated to a document that serves the sole purpose of granting or restricting someone’s freedom to travel from point A to point B.
Two and a half centuries ago, the world existed in a vastly different state, devoid of the global interconnectedness we witness today. It is worth noting that even the United States of America had yet to come into existence during that period. At that time, the inception of a modern passport system, instigated by the French in response to the upheaval of the French Revolution, was still in its nascent stages. In stark contrast to the multifaceted and intricately designed passport booklets of contemporary times, passports of yore were remarkably simplistic.
This simplicity stemmed from the absence of concerns surrounding document security and personal identification prevalent in the present era. In essence, passports of that era possessed a purely functional nature, serving their basic purpose without the need for elaborate features.
“Mr. Jones is traveling with his wife and two daughters to the continent”.
In their simplicity, early British passports lacked any physical descriptions of the individuals they represented. It is precisely these antiquated travel documents that have captivated my attention for over two decades, fuelling my passion for research and collection. Beyond their aesthetic appeal as beautiful collectibles adorned with vibrant stamps, visas, and handwritten entries, these old passports hold a profound allure. They encapsulate documented history, encompassing elements of bureaucracy, geography, and the personal lives and destinies of their bearers. Not only do they possess historical value, but they also hold potential monetary worth, occasionally commanding significant prices in the collector’s market.
Consider, for instance, the case of a 1931 passport belonging to the esteemed American baseball icon, Lou Gehrig, which fetched an astonishing $263,000 at an auction in 2015. However, let us also ponder the significance of seemingly “ordinary” passports hailing from minuscule or extinct nations like Tanganyika, the Free State of Fiume, or Heligoland.
Though these names may evoke a sense of fantastical realms today, they were once tangible entities, albeit existing for brief periods. The realm of the British Empire, in particular, boasts a wealth of diverse passport types, some of which have become exceedingly rare and elusive in contemporary times, compelling collectors to make substantial investments to acquire these prized possessions.
In a future devoid of physical passports, these remarkable documents will continue to recount their passport historical tales, thereby enhancing their collectible value. They serve as timeless artefacts that bear witness to the unfolding narratives of our past.
So, the question, “Don’t you know who I am?” becomes redundant, for indeed, we possess a keen understanding of the individuals encapsulated within these passport narratives.
The world’s growing reliance on digital identities and mobile wallets demands that developers deploy the highest levels of app security. Francis Richards, Product Manager, Signing & Senior Solutions Architect at Cryptomathic provides three critical considerations to get started.
Digital identity wallets, like the European Digital Identity (EUDI) wallet, are quickly becoming an indispensable part of daily life. Already, mobile apps allow people to access public services, open a bank account, board a plane, purchase car insurance, apply for a new job, and much more. The EUDI wallet, which will start rolling out across the European Union in 2024, will take these applications a step further, revolutionising how citizens and businesses can identify themselves.
Designed to allow users to securely store and selectively share personal identification data based on their national electronic IDs (eIDs), the EUDI wallet will also house other digitized attestations of identity documents such as travel credentials (ePassports), driver’s licenses, university diplomas, medical records, and bank account details. It will also be used as a means to verify identity for gaining access to online resources, such as government websites and personal bank accounts.
While incredibly convenient, the wealth of sensitive data stored in this type of mobile app wallet means that it will likely be under constant attack. For most developers, issuing a mobile app with rich and security sensitive functionality at this scale is new territory, any stakeholder responsible for the development of digital identity mobile applications or EUDI wallets should consider three important factors that directly impact security.
1. Understanding threats and threat vectors
In its latest annual Threat Landscape Report, the European Union for Cybersecurity (ENISA) provides a thorough analysis on the status of the cybersecurity threat landscape and concludes that threat actors are increasing their capabilities, developing their hacker-as-a-service business model, and developing novel and hybrid threats.
As such, it’s imperative that mobile app developers stay alert to the fact that threats to digital identity wallets will come from multiple diverse sources, all with varying motives. Examples of threat agents are numerous and include:
Lost/stolen digital identity wallets in the hands of a threat actor.
Malware installed on the device which can interact with the wallet in a malicious manner to log user credentials, output, or probe the app to act in an unintended manner. This includes malicious overlays, screen casting tools and repackaged apps on the mobile device that can interact with the wallet.
Jailbroken/rooted devices that offer less OS guarantees.
Mobile apps that incorrectly implement security mechanisms of the underlying mobile app platform (ie iOS, Android).
A compromised or monitored network that allows eavesdropping or altered network communications.
Development and test tools that can interact with the mobile app at a low level to gain a detailed understanding of how the app’s security mechanisms work to obtain sensitive information contained within it or change the way in which the app operates.
Poor code quality can lead to the discovery of vulnerabilities that the attacker can exploit.
A truly secure digital identity wallet will need to protect against the full depth and breadth of today’s threat landscape.
2. Risk assessment vs. threat modelling
When protecting an existing asset with known threats and established vulnerabilities, a risk assessment is often the most appropriate technique to enhance the security of the asset. For newly developed applications, however, where the inherent vulnerabilities of the asset have not been fully identified, threat modelling may be a more appropriate methodology.
Threat modelling enables the developer to focus on the entire attack surface when developing and deploying security controls, and not just the risks. An effective way to achieve this is by deconstructing the wallet into multiple component parts that support the functionality and interfaces of the wallet. Using knowledge of the applicable threats and typical attack vectors, the developer can choose one of several available threat modelling techniques (or develop its own) to fully understand and categorise these threats to the new application.
3. Finding the right resources to develop and test mobile app security
Protecting applications in a hostile environment is a cat-and-mouse game with attackers. To be regarded as a ‘trust anchor’, digital identity wallet issuers will need to carefully consider their risk mitigation strategy and develop a defence-in-depth model encompassing both proactive and reactive measures.
Since mobile app security is a complex field requiring a skillset that differs from mobile app development, digital identity wallet developers and issuers must identify critical knowledge gaps in their technical resources, skills, processes, and security tooling. If they are unable to plug these gaps with existing resources, they must work with specialist external partners to ensure compliance with industry best practices and regulatory standards.
Only when these three considerations have been considered, and the appropriate safeguards put into place, will digital identity wallets deliver the convenience, security, and seamless user experiences they promise.
Dr Paul Dunn, chair of the International Hologram Manufacturers Association, considers the development in authentication and anti-counterfeiting holograms in South America.
Since its invention in 1947, the hologram has emerged against a background of growing global piracy, counterfeiting and diversion to become one of the most successful overt anti-counterfeiting technologies available today, so critical in the fight to preserve brand integrity, consumer safety and corporate reputations.
Today, holograms are used as a highly effective anti-counterfeiting feature on nearly half the world’s banknotes and fiscal stamps. They are also used for passport and ID document protection and over the years, have seen their role expand to protect the world’s largest software brands, automotive parts, pharmaceuticals, cosmetics and industrial goods against counterfeiters and organised crime.
Advances in production techniques and nano-technology based visual effects make it difficult to accurately copy an authentic hologram. This has ensured its success – the hologram acts as an alarm bell, alerting authorities and law enforcement to the possibility that all is not what it seems and the product could be a counterfeit. In other words, the role of a hologram is not to prevent counterfeits – that would be impossible – but to act as an effective detection device, making it easier for the trained eye to distinguish the real thing from a fake. And, thereby, an effective deterrence.
