Glossary#

Introduction#

The document describes:

• architecture and components of LUNA PASS;
• LUNA PASS working principle;
• plugins working principle;
• the process of installing, launching and uninstalling the LUNA PASS API;
• dependencies required for LUNA PASS operation.

Overview#

LUNA PASS is a service for checking Liveness using frames of a video stream from a webcam.

LUNA PASS consists of two components:

• client component, LUNA PASS UI;
• software component, LUNA PASS API.

LUNA PASS UI performs:

• capturing video stream of webcam or mobile device camera with two shooting modes (see the integration documentation for details — /docs/jslib/LunaPass.html):
• operator: the operator takes pictures, the resulting image isn't mirrored;
• selfie: the operator does not participate in the shooting process, the resulting image is mirrored;
• sending video stream frames to LUNA PASS API;
• displaying the processing results.

LUNA PASS UI works: works in a web browser on PCs and mobile devices, as well as in WebView[^1] in mobile device applications.

LUNA PASS API performs:

• receiving video stream frames from LUNA PASS UI;
• frame processing;
• face detection;
• face attributes extraction and estimation;
• Liveness check;
• Deepfake score;
• Image modification score;
• sending the results to LUNA PASS UI.

[^1]: Android WebView is a pre-installed system component from Google that allows Android apps to display web content.

System requirements#

LUNA PASS is delivered in Docker containers and can use both CPU and GPU processors.

Docker container LUNA PASS images are required for installation. An Internet connection is required to download the Docker images to the server. You can also download images to any other device and transfer to the server. Authorization to the VisionLabs Docker registry is required to download Docker images.

LUNA PASS can be deployed using the Docker Compose script.

Running LUNA PASS has been tested on the following versions of the above software:

• Docker: 25.0.3
• Docker Compose: 2.24.6

It is not guaranteed to work with other versions of the above software.

Using the plugin mechanism requires developing scripts that take into account the syntax and functionality provided by Python 3.11.

It is considered that installation is performed on the server with Almalinux 8 OS, where LUNA PASS was not installed.

Processors requirements#

The configuration below guarantees software package minimum power operating. System requirements for the production system are calculated based on the intended system load.

The hardware specifications below are based on servicing up to 10 client sessions simultaneously.

CPU#

The following minimum system requirements should be met for the LUNA PASS software package installation:

• Intel(R) Xeon(R) CPU E5-2640 v4 @ 2.40 Hz (8 virtual cores);
• AVX2 instruction set support;
• 64-bit processor;
• DDR4 RAM, 16 GB or higher;
• Free storage size must be 10 Gb or higher.

GPU#

For GPU acceleration an NVIDIA GPU is required. The following architectures are supported:

• Pascal and newer;
• Compute Capability 6.1 or higher is required.

SSD 100GB of free hard disk space. 8GB of VRAM or more recommended.

CUDA version 11.4 must be installed where Remote SDK and Lambda (optional) service is deployed. The recommended NVIDIA driver is r470.

Service architecture#

The Service architecture is shown in the diagram (Figure 1), a description of the architecture components is presented below (Table 1).

Table 1. Components of the LUNA PASS architecture

The first frame is processed in five stages (Table 2).

Table 2. Frame processing stages

LUNA PASS API forms a JWT packet with the bestshot, on successful passing of Liveness. The network communication scheme is shown below (Figure 2).

LPProto Protocol#

LPProto is a transport layer protocol developed by VisionLabs to restrict information transmitted using WebSocket. The principle of operation is transmission of consecutive frames with messages.

Frame is a fragment of protocol data, which must be specified strictly according to the template. The definition applies only to this section, in the rest of the document the frame is a part of the video stream. The first line of each frame specifies its command within the protocol.

Connection settings that are transmitted as part of the CONNECT command:

• heartbeat:1000
• session-id:623e1bbc-24f9-4d84-907f-8000978ec2a1

The session ID is passed in the session-id header when the connection is initialized.

LPProto protocol format#

A schematic representation of the protocol format is shown below (Figure 3).

The message consists of three lines:

• First line – message type or command (Table 3);
• The second line – section with any number of headers;
• The third line – message body, separated by an empty line.

