Behind the Biometric

Episode 256

State of Identity Podcast

1/20/2022

Episode 256

Behind the Biometric

We’re still at the dawn of the applications of biometrics. What is the industry’s role in leading consumer education? Join host Cameron D’Ambrosi and David Ray, COO & General Counsel at Rank One Computing as they discuss how biometrics have evolved from government applications to B2C use cases. You’ll uncover how widespread mobile adoption has ushered biometrics across new industry verticals, unlocking the power of understanding who’s on the other side of that device.

Host:

Cameron D'Ambrosi - Managing Director at Liminal

Guest:

David Ray - COO & General Counsel at Rank One Computing

Share this episode:

Cameron [00:00:05] Welcome everyone to State of identity, I’m your host, Cameron D’Ambrosi. Joining me this week is David Wray, COO and General Counsel at Rank One Computing. David, welcome to State of Identity.

 

David [00:00:16] Yeah, thanks so much, Cameron. Really, really appreciate the chance to join you here.

 

Cameron [00:00:21] You know, before we get into Rank one, I think you guys are sitting at really super interesting piece of the digital identity landscape around, you know, biometrics liveness key areas that I think. So many applications and would love to dive into all that with you, but before we do that, you have a pretty interesting background and we’d love to hear just a little bit about, you know, that career journey you had in and kind of how you found yourself, you know, becoming COO of a leading biometrics platform?

 

David [00:00:53] Yeah, yeah. Happy to. Happy to share that. I’ll start kind of, at the beginning of my career, I graduated college and in 2007 kind of right at the tail end of the boom, right before the bust, and I joined Lehman Brothers and did mortgage-backed CDO structuring. So I had a front-row seat to the financial crisis of 2008 2009 and really saw a lot of fraud at that at that point of how this information is is critical to prevent financial losses. So the way mortgage-backed CDOs work is, it’s a second securitization of mortgages. So mortgages, you zip them up into a billion-dollar portfolio, issue securities and then those securities are kind of priced based on overall statistics for that portfolio, as opposed to looking at individual John and Jane Smith and their their creditworthiness. What we did was take the securities from Mortgage-Backed Securities and then do a second securitization, so put a billion dollars of those into a package and re securitize them at which point you’re so far away from John and Jane Smith’s creditworthiness that it’s a complete black box of what’s going on in there. And I I tell that story because we sitting on Wall Street and looking at our Bloomberg terminals, we’re just as blindsided as anyone else by the shocking amount of fraud that suddenly emerged from the basic underwriting of those mortgages. I think at the time, they were referred to as ninja loans. No, no income, no job, no assets. And I think that really shaped my perspective on identity and fraud and the importance of having granular information at the individual level as opposed to relying on overall pool risk and overall pool characteristics. After Lehman, I joined a consulting firm that’s now part of Accenture and worked for Pfizer, doing some pretty fun procurement projects and then went to law school. I graduated from Columbia and in 2012 went out to Palo Alto and worked for Simpson, Thatcher and Bartlett, which is a large New York firm that represents a lot of banking interests and private equity. My first deal at Simpson was the Dell Tate Private, so we are our clients, so we’re like partners joined with Michael Dell and they took the company private. And what was then the largest leveraged buyout since prior to the financial crisis is about a twenty five billion dollar transaction. Did several bond deals for Silicon Valley issuers, including Tesla, Cadence, Whitewater or, excuse me, White Wave foods in Denver. And then made my way to Denver and joined a smaller firm and spun out of that firm and formed my own firm, both legal with the founder of the initial boutique. And we focused on early-stage startup companies venture capital transactions, capital raises, company formations, and middle-market mergers and acquisitions. At the end of twenty seventeen, I joined rank one computing as general counsel and became COO. Six months later. And have led our business development and operations for the last four years and seen a lot of growth for rank one, as well as for the identity industry more broadly. Thanks for barring with me through that long and twisting journey, career journey.

 

Cameron [00:05:26] Yeah. No, super, super exciting, and you know, I also am an 07 graduate and had kind of a similar experience of like getting a foot in the door and then kind of having a front-row seat. I was at the New York Stock Exchange at the time and seeing, you know, kind of the world explode and then also found my way to digital identity. So interesting parallel there. I guess, you know, more focused on today’s topic, which is ranked one and kind of your place in this burgeoning digital identity market. For listeners who aren’t familiar with rank one, what’s a quick 15000 foot, you know, summary of what you guys are about?

 

David [00:06:07] Sure. Rank One is a six years young face recognition and computer vision algorithm developer technology provider based in Denver, Colorado, and our our roots in biometrics and face recognition go back much longer than to the history of rank one. We original roots are come out of Michigan State University, where our founders did PhDs and advanced degrees under Dr. Neil Jain, who is kind of the founder of Pattern Recognition and Biometrics, really pioneered computer-based fingerprint recognition and his career goes back over 50 years in that space. After Michigan State, our founders went to a government contractor called noblesse in the D.C. area and supported FBI, Department of State and other government customers from a science and technology standpoint. And then rolled out of noblesse, took the entire face recognition team, and found a drink one in 2015. Since then, we’ve been developing world-leading face recognition algorithms that consistently deliver top tier accuracy and are generally two to five times faster than our competitors and 10 to 20 times smaller in terms of the template size and. That’s kind of getting into the weeds, but we for the identity space, we end up being a golden cog in a lot of these different platforms for providing the face recognition piece of identity proofing, which is presenting your document, passport or driver’s license and a selfie. And we perform the comparison of the selfie to the physical document and power about half of the U.S. major leading US providers for identity proofing. The other critical piece that we offer is liveness and anti-spoofing. So we pioneered that as well and have the US patent dating back to June 2017 for our solution, which looks at a single frame or single image and performs kind of close analysis of looking for compression artifacts, moiré patterns, glare, other indicia of that. This is a replay image, either of a printed photograph or someone holding up a device as opposed to a three dimensional human being standing in front of the camera. So we provide that as well, which is critical for the testing to selfie in the third area that, that really benefits Identity is homomorphic encryption, so we have a patent-pending solution that essentially allows you to encrypt a template and then perform matching in the encrypted space without ever decrypting the template. So the way face recognition works is you go from an image, generate what’s known as a template, a statistical model of that face, and compare the similarity of those two to return a match score with homomorphic encryption. You can encrypt that template and perform the matching without ever decrypting, which enables greater security and greater solutions for a central provider working with participants in the network who they don’t fully trust. I think the best example would be a credit card processor working with thousands or hundreds of thousands of points of sale and they can use our technology and how morphic encryption. To conduct that transaction safely without any kind of attack vectors.

 

Cameron [00:10:32] Thank you for that super deep dove, and I think you’re, you know, hitting all the buzzwords that that folks are thinking about when they think about biometrics. You know, I think we’re at a really interesting inflection point in the space, which is I think the demand has never been higher for technologies that can assure, you know, that not only is there a real person behind a device, but it that it’s the person who you think you are or rather who the platform thinks is initiating the transaction. But beyond that, balancing these considerations with, you know, the growing data privacy concerns that many consumers have. And I think, you know, facial recognition is scary in the abstract to many folks. They think of kind of mass surveillance and they think of all these things. You know, from your perspective, how are you going about fundamentally balancing those concerns? And, you know, where do you see rank one’s role? Because I think, you know, like many biometrics platforms, you guys are kind of, I guess, fading into the background, right? Like, a lot of people might not necessarily know that they’re interfacing with rank one because they’re using a platform, online banking or sharing economy platform that is leveraging you guys. But you don’t really have a direct touch point. Like, where do you see the biometrics industry’s role in kind of leading that consumer education piece and kind of sharing some of these concepts, like homomorphic encryption that you talked about with me? Like, how do we, I guess, convey that out to the consumer and where you see your role in doing that?

 

