Blog

Biometrics
Business
Privacy and Security
Trend
Tutorials
News
Features
Features

How to detect spoofing in facial biometrics with Postman

May 18, 2023

Facial biometrics has become increasingly common as a security measure in authentication systems, replacing traditional passwords and other verification methods. However, this technology is not immune to cyberattacks such as facial biometrics spoofing

Spoofing is a technique used to "trick" biometric authentication systems, including facial biometrics, into applying fake images or videos.

To combat this threat, many security systems are using advanced fraud detection techniques. The Postman tool can be a great ally in protecting against facial biometrics spoofing attacks.

To learn more about the techniques used by cybercriminals and how Postman can be used to detect possible spoofing attacks, read on!

How to avoid spoofing in facial biometrics

Scammers may use a range of spoofing techniques, including:

- Presenting a photo or video of the authorized person's face instead of presenting their own face.

- Using a mask, makeup, or other tools to simulate the authorized person's face.

- Using high-resolution images or high-definition video to fool the system

- Modifying facial features, such as eye or hair color, to look like the authorized person.

In order to prevent spoofing, facial biometric authentication systems should implement additional security measures such as motion detection, blink verification, and other measures that can ensure that the presented face is in fact a real person and not a fake image or video.

To identify these attacks, spoofing detection techniques are used that aim to capture whether the presented image is real or not. There are several approaches to facial biometrics spoofing detection, ranging from simple to more sophisticated techniques.

One of the simplest techniques is image depth analysis. This is due to the fact that in a real face there are three-dimensional features that are not present in a flat image, such as shadows and highlights. By analyzing the depth of the image, it is possible to identify whether the image is flat or three-dimensional, which can indicate whether it is real or fake.

Another commonly used approach is motion analysis. Since the human face is capable of movement, it is possible to identify whether the presented image is static or whether there is movement in the face. For this purpose, face tracking and motion analysis techniques are used to detect whether the presented face is real or a static image.

In addition, other more sophisticated techniques can also be used, such as texture analysis, frequency analysis, and specific facial features analysis. These techniques involve extracting features from the face image and comparing them to features of real faces to identify whether the presented image is real or fake.

How to detect spoofing via Postman

Next, we will learn about and test the spoofing detection functionality of the BioPass ID multi-biometric API package, using Postman as a test platform. Check it out below. 

1. Obtain the biometric API access key via Postman

To perform any operation on the biometric API, you first need to acquire the access key that identifies and gives you permission to the various features of the system. Follow steps 1 and 2 of the article How to register an individual's facial biometrics via Postman.

2. Detect spoofing in facial biometrics

In this step-by-step, I submitted a personal facial biometrics. Please note that all operations involving facial images or fingerprints must meet the recommended standards. These standards are available on the Biometric API documentation page.

2.1 Setting up the authorization header

To perform the request that detects the existence of fraud in a facial biometrics, initially fill in the authorization header. The URL used for this request is https://api.biopassid.com/multibiometrics/v2/liveness and the method is "POST".

Afterwards, select the type for "API Key", fill in the "Key" and "Value" fields respectively with Ocp-Apim-Subscription-Key and the value of the "API key", which is the access key mentioned in topic 1. In addition, you must select the "Header" option in the "Add to" field. As illustrated below, the red markings represent the fields mentioned.

2.2 Configure the body of the request

Next, fill in the parameters for the body of the request. To do this, select the "Body" section, then click "raw" and choose from the drop-down list the JSON format, which stands for "JavaScript Object Notation". This format is often used in data transmission, between a server and a web client, because it is lightweight and easy to read and write.

In the body of the request, the structure contains an object called "Spoof", which represents the scan for fraud in the submitted image. Inside this object we have the "Image" field, which will include the image converted to a base64 string. 

If you want to learn more about base64 and how to do the encoding, follow step 5 of the article How to enroll an individual's facial biometrics with Postman.

Below we have provided the partially completed code. To complete, simply replace the contents of the "Image" field:

{

"Spoof":{

"Image": "{{base64}}"

}

2.3 Checking the Response Status of the Request

As soon as the request is sent, you will immediately receive a response indicating the success or failure of the operation. In case of success, the status "200 OK" will be displayed and the body of the response will contain the fields "success", a boolean field indicating whether the operation was successful or not. 

The "result" field is a string with the result of the operation, which if successful will have the value "Ok". Otherwise it will show an error message. The description of the message and all other possible errors are in the documentation of the BioPass ID biometric API

And finally the "spoof", also a boolean field, which indicates whether the submitted face has a spoof or not.

Check below the structure of a successful response, which shows the perfect analysis process without any fraud detected in the image.

Run the application yourself in Postman

As we have seen in this article, spoofing in facial biometrics is an increasingly common threat and can cause serious consequences for the security of personal data and information. You have learned about the Spoofing technique and how to detect it using a specific operation in a biometrics platform. A crucial feature to prevent possible biometric spoofing and further ensure authentication protection.

See you next time!

Translation: Thalita Ferreira

Vanessa Vieira

Don't miss out on our updates!

Subscribe to BioPass ID's newsletter and stay up-to-date with the world of biometrics and technology.

Thanks! We received your message!
Oops! Algo deu errado no envio do formulário.
Tente novamente em instantes.

See more

Understand how to apply Liveness Detection technology in healthcare

Find out how proof of life is being used to help prevent fraud in the healthcare industry.

Features
Artificial Intelligence in Schools: Benefits for Educational Management

The use of artificial intelligence in schools improves the administrative processes and optimizes the financial management of schools. Learn more about the use of technology in teaching.

Features
Discover how BioPass ID prevents financial fraud

Fraudsters create new financial scams every day. Discover how BioPass ID protects companies and customer data from malicious actions.

Features
APIs for the financial market: how can they help your company?

APIs bring agility and savings to banks and fintechs. Discover other benefits that can also help financial institutions.

Features
3 BioPass ID APIs to Optimize Educational Processes

Biometric APIs can increase the security of educational institutions and improve operational efficiency and the student experience. Find out more.

Features
5 benefits of using a Rest API

Rest APIs are ideal for cloud applications. Find out how to use them in your project.

Features
Liveness Detection: what’s the difference between passive and active?

The liveness detection technology may be used in a passive and active method to identify the proof of life authenticity of an image. Learn what’s the difference between them.

Features
ICAO standard: how to ensure biometric image quality

Quality biometric images meet ICAO standard to optimize identification and identity verification. Check out BioPass ID's solutions.

Features
How to speed up software developments with SDKs

The Face SDK, one of the BioPass ID SDKs, makes it possible to build and configure development platforms or applications quickly.

Features
How to use Postman to evaluate the quality of a facial biometrics

A quick guide on how to use Postman, an API testing tool, to evaluate the quality of facial biometrics.

Features
How to detect spoofing in facial biometrics with Postman

Learn how to use the Postman tool to detect possible spoofing attacks on facial recognition biometric authentication systems.

Features
How to detect and anonymize facial biometrics via Postman

Check out how to detect and anonymize facial biometrics using the Postman platform and the BioPass ID feature set.

Features
support@biopassid.com
Packages
Multibiometrics APIQuality APIABIS APIClassroom APIIn Car AnalyticsFace SDKFingerprint SDKSignature SDK
Resources
CertificationsDemosDev CenterPlansShowcase
Company
AboutSupportContact us
Users
Customer PortalDocumentation
Name
Email
Thanks! We received your message!
Oops! Algo deu errado no envio do formulário.
Tente novamente em instantes.
© Copyright 2020 - 2023, Vsoft. All rights reserved
Terms and servicesPrivacy policyCookie policy