Overview
Introduction
MegaMatcher ID product family consists of two products - SDK and the Web Service. This document is designed to overview the MegaMatcher ID Web Service. In order to review the SDK, please refer to other documentation in Neurotechnology website.
MegaMatcher ID Web Service
MegaMatcher ID Web Service enables template extraction, verification and/or liveness detection without installing any additional software to the clients computer. All biometric operation are performed on remote software deployed on customers premises. All operations are performed on an image stream that is passed directly from the client via WebRTC channel.
Currently the product samples promote use cases where the client communicates to the MegaMatcher ID server through web browser, although native applications are possible. For these cases, please refer how to set up Janus/WebRTC connection natively on third party resources.
Overview
MegaMatcher ID Web Service comes as a set of docker containers that are responsible for biometric data management and capturing from the client side.
The product consists of a database where captured biometric data is stored, management service for additional product configuration, biometric extraction service and Janus server that is responsible for retrieving video stream from the client side.
Client communicates with the product through mmid-web-server and mmid-management-web services.
mmid-web-server acts as a 'getting started' application which sources are provided as part of the product. Customer should explore the sources and use that to integrate MegaMatcher ID Web Service to its own product pipeline.
Services
Communication between services.
Web server
Provides a web interface for all remote biometric operations like template creation or verification. This is an entry point for the customer to enroll him to the database or validate its identity. This service comes also as a sample, so the product integrator can integrate the MegaMatcher ID server to its own pipeline.
Management web
Provides a web interface for managing enrolled subjects in the database or reviewing failed enrolls, managing licenses and operation parameters. This is an entry point for the system administrator who wants to change the system settings or manage enrolled users.
MMID Management
This service is the back end logic for managing MegaMatcher ID requests that come through Web or Management web services. The Management service is responsible for orchestrating operation workflow such as registering new operation requests, forwarding them to Janus service, opening or closing connections, and later on saving enrolled subject data to the database or returning the data on separate request.
MMID Janus
This service is responsible for capturing video stream from the client web browser through WebRTC channel. It acts as a middleware between users web camera and the Biostream service.
For more information about Janus server please refer to general Janus documentation.
MMID Biostream server
This service is responsible for decoding client's video stream and processing biometric operations. Biostream server internally uses the Neurotechnology VeriLook algorithm.
MMID Data service
Provides an interface for communicating with the database.
MMID DB
Database where biometric and other enrollment data is saved. Also, it is used for storing settings defined in the management service.
Getting started
After installing and starting the services it is possible to start enrolling or verifying users through the Web server port. The default port is 40005, therefore it can be accessed though the web browser on http://<server_ip>:40005. Note: the 40005 port can be changed during configuration, and if was - please change the link accordingly.
Enabling WebRTC on Chrome
If non localhost ip will be used to access the web server, browser will bring up a message that "WebRTC is not supported". This is due to WebRTC restrictions for untrusted sources. For application development purposes we recommend using the Chrome browser and disabling the restriction on specific ip. For production level application, https configuration should be used with a valid ssl certificate. For this, please see Enable SSL and Development with debug SSL certificate sections.
To disable WebRTC restriction on specific ip on Chrome browser please follow these instructions:
- Go to
chrome://flagsas an url - Search for "Insecure origins treated as secure" setting
- Enable the setting and add you web server link (
http://<server_ip>:40005) to the text box - Save and restart the browser
Web component
After visiting your Web server address, you will be asked to allow the browser to access the camera. You should hit Allow otherwise the application will not work, as it will net get any images from the camera. If successful, you should be able to see your camera feed. You may click Enroll, enter your name and proceed enrolling to the database.
Please refer to web component documentation for more details
Management web component
Management interface can be accessed through 40004 port, therefore the url would be http://<server_ip>:40004. Please note, that Management web port can be changed during the server configuration or installation. The url should be changed accordingly.
The default user credentials are admin as username, and admin as password. After first login you should see Settings menu. Navigate to the Subjects menu to see the user enrolled during the first enroll.
Please refer to Management web component documentation for more details
Advanced configurations
Janus
Janus service configurations are located in /opt/megamatcherid/megamatcherid-server/mmid-janus under janus.jcfg and janus.transport.http.jcfg configuration files.
Janus is configured by default to work in local network and might not work in production environments when access to the server is restricted by a firewall or private ip.
Depending on the configuration, Janus might need to be configured to use STUN server or NAT related settings enabled.
To have Janus working efficiently in public networks janus.jcfg will need to be updated with the following settings:
nat: {
stun_server = "stun.voip.eutelia.it"
stun_port = 3478
# In case you're deploying Janus on a server which is configured with
# a 1:1 NAT (e.g., Amazon EC2), you might want to also specify the public
# address of the machine using the setting below. This will result in
# all host candidates (which normally have a private IP address) to
# be rewritten with the public address provided in the settings. As
# such, use the option with caution and only if you know what you're doing.
# If you'd rather keep the private IP address in place, rather than
# replacing it (and so have both of them as advertised candidates),
# then set the 'keep_private_host' property to true.
# Multiple public IP addresses can be specified as a comma separated list
# if the Janus is deployed in a DMZ between two 1-1 NAT for internal and
# external users.
nat_1_1_mapping = "1.2.3.4"
keep_private_host = true
}
For advanced Janus configuration and full available parameters please refer to janus.jcfg and janus.transport.http.jcfg.
Development
MegaMatcher ID Web Service provides a single view web sample to get familiar with product workflows and user application development located in Samples\MegaMatcherIdWebClientSample.
More documentation on developing applications can be found in Development section.