Table 3. Supported message types

JWT package#

JSON Web Token (JWT) – A JSON object that allows signed text information to be transmitted.

JThe WT consists of 3 parts, separated by dots—header.payload.signature. The sections use Base64 encoding:

1． Title: Header

Description: JWT Type Information.

Example of decoded Base64:

The following attributes are used during LUNA PASS operation: { "alg": "HS256", "typ": "JWT" }. The "algorithm" attribute is configured in lunapassapi in JWT configuration parameters.

2． Title: Payload

Description: A message body containing information on the recognized attributes.

See /docs/jslib/LunaPass.js.html for a detailed description.

Example decoded Base64:

{
    "errors": [],
    "bestshot": "***",
    "estimations": {
    "faceCount": 1,
    "ags": null,
    "imageQuality": {
       "blur": 0.9192548394203186,
       "isBlurred": false,
       "light": 0.7044228315353394,
       "isHighlighted": false,
       "darkness": 0.7675179243087769,
       "isDark": false,
       "illumination": 0.2165278196334839,
       "isIlluminated": false,
       "specularity": 0.5341013669967651,
       "isSpecular": false
    },
    "faceFramePosition": {
      "faceRect": {
        "x": 135,
        "y": 167,
        "width": 243,
        "height": 336
      },
      "frameRect": {
        "x": 0,
        "y": 0,
        "width": 480,
        "height": 640
      },
      "margins": [
        167,
        102,
        137,
        135
      ]
    },
    "headPose": {
      "yaw": 6.0508646965026855,
      "roll": 0.8311771750450134,
      "pitch": 3.0268990993499756
    },
    "eyes": {
      "left": "open",
      "right": "open",
      "state": "open"
    },
    "mouth": {
      "opened": 0.013608532957732677,
      "smile": 0.0012621879577636719,
      "occluded": 0.0009340881952084601,
      "state": "opened"
    },
    "eyeglasses": "no_glasses",
    "deepfake": {
      "score": 0.9797163605690002,
      "state": "real"
    },
    "liveness": {
      "score": 0.9812202453613281
    }
  },
  "isOk": true,
  "iat": 1747917134,
  "jti": "d52158fa-e154-4203-9bc0-b6045b7a1a1f"
}

3． Title: Signature

Description: Unique message signature.

Interaction of LUNA PASS components#

The interaction of the LUNA PASS components is presented in the diagram (Figure 4), a description of the component interaction is given below (Table 4).

Table 4. Description of the process of interaction LUNA PASS components during frame processing and Liveness estimation

LUNA PASS UI#

User panel#

User opens LUNA PASS UI page in a web browser to pass the checks. The LUNA PASS UI requests access to the webcam. If the user allows access, the screen shows a stream from the camera (Figure 5).

Here the user can:

• change the video stream mode by clicking the (1). There are two modes:
• operator: the operator takes pictures, the resulting image isn't mirrored;
• selfie: the operator does not participate in the shooting process, the resulting image is mirrored;
• zoom in with and (2) to meet size requirements for face image;
• select the source of the video stream (3);
• start the check by clicking on the button (4).

If the user fails the checks, for example because they are sitting too far away from the camera or their head tilt angle is too above, the web browser shows tips on how to change the position relative to the webcam to pass the check.

Administrator panel#

The administrator manages user interface settings via the admin panel (Figure 6).

From the panel home page, the administrator can:

• manage user interface configs (1). Click on "UI configs" to go to details — viewing the list of configs, creating and editing configs;
• manage authentication and authorization settings (2). Click on "AUTHENTICATION AND AUTHORIZATION" to go to details:
• creating other panel users with access to specified parts of the admin panel;
• creating user groups with access to specified parts of the admin panel. For example, you can create another administrator with the right to manage user interface settings;
• view the history of actions in the interface in the "Recent actions" block (3). Click on an action from the list to return to it;
• view the result of applying config on the page for passing checks by clicking “VIEW SITE” (4);
• change password of the administrator account by clicking “CHANGE PASSWORD” (5);
• log out of the account by clicking "LOG OUT" (6);
• change the theme to dark or light mode by clicking on or (7).

