Operation details¶
This section describes the logic and details which happen behind the different das-FaceQR features which are offered to be consumed as an API.
Creation of the Biometric Credential¶
From a facial image, das-FaceQR returns an abstract representation of the face in a QR format. This is called biometric credential. The process of biometric credential generation is the following.
- Some data is sent to the das-FaceQR credential generation endpoint. This data will typically be a picture with a face, and some arbitrary data referred to as "contextual data", though both are optional.
- Behind the scenes, das-FaceQR calls das-Face (the Veridas’ face biometric engine offered as an API) which returns a biometric vector. Currently, the size of the vector is 1872 bits, to save as much space as possible.
- Additionally, das-Face adds useful information of the biometric generation process. This information includes a timestamp and a hash with the version of the biometric engine which generated the vector.
- das-Face carries an encryption process with this information, producing a biometric credential. This credential has a size of 1872 bits. Optionally, das-FaceQR admits that the customer includes additional information related to the use case. This information is known as contextual data.
- das-FaceQR signs the biometric credential and the contextual data.
- das-FaceQR incorporates the previous information in a compact representation of the information, based on the QR standard. This is known as a biometric QR.
- The credential is returned as an image with a QR code, or a Passbook file, as chosen by the caller.
Biometric Authentication¶
By using a face image and a biometric credential, the biometric authentication process is carried on, obtaining as a response a face similarity value and the contextual data that were introduced in the biometric credential during its generation.
- The returned QR code is read out-of-band later by standard QR scanning hardware, which is widely available elsewhere. The raw data read from the QR code is submitted to the credential verification endpoint, together with a selfie image.
- First of all, das-FaceQR validates the integrity of the data set stored in the biometric QR, by using for that the signature introduced in the generation process. If the biometric QR integrity can not be guaranteed, das-FaceQR returns an API error.
- If the biometric QR integrity can be granted, das-FaceQR obtains the biometric credential and decrypts it, obtaining the biometric vector.
- das-FaceQR calls to the Veridas’ biometric engine (das-Face) to biometrically compare the face image that was introduced and the decrypted biometric vector. A similarity between both face representations is obtained. The similarity value is a float number with a value ranging from 0 and 1. As greater the number, greater the probability of the two representations to belong to the same person.
- Finally, das-FaceQR obtains the contextual data stored in the QR and returns them through the API alongside the face similarity value previously calculated. The similarity score tells how likely it is that the submitted selfie is of the same person as the one that was used to generate the QR. If no biometric data was found in the credential (because no selfie was used to generate the QR) then the similarity score will be zero.
The face images used in the creation and in the biometric authentication must have at least 100 pixels of distance between the eyes of the face of the image person. It is recommended to use the Veridas capture SDKs available for iOS, Android and HTML platforms.
An specific use case example is included.