Today’s best online authentication systems use multi-factor authentication – a way of verifying a person’s identity by using –
- something you know (e.g. a pin or password)
- something you have (e.g. a keyfob)
- something you are (biometric authentication)
Something you are
The ‘something you are’ factor provides a very accurate and reliable user authentication method by identifying the individual from a unique physiological or behavioural characteristic, e.g. fingerprint, voice, face, lip movement, keystroke analysis. These biometric techniques are accurate, easy to use and difficult to compromise.
Amongst the various biometric techniques, Facial Recognition (FR) has gained greatly in popularity, especially for authentication on mobile devices. The increasing popularity of ‘selfies’ show that users are very comfortable with this form of interaction.
However, FR is particularly susceptible to ‘spoofing’ – formally defined as ‘the presenting of an artificial replication of a piece of biometric data to the biometric system in order to try and gain access.’ FR systems can be ‘spoofed’ by high resolution images of the subject held up to the camera. Better FR systems look for movement in the subject. However these too can be ‘spoofed’ by a decent headshot video of the subject downloaded, for example, from a social media account.
It is critical that FR systems can detect the presence of a ‘live’ user (aka Liveness Detection), as opposed to a static image or video of the subject.
Various liveness detection solutions exist today for FR. These can be categorised into:
- Hardware-based – the use of specialized sensors that measure for facial thermograms, specific reflection properties of the eye etc.
- Software-based – present a challenge to the user and analyse response to ascertain liveness e.g. asking subject to blink/smile.
Hardware-based solutions are generally very expensive and typically found in higher-end FR systems used, for example, in airport security. For mobile-based FR authentication, software-based liveness checking solutions are commonly deployed.
A good software-based solution should be easy to use and provide strong liveness detection – getting the correct balance between security and convenience is seen as critical. Some options, such as asking the user to blink or smile, are very easy to use. But they can be easily spoofed if video of the subject blinking or smiling can be obtained. Other options require the user to move their mobile device in a random pattern whilst keeping their head at all times within an on-screen oval. Such solutions are difficult to use.
Liopa has developed LipSecure. It’s a software-based liveness checker that leverages our AI-based lipreading technology to deliver an easy-to-use, yet highly robust, anti-spoofing solution. Working alongside a partner’s FR technology, LipSecure prompts the user to speak/mime a random sequence of digits appearing on screen. The response is analysed for accuracy and a decision made on whether the user is a live person. LipSecure is available to trial today – get in touch to find out more.