UI configs#

Viewing configs#

To view the list of configs created in the admin panel (Figure 7), click on “UI configs” on the home page.

These actions the administrator is able to do on the page with the list of configs:

• edit a config by clicking on its name;
• add a new config by clicking "Add UI config" (1);
• delete selected configs, for this:
• tick the checkboxes for configs to delete or tick the checkbox next to “UI CONFIG” above the list of configs to select all ones (2);
• select "Delete selected ui configs" in the "Action" field;
• click the "Go" button;
• confirm the deletion by clicking “Yes, I’m sure”, or cancel by clicking “No, take me back” in the opened page with a description of the objects to be deleted.

Creating config#

To create a new config of user interface, click the "Add" button in the "UI configs" section on the home page. You can also create a new config from the page with a list of configs by clicking "Add UI config" .

In the opened page (Figure 8), set:

• name of the config, "Name" field;
• address where the user is redirected after passing check, "Redirect url" field;
• width and height of the camera image, in px, "Image width" and "Image height" fields;
• width and height of the camera stream image, in px, “Video width” and “Video height” fields;
• shooting mode in "Mode" field:
• operator: the operator takes pictures, the resulting image isn't mirrored;
• selfie: the operator does not participate in the shooting process, the resulting image is mirrored;
• description of errors that are showed when the user fails the checks, as well as description of tips on how to change the position of the face relative to the webcam in order to pass the checks, "Error messages" field;
• message that is shown when the user successfully passes the checks, "Success message" field;
• name of the button to start checking, which is shown in the user panel, “Button start message” field;
• tooltip for changing the video stream mode in the user panel, “Mode tooltip” field;
• message that is shown to the user if it was not possible to connect to the camera, the “Camera is not attached message” field;
• colors of buttons, backgrounds, messages of the user panel, the “Styles” field for html code;

Editing config#

To start editing config, open the list of configs, then select the one that you want to edit by clicking on its name. Edit the fields and save the changes. See the "Creating config" section for the description of the fields.

Applying config#

The system supports creating and using multiple configs of user interface. LUNA PASS UI always operates with a single UI configuration per session. The required configuration is specified when opening LUNA PASS UI via a URL parameter.

Link format:

https://{host}:{port}/?cn={config_name}

Where:

• https://{host}:{port}—the base address of the LUNA PASS UI;
• config_name—the name of the UI configuration specified when it was created in the administrator panel.

Thus, an unlimited number of UI configurations can be created, each accessible via its own dedicated link.

LUNA PASS API#

The general principle of operation of LUNA PASS API is as follows:

• a frame comes to the input;
• LUNA Remote SDK estimates and checks the frame;
• plugins are executed sequentially if they are enabled:
• FaceMatcher plugin;
• VirtualCameraChecker plugin;
• ActiveLiveness plugin;
• the aggregated value of Liveness, Deepfake, Image modification score as well as mouth, eye status and glasses type estimations are calculated;
• the result of the plugin and check work is analyzed.

By default, all plugins are enabled.

Frame estimation process#

The frame estimation process is the sequential execution of checks. A description of the checks is presented below (Table 5).

Table 5. Checks for frame estimation process

If a frame does not pass any of the checks, then the next frame is analyzed. The user sees the corresponding prompts on the page with LUNA PASS UI.

Enable and configure plugins via the Luna Configurator service: http://{host}:5070/dashboard/settings.html—server address, port 5070, /dashboard/settings.html.

FaceMatcher plugin#

The plugin allows you to terminate the session if several main faces are detected on two frames within one session. Set the previous_face_similarity parameter = 0.85.

Description of the general working principle of the FaceMatcher plugin:

If the first frame arrives, Facematcher remembers photo of face. If the second frame arrives, Facematcher compares photo of face from the received frame with the photo of the face from the previous frame:

• if faces on the photos from the two frames are different, then no further checks are carried out;

• if faces on the photos from the two frames are the same, then the frame is sent for further checks.

VirtualCameraChecker plugin#

The plugin allows you to detect when a user is using a virtual camera instead of a real device camera. Virtual camera detection data is recorded to the logs.

