iBeta

iBeta is one of the most accomplished biometric test labs, with accreditations overseen by both governmental and private entities.

iBeta is accredited by NIST NVLAP as an independent test lab, by the FIDO Alliance to conduct biometric evaluations with their Biometric Component Certification Program as a FIDO Alliance Accredited Biometric Laboratory, and by Android as an Android Security Partner aiming to achieve the designation be granted the authority to conduct the Android Biometrics Certification. In addition, iBeta has received a Mastercard accreditation for biometrics testing for mobile and wearable devices.

When iBeta was first accredited by NIST/NVLAP, the term certification was used, but this was later corrected to conformance and confirmation letters for iBeta PAD testing, which specifies the type of PAD testing utilized, and the vendor product tested. These assess conformance with the ISO 30107-3 Standard.

iBeta provides testing and quality assurance services such as DEA EPCS Biometric Subsystem Certification, data interchange in accordance with CBEFF and BioAPI, operational, scenario, or technology biometric performance testing in accordance with ISO 19795, along with Presentation Attack Detection testing in accordance with ISO 30107-3 and to ISO 30107-4 for mobile services, also known as liveness and spoofing testing.

In biometrics, PAD, short for Presentation Attack Detection, is called liveness or liveness detection. Presentation Attacks are attempts to interfere with the regular duties of a biometric system, and spoofing is a presentation attack variant. Liveness detection is the ability of a system to detect if any supplied biometrics such as a fingerprint, face, or voice is real and live from a person present at the point, or if it is fake such as a non-living body part or a spoof object.

It includes technical features and utilizes algorithms that analyze data that are collected from biometric scanners and readers to defeat biometric spoofing attacks where a replica of an individual’s unique biometrics such as a 3d mask of silicone or a fingerprint mold is presented to the biometric device to trick or bypass the identification and authentication steps.

Liveness tests evaluate FAR, short for False Accept Rate, FRR, short for False Reject Rate, and SFAR, short for Spoof False Accept Rate of several biometric subsystem products across multiple modalities as required.

iBeta’s PAD testing’s specific procedures, processes, and report templates are audited and approved as part of the NIST administration of the NVLAP.

Before testing, the PAD mechanism is determined as a PAD subsystem test where only presentation attack detection is evaluated, a data capture test where presentation attack and quality checks are evaluated together or full system test where biometric comparison capabilities of the full biometric subsystem is evaluated. iBeta utilizes two levels of testing for their method, PAD Level 1 and PAD Level 2 testing.

During testing 6 species of attacks are selected uniform as can be.  If an active liveness detector is utilized, then the species of attacks are tailored just as an impostor would provide blinking, smiling, or movement. The material cost limit is 30 USD for Level 1. As a guideline, the subject and the equipment used are chosen from items that are readily available in a normal home or office environment. Each attack is applied to PAD within a time limit. For Level 1 all 150 attacks and 50 genuine presentations are applied within 8 hours. iBeta only utilizes biometric characteristics provided by volunteer data subjects to create better-quality items for attacks. For Level 1 only 0 % penetration or match rate is allowed.

For iBeta level 2, the items associated with the attack for a single genuine subject are each created and applied within 8 hours, with 6 subjects or species needing at least 48 hours, or two days. The budget for the creation of items of attack is increased to 300 USD with their creation done by utilizing equipment such as a 3D printer, resin mask, or latex mask. Again, only biometric data from volunteer subjects are utilized. The expertise of the personnel is also increased. They will have participated in at least one other PAD test with the target modality and has an understanding of the liveness detection functionality of the test target. For Level 2 only a 1 % penetration or match rate is allowed.

A confirmation letter is provided for conformance. Before applying any presentation attack, a record of the configuration of the solution used by the client during the presentation attack is recorded, along with the exact device configuration. The results are presented in the confirmation letter using the reporting metrics required by ISO 30107.