Ongoing threats, increased illicit trade and counterfeiting will continue to drive hologram growth, particularly for authentication purposes. Indeed, growth in security devices such as holograms appears ‘strong and potentially lucrative’, following ‘The Future of Anti-Counterfeiting, Brand Protection and Security Packaging to 2026’ and other reports predicting increasing incidences of global counterfeiting alongside heightened awareness of tracing technologies.
The inexorable rise in counterfeiting is a result of several factors: the globalisation of manufacture, industry and trade; extended supply chains; the growth of brands, inadequate enforcement and weak criminal penalties; the rise of the Internet as a conduit for counterfeit goods and the advent of modern reprographic equipment that makes the reproduction of such brands – and in particular their packaging – so easy and lucrative. The current global economic situation, with a cost-of-living crisis, soaring inflation, shortages of commodities and OEMs and many countries on the cusp of recession, if not already in one, only exacerbate the problem.
Protecting ID
However, despite the challenges, holography is responding and today we see its myriad deployment across the security industry. For example, governments and passport agencies continue to be impacted to the tune of billions of dollars each year in lost revenue by counterfeit documents and ID fraud. Recently, the problem has been exacerbated by the impact of Covid, which has accelerated digital transformation in every industry, accompanied by a dramatic increase in fraud.
Providing innovative and sophisticated solutions for security documents requires not only a design that will make a document attractive; it also means enhancing the intrinsic security of that document. Secure document conception can be achieved for ID cards and passports by integrating security features with exclusive designs that highlight attack attempts and facilitate controls, for example, checking that an ID document matches the bearer.
Holograms protect and authenticate, alerting issuers and those checking the documents to counterfeiting attempts. Indeed, in the wake of the Covid pandemic, countries around the world continue to examine ways to make their document(s) more secure. This has paved the way for a new generation of high security holograms that push the envelope when it comes to ID document security and protection, providing highly effective tools to help law enforcement to better fight the criminals.
One of the firms at the forefront in this sector is Monterrey-based Intelligent Forms whose high security hologram products are used by governments, banks, universities and commercial enterprises to protect and validate documents or products that require authentication. The company produces tickets for events and sports matches that feature holograms alongside special papers, inks QR codes and variable folios as part of a package of state-of-the-art anti-counterfeiting and brand piracy measures. Its holograms are also incorporated onto environmental and climate resistant high security labels that come into contact in food packaging and labelling applications.
Another company at the forefront of holographic label development in South America is Colombia specialist Combustión Ingenieros S.A.S. Its labels are used in myriad applications across the continent for the identification, protection and promotion of packaging to prevent counterfeiting of products and brand items, including fresh and canned food, medicine, replacement parts, alcohol, software, electronic equipment, books, clothing, beauty products and cosmetics, jewelry and accessories, barcode and expiration date labels. These are supplied in rolls with contact adhe-sive for manual or automatic application, and when a label is removed from the protected item the hologram is partially destroyed, leaving evidence that the product has been compromised and prohibiting the label from being used again.
In Brazil, the first major redesign of the country’s passport for over 20 years has used holograms and optically variable inks (OVIs) to provide improved security features. The new-look, award winning e-document integrates a suite of security features while each page features a different design both in print and watermarks illustrating Brazil’s biodiversity. The biodata section has an offset security background, bar code, bearer’s biodata, laser perforation, secondary image and holographic security laminate. The passport was a joint winner of the best new passport category at the 2023 High Security Print LatAm Conference awards.
Holography has helped to bring smartphone digital interaction in the brand protection and authentication space closer as the technology discovers new outlets and innovative applications. In turn, this is driving continued expansion as increasing numbers of organisations accept the advantages holograms offer and invest in digital-based interactive solutions for their products to protect against global brand piracy and counterfeiters.
In particular, we are seeing opportunities appearing for brand protection and anti-counterfeiting through hologram validation using computer vision on smartphones; the use of smartphones with integrated cameras has been transformative, and image and video content captured on these devices dominates so much of contemporary life through social media, entertainment, recognition and validation. So called ‘computer vision’ has become both ubiquitous and familiar; a powerful tool for the validation and recognition of holograms when linked with the connectivity of smartphones to central data repositories against which the hologram and other information can be matched
For example, the consumer can validate the integrity of hologram while a unique identifier links it to an information system (track and trace) which confirms the authenticity or not of the product. Furthermore, the use of a mobile app in the consumer’s smartphone can ‘interrogate’ the hologram and search for all the embedded security elements by examining the interaction via reflected light.
Computerforms is another leader in the sector whose hologram products are used to protect official document forms. The firm offers a wide range of products that include school certificates, birth certificates, identification cards, vehicle control stickers, firearm licenses, and much more. Ensuring the authenticity and security of official documents is a priority for the firm’s commercial focus – it takes extensive measures to protect documents against counterfeiting and unauthorised duplication with technology incorporating intricate designs, tamper-evident elements, UV reactive inks, variable printing, serial numbers, and lenticular technology within the holograms. These measures provide customers with reliable solutions to effectively safeguard their brands, products, and reputation.
Countering healthcare counterfeiting
In the wider context of tackling illicit healthcare activity, regional law enforcement agencies are urged by the IHMA to step up their investment in anti-counterfeiting measures to stem the trade in fake medicines and drugs. This comes on the back of warnings from the Institute of Research Against Counterfeit Medicines (IRACM), which has found that Latin America appears in second place, surpassed only by Asia, as the region that produces and markets the most counterfeit medicines.
WHO has previously said that access to fake medicines is a problem across South American countries, where the high demand for medicines and lack of local production opens up opportunities for counterfeit products. Counterfeiting is a multi-billion-dollar problem but the current situation remains of concern to the IHMA as criminals continue to take advantage supplying fake pills and tablets to people unable to afford genuine healthcare products and medicines.
However, packaging featuring security devices can ensure quality and check the distribution and smuggling of illicit products, while items not displaying security devices like holograms can be quickly seized and destroyed. In South America, we are seeing authorities inexorably moving towards the inclusion of biometric technology in their anti-counterfeiting plans, in an effort to stem the rising tide of identity fraud.
Holograms used for these applications protect customers from worrying safety, quality and reliability issues surrounding sub-standard counterfeit products. Innovation in this form can help also to remove the financial risks associated with the counterfeiters’ use of sub-standard materials and tolerances leading to shortened equipment life, higher running costs and potential threat to life through fire or catastrophic equipment failure.
It’s clear that South America offers exciting opportunities for holograms as manufacturers look for new markets and applications for their technologies. Moreover, the use of well-designed and properly deployed authentication solutions, as advocated by the ISO 12931 standard, enables those with brand protection responsibilities to verify the authenticity of a legitimate product, differentiating it from counterfeits.
For example, Hologramas de Mexico is a manufacturer and supplier of optical security solutions and has created a new generation of high-quality holographic labels used to protect clothing and sports merchandising – its technology allows holograms to be applied to garments to authenticate and certify their originality. In another interesting development, these labels can be used to prevent counterfeiting of military or police uniforms – as well as clothing brands – extending holography’s potential to reach new markets and add even more customer value.
