1. Field
The described embodiments relate to techniques for authenticating an individual. In particular, the described embodiments relate to techniques for authenticating an individual using facial images and/or sensor data from sensors in an electronic device to prevent spoofing attempts.
2. Related Art
Portable electronic devices, such as smartphones and tablets, are increasingly popular computing platforms. Moreover, the ubiquity and enhanced functionality of portable electronic devices has resulted is an ever-increasing suite of applications for use with portable electronic devices, including mobile-payment applications. Consequently, securing valuable information on portable electronic devices is increasingly important.
A variety of security techniques are used on portable electronic devices, including authentication. During an authentication process, whether an individual is who they say they are is confirmed. For example, a user can be authenticated using a credential, such as a username/password or a passcode.
In principle, biometric authentication offers advantages over credential-based authentication. In particular, biometric authentication is considered to be more secure, because it is based on ‘who the user is’ and biometric information is typically difficult to forge or spoof. In contrast, credential-based authentication relies on ‘what the user knows,’ which can be lost or stolen and is more likely to result in identity theft. In addition, biometric authentication is usually much easier to use. For example, users do not need to remember a list of passwords for various websites and applications. While a portable electronic device or a browser can remember the username and password for users, this often introduces additional security threats, such as allowing other to access user accounts if a user leaves their portable electronic device unattended. Because of these advantages, biometric authentication (e.g., via fingerprint sensors) are widely used on portable electronic devices.
While the availability of high-resolution front-facing cameras in many portable electronic devices can allow facial recognition based on high quality images of a user's face to be used for biometric authentication in portable electronic devices, in practice this has not happened yet. This is because there is often a tradeoff between security and ease of use. In particular, simple 2-dimensional (2D) facial recognition can be easily fooled by a photograph of a user (which is sometimes referred to as a ‘photo attack’ or a ‘print attack’), which is not difficult to obtain in social networks.
A more sophisticated facial-recognition technique requires the user to blink their eyes during the authentication, but can still be circumvented by photo editing or by playing a clip of video, which is sometimes referred to as a ‘video attack.’ (Note that photo attacks and video attacks are together referred to as ‘2D media attacks.’) In another more sophisticated facial-recognition technique, a 3D facial recognition technique requires users to turn their heads towards four directions according to a sequence of arrows shown on a screen. In this way, an authentication program is able to differentiate a real 3D face from a flat photo. However, the entire authentication process takes approximately 30 seconds, which is too long and compromises ease of use (which is one of the important advantages of biometric authentication).
Furthermore, the availability of virtual cameras has also limited the use of facial recognition. A virtual camera is a type of software that adds a layer between a real physical camera and an operating system. This type of software adds dynamic effects to the images from the physical camera, making the video look more beautiful and live chat more interesting. However, virtual cameras have now become sufficiently powerful that they can not only modify the face, hair and backgrounds, but also stream a pre-recorded video, making the operating system believe it is captured by the physical camera in real time. Consequently, in spite of their original purpose, virtual camera software can seriously threaten the security of facial recognition-based authentication.