Unlocking a smartphone securely with one’s face is a very convenient and highly sought-after feature. However, it is not as secure as fingerprints or long passwords because of the technologies involved in various face ID implementations.
Looking at one’s facial features via a 2D camera lends itself to being fooled by something as simple as a printed photo, and we’ve seen that in the past.
More sophisticated methods using a 3D capture of one’s face defeat the printed photo but can still be tricked by a more sophisticated 3D-printed mask. It’s been valid from day 1. The most sophisticated masks can unlock today’s most expensive phones.
trinamiX GmbH introduces a new paradigm that makes it much harder to bypass. Its system checks that a real, live person is looking at the sensors, and it’s all hidden under a phone’s OLED screen, with no notches involved. Now, it only works with OLED displays, so more affordable screens using IPS LCD won’t be compatible.
The system is so performant that it is already seen by the FIDO Alliance, the Android Biometric Security, and the IIFA (International Internet Finance Authentication Alliance) as the new mobile biometric security “gold standard.”
According to trinamiX, the system comprises an IR camera, a dot projector, and a flood illuminator. Essentially, this trio works two types of facial recognition in parallel: the first detects the face like other systems do today. However, the second sees the presence of (live) human skin.
And that skin detection is what effectively defeats today’s best masks. Even though these 3d-printed masks can be highly accurate from a geometry and color perspective, they have a weak point: their surface does not reflect light like human skin.
This is a blast from the past because one of my former colleagues worked on real-time skin rendering (see the Advanced Techniques for Realistic Real-Time Skin Rendering chapter of the GPU Gems 3 book). That’s when I was first exposed to the fact that human skin is made of multiple layers, some of which are slightly transparent.
Incoming light enters the skin, bounces inside, and some of it is reflected out, giving the typical skin soft appearance we all know. trinamiX’s hardware design detects this exact human skin subsurface reflectance signature.
It does so thanks to its dot projector and by analyzing how the light diffuses around each dot. Every other material will reflect in a completely different way, and that’s 3d-printed masks can’t fool trinamiX’s face authentication. If you wonder, their system is flexible enough to work with face masks and can be tuned for various situations via software (or AI).
Essentially, trinamiX made it much harder for potential hackers to build a 3D mask that could bypass its liveness detection. Someone might create a “mission impossible” type mask that perfectly mimics the human skin reflectance, but that remains to be proven.
Additionally, trinamiX says its design can be built at the same cost envelope as existing ultrasonic fingerprint readers, using different sets of affordable sensors that OEMs can choose from, depending on their vendor preferences.
Finally, this face authentication system has already been demonstrated with Qualcomm’s latest Snapdragon 8 Gen 2 platform, using the Snapdragon Trusted Execution Environment block, which ensures the complete privacy and security of biometric data.
We’ll hopefully see ultra-secure face unlocking in 2023. I sincerely hope we’ll get both face and fingerprint readers hidden under OLED displays because both are incredibly convenient under different circumstances. It looks like Android is going to have the upper hand when it comes to face-unlock security.