Passive Liveness Detection
The passive liveness detection is a process of determining whether the presented face is a real person, without requiring the user to perform any additional challenge (unlike active liveness detection).
This check is recommended for applications where the user’s experience and seamless app flow is paramount.
Mobile app libraries provide the passive liveness detection in several ways. Passive liveness can be obtained from the quality attributes returned by the Face Capture UI component.
Digital Identity Service provides passive liveness detection with the Liveness functionality.
DOT passive liveness detection achieved iBeta Level 2 PAD accreditation in accordance with ISO 30107-03 PAD. See the confirmation letter. More on the test specification.
Passive Liveness Detection and Photo Capture Method
It is important that in the onboarding process the user cannot upload a photo him/herself. It has to be strictly enforced that the user takes the selfie only using the DOT Face Auto Capture component. Being able to upload a selfie photo allows the user to make manipulations that cannot be detected.
Passive Liveness Detection steps
In order to evaluate passive liveness, the following steps must be performed:
- Face detection - find position of the face in the image
- Passive liveness evaluation - calculates passive liveness score and whether evaluation conditions were met. If conditions were not met, the result should be taken with consideration.
Face detection
The first step of performing the passive liveness detection is face detection. This is an important step because there may be no face or multiple faces present in the picture. Once a face is detected, it can be used to evaluate passive liveness. There are various face detection modes available - fast mode provides lower latency, while accurate mode detection is more precise. Mobile devices only support fast mode.
Passive liveness evaluation
A facial image with sufficient background should be submitted for evaluation. Minimum requirements for the image are:
- image size at least 600x600px
- distance between the eyes at least 120px
- shorter side of the image should be at least 4 times the distance between the eyes in px
- face should be near center of the image
- not too strong backlight or sidelight
- no overexposed or underexposed images
- ICAO attributes are recommended to be compliant with the table below
- image should not be cropped or compressed between the capture and processing step
PassiveLivenessQualityProvider used in mobile components ensures all these conditions were met during the capture. These are the values required for it:
| Attribute | Min | Max |
|---|---|---|
| BRIGHTNESS | -7800 | 5000 |
| CONTRAST | -5000 | 6000 |
| SHARPNESS | -4000 | 10000 |
| UNIQUE_INTENSITY_LEVELS | 500 | 10000 |
| PITCH_ANGLE | -15 | 15 |
| YAW_ANGLE | -20 | 20 |
Presentation attack detection
Our algorithm has been trained to detect real faces and also various kinds of spoof attacks. These include:
- Faces displayed on electronic screen
- Printed faces
- 2D masks
- 3D masks
We appreciate that new attacks might emerge, and we regularly retrain the models to incorporate new attack vectors. It is also important that our customers keep components up to date as we release them.
Passive liveness threshold - on server
The final decision whether a face is real or spoof should be determined by the passive liveness score and threshold. If the score is above the threshold, this can be interpreted as accepted. If the score is below the threshold, it is rejected.
Thresholds for Digital Identity Service 1.19 and above
| FAR [%] | FRR [%] | Threshold |
|---|---|---|
| 2 | 0.63 | 0.9006 |
| 1.3 | 1.3 | 0.9113 |
| 1 | 1.87 | 0.9156 |
| 0.5 | 3.95 | 0.9262 |
| 0.2 | 7.28 | 0.9353 |
In the version DIS 1.19, we recommend following thresholds based on the use case:
- 0.90 Optimized for user convenienece
- 0.91 Standard setting
- 0.925 To ensure high security
Thresholds for Digital Identity Service between 1.9 and 1.19
| FAR [%] | FRR [%] | Threshold |
|---|---|---|
| 2 | 1.2 | 0.8708 |
| 1.56 | 1.56 | 0.8785 |
| 1.3 | 2.0 | 0.8851 |
| 1 | 2.6 | 0.8911 |
| 0.5 | 4.3 | 0.9032 |
| 0.2 | 8.3 | 0.9198 |
| 0.1 | 12.2 | 0.9295 |
In the version DIS 1.10, we recommend following thresholds based on the use case:
- 0.87 Optimized for user convenienece
- 0.885 Standard setting
- 0.91 To ensure high security
Thresholds for Digital Identity Service between 1.5 and 1.9
| FAR [%] | FRR [%] | Threshold |
|---|---|---|
| 2 | 1.3 | 0.8534 |
| 1.68 | 1.68 | 0.8598 |
| 1.4 | 1.9 | 0.8657 |
| 1 | 2.7 | 0.8740 |
| 0.5 | 4.2 | 0.8876 |
| 0.2 | 7.7 | 0.9046 |
| 0.1 | 12.2 | 0.9180 |
Passive liveness threshold - on client
The Passive liveness models on client (in DOT Face mobile libraries) are lightweight and therefore provide different FAR/FRR statistics. The Passive liveness detection on client should be used only for features like face login.
Thresholds for mobile libraries DOT Face 4.10.0 and above
| FAR [%] | FRR [%] | Threshold |
|---|---|---|
| 2 | 2.7 | 0.8457 |
| 1 | 4.6 | 0.8682 |
| 0.8 | 5.0 | 0.8701 |
| 0.5 | 7.8 | 0.8879 |
| 0.2 | 18.0 | 0.9255 |
Thresholds for mobile libraries DOT Face between 4.1.0 and 4.9.0
| FAR [%] | FRR [%] | Threshold |
|---|---|---|
| 5 | 0.7 | 0.8383 |
| 2 | 3.0 | 0.8782 |
| 1 | 6.0 | 0.8956 |
| 0.5 | 11.1 | 0.9140 |
| 0.33 | 16.5 | 0.9282 |
| 0.2 | 24.7 | 0.9426 |
Example
Let’s set the threshold of passive liveness for the Digital Identity Service to 0.915. If we have a representative set of 10,000 real faces, statistically 187 of the faces will be on average incorrectly marked as spoofs, even though they were real faces (False Reject Rate). If we have a set of 10,000 spoofs, statistically 100 of the spoofs will be on average wrongly marked as real faces (False Accept Rate).
Setting the correct threshold depends on the security/convenience balance that is required for the specific use case.
Integration hint
During the initial configuration of the system, two thresholds can be set. If the score is below the bottom threshold, the result is automatically set to rejected. If the score is above the top threshold, it is automatically accepted. If the score is between the two thresholds, images go for review to a back office operator for a final decision.
Note
Passive liveness always has to be combined with face matching if possible. Passive liveness ensures the presented face is real, but it must also be checked whether it belongs to the person expected. This applies for onboarding and login use cases.