Glossary

Last updated: August 28, 2024

This glossary contains brief definitions of the key iProov terms and concepts.

For more detailed summaries see the iProov Biometric Encyclopedia.

Both resources are maintained by the iProov team.

A

Abstraction See Canny.
Active authentication Authentication process that elicits a voluntary response from a user, such as blinking, moving the phone, or reading out numbers. Defined by ISO 30107-1 and used by iBeta.
Active biometrics detection solution Application that uses active liveness detection to elicit a voluntary response from a user, such as blinking, moving the phone, or reading out numbers. Also called Active Liveness Solution.
Active Presentation Attack Detection (PAD) system A system where a user has to perform an action such as blinking, moving the phone, or reading out a sequence of numbers.
AI (Artificial Intelligence) generated Leverages computers and machines to mimic the problem-solving and decision-making capabilities of the human mind.
Anti-money laundering (AML) Anti-money laundering refers to the activities financial institutions perform to achieve compliance with legal requirements to actively monitor for, and report, suspicious money laundering activities.
Application Programming Interface (API) A set of definitions and protocols for building and integrating application software. An API key contains a service provider's unique configurations.
Artifact (artefact) An inanimate object that seeks to represent human biometric traits. Can be a physical artifact such as a mask or a digital artifact, for example, a recording on one device that is presented to the camera on another device.
Authentication The process where iProov authenticates an individual to their asserted identity by verifying the individual and comparing the individual's biometric with their pre-captured biometric template.
Avatarify attack Creation of ‘living’ avatars that mimic your action.

B

Bad actor A criminal committing actions with malicious intent.
Basic Face Verifier

Basic Face Verifier uses Liveness Assurance™ technology to deliver a simple, passive, low ceremony face authentication experience. The solution quickly verifies that the returning user’s face matches the image from a previously enrolled biometric template. Basic Face Verifier:

  • Provides strong liveness assurance to verify that the authenticating user is the right person (not an imposter) and a real person (not a presented spoof).

  • Can be used in conjunction with iProov Enroller. This combined solution provides high security at onboarding by leveraging Genuine Presence Assurance® and then offers the option of a simple, low ceremony authentication with Liveness Assurance™.

Biometric The measurement and comparison of data representing the unique physical traits of an individual for the purpose of identifying that individual based on those unique traits.
Biometric configuration An arrangement of biometric elements in a particular form, figure, or combination.
Bona Fide Presentation Classification Error Rate (BPCER) The proportion of bona fide presentations incorrectly classified as presentation attacks in a specific scenario (where a genuine person is mistaken as a presentation attack).

C

Canny The face outline abstraction of a user made during iProov’s verification process.
Centralized biometric Biometric data that is collected on any supported device, encrypted, and sent to a server for enrollment and later authentication for that device or any other supported device.
Certification The testing of a system to verify its ability to meet or exceed a specified performance standard. The certification is usually set by an external party, for example, an ISO Standard.
Claim An iProov transaction, for example, someone 'claims' to be a certain person.
Client application The host application in which the iProov front-end code is embedded. Can be the customer’s iOS or Android application or HTML5 code for the web.
Combined Attack Presentation Classification Error Rate (CAPCER) A measure used by iProov that estimates the False Acceptance Rate (FAR) across the range of attacks that are applicable to iProov products in production (where a spoof is mistaken as a genuine person).
Completion Rate The percentage of users that successfully complete an iProov verification process.
Complicit user fraud A user pretends to have fraud perpetrated against them but has been involved in a scheme to defraud.
Cooperative user When a testing organization is guided by ISO 30107-3, the human subjects used in the tests must provide any and all biometric data that is requested.
Credential sharing Two or more individuals do not keep their credentials secret and can access each others accounts.
Credential stuffing A cyberattack where stolen collections of login credentials from data breaches are used to gain unauthorized access to accounts on other services. Usually comprised of lists of user names and/or email addresses and the corresponding passwords.

D

Decentralized biometric

Biometric data that is captured and stored on a single device and the data never leaves that device. For example, fingerprint readers in smart phones and Apple’s Face ID. Main features:

  • Only unlocks one specific device and/or the applications that use the on-device biometric.

  • Require re-enrollment on any new device.

  • Does not prove the identity of the user.

Decentralized biometric systems can be defeated easily if a bad actor knows the device's override PIN number, allowing them to overwrite the user’s biometric data with their own.

Deepfake Videos, visual, or audio recordings that have been distorted, manipulated, or synthetically created using deep learning techniques to present an individual saying or doing something that they did not say or do.
Digital injection attacks Highly scalable and replicable digital attacks that bypass the device camera or are injected into a data stream.
Document capture

The technology or method used to extract information from a physical document. Can be:

  • Optical Character Recognition (OCR) with a device camera.

  • Near Field Communication (NFC) reader technology using electronic chips in a document to digitally extract information. The document is agnostic about the means by which the face image is extracted.

E

E-ID photo An image obtained electronically from a government certified identity document.
End user An individual human who is using an application.
Enroller

Enroller uses iProov’s Genuine Presence Assurance® technology that provides an effortless and highly secure remote identity verification to support automated digital onboarding. The patented multi-dimensional solution:

  • Assures that an online customer is the right person (and not an imposter), a real person (using liveness detection), and is authenticating right now (using a one-time biometric).

  • Securely verifies the online customer with their asserted identity.

  • Helps institutions comply with KYC/AML regulations.

Enrollment The process of collecting a user’s biometric data for the first time. The data is encrypted and sent to a server, binding a verified identity with a biometric to a legitimate account or service.
Error

An error occurs when a user is unable to complete an iProov verification process. For example, the internet connection failed or the user aborted the process.

F

Face authentication Authentication of users using face biometrics.
Face matching Comparing one face to another to confirm it is the right person. During enrollment a biometric face capture is compared to a photo on an identity document. During authentication the captured biometric data is compared to a previously enrolled biometric template.
Face recognition Technology that matches face biometric data of a user, or users, against an image or database of legitimate information. Typically used as part of a user verification process.
Face verification Matching the biometric data of the subject user to the biometric data of the expected user.
Face Verifier

Face Verifier uses iProov’s Genuine Presence Assurance® technology that enables organizations to match the biometric data of the subject user to the pre-enrolled biometric data of the expected user. Can be used as a primary authentication mode or as part of multi-factor or step-up authentication. Face Verifier:

  • Assures that an online customer is the right person (and not an imposter), a real person (using liveness detection), and is authenticating right now (using a one-time biometric).

  • Verifies the identity of returning customers online.

  • Reassures customers with secure and effortless authentication.

FaceSwap attacks Type of attack where a person’s face is digitally superimposed over another, for example, creating a synthetic image.
Failure A failure occurs when iProov successfully processes a claim but a user's face cannot be authenticated. For example, the user did not pass the biometric tests and/or machine learning models.
False Acceptance Rate (FAR) The measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user. A system's FAR typically is stated as the ratio of the number of false acceptances divided by the number of spoof identification attempts.
False Match Rate (FMR) The rate at which a biometric process mismatches biometric signals from two distinct individuals as coming from the same individual.
False Non Match Rate (FNMR) The probability that the system fails to detect a match between the input pattern and a matching template in the database. Measures the per cent of valid inputs that are incorrectly rejected. Also known as False Reject Rate (FRR).
Fast IDentity Online (FIDO)

The FIDO Alliance is an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords.

https://fidoalliance.org

Flashmark Patented iProov technology that illuminates a user’s face with a sequence of colors to create a one-time biometric code to assure the user’s genuine presence.
FRR (False Reject Rate) The percentage or probability of biometric authentications that reject the correct user when that user’s biometric data is presented to the sensor and incorrectly marked as ‘fail’. If the FRR is high, users will be frustrated with the system because they are prevented from accessing their own accounts. Also known as False Non Match Rate (FNMR).

G

Genuine Presence Assurance® (GPA)

iProov’s patented solution provides unrivalled defenses against digital and physical presentation attacks, digital injected attacks including deepfakes, as well as future and as yet unknown, biometric attacks.

