Services of all kinds are increasingly being delivered on-line via the internet. Many of these services involve transactions which are either financial or involve personal information. If access to these services is compromised, wrongdoers may steal money or personal information from a consumer of such services, causing harm to the consumer and also to the service provider. Such service providers may include banks, merchants, medical services and Government benefits agencies.
To prevent unauthorized access to these services, service providers typically require the customer to identify themselves using some sort of pseudonym, and to corroborate this with a password.
In recent years, cyber criminals have devised ways to eavesdrop the entry of such credentials and to use them for unauthorized access. A typical means of eavesdropping is to fool the customer into opening a file which secretly installs a keystroke logger and captures the characters typed by the customer when entering their credentials. Another method is to redirect the customer to a rogue site resembling that of the service provider in every respect, inducing the customer to enter their credentials which are thus directly captured by the criminal.
In order to defend against such attacks, service providers have responded by a number of means, including: asking the customer to enter individual characters from their passwords, perhaps using dropdown menus, in order to evade key loggers; and requiring verification from a separate device known to be owned by the customer, such as a key-generating token, a mobile phone, or a password generator enabled by a chip-and-pin card. In addition, service providers are aware that passwords can easily be guessed or compromised, and are demanding the use of more complex passwords.
However consumers have a limited ability or desire to create, manage or remember a proliferation of complex passwords, and many consumers therefore use the same password for most or all of their on-line presences. The result is that if this single password—however complex—is compromised in the context of access to one service provider, then the consumer's entire cyber life is open to the criminal.
The defenses described above all have the effect of creating greater complexity in the user experience, either requiring more data to remember, requiring more steps in the log-on procedure, or the possession, availability and simultaneous use of a second device. Such complexity is known to reduce the customer's proclivity to engage in or complete transactions.
Many consumers are unwilling to use a single identity for all their online transactions, as they believe this makes their cyber life easier for third parties to track in violation of their privacy. They therefore prefer to undertake their activities behind a variety of pseudonyms. When solving the problem of credentials, it is therefore important to allow the consumer to choose their own pseudonym, and to concentrate on the challenge of verification.
Many biometric means have been used to verify personal identity. Many of these solutions, such as fingerprint recognition, require a special hardware sensor device to be present in the user device. This is a barrier to wide take-up. Of all biometric means, there are some which can work by making use of sensors which are already widely available on user devices such as computers, tablets or mobile phones. These are: the visual recognition of some feature of the user; exploiting a camera; and the audio recognition of the user's voice, exploiting a microphone.
Facial recognition has the advantage that, alone amongst biometric recognition methods, it does not require the user to do anything active at all. This makes it a much simpler experience. The use of face recognition as a means to save users the trouble of entering passwords is already established art, and is standard on the latest release of the Android operating system. However these methods—together with other similar biometric means such as fingerprint recognition—are based on the detection and identification of the biometric characteristic by software on the user's device. Thus validation is completed on the user's device. This validation then unlocks the use of a password (stored on the device) for submission to the web site of a remote service provider. Such a method is vulnerable to the compromise of the user's device. If malicious software is introduced onto the user's device, it may intercept the textual password as it sent to the service provider for future criminal reuse. Furthermore, such methods do not work if the service provider's validation process requires a more complex interaction than the simple submission of a password.
The current facial recognition solutions on the Android system have proven vulnerable to spoofing attacks using photographs or video replays. Various attempts to address this have been made by introducing “liveness” tests by making a user perform certain gestures, which reduce the user convenience and hence user acceptance.
There is therefore a need for methods of authenticating an online user's face that are less vulnerable to compromise.