Use cases¶
This section describes the main use cases of the das-Face API. Note that these are generic concepts that can be combined or orchestrated into a more complete pipeline to perform processes like customer onboarding (IDV platform).
Enrollment¶
das-Face is a stateless service and therefore does not implement a full enrollment use case. Usually, enrollment is not required because the das-Face API can receive two photographs (or a photograph and a video) and perform identity verification between the faces in both images. The customer is responsible for storing one of the images for enrollment if that is sufficient for their systems.
However, enrollment may be necessary, in which case das-Face allows for the creation of a biometric credential and returns the metadata of the model used for the biometric operation. The customer should store the following in their database:
- The enrollment image.
- The biometric credential.
- The biometric model metadata.
Credentials must be decoded from base64 into a binary representation before storing them, and then encoded back to base64 for any subsequent communication with das-Face. The image and model information are required to regenerate biometric credentials when das-Face is updated with improved biometric models.
For enrollment, das-Face computes a proprietary, irreversible mathematical representation of a face called a biometric credential, along with metadata to identify the biometric model. The biometric credential is signed and encrypted using a unique key for each customer, making them non-interoperable between customers.
The credential can be generated by calling the POST
/v2/models/<model-hash>/<mode>/credential/photo
endpoint, which will
generate it with the biometric model identified with
model-hash
. This credential can then be compared with the face in a
given photograph.
Warning
When the biometric model is updated, a notice will be given in this documentation, and customers will have a time window to plan an update of their credentials database.
Note that credential generation is optional and may require a specific agreement.
Verification¶
This use case of das-Face allows for the calculation of similarity
between faces in two photographs or between a video and a
photograph. The client must make a POST request to
/v2/verification/photo
for photo comparison or to
/v2/verification/video
for photo and video comparison. In both
cases, the system responds with a JSON object containing a confidence
field, indicating a value between 0.0 and 1.0.
If the customer has created biometric credentials, as explained in the
enrollment section, section, they can verify a photo
against a credential by requesting the POST
/v2/verification/credential
endpoint.
In all these cases, the system can be configured to use either selfie-mode or document-mode. These modes differ in how the system response is calibrated and thus have different calibration curves, as depicted in the das-Face Performance Report. Selfie-mode is calibrated for selfie-like images, while document-mode is calibrated for comparing a selfie against a face cropped from an ID card photo.
The document-mode is suitable for the IDV platform. In this situation, das-Face expects the face crop taken from the document and a selfie photograph as input. das-Face will attempt to find the face if given a whole ID card photograph, but success depends on the specific ID card design.
Passive liveness detection¶
Liveness detection determines the likelihood that a live capture is of a genuine person or a spoof created by a fraudster. das-Face implements passive and active liveness procedures.
Veridas passive liveness detection was tested by iBeta to the ISO 30107-3 Biometric Presentation Attack Detection Standard and was found to be in compliance with Level 1 and Level 2.
This passive procedure detects user liveness by analyzing a
selfie. das-Face processes the photograph and returns a confidence
value between 0.0 and 1.0, and follows the description given in the
Facial Biometry Performance
Report. The client must make a POST
request to /v2/authenticity/photo
to use this functionality.
Note that photo authenticity is optional and may require a specific agreement.
Selfie-Alive Pro liveness detection¶
This use case is based on a challenge-response design. das-Face generates a challenge that must be reproduced using the VERIDAS SDKs. The captured evidence is then sent to das-Face for final analysis.
Veridas active liveness detection, implemented in Selfie-Alive Pro, was tested by iBeta to the ISO 30107-3 Biometric Presentation Attack Detection Standard and was found to be in compliance with Level 1 and Level 2.
Selfie-Alive Pro is a form of face liveness detection using a
challenge-response schema. The figure below illustrates the
interaction between the user, app, SDK, and das-Face. First, the
client makes a POST request to /v2/challenges/generation/sequential
to generate a challenge token. The response is a JWS string with the
application/jose
MIME type. Next, the client records an interaction
with the user's face, following the challenge instructions. This stage
is handled entirely by the Veridas SDKs. Finally, the client requests
POST /v2/challenges/analysis/video-photo
, sending all evidence from
the SDK (including a video recording of the face). The system responds
with a confidence metric between 0.0 and 1.0, calibrated with Veridas
data and following the technical details in the Facial Biometry
Performance Report.