David [00:12:10] I think rank one in the biometrics industry generally has performed the role of fundamental science of developing these computer vision algorithms that perform at the core of a lot of different solutions. And Rank One offers a software development kit, which is essentially a computer code library of functions that allow you to feed in an image, find a face, generate a template, and perform comparisons both one to one and one to end. That SDK is available in a native sea language API, with wrappers for C Sharp Java, Python, Go, and Lua, and it operates on all major major platforms. So Windows, Linux, OS X, iOS, and Android, and it has support for CPU, GPU and arm processors. There’s also a mobile SDK piece that’s optimized to run on mobile devices for speed and size, and that fits into less than 10 megabytes. So it’s a solution that can be is designed to be embedded into mobile apps and historically has been kind of the role of the biometrics community is to push the realm of what’s possible through iterative research. We release a new version of our facial recognition algorithms every three to six months, and each of those version upgrades significantly improve accuracy and speed and efficiency. Those get tested in the NIST, National Institute of Standards and Technology face recognition vendor test NIST FRVT. And it’s the best global benchmark of wear. Face recognition technology is today from a statistical standpoint, and we consistently score kind of in that top tier across all accuracy metrics, and then the efficiency and speed metrics are really what separates real world deployable technology from, really advanced kind of lab projects. That are workable in a large server farm, but could never go on device, could never go out in the field, could never perform quickly enough. That scale for these large SAS solutions, the, that SDK that we offer gets packaged into a lot of different industries. So we power government solutions, military intelligence, community law enforcement, access control, and embedded devices, as well as this identity proofing space. And the identity proofing solution is historically has been a one-to-one solution. So comparing a physical document to a selfie, a person standing in front of a camera and it’s replicating what a bank teller would do or a bar bouncer, but it at significantly higher accuracy. And we’re seeing a lot of potential for taking that solution from a one-to-one comparison of a document to a face to a large-scale one-to-end solution to prevent fraud at the first instance of have you seen this face under a different name? Because the one-to-one is, does this driver’s license match the selfie, which is an important first question. But if you have a fake driver’s license, then how do you? How do you capture that fraud? It may be really good faith. You ask also about anonymity and data privacy and what we’re seeing kind of to countervailing trends, but very related trends in that fraud and is becoming more and more rampant as our interactions are going digital and leaving the physical space and becoming virtual, so. That’s a serious concern, similar to that is the risks of anonymity on virtual interactions are significant in things like Russian interference with our 2016 election of creating bots that masquerade as people to do things that ultimately swayed democracy in the United States. So I think attribution and validation that these communications and thoughts and actions are coming from real individuals and from the right individuals is critical in virtual interactions. At the same time, we’re seeing increased concern about personal privacy or things like GDPR and CCPA in California. And I think biometrics has an important role to play on both of those. So. It’s our technology can detect a face, and then once you’ve detected a face, you can do a few different things with it, either model that face as for identity purposes and to be able to assert attribution as well as you can ghost out that face, blur it, hide it from any distribution. So it’s it kind of cuts both ways as a technology as well.

 

Cameron [00:18:08] Liveness, I think, is an area of intense focus within the industry right now as well. A lot of competing techniques and underlying technologies, although I think when you dig down deep enough, it turns out that there’s really only a handful of players rank one being one of those, I know you guys have what you consider to be some proprietary intellectual property in that regard and that you guys are strong believers in your ability to do high-quality liveness without. I don’t know if active versus passive is the right phrase, because passive, I think, implies no input from the user. But you guys are doing kind of single-frame as opposed to one that requires you to wiggle the camera around or have any sort of complicated effort on the user side. Can you talk a little bit about that approach and why you feel it sets you apart from some of your competitors in the space?

 

David [00:19:05] Sure, sure. And yeah, I think active passive is the right terminology. So active is kind of, there are actually a couple of patterns out there that Amazon and Google have around active loudness that are essentially, Simon says, plus a computer. So if the computer instructs you, turn your head to the left, turn it to the right, blink twice and if the user performs that, then that’s probably legitimate. It would be difficult to have a prerecorded video that follows instructions so that’s active liveness. There are serious, friction points for that in a customer interaction of expecting millions of consumers to comply, as well as even if they do comply, they may not appreciate the interaction. So passive likenesses is kind of the gold standard for this industry of looking for an ability to differentiate. Is this a living, breathing human being without that person having to take any particular action? So our solution is, is that single frame. So it literally requires nothing other than a capture of that photo or of a video and then can look at compression artifacts and relying on the fact that ninety-nine percent of images have been stored in a JPEG format or some compression, some lossy format. You can see those results through computer vision techniques and even in an uncompressed image of someone holding up a compressed image. So that’s a lot of how we. Offer our solution and how that works. There are some other techniques as well, and lameness in general. It’s kind of a cat and cat and mouse game of constantly seeing novel spoof attempts and attacks, and then the developers respond by building a better, better mousetrap to detect those attacks.

