BixeLab testing activity highlights expansion of biometric assurance

As digital identity systems evolve, biometric testing labs are increasingly becoming central to trust, compliance and interoperability.

BixeLab’s recent activity reflects the continued evolution of biometric assurance, where established methods like PAD now sit alongside newer areas such as injection attack detection (IAD), deepfake resilience and operational facial verification.

Recent evaluations conducted by the lab covered ISO/IEC 30107-3 compliant PAD Level 3, emerging IAD methodologies aligned with CEN/TS 18099, and airport-based facial verification testing against ISO/IEC 19795 standards.

PAD Level 3 test throws 100 attacks at TruID

BixeLab conducted Level 3 PAD testing on the latest version of Verichains TrueID’s SDK using bona fide presentations and multiple presentation attack instrument (PAI) species in accordance with ISO/IEC 30107-3 requirements. BixeLab conducted 100 Level C presentation attack transactions across four PAI species, and 40 bona fide presentation transactions across 8 test subjects.

The evaluation confirms that the TrueID SDK – v3.1.1 – “was tested in compliance with the applicable ISO/IEC 30107-3 specifications to a level 3 sophistication for presentation attack detection testing and reporting.”

IAD evaluation ‘in close alignment’ with emerging standard

The IAD test covered Advance.AI’s Liveness Detection SDK iOS v8.5.7 and Android v4.1.5. Unlike PAD, injection attack detection still lacks a mature standards and accreditation ecosystem. Per BixeLab’s notice, the National Voluntary Laboratory Accreditation Program (NVLAP) does not currently accredit Injection Attack Detection (IAD) to CEN/TS 18099; as such, the evaluation was “conducted in close alignment with CEN/TS 18099, but it does not constitute an NVLAP-accredited outcome.”

Injection attack methods (IAMs) and injection attack instruments (IAIs) were deployed across

Android and iOS environments to assess the system’s resilience under controlled test conditions. The lab used virtual-sensor injection, device emulation, rooted-device execution with root-state masking, and function hooking to confirm root-masking concealment.

The evaluation included a range of synthetic and manipulated media, including morphed images, deepfakes, reenactment videos and 3D avatar content.

The evaluation concludes that “within the scope of executed testing, no successful sensor-level injection bypass was observed.”

Cognitec airport facial verification evaluated

The third evaluation, conducted for Cognitec, is a Biometric Performance Evaluation of the company’s FaceVACS algorithm version B16, aligned to applicable specifications of ISO/IEC 19795-2 and ISO/IEC 19795-6.

Conducted at Brisbane International Airport in late 2025 to early 2026, it covered two workflows: “1:1 face verification between kiosk-captured images and passport-derived reference imagery,” and “1:N face identification between bagdrop probe images and an enrolled gallery of 7,712 references derived from the same passenger journey.”

The evaluation concludes that Cognitec’s algorithm “was evaluated using operational data in alignment with the applicable specifications of ISO/IEC 19795-2 and ISO/IEC 19795-6.”

Article Topics

Advance.AI  |  biometric testing  |  biometrics  |  BixeLab  |  Cognitec  |  digital identity  |  injection attack detection  |  presentation attack detection  |  Verichains