Unissey upgrades biometric IAD certification from CLR Labs to High Level

Biometric injection attack detection (IAD) technology for web environments from Unissey has received High-Level certification against the CEN/TS 18099 standard from CLR Labs. The certification confirms Unissey’s liveness’ effectiveness across all devices, browsers and operating systems, according to a LinkedIn announcement, the first of its kind, the company says.

Web browser environments are uniquely challenging for injection attack detection, Unissey CPO Faouzy Soilihi told Biometric Update in an email. Native mobile apps can leverage deep OS-level APIs and have tighter runtime control, while web applications run in a sandboxed environment with limited access to device sensors and system data, making it harder to verify the integrity of the feed.

High-level IAD certification is important, because along with passing an equivalent compliance assessment for biometric presentation attack detection (PAD), it is required for Extended Level of Identity Proofing (LoIP). And Extended LoIP is required for fully functioning EU Digital Identity Wallets to qualify as Qualified Trust Service Providers (QTSPs) under eIDAS 2.0, based on the ETSI 119 461 standard.

The web ecosystem of devices, browsers and various operating systems with different versions is “extremely fragmented,” according to Soilihi, as each element has its own security behaviors and constraints. Along with introducing complexity, this “widens the potential attack surface.”

Financial services are under attack from deepfakes delivered with injection attacks, but Unissey also sees high threat levels among government eID programs and providers of trust services.

A large proportion of digital onboarding takes place in web environments, including mobile browsers and web views inside native mobile apps, Soilihi says. This provides a consistent user experience and can reduce costs for organizations compared to building and maintaining separate iOS and Android applications.

“Achieving High-Level certification under CEN/TS 18099 is more than a milestone — it’s proof of the robustness and technological leadership of our liveness detection solutions,” says Unissey Founder and CEO Yassine Mountacif on LinkedIn.

The CLR Cert program was launched by CLR Labs last October to test compliance with standards in biometrics, cybersecurity and digital identity. Unissey achieved the first certification for IAD under CEN/TS 18099 from CLR Cert shortly after.

Article Topics

biometric liveness detection  |  biometrics  |  CEN/TS 18099  |  certification  |  CLR Labs  |  ETSI TS 119 461  |  IAD certification  |  injection attacks  |  Unissey