 

Cameron [00:21:34] So, you know, in thinking about the broader biometrics space, I think in some ways you can trace its arc in terms of applications similarly to that of digital identity, which is to say, I think we started off with a lot of applications limited to kind of the notion of regulatory compliance, right? Anti-Money laundering know your customer industry is really constrained from a demand that they have a firm grasp of who’s on the other side of a transaction because if they don’t, you know, the government is going to come in and yank their charter. But as we’ve seen with the rise of online to offline platforms and online commerce in general, rise of mobile, more and more lines of business across more and more different industry verticals are understanding that there’s tremendous value in being able to understand to a higher degree of assurance who’s on the other side of that device. Is that what you’re seeing in terms of the types of platforms that you’ve been engaged with at Rank One and applications for biometrics beyond what you might consider to be kind of core regulated or more government-centric applications?

 

David [00:22:46] Yeah, I think we’re really at the dawn of applications of biometrics. So historically, biometrics have been broadly used in the government space, going back 15, 20 years. So law enforcement has used biometrics for suspected identification. Well, before the technology was was very accurate, and they’ve done so, frankly with a pretty sterling record of only three known false arrests over that 20 year period, which I think goes to a lot of the police procedures and policies of ensuring that as they’re using this technology for suspect identification, it’s spot on and they’re doing their additional investigative work around any arrests or any results of that. It’s also broadly used in, by the passport agency. So these kind of fundamental identity clearinghouses of trying to ensure that when people are applying for visas and passports, that it is the right person and historically it’s been looking for fraud as duplicate images, fraud is, has, that there’s low hanging fruit, at least in fraud of people recycling the exact same passport image under multiple names and multiple applications. So initially, using face recognition to identify those duplicates. Increasingly so, too, to do large gallery comparisons to look for whether this face is showing up under a different name or has previously shown up under a different name. There is obviously border control applications that are critical for border security and ensuring that as people enter the United States and present documents that it. Again, matches who they claim to be, but I think in the private sector, we have seen identity proofing as the first kind of killer app for biometrics and for facial recognition. But I think it’s not the only one. There’s other opportunities around access control of doing smart locks, but that tends to be a somewhat niche industry because it’s replacing locks that have fingerprint enablement with locks that have face recognition enablement, which are unfortunately the minority of all walks in the world. But there’s a lot more, as you mentioned, of creative ways to use identity assertion and fundamentally face is the best way to assert your identity in a public manner. From a, your fingerprint is very private unless you’re holding it straight up to the camera. It’s not something that you stumble across and it needs to be presented. Same thing with an iris. It’s very close capture and you need to have specialized equipment to do it. Face has a long history dating back to the early evolution of our species as being the way that people recognize each other and differentiate a known person from an unknown person. And I think that that role in a physical human context continues in the digital space of face should be viewed as your public biometric. The way that you can self-identify self-declare. I am who I say I am, and that’s that you should follow both physical interactions and online digital interactions with other biometrics being more, more sensitive, more private, more specialized in the presentation.

 

Cameron [00:26:54] Well, I know you did bring your Magic Crystal Ball with you, so I might ask you to dust that off for this last question here, which is we’d love to hear your thoughts on, you know, where we’re headed in the future. I know we touched on that just a little bit, but you know, taking a wider perspective on where we see the broader identity market headed and some of those intersectionality with biometrics, we’d love to hear your two cents.

 

