The Digital Transformation Agency will include a liveness detection mechanism in its Govpass identity platform to prevent the creation of fraudulent digital identities.
The agency today asked the market for liveness image capture software that can integrate within the federal government identity provider (IdP) component of Govpass.
A series of IdPs will make up the DTA's national federated identity ecosystem, likely including banks and state or territory governments, but there will be only one IdP for the Commonwealth.
IdPs work in conjunction with Govpass' identity exchange, which employs a ‘double-blind’ to ensure identity providers and service providers can verify identity without revealing an individual's credentials to each other.
iTnews revealed last month that the Department of Human Services had been commissioned to build the IdP for the whole-of-government.
Liveness detection is one of the central ways the DTA aims to prevent an individual using another person’s photograph when creating a digital identity.
The solution will need to capture and verify the liveness of an individual “against a source identity document” across mobile, tablet and desktop devices, tender documents state.
It will detect liveness by “captur[ing] multiple face images or video and check for changes/natural motion”, and have suspicious presentation detection (SPD).
This would thwart any attempt to verify identity using a photo, video or “altered biometrics or printed images”.
The solution will use facial tracking to guide users to capture images when conditions such as lighting and background are satisfactory.
It will also be capable of detecting audio, including when “multiple words or digits presented in a random order” are spoken back by an individual.
Minister assisting the Prime Minister for digital transformation Michael Keenan said the solution would “help ensure the person captured is a ‘live’ person and prevent identity fraud through, for example, someone holding up a photo to the camera".
“Digital facial verification will allow these types of services to be made available online, rather than though a government shopfront,” he said.
However, not all services will require face verification; the government trusted digital identity framework sets out four ‘identity proofing’ levels for different levels of assurance.
The DTA is planning to award an initial one-year contract for the work in May this year.
It is the first time the DTA has asked for industry involvement in the digital identity project since ditching its plan to buy a solution and deciding to build much of the platform itself.