Ingenium Biometrics partners with Kent researchers to expand into the age estimation market

The University and Ingenium Biometrics have secured funding from Innovate UK to collaborate on a 2-year Knowledge Transfer Partnership which will support Ingenium Biometrics’ expansion into the age estimation market.

The KTP will be supported by academics in the Division of Computing, Engineering and Mathematical Sciences, with the aim of developing a system and robust methodology for testing the accuracy of facial age estimation software.

The collaboration will support Ingenium to expand into age estimation market where there is growing demand for technology which can accurately estimate the age of customers without the need for ID verification. With applications in a wide range of industries, including gaming and dating, age estimation software has the potential to reduce customer friction whilst improving outcomes for everyone.

The £232k project will be supported by two esteemed biometrics experts based at the University of Kent. Professor Richard Guest is a member of the UK Government’s Biometric and Forensic Ethics Committee and has had significant involvement with biometrics standards development. He will be supporting the project alongside Professor Gareth Howells who has been involved in research relating to security, biometrics and pattern classification techniques for over 25 years.

The academic team will work with a skilled graduate hired especially to deliver the project and embed their knowledge and expertise within the company. In particular, the project will benefit from the academics’ experience in the design and evaluation of biometrics systems, the definition and use of biometric standards and ethical considerations relating to the use of biometric data.

Commenting on the partnership, Professor Richard Guest said, ‘We’re delighted to be working with Ingenium on this KTP. The use of automated age estimation is expected to grow exponentially over the coming years so it’s absolutely vital that the performance of these systems are understood.’

Knowledge Transfer Partnerships, funded by Innovate UK, help businesses to improve their competitiveness and productivity through the better use of knowledge, technology and skills that reside within the UK knowledge base. With over 36 years of experience in delivering KTPs and a 100% application success rate, we are perfectly-positioned to help your business tap into this fantastic opportunity to innovate and grow. Visit our Knowledge Transfer Partnerships at Kent site to find out more.

Biometrics testing and market building presage broader technology adoption

Gains in biometric accuracy and new developments in digital wallets were major themes of the week among the most-read stories on Biometric Update. Performance improvements are seen in the latest edition of the world’s leading facial recognition benchmark from Idemia and other developers, while the OpenWallet Foundation introduced an engine for digital wallet-builders. On the market side, Fingerprint Cards’ CEO sees gains ahead in several different growth areas, and a tent-pole client of Yoti is expanding its implementation of facial age verification.

Top biometrics news of the week

The latest edition of the NIST FRVT 1:N evaluation shows further incremental gains in enrollment performance and biometric accuracy. The various categories representing different facial recognition applications were topped by Idemia, Cloudwalk, Sensetime and NEC, with Paravision also appearing near the top of several.

Biometric security for payments, door locks and PCs each represent massive opportunities that Fingerprint Cards CEO Ted Hansson tells Biometric Update in an interview he has been focussing on since taking the role late last year. Even mobile can be a growth market for the company, he says, between its new under-display technology and an extensive network of strong partners.

The OpenWallet Foundation says digital wallets could play a role for identity in online environments analogous to the one web browsers have traditionally played, in terms of importance and ubiquity, during the launch of its engine for wallet-builders. Representatives of Visa, Accenture, OIX and a Huawei subsidiary and other leading organizations presented the vision, and called for developers to participate in it.

In payments, an OWF report quotes a Worldpay estimate that digital wallets were used in nearly $16 trillion-worth of transactions in 2021. The white paper makes the pitch for open-source digital wallets, just as the Mobey Forum launched a working group for digital wallets to help banks find their role in the ecosystem.

Australia’s federal, state and territory governments have agreed on a deal to have digital credentials recognized across the country, with legislation on a new digital identity scheme expected later this year. A government watchdog warns that the country’s digital identity system is at significant risk of security breaches, meanwhile.

The digital identity market will generate $53 billion a year for vendors by 2026, according to a recent forecast, as the use of digital ID apps soars. Juniper Research also says digital wallets, by combining identity and payment functions, are the one threat to their dominance.

Responses to the Blair Institute’s call for a government-backed decentralized digital ID were varied in several ways. Emailed comments from iProov CEO and Co-founder Andrew Bud calling for open standards, and from OIX Chief Strategist Nick Mothershaw calling for cooperation with the private sector on digital ID, stand out.

The plan for Kenya’s new national ID system is becoming clearer, with information revealed about how government databases will interact, as the Ruto administration seeks to differentiate it from Huduma Namba. A central population register and digital access to all government services is in; cards are out.

Funding for the previous administration’s national ID program has been slashed by 84 percent, meanwhile.

Instagram is expanding its use of facial age estimation from Yoti to new countries on four continents as an alternative for users to sharing an ID document if they change their age. The partners say the arrangement protects user privacy while also protecting children from potentially harmful content.

Sweden’s plans for its term with the EU Presidency include reducing security risks through its digital policies and warns of potentially contentious negotiations around the AI Act. Criminal threats are evolving, and the scope of digital identity proposals has changed, the discussion paper says.

Easily accessible deepfake tools are making what would once have been considered sophisticated fraud attempts easy for people, it seems. Tools to detect these attempts exist, such as those from ID R&D and Nuance, but are only part of the answer, even where they are deployed. As Ingenium Biometric Laboratories commented on LinkedIn, the “step-change in the capability of voice deep fakes and makes the importance of being able to catch such presentation attacks ever-more apparent.” Systems need to have mitigated measures, and those need to be tested.

Ingenium Director and Co-founder Chris Allgrove will be part of a panel moderated by Biometric Update’s Chris Burt and discussing the threat deepfakes pose to biometric systems, as part of the online Biometric Summit 2023 on March 23.

Please let us know about any articles or other content we should share with the people in biometrics and the digital identity community in the comments below, or through social media.

Biometric recognition tests can’t be used for all use cases

Trust being essential to the algorithmic identification industry, it bears noting that having tests for, say, performance is not enough by itself to create durable confidence in code among regulators, competitors, insurers and buyers.

Judging by the reaction of people attending an Open Identity Exchange discussion this week, testing biometric recognition as a topic could be popular. The end of the session was swamped with (largely inaudible online) questions.

Outlining issues that may need more thought in the industry was Chris Allgrove, a director and co-founder of biometric ID services firm Ingenium Biometrics. Allgrove’s message was pretty simple. Successful manufacturers do not treat testing as a formality or a Band-Aid, and buyers should not take results at face value.

He made a lengthy presentation, but the meat of this matter begins at about 24 minutes in the webinar based on Allgrove’s remarks.

A test standard, or scheme, describes the way a biometric evaluation will be performed, explained Allgrove, whose company performs test services. Examples he called out were the FIDO Alliance biometric component certification scheme, Android compatibility definition document and Common Criteria biometrics evaluations.

But not all tests, even in a subsector of code, are equally valid for all purposes.

“You can’t re-apply test results willy-nilly,” he said. “That is quite a dangerous thing.”

A test designed to assess the performance of a piece of code evaluating a narrow use case like a fingerprint scan will not apply broadly.

“Fair and sensible comparisons are needed,” said Allgrove.

Not just the future of a product or company is at stake, he said. Few industries in history have depended on an unshakable trust the way AI-backed biometrics does. The same goes for the digital identities that rely on biometrics.

Fujitsu biometric self enrolment kiosks piloted for presentation attack detection

The Home Office in the United Kingdom will be running an unsupervised self-service kiosk trial in the UK relying on biometric technologies by Fujitsu, which won a tender first published last year.

The trial, which will last for a minimum of three-month, cost the government up to £500,000 (US$607,475). It will see the deployment of kiosks capable of securely enrolling face and fingerprint biometrics and biographics from customers without staff assistance.

“The Home Office’s ambition is that all visitors and migrants will provide their biometric facial images and fingerprints under a single global immigration system ahead of travel to the UK, utilizing remote self-enrolment for those who are not required to apply for a visa as part of an ecosystem of enrolment options,” reads the heavily redacted tender.

The UK government also confirmed it ran separate ‘Biometrics Self-Enrolment Feasibility Trials’ from 29 November to 22 December 2021.
“This trial will be the next stage of testing for self-service kiosks to understand how they perform in the operational setting when there is no staff supervision,” explains the tender.

