Unlocking a device with your face is both convenient and secure, but security can always be improved. An engineer at Brigham Young University (BYU) has figured out how to add security without losing convenience, simply by adding facial gestures into the mix.
Face unlocking relies on your face being analyzed and a unique code created that identifies you. However, it isn’t perfect and a face unlock can still work sometimes when a user is asleep, or even by using photographs. As BYU reports (via Engadget) BYU computer and electrical engineering professor D.J. Lee overcame these security shortcomings by developing Concurrent Two-Factor Identity Verification (C2FIV).
“The biggest problem we are trying to solve is to make sure the identity verification process is intentional,” explained Lee. “If someone is unconscious, you can still use their finger to unlock a phone and get access to their device or you can scan their retina. You see this a lot in the movies — think of Ethan Hunt in Mission Impossible even using masks to replicate someone else’s face.”
Instead of just analyzing facial features, C2FIV also requires a two-second video be recorded of a person performing a “unique facial action or a lip movement from reading a secret phrase.” Both facial recognition and the facial gesture can then be used as a form of idenitifcation when unlocking a device.
C2FIV relies on a neural network which can read the facial data and decide if it matches the recorded data. In testing, Lee recorded over 8,000 facial gesture video clips from 50 people. The identity verification worked with 90% accuracy, and that was using gestures ranging from blinking, dropping a jaw, smiling, and raising eyebrows, to completely random facial actions.
90% accuracy is very good, but Lee believes it will get significantly higher as the system trains on a much larger dataset. The other good news is, the verification system doesn’t require a server to function. It can run locally on a device, making it ideal for use on a smartphone, tablet, or laptop where users don’t want their biometric data shared in the cloud.
For now, a patent has been filed and Lee continues to develop the system. Eventually, our devices could be protected with a wink, a smile, or the mouth movements of a unique phrase.
