home / Android / Voice biometrics. Biometric voice identification of a person using a password voice phrase in conditions of increased noise kalashnikov dmitry mikhailovich. Created software that clones a human voice
06.11.2021

Voice biometrics. Biometric voice identification of a person using a password voice phrase in conditions of increased noise kalashnikov dmitry mikhailovich. Created software that clones a human voice

Hello everyone.
Recently I wrote this one about continuous speech recognition, and now I would like to write about voice biometrics, i.e. confirmation of a person's identity by voice and recognition of a person by voice.

Again, because my work is connected with contact centers (CC), then I will talk about them. This is also due to the fact that now it is they who are actively interested in voice biometrics, which is not surprising, since the telephone line is the ideal application.
- you do not see the subscriber on the other end of the line;
- you cannot use other modalities to verify your identity: by face, by retina, by fingerprint.
- no additional scanning devices are needed, such as those where you need to put your finger or someone to show your eye to.
- This is the cheapest way of biometrics, although it is slightly inferior in reliability to other methods. But since other modalities are technically not applicable by telephone in mass use, there is actually no choice.
Of course, you can argue about the “knowledge-based” option for confirming the subscriber's identity - these are passwords, secret words, TPIN codes (banks), passport data, etc. - but all this is not reliable from a security point of view and requires memorizing information from the subscriber or always keeping information at hand, which is not very convenient for the subscriber and not effective (costly) for the CC.

To begin with, let's define the concepts of what is included in the concept of voice biometrics:
- It identification, i.e. identification of a person by voice. This is when an old friend calls you from an unknown number and says: "Guess who is this?" and you are trying in your head among all the known (familiar) voices to find the best match. When the memory scan is over and you have found a more or less suitable match, then you can already say: "Yeah, this is my classmate Serega with whom I have not spoken for 10 years." But you have no guarantee that it is him, and then the time comes for verification.
- Verification- This is a confirmation of identity by voice, i.e. unambiguous proof of identity. To do this, we can ask to prove that Seryoga is exactly who he claims to be. We can ask him: "Tell me where we were at 6 in the morning at the prom" - this information will allow us to confirm the identity of Serega, tk. only he can be the carrier of this information (similar to the password I wrote about above).

If you want a smarter definition, then:
Identification- Checks the coincidence of one sample of a voice with many from the base of voices. As a result of identification, the system shows a list of persons with similar votes in percentage terms. 100% match means that the sample of the voice completely matches the voice from the database and the identity has been established reliably.
Verification- Compares two voice samples: the voice of the person whose identity must be verified with the voice that is stored in the system's database and whose identity has already been reliably established. As a result of verification, the system shows the degree of coincidence of one vote with another in percentage terms.
There is also such a thing as authentication... It is difficult to say unequivocally how it differs from verification. Some of our employees have the opinion that this is some kind of confirmation of a biological (!) Identity, when it is difficult to separate the identification process from verification, i.e. it is a generalized process.

What kind of verification is there?

- Text independent
When the identity is confirmed by the spontaneous speech of the subscriber, i.e. we don't care what the person says. This is the longest confirmation method - the subscriber's clear speech should accumulate at least 6-8 seconds. Usually, this method is used directly during the communication of the subscriber with the operator of the CC, when the latter needs to make sure that the subscriber is exactly who he claims to be. The most interesting thing is that this verification method can be used secretly from the subscriber himself. At the workplace of the operator of the CC, such a working tool is visible.

Fig 1. Part of the interface of the operator's workplace for the verification of the client.

- Text dependent on static passphrase
When identity is confirmed by a passphrase that the subscriber invented at the time of registration. The length of the passphrase must be at least 3 seconds. We usually suggest saying your full name and company name. The passphrase is always the same.
- Text dependent on dynamic passphrase
When identity is verified using a passphrase that the system itself offers at the time of the call for verification, i.e. the passphrase is different every time! We usually offer a dynamic passphrase from a sequence of numbers. The subscriber repeats the numbers after the system until it makes an unambiguous decision “friend / foe”. It can be a single number like "32" or a whole set of "32 58 64 25". It is interesting that pronouncing different numbers gives a different amount of information for comparison: the most "useful" number is "eight" - it most of all contains useful speech information, the most useless is "two".

Step 1.
In order for us to carry out verification by voice, we need to already have a voice sample (voice cast) in our database, the owner of which is reliably known. Therefore, the first step is the accumulation of a database with casts of votes, for this we ask subscribers (clients) to go through the registration process in the system.
Registration in the subscriber's system means that he voluntarily leaves his voice cast, which we will then use for verification. Usually we ask you to leave 3 voice casts in a row, so that there would be variability - say your password three times. Then, when the verification is successful, we will replace the oldest voice cast with a new one, so the casts are constantly updated if the subscriber uses the system frequently. This is how we solve the problem of voice aging.
If we use dynamic passphrase verification, then we ask the subscriber to say the numbers from 0 to 9 three times. As a result, we will have 30 voice samples.

It is desirable that the client leave his voice cast (register) through the communication channel through which it will then be verified, otherwise the probability of errors increases. There are cases when they are registered using a headset in Skype, and then verified by a home phone - here the factor of the communication channel will play a big role in the reliability of the service. When building a service, you can take into account that communication channels can be different - this is worked out and tested separately for a specific case, and the influence of a communication channel can be neutralized almost completely. But without thinking about it right away and implementing it at once, there will be difficulties.

It is important that the client independently and consciously go through the registration (he knows why it is needed and how it will help him later), because then only a loyal subscriber who needs a result and who accepts the "rules of the game" can pass verification.
If the client is forced to undergo verification to the place and out of place, then he can subconsciously change his voice, fool around (not being friendly to the service) - this will lead to errors and the client's loyalty will fall, although he himself will be indirectly to blame for this.

How is the registration of a subscriber in the system going? (static passphrase)

Fig 2. Scheme of registration of a person in the biometric system.

1. The subscriber calls the biometric system, which invites him to come up with and say a passphrase. Pronounce 3 times.
2. The voice is processed by the biometrics server and at the output we get 3 voice models. One for each password spoken.
3.On the server, we start a client card (Yuri Gagarin) to which we attach the received 3 voice models.

What is a voice model?
- these are the unique characteristics of a person's voice reflected in a matrix of numbers, i.e. this is a 18KB file (for static pf). It's like a fingerprint. It is these voice models that we then compare. In total, the voice model captures 74 (!) Different voice parameters.

How do you get voice models?
We use 4 independent methods:
- analysis of pitch statistics;
- method of mixture of Gaussian distributions and SVM;
- spectral-formant;
- the method of complete variability.
I will not undertake to describe them in detail here - it is difficult even for me and is definitely not included in the course "for dummies". We teach all this at our RIS department at ITMO (St. Petersburg).

Step 2.
This is the verification itself. That is, we have a subscriber on the other end of the line who claims to be Yuri Gagarin. And in our database, accordingly, there is a customer card of Yuri Gagarin, where casts of his voice are stored, therefore, all we need to do is compare the voice of a person who claims to be Yuri Gagarin with the voice of the real Yuri Gagarin.

How is a subscriber verified in the system? (static passphrase)

Fig 3. Scheme of human verification in the biometric system.

1. First, we proceed as when registering, i.e. we have a password pronounced by the client, which we send to the biometrics server and build a model of the voice "supposedly" by Yuri Gagarin.
2. Then we take 3 voice models of the real Yuri Gagarin, make an averaged model in a clever way and also send it to the biometrics server.
3.Just compare 2 different models. As a result, we get the percentage of correspondence of one model to another.
4. Next, we need to do something with this number (92% in the figure). Is it a lot or a little, can we say unequivocally that this is Yuri Gagarin or is it a deceiver?

Fig 4. Threshold of “friend / foe” trust.

In the system, we have such a parameter as the "trust threshold" - this is a certain percentage of compliance. Let's say we set it ourselves at 60%. Thus, if the percentage of compliance with the “allegedly” Yuri Gagarin's voice model does not reach the “threshold of trust,” then a cheater called us. If it is more than the "threshold of trust", then the real Yuri Gagarin called us. We can set the “trust threshold” ourselves, usually it is from 50 to 70%, depending on the verification task.

Here I would need to tell you about errors of the first (FR) and second kind (FA), as well as the generalized error (EER), but I will not do this - this will greatly complicate and increase the text. If interested, then I will try to persuade anyone from the scientific department to describe this popularly and will post it here separately.

I will simply say that depending on the task of verification, it is more useful for us to miss “our own” than not to miss “someone else's”. And vice versa, sometimes it is more important not to miss the “stranger” than to miss the “friend”.
I am sure that from the first time no one understood these 2 sentences, and you had to carefully read them again in order to realize the meaning.

Integration of the biometrics server into the contact center.

Fig 5. Block diagram of the VoiceKey product.

To be honest, everything is very simple here: we send a voice in wave or PCM format via http to the input, and we get a comparison result at the output. I do not want to dwell on this in more detail.

The verification process takes 0.8 seconds on average. It is possible to work simultaneously with many threads.

On our website, everything is described in detail, and most importantly, there are well-developed use cases for contact centers. In recent years, I have communicated quite a lot with various large CC in Russia, first of all, this is the financial sector and I have formed an understanding of the goals and objectives.

Now let's touch on such a question: how generally the technology of voice biometrics is suitable for mass use? Is it reliable?

In short, YES, it works really well. We have telephone display stands in our company. If you are interested, then each of you can call and personally try how and what works. I give the phone number and testing instructions upon request from this page. Just for statistics of interest in this topic and for assessing the load on the server.

For reference: the developments of Russian scientists in the field of voice biometrics occupy, if not the first place in the world, then they definitely share it with others. This is confirmed by independent research, such as NIST (National Institute of Standards and Technology, USA), where our company was ranked in the top three in all five tests among commercial companies. Or the fact that our product “VoiceKey” won the nomination “Best Product of the Year for CC” in 2013 in the international competition “Crystal Headset”.
It can also be noted that our company owns the implementation of the world's largest project on voice biometrics in the telephone channel.

In short, here is such an educational program. I am ready to answer questions in the comments.

480 RUB | UAH 150 | $ 7.5 ", MOUSEOFF, FGCOLOR," #FFFFCC ", BGCOLOR," # 393939 ");" onMouseOut = "return nd ();"> Dissertation - 480 rubles, delivery 10 minutes, around the clock, seven days a week

Kalashnikov Dmitry Mikhailovich. Biometric voice identification of a person by a password voice phrase in conditions of increased noise: dissertation ... Candidate of Technical Sciences: 05.13.01 / Kalashnikov Dmitry Mikhailovich; [Place of defense: FGBOU VO Penza State University], 2017.- 196 p.

Introduction

Chapter 1. Overview of methods and devices for protecting personal data based on biometric voice information and preliminary digital signal processing 15

1.1. General state of protection of personal information 15

1.2. Assessment of the resistance of neural network recognition biometrics-code 17

1.3. Informational measure of raw data quality 17

1.4. Functional model of the converter biometrics-code 21

1.5. Classic Hamming Measure 23

1.6. Practical application of biometrics-code converters to protect executable code in a voice identification system 24

1.7. The need to classify sound fragments of speech into tonal and noise 26

1.8. Overview of methods for measuring the pitch period of tonal sounds 34

1.9. Using Linear Predictors 38

1.10. Non-linear algorithm for detecting signal periodicity 42

1.11. Linear prediction of the expected pitch period 45

1.12. Estimation of the length of a speech fragment used by a new generation neural network vocoder for automatic training of a biometric system to voice parameters of the speaker "Svoy" 48

1.13. Estimation of the length of a speech fragment required to train a vocoder that recognizes single speech sounds 50

1.14. Estimation of the length of a speech fragment of recognition

1.15. Mel-cepstral odds 51

1.16. Segmentation of speech into separate biometric elements 54

1.17. Markov model of speech recognition

Chapter Conclusions

Chapter 2. Mathematical modeling of the identification of coherent speech 67

2.1. The fragmenter of homogeneous sounds and pairs of speech sounds of the speaker "Svoy" in neural networks 67

2.2. Predictor of the period of the main tone of the announcer based on current and previous values ​​73

2.3. Calculation of the average value of the pitch period and the acceptable limits of deviations 75

2.4. Tone / Noise Classifier 76

2.5. Matrix Inversion Methods in the Linear Predictor Algorithm 79

2.6. Discrete statistical description of the duration of the intervals between noise sounds of speech and between tonal sounds 85

2.7. Determination of deterministic sections of speech and variation of the frequency of the main tone 91

Conclusions on chapter 106

Chapter 3. Voice Authentication Layout Software 108

3.2. Training of ready-made biometric parameters on a neural network ... 114

3.3. Clustering audio fragments of speech 116

3.4. Password Authentication 119

Conclusions on chapter 125

CHAPTER 4. Testing the biometric voice authentication algorithm under various conditions of external influence 127

4.1. Experimental testing of the program for probability

the appearance of errors of the first kind 127

4.2. Experimental testing of the program for the likelihood of errors of the second kind, provided that a stranger does not know the password 133

4.3. Experimental testing of the program for the probability of occurrence of errors of the second kind, provided that the password word is known by an outsider 136

Conclusion 139

Introduction to work

Relevance of the topic. Currently, there is an acute issue of maintaining the confidentiality of various types of information: state, industrial, etc. A large number of works are devoted to this problem, in which various methods of cryptographic authentication and biometric authentication are proposed. Cryptographic authentication is based on the storage and processing of special encoded information. Biometric authentication is based on the personal characteristics of the subject (fingerprints, handwriting samples, facial features, retina).

Unfortunately, these methods have the following disadvantages. Cryptographic methods make it possible to ensure maximum reliability and security of the authentication procedure, however, they shift the responsibility for storing keys (secret information or material medium) onto the user, who, in addition to the obvious reluctance to assume such obligations, often does not have the necessary skills to correctly use and securely store secrets. Biometrics is traditionally used only to identify users in passport and visa control systems of citizens. The use of classical biometric technologies for comparing the biometric image of a user with a template does not allow ensuring the confidentiality of the user's personal data in open civil information systems.

The biometric voice authentication method is easy to use. This method does not require expensive equipment, a microphone and a sound card are enough. But when using the biometric voice authentication method, a number of problems arise. One of the most important issues is the quality of voice identification. Currently, the probability of a person's voice recognition error is quite high. It is required to develop new algorithms for a clearer identification of biometric parameters from the voice signal. The second major problem is the unstable operation of prior art devices under noise conditions. An important problem is voice identification with a variety of manifestations of the voice of one person: the voice can change depending on the state of health, age, mood, etc.

The construction of voice identification algorithms and corresponding devices, devoid of the listed disadvantages, is an urgent task of scientific, technical and social significance. This primarily determines the relevance of the work. A great contribution to the development of biometric authentication was made by such scientists as N.N. Akinfiev, S.P. Baronin, A.I. Ivanov, M.V. Nazarov, Yu.N. Prokho-

Dov, V. I. Romanovsky, G. S. Ramishvili, V. N. Sorokin, V. A. Utrobin, V. Gosset, M. Gray, J. Darbin, AK Jane, D. Klun, N. Levinson, K. Pearson, R. A. Fisher, R. Hamming and others.

For the practical implementation of the proposed methods, it is necessary to create effective technical means. The following world companies are known for the development of voice identification methods: Agnitio, Auraya Systems, Authentify, KeyLemon, Nuance and etc.

The disadvantages of the technologies used by these companies are server-side data processing, i.e. all biometric data is sent to the server for processing, which, in turn, is a loss of privacy for the user. The probability of false recognition for existing machines is quite high. This is due to the fact that the existing algorithms do not distinguish a sufficient number of biometric parameters from the audio signal, as well as the fact that there are no standards for comparing voice biometric parameters.

