Active liveness model trained for Identt's eKYC stack

Identt is an identity verification platform that ships eKYC into regulated workflows - banking, fintech, telco, gambling - where a missed spoof is a compliance incident, not a bug ticket. The product flow is the kind that compliance teams want: the user opens their phone, holds up their ID document, then records a short selfie video while performing a sequence of head and eye gestures the server picks for them.

Active liveness - gesture-based - is the right shape for this use case because it's replay-resistant by construction. A photo of the user can't blink. A pre-recorded video of the user blinking can't "look up, then blink, then look right" on the new sequence the server just generated. The protocol is sound; the failure mode is the model. If the gesture recognizer can't reliably tell "head turned left" from "head turned slightly left then back to center" across older devices, dim rooms, and varied facial structures, the fraud team starts paying for it in false rejections - and the customer drops out of the funnel.

The build had to do two things at once. Recognize the five gestures (blink, look left, look right, look up, look down) reliably enough to match the false-reject rate banks expect from a modern eKYC product, and confirm a real human face is producing them - not a static photo, not a screen replay, not a doctored video. All of that, server-side, inside Identt's own infrastructure.

Step 1: Per-gesture recognition trained on real eKYC video.

Five gestures (blink, look left, look right, look up, look down), one classifier head per gesture against video segments captured under the same conditions Identt's real customers shoot in - handheld phones, varied lighting, varied facial structure. The training set leaned hard on real bona-fide captures from Identt's existing flow rather than synthetic webcam footage, because the failure mode in production is the cohort mismatch, not the laboratory case.

Step 2: Sequence verification bound to the server-issued challenge.

On every session the server picks three gestures from the five, in a random order, and issues that as the challenge. The model verifies that the recorded video contains those three gestures in that order. A pre-recorded video of the same user can't satisfy a different sequence; a static photo can't satisfy any sequence with a blink in it. The replay-safety lives in the protocol - the model just has to verify the protocol was followed.

Step 3: Face-presence and replay defenses on top.

Above the gesture classifiers, a real-face check rejects screen replays (texture, reflection, moiré-pattern signals) and the basic photo/recording attacks gesture sequences alone don't cover. The two layers stack: the gesture sequence rules out replay-of-someone-else, and the face-presence layer rules out the static-image and screen-replay tail.

Step 4: Cohort and lighting evaluation as a test gate.

Per-cohort evaluation across age, eyewear, skin tone, and ambient lighting was part of the test harness from day one - not a separate bias audit. The model couldn't ship until per-cohort false-reject rates were inside the target band. False rejects in eKYC don't just look bad; they cost real money in dropped funnels.

Step 5: Server-side, inside Identt's perimeter.

Inference runs server-side inside Identt's own infrastructure - biometric video doesn't leave their environment, the gesture-sequence randomization stays on their server, and the audit trail belongs to them. Their fraud team owns the model artifact, the eval harness, and the threshold knobs.

• Five gesture classifiers (blink, look left, look right, look up, look down) trained on real eKYC video - handheld phones, varied lighting, varied facial structure.
• Sequence verification bound to a server-issued 3-of-5 challenge - replay-safe by construction, since a recording of yesterday's session can't satisfy today's gesture order.
• Layered face-presence and screen-replay defenses on top of the gesture stack - rules out the static-image and screen-replay tail that gesture-recognition alone misses.
• Per-cohort evaluation (age, eyewear, skin tone, lighting) in the test harness as a release gate - false-reject rates kept inside the band Identt's customers needed for a competitive eKYC funnel.
• Server-side deployment inside Identt's infrastructure - biometric video stays in their environment, the audit trail belongs to them, the threshold tuning is theirs to maintain as the cohort mix shifts.

Identt's customers across banking, fintech, telco, and gaming run the same active liveness flow today. The gesture-sequence randomization makes the protocol robust; the model behind it has to keep up across the long tail of cohorts and devices it actually sees. That's the engagement.