Face Liveness Detection in Biometrics

Anti-Spoofing Presentation Attack Detection (PAD)

BioID is a pioneer and the leading player in software-based face liveness detection in biometrics. Our algorithms combine artificial intelligence deep neural networks with handcrafted feature analysis using more than 20 years of experience. Our first patent for PAD was issued in 2004. The proprietary liveness API distinguishes images or motion mimicked by photos and videos from real faces. In addition, BioID’s liveness detection for face recognition blocks masks, avatars and other sophisticated spoofing attempts like deepfakes. For this, we don’t need video streams or special sensors such as a 3D camera. Instead, we simply analyze two selfies taken by any standard camera. This makes BioID liveness detection flexible and easy to integrate for any web-based or mobile application.

How BioID face liveness detection works:

  • We capture two face images with any standard camera and check for changes and natural motion. A 3D face moves differently than a 2D photo, and our sophisticated motion-analysis algorithms detect this difference.
  • Artificial Intelligence (AI) is leveraged through powerful DCNNs (deep convolutional neural networks) and enables us to detect presentation attacks like 3D masks, video replays, projections, etc.
  • We detect video replays and other copies like avatars or deepfakes with a special texture-based algorithm. It knows when a recaptured version of a person is presented instead of a real person.
  • Optionally, we can guide the user to turn their head in a certain, randomized direction and verify that the head was turned in the specified way (challenge-response liveness check).

Compliant Face Liveness Detection - Tested by TÜViT

BioID’s Liveness Detection is compliant with ISO/IEC 30107 for level 1 and 2 attacks. This has been confirmed by two independent FIDO accredited biometric testing laboratories:

  • Liveness Detection was successfully audited by TÜV Informationstechnik GmbH (TÜViT) in Germany against criteria based on FIDO Biometric Certification Requirements v1.1 and ISO/IEC 30107-3:2017. The applied criteria are considered to be stricter than FIDO1.1 and ISO/IEC 30107-3 by TÜViT. TÜViT is an accredited biometric testing laboratory, experienced with regulated third party testing and FIDO certifications.
  • FIDO biometric component certification was achieved through a BioID partner solution in France. The certified KYC identity verification relies on BioID Liveness Detection for fraud prevention. During the FIDO certification process, BioID PAD performance was successfully tested by the accredited laboratories ELITT/Leti according to the standards ISO 19795 and ISO/IEC 30107.

With increasing identity fraud each day, service providers need to ensure that their applications cannot be compromised. At the same time, COVID-19 has stimulated digitization and moved processes online. Thus, liveness detection in biometrics is required to prevent fraud during unsupervised online transactions. BioID’s liveness detection software averts spoofing attempts from replay attacks, masks, and other material. The ISO compliant technology checks the legitimate user’s presence using any standard camera. This way, BioID’s presentation attack detection (PAD) powers eKYC onboarding, online login and banking transactions in Germany, Europe and worldwide. 

Certified Liveness Detection for Face Recognition
Presentation Attack Detection PAD powered by BioID

BioID Anti-Spoofing Algorithms for Biometrics

We want our BioID Web Service (BWS) to generate the same trust as a face-to-face interaction. Therefore, we have developed the best liveness detection mechanism for anti-spoofing. It makes sure the submitted recordings were indeed taken from a live person in front of the camera. In real-time, BioID’s APIs substantially raise the assurance level of online transactions. With one of the world’s most powerful and complete biometric anti-spoofing algorithms our customers reliably prevent identity theft.

The latest mechanism for presentation attack detection (PAD) prevents forgery through replay attacks like videos, recorded deep fakes or avatars. It is based on texture detection and artificial intelligence (AI). Traditionally, image-processing algorithms analyze the texture to differentiate between skin and paper. BioID has modified this traditional approach. This way, the texture of a recaptured image, a video, a projection or other fake attempts are now detected for reliable biometric anti-spoofing. Through this liveness check, even remote-controlled 3D avatars, deep fakes or 3D masks cannot overcome the PAD.

BioID has added another patent to its comprehensive face liveness detection. It is based on optical flow algorithms and detects movement between two or more pictures. A 3D face moves differently from a 2D photo, which our technology can distinguish. The capture of the second photo can be triggered with sensitive BioID motion detection, so that an attacker cannot simply present two slightly different photos; the second image would be captured before the attacker’s second photo was in place. This has proven to be an excellent way to detect and block fraud, and is one of the methods BioID uses in its “fake defender”.

