IAD (Injection Attack Detection)
This API, in the face capture and evaluation context, allows the detection of:
- Attack vectors: virtual cameras, external devices, browser attacks, network attacks.
- Attack content: 3D rendering, face morphing, face swap, cheap fake, deep fake.
This API requires client-side integration of the IAD capture libraries. The IAD capture library (included in Selphi™) controls the capture process on the client and makes the IAD bundle (encrypted bundle of metadata and images).
The API knows how to unpack the IAD bundle from the client to perform both injection attack detection and presentation attack detection.
Supported operations are:
- Injection Attack Detection: injection and presentation attack detection.
Injection Attack Detection
Request:
curl --location '{IDENTITY_API_BASE_URL}/iad' \
--header 'x-api-key: {API_KEY}' \
--header 'Content-Type: application/octet-stream' \
--data 'IAD_BUNDLE'
Request parameters:
| Field | Required | Description |
|---|---|---|
| IAD_BUNDLE | Yes | Encrypted bundle of metadata and images. Bundle should be sent as an application/octet-stream request. |
Sample successful response:
200 OK
Content-Type: application/json
{
"attack": true
}
| Field | Description |
|---|---|
| attack | Boolean value indicating whether an attack has been detected. true: attack has been detected, false: no attack has been detected. |
Unsuccessful sample response:
400 Bad Request
Content-Type: application/json
{
"status": 400,
"title": "Bad Request",
"detail": "Invalid request.",
"type": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400",
"errors": [
"FACE_ANGLE_TOO_LARGE: Facial out-of-plane rotation angle is extremely large"
]
}
| HTTP code | Message | Error code | Description |
|---|---|---|---|
| 400 | Face not found | FACE_NOT_FOUND | No faces have been detected in the image. |
| 400 | Face is cropped | FACE_CROPPED | Face is only partially inside the image. |
| 400 | Face is occluded | FACE_IS_OCCLUDED | Face is beeing partially hidden behind an object. |
| 400 | Too many faces detected | TOO_MANY_FACES | More than one face is visible in the image. |
| 400 | Facial out-of-plane rotation angle is extremely large | FACE_ANGLE_TOO_LARGE | Angle of the face corresponding to camera view point is to large. |
| 400 | Absolute face size is too small | FACE_TOO_SMALL | Face pixel density is too small, it should be closer to the camera view point or image should be higher resolution. |
| 400 | Relative face size is too small | FACE_TOO_SMALL | Face is too small, it should be closer to the camera view point, so it occupies a higher portion of the image. |
| 400 | Face is too close to one or more borders | FACE_CLOSE_TO_BORDER | Face is to close to the limit of the camera's view point, it should be centered correponding with camera view. |
| 400 | Failed to parse file | UNKNOWN | File is not a correct encrypted blob payload or is corrupted. |
| 400 | Failed to read a meta data | UNKNOWN | Encrypted blob data is not generated with the correct format. |
| 400 | Failed to decrypt message | UNKNOWN | Wrong public-private key pair is set on server and capture library. |
Client side integration
To generate the encrypted blob payload, you need to use Selphi Antispoof Widget version and capture de "onExtractionFinished" event. The event will return an object with the results of the face extraction process. One of the properties of this object is "encryptedLivenessRaw", which contains the encrypted blob payload.
Now we are ready to send the encrypted blob payload to your server using a POST request. You can use any HTTP client library that you prefer, such as Axios or Fetch.
Your server must receive this payload and send it to Identity Api IAD enpoint. Identity Api will return the results in JSON object indicating if passes the validations.
const onExtractionFinished = (extractionResult) => {
fetch(YOUR_BACKEND_URL, {
method: 'POST',
headers: {
'Content-Type': 'application/octet-stream',
},
body: extractionResult.detail.encryptedLivenessRaw
}).then(response => {
return response.json();
}).then(result => {
console.log('RESULT FROM SERVICE', result);
}).catch(e => {
console.error(e);
});
}