“In the future, the Home Office envisages that self-service kiosks will be one of the enrolment options available as part of an ecosystem of options.”

In particular, Fujitsu will provide four biometric self-service kiosks as part of the trials. Three will be hosted in the Home Office biometrics enrolment location for the aforementioned purposes, while the fourth will be deployed at a presentation detection attack (PAD) testing facility operated by Ingenium Biometrics on the campus of the University of Kent.

The latter deployment aims at improving the resilience of Fujitsu’s biometric algorithms to prevent attempts to spoof the automatic kiosks.

Ingenium also provided PAD testing services for the 2021 trials, which the current deployment is a continuation of.

According to a report by the Mirror, the kiosks deployed as part of the new pilot use similar technology to that evaluated in a 2019 study by the University of Kent unrelated to the current Home Office trial. The paper, which is not linked in the Mirror article (but appears to be this one), describes gaze-based PAD.
“A gaze-based spoofing detection system has been extensively evaluated using data captured from volunteers performing genuine attempts (with and without wearing such tinted glasses) as well as spoofing attempts using various artefacts,” reads the paper.

“The results of the evaluations indicate that the presence of tinted glasses has a small impact on the accuracy of attack detection, thereby making the use of such gaze-based features possible for a wider range of applications.”

Fujitsu does not manufacture its own kiosks.

The biometric kiosks supplied by Fujitsu are expected to be delivered to the Home Office by 30 April 2023.

This post was updated at 10:14am Eastern on January 17, 2023 to include the role of Ingenium and clarify that the University of Kent paper is not related to the Home Office trial.

Ingenium rewrites CPNI Test Standard for biometric access control

A Test Standard for Biometrics in access control managed by the Center for the Protection of National Infrastructure (CPNI) has been completely rewritten by Ingenium Biometrics in a new release.

Ingenium Co-founder and Director Chris Allgrove tells Biometric Update in an email that the new version marks a fresh start for the standard, rather than a simple update.

“The previous version of the CPNI test standard was quite old (at least ten years old, plus a few edits over the years) and is not really fit for purpose any more,” Allgrove explains. “Also, CPNI has changed their approach to testing — in the past they funded it but now it is vendor-funded and the test methodology needs to be updated to reflect this.

“The definition of presentation attack species and required performance levels have also been updated to reflect current best practices.”

CPNI’s mandate is to protect UK national security by reducing the vulnerability of critical infrastructure to threats like terrorism, espionage and sabotage.

The new standard is part of a revamped and relaunched biometric test program, and is intended to reflect the current state of the art in biometric-enabled access control and allow vendors to gain better value for money from the CPNI program.

The ‘Biometric Authentication in Automatic Access Control Systems’ document from CPNI sets out the operational requirements, strengths and weaknesses, and threats related to biometric systems, as well as system performance measurements. The document describes system design and building, how to choose a biometric modality, and installation and maintenance concerns. Tests should be commissioned after installation but prior to acceptance, according to the CPNI.

The standard is written for the biometric access control vendor community, both on the access control and biometric capability sides, according to Allgrove.
“CPNI maintains a product catalogue (the Catalogue of Security Equipment) that is used by organizations forming the Critical National Infrastructure community — Government, wider public sector, services (water, gas, electricity etc.), telecoms and other similar organizations — who must use products from the catalogue for their physical infrastructure,” Allgrove says. “It includes all sorts of things (bulletproof glass, bollards, security doors etc.) as well as biometric access control systems. Vendors submit their systems to us as the CPNI-approved test lab to evaluate against the test standard and if they pass, they get included in the catalogue.”

Ingenium and CPNI will host a presentation on the new Test Standard on July 13, 2022 in Canterbury.

Guide published to aid biometric authentication in automatic access control deployment

Ingenium Biometrics and the UK’s Centre for Protection of National Infrastructure (CPNI) have jointly released a new report to help formalize the process for organizations to ensure their security systems are effective.

The report explores biometric authentication applications in automatic access control systems (AACS) with the goal of encouraging “knowledge-sharing in pursuit of increasingly secure and resilient systems.”

The document starts by describing different types of AACS and their traditional components, including devices such as tokens, readers, and keypads, as well as biometric sensors and processing applications that fall under the category of biometric automatic access control systems (BAACS).

The second section of the report provides operational requirements that should be considered when selecting and evaluating the use of a biometric system. These include access control boundary choices, the performance of the biometric system, as well as ease of use, cost, and user compatibility.

In this section, Ingenium and CPNI also clarify that biometric authentication can be single factor (biometric only) or multi-factor (token and biometric). The report covers various biometric modalities used for access control, and explains the basics of multi-factor authentication for extra security.

“For low-security environments, it could be sufficient to use a biometric on its own (single factor solution),” reads the document. “For higher security environments a biometric should be used in conjunction with other authentication factors such as a smart card token (multiple factor solution).”

Among the strengths of using a biometric system to authenticate to an AACS, the report highlights the fact that biometric information cannot be shared (except via a presentation attack), lost, or stolen, in a way a physical token can be. It also cannot be forgotten or guessed in the way a knowledge-based authenticator can be and is unique to the person.

Additionally, Ingenium and CPNI claim that biometrics is the “only way that you can be certain of the physical presence of the enrolled person.”

However, the report also explores the challenges of using biometrics for authentication, for instance, the fact that the process is “inherently probabilistic.”

“This means that the biometric comparison is not between two things that should be identical (such as authenticating using a password or cryptographic key stored in a smart card), and this introduces an underlying error to the system.”

These errors can be minimized, however, by following a series of steps, says the report.

These include ensuring good quality data is captured and a high-quality template is created, training the user population in how to present their biometric characteristic to the sensor, understanding the trade-off between security and performance, and making sure that an appropriate biometric system is selected for the operating environment.

The second section of the report also explores threats to biometric systems, with a particular focus on presentation attacks.

“To mitigate against this, the biometric system must have liveness and presentation attack detection (PAD) capabilities. The performance of the PAD capability should form part of the performance assessment.

Section 3 of the CPNI report covers the process of designing a biometric AACS and preparing the system for implementation.
It considers the key components required to build a biometric AACS, including enrolling the biometric characteristics, selecting a multifactor solution, determining the operating conditions, and managing enrolments, template storage, and data security.

A section dedicated to choosing a biometric modality is next, which analyzes facial, fingerprint, iris, and palm and finger vein recognition. This part of the report also explores privacy and data protection legislation designed to keep biometric data safe, together with exception handling practices.
Finally, the CPNI concludes with two sections about the installation and maintenance of an AACS that includes biometrics.

The collaborative report between CPNI and Ingenium Biometrics comes almost one year after the company was selected as one of the providers of trial support services for the UK’s immigration self-enrollment scheme.

UK selects over a dozen biometrics providers for immigration self-enrollment trial

The biometric suppliers and sub-suppliers for the UK Home Office’s forensic border check trial have been unveiled.

A privacy information notice for the government’s ‘Biometrics self-enrolment feasibility trials’ lists a veritable who’s-who of biometrics providers operating in remote identity verification in Britain.

The organizations will provide technologies for Home Office to evaluate the effectiveness of systems in which people visiting the UK can submit facial images and fingerprint biometrics for forensic identity checks by immigration authorities. The suitability of self-enrollment and enhancement of self-enrollment will be considered, and the biometrics used validated against the standards of the Forensic Science Regulator.

Trial data will be shared with suppliers Blue Biometrics, FaceTec, Gambit, GBG, Idemia, NEC subsidiary Northgate Public Services, Regula Forensics, Spidx, Teleperformance Contact, Trust Stamp, Thales, Unisys, Veridium, VFS Global, according to the notice.

Sub-suppliers include Aware, DXC, Griaule, ID R&D, InnoValor, NEC National Security Systems, Speed Identity, Tech5 and Vision-Box.
Deloitte, Ingenium Biometric Laboratories, Metro and Forensic Science Services (FSS) are listed as providers of trial support services.

“The long-term aim is that all visitors and migrants to the UK will provide their biometric facial images and fingerprints under a single global immigration system,” Home Office explains in the notice.

“To maximise customer convenience and security, we will increasingly look to provide capabilities for biometric self-enrolment, integrated within digital application processes for immigration products.”