Even those that carry a fake authentication feature can be distinguished from the genuine item if the latter carries a carefully thought-out authentication solution. The advantages holography offers will only continue as ever more advanced digital and mobile-based technologies gain more and more traction.
The digital age has brought about a growing need for enhanced privacy and control over personal data. Existing methods of securing personal data have, time and again, proved themselves vulnerable to the growing capabilities of cybercriminals and the risks of unintended leaks. The emergence of decentralised identity and access management (IAM), however, is offering an approach that empowers individuals to take charge of their digital identities and, as such, differs significantly from traditional digitised IDs, offering numerous potential benefits for users and organisations alike.
The decentralised IAM concept is based on a set of open standards that define a self-sovereign identity. In this approach, individuals own their identity attributes and can decide which parts to share with relevant organisations. This is in stark contrast to traditional digitised IDs, where users must share all their information, often exposing more details than necessary or desired.
Decentralised IAM can deliver enhanced privacy by enabling users to take control of their data and choose which attributes they want to share with whom and when. This approach not only respects individual privacy but also aligns with privacy regulations, as decentralised IDs ensure that data flow remains in the hands of users.
Furthermore, this system allows for a clear separation between personal and organisational data, granting organisations access only to the necessary information while safeguarding individuals’ personal details.
Looking at the situation faced by most organisations today, one of the primary challenges with current ID systems is that they contain information that – in certain contexts – can be considered excessive. As a result, users have limited control over their data – they must either share their full ID document or not share it at all, making it challenging to control the dissemination of specific personal details. Consider, for instance, driving licences that include an individual’s address. While these are widely used to confirm age and identity, not every situation requires that the owner reveals where they live.
Granular Control
In contrast, decentralised IDs aim to address these issues by giving people control over their own identities and data. Offering granular control, identity details can be managed and shared based on a specific set of attributes and parameters, such as age or location. Users are empowered to selectively expose attributes to gain various levels of access, while advanced authorisation systems that react to these attributes can be implemented to offer a more secure and personalised user experience. In this way, online services can be tailored to the needs and preferences of the individual – all governed by their willingness to share identity components.
One of the key questions to consider, of course, is how this can be achieved. In simple terms, decentralised identity management can be facilitated through the use of blockchain
technology, which can provide both the required decentralised framework and a high level of assurance. In particular, blockchain’s distributed nature ensures that identity data is secure and not reliant on a single centralised authority.
More specifically, policy-based access control can be used to regulate access to data, applications and services based on an individual’s identity. Decentralised IAM allows access control systems to operate on the attributes provided by decentralised IDs, enabling a more flexible and secure authorisation process.
Implementing Decentralised IAM in Businesses
Decentralised IAM solutions are being increasingly considered and adopted by a wide range of businesses looking to streamline processes, enhance security, and improve privacy. In the healthcare sector, for instance, the approach offers the potential to safeguard sensitive medical information while enabling the secure sharing of health records with selected providers, ultimately contributing to better patient care.
Financial institutions can benefit from decentralised IAM by securely managing customer data, ensuring regulatory compliance, reducing the likelihood of identity theft and facilitating secure transactions. For e-commerce and retail businesses, decentralised IAM allows the creation of personalised shopping experiences that foster trust and loyalty while respecting customer privacy.
In the human resources and recruitment context, decentralised IAM enables companies to manage employee data more efficiently and streamline the onboarding process. Job applicants can securely share relevant information without disclosing their full identity, simplifying the recruitment process. Similarly, educational institutions can leverage decentralised IAM to help students and staff securely manage their digital identities, share academic records and access necessary resources based on their roles and responsibilities.
At a time when identity theft, fraud and personal data misuse are becoming more concerning trends for authorities and individuals alike, decentralised IAM offers the potential to deliver a new era of privacy and control, allowing users to own their data and decide how it is shared. As the technology matures and more organisations adopt decentralised IAM solutions, we can expect to see a significant shift in the way digital identities are managed, ultimately benefiting both individuals and businesses alike.
Guest article provided by Fabien Deboyser, NXP Security Certification Expert.
In this blog, NXP Security Certification Expert, Fabien Deboyser, explores the key considerations for the certification of EUDI Wallets. Fabien reviews the specifics of mobile phone architecture aligned with the latest Architecture and Reference Framework (ARF) provided by the eIDAS expert working group, outlines envisioned use cases, provides analysis on the key challenges for security certification and defines the role of the Security Evaluation Standard for IoT Platforms (SESIP) methodology.
Mobile phone architecture & the eIDAS expert working Group ARF
Mobile phones have become an essential part of our lives and we use them for a variety of purposes, including communication, online banking, shopping, transportation, social media and many more. The architecture of a mobile phone is complex, involving a variety of hardware components (e.g. processor, sensor, display, battery, camera) and software components (e.g. Operating Systems, applications, drivers, firmware) that work together to provide a seamless user experience.
To enable and improve the interoperability of the EUDI Wallet across European Union countries, the eIDAS expert working group created the ARF document, aiming to:
Provide all the specifications needed to develop an interoperable EUDI wallet solution based on common standards and practices
Provide a state-of-play of the eIDAS Expert Group’s ongoing work
Form the basis of the reference implementation of the EUDI project and support the EU Commission’s large-scale pilots.
Key challenges of ensuring security for the EUDI Wallet
“A technology where we can control ourselves what data is used and how.” Ursula von der Leyen, President of the European Commission.
With the introduction of the EUDI Wallet eIDAS v2.0, security will be of prime importance to ensure a high eIDAS assurance level, so that solutions can be trusted by governments, businesses and end-
users. The following key challenges also need to be addressed:
1. The EUDI Wallet is a new attractive target for cyberattacks
The EUDI Wallet will become a technological centerpiece, enabling several use cases as identified in the ARF:
Secure and trusted identification to access online services
Mobility and digital driving license
Healthcare credentials
Education credentials
Professional qualifications
Digital finance
Digital travel
Many of the above use cases are traditionally secured with smartcards certified at Common Criteria level EAL4+ with VAN.5, and the EUDI Wallet will need to provide an equivalent level of security.
Main challenge: Providing an end-to-end solution for the EUDI Wallet that will secure its lifecycle, environment, components, usage, and integration within the mobile phone.
2. Citizen data shall be protected and meet GDPR regulation while ensuring user consent.
The level of security should ensure confidentiality, integrity and privacy of the EUDI Wallet. While several EUDI Wallet implementations can be deployed as described in the ARF, not all implementations are offering a similar level of security for confidentiality, integrity and privacy.
As an example, mobile phone-enabled Secure Elements (SEs), which are certified as meeting EAL5+, will offer the EUDI Wallet local citizen data storage. However, other solutions might require remote handling of citizen data, where the security objectives of confidentiality, integrity and privacy will need to be covered.
Main challenge: Providing a solution for the EUDI Wallet that covers the security aspects of confidentiality, integrity and privacy, while maintaining the user’s consent. It will be important to avoid the centralization of citizen data, which could become attractive to a nationwide attack.
