Use cases¶
This section describes the main use cases of the das-Face API. Take into account that these are generic concepts that can be composed or orchestrated in a more complete pipeline to perform processes like customer on-boarding (vali-Das product by VERIDAS).
Enrollment¶
das-Face is an stateless service and then it did not implement a full enrollment use case. Usually enrollment is not required because das-Face API may receive two photographs (or a photograph and a video) and perform the identity verification between the two faces located in both images. The customer is responsible of storing one of the images for enrollment if that is enough for the operation of their systems.
However, enrollment may be necessary and in such a use case das-Face allows creating a biometric credential, and returning the particular metadata of the model used for the biometric operation. The customer should persist in the database:
- the enrollment image,
- the biometric credential, and
- the biometric model metadata.
Credentials must be decoded from base64 into a binary representation before persisting them in any device, and it must be encoded again to base64 in any following communication with das-Face. The image and the model information are required to regenerate biometric credentials when das-Face is updated with improved biometric models.
So, for enrollment, das-Face computes a proprietary irreversible mathematical representation of a face, called biometric credential, plus some metadata information required to identify the biometric model. The biometric credential is signed and encrypted using a key that is different for each of our customers, making them non-interoperable between customers.
The credential can be generated by calling to POST /v2/credential/photo
endpoint, which will generate it with the biometric model 20200514
. On operation, the generated credential can be compared with the face located in a given photograph.
Warning
When the biometric model is updated, a notice will be given in this documentation, and the customer will be given a time window for plan an update their credentials database.
Notice that credential generation is optional and may require a specific agreement.
Verification¶
This use case of das-Face allows to compute the similarity between the faces shown in two photographs, or between a video and a face photograph. To do so, the client must perform a request POST /v2/verification/photo
for photo comparison, or to POST /v2/verification/video
for photo and video comparison. In both cases, the system response is a JSON with a confidence field, indicating a value in range [0.0,1.0].
If the customer has created biometric credentials, as explained in the enrollment section, it is possible to perform verification of a photo and a credential by requesting POST /v2/verification/credential
endpoint.
In all these cases the system can be configured to perform the operation using selfie-mode or document-mode. Selfie-mode and document-mode differ in how the system response is calibrated, and hence, both modes follow different calibration curves that are depicted in the das-Face Performance Report. The selfie-mode option is calibrated to work with selfie-like images, and the document-mode option is calibrated to compare a selfie versus a face crop extracted from a photograph of an ID card.
The document-mode is convenient for vali-Das on-boarding product. In such situation, das-Face expects as input the face crop returned by vali-Das and a selfie photograph. das-Face will look for face if a whole ID card photograph is given, but the success of the procedure is dependent on the specific ID card design.
Passive liveness detection¶
Liveness detection allows to compute the confidence of a live capture being performed over a bonafide person, or otherwise, if it belongs to a spoof sample build by a fraudster. das-Face implements passive and active liveness procedures.
This passive procedure detects user liveness by looking into a selfie capture. das-Face will process the given photograph and return a confidence number in range [0.0,1.0]which is calibrated with curve given in the Facial Biometry Performance Report. To operate this functionality, the client must perform a request POST /v2/authenticity/photo
.
Notice that photo authenticity is optional and may require a specific agreement.
Selfie-Alive Pro liveness detection¶
This use-case is based on a challenge-response design. das-Face will generate a challenge that should be reproduced using native VERIDAS SDKs for iOS and Android. Then, the captured evidences will be sent to das-Face for its final analysis.
Veridas active liveness detection implemented in Selfie-Alive Pro was tested by iBeta to the ISO 30107-3 Biometric Presentation Attack Detection Standard and was found to be in compliance with Level 1.
Selfie-Alive Pro functionality is a form of face liveness detection implemented following a challenge-response schema. The next figure depicts the whole interaction with final user, app, sdk and das-Face. In a first stage, the client must operate a request POST /v2/challenges/generation/sequential
to generate a new challenge token. The response of this request is a JWS string with application/jose mime type. In a second stage, the client needs to record an interaction with a user face, following the indications of the challenge. This second stage is implemented completely by Veridas SDKs. In a third stage, the client must request POST /v2/challenges/analysis/video-photo
with all the evidences returned by the SDK (among them, a video recording of the face). The system will reply with a confidence metric in range [0.0,1.0], calibrated as indicated in the curve of Selfie-Alive Pro in the Facial Biometry Performance Report.