The purpose of the thesis consists in the development of new methods, algorithms and software that implement them, which carry out reliable biometric authentication of a person by voice in conditions of high extraneous noise. To achieve this goal, it is necessary to solve the following tasks:

    to develop a methodology and algorithms for increasing the accuracy of determining the frequency of the fundamental tone at any intervals of the sound signal;

    develop a method for user authentication, setting the frequency of the main tone as the determining factor;

    to develop a method and algorithms for filtering an audio signal for more accurate selection of the pitch period on any segment of an audio signal and suppression of the noise component of the signal when the signal-to-noise ratio is equal to one;

    build a single-layer neural network of the GOST R 52633.5 standard for converting voice biometric parameters into an access code;

    construct a narrow-band filter that accepts the frequency of the main tone of the speaker at the input. Use the filter formula on various signal harmonics to obtain biometric parameters and convert them into a biometric code;

    build a new algorithm for fragmentation of the audio signal and use the resulting individual tonal fragments of speech as biometric parameters converted into a biometric code;

    implement a mock-up of training and user authentication based on a password voice phrase. Conduct testing of probabilistic characteristics (the probability of an error of the first and second kind - errors in refuting the tested user and errors in accepting an unauthorized user, respectively).

Research methods. The work uses the methods of mathematical statistics, probability theory, theory of artificial neural networks and digital signal processing. To implement the experiments, the object-oriented C ++ language, the Qt and QWT libraries, the QtCreator development environment and the MathCAD mathematical modeling environment were used.

Scientific novelty of dissertation work is as follows:

    An algorithm for estimating speech sound statistical parameters has been developed. On the basis of a discrete-continuous description of the duration of sounds of a stream of meaningful speech, such a parameter as the average length of a sound is determined and an algorithm for its estimation is presented. Methods for estimating the values ​​of the mathematical expectation and the variance of the pitch period are generalized. Formulas for constructing a narrow-band filter of an audio signal are proposed, which make it possible to improve the quality of signal extraction at a high noise level.

    A numerical method for constructing a linear predictor based on the selection of the pitch period is generalized, which made it possible to significantly increase the accuracy and speed of the predictor. A technique has been developed for non-frame signal processing in a linear predictor, which significantly reduced the probability of false tone detection in a segment of an audio signal.

    A nonlinear mathematical model of filtering an audio signal has been developed for more accurate selection of the period of the fundamental tone at any segment of the audio signal. The constructed filtering procedure made it possible to improve the existing tone-to-noise classifier and select all tonal areas of speech in the audio file.

    An algorithm for neural network transformation of voice parameters into a biometric access code has been developed. The vectors of biometric parameters of voice signals are fed to the input of the neural network, which are then converted into a biometric code. Vectors of biometric parameters of voice signals are used to construct tables of weighting coefficients. As a result of applying the proposed algorithm, an individual code is assigned to each voice signal. The use of the obtained codes made it possible to minimize the error of the first and second kind in the operation of voice authentication.

    A numerical algorithm for extracting biometric data vectors has been developed, based on the use of tonal sound sections of speech, separated from external noises and pauses. These vectors are obtained at several harmonics of the audio signal and are involved in the neural network training procedure. It is shown that these vectors are biometrically informative and are used in the neural network training procedure to improve the quality of voice recognition.

6. The algorithm for fragmentation and classification of audio signals has been built and implemented in software. The scientific novelty lies in the use of the algorithm for neural network segmentation of the audio signal built in the thesis. On the basis of this algorithm, vectors of all kinds of tonal sounds are obtained, which are contained in the speaker's password phrase. These vectors are converted into biometrics-code parameters and submitted for training the neural network. The use of these parameters made it possible to improve the quality of speaker recognition in the voice authentication system.

The practical significance of the work. An automaton has been built that allows you to identify the speaker by the pronounced password phrase. A software package has been developed, within the framework of which adaptive digital algorithms for processing speech signals are implemented. An algorithm for recognizing biometric patterns in a signal is proposed. The algorithm is implemented as a neural network. The method developed in the thesis, in comparison with the known methods of digital signal processing, has the following significant advantages. The most important advantage is the ability of an automaton that implements this method to tune to the speaker's speech frequency during user authentication. Noise reduction is carried out even when the signal-to-noise ratio is equal to one. Neural networks of the GOST R 52633 standard have been introduced to convert voice biometric parameters into an access code, which makes it possible to obtain a stable long password at the authentication stage. Reduced to a value of 10-7 the probability of a user authentication error if the user does not know the password phrase and to a value of 10-2 if the user knows the given password word / words. The automata known in the literature have the following characteristics: the probabilistic characteristic of an error of the second kind is only 10 –1, while the probability of an error of the first kind is equal to 10–2.

The software complex is aimed at ensuring the protection of information and eliminating its leakage. To ensure the protection and depersonalization of a person who has access to information, it is proposed to introduce voice authentication technology as part of a systemic access check. The following systems are offered as verification systems: Internet cabinets with global or local outputs. These systems are usually used by state and municipal institutions, as well as some educational institutions. As a result, the operating terminal will make it possible to identify a person by a pronounced password phrase with a fairly low probability of a second type error (according to the statistics obtained in the dissertation work, it should not be higher than 10-7), and will also provide the user with a quick, secure and convenient entrance to his personal account.

Reliability and validity of the results, formulated in the dissertation, is provided with the correct use of mathematical methods and the comparison of theoretical statements with the results of test and field experiments.

The main provisions for the defense:

    an algorithm for extracting speech statistical parameters based on a discrete-continuous description of the duration of the sounds of a stream of meaningful speech;

    a numerical method for constructing a linear predictor for identifying the period of the pitch during non-frame processing of data and using the speech statistical parameters of the speaker;

    a nonlinear mathematical model of filtering an audio signal, which performs noise reduction of a signal when the signal-to-noise ratio is equal to one;

    an algorithm for extracting biometric data vectors;

    an algorithm for fragmentation and classification of sound biometric "phonemes";

    an algorithm for constructing a neural network for recognizing biometric features of human speech;

    mockup of training and user authentication by a password voice phrase.

Implementation of work results and communication with scientific programs. The obtained research results were implemented in the organization of JSC "PNIEI" (Penza) during the development of the layout of the software "User authentication by voice phrase". There is an act on the implementation of the results of dissertation work.

A software package has been developed (certificate No. 2016E13464 dated October 21, 2016 on state registration of a computer program) for solving the problem of constructing a neural network biometric voice recognition tool with a noise level higher than the signal level. The specified software package, used in the research, production and design activities of JSC "PNIEI" (Penza) in the study and development of biometric authentication algorithms, contains a software solution to the urgent problem of developing tools for automated password identification of a person's personality by voice phrase. The program is able to carry out identity confirmation in conditions of noise comparable to the level of the speech signal.

The research was supported by a grant "U.M.N.I.K", contract No. 8909GU / 2015 dated December 21, 2015 on the provision of a grant by the Federal State Budgetary Institution "Fund for Assistance to the Development of Small Forms of Enterprises in the Scientific and Technical Sphere" research on the topic "Development of a means of neural network biometric voice recognition at a noise level above the signal level."

Approbation of the thesis. The main provisions of the dissertation were reported and discussed at the following international conferences: the sixth and seventh international scientific and technical conference "Mathematical and computer modeling of natural science and social problems" (Penza, 2013, 2014); International Scientific and Technical Conference "Analytical and Numerical Methods for Modeling Natural Science and Social Problems" (Penza, 2014); scientific-practical conference "The contribution of young scientists to the development of the economy of the Volga region" autumn session 2016 (Penza, 2016); scientific conference of the competition "Rector's grants" (Penza, 2015).

