Overview¶

As presentation attack detection and mitigation measures advance, fraudsters are increasingly turning to injection attacks. Digital onboarding and authentication processing that permit use of laptops and desktops are particularly vulnerable. IDLive Doc IAD is the first known product focused explicitly on this type of injection attack detection. The product detects the most threatening attack vectors: virtual cameras, external devices, browser attacks, network attacks.

In certain cases, the Injection Attack Detector may mistakenly reject presentation attacks as injection attacks. This misclassification is considered acceptable as our approach prioritises security by ensuring that all forms of attacks, whether correctly identified or not, are blocked to prevent unauthorised access.

Solution Description¶

This solution consists of two layers:

• Capture SDK: controls the client capture process and makes an object available for your application to call. It further packages metadata with the images it captures and encrypts the entire bundle for transmission. Our capture library generate an encrypted packet composed by environment and photograph metadata which is later sent to IAD server to process.

• IAD Server: knows how to unpack the package from the client to perform injection attack detection. The server exposes an endpoint for processing requests from the IAD Client Libraries. It is distributed as a container image that can be used with Docker, Kubernetes or other popular container runtimes.

Deployment¶

To perform both Injection Attack Detection and Presentation Attack Detection, you must deploy all components: the IDLive Doc server, IAD server, and capture SDK. The following diagram illustrates the deployment architecture:

The flowchart below outlines the process flow: