Identity validation is fundamental to provide security to all the actors involved in a transaction. In the case of remote transactions, it is necessary to have technological mechanisms that are not only secure, but also efficient and easy to use so that they can be properly integrated into the procedures they are intended to complement. Biometric identification technologies have been used for years thanks to their ability to distinguish an individual with a high degree of certainty, and today their relevance is even greater for all types of transactions as they can be operated on cell phones.
Identity validation
The service by which an entity validates its identity to a third party is known as authentication. The importance of this process lies in the fact that it lets the party offering a digital service know whether or not it can authorize access to this service. Services such as e-mail, shopping in a digital store, or virtual banking, all require the user to identify himself and show the credentials that entitle him to make use of that digital identity.
The most used method of authentication is the combination of a username and password. Although this method is well known, users find it cumbersome, mainly because of the number of passwords that must be memorized, and because of the characteristics that these must have to be considered secure. In fact, many users opt for methods that go against security practices such as using basic passwords (the most used password is 123456) [WZW2016], reusing passwords or leaving them written in public places. But what is even worse, when the user sets a password with the right characteristics, he or she often forgets it, generating reprocesses for setting a new password [OKT2019]. Clearly, passwords do not improve the user experience.
Technologies for identity validation by biometrics
Biometrics refers to those characteristics of a person that can be measured, and biometric identification makes use of these characteristics to establish the identity of an individual. Therefore, for the use of biometric identification it is necessary to use those characteristics that are unique to the individual, and that can be adequately measured. Biometric technologies make a trade-off between the ease of taking a biometric measurement and the identification capability they offer. Although biometric identification is not a new topic, since the fingerprint has been used as a biometric element for years, the widespread use of mobile devices has opened the possibility of a more accurate identity matching, allowing massive access to remote services. The following is a brief overview of some of the most widely used biometric technologies.
Iris Recognition
One of the most reliable systems for identity validation is iris recognition since the differences between individuals are considerable. This system can work very quickly, is non-invasive, and under certain conditions usually has a very small error rate. The processing necessary to generate a template associated with the iris requires the elimination of the rest of the eye information in the image, i.e., pupil, eyelids, etc., which means that the acquisition must be done under special conditions and with considerable processing. For this reason, measurements usually require the person to have direct contact with specialized equipment [GD2013]. Some of this equipment can access information in the near infrared, and mechanisms to establish that the person is alive.
Facial Recognition
Facial recognition technologies are widely used mainly because of the ease with which they can be used, because they are non-intrusive, and because their cost of adoption is relatively low (they only require a camera and a processing unit). In fact, these types of technologies are currently embedded in phones, laptops, and there are even models available free of charge for their implementation. However, there are some important challenges, since their performance can suffer according to characteristics such as lighting, image shooting angle, background, the use of accessories on the face, and even in some cases skin color. A major milestone in face recognition technologies was reached in 2014 by DeepFace [TYR2014], which achieved human level performance using multilayer neural networks. However, this type of methods are characterized by needing large databases (Deepface was trained with 4 million faces). An advantage of this type of systems is that they can be implemented on edge systems with commercially available processing capabilities. On the other hand, their training is computationally expensive, and should be performed on high-performance systems. Additionally, mechanisms have been developed to ensure that the image obtained is of a living person, and not a photo or a recording. These tests are known as “liveness face” tests and are considered a fundamental element in face validation.
Voice recognition
Voice recognition technologies seek to establish the relationship between a voice and known databases, without relying on pre-established text. Part of this process has been to model the difference between different speech patterns, which is made difficult by ambient noise conditions (more than one voice, reverberations, etc.), simple voice variations from the same person, or the use of different transmission technologies (PSTN, VoIP, 2G, VoLTE, etc.) which generate changes on the original signal. A necessary element for correct voice recognition is the separation of the target voice from the noise, which may include other voices. An important number of solutions are based on the definition of specific neural network architectures that aim to analyze the most important features of the voice [SGP2016] [SGP2018] considering the limitations mentioned above. This type of solutions are able to allow authentication through cellular networks, fixed telephone network or even through VoIP. It is a non-invasive authentication method, and it is easy to use considering the naturalness with which people use telephones in their daily lives.
Fingerprint recognition
Fingerprint recognition is perhaps the most common method for the identification of people due to its low reproduction cost, which facilitates its application in different scenarios. There are different types of algorithms that seek to identify a fingerprint, especially considering the variations that these may suffer due to an inadequate capture, or even variations that it may suffer over time. Many of these solutions are based on image processing, taking advantage of the fact that they are black and white data, and therefore do not require extensive processing. Some sources claim that by means of image processing it is possible to recover the fingerprint of a high-resolution photo taken with a cell phone. However, due to the need to establish whether it is a “live finger”, specialized hardware is still used to capture it. Therefore, one challenge that has been identified is the generation of technologies to capture the fingerprint. An important advantage of this method is that the fingerprint is a biometric data that is included in many identity documents around the world, allowing it to be matched with robust databases, which is not the case with other biometric data.
Conclusions
The ability to ensure the identity of individuals in a transaction is fundamental to the expansion of digital services, which must consider the specific characteristics of different biometric validation technologies for a successful implementation. Some technologies can identify a person with a high degree of certainty but require sampling under special conditions or using specific hardware, making them unsuitable for mass deployments. The use of devices with high coverage such as smartphones facilitates the capture of biometric data and technologies based on these devices are emerging as the most suitable for mass strategies. It is expected that the adoption of personal devices such as smart watches will enable more accurate data collection in the future and will considerably improve the identity validation process.
Diego Pacheco-Páramo
Translated by: Anasol Monguí
Bibliography
[WZW2016] Targeted Online Password Guessing: An Underestimated Threat. D. Wang, Z. Zhang, P. Wang, J. Yan and X. Huang. CCS ’16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications [OKT2019] The passwordless future report. Okta. June 2019 [GD2013] A Survey on Prominent Iris Recognition Systems. A. M. George; C. A. Deva Durai. 2013 IEEE International Conference on Information Communication and Embedded Systems (ICICES). [SGP2018] Snyder, D., Garcia-Romero, D., Sell, G., Povey, D., Khudanpur, S., 2018b. X-Vectors: Robust DNN Embeddings for Speaker Recognition, in:Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing, ICASSP 2018, IEEE, Alberta, Canada. pp. 5329–5333. [SGP2016] Snyder, D., Ghahremani, P., Povey, D., Garcia-Romero, D., Carmiel, Y., Khudanpur, S., 2016. Deep neural network-based speaker embeddings for end-to-end speaker verification, in: Proceedings of the 2016 IEEE Spoken Language Technology Workshop (SLT), IEEE, San Diego, CA, USA. pp. 165–170. [TYR2014] DeepFace: Closing the Gap to Human-Level Performance in Face Verification. Y. Taigman, M. Yang, M. Ranzato, and L. Wolf. Conference on Computer Vision and Pattern Recognition (CVPR), (2014)