the new face of identity

​The difference between biometric authentication and identification

Biometric authentication stores a person’s characteristics in a database or in a secure portable element such as a smart card or in a secure chip inside your mobile phone. This digital file could be a photo of a face, a voice recording or fingerprint image. It is then compared to the person’s live biometric data. If there’s a match, the person’s identity is verified.

Biometric identification determines the identity of an individual. Here, the live biometric data is compared with the data of many (possibly thousands of) other people. The system then confirms the correct match.

Of all the biometric options, facial recognition has attracted the most excitement – mainly because of recent advances in the technology.

Early systems struggled in low-light conditions.

Spoofers could trick them with photographs and videos. Now, that has changed. Today’s systems use technology such as 3D mapping to achieve live biometric authentication and deliver compelling levels of accuracy.

Because of this, smartphone and tablet makers now use facial identification as the default ‘unlock’ method for their devices and services. Indeed, Counterpoint Research expects more than a billion smartphones, with facial recognition will ship in 2020.

Facial recognition has applications beyond authentication.

Organizations can use it for surveillance or analyze consumers’ emotions in store.

.

As a result, a host of diverse use cases has emerged. They include:

  • Access control (airports, borders)
  • Device authentication (phones, PCs, connected cars)
  • Self-service check-in (leisure sector, hotels)
  • Customer or visitor ID (bank branches, casinos, private companies, stadia)
  • Photo tagging (social media)
  • Assessing sentiment (advertising, customer service)

 

Facial recognition and identity

Facial recognition has traditionally been associated with the security sector.

However, facial recognition is now expanding across many other industries.

For example, it is an emerging technology for the future of mass transportation, with potential uses for safety in urban environments, according to a report by Visa and Stanford School of Engineering.

All of which is fueling a market that will be worth $5.38 billion by 2020, according to Technavio.

Why secure and reliable authentication matters... and how facial recognition can provide it

In a world of digital services, issues of identity and authentication pose a problem.

How can people trust each other when they are not physically present?

Traditional paper-based forms of identity – passport, driver’s license, ID card – are not the answer. These documents were designed to be checked in physical settings by human agents on bespoke machines. And although they have been updated with contactless technology, checking paper documents can be time-consuming.

Meanwhile, many types of authentication are flawed, especially passwords.

With the average person needing to keep track of multiple passwords, many of which may need updating regularly, the password has become impractical as well as insecure.

Criminals can ‘phish’ people out of their passwords. Or they can use ‘brute force’ software to try millions of word combinations every second. The problem is that a widespread, universal (and convenient) form of digital identity doesn’t currently exist.

Something more robust is needed. Many experts believe facial recognition has the answer::

  • It’s non-intrusive as there is no physical interaction required by the user.
  • It’s relatively easy to deploy and implement
  • Technology costs – cameras, processing – are falling.
  • Mass adoption by smartphone makers has made it familiar to users.
  • Its results are accurate and fast.

 

There’s also a sense that facial recognition is best suited for future work and leisure patterns.

“The face is the most flexible biometric authentication modality,” says Alan Goode, CEO and Chief Analyst of Goode Intelligence. “It can be used in different contexts and settings. There’s no need for sensors. And this fits with current megatrends. Take ride-sharing. If we move into a future of autonomous driving and shared ownership, we will need new and seamless ways to identify ourselves. Facial recognition seems to provide the best answer to this.

Facial recognition could be key for citizens of many nations too.

According to the World Bank, there are more than 1.1 billion individuals without official proof of identity. This is a significant challenge. Without an officially sanctioned identity, it can be difficult for people to access finance, healthcare, social protection and even work.
 

The face is the most flexible biometric authentication modality. It can be used in different contexts and settings. There’s no need for sensors.

 

But in a broader level, it’s just more convenient to have a single digital identity.

Frederic Trojani, chairman of the Security Identity Alliance, says: “Today, it seems we need a new identity every time we sign up for a new service. What we need is a sovereign digital identity – given to us at birth by our government – which is interoperable across all consumer, enterprise and government domains. This will provide a secure way to authenticate us with any entity that needs to know who we are, before offering benefits or services.”

 

The difference between identity and authentication

It’s tempting to use the words identity and authentication interchangeably. This is wrong, and it’s essential to understand the differences.

Identity: A set of credentials that comprises ‘you’. This could be your name and address. This could be a token or alias (an email address or phone number). Sometimes, this is even a physical ‘thing’ (an ATM card). Your identity must be unique and say to a third party ‘this is me’.

Authentication: What we do when a third party asks: ‘How can you prove it?’. In the case of an ATM card, the card is the ID and authenticator is the PIN. In the case of border control, the person’s ID is their name and passport. The authentication is carried out by the agent who looks at a person’s face and certifies the likeness.

A person’s identity is unique, but it is no secret. Authentication keys must be either secret (PINs, passwords) or hard to copy.

With biometric authentication, the authenticator is not secret, but it is challenging to mimic.

In the case of facial recognition, a system must be able to distinguish between a genuine subject and a faker using a photo, mask or video clip. So the ability of the authentication method to deter these attacks determines how strong it is.

More resources

thumbnail_facial_recognition_2021

Thales Statement Paper Facial Recognition (Oct 2021)

Thales addresses the main concerns around facial recognition, and highlights our vision for the ethical, socially accountable use of the technology.

Facial Recognition Statement Paper

Get in touch with us

For more information regarding our services and solutions contact one of our sales representatives. We have agents worldwide that are available to help with your digital security needs. Fill out our contact form and one of our representatives will be in touch to discuss how we can assist you.

Please note we do not sell any products nor offer support directly to end users. If you have questions regarding one of our products provided by e.g. your bank or government, then please contact them for advice first.