Until recently, smartphone developers have been hard pressed to defend against evermore-sophisticated security threats while keeping the process of gaining access to the device as convenient as possible. This may well change with the release of the newly upgraded TrulySecure biometric embedded software platform from Sensory. The software combines voice and facial biometrics to provide two-factor authentication and offer a viable alternative to passwords. TrulySecure 2.0 powers the company’s AppLock app and is available to developers for inclusion in third-party systems running on Windows, Mac, and Linux devices.
Developers can deploy the software on smartphones, tablets and laptops without deploying any additional hardware, using the smartphone’s microphone to support voice biometrics and its front-facing camera for facial recognition. A developer simply has to integrate the TrulySecure library into an application, using the software’s API.
The latest version of the software includes features that counter shortcomings that have rendered other biometric technologies inadequate for this type of application. “Low light and high noise can pose challenges for face and voice, respectively,” says Dr. Gordon Haupt, senior director of vision technology for Sensory. “Having the option to use one or the other depending on conditions is one of the big benefits of having the two modalities.”
A Double Whammy for Hackers
The flexibility of the dual-modality biometrics takes the form of three operating modes. Users have the option of using facial recognition or voice recognition independently or together.
“When used together, they can be used in our Convenience mode, in which the system looks for either the face or voice to match — this gives the user maximum flexibility and robustness to conditions,” says Haupt. “Alternatively, in our TrulySecure mode, the system requires a match for both face and voice to authenticate the user.”
In the TrulySecure mode, the system uses deeper simultaneous connections between the face and voice to optimize the matching. In the future, Sensory plans to use this capability to ensure liveness — to establish that a picture, video, or audio recording is not being used to gain entry.
One of the things that set TrulySecure 2.0 apart from its competitors is its application of deep learning, which greatly enhances the software’s accuracy. The platform’s designers have used deep learning to create the classifier that determines if a match has been obtained.
The platform’s authentication promises to improve with the passage of time. Sensory contends its use of deep learning has enabled it to reduce the platform’s error rate by 90 percent since the release of 1.0. The key factor in this leap forward has been the data the company has collected from its AppLock mobile application. Essentially, Sensory has leveraged data collected from users of the app to better “train” the system, improving its models and algorithms so that they can better recognize nuances in vision samples, greatly improving the accuracy of the authentication process.
“The model of the user can be updated with new information after authentications, giving the classifier a stronger basis from which to make a decision,” says Haupt. “This is currently done on the face side, and will be coming soon for voice.”
One of the reasons Sensory has been able to bring deep learning to bear in this area has been its success in shrinking the software enough to allow it to run on smartphones and still maintain its accuracy. Other systems typically require server farms to perform the same type of computing. In the case of TrulySecure, the software runs on an application processor on the device, requiring limited memory resources. The company plans to take this advantage to the next level. “We are working on porting TrulySecure to even more constrained environments, leveraging the vision technology available in DSPs and GPUs.”
Local Is Better
Another factor that sets TrulySecure 2.0 apart from other biometric authentication systems is the company’s decision to rely strictly on device resources to store data rather than send data to the cloud. This makes the biometric data more secure. Cloud-based storage of biometrics presents a highly valuable target for hackers. Just as there have been and continue to be large-scale password breaches and other similar hacks, a large database of biometric information would be an irresistible prize. Equally important, keeping the biometric data on the device gives users greater control over it, and they don’t have to cede that power to a large entity.
Relying on local resources also makes the authentication process faster. Avoiding interaction with the cloud simply eliminates a lot of latency.
Room to Grow
TrulySecure 2.0 bases its anti-spoofing defenses on a combination of textural and motion analysis. The textural analysis helps to differentiate between a live video feed, which will have a richer texture, and an image used in a spoof attempt, which has different visual properties as a result of lighting and the substrate (e.g., paper) on which the image is presented. Motion analysis requires a small amount of facial motion to confirm that the face is moving in the way that a live face would move, as opposed to a 2D image.
Sensory plans to continue addressing problems arising from anti-spoofing features, such as false rejections. “We will soon be adding challenge/response options for both face and voice, based on the biometric information already being collected,” says Haupt. “These will require the user to perform a task that is not pre-specified, and hence cannot be pre-recorded for a spoof attack. We are also introducing a deeper fusion-based liveness soon, which will take advantage of the visual information available when the user provides the passphrase.”