3. Security certification standards and guidelines shall be identified
A standardized approach to certification will be important to ensure all wallet implementations are interoperable, and provide an overall level of security compatible with eIDAS security level high.
The European Commission has acknowledged the need to identify a toolbox that will meet these needs. Here there are three streams to consider. One is that several solutions already exist, with proven records such as PP0084 EAL4+ with VAN.5 for Secure Element, CSP applet Protection Profile, etc.
The second element is those technologies that are not already available and certified to meet the required levels of security and interoperability; such as key management, lifecycle management, security of specific hardware and others.
The final consideration is the security of specific hardware and software components that will play a role in the EUDI Wallet as supportive elements (NFC, UWB, mobile phone OS, etc.).
Main challenge: Define standards and guidelines for the EUDI Wallet to enable harmonization and interoperability of the solutions.
4. EUDI Wallet lifecycle management
The EUDI Wallet lifecycle management shall cover all aspects of the wallet, from the manufacturing, enrollment, application installation, activation and deactivation of wallet, product update and product retirement, as traditional lifecycle events.
This will also include lifecycle events more traditionally related to the mobile phone usage and the citizens such as acquiring a new phone, delegating the wallets (for example in the context of a family), updates to citizen information and transportability.
Main challenge: Define EUDI Wallet lifecycle management covering all the lifecycle steps in a meaningful way while ensuring the security at each stage.
5. Mobile phones are subject to many updates
Mobile phones are subject to many updates. Frequent software and firmware releases, new features, bug corrections and security patch updates are dynamic and occur on a regular basis.
On a positive side, those updates are enabling a security continuity of the product and reducing the window of opportunity for an attacker.
The negative side to this is that systems not kept up-to-date or not updated as soon as new versions are available can present opportunities for attacks.
Main challenge: Ensure that all critical updates are being released on a timely basis to maintain the system security and EUDI Wallet key secrets, whilst ensuring the introduction of new critical updates on the mobile phone does not impact the security level of the EUDI Wallet and that functionality remains the same.
6. The EUDI Wallet cryptography shall be post-quantum resistant
As EUDI Wallets will be used by citizens to perform sensitive digital administrative activities, the implementation of post-quantum resistant cryptography is of major importance.
Increased usage of the EUDI Wallet and associated sensitive data, as well as the transfer of data between stakeholders traditionally protected with strong cryptography are at risk of data harvesting. Here the decryption of this sensitive data would represent a future threat when quantum computers become available.
Main challenge: Ensure that EUDI Wallet cryptography is post-quantum resistant.
7. The EUDI Wallet will maintain security operations while the mobile phone is out of battery or out of network
As the EUDI Wallet is aiming to offer similar usage as traditional ID documents, it should remain available to users even when offline, to ensure its usage isn’t restricted to areas with Wi-Fi, or mobile network connections EUDI Wallet. When offline, and in cases where the phone is out of battery, it will be important to maintain security.
Main challenge: Ensure the availability and security of the EUDI Wallet in the context of the mobile phone being out of battery or out of network.
SESIP evaluation methodology and the EUDI Wallet ecosystem
In this section we will review why SESIP is a good fit for the EUDI Wallet ecosystem.
1.SESIP is designed for accessibility
The SESIP evaluation methodology has been designed for accessibility, with the objective that the results of an evaluation must be accessible and useable by security-proficient developers without the need for evaluation expertise.
Additionally, SESIP incorporates a set of Security Functional Requirements (SFRs) that are a perfect fit for the EUDI Wallet, which include, but are not limited to:
Identification and attestation of platforms and applications
Lifecycle management, covering aspects of secure boot, product updates, secure installation, and others
Identity of the device, including platforms, applications and platform components
Cryptographic functionality
Compliance functionality, covering secure storage, audit log, debugging and others.
2. SESIP is designed for reuse and composition
SESIP has been designed to enable reuse and composition of evaluation results for security certifications, so that previously certified components can be reused to simplify future evaluation processes for new solutions.
The SESIP evaluation methodology provides guidelines for the reuse and composition of evaluation results and has been used already for recognized industry certifications such as ISO/IEC 62443, ISO21434, WPC Secure Storage Subsystem, ISO26262 and others.
Additionally, SESIP covers the composition of evaluation, for example an evaluation of a software applet running on top of a Common Criteria EAL5+ hardware which results in a simplified evaluation approach.
3. SESIP Protection Profiles are easy to create, fostering harmonization and making them an ideal target for mobile phone components supporting the EUDI Wallet
SESIP has been designed for accessibility. One key feature is the ability to easily create a SESIP Protection Profile which fosters harmonization. The creation of SESIP Protection Profile that is designed for a specific component allows a strict formalism of the key essential features, and in a language that can be understood by all stakeholders involved in the development and usage of the specific component. Supporting the harmonization of components that play a supportive role in the EUDI Wallet will ensure end to end security.
Let’s look at it in practice. The following diagram represents an EUDI Wallet architecture proposed by the ARF document prepared by the eIDAS expert working group.
Wallet Secure Cryptographic Device (WCD)
The security of the layer of WCD is traditionally covered by several hardware and software components that are certified with Common Criteria EAL5+ as the state-of-the-art of security in the industry. However, other elements of the WCD are not covered as extensively, despite playing an important role in security as supportive elements.
SESIP can map security requirements to address the communication layer such as NFC and UWB. The creation of SESIP Protection Profiles for this specific communication layer will allow a step-up in security as well as their integration within the mobile phone to protect against misuse.
Wallet Creation Application (WCA)
The Wallet Creation Application layer can strongly benefit from SESIP, as it can cover evaluation of the mobile phone Operating System and the middleware. SESIP Protection Profiles created for these components can cover all security aspects related to EUDI Wallet lifecycle management, management of the user data, key security features, product updates and others. This Protection Profile will be a composition with the WCD certification.
Wallet Driving Application (WDA)
A SESIP Protection Profile could be used to support the Wallet Driving Application in demonstrating compliance of the applet with the intended use cases, and leveraging the reuse of evaluation results.
Security levels to establish trust across EUDI
The scope of use cases for EUDI Wallet is ambitious. It needs to support a wide range of services, whilst storing and managing sensitive personal data. To ensure this is delivered with trust across the EU, testing and certification processes must be established for the various hardware and software components of a mobile phone.
The SESIP methodology can address this complexity, enabling the reuse of certifications for individual parts, to allow a certification by composition approach. This will simplify the certification process and bypass the need for individual testing and evaluation of previously certified parts. SESIP maps to the functional security requirements of existing schemes, to provide a more holistic view of the security of an entire solution or device, rather than just those that relate to individual parts.
Through SESIP, its certification processes and experience in developing standardized secure technologies, GlobalPlatform can help decision makers meet the security challenges of the ambitious EUDI Wallet project, and give options to regulators. Find out about how each of GlobalPlatform’s offerings can support EUDI in this white paper.
TECH5 is a Gold Sponsor of Identity Week Amsterdam 2023, which takes place on 13-14 June at the RAI, Amsterdam.
Q&A provided by TECH5 with Co-founder and CTO, Rahul Parthe.