Personal contribution of the author. All the main results presented in the dissertation work were formulated and obtained by the author independently. The works were published in co-authorship with the scientific advisor, who owns the formulation of the problem to be solved and the concept of its solution. The paper describes an algorithm developed by the author for obtaining speech statistical parameters based on a discrete-continuous description of the duration of sounds of a stream of meaningful speech. In the work, the author independently developed a new noise reduction algorithm . In the works, the author has constructed a method for depersonalizing personal data using a voice password word, improved the well-known linear algorithms for processing audio signals. In the software package, the author has developed basic algorithms and compiled program codes. Also, the author conducted numerical experiments that confirm the possibility of practical use of the results.

Publications. Based on the materials of the dissertation research, 8 works were published, including 3 works in journals from the list of the Higher Attestation Commission of the Russian Federation.

Structure and scope of work. The thesis consists of an introduction, four chapters with conclusions, a conclusion, a list of references and 2 appendices. The total volume of work is 188 pages, including 170 pages of the main text, including 87 figures. The list of references contains 83 titles.

Functional model of the biometrics-code converter

The main functional element of the highly reliable biometric-cryptographic authentication tool is the biometrics-code converter. The work of the biometrics-code converter is based on the use of special methods for converting fuzzy biometric data into a binary integer of fixed length - a code response. At the same time, the fuzzy biometric data of the "Own" user is converted into a stable code response called the "Own" code, and the fuzzy biometric data of the "Strangers" users are converted into random (uncorrelated) code responses "Stranger". The functional diagram of the biometrics-code converter is shown in Figure 1.2.

Thus, the main functional characteristic of the biometrics-code converter is that it must fold the multidimensional field of continuous states of the unstable biometric image “Own” into the code point “Own” belonging to some finite discrete field of possible states of this key. The second functional characteristic of the biometrics-code converter is that random biometric images "Alien" should generate random output code responses at the outputs of the converter. Multiple biometric images Multiple code responses

The internal structure of the biometrics-code converter is formed during a special procedure called training. The training procedure accepts as parameters a set of examples of the biometric image "Own", a set of biometric images "Alien", each of which is represented by one or more examples, and a code response "Own", and the result of the procedure is a generated biometrics-code converter with parameters, allowing the performance of the above functional characteristics.

The parameters of the trained biometrics-code converter, supplemented with some additional information (for example, an identifier or username), form a biometric container. 1.5. THE CLASSIC MEASURE OF HAMMING

The procedure for ordering biometric images should be high-dimensional and take into account changes in all biometric parameters and all their possible combinations, which becomes technically impracticable for several tens of biometric parameters taken into account, therefore, the only possible way to avoid this is to move from the space of input continuous high-dimensional biometric images to the space of output discrete code responses. In this case, the sorting of biometric images becomes linear and one-dimensional, and the work of the automaton for orderly enumeration of biometric images becomes trivial.

The main metric in the space of output code responses is the Hamming measure - the number of unmatched bits of code responses and various modifications of this measure, described below. Hamming measure k is calculated by the formula n h = YS iyi \ (1.5.1) / = 1 where Xj is the value of the ith bit of the first code response; yi is the value of the i-th bit of the second code response; n is the length of the code; Ф - addition modulo 2. This metric can be used to establish a measure of proximity between two biometric images "Alien", or a measure of proximity of the biometric image "Alien" to the biometric image "Friend", for which a highly reliable biometric authentication tool was trained. The use of the Hamming measure for ordering biometric images makes sense only for a certain biometrics-code converter trained on a certain “Own” biometric image.

1. The main difference of the proposed method from all the others is the presence of machines encoded for certain features of the environment and the executable code of automatic machines for rearranging long random input data into a specific code 256 bits long.

2. The center of the conversion mechanism is considered to be tunable hash functions (HHF), which are a generalized concept of biometrics-code converters in comparison with the data they convert. The essence of the proposed method lies in the initial data of the tested code. Two types of source data can be distinguished: parameters for rebuilding HXV and multidimensional parameters. The characteristics of the reorganization of the NHF are rearranged instead of the executable code of the program together with the automaton that implements the NHF. When the program is launched, input multidimensional characteristics are passed to it for implementation with execution. With the support of the NHF automaton, the stored and given characteristics are used to restore one more block of executable program code.

3. After the restoration process, the code is compiled, and the HHF automaton proceeds to decode the appropriate blocks that are important for the continuation of the program. It is not easy to resume the executable code based on the characteristics of the state of the NHF or only on the basis of the input characteristics. This allows the use of NHF to conclude the task of protecting the executable code from the occurrence of hacking. The defense scheme for any block of compiled code is shown in Figure 1.3.

Estimation of the length of a speech fragment used by a new generation neural network vocoder for automatic training of the biometric system to the voice parameters of the speaker "Svoy"

To obtain an informative password for authentication, it is necessary to calculate statistical parameters describing their quality and difference.

Voice identification systems that take frequency spectrum coefficients as parameters have similar probabilistic errors to systems that analyze a speech signal over time. The probability of an error of the first kind characterizes the refusal of a pass to "Svoyu". At the moment, among the existing voice systems, this probability is 10_1. The probability of an error of the second kind characterizes the omission of the "Alien". The frequency of occurrence of this error depends only on the mode of use of the method. If a stranger knows the passphrase and does not use a dictaphone, the success of his bypassing the system is approximately 1%, provided that his voice is close to the recorded one. Otherwise, an attacker may need up to 1010 attempts to successfully hack.

Nevertheless, it becomes possible to pass under the guise of another speaker in existing systems if the passphrase of the original speaker is known and recorded on the recorder. In this case, the probability of the second kind increases significantly. Hence, there is a need to solve the problem of preventing interception of a voice password. Also, one of the ways to solve this problem is the use of simultaneous identification of a person by the structure of the face. In addition, some systems security professionals connect motion sensors to identify the source of the sound.

Temporal procedures (linear predictions) and frequency band-pass filtering procedures in vocoders are now widely used. Both those and other procedures significantly distort the biometrics of users and at the same time cannot provide high compression of speech information.

Studies within the framework of the Penza Research Electrotechnical Institute, in which the author took part, have shown that there is a real opportunity to create a new class of vocoders based on a new type of description of voice signals. The basis of a new type of speech description is the use of the fact that coordinated speech consists of damped oscillatory processes, repeating with a period of the fundamental tone. For example, this is how the phoneme "a" looks like (Figure 1.11). Tton = 60

From Figure 1.11, we can conclude that sound consists of periodically repeating damped oscillations. Therefore, for an economical description of the process, it is necessary to measure the decay rate and frequency (number of humps) of internal oscillations. In this case, a complex speech process described by classical vocoders using 14-18 parameters will be described by only four parameters: 1) sound amplitude; 2) the period of the main tone; 3) damping of internal vibrations; 4) the frequency of internal vibrations. This approach to coding speech allows you to condense information several times. It is very important that in the new type of "vibrational" description of the speech signal, different phonemes are quite similar. For example, the phonemes "o" and "a" will differ only in the pitch period. An example of the phoneme "o" is shown in Figure 1.12.

Comparing Figures 1.11 and 1.12, we can conclude that the phoneme "o" and the phoneme "a" form the same vibrational link. Phonemes differ from each other only in the period of the main tone. There are no such data in the literature. In the classical literature on speech processing, an attempt has been made to relate the first and second phonemes to each other (see Figure 4.3 c). Frequency attenuation must be taken into account as this allows the sound boundary to be determined. Attenuation is a direct and not an indirect parameter of speech production. The phoneme "o" has a shorter pitch period compared to "a", but the same filling frequency and the same decay

The studies have shown that, based on the new principle of describing sound signals, it is possible to construct simple "fuzzy" rules for the classification of "phonemes" and the synthesis of their optimal fuzzy description. For example, the description of the phonemes "y" and "u" have practically the same form of structure, but different periods of the main tone. This situation is depicted in Figure 1.13. О 50 Щ! \ Ft h 200 100 I Т = 50 "у" Т = 60 "у" deducing simple fuzzy (vague) rules for distinguishing phonemes. They will be simple for the vast majority of phonemes. These rules will describe the "average" speaker. Deviations from these rules will be nothing more than biometric characteristics of the speaker. Apparently, this is the way to increase vocoder quality, speech compression ratio, accuracy of transmission of biometric parameters of speech.