ActiveLiveness plugin#

The plugin allows you to confirm vitality by several frames in which the user interacts with the Service: blinks, turns his head left and right along the Y axis, tilts his head up and down along the X axis. The description of the general working principle of the plugin is presented below (Table 6).

Table 6. Description of the general principle of operation of the ActiveLiveness plugin

ActiveLiveness checks#

Blinking

The check begins when both eyes are open, or one eye is open and the accept_one_eye_open parameter is enabled. To pass the check, the two frames must then arrive: with eyes closed and again with open ones, or, if the accept_one_eye_open parameter is enabled, a frame with one eye closed and a frame with one open.

Head turn

To start checking, the head turn angle must be less than the value of yaw_start_deg. Next, the two frames must arrive: with a turn angle value greater than yaw_threshold_deg and with a turn angle value less than yaw_start_deg.

Head tilt

To start checking, the head tilt angle must be less than the value of pitch_start_deg. Next, the two frames must arrive: with a tilt angle value greater than pitch_threshold_deg and with a tilt angle value less than pitch_start_deg.

For more information about the values of the turn and tilt angles, see configuration parameters of the ActiveLiveness plugin

LUNA PASS VIDEO#

LUNA PASS VIDEO allows you to create a video file based on the received set of frames and process it on the client side for further work with the file (saving, transfer, etc.).

LUNA PASS VIDEO performs splicing together a video file from a webcam or mobile app camera in a single session using the codec set in the settings.

The number of frames (N) from which the gluing should be performed is regulated in LUNA PASS configuration parameter frames_limit:

• in case when less than N frames are received during the session, LUNA PASS performs gluing from the available number of frames;

• in case if more than N frames are received during the session, LUNA PASS performs gluing from the last N frames from the end of the session.

Video file gluing from frames is performed for all sessions independently of the result of estimations performed in LUNA PASS API or expiration of the number of attempts to pass certain checks. Set the logic for processing received videos in the example-docker/lunapassvideo.task.py file.

The name of the file directly depends on the parameter args.workerTask, which is set in the configuration of LUNA PASS API.

In case of reconnection at WebSocket session break, LUNA PASS VIDEO forms one common video file for one session ID and saves it to the storage.

Service setup#

Specify the connection settings to redis in the LUNAPASS_REDIS_DB_ADDRESS block in the Luna Configurator service, for example:

{
"host": "10.16.30.110",
"port": 6379,
"user": "default",
"password": "lunapass",
"sentinel": {
"master_name": "trustgate_provider",
"sentinels": [],
"user": "",
"password": ""
},
"number": 0
}

Configure LUNA PASS VIDEO according to the parameters shown in Table 8.

Table 8. LUNA PASS VIDEO configuration parameters

Replace the default redis://127.0.0.1 address with the address of the host where it runs, otherwise pages associated with these addresses will not appear in the interface.

Table 9. Estimation of video encoding types (codecs)

Licensing#

The LUNA PASS service requires a LUNA PLATFORM 5 license. The set of licenses depends on the functionality provided (Table 10):

For detailed licensing information, see the LP5 documentation.

Installing LUNA PASS#

The LUNA PASS service requires LUNA PLATFORM 5 (LP5) minimum version 5.126.0.

Do not install LUNA PASS on a server where LP5 is already running for other tasks. To ensure stable operation, deploy the systems on separate servers.

Installing LUNA PLATFORM 5#

1. Preparing for installation

Follow the steps from the docker compose deployment documentation according to the LP5 version you received. For this, select the required documentation version on the site.

Steps for deploying LP5:

1． Unpack the distribution 2． Create a symbolic link 3． Configure SELinux and Firewall (if required) 4． Activate the license 5． Install Docker and Docker Compose 6． Log in to the registry

2. Run

1． Go to the directory with the Docker Compose script:

cd /var/lib/luna/current/example-docker

2． Run the script:

./start_platform.sh --pass

To use the GPU in the Remote SDK service, add the --gpu flag. GPU parameters, such as the device number, are configured in the docker-compose.gpu.yml file.

This script:

• Starts the PostgreSQL database and the Redis database
• Prepares the environment for Luna Configurator and loads the settings
• Starts the services:
• Luna Configurator
• Luna Licenses
• Luna Remote SDK

Important: An example for deployment is provided. For industrial use, please contact a VisionLabs employee.