TECH5 is a team which combines 300+ years of experience in biometric and secure credentialing programs design and execution, including research and development of biometric algorithms.
All our technologies across three biometric modalities – face, fingerprint, and iris – are developed in-house with traditional and, most recently, based on AI/ML approaches. TECH5’s fingerprint and iris matching algorithms are among the fastest in the world, according to the latest NIST evaluation reports. These algorithms result from years of research and new approaches in building algorithms. For example, the new fingerprint matching algorithm submitted by TECH5 to NIST PFT III, rated one of the fastest and rated l as one of the most accurate in the world, is based on a combination of AI (Artificial Intelligence)/Machine Learning and proven traditional approaches. This combination allows for higher matching speed and improved accuracy of the technology, which results in a reduced server hardware footprint and lower total cost of ownership (TCO). TECH5 also leverages its relationship with customers and academia (CITeR) to further enrich its domain knowledge and databases for training and testing.
TECH5 target markets include both Government and Private sectors. What use cases in the private and public sector have you delivered recently?
Some of the latest use cases include implementation of identification and verification, as well as Digital ID technologies for elections, physical and electronic permits, national ID, foreign resident ID, student ID, eKYC and digital onboarding, and more. For now, we cannot mention the countries and the customers for many of them, as we are yet to make public announcements, but Identity Week will be the first media to receive our press releases once we are ready to publish.
How do you ensure interoperability for example with government systems and data privacy?
TECH5 is a technology provider and not a service provider. We build state of the art biometric platforms that are used in government and private sectors and are part of their end-to-end solutions, which are responsible for data privacy and security. Data exchange between with our platforms and storage is done via open standard protocols and data formats. Data is always stored, maintained, and processed on the customer’s side and not on our side. In digital ID solutions, we enable our partners/customers to implement privacy and security by using biometrics for authentication purposes and some innovative means of using biometrics to act as cryptographic keys.
How can we combat inherent bias in biometric technologies?
We are talking here principally of facial recognition. Bias in biometrics is often a product of training data. In the past, less-than-heterogeneous datasets have resulted in the same sorts of bias, for example on racial lines, as afflict humans when recognising other people. That is to say that algorithms trained on homogeneous datasets can become efficient at matching faces that correspond to their training data but are less so when dealing with data that does not correspond to that on which they were trained. This is similar to how we humans are better at recognising faces within our own racial or other groups (for example age).
The way to overcome this is to train algorithms on as wide a range of input data as possible. However, this has led to some providers training their algorithms on publicly-available images scraped from the internet but which have not necessarily been sourced either ethically or with consent. The short answer, then, to overcoming the biases you refer to, is to ensure you train an algorithm on as wide a dataset as possible, but one which has been sourced through a consent-based process. TECH5 actively invests in acquiring consent-based datasets with wide demographic and ethnic distributions from commercial sources and also via academic participations.
In addition, we would always advise anyone designing a biometric program or process to ensure, where possible, that they use blended modalities where possible. For a national ID program, for example we would usually recommend a government consider implementing its project based on all three modalities of face, fingerprint and iris; potentially also adding other modalities such as voice.
What excites you about speaking at Identity Week Europe in June? What topics will be high on the agenda to discuss?
In our industry, today two main topics are high on the agenda – contactless fingerprint capture using mobile devices, and digital ID.
During my presentation, I will be talking about Decentralised Identity, latest trends, technologies, and their role in our future.
Is TECH5 innovating the future of biometrics and what do you hope to get from Identity Week?
TECH5 is an expert in the field of biometric technologies, innovating to realize the digital IDs of the future. We are innovating in biometrics and digital ID to address the current limitations when it comes to bridging digital divide, ease of use, privacy, security, and reducing total cost of ownership. Biometrics doesn’t exist in a vacuum, but is there to serve a purpose, which is all about identity. We believe that the future of biometrics is about Digital ID, when an identity is fully owned and managed by its holder and is biometrically verifiable and inclusive.
We are innovators at heart and are continuously investing in research and development of our core biometric technologies for face, fingerprint, and iris capture and matching, as well as biometric platforms based on these technologies, to provide the market e market globally with best-in-class products. We are also innovating in the field of making biometrics play a key role in digital identity by deriving cryptographic keys from biometrics, multifactor authentication in an offline manner, highly accurate but smaller footprint of biometric payload, revocable biometrics, and template protection.
Identity Week is a perfect event for innovators to meet to exchange ideas and inspire the industry with their work, learn from each other and partner to create new technology offerings that will disrupt the market. We are looking forward to speaking at the event, meeting new industry players, as well as old friends and partners, demonstrating our top-tier technologies and platforms at our stand, and launching our latest news.
Guest article provided by Marnix van den Bent, Datakeeper
Marnix van den Bent (Co-founder & CTO Datakeeper) shares his passion on digital identity wallets on Day 2 at Identity Week Europe 2023.
In today’s digital age, the real estate sector is undergoing a significant transformation fuelled by technological advancements and regulatory developments. One of the key innovations driving this change is the emergence of data wallets. Digital wallets, also known as personal data vaults or identity wallets, provide individuals with a secure and efficient way to manage and control their personal information. In this article, we will explore how data wallets are becoming increasingly prevalent in the real estate sector, revolutionizing traditional processes.
What are Digital Wallets?
Digital identity wallets, usually in the form of mobile apps, allow individuals to securely obtain, store and manage their personal data. These wallets employ advanced encryption techniques to safeguard sensitive information and provide users with insights in, and control over their personal data. By empowering individuals to manage their data, data wallets offer increased privacy and security in an increasingly data-driven world.
A good example of a data wallet is Datakeeper. With the Datakeeper app, consumers can quickly, easily and securely share personal data with companies. Datakeeper sends a pre-verified, minimised set of personal data after the consumer gives consent. Real estate professionals save time, reduce costs and, more importantly, rapidly provide clarity to consumers.
Increasing Prevalence of Data Wallets
The real estate sector has long grappled with legacy systems and manual procedures that increase the risk of errors and fraud. Know Your Customer (KYC) procedures can be labor-intensive, involving multiple parties and extensive documentation. In addition to that, data protection regulations such as GDPR forces to organizations to reconsider which kinds of personal information are strictly necessary for their processes. Data wallets present an opportunity to leapfrog traditional procedures and noncompliant data processing.
Leapfrogging into New Technologies
Rather than simply digitising existing processes, the real estate sector is actively embracing data wallets to revolutionise its operations. Data wallets enable opportunities to automate tasks all the way from simple identity verifications to entire mortgage applications. This leapfrogging approach not only improves efficiency but also enhances data accuracy and transparency in real estate transactions.
New Use Cases: KYC and Mortgages
Datakeeper already boosts the real estate sector for KYC procedures and mortgage applications. KYC procedures involve verifying the identities of buyers, sellers, and other parties involved in real estate transactions.
For example, this allows the identification of Ultimate Beneficial Owners. Similarly, the mortgage application process, which traditionally involves extensive paperwork, can be simplified and accelerated through the use of data wallets. Delays due to manual document checking is minimised.
