What is spoofing? Is it really a problem?
Spoofing is an attack at the sensor level in which a biometric sample is replaced by an imposter’s sample. Susceptibility of biometric scanners to spoof attacks is a well-documented problem.
How does the NexID technology determine if an image is live or a spoof?
NexID Liveness Detection technology exploits the differences between images of live and spoof fingerprints. These differences are identified by extracting features from fingerprint images that are each unique to live and spoof biometrics.
What modalities are supported?
Currently, our technology applies only to the fingerprint modality with the release of our Fingerprint Liveness SDK. We continue to research liveness detection technologies for other modalities, and intend to bring those technologies to market in the future.
What sensor technologies are supported by the NexID Fingerprint Liveness SDK?
Our liveness detection technology utilizes only the image collected to make its determination of liveness. As such, the technology is applicable to ANY fingerprint scanning technology. It should be noted, however, that the effectiveness of our solution may vary depending upon the underlying scanner technology.
Capacitive scanners can’t be spoofed, right?
Wrong! This is a common myth. Capacitive scanners can be fooled just as easily as other types of scanners; it simply requires one to use inherently conductive spoof materials such as gelatin, glycerin or wood glue, or to add conductive “filler” (e.g., graphite) to non-conductive spoofing materials such as silicone or paint. Our spoof lab has experience with spoofing all types of sensors, including both passive and active capacitance based scanners.
How does NexID stay ahead of subversive spoofing techniques, and incorporate countermeasures in its liveness detection technology?
Similar to countermeasure providers in the malware and antivirus industry, we continuously attempt to recognize new and emerging spoofing tactics, and also anticipate possible future spoofing approaches. To do so, we maintain an in-house spoof lab for conducting experiments and analyses of numerous materials and devices. Moreover, we work with West Virginia University, Clarkson University, and the Center for Identification and Technology Research (CITeR), to leverage their research in liveness detection.
Are there national/international standards for liveness detection? Does the NexID technology comply with them?
No industry standards currently exist for liveness detection, but there are liveness detection standards currently under development. The most extensive standards effort for liveness detection is being conducted by the ISO/IEC Working Draft 30107. NexID currently participates in the development of this proposed standard.
Why does each fingerprint scanning device need to be individually trained with the NexID Fingerprint Liveness SDK?
Every fingerprint scanner works differently. The NexID technology is sensitive to these differences and therefore must be “tuned” differently for each scanner.
What is the process for using the NexID Fingerprint Liveness SDK?
It’s as easy as one, two three:
- Image Collection – Both live and spoof images are collected, with live images collected via the target scanning device. Don’t want to collect images, we can help!
- Run our Software – Once images have been collected, they can be imported into our software utility where a liveness classifier can be created.
- Integration of Code – Lastly, integrate it! The NexID SDK provides a Sample Application that can be used as a basis for integrating the previously created liveness classifier.
How many images need to be collected?
To provide significant variability in the data, it is important to use a large set of data. This in turn leads to a trained system with broad applicability. In general, we recommend a minimum of 5,000 live images and 5,000 spoof images for training. Of course, larger datasets generally result in better performance and broader applicability.
What operating systems or platforms are supported by the NexID Fingerprint Liveness SDK? Can it be deployed as an embedded application?
The NexID Fingerprint Liveness SDK is currently compatible with the Windows platform on x86 and x64 architectures. If you have questions regarding use of the NexID Liveness Detection technology on another platform or an embedded system, please contact us at firstname.lastname@example.org.
What amount of processing time is introduced by integrating the NexID Fingerprint Liveness technology?
The answer to this question will vary depending on several factors, including but not limited to the specific device/scanning technology, the operating system that is controlling the device, and the Fingerprint Liveness configuration. However, in general our customers have experienced processing times for the liveness function to be in the range of 100 to 200ms.
In addition to the Fingerprint Liveness SDK, do you provide any professional services to assist your customers in integrating or otherwise utilizing the NexID technology?
We do offer professional services to assist customers with any and all aspects of the process for integrating NexID technology with their individual scanning devices, including image collection, spoof creation, image masking, feature extraction, and training/testing. Moreover, we offer a Biometric Spoof Analysis service, in which we test scanning devices against a wide variety of spoof materials/recipes to identify liveness detection vulnerabilities. For more information, please see [Products/Services>Pro Services] or contact us at email@example.com.
How much does the NexID Fingerprint Liveness SDK cost?
NexID provides the Fingerprint Liveness SDK free of charge to facilitate “in-house” integration of liveness detection by our customers. Should you desire our assistance in those development efforts, we are able to quote professional services for image collection, spoof creation, feature extraction ‘tuning’, classifier training and testing, and code development. The cost for distributing the NexID technology is also quoted separately. Please contact us at firstname.lastname@example.org for further details or a quote.