Preparing and unpacking the distribution#

The distribution package is an archive of the form "luna_pass_2.2.3".

Before the installation process, place the distribution files in a directory on the server. For example, in the /root directory. There should be no other distribution files in this directory other than the target files used to install the final product.

Perform the following steps.

1． Switch to root superuser mode:

sudo su

2． Create a directory to unzip the distribution:

mkdir -p /var/lib/luna-pass

3． Move the distribution to the directory you created:

mv /root/luna_pass_2.2.3 /var/lib/luna-pass

4． Install the unzip archiver if it is not installed:

yum install unzip

5． Change to the distribution directory:

cd /var/lib/luna-pass

6． Unzip the files:

unzip luna_pass_2.2.3.zip

7． Create a symbolic link. The link indicates that it is the current version of the distribution that is used for launching:

ln -s luna_pass_2.2.3 current

If the /var/lib/luna-pass/current link is missing, the startup scripts will not be able to locate the binary files of the current release, and further installation will not be possible.

Before starting, update the settings in the configurator:

docker run --rm --entrypoint='' --network=host dockerhub.visionlabs.ru/lunapass/lunapass-configs:v3.2.3 python3 -m configs.migrate head --config_db_url postgres://luna:luna@127.0.0.1:5432/luna_configurator

127.0.0.1 is the configurator host. Specify your address if the configurator is located on another one.

Quick Start#

After you unpack the distribution and configure the license, run LUNA PASS with the command:

./start_selfsigned.sh {host}:{port}

Specify the host and port on which you plan to open the interface.

Script start_selfsigned.sh:

• generates a self-signed certificate for nginx and places it in the desired directory (see point 3 of the "Running jslib examples" section);
• generates the directories necessary for operation (./LOGS, ./videos) and sets the necessary permissions for them;
• starts services at the following addresses:
• https://{host}:{port}—lunapassui;
• https://{host}:{port}/admin—lunapassui admin panel. Default login/password—admin/admin;
• http://{host}:8321—lunapassapi;
• http://{host}:8320—filebrowser interface, where you can view, for example, saved videos and session frames. Default login/password—admin/adminl;
• http://{host}:5070/dashboard/settings.html — Luna Configurator service, stores all service configurations;
• https://{host}:{port}/statistics — service operation statistics: information on the number of completed sessions, the composition of failed checks, time metrics.

Starting LUNA PASS in container mode#

Enter the current data and settings into the files before running in docker. The data to enter see the section "Service Configuration".

1． Change to the Docker directory:

cd /var/lib/luna-pass/current/example-docker  

2． Create configuration files for the services to be used (for example, from the example files in each service) to be mounted in docker. To start the service, enter the command:

docker-compose up -d

3． Check the status of all running Docker containers.

docker-compose ps

Service configuration#

Configure Selinux and Firewall so that they do not block the service.

The service is configured via the Luna Configurator service. The Luna Configurator service requires Postgresql to be installed.

1． Launch Luna Configurator: http://{host}:5070/dashboard/settings.html—server address, port 5070, /dashboard/settings.html

2． Specify lunapass as a group to display the desired settings (Figure 9):

3． Perform the settings according to the description (Tables 11-19 and Figures 10-20)

Configuring the service in Luna Configurator#

Table 11. Selecting the operating mode and configuring the JWT packet

Table 12. Session parameters

Table 13. Parameters for the ROI face recognition zone

Table 14. Face estimation thresholds

Table 15. ActiveLiveness parameters

Table 16. VirtualCameraChecker, FileLogger, VideoRedis parameters

Table 17. LUNA PASS_VIDEO parameters

Table 18. LUNAPASS_REDIS_DB_ADDRESS parameters

Table 19. LUNAPASS_VIDEO_LOGGER parameters

Table 20. LUNAPASS_VIDEO_HTTP_SETTINGS parameters

Table 21. LUNA_REMOTE_SDK_ADDRESS parameters

Running services with different configurations#

Tagged configurations allow you to run multiple instances of the same service, each using different settings from Luna Configurator. There are two ways to apply tagged configurations:

• by passing arguments directly to the service startup command;
• by using the EXTEND_CMD environment variable.

