This invention relates generally to user authentication, and more particularly, to methods and systems for determining user liveness and verifying user identities.
Users conduct transactions with service providers in person and remotely over the Internet. Network-based transactions conducted over the Internet may involve purchasing items from a merchant website or accessing confidential information from a website. Service providers that own and operate such websites typically require successfully authenticating a user before allowing that user to conduct a desired transaction.
Typically, during network-based biometric authentication transactions conducted with a user at a remote location, the user provides a claim of identity and biometric data. However, imposters have been known to impersonate users by providing a false claim of identity supported by fraudulent biometric data in an effort to deceive a service provider into concluding the imposter is the person he or she claims to be. Such impersonations are known as spoofing.
Impostors have been known to use many methods to obtain or create fraudulent biometric data of others that can be submitted during authentication transactions. For example, imposters have been known to obtain two-dimensional pictures from social networking sites which can be presented to a camera during authentication to support a false claim of identity. Imposters have also been known to make physical models of a biometric modality, such as a fingerprint using gelatin or a three-dimensional face using a custom mannequin. Moreover, imposters have been known to eavesdrop on networks during legitimate network-based biometric authentication transactions to surreptitiously obtain genuine biometric data. The imposters use the obtained biometric data for playback during fraudulent network-based authentication transactions. Such fraudulent biometric data are difficult to detect using known liveness detection methods. Consequently, accurately conducting network-based biometric authentication transactions with biometric data captured from a user at a remote location depends on verifying the physical presence of the user during the authentication transaction as well as accurately verifying the identity of the user with the captured biometric data. Verifying that the biometric data presented during a network-based biometric authentication transaction conducted at a remote location is from a live person at the remote location, is known as liveness detection or anti-spoofing.
Liveness detection methods have been known to use structure derived from motion of a biometric modality, such as a face, to distinguish a live user from a photographic image. Other methods have been known to detect sequential images of eyes or eye blink techniques, to determine if face biometric data is from a live user. Yet other methods have been known to illuminate a biometric modality with a pattern to distinguish a live user from a photographic image. However, these methods may not be convenient for the user and may not detect spoofing attempts that use high definition video playback, and therefore may not provide high confidence liveness detection support for entities dependent upon accurate biometric authentication transaction results.