In the last few months, AI (Artificial Intelligence) based technologies and products such as OpenAI’s ChatGPT and Google’s Bard have been hot topics across the media. AI, which has seen exponential development and growth over the last several decades, has recently reached a zenith in terms of hype and ubiquitous use that includes industry, science, medicine, education, and government to name a few. AI is being touted as the next technology that will revolutionize the world and has been compared to the technological innovations initiated with the rapid rise in internet companies during the dotcom boom, the advent of virtual and augmented reality, and the widespread adoption of cryptocurrencies and blockchain. Today, many experts believe that AI is set to be the next generational disruptor with some predicting its effect to be ground-breaking in several applications and fields that may even lead to the redundancy of entire professions.
We at TECH5 recognize that AI is an invaluable technology that can be used to great effect to optimize a wide range of activities, which in turn will speed progress, help professionals in their daily work as well as aid researchers like us to develop innovative technologies. However, AI can also be used with different levels of success, as more than just using some AI approach and standard methods for training may be required to achieve spectacular results.
Today, it is already clear that many technology companies claim that they are using AI in their products, and with Big Tech gearing up for a new AI arms race, more and more players will feel the need to sprinkle AI references into everything they do to appear relevant. Unfortunately, this will quickly lead to the devaluation of belonging to an AI league, blurring of positioning, and confusion in the market.
In this article, we will explore the real impact of AI on the biometric industry, as well as share our vision and explain how TECH5 has long been using AI and Machine Learning (ML) to develop best-in-class contactless capture and matching algorithms across various biometric modalities.
AI in Biometrics
The application of AI for the training of biometric algorithms is not new. The industry started using AI in the early 2000s, when researchers began developing algorithms for face recognition that incorporated ML techniques such as support vector machines (SVMs), allowing computers to learn and recognize faces with increasing accuracy. A decade later, the industry incorporated the use of deep learning-based neural networks for extracting information-rich features from faces. This move towards resource-intensive but accurate algorithms was mainly due to the availability of large-scale training datasets and compute devices such as Graphical Processing Units (GPUs). Following the success with face recognition, researchers started exploring the use of AI for fingerprint recognition – a much more niche domain.
Despite access to knowledge and open availability of neural network models, not all biometric algorithms available on the market perform at the same level. Optimal performance of a biometric algorithm is contingent upon the utilization of specialized domain knowledge for the creation of robust features, bias mitigation using appropriate training strategies, as well as ensuring viability for deployment. Therefore, when analysing any vendor’s technology, it is critical to consider technical aspects, such as matching speed and recognition accuracy that have been determined in international tests/evaluations, the size of biometric templates that can affect hardware footprint and total cost of ownership, along with the crucial but often underestimated legal aspect, that is, the collection of biometric data for training of neural networks.
In addition, it is crucial to ensure that biometric systems are developed and deployed ethically and transparently, with appropriate safeguards in place to protect individuals’ data given the ongoing concerns about the potential misuse of AI-based biometric technologies and data, as well as the privacy and security implications of collecting, storing, and analysing large amounts of sensitive personal information.
Data for Training
The ability of a neural network to learn and accurately match faces, fingerprints, irises, and other biometrics is made possible through training using large amounts of diverse and representative data for training. The origin of these data has been the subject of much scrutiny and at times controversy. In terms of face recognition, for example, the internet has a plethora of freely available sources of face images – like social networking sites, and other channels. As a result, some companies scrape these face images without any concern as to the legality of the use of the images, and certainly without any official consent from the owners.
In reaction to these practices, several countries are starting to create and implement new legislation to protect citizens’ biometric data and rights, and to provide guidelines for these data’s fair and legal use. Nevertheless, the fact remains that each company must develop its own ethical policies outlining how they choose to use images responsibly and obtain biometric data for training fairly and legally.
Why not Every Biometric Technology and Platform is Equally Accurate and Fast
There are three main factors that contribute to the speed and accuracy of biometric technologies.
First, obtaining consent-based biometric data for training is expensive, and there is minimal sharing of these data across industry and academia. The lack of access to these kind of data leads to the creation of unreliable and poor-performing algorithms which can be heavily biased towards certain genders, races, or ethnicities.
Second, the development of a high-performing algorithm that will be used in, for example, an Automatic Biometric Identification System (ABIS), and is capable of matching potentially billions of people with the same high speed and recognition accuracy requires a Research and Development team that has biometric domain knowledge and deep expertise in the design, development, and implementation of such a system. This kind of experience can only be gained through hands on creation of national-scale projects.
Lastly, the development of best biometric algorithms requires constant investment in research, testing, and improvements. There are several independent internationally recognised biometric testing laboratories and institutions, such as NIST (National Institute of Standards and Technology), BixeLab, iBeta, and others, where vendors can test their technologies to ensure quality and understand their position in the market.
Leading the Path of Innovation: AI-Based Biometric Technologies of TECH5
TECH5 is an international technology company founded by biometrics industry professionals who have played major roles in some of the world’s largest biometric projects, including the India Aadhaar project and Indonesia’s National ID. Our team combines 500+ years of experience in biometric and secure credentialing programs design and execution, including research, development, sales, and marketing expertise.
From its inception, the company has focused on developing disruptive biometric and digital ID offerings by applying AI and Machine Learning technologies. Our sustained investment in and single-minded dedication to developing biometric modalities capitalizing on AI brought TECH5’s technologies to the top of the NIST rankings and led us to create a suite of novel products and platforms addressing the digital ID management challenges of the 21st century.
For years, we have invested in AI-based technologies across three biometric modalities – face, fingerprint, and iris, with the goal of developing fully inclusive identification and authentication platforms with a zero-error rate. And we believe AI has a significant role to play in the biometric matching field, serving people and businesses globally in their daily needs, biometrically verifying individuals securely and accurately, providing access to data and services, and preventing fraud.
On the Frontier of AI
Algorithms
TECH5 is committed to ensuring its technologies are highly accurate, robust, and inclusive. Our IP-protected face, fingerprint, and iris matching algorithms are consistently ranked in the top tier in NIST testing, and one of the keys to our success is our innovative approach to data training: to achieve the best results, TECH5’s research team focuses on unique and novel amalgamation of AI/Machine Learning and specialized domain knowledge from traditional methods.
The new fingerprint matching algorithm, submitted by TECH5 to NIST PFT III1, is rated as the 2nd fastest and one of the most accurate technologies in the world. This algorithm is based on state-of-the-art AI/machine learning networks infused with fingerprint-specific domain knowledge.
This combination allows for higher matching speed and improved accuracy of the technology, which results in a reduced server hardware footprint and a lower total cost of ownership (TCO) for the entity deploying the platform of TECH5. The TECH5 fingerprint algorithm is 400% faster than the next-fastest algorithm in the report, has a 66% lower error rate, and requires only 50% of the memory resources due to the smaller template size.
The result of submitting our fingerprint matching algorithm to the NIST PFT III evaluation proves our claim that AI/NN (neural network) plays a pivotal role in all biometric modalities to make them robust.