Following the synthesis of fuzzy rules (a fuzzy automaton recognizing phonemes), it will presumably be possible to increase the speech compression ratio by 1.5-2 times. An attempt made to create a vocoder that takes into account the damping of oscillatory processes shows the technical feasibility of this direction.

Another way to improve speech compression ratio is to extract phonemes and encode phonemes rather than frames. Speech frame coding is redundant. Typically, vocoders use 44 audio frames per second. On average, a person pronounces 11 phonemes per second. That is, vocoders duplicate one phoneme 4 times. If we know the fuzzy rule of the evolution of phonemes (how one phoneme is transformed into another), then it is enough to transmit the phoneme data once. This should allow compressing additional information by 3-4 times. If you transfer speech parameters in the center of phonemes and between them, then the additional compression will be approximately equal to two.

Thus, the new approach, based on the assessment of the decay of the periods of the fundamental tone and internal oscillations, is promising, and allows you to increase the compression ratio of speech several times. It is technically feasible to have 600 bps vocoders. At the same time, the problem of accurate transmission of biometric parameters for vocoders with a stream of 2400 and 4800 bit / s can be solved.

Password Authentication

The use of methods and algorithms used in the construction of existing vocoders does not make it possible to use these methods in the construction of voice signal fragmenters. The reason why these methods cannot be used is that vocoders with high quality voice data have a huge number of classes, the flow of which is on the order of 2400 bps. This number is typical for vocoders based on linear predictor algorithms. It is necessary to minimize the given number of data streams. In the case of using vocoders giving a stream of about 1200 bit / s, the number of classes obtained decreases, but, nevertheless, remains rather large. Also, in this case, the biometric data of the user himself is lost.

The solution to these issues is the use of biometric devices capable of providing the system with a sufficient amount of information. Also, the way out is to build an automatic speech fragmentator that classifies parts of the voice signal. The use of already existing fragmenters does not provide the system with a sufficient amount of information due to the fact that their algorithms are based on uniform frame-by-frame processing of the voice signal. The uniform splitting of the voice signal usually varies at a stream of 20-60 frames / s. Also, one of the disadvantages of existing fragmenters is the complete neglect of internal changes within sound fragments, i.e. there is a loss of knowledge about changes in the biometric parameters themselves.

It can be concluded that the main goal of creating stable voice biometric authentication systems is the premature processing of the audio signal, which combines the construction of an effective code phrase fragmenter that takes into account the user's personal characteristics and synchronizes the identified areas of speech at the stage of training the program, i.e. on these sections of speech there should be no discrepancy in the phase of the sound. Also, a useful property of the new fragmenter would be the possibility of self-learning and identifying the speaker's features at the stage of program authentication after a long period of time relative to the training of this speaker.

By the time the user is authenticated, the program must accumulate all sorts of statistical characteristics, clearly classify the selected areas of speech. In the case of biometric identification, it is necessary to create an automatic fragmentation tool capable of classifying sounds, thanks to a pre-created dictionary and accessing a database of created sounds, separately for each user. Both authentication and identification systems should be subjected to preliminary tests for the likelihood of errors of the first and second kind. This problem was solved in the dissertation using the following approaches. An algorithm for controlling the period of the user's pitch has been developed. For each person there is a separate set of pitch period parameters, which are calculated when recording a sound file. The mathematical expectation of the length of the pitch period is considered an individual characteristic, although it may be the same for many people. The smallest value of the period of the main tone is characteristic mainly of the female sex and persons under 16 years of age. This value has a significant difference compared to the male voice. Some men have a bass character and their average period is greater than that of the average person.

The stage of preprocessing a voice phrase in the case of identification or authentication should be operated on the average characteristics of the speaker, taking into account many parameters without using the modern computing power of the computer. This condition should be taken into account by the automatic fragmentation-classifier of the voice phrase, speech of the identified user.

The bass voice, due to the long length of the pitch period, has a fairly wide variety of changes in the signal amplitude within the studied area. This feature leads to the expansion of the speech fragment processing window; this problem can be solved by predicting changes in important biometric characteristics. Despite these factors, the fragmented classifier is obliged to spend the same computing resources for different types of people. These principles are laid down in Section 3 of Chapter 2 in constructing a practical model of phrasing fragmentation.

Experimental testing of the program for the likelihood of errors of the second kind, provided that a stranger does not know the password

Procedure "LPCJ5" is a linear predictor filter, at the output of which we have the value of the pitch period "period LPC" (formula 3.1.7). The procedure is fed with the frame length “TV”, the count number of the beginning and end of the frame “7V7 and N2”, the sequence number of the frame “kadr”, the number of autocorrelation function coefficients, “dmposonjjenod” is the deviation from zero in the autocorrelation function, “error” is the error vector from the previous frame, calculated using the "LPCJor error" procedure.

The procedure calculates the autocorrelation function of the prediction error: N / An-1-k r (k) = Y ew (n) e (n + k), ke0, N / An-l, (3.1.10) and in block 6 it was determined at what values ​​of nnnu [ni, n2], the autocorrelation function of the prediction error r (k) is maximum, which corresponds to the selection of maxima (peaks) in the spectrum of the speech signal. For this, the functional was minimized: є rm = r (n0) ma Ae [nbn2]. (3.1.11) In this case, u is the minimum length of the period of the fundamental tone, u = inf T0T- n2 is the maximum length of the period of the fundamental tone, n2 = sup T. The resulting value is defined as n. We find the maximum value of the period within the exact lower and upper bounds, after which we pass to the formula T ± from n Гт-у, (3.1.12) 0, Гт /, where у is the threshold value determined in the process settings.

The procedure "Ma8htabirovanie_v" scales each frame of the input signal in a given range to compare each frame for correlation. All deterministic areas are brought to the same constant scale from -1 to +1.

The procedure "mashtabirovamejJoX" takes as input a signal of a certain dimension "N_N" and approximates the signal "ogib" to a certain length "Nogib". That is, the signal pattern is preserved, only the number of samples in it changes.

Procedure "Ogibayshayjjokadr" - counting the envelope over the frame, where "y" is a filter of "N_N" dimension with a certain harmonic; "Nach", "Kop" - the beginning and end of the array by the "y" parameter; "Kadr" - mathematical expectation of the pitch period; "Ogib" - the resulting envelope; "Nogib" is the dimension of the envelope.

After the preprocessing of the signal and the extraction of the necessary biometric parameters, the data is sent to the biometrics-code converter, which consists of the following procedures and functions: void netlr.koef (int kolobrazov, int Nobrazov, double obrazy, int & razmer, double & net); void netl:: norm net (int kolobrazov, double sigma, double Mat OG al, int razmer, double & net); void CCalculateADQ :: CalculateInputADQ (int imageCount, float coefficientsArr, float averageArr, float dispersionArr, float qualityArr); void netS :: SimpleTraining (int weights Number, const int ConnectionArr, int imageCount, int keyArr, float averageArr, float weightsArr); void netSr.NormalizationTrainmg (int weights Number, const int ConnectionArr, int imageCount, float dispersionArr, float qualityArr, float weightsArr).

The procedure "bf is the calculation of the Fourier coefficients from the generated images (biometric parameters). "Nobrazov" - the dimension of one image. akol obrazov "- the number of images fed to the neural network. At the output of the procedure, there is a "net" matrix of dimensions. Each vector of 196 components is formed from the Fourier coefficients of the signal under consideration.

The formation procedure consists in processing the signal with various windows, calculating the Fourier coefficients of the functions cut out by these windows and forming the total vector according to a special algorithm.