David [00:27:18] Sure. Yeah. I think I’ll start with identity proofing. We’re seeing. And as you’ve mentioned, I think it’s liveness takes continues to take on a more and more important role. And we’ll just continue to see an arms race there, of spoof attempts and swift detection. It currently identity proofing is used primarily for the account establishment of present your documents. Let me ensure that I know who you are for that initial interaction with you in KYC regulatory compliance, and we’re seeing it with cryptocurrency in particular, which don’t, don’t have any physical branches. So identity proofing is a really powerful way for cryptocurrency trading to establish some regulatory compliance. The coming out of that initial account creation, you have a record of their driver’s license or passport and you have that initial selfie image. We’re seeing a lot of opportunity to ask for a quick re-confirmation of identity when you’re doing things like a large dollar transaction or changing username and password, or changing your email address. Or maybe it’s just periodic, but it’s the subsequent quick ID proofing where you’re not asking for the driver’s license again because you have the record of that. But you’re saying, can I just get another quick selfie and make sure that you are still you? And that the access to the account hasn’t passed on after initial creation. The other area that we’re seeing that expand is from one-to-one solutions into one-to-end solutions. So in one-to-end, you can either establish a small gallery of known fraudsters because most fraud is committed by professional fraudsters who you and I get up and go to work now in our homes, but used to be in an office somewhere in our and fraudsters wake up every day and get to work committing fraud. So you can establish a small gallery that would capture many of those repeat professional fraud fraudsters. You can also create large gallery of the entire database. So the difference being on small gallery, you’ll capture these individuals once they’re flagged and once you’ve been identified and you can prevent further damage with large gallery, you can prevent fraud at the first instance by seeing the first time that a face shows up under a different name. So we’re seeing those areas of expansion within the identity proofing space beyond just I.D. proofing. I think there’s. There’s got to be something coming, which is using cryptocurrency and digital assets as an identity token to be able to navigate that. That privacy concern that we spoke about, as well as the ability to assert and attribute your actions and your existence in a digital way. And that that digital token is would be user-centric, user-controlled, originally set up using biometrics and validating that identity, looking back to original documentation. But then subsequently it’s, you know, there’s different metadata fields that are variable and under user control to assert and share proactively with the various vendors that they interact with in the digital space. That’s something that I think is coming. I haven’t seen it as a fully baked solution, but I think biometrics will have a huge, huge piece of that as well.

 

Cameron [00:31:30] I couldn’t agree more. For folks who are interested to get in touch with you or to learn more about the Rank One platform, what’s the best place for them to go?

 

David [00:31:40] Yeah, I think visit our website, rank one dot io. R.A.N.K.O.N.E dot io and feel free to drop me an email as well. I’m David at R.A.N.K.O.N.E dot io. We’d be very happy to follow up.

 

Cameron [00:31:58] Amazing. David, thank you so much for the time. Really, really appreciate it. Please be well and looking forward to catching up with you again soon to check in on some of these predictions.

 

David [00:32:07] Sounds great. Thanks so much, Cameron.

 

Episode 331

Onfido CEO Mike Tuchen shares his insights on the digital identity space, and the challenges businesses and consumers face. Tuchen discusses the need for a privacy-first approach, the growing demand for reusable digital identities, and the shift towards user control of personal information.

Episode 330

Secfense Chief Technology Officer, Marcin Szary, joins host Cameron D’Ambrosi to explore the current authentication landscape. They discuss why FIDO Alliance has been a truly transformative moment for the death of the password, how Secfense sets itself apart in a crowded and competitive landscape, and Marcin’s predictions for the future.

Episode 329

Measuring the reach of digital advertising and smartphone app performance is a difficult task made more challenging by tightening data privacy regulations. Edik Mitelman, SVP & GM of Privacy Cloud at AppsFlyer joins host Cameron D’Ambrosi to discuss the current state of the consumer data landscape, how platforms must balance first- and third-party data usage, and why the death of cookies is a tremendous opportunity.

Episode 328

John Bambenek, Principal Threat Hunter at Netenrich, joins host Cameron D’Ambrosi for a deep dive into the current trends across the cybersecurity landscape, from ChatGPT and deepfake offensive threats to leveraging data analytics across your XDR, SIEM and SOAR technology stacks for improved defenses.

Episode 327

Vyacheslav Zholudev, Chief Technology Officer of Sumsub, discusses the current state of the identity verification market with podcast host Cameron D’Ambrosi. They explore the factors driving platforms to move beyond basic identity verification and into other aspects of the digital identity lifecycle. They also discuss the challenges of implementing artificial intelligence in regulated use cases such as anti-money laundering (AML) transaction monitoring.

Episode 326

Host Cameron D’Ambrosi is joined by guest Marcus Bartram, General Partner and founding team member at Telstra Ventures, to dive into his company’s digital identity investment thesis, its transition from corporate VC to an independent fund, Strata Identity’s right to win, and the expanding role of identity in the cybersecurity landscape.

Filter by Content Type
Select all
Research
Podcasts
Articles
Case Study
Videos
Filter by Category
Select all
Customer Onboarding
Cybersecurity
Fraud and Risk
Go-to-Market
Growth Strategy
Identity Management
Landscape
Market Intelligence
Transaction Services