DOT Passive Liveness Service

v1.1.0

Overview

Passive Liveness Service is a service that enables performing passive liveness checks on uploaded selfie images, providing a robust method for verifying the authenticity of identities. With the rise of digital interactions and the increasing need for secure identity verification, Passive Liveness Service offers a reliable solution to distinguish live faces from static images or videos presented on screens or printed on paper, as well as masks and other fraudulent attempts.

By leveraging advanced facial recognition algorithms, Passive Liveness Service assesses the interaction with a live, physically present person, ensuring the integrity of identity verification processes across various applications. Whether used in authentication procedures, access control systems, or identity verification platforms, Passive Liveness Service plays a pivotal role in enhancing security and trust.

The service operates seamlessly, requiring minimal user input and no additional actions beyond uploading the image for evaluation. With its stateless architecture, Passive Liveness Service ensures efficient performance while prioritizing data privacy and security.

API Reference

The Passive Liveness Service API reference is available here

Hosting

The Passive Liveness Service is hosted by Inovatrics at address https://liveness.innovatrics.com.

Monitoring

The service version information can be accessed at /api/v1/info, providing insights into the current version deployed.

For real-time monitoring of the service’s operational status and health, use /api/v1/health. This endpoint provides information about the application’s health, including its availability and any potential issues or failures. Monitoring tools and systems can integrate with this endpoint to perform health checks and receive notifications of any anomalies or failures.

Authentication and authorization

Authentication for the Passive Liveness Service API is done via API Key authentication. Each request must include an HTTP Authorization header containing a valid base64 encoded JWT token in the Bearer format.

The service will return a HTTP 401 Unauthorized response for every request that either does not contain the Authorization header, or if the header contents are invalid (e.g.: malformed token).

Certain endpoints, such as /health and /info are not secured by design and do not require authentication.

Logging Transactions via the Innovatrics Tracking Service

For billing purposes, all transactions are tracked by Passive Liveness Service. No sensitive information is tracked and only the number and type of transactions are recorded. For more details on transaction tracking, refer to the [Transaction Tracking and Charging](https://developers.innovatrics.com/digital-onboarding/technical/transactions/) documentation.

Passive Liveness Check

The passive liveness check is a process of determining whether the presented face is a real person without requiring the user to perform any additional actions. It distinguishes live faces from presented photos or videos, masks and other attacks.

Passive Liveness Evaluation

To evaluate liveness, a POST /liveness/passive/evaluation request containing image encoded as base64 string must be made. Examples of these options are included in the Postman collection.

A successful response will contain a score from the interval <0.0, 1.0>. Values towards 1.0 indicate higher confidence that the associated selfies contained a live person. The score should be compared to a threshold to determine the liveness. Higher thresholds will result in a higher false rejection rate, while lower thresholds will result in a higher false acceptance rate.

Please, read more in Passive Liveness Scores for more information on setting the threshold.

If the quality of the selfie does not fully match the requirements for evaluation, the response will contain a warning. If this happens, the selfie can still be used to assess liveness, albeit with reduced reliability. If you prefer not to proceed with such selfie, it is advisable to ask the user to retake the selfie and provide the new one.

Image requirements

Ideally, the photo of selfie should be created with Innovatrics’ auto-capture components, whether in mobile libraries or browser-based. These components ensure the quality requirements mentioned below:

  • The supported image formats are JPEG and PNG

  • The face should be well-lit and not obscured by any objects

  • The image must be sharp enough to detect the face and its features

  • The image should contain single face with clearly visible eyes, nose, and mouth

  • The face should be in the center of the image and in a frontal position

  • The image should get as close as possible to compliance with ICAO standard for portrait quality

Valid Face Image
Figure 1. Examples of valid image

Appendix

Changelog

1.1.0

  • Data downloader (i.e.: submitting image for evaluation via URL) is no longer possible

  • Upgraded IFace to 5.14.0

1.0.0

  • Initial release