Furthermore, TECH5 has developed an algorithm for fast and accurate contactless fingerprint capture that can be performed using a simple camera of a mobile device. The technology allows for accurate biometric acquisition by capturing a fingerprint(s) image(s) with a smartphone’s built-in camera, checking and enhancing the quality of the captured image(s), running a liveness check, and then packaging and sending the data for verification or registration, all within seconds. The process ensures that the data is taken from a real person and that the image(s) are of acceptable quality, suitable for use with legacy datasets, and comply with applicable standards and customer requirements. This proprietary and patent-pending contactless fingerprint capture technology, called T5-AirSnap Finger, incorporates Machine Learning and Computer Vision with novel image processing techniques to bridge the gap between contactless and contact-based fingerprint capture and recognition and eliminates the need for purpose-built devices for the capture of fingerprint biometric data.
The iris matching algorithm of TECH5, also a combination of AI and traditional approaches, shows the highest matching speed among all vendors participating in the NIST IREX 10 evaluation2.
Our face matching algorithm is also consistently ranked top tier in NIST evaluations. It was rankedsecond fastest in the world in NIST FRVT 1:1 and is among the most accurate for face recognition with face masks.
These technologies across all 3 biometric modalities – face, fingerprint, and iris – are used in the T5-OmniMatch ABIS matching platform for National ID-scale projects, as well as in every biometric platform within the T5-Digital ID offering, ensuring inclusion across the globe, and are available for certified partners of the company as part of the flagship capture, identification, and verification offerings.
Data
TECH5 is in a unique position because the company has legal access to depersonalized data for training of its algorithms through partners and projects where our technology is used, academia, and biometric data acquisition.
TECH5 continuously invests in millions of consent-based, depersonalized biometric images to train its AI-based algorithms. The company is obtaining the necessary rights for millions of images and is regularly training and benchmarking the algorithms using this data.
Access to supersized datasets and expertise of the team ensure that our technologies are not only highly accurate and robust but also inclusive. Furthermore, we believe that only the implementation of ethically trained algorithms can help to develop a transparent and secure biometric market.
Why TECH5 is Different and How it Benefits our Partners and Customers
TECH5 has capitalized on its expertise, knowledge, and access to data for training to develop all three core biometric algorithms based on AI and Machine learning. Not only has TECH5 been one of the first companies to use AI across the three biometric modalities but has also been a leader in combining AI and traditional approaches for training biometric algorithms, which has led to achieving the best results on the market in accordance with NIST testing.
One of TECH5’s goals as a company has been to create a greater understanding within the industry of biometric technologies and its benefits for the users. To that end, TECH5 regularly contributes its expertise and market knowledge as a member of different international organizations such as OIX (Open Identity Exchange), SIA (Secure Identity Alliance), Biometrics Institute, EAB (European Association for Biometrics), and others.
TECH5 works only with certified partners worldwide, which permits us to maintain control over the use of our technologies and contribute to the ethical use of biometrics.
Our high performing algorithms power all of TECH5’s biometric and digital ID platforms, ensuring the highest matching speed and accuracy and lowest hardware footprint among algorithms available on the market. The integration of TECH5’s technologies leads to significant optimization and lower total cost of ownership, which is critical for large-scale identity management projects.
The Future
In the coming years, AI is expected to continue to improve the accuracy, speed, and versatility of biometric systems. AI-based algorithms will be used increasingly more to enhance the analysis and interpretation of currently used biometric data as well as improve innovative biometric modalities such as behavioural biometrics, that are not yet widely used.
The AI-based approaches will also help develop new modalities that are not traditional and work in non-ideal conditions. For example, palm recognition works with low-resolution cameras as it does not require stringent capture requirements like traditional fingerprint algorithms. In addition, the rate of algorithm improvements will significantly increase in the areas where traditional algorithms take years compared to AI-based ones taking months. AI will also allow efficiently combining modalities to create robust and high-accuracy algorithms.
TECH5 will continue to lead the field in biometrics, constantly investing in research and improving our AI-based algorithms and adding new technologies to our portfolio, providing our partners and customers globally with the best-in-class biometric matching and digital ID technologies and platforms.
Our ultimate goal in developing AI-based algorithms is to achieve race-to-zero-error across all our biometric modalities. These platforms will ensure that biometric authentication becomes foolproof, preventing anyone from impersonating another person or gaining unauthorized access.
How BNP Paribas bank saved $778 000 thanks to code-less MFA implementation
BNP Paribas is the European Union’s leading bank and a key player in international banking. It operates in 68 countries and has more than 190,000 employees, including nearly 145,000 in Europe. BNP Paribas has +200 years of history in banking, with mergers and acquisitions playing an essential role in the company’s strategy. Up till 2022, BNP Paribas has made 10 acquisitions and 182 investments, spending over $ 1.99B on the acquisitions.
Challenge
The pandemic brought new cybersecurity challenges to the BNP Paribas group. The organization wanted to create a high level of cybersecurity for all users and all devices across the entire organization and regardless of the localization.
One of the most important elements to achieving this goal was introducing Multi-Factor Authentication (MFA) globally. MFA is named by the US National Institute of Standards and Technology (NIST) as one of the crucial ways to secure critical systems within the organization. While being one of the best ways to protect from cyber attacks, MFA is, at the same time, really hard to implement since, in a traditional approach, each application needs to be redesigned one by one.
BNP Paribas group is an organization built from numerous mergers. The bank owns +160 critical systems, many of which are legacy systems and +70 with direct internet access. The bank was looking for a new way to introduce MFA globally, without touching protected applications code, and with an option to leverage MFA methods that were already in use.
Results
Fast and large-scale implementation
The result exceeded expectations. Ultimately, due to streamlined MFA deployment, BNP Paribas decided to add MFA to 43% more applications than was initially planned, including legacy applications. The bank was able to leverage all existing MFA methods and add new, alternative MFA methods to its user access security portfolio. The engagement of IT specialists was reduced by 82% compared to the traditional MFA implementation approach.
Reducing the specialist’s engagement lowered the total costs of the deployment by 87%, resulting in $778 000 in savings. The whole project was executed without the necessity of hiring any software developers.
Summary
Thanks to introducing the Secfense broker BNP Paribas achieved the following goals:
43% MFA added to 43% more apps than initially planned
82% reduced IT specialist’s engagement
$778 000 savings compared to the traditional MFA implementation approach
100% Leveraged all currently used MFA methods
100% Reduced software developer engagement
87% Reduced the cost of implementation
Case study summary / recap:
BNP Paribas is the EU’s leading bank. It operates in 68 countries and has +190,000 employees. BNP Paribas has +200 years of history in banking, with mergers and acquisitions playing an essential role in the company’s strategy. The bank owns +160 critical systems, many of which are legacy systems and +70 with direct internet access. The bank wanted to introduce MFA globally, without touching protected applications code, and with an option to leverage existing MFA.
Over the past decades, the development of the Internet and social networks, in particular, have led generations of people to metamorphoses. The ease of finding and obtaining any information, as well as the opportunity to share it (and sometimes an obsessive desire) unwittingly formed the culture of disregard for confidentiality.
At the same time, there are still many situations where it is necessary to keep information confidential, such as in business, government, and personal relationships, but it is becoming increasingly difficult to protect. And I’m not talking about ways to control unauthorized access to this information. I am talking about the preservation of confidential information by those to whom this information has been entrusted, although sometimes it can be controversial and raise issues around freedom of speech and the freedom of the press.