Flashmark technology uses a combination of light, time, and space to deliver a multi-dimensional solution that detects liveness and provides strong assurance that the individual is genuinely present at the point of authentication.

Supported by iProov’s Secure Operations Center (iSOC) delivering Active Threat Management Services, Genuine Presence Assurance® is continually updated and reinforced against evolving novel attack methodologies.

H

Hill-climbing attack An attack that uses information returned by the biometric authenticator (match level or liveness score) to learn how to curate attacks and gain a higher probability of spoofing the system.

I

iBeta

A National Institute of Standards and Technology (NIST) certified testing laboratory in Denver Colorado currently certifying biometric systems for anti-spoofing and liveness detection to the ISO 30107 standard.

ibeta.com

Identity (ID) verification The authentication process comparing the identity a user claims to possess with data that assures it. There are many documents that can serve as providers of this objective truth, usually government issued documents such as passports, ID cards, and driving licenses.
Identity and Access Management (IAM) A framework of policies and technologies to ensure that only authorized users have the appropriate access to restricted technology resources, services, physical locations, and accounts. Also called identity management (IDM).
Identity document capture The process where iProov receives an extracted photo image from a government issued identity document.
Imposter A real person trying to represent themselves as another real person.
International Organization for Standardization (ISO)

A worldwide federation of national standards bodies.

https://www.iso.org/home.html

iPortal

iPortal is iProov's customer engagement portal. It is a secure platform giving customers and partners a single point of access to carry out crucial tasks including:

  • User administration

  • Automated service provisioning

  • Integration

  • Reporting

  • Access to dashboards

  • Raising support tickets

iProov Security Operations Center (iSOC) iProov's active threat management service that receives transactional data to analyze current and emerging threats. iSOC uses machine learning models to develop countermeasures that are then added back to the verification algorithm to prevent future attacks.
ISO 30107-1 Standard set by ISO providing a framework for presentation attack detection. The framework applies to active systems where the user has to perform an action such as blinking, moving the phone, or reading out a sequence of numbers.
ISO 30107-3 The ISO testing guidance for evaluation of anti-spoofing technology for both active and passive PAD systems.

K

Know Your Business (KYB)

Know Your Business is the process in which the person responsible, or the legal representative of a business, is identified. Most Business-to-Business (B2B) companies carry out KYB as part of their due diligence to:

  • Identify the businesses they work with.

  • Fight money laundering and other tax crimes.

  • Ensure that they work with organizations with security processes and guarantees.

Know Your Customer (KYC) KYC is part of Anti-Money Laundering (AML) regulations. KYC identity verification is a standard due diligence process that financial institutions and other regulated entities are required to adhere to when assessing and monitoring customer risk and verifying a customer's identity. KYC aims to ensure that a customer is who they say they are.
Knowledge Based Authentication (KBA)

Authentication method that seeks to verify the identity of someone accessing a digital service. KBA requires knowing specific information to prove that a user requesting access is the owner of the digital identity.

  • Static KBA is based on a pre-agreed set of shared secrets.

  • Dynamic KBA is based on questions generated from additional personal information.

L

Liveness Assurance™ (LA) iProov’s patented technology delivers a simple, passive, low ceremony face authentication experience.The solution quickly verifies that the returning user's face matches the image from the previously enrolled biometric template. LA provides strong liveness assurance to verify that the authenticating user is the right person (not an imposter) and a real person (not a presented spoof).
Liveness detection The use of computer vision technology to determine if data has been collected from a live human or an inanimate, non-living artifact, for example, a photograph or mask.