The “normnet” procedure is the normalization of the “Own” images with respect to the mathematical expectation and variance of the “Alien” images. The “Alien” images are pre-formed by accumulating a voice base of 10,000 images. The base was formed as a result of the collection carried out within the framework of the internal work of JSC "PNIEI" in 2012-213. The normalization of the images is carried out according to the formula net [g] [/] = - y, i _ 0..kol obrazov, g = 0 .. 196, (3.2.1) alienWhere Mchuzhoy is the vector of mathematical expectation of the “Alien” images; 64yyK0U [g] vector of variances of “Alien” images.

The "CalculatelnputADQ" procedure calculates the mathematical expectation, variance and quality of the parameters of the "Own" images. The quality of each parameter is calculated by the ratio of the average value of the parameter to its variance.

The “SimpleTraining” procedure fills in and records the table of weight coefficients in a separate 1x1 file for its further use at the time of depersonalization. As a result of the performed procedure, the initial training of the first layer is formed. The input of the procedure is a table of neuron connections, relative to which parameters are formed that take the values ​​"0" and "1", as well as a randomly generated access code "key". The number of weights "weightsJayerl" on the layer is equal to 24. Learning is carried out by correcting the signs of the weight coefficients at a part of the neuron inputs. The sign is corrected in such a way that the probability of the appearance of a given response at the output of the neuron upon presentation of examples of the "Own" image increases (the number of errors in the output code decreases). Correction should be carried out at one input. If the change in the sign of the weighting factor of the input being corrected gives the opposite result, then the correction should be canceled and proceed to the correction of the sign of the next weighting factor. The NormalizationTraining procedure trains the first layer of the network using the input quality and variance obtained from the CalculateInputADQ function.

Biometric authentication is the process of proving and verifying the identity by the user presenting his biometric image and by transforming this image in accordance with a predefined authentication protocol. Biometric Authentication Systems - Authentication systems that use their biometric data to verify the identity of people. Biometric systems consist of two parts: hardware and specialized software.

Hardware includes biometric scanners and terminals. They record one or another biometric parameter (fingerprint, iris, veins on the palm or finger) and convert the information received into a digital model available to a computer. And the software processes this data, correlates it with the database and makes a decision who appeared in front of the scanner.

In order for the biometric system to be able to further identify the user, it is first necessary to register information about his identifiers in it. Commercial systems (unlike systems used by law enforcement and law enforcement agencies) do not store images of real identifiers, but their digital models. When the user repeatedly accesses the system, the model of his identifier is formed again, and it is compared with the models already entered into the database.

Back in 2008, face recognition was more of a research topic, now it has become a real technology. Not only government agencies are showing interest in it, but also commercial companies. The market dynamics are very intense. According to research by the International Biometric Group, in 2009 the global biometrics market was $ 3.4 billion, according to their own forecasts, by 2014 it will amount to $ 9 billion. Now, 11.4% of the total biometrics market is occupied by face identification technologies. , although four years ago analysts attributed this direction to the “other” column.

Fingerprint identification technologies have incorporated all the best that is inherent in biometrics in general. A specific person is identified by a fingerprint, and not a token or card; unlike a password, a fingerprint cannot be "peeped", forgotten, voluntarily or involuntarily passed on to another. By the way, modern scanners have learned to establish the belonging of a fingerprint to a living person, and they cannot be deceived by presenting a print of a fingerprint on paper, gelatin or glass. The probability of erroneous identification is 0.000000001%, and the time required to scan a fingerprint does not exceed a fraction of a second.

A huge step towards eliminating passwords has been made with the introduction of a fingerprint scanner into a smartphone. Despite the fact that the technology was used before, it was Apple who managed to popularize and widely implement it.
No matter how the opponents of biometric data collection scold the Touch ID function, the technology is actively used not only to easily unlock a smartphone, but also to make purchases in the App Store or use the Apple Pay service.

In the future, some large banks are also considering switching to a fingerprint scanner as an authentication method. Moreover, Visa goes even further - the company is working on a prototype of an iris scanner, which will be used for the same purposes in the Visa Checkout online payment service.

RichRelevance conducted a survey of 2,000 consumers on both sides of the Atlantic in early 2016. They answered questions about how technology might affect their in-store customer service model, explaining the difference between what shoppers think is “cool” and what is “creepy”.

Despite their open mind, UK shoppers are less likely to respond to more invasive technologies such as facial recognition software that could be used to identify them by an employee while shopping.

When evaluating fingerprint recognition technology in the payment process, almost half (47.5%) of respondents would welcome this technology if it also allowed them to automatically receive home delivery service.

Additionally, 62% of shoppers surveyed want to be able to scan a product from their devices to see reviews and recommendations for other products they might like, while 52% of shoppers don't mind the pop-up feature that starts arriving on their mobiles. devices at the entrance to the store.

Cybercriminals learn to read fingerprints and iris patterns

As of fall 2016, Kaspersky Lab has already discovered on the black market at least 12 vendors offering skimmers that can steal fingerprint data, and at least three researchers who are working on technologies to break into wrist and rainbow vein pattern recognition systems. shell of the eye. According to experts, in September 2015, pre-sale testing of the first versions of biometric skimmers was already carried out on the black market. Then several errors were found, but the main problem turned out to be the use of GSM modules for the transmission of biometric data - they could not cope with large amounts of information, which means that new versions of such skimmers will use other, faster data transmission technologies, the company believes.

It also became known that the cybercriminal communities are actively discussing the development of mobile applications that allow disguising human faces. Such programs help to use photographs of real people posted on social networks to deceive the face recognition system.

“Unlike passwords or PIN codes, which can be easily changed in the event of a hack, fingerprints or iris patterns cannot be changed. Accordingly, if biometric data is once in the wrong hands, their further use will be fraught with serious risk. That is why they need extremely reliable means of protection, - emphasized Olga Kochetova, information security expert at Kaspersky Lab... “The danger also lies in the fact that they are included in modern electronic passports and visas, which means that the theft of such documents leads to the fact that in the hands of the attacker is virtually all the information that can be used to identify a person.”

Fingerprint sensors of some smartphones can be tricked by a printer

In 2015, computer security experts from the University of Michigan (USA) hacked the fingerprint scanner, which is equipped with many modern smartphones, using a conventional inkjet printer. A research article published on the University website.

Until now, it was possible to trick fingerprint scanners into creating a fake fingerprint by hand, such as latex or glue, but this process is time-consuming and the quality of the resulting prints is sometimes too poor.

American researchers have found a simpler and more effective method. To do this, they scanned a colleague's index fingerprint at 300 dpi, and then printed it on glossy paper, replacing regular printer ink with conductive ink.

The resulting images were able to successfully trick the built-in scanners of the Samsung Galaxy S6 and Huawei Honor 7 smartphones. more tries.

According to the authors of the study, the method they discovered could be adopted by hackers, and smartphone manufacturers should think about improving the fingerprint scanners with which they equip their devices.

Voice biometrics

Voice biometrics is one of the technologies that is evolving very quickly and allows different companies to use its solutions for customer identification. In the biometric system, individual behavioral, psychological and some other characteristics are used to determine or confirm personality. A variety of biometric measurements are available, including iris scans, fingerprints, face recognition, voice recognition, signatures, and more. Voice biometrics allows a client to be identified by examining a person's vocal characteristics. It provides a relatively simple and economical way to solve a number of practical problems.

Voice biometrics and speech technologies are far from being toys, they are highly advanced technology that can be used to improve the quality of a service to such an extent that the customer can feel the improvement. The enterprise must provide the customer with an automated service, and speech technology can help with this. Nobody makes the client wait, does not redirect and does not offer to use the menu. Voice communications are convenient for the customer.

The system understands the client and is able to check his words. He may not even remember the password or number. Voice biometrics, which are used during the conversation, allow you to determine who is calling. This shortens the talk time. So the client does not need to introduce himself and give a password. His password is his voice! At the same time, he feels that his call is important and the company makes a decision immediately.

The technology is most widely used in the banking sector, insurance companies, and telecoms. Airlines are showing significant interest. The market of mobile applications for cell phones is also promising, where speech technologies are in full demand. In the automotive industry, voice systems allow you to use navigation devices on the road, are able to turn on music, air conditioning, help, without being distracted from driving, record and send SMS, etc.