Back in the 18th century, Benjamin Franklin said: “Three can keep a secret if two of them are dead.” However, neither in those days nor today, humanity has found an effective way of communication without the need to entrust secrets to at least someone. Let a limited circle of people, but someone still needs to know them.
The effective way to protect confidential information is a combination of technology, policy, and education to create a culture of confidentiality and security that can adapt to changing technologies and social norms.
If you ask most cybersecurity experts a question on the topic of ways and technologies to protect confidential documents from leakage, then most of the answers will focus on the means of protection that somehow control or restrict unauthorized access to these documents. However, according to statistics, 3/4 of all leaks are not hacking – this is a leak by those who had authorized access to documents. That is, access control tools do not work here. The only way to force those who have been entrusted with documents to comply with their non-disclosure obligations is to ensure a guaranteed determination of the culprit of the leak. Only the inevitability of disclosure and an understanding of responsibility can ensure compliance with the security requirement and radically reduce intentional leaks.
Thus, it becomes obvious that in these cases we have to talk about detective solutions, which can be divided into two non-interchangeable principal approaches. The first is the classification of document files and the addition of metadata to files containing information about who this file belonged to when it was merged. But the metadata disappears as soon as the document ceases to be a file and becomes an image on the screen or a paper document. The screen can be photographed, a paper document can be copied. Therefore, a second approach becomes necessary – the marking of documents should be used. It can be visible, in the form of static or dynamic watermarks, or more resistant to removal and more user-friendly – invisible Anti-Leaks marks based on a steganographic approach to labeling.
You can easily find information about specific vendors of these solutions on the Internet, or by contacting multi-vendor system integrators. Each of the security systems has its strengths, but it’s important to note that these technologies are just tools and require specialized knowledge and expertise to use effectively. Additionally, unmasking anonymous leakers can be controversial and raise issues around privacy and freedom of speech, so it’s important to carefully consider the potential consequences before taking any action.
Guest article provided by Jeanne Le Garrec, BasisTech
Everyone who has ever had to assess or verify another human being’s identity knows the struggle. The stress of missing a name that appears on a watchlist. The time wasted investigating false positives. The complexity and frustration of parsing foreign names, often in foreign scripts.
Currently, banks, fintechs, insurance companies, law enforcement agencies, and other institutions dealing in high-stakes identity verification use three methods to determine who’s who: fingerprints, facial recognition, and name screening.
Issues have arisen with the first two methods.
Fingerprints can change over time. Facial recognition is a reliable method of identity verification, but it can be costly and perceived as intrusive.
That leaves name screening.
Name screening is both an effective and cost-effective method of identity verification. But not all name screening technologies are created equal. If you plan to implement or upgrade your organization’s name screening technology, make sure you invest in software that:
1. Uses AI for fuzzy matching
Fuzzy logic is a computing approach that improves upon Boolean processes by considering degrees of truth. In name screening, fuzzy logic is most commonly used to account for typos, transpositions, and other name differences and errors. It identifies similar but non-identical pieces of text appearing in separate records. It then ranks the likelihood of these similar pieces of text being a match.
This capability is important to name screening for a variety of reasons. Perhaps the most important of these is the different name components and name orders used in different datasets. A person’s name may be recorded using a first and last name (“Harold Jones”); a first, middle, and last name, (“Harold Andrew Jones”); a first name, middle initial and last name, (“Harold A. Jones”). Any one of these scenarios can be reversed by placing the last name first: “Jones, Harold Andrew” and so on. Boolean processes typically don’t consider disordered names a match — fuzzy matching does.
2. Tunes easily The identity verification field is always evolving. Criminals get smarter, new regulations are implemented to combat criminal activity, and organizations debut new processes to comply with those regulations. You need a name-screening solution that easily adapts to a changing environment. Your name screening solution should be capable of being tuned and updated easily, without significant time investment or production disruption.
3. Provides explainable scores Every organization and screening officer is accountable for the choices they make. Why did you permit this bank customer to onboard? Why did you allow that traveler to enter the county? Sometimes, regulators and others will want to know how the name-screening system scored the match as it did, and which AI models were used in the scoring process. Because of this, you should consider investing in a name screening system that offers “explainable AI.” Explainable AI is a set of methods and processes that enables users to better understand what AI is doing, on what data it’s basing its decisions, and how it calculated match scores.
4. Empowers you to adjust scoring parameters Understanding your name screening software’s scoring system will help you better understand why two names have been deemed a “match” or a “mismatch.” Unhappy with the decisions your system has made? The best name screening technologies allow you to track the “matches” that you would consider a mismatch, track the “mismatches” you would consider a match, and adjust scoring parameters accordingly.
5. Allows for benchmarking and testing You need the ability to benchmark and test your name screening solution in a specific sandbox, or with an independent sandbox provider. If a software provider will not allow you to test name screening software independently, consider it a red flag. Your solution should be tested before implementation, and whenever significant tuning or parameter adjustments have taken place.
Identity verification is inherently complicated, but the right name screening technology can ease the process. If you need to implement or improve name screening technology, make sure to take into account the criteria discussed above. To learn more, visit Rosette.com.
First published on Totaltele.com. Editor: Harry Baldock
Reports suggest the company won a tender to sell spyware to state-run telecoms operator Myanmar Posts and Telecommunications (MPT) just one month before the military overthrew the Burmese government.
Israeli software firm Cognyte is coming under scrutiny this week following media reports that the company’s surveillance technology may have been used to commit human rights abuses in Myanmar.
Documents shared by activist group Justice for Myanmar show a January 2021 letter from MPT to the Burmese regulator referencing Cognyte as the winning vendor for an intercept technology tender.
The documents show that the purchase order was issued “by 30th Dec 2020” – a little over a month before a military junta overthrew Myanmar’s civilian government.
Eitay Mack, an Israeli human rights lawyer, has reportedly sent a letter to the Israeli Attorney General calling for a criminal investigation into Cognyte and the nation’s defence and foreign ministries, accusing them of aiding the Burmese military to commit crimes against humanity.
The letter claims that Cognyte “should have known” they were providing technology that would be used to commit crimes against humanity, noting that the Burmese military had already openly rejected the results of the November 2020 democratic election when the contract was signed.
But beyond the moral implications of selling surveillance technology to repressive regimes, there is also a legal element at play here.
Back in 2016, the Myanmar military became infamous for their genocidal oppression of the Muslim Rohingya people, killing thousands and forcing hundreds of thousands more to flee to neighbouring countries. In response, various nations placed sanctions on Myanmar, with the US and the EU both ceasing to supply the Myanmar government with military equipment.
Israel, however, continued to export weapons and equipment to the Burmese government until 2018, only stopping when media pressure grew too intense.
As such, Mack argues that any 2020 deal between Cognyte to sell this equipment to MPT was illegal, with intercept spyware tech classified as defence equipment under Israeli law.
It is currently unclear whether the spyware technology has been actively deployed by MPT, though anonymous sources speaking to Reuters confirmed that the technology was tested by the operator. Other sources also confirmed that some form of intercept spyware was used by the operator, though Cognyte was not referenced specifically.
Cognyte and MPT have refused to comment on the matter.
