Mobile Biometric Authentication Framework
Knomi® is a mobile biometric authentication solution comprised of a family of biometric matching and liveness detection algorithms that use face and voice to enable secure and convenient multifactor authentication without passwords.
Knomi can also be used for identity proofing as part of a mobile onboarding solution, with advanced security checks that authenticate driver’s licenses and passports, and spoof-resistant biometric facial matching between the live and printed images.
Knomi’s advanced presentation attack detection algorithms detect not only victim impersonation spoofs, but also identity concealment spoofs that impact the ability to use the facial images for other biometric identity proofing functions useful for onboarding such as watch list checks and duplicate prevention.
- NIST-tested algorithms
- Highly configurable UX and security features
- Robust presentation attack detection
- Multimodal performance
- Identity proofing and document authentication
- Device- or server-centric architecture
- IAM integrations
- FIDO® Certified
- iOS, Android, Windows, Linux support
Biometric Solutions for Financial Services
Onboarding and KYC
New customers are a critical source of any bank’s revenue growth, so onboarding them efficiently is among the most important functions they can perform. But onboarding is also a time when banks are most vulnerable to fraud. Banks that incorporate Knomi into their onboarding process can leverage an applicant’s live selfie to conduct several identity checks that serve to positively verify their identity and to detect when fraud is being attempted.
Different versions of Knomi allow the process to be conducted either from the bank’s mobile app or alternatively via a web page on a mobile or desktop. A URL can be discovered by the applicant on the bank’s website, advertisement email, or banner ad. A potential customer simply clicks on the link from their mobile or desktop to initiate an application process in a browser, which includes capture of a live selfie. In this way, a biometrics-enhanced, browser-based process can simultaneously increase the security and reduce the friction of an onboarding process that doesn’t require an applicant to install a mobile app before applying.
Liveness detection serves several valuable purposes:
- Detection of attempted impersonations of a targeted victim using “spoofs” such as paper or digital photos, videos, or 2D and 3D masks;
- Detection of attempted identity concealment using a non-self, non-human, or partially obscured facial image to avoid future facial recognition-based search detection; and
- Non-repudiation, which is a term to describe a bank’s ability to collect court-admissible evidence that associates the activity of a fraudster to a real person; that is, prevent the fraudster from repudiating his involvement in a fraud attempt.
Liveness detection is also an essential part of these other security measures that rely on biometric matching and search:
- Facial image match-to-ID. This function, along with liveness detection, ensures that the government-issued identity document used to convey identity data is authentic and belongs to the applicant.
- Duplicate checks. Facial images of other customers are searched to ensure that the applicant is not attempting to surreptitiously hold multiple accounts, use a synthetic identity, or assume the identity of an existing account holder.
- Watch list checks. Databases of the facial images of known fraudsters are searched to ensure that the applicant is not a known fraudster.
- External bureau checks. Facial images can be submitted to external law enforcement bureaus to determine whether they have a criminal history.
Biometric template storage and matching is performed on the server, with algorithms for autocapture, liveness detection, and spoof detection operating on both the device and on the server.
- Mobile Face Client. Application running on the device to perform facial image capture and analysis designed to capture high-quality facial images quickly and to detect spoof attempts. Built upon the PreFace Mobile SDK.
- Face Authentication Service. Server-based software API for facial template storage and matching. Built upon the Nexa|Face SDK.
- Face Analysis Service. Server-based API for facial image analysis, including liveness detection and spoof detection. Built upon the PreFace SDK.
- Voice Authentication Service. Server-based software API for voice authentication template creation and matching and liveness detection. Built upon the Nexa|Voice SDK.
- App Configuration Service. Server-based API for device application configuration.
FIDO® Certified Authentication
Knomi includes FIDO® Certified server, client, and authenticators for biometric authentication. They are certified conformant with the specifications of the FIDO Alliance and interoperable with other FIDO-certified products.
- FIDO Face Authenticator (UAF 1.1). FIDO Face Authenticator allows a user to login to a mobile application of a relying party (such as a banking app) using their face for authentication. It provides liveness detection via passive mechanisms and also active interaction with the user, including eye blinking. The captured face never leaves the security boundaries of the authenticator application.
- FIDO Face+Voice Authenticator (UAF 1.1). FIDO Face+Voice Authenticator allows a user to login to a mobile application of a relying party (such as a banking app) using their face and voice for authentication. It provides liveness detection via passive mechanisms and also active interaction with the user, including eye blinking. The captured biometrics never leave the security boundaries of the application.
- FIDO Client. FIDO® Client is the intermediary application that helps to bind FIDO authenticators with the relying party mobile application. A FIDO client can look up all FIDO authenticators on the device, and communicate via JSON messages standardized by the FIDO ASM API.
- FIDO Server. FIDO® Server enables a relying party server to offer FIDO-based login from their mobile applications. FIDO® Server encapsulates the FIDO features required at the server, such as maintenance of the FIDO login policies, management of the public keys, and verification of the signatures created on the mobile device.
More information about FIDO Certified authentication products can be found here.