In medicine, speech technologies are used to record information about clients, create electronic patient records. This optimizes the physician's work and creates clear benefits for clients. The doctor does not use a computer keyboard, he simply dictates medical indicators and diagnosis. A speech recognition system translates voice into text and records it.

Banking contact centers are successfully using voice technologies. If the client needs basic information, then it is provided to him freely. But if he wants to conduct a financial transaction or some kind of transaction with his account, then his [status] needs to be checked. Voice biometrics is one of the types of client verification, with the help of which it is possible to identify whether a person is alive or whether a speech recording is being broadcast.

The voice biometrics system can identify the need for additional verification of the client. You can also create a 'blacklist' of prints of votes of customers seen in fraud or attempts to unauthorized access to the accounts of other customers. This allows you to ensure the security of banking operations.

Experts predict a great future for voice biometrics, which in 2012 may play a leading role in user authentication. People are already accustomed to using their voice for mobile search, device control and dictation, so the right approach to voice authentication could soon become an important part of the person's identification process. These are the findings of a recent study, Voice Biometrics Authentication Best Practices: Overcoming Obstacles to Adoption. The main objective of the study was to evaluate previous projects in the use of voice biometrics, as well as to analyze the current state of this industry and assess its prospects. According to the authors of the report, Valid Soft, voice biometrics can become part of a multi-level recognition process in order to reduce the risk of online payment fraud. The data shows that the number of registered voice prints will increase from 10 million in 2012 to more than 25 million in 2015.

2016: Clients of HSBC will be authorized by voice

Retail customers of the British bank HSBC and its subsidiary First Direct will soon no longer need to type a password to access their current account via a smartphone and conduct a transaction. The password will be replaced by voice identification. The massive transition to a biometric verification system will take place in early summer, writes Tim Wallach in an article published by The Telegraph.

The voice verification method will initially be available for 15 million personal account holders. And as representatives of HSBC say, it will be faster, easier and much safer. Bankers place particular emphasis on the latter circumstance. They know from experience that many customers often use the same password for multiple accounts linked to a mobile device. And because of this, they become easy prey for scammers.

Technically, the transition to the new system will proceed as follows. A client wishing to use it will need to provide the bank with a record of his vote. Based on this sample, speech speed, modulation and pronunciation features that make each person's speech sound unique will be analyzed.

After that, writes The Telegraph, the client will begin to access their accounts by saying the agreed text. For example, the phrase "My voice is my password" can be a pass. According to Joe Gordon, the system will be able to recognize the client's voice, even if he chills his throat, which will certainly affect his speech. "More than 100 parameters are taken into account," he says. "The human vocal tract remains unchanged even in the case of a cold, and behavioral factors such as speech speed, accent or pronunciation remain in place."

And in those extremely rare situations when the system still does not cope with the task, you can always use the usual verification, he adds.

The final tests of the voice verification system should be completed within the next few weeks, so that the bank can offer it to customers by the beginning of summer 2016. In addition, HSBC recently introduced fingerprint verification for account holders linked to the iPhone.

According to The Telegraph, other large credit institutions have also taken the course of abandoning traditional passwords for mobile banking. Lloyds Banking Group is testing a biometric verification system for debit cards linked to a smartphone. To demonstrate the possibilities that biometrics can provide, Lloyds even developed a device to recognize a person by heart rate.

RBS also intends to use fingerprint verification. And Barclays, among other things, is experimenting with a scanner that, before allowing a client to make payments for a significant amount, identifies him by the bloodstream in his finger, The Telegraph previously reported.

Micromovements

The goal of the project, which is being implemented at the New York Institute of Technology, is to analyze the micromovements and vibrations of the hand holding the smartphone, by which the user could be identified. We study the gestures and movements with which a person controls the phone, as well as the pauses between these gestures when viewing content.

Researchers at Cornell University programmed the popular Kinect sensor to analyze common household chores such as cooking and brushing teeth. Their goal is to use motion recognition in smart homes and personal robot assistants, although critics slander that this is clear and immodest proof that the decline of society will begin with video games.

Gait

Japanese researchers have found that with the help of 3D imaging of a person, it is possible to correctly identify him by his gait in 90% of cases. Moreover, bare feet on the ground identify the owner 99.6% of the time. This can help airport security - through their frames, queues of people in socks are marching every now and then.

Analysis of user actions

SRI International uses accelerometers and gyroscopes built into smartphones to obtain unique data describing the state of a person when he is walking or standing. The length of the stride, the efforts applied to maintain balance, and the speed of movement - all these parameters are individual. Additional sensors can record other physical characteristics, such as the orientation of the hand or the physical position of the user — closeness to other people, sitting or standing, trying to pick up something, typing or talking on the phone.
See:

  • UnifyID
  • Google abacus

Stylometry. Keyboard handwriting

Style features are enough to distinguish people from each other. Drexel University experts are trying to recognize the individual handwriting of the author when he is typing text on a smartphone or tablet. Words, the use of grammatical structures, the construction of phrases, and even repetitive mistakes are analyzed. This technology can be combined with other methods of keyboard authentication, for example, analyzing the speed of typing and the length of the pauses between typing letters. The use of technologies of this kind makes the authentication system even more secure.

The content of the entered password may not be the only unique user distinction. By analyzing the speed and rhythm of keystrokes when entering a password, you can improve the reliability of authorization.

Indian scientists from the Chennai College of Engineering suggested that each person's special set of printing characteristics would also help replace the standard password entry and save users from having to remember it. Everyone prints differently, and that could be the key to creating a new way to authenticate.

The algorithm calculates the typing speed, the length of the keystroke and the pause between keystrokes. The resulting statistics are assigned to a specific user and serve as his identifier.

Heartbeat radars

Experts at NASA's Jet Propulsion Laboratory are trying to identify the individual characteristics of the heartbeat using the phone. Microwave signals emitted by the telephone are reflected off the body, recorded by the telephone sensors, and amplified to reproduce the heart rate. In addition to authentication, the user also receives warnings about changes in his heartbeat with a recommendation to see a doctor.

Canadian startup Bionym attracted a $ 14 million Investment Round A in the fall of 2014, led by Ignition Partners and Relay Venture. Export Development Canada, MasterCard and Salesforce Ventures also took part in the round. Bionym was founded in 2011 and received its first round of investments in August 2013 ($ 1.4 million). Around the same time, the company opened a pre-order for the Nymi bracelet. Nymi measures the electrical activity generated by the heart muscle (electrocardiogram) and uses this data for authentication. The creators of the bracelet claim that the electrical activity of the heart is unique to each person and therefore can serve as a password. This unique data does not depend on heart rate, the company emphasizes.

Nymi offers one of the biometric authentication methods similar to scanning a fingerprint or iris. The bracelet does not require prior activation, since being on the wrist, it continuously monitors heart activity. The device generates an encrypted wireless signal and sends it via Bluetooth to the device that the user wants to access.

It is proposed to use the bracelet not only to enter a personal computer, but also to unlock a house, apartment or car. The developers have endowed the system with three-factor authentication. You only need to verify your identity once a day or after the bracelet is removed.

In addition to electrocardiogram access, Nymi also supports spatial gesture-based locks, thanks to its built-in accelerometer and gyroscope. That is, the user is asked, for example, to draw a certain figure in the air, which only he knows, after which the bracelet will send a signal to the computer or lock.

Posture analysis

Japanese scientists have developed a system of 400 sensors in the seat that accurately identifies the contours and areas of support of the human back and fifth point. The bum analyzer, which the researchers say has 98% accuracy, can be fitted into car anti-theft systems.

Face (facial recognition, selfie)

2016

US public organizations against face recognition

A coalition of 52 civil society and human rights organizations in the United States sent a letter to the Justice Department asking the Department of Justice to investigate the excessive use of facial recognition technology in law enforcement. The coalition is also worried about the unequal accuracy of machine recognition of faces of different races, which can become the basis for the manifestation of racism on the part of employees of the authorities.

These technologies are especially abused by local police, state police and the FBI, the letter says. The coalition asks the Ministry of Justice to first of all start checking those police departments that are already under investigation in connection with the bias against citizens with non-white skin color.

The request is based on a study by the Privacy and Technology Center at Georgetown University School of Law. The study found that the faces of half of the US adult population were scanned by government identification software under various circumstances.

The researchers note that in the United States today there are no serious rules governing the use of this software. According to Alvaro Bedoya, director of the Center and co-author of the study, having photographed with a driver's license, a person is already in the database of the police or the FBI. This is especially significant given the fact that facial recognition can be inaccurate, and in this case can harm innocent citizens.

Examples of projects in HSBC, MasterCard and Facebook

HSBC is building a portrait gallery of its clients. The financial conglomerate is switching to a new identification system - selfie. The photograph will replace all other methods of identification, such as fingerprints, voice recognition and PIN entry.

The service will be available for corporate clients of NSBC. Through the banking mobile app, they will be able to open accounts with one click of a selfie. The bank also confirms the identity of the client using a face recognition program. The photo is compared with the images previously uploaded to the system, for example, from a passport or driver's license. It is assumed that the new service will eliminate the need to memorize digital codes and reduce the identification time.

MasterCard announced in the spring of 2016 at the Mobile World Congress in Barcelona that it will soon allow selfies as an alternative to passwords for online payments. The service will be available next summer in the United States, Canada and some European countries such as Italy, France, the Netherlands, the United Kingdom and Spain.

To use this option, users will need to download a special application to their computer, tablet or smartphone. Then look into the camera or use the device's fingerprint reader (if available on the device). However (at least for now), users will still need to additionally provide their bank card details. Only if additional identification is required will users be able to use the above option.

With this new approach, MasterCard intends to protect users from fraudulent online transactions that are carried out using stolen user passwords, as well as provide users with a more convenient authentication system. The company said that 92% of people who tested this new system preferred it over traditional passwords.

Some experts question the protection of information from cybercriminals not being able to easily obtain a user's fingerprints or a photograph of his face if the transaction is carried out using an unsafe public Wi-Fi network.

Cyber ​​security experts argue that the system should include multiple layers of security to prevent potential theft of photos of users' faces. After all, online payments are an attractive target for cyber criminals.

At the end of 2015, a group of experts from the Technical University of Berlin demonstrated the ability to extract the PIN code of any smartphone when using the user's selfies. To do this, they read this code, which was displayed in the eyes of the user when he entered it on his OPPO N1 phone. It is enough for a hacker to simply take control of the smartphone's front camera to carry out this rudimentary attack. Could a cybercriminal take control of a user's device, take a selfie and then make online payments using the typed password that the hacker saw in the eyes of his victim?

MasterCard insists that its security mechanisms will be able to detect this behavior. For example, users would need to blink for the app to show a "live" image of a person, rather than a photograph or pre-captured video. The system compares the user's face image, converting it into a code and transmitting it via a secure protocol over the Internet to MasterCard. The company promises that this information will be safely stored on its servers, while the company itself will not be able to reconstruct the user's face.

In the summer of 2016, it became known that researchers bypassed the biometric authentication system using a photo from Facebook. The attack was made possible by the potential vulnerabilities inherent in social resources.

A team of researchers from North Carolina State University demonstrated a method of bypassing security systems built on face recognition technology using accessible photographs of social media users. As explained in the report of specialists, the attack became possible due to the potential vulnerabilities inherent in social resources.

“It's no surprise that personal photos posted on social media can pose a privacy threat. Most of the major social networks recommend that users set privacy settings when posting photos on the site, however, many of these images are often available to the general public or can only be viewed by friends. In addition, users cannot independently control the availability of their photos posted by other subscribers, ”the scientists note.

As part of the experiment, the researchers selected photographs of 20 volunteers (users of Facebook, Google+, LinkedIn and other social resources). They then used these images to create 3D face models, animate them with a series of animation effects, apply skin texture to the model, and tweak the look (if necessary). The researchers tested the resulting models on five security systems, four of which were cheated in 55-85% of cases.
According to the company report Technavo(winter 216) one of the key trends that have a positive impact on the market for biometric face identification technologies ( facial recognition), is the introduction of multimodal biometric systems in sectors such as health care, banking, financial sector, securities and insurance sector, transportation sector, road transport, as well as in the public sector.

Multimodal biometric systems based on a combination of several biometric technologies, such as recognition of fingerprints, facial features, voices, etc., are highly effective in detecting unauthorized access to self-service banking devices, healthcare databases, mobile devices, as well as a large number of online and offline applications.

With the growing demand for improved security in Europe, a steady increase in the use of biometric facial identification systems is expected. As of 2015, despite the fact that Europe is the second largest player in the global market for biometric facial identification technologies, other technologies such as recognition of fingerprints, arm veins and iris patterns are more widespread. The introduction of facial recognition systems was carried out at a slower pace, which was associated with the crisis in the eurozone. But analysts expect this market to grow at a compound annual rate of over 21% over the next four years.

Manufacturers are investing heavily in research and development of biometric facial identification systems. It is expected that this will significantly accelerate the development of such systems by identifying qualitative parameters of the face, including scars, nose length or facial expressions, which can be used to determine a person's age or gender.

Biometric facial identification technologies can be used in the retail industry to identify customers and track their purchases, shopping habits, age, gender, crime and credit history. It is expected that the data collected through such systems will be used by retailers for marketing purposes and in order to make special offers to customers based on information about their previous purchases.

2015

2015: According to media reports, MasterCard announced in the summer of 2015 that the online purchase confirmation program will be tested by scanning the user's face.

At the final stage of the purchase, the online buyer will need to take a photo of himself using a smartphone. MasterCard believes it is much easier than remembering passwords.

According to CNN Money, the payment system plans to reduce the level of fraud with the help of a new innovative tool. “I think the new generation that lives with selfies will love it. They will surely pick up the technology, ”said Ajay Bhalla, director of security innovation at MasterCard.

MasterCard uses the SecureCode online payment security technology, which involves entering a password to confirm payment on the Internet. According to the company, this technology was used in 3 billion transactions last year, and it prevents fraudsters from using the card on the Internet. However, passwords are forgotten and can be stolen or intercepted. This is why many financial companies have started to implement biometric technologies for user convenience and increased security.

At first, the project will cover 500 users, and in case of successful testing, it will be launched for public use.

2014

2014: The founders of the Israeli startup IsItYou plan to use the front-facing cameras of smartphones as a way to verify the identity of people when making banking transactions. According to the BBC, Israelis are confident that in the future selfies will be able to replace passwords, fingerprints and other forms of identification. IsItYou has implemented a new face recognition technology with a high degree of accuracy and protection against fraud.

The founder of the project, Benjamin Levy, said that due to the high level of security, IsItYou will be able to recognize 99,999 out of 100 thousand cases of deception. Levy tried to convince banks to implement his system as early as next year. It will be used to conduct financial transactions.

Google already uses face recognition in Android. Thus, you can unlock the device running this mobile OS. However, the developers have repeatedly argued that face recognition is not secure enough compared to classical methods. In this regard, experts doubted Benjamin Levy's claims.

Marios Savvedes of Carnegie Mellon University is researching facial recognition. He believes that a self-conducted IsItYou security test cannot be reliable.

The same opinion is shared by the world expert in the field of biometrics, Dr. Massimo Tistarelli (Massimo Tistarelli). He said that a full-scale scientific project Tabula Rasa is underway in Europe, the main goal of which is to develop anti-fraud protection for biometric identification methods. According to him, before entering the market, a number of independent studies should be carried out to confirm the effectiveness of the product.

Nose

The most accurate way to identify people is the retina of the eye, but British scientists have found an interesting replacement. They used the PhotoFace program and categorized all the volunteers' noses into six basic types: Romanesque