N

National Institute of Standards and Technology (NIST)

The U.S. government agency that provides measurement science, standards, and technology to advance economic advantage in business and government.

www.nist.gov

Near Field Communication (NFC)

A method of capturing data electronically, including photographic imagery, from an ID document. Includes:

  • Passports

  • Drivers licenses

  • National ID cards

O

One to limited (1:limited-N) Compares the biometric data from one individual to the biometric data from a list of known individuals.
One to one (1:1 or 1-to-1) Compares the biometric data from one subject user to the biometric data for the expected user. The user has explicit or implicit awareness that this process is taking place and directly benefits from it. If the biometric data does not match according to and above the chosen False Acceptance Rate (FAR) level, the result is a failed match.
Optical Character Recognition (OCR)

A method of capturing data and photographic imagery from ID documents using a camera, for example:

  • Passports

  • Drivers licenses

  • National ID cards

P

Passive biometrics detection solution A solution that does not require a user to perform any actions other than looking at the screen on their device.
Passive liveness A liveness solution that does not elicit a voluntary response from a user, such as blinking, moving the phone, or reading out numbers. Defined by ISO 30107-1 and used by iBeta.
Personally Identifiable Information (PII) Information that can be used on its own or with other information to identify, contact, or locate a single user, or to identify an individual in a certain context.
Phishing Occurs when a user is tricked into giving a bad actor their passwords, Personal Identifiable Information, credentials, or biometric data. Usually occurs when a victim replies to a fraudulent email that demands urgent action.
Presentation Attack Detection (PAD) A framework for detecting presentation attack events. PAD is related to liveness detection and anti-spoofing. An active PAD system is one where the user has to perform an action such as blinking, moving the phone, or reading out a sequence of numbers. A passive PAD system is one where the user is not required to perform any action(s).
Presentation attacks Forms of attack that are widely acknowledged, such as artifacts held up to the camera on a device. Can take the form of physical objects such as simple photos to highly sophisticated and expensive masks or digital attacks that are digitally created images or videos presented on a screen.

R

Replay attack Recorded video of a previous authentication that is used to gain access by presenting it on a screen to a device or by digitally injecting it into an application or network server connection, bypassing the camera entirely. An injected replay or injected attack is repeatable, scalable, and has the potential for significant damage and harm.
Replay Attack Detection (RAD) Extensive testing for resilience against digital attacks carried out by companies using a range of proven techniques.
Result token

The result passed back to the iProov SDK at the end of the transaction with a binary pass or fail result. For a fail, the result contains feedback for the user to improve the likelihood of success on a subsequent attempt.

Risk Profiles

Risk profiles:

  • Impact the way iProov applies thresholds to biometric tests to change the likelihood that an attack can pass.

  • Enable iProov’s customers to balance security and usability.

A lenient profile can result in more fraudulent attempts being passed and a greater false accept rate. A stringent profile can result in greater false reject rates of genuine users.

Root Identity Provider An organization that stores biometric data appended to the corresponding personal information of users, and allows other organizations to verify the identities of subject users by providing biometric data to the Root Identity Provider for comparison.

S

Selfie picture An image of a user taken on a device with a user-facing camera for the purposes of identity verification.
Service provider An individual or entity that provides services to another party.
Session A number of biometric enrollments or verifications by a unique user (defined by user_id). The number may vary between 1 and 3 attempts.
Software Development Kit (SDK) A set of tools for developers to use in producing applications using a particular framework or platform.
Splice attacks Reordered frames that are injected to manipulate a system.
Spoof

The act of disguising a communication from an unknown source as being from a known, trusted source. Most common is a non-living object that exhibits some biometric traits being presented to a camera or biometric sensor. For example:

  • Physical artifacts: photos, masks, and dolls.

  • Digital artifacts: pre-recorded images replayed to another device.

Subject user The human individual that is presenting their biometric data to the biometric sensor at that moment.
Synthetic identity Occurs when a bad actor uses a combination of biometric data, name, social security number, address, etc. to create a new record for a user who does not actually exist, for the purposes of using an account in that name.

T

Token The session token generated at the start of a transaction when a customer server calls the Verify API endpoint. Represents the unique identifier for a transaction.
Transaction An attempt that is counted when a customer’s software development kit triggers a connected event.

U

User A human subject, also known as a Subject User or End User.
User ID The pseudonymized identifier for a user’s profile in the iProov platform that invokes a unique biometric template to enable face matching against the initially enrolled image.
User journey A path a user may take.

V

Verification iProov's biometric process of assuring a new user at enrollment against their asserted identity, usually via a government-issued photo ID.