1. Passing arguments to the startup command

1． Duplicate an existing configuration or create a new one and assign a tag. For example, you can duplicate the lunapass_video configuration and assign it the tag lunapass_video_tagname.

2． Pass the corresponding arguments to the run.py command of the container:

--luna-config — flag specifying the address of the Luna Configurator service
--<configuration_name> — flag specifying the configuration name and its tag

For example, to start a container with the lunapass_video configuration tagged lunapass_video_tagname, the command would look like this:

docker run \
...
dockerhub.visionlabs.ru/luna/lunapass_video:v.3.2.2
python3 /srv/lunapass_video/run.py --luna-config http://{host}:{port} --lunapass_video lunapass_video_tagname

2. Using the EXTEND_CMD environment variable

The EXTEND_CMD environment variable can be used to specify tagged configuration arguments. For example, launching two instances of LUNAPASS_API with different tags may look like this:

services: 
  api: 
    container_name: lunapass-api
    image: registry.dev.vlabs/lunapass-api:PASS-49_configurator-tags
    restart: always
    network_mode: ${NETWORK_MODE}
    environment: 
      - EXTEND_CMD=--LUNAPASS_API=tagname --LUNAPASS_API_LOGGER=tagname2
      - RELOAD_CONFIG=1
      - RELOAD_CONFIG_INTERVAL=10
      - CONFIGURATOR_HOST=${CONFIGURATOR_HOST}
      - CONFIGURATOR_PORT=${CONFIGURATOR_PORT}
      - PORT=${LUNAPASSAPI_PORT}

Variable descriptions:

• CONFIGURATOR_HOST and CONFIGURATOR_PORT — address and port of the Luna Configurator service;
• LUNAPASSAPI_PORT — port on which the LUNA PASS API runs;
• NETWORK_MODE — container network mode.

Running jslib examples#

This section describes how to configure jslib to display frame processing results.

1． Launch LUNA PASS in container mode.

2． Make sure NGNIX is installed.

3． Make sure that SSL certificates are used or generated, for example:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/certs/servername.key -out /etc/nginx/certs/servername.crt

4． Create an nginx configuration to display static example files. To do this:

4．1. Login via SSH to the server;

4．2. Go to the directory with configuration files:

cd /etc/nginx/conf.d/

4．3 Create a configuration for luna-pass:

nano luna-pass.conf

Example content:

upstream lunapassapi {
    server 10.16.30.144:8321;
}

server {
    listen 443 ssl;

    ssl_certificate /root/10.16.30.144.crt;
    ssl_certificate_key /root/10.16.30.144.key;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "RC4:HIGH:!aNULL:!MD5:!kEDH";
    add_header Strict-Transport-Security 'max-age=604800';

    root /var/lib/luna/luna_pass_2.2.3/jslib/examples;
    index index.html;

    location /ws {
        error_log /var/lib/luna/logs/error.log;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_pass http://lunapassapi;
    }

    location/{
        try_files $uri $uri/ /index.html =404;
        add_header Cache-Control "no-store, no-cache, must-revalidate";
    }
}

4．4. Save and check the syntax of nginx configs:

[root@nginx-test conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

4．5. Restart nginx

systemctl restart nginx

5． Check the operation of jslib on the page with examples of luna-pass https://<server_ip>.

Removing LUNA PASS#

Uninstallation is performed by terminating and deleting running Docker containers:

1． Switch to root superuser mode:

sudo su

2． Remove the containers:

docker-compose down

Appendix#

Example of NGINX configuration setup:

server {
     listen               443 ssl;
     server_name          luna-pass.frontend.vlabs;

     # SSL settings
     #ssl_certificate ....

     # Path to luna-pass jslib
     root /var/lib/luna-pass/current/jslib/examples;

     # Static settings
     location/{
         try_files $uri $uri/ /index.html =404;
         add_header Cache-Control "no-store, no-cache, must-revalidate";
     }

     # Websocket connection with the backend
     location /ws {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_http_version 1.1;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $http_host;
         proxy_pass http://127.0.0.1:8321;
     }
}