BioID also offers an optional challenge-response technique for biometrics. The basic idea behind it is that the system challenges the user with random instructions. The response is checked to validate whether the instructions where followed. In our BioID Web Service (BWS), we can challenge the user to turn his head and analyse the head movement direction with certain biometric algorithms. Such a liveness check can be repeated as many times as your security level requires. One could e. g. ask the user to move three times in arbitrary directions, and it is very unlikely then that an attacker has a video or deep fake recording which shows exactly those three random head movements in the correct order. The more challenges you use, the higher the security level through this liveness check for face recognition.

Finally, the use of BioID’s multimodal biometrics generates even higher levels of security and combats replay attacks. More than one biometric trait is captured simultaneously; for instance, BioID offers face recognition as well as eye/periocular which can be combined flexibly, depending on the situation and the desired security level. It is much harder for an attacker to successfully fake multiple biometrics, especially when they must be presented at the same time. Additionally, it is more convenient for the user to choose from different biometric traits when authenticating. E.g. you can choose to perform periocular recognition only, if you’re wearing a medical mask. This is especially relevant since the global pandemic has brought face masks into everyday life.

Our in-house research and development team in Germany always keeps the comprehensive anti spoofing up-to-date for delivering the best liveness detection technology. This way BioID can distinguish live faces from photos, videos, masks and other attacks on various materials with high levels of accuracy. We secure authentication, identity verification and remote onboarding processes worldwide with our liveness detection.

Liveness Detection for Face Recognition - Other Anti-Spoofing

There are various other ways of trying to detect presentation attacks in biometrics. Hardware-dependent techniques use 3D cameras to look for depth information from a 3D face, or infrared cameras to detect thermal information. However, both require special equipment and so are not compatible with most webcams and mobile phone cameras available today. Instead, BioID liveness detection for face recognition works camera independently.

Besides BioID’s challenge-response patent from 2004, one of the first solutions on the market was eye blinking detection, measuring intrinsic face movement. This seems reasonable; after all, a photo cannot blink. Or can it? An attacker can simply take a photo, cut out holes for the eyes, hold it in front of their face and blink. If done carefully this can fool many blink detection systems. A video of the person blinking would also work. Additionally, these systems are inconvenient for users as they take a comparably long time for the liveness detection. A similar technique prompts the user to smile for verifying their presence. Some mechanisms look for pupil dilation, for instance by making the screen dark and then suddenly bright. This can successfully detect fakes but is also vulnerable to a photo with eye holes, or to a well-timed video.

Thus, ideally, a combination of techniques is the most reasonable approach in order to cope with different attack scenarios. Today, BioID combines traditional approaches from more than 20 years of experience with the latest artificial intelligence deep convolutional neural networks (DCNNs).

Best Liveness Detection Made in Germany by BioID

Frequently Asked Questions for Liveness Detection

What is Liveness Detection?

Liveness detection distinguishes live persons from presentation attacks such as photos, videos or masks. The scientific term is presentation attack detection, which refers to fraud prevention for biometrics in general, whereas liveness detection is specifically used for face recognition. The most applicable liveness detection algorithms are hardware independent and require only little user cooperation for optimal user experience.

Why Liveness Detection?

Liveness Detection is needed to secure biometric authentication systems from fraud. For instance, a fraudster could use a photo, video or mask to attack a facial recognition algorithm and get unauthorized access to accounts or data. Thus, fraud prevention is the main reason why liveness detection is required for a secure facial authentication application.

How does Liveness Detection work?

Liveness detection algorithms analyse images or videos and decide whether they come from a live person or a fake. Methods used are motion and/or texture analysis as well as artificial intelligence (AI). To cope with various presentation attacks, the most promising liveness detection combines these technologies. In addition to software-based solutions, special hardware like 3D cameras can be used for presentation attack detection. If you are interested in how certification of liveness detection works please read our article on PAD evaluation.

Liveness Verification or Detection? Is there any difference?

Liveness Verification, also known as Liveness Detection, can distinguish live persons from presentation attacks such as photos, videos, or masks. It is required for secure biometric authentication or identity verification to protect the biometric system from fraud and detect spoofing. Both terms can be used equally for presentation attack detection.

BioID makes its face liveness detection available for free testing. Go to our developer documentation for information on our APIs. Test our demos at the BioID Playground and request a free trial for integration. Our GitHub provides you with sample code for liveness detection.