An Introduction Into Biometric Authentication

At 20face we believe that biometric authentication and especially facial recognition can make our lives a lot safer, easier and more convenient. Walking into your office with your briefcase in one hand and a hot coffee in the other hand, without any explicit action needed from you  to open the entrance gate. No hassle with keys, drops, or access cards and as a bonus less plastic waste. Entrance gates automatically opening for authorized employees while retaining those that are not allowed to get in. No security breaches by people swapping access cards and proper registration of who is in where.

We believe that facial recognition can add value to every company in many different ways. However we want to stress to keep in mind that facial recognition, as well as any other form of biometric authentication, involves sensitive personal data. That is why, at 20face, we build a privacy proof biometrics data management system, that allows every individual to be the owner and director of their own biometric data. In our mobile application a selfie is translated into a list of numbers, which are encrypted and stored in a personalized vault. From within the app, the users can now make their own lives safer and more convenient by allowing access to those instances by which they do want to be recognized and blocking those by which they do not.

While we specialize in facial recognition, there are many other types of biometric authentication methods that may be used for authentication purposes. These methods largely differ based on the parameter used for matching and identification which makes them suitable for different types of applications, systems and use cases. Let us dig deeper to find out how different categories of biometric authentication method, the matching logic and technology involved and suitable applications for each.

Behavioural and Physiological Authentication

Biometric authentication methods are usually classified based on whether a physiological or behavioural aspect about people is used for identification. Behavioural authentication relies on attributes or micro-habits which cannot be seen or touched but rather observed, noticed and perceived. Examples are voice recognition and engagement or navigation patterns. Recognizing and identifying unique aspects of a person’s behaviour requires systems with superior intelligence that have been trained over a period of time to study, understand and analyse these aspects. The drawback of these kinds of authentication methods is that it takes time to register in a particular system and create a personal and unique profile.

Physiological authentication on the other hand are very quick and accurate as they rely on unique features. More specifically physiological authentication relies on physical human attributes which are tangible and visible to the naked eye. They match details of physical attributes like shape, size, geometry, colour etc. They can only be used when the authentication is done in-person, that is when the person is physically present at the place where authentication is required. The process usually involves two steps.

Enrolment: This is the initial step when a person registers for a service which requires biometric authentication. In this step the detailed biometric data related to the physiological factor is extracted, processed and stored as a template to be used in the future.

Matching: This happens every time the person needs to be authenticated. In this a live template is extracted, processed and matched against the stored template. Below we will go over the most commonly used physiological authentication methods and discuss some of the drawbacks and benefits.

Fingerprint Scan: Probably the eldest biometric authentication method, relies on the unique pattern formed by raised areas called ridges, branches and bifurcations that are present on the top of every human finger. Finger print authentication can be commonly seen at immigration counters, office attendance systems, and on smart phones and laptops for access management. Finger print authentication is being incorporated into smart cards offering extra security. Today, we see more and more fingerprint based systems being replaced by authentication based on facial recognition.

Face Recognition: Face recognition can be commonly seen on smart phones today replacing passcodes and fingerprint to login to the phone. Face recognition creates a geometrical map of the persons facial vectors and uses it for authenticating the person. Face recognition is preferred because it provides a considerably seamless experience for both the organization implementing it as well as the users being authenticated. Consider a finger print scan where a person is required to pause and hold a specific finger in a particular way on the scanner while ensuring both the scanner surface and the finger are clean. In comparison face recognition does not require any contact with the scanner. As long as a person’s face is captured by the camera, the face recognition software can do its job. Depending on the goal for implementing facial authentication, ranging from high security to high convenience, a person has to stop in front of the camera for a few seconds in a controlled setting or can just walk by does not even have glance at the camera. At 20face we adjust our facial recognition software according to the context and the desired goal of the client.

Iris and retina scan: These are commonly used in combination with for example facial recognition in the very high security domain. The iris is the ring-shaped region around the pupil of our eyes. This region is multi-coloured with the colours forming an unique pattern. A high-resolution digital camera is used to capture the image of the iris at a close distance both at the enrolment and matching phases. Similar to the iris, the retina is also a part of the eyes. The blood vessels in the retina form a unique pattern that is used for authentication. Iris and retina scans are sometimes used at immigration counters as well as in government buildings for access to specific facilities. While these methods allow for high security protocol, enrolment and matching are both timely and less convenient for the user compared to facial recognition.

At 20face we build facial recognition systems for biometric authentication as we believe that it makes the lives of both employees and employers easier. We are privacy by design and always take the sensitivity of biometric data into account when integrating our facial recognition software at a client. If this article got you interested in facial recognition, and if you want to know how 20face facial recognition can optimize several of your business processes, please feel free to request a demo via our website and we will see each other soon.

Written by: David Smith (The smart card institute) & Berno Bucker, PhD (20face)

Related articles