19 September 2019
We are pleased to make our HTML5 V2 Beta client publicly available on GitHub here.
Many of our partners and customers have been building web journeys for desktop, tablet and mobile. These sit alongside native applications as a major channel for user interactions.
Yet securing user identity in HTML5 is incredibly difficult. The browser platform is inherently less secure than native applications. Not only can you not trust the presented object in front of the camera, but you cannot trust the camera pipeline itself. Virtual webcams are available for free. Anyone can inject fake video directly into a browser, which has no way to detect the source of the imagery feed.
iProov addresses this problem by fundamentally distrusting the imagery pipeline. iProov operates under the assumption that every authentication claim could be a fake video that has been injected directly into the browser. Our FlashMark technology creates a “one time biometric” for every transaction which cannot be replayed or generated in real-time. We’ve summarised our thoughts on dealing with both PAD and “RAD” – Replay Attack Detection – here.
However, in solving this critical security challenge, we must address a new set of technical challenges. iProov work at the innovative edge of browser capabilities, often making use of browser features which have only been released in the last 12 months. Since we launched our HTML5 v1 client we have been diligently and vigorously testing in varied environments to improve: user experience, operating boundary,, ease of integration and platform and device compatibility
The new version of HTML5 has been completely rewritten with an improved architecture for greater extensibility. Key features include:
HTML5 V1 is not currently being deprecated, and we will continue to support existing commercial implementations of V1 . While V2 remains in Beta while we deploy further features, we recommend partners to integrate V2 Beta for any current or upcoming implementations ahead of its stable release.