This invention relates generally to authenticating users, and more particularly, to methods and systems for detecting user liveness.
People conduct transactions with service providers in person and remotely over the Internet. Network-based transactions conducted over the Internet may involve purchasing items from a merchant website or accessing confidential information from a website. Service providers who own and operate such websites typically require a person be successfully authenticated before allowing him or her to conduct a desired network-based transaction.
For service providers who require biometric authentication, people provide a claim of identity and remotely captured data regarding a biometric modality. However, imposters have been known to impersonate people by providing a false claim of identity supported by fraudulent data in an effort to deceive an entity into concluding the imposter is the person he or she claims to be. Such impersonations are known as spoofing.
Impostors have been known to use many methods to obtain or create fraudulent data for a biometric modality of another person that can be submitted during biometric authentication transactions. For example, imposters have been known to obtain two-dimensional pictures from social networking sites which can be presented to a camera during authentication to support a false claim of identity. Imposters have also been known to make physical models of a biometric modality, such as a fingerprint using gelatin or a three-dimensional face using a custom mannequin. Moreover, imposters have been known to eavesdrop on networks during legitimate network-based biometric authentication transactions to surreptitiously obtain genuine data of a biometric modality of a person. The imposters use the obtained data for playback during fraudulent network-based authentication transactions. Such fraudulent data are difficult to detect using known liveness detection methods. Consequently, generating accurate network-based biometric authentication transaction results with data for a biometric modality captured from a person at a remote location depends on verifying the physical presence of the person during the authentication transaction as well as accurately verifying the identity of the person with the captured data. Verifying that the data for a biometric modality of a person captured during a network-based biometric authentication transaction conducted at a remote location is from a live person is known as liveness detection or anti-spoofing.
Liveness detection methods have been known to use structure derived from motion of a biometric modality, such as a person's face, to distinguish a live person from a photograph. Other methods have been known to analyze sequential images of eyes to detect eye blinks and thus determine if an image of a face is from a live person. Yet other methods have been known to illuminate a biometric modality with a pattern to distinguish a live person from a photograph. However, people may not consider these methods to be convenient and these methods may not accurately detect spoofing. As a result, these methods may not provide high confidence liveness detection support for service providers dependent upon accurate biometric authentication transaction results.