Fingerprint scanning is now a familiar and even mainstream concept among consumers today, thanks largely to the mobile biometrics revolution, which has seen the fingerprint sensor emerge as a standard feature on smartphones over the past several years. That trend is generally thought to have been catalyzed by Apple, which made fingerprint authentication a flagship feature of its industry-leading iPhone in 2013, prompting rivals throughout the price spectrum to emulate its approach.
Now, a very similar story is unfolding with respect to facial recognition. Apple pivoted to this modality with its iPhone X in late 2017, and subsequently abandoned fingerprint recognition completely in all of its following iPhone models. Many of its rivals are following suit, and face-based authentication is becoming normalized in the mainstream, even as facial recognition-based surveillance becomes an increasingly hot-button issue.
But with facial recognition technology having been around longer than the selfie, why is this modality suddenly such a big deal in the mobile sector? Part of the reason lies in the technological sophistication of Apple’s solution – and its ability to counter security threats.
The Fight Against Spoofing
Even in the mobile sector, selfie-based authentication has been around for a long time. As far back as 2014, Google was offering support for mobile facial recognition on its Android operating system, allowing users to unlock their devices without the need to enter a PIN or password. And the following year, biometric authentication specialists like BioID launched their own solutions supporting facial recognition in order to let other organizations take advantage of this technology on mobile.
But an important part of the reason that these face-based authentication systems never quite caught mainstream traction is the high risk of presentation attacks, or ‘spoofing’. If a facial recognition system is designed simply to match a 2D facial image to a biometric profile, in theory all it takes to fool the system is a printout of a picture of the authorized user’s face. And this was demonstrated to rather embarrassing effect by OnePlus last year. It was one of many mobile companies seeking to follow in Apple’s footsteps with its own facial recognition system, but it only succeeding in acquiring some bad press after a video surfaced showing that the facial recognition system could be fooled not only by a photo of the registered users, but one in black-and-white at that.
A New Dimension
This is where Apple’s unique approach to facial recognition is so important. The biggest difference between Apple’s Face ID and something like OnePlus’s system is the addition of a third dimension. Face ID users infrared lasers to project a grid onto the user’s face that can then be used to establish a three-dimensional map. This third dimension automatically rules out the possibility of spoofing with a 2D printout.
Now, Apple’s biggest rivals are following suit. Google pivoted to 3D facial recognition with its latest flagship smartphone, the Pixel 4, making ‘Face Unlock’ one of its flagship features; and Samsung has just delivered a software update for its Galaxy S10 5G smartphone designed to leverage its Time-of-Flight sensors to enable 3D facial recognition.
This kind of specialized 3D sensing technology isn’t the only way to fend off spoofing attempts, however. As far back as 2015, Microsoft launched Windows Hello, a biometric security platform built into the Windows 10 operating system that also deserves some credit for pioneering sophisticated facial recognition among mainstream consumers. And Windows Hello’s support for facial recognition was contingent on the use of infrared cameras, which deliver a stronger defense against spoofing attempts since infrared wavelengths don’t come through in photos. Infrared cameras aren’t commonplace on a wide range of computers or smartphones, but they’re much more widespread than the kind of ToF and VCSEL technologies used to power Google’s and Apple’s 3D imaging solutions.
Then there’s FaceTec, whose renowned ZoOm selfie authentication system applies AI algorithms to brief snippets of 2D video in order to generate 3D face maps. This novel approach allows for highly sophisticated anti-spoofing defences on devices equipped only with standard 2D cameras. And given that even Apple’s Face ID system has fallen victim to spoofing attacks, it helps to further illustrate that 3D sensor hardware isn’t the ultimate defence against presentation attacks.
Beyond Consumer Tech
These developments in the consumer-facing space bode well for the continuing rise of facial recognition in the enterprise and government sectors. A growing portion of the mainstream population is getting comfortable with face-based authentication; and while mobile- and PC-focused tech companies are delivering technological innovations on the consumer side, industry leaders in other areas are refining their solutions to make sure they keep pace. Paravision, for example, recently demonstrated its prowess by taking the top spot on the National Institute of Standards and Technology’s Face Recognition Vendor Test leaderboard, while StoneLock has delivered a high-throughput access control solution that can scan faces across a wide range of lighting conditions. All of this is helping to ensure that face authentication technologies are effective, secure, and increasingly familiar to the end users taking advantage of them.
November 14, 2019 – by Alex Perala