Skip to content

Use cases

This section describes the main use cases of the das-Face API. Note that these are generic concepts that can be combined or orchestrated into a more complete pipeline to perform processes like customer onboarding (IDV platform).

Enrollment

das-Face is a stateless service and therefore does not implement a full enrollment use case. Usually, enrollment is not required because the das-Face API can receive two photographs (or a photograph and a video) and perform identity verification between the faces in both images. The customer is responsible for storing one of the images for enrollment if that is sufficient for their systems.

However, enrollment may be necessary, in which case das-Face allows for the creation of a biometric credential and returns the metadata of the model used for the biometric operation. The customer should store the following in their database:

  • The enrollment image.
  • The biometric credential.
  • The biometric model metadata.

Credentials must be decoded from base64 into a binary representation before storing them, and then encoded back to base64 for any subsequent communication with das-Face. The image and model information are required to regenerate biometric credentials when das-Face is updated with improved biometric models.

For enrollment, das-Face computes a proprietary, irreversible mathematical representation of a face called a biometric credential, along with metadata to identify the biometric model. The biometric credential is signed and encrypted using a unique key for each customer, making them non-interoperable between customers.

The credential can be generated by calling the POST /v2/models/<model-hash>/<mode>/credential/photo endpoint, which will generate it with the biometric model identified with model-hash. This credential can then be compared with the face in a given photograph.

Warning

When the biometric model is updated, a notice will be given in this documentation, and customers will have a time window to plan an update of their credentials database.

Note that credential generation is optional and may require a specific agreement.

Verification

This use case of das-Face allows for the calculation of similarity between faces in two photographs or between a video and a photograph. The client must make a POST request to /v2/verification/photo for photo comparison or to /v2/verification/video for photo and video comparison. In both cases, the system responds with a JSON object containing a confidence field, indicating a value between 0.0 and 1.0.

If the customer has created biometric credentials, as explained in the enrollment section, section, they can verify a photo against a credential by requesting the POST /v2/verification/credential endpoint.

In all these cases, the system can be configured to use either selfie-mode or document-mode. These modes differ in how the system response is calibrated and thus have different calibration curves, as depicted in the das-Face Performance Report. Selfie-mode is calibrated for selfie-like images, while document-mode is calibrated for comparing a selfie against a face cropped from an ID card photo.

The document-mode is suitable for the IDV platform. In this situation, das-Face expects the face crop taken from the document and a selfie photograph as input. das-Face will attempt to find the face if given a whole ID card photograph, but success depends on the specific ID card design.

Passive liveness detection

Liveness detection determines the likelihood that a live capture is of a genuine person or a spoof created by a fraudster. das-Face implements passive and active liveness procedures.

Veridas passive liveness detection was tested by iBeta to the ISO 30107-3 Biometric Presentation Attack Detection Standard and was found to be in compliance with Level 1 and Level 2.

This passive procedure detects user liveness by analyzing a selfie. das-Face processes the photograph and returns a confidence value between 0.0 and 1.0, and follows the description given in the Facial Biometry Performance Report. The client must make a POST request to /v2/authenticity/photo to use this functionality.

Note that photo authenticity is optional and may require a specific agreement.

Selfie-Alive Pro liveness detection

This use case is based on a challenge-response design. das-Face generates a challenge that must be reproduced using the VERIDAS SDKs. The captured evidence is then sent to das-Face for final analysis.

Veridas active liveness detection, implemented in Selfie-Alive Pro, was tested by iBeta to the ISO 30107-3 Biometric Presentation Attack Detection Standard and was found to be in compliance with Level 1 and Level 2.

Selfie-Alive Pro is a form of face liveness detection using a challenge-response schema. The figure below illustrates the interaction between the user, app, SDK, and das-Face. First, the client makes a POST request to /v2/challenges/generation/sequential to generate a challenge token. The response is a JWS string with the application/jose MIME type. Next, the client records an interaction with the user's face, following the challenge instructions. This stage is handled entirely by the Veridas SDKs. Finally, the client requests POST /v2/challenges/analysis/video-photo, sending all evidence from the SDK (including a video recording of the face). The system responds with a confidence metric between 0.0 and 1.0, calibrated with Veridas data and following the technical details in the Facial Biometry Performance Report.

uml diagram