NIST approval explained

profile picture Matt Prendergast 3 min read
Man working at laptop in office setting

Many companies in the identity space talk of NIST certification. What does this mean for you as a user of identity services and what does it mean for your customers?

 

Who is NIST?

NIST is the National Institute of Standards and Technology (NIST), a non-regulatory agency of the United States Department of Commerce. NIST’s remit is to create and certify measures, standards and technology to enhance trade and productivity. Formed in 1901, their remit is to provide standards and certification for businesses. At first this included clocks and thermometers, all kinds of ‘weights and measures’.  But over time the agency has grown to include tech, such as election technology and, of interest to us, cybersecurity.

 

What is NIST compliance?

Broadly, NIST certification means the product in question meets defined standards. Liveness is an anti-spoofing process that checks to ensure we are dealing with a real person. Not someone who is, for example, wearing a mask or using a photo or image of someone else. We use it across our suite of solutions including identity verification, digital ID and age verification

 

What does NIST certified liveness mean?

NIST provides a framework for testing performance levels of liveness. 

NIST Level 1 involves testing using things that could be found in a normal home or office. Materials used for testing should not cost more than $30. Masks are excluded. To pass NIST Level 1, you must detect every attack and limit false negatives to less than 15%. 

NIST Level 2. Involves testing against more specialist attacks, such as latex facemasks or 3D printers. Materials used for testing should not cost more than $300.To pass NIST Level 2, you must detect 99% of attacks and limit false negatives to less than 15%.

Once a liveness service has passed testing, they will be issued with a Presentation Attack Detection (PAD) Confirmation letter that provides results and methodology used and what product was tested. 

To learn more about our liveness products, please do get in touch.

Related stories

Why testing data is as important as training data for machine learning models

When developing machine learning systems for facial age estimation, the conversation often centres on the training data: how much you have, how diverse it is, how inclusive it is, and how well it represents your end users.  Not to mention, where the data comes from.  Intuitively, that focus makes sense. More data presumably leads to better models. But test data is just as important, and in some ways, even more critical for ensuring models perform effectively. Training data: more isn’t always better Common sense would suggest that for a machine learning model “the more data, the better.” And that’s

4 min read

Yoti MyFace liveness white paper

Learn how Yoti’s liveness solution can help you defeat spoof attacks Liveness is an essential part of any verification or authentication process. It gives you reassurance that you are dealing with a real human. Read our latest white paper on liveness to learn how Yoti’s MyFace liveness solution can help defeat presentation attacks including: Paper image Mask  Screen image Video imagery Deep fake video Injection attacks Bot attacks   Key takeaways from the report Yoti’s MyFace solution is NIST Level 2 approved with 100% attack detection. Why liveness is important for verification and authentication. The difference between active and

2 min read
Woman scanning face with the iBeta ISO 30107-3 compliant MyFace software by Yoti

Yoti achieves iBeta NIST Level 2 for proprietary passive liveness technology, MyFace

MyFace has been awarded iBeta NIST Level 2 with 100% attack detection rate Yoti’s passive liveness technology can be used to strengthen age checks, prevent account takeover and protect against identity fraud MyFace white paper outlines performance and bias 2nd March 2023, London, UK – Digital identity company Yoti has announced its proprietary passive liveness technology, MyFace, is now compliant with iBeta ISO PAD Level 2. The technology achieved a 100% attack detection rate. MyFace verifies that a user is a real person, and not a presentation attack such as a printed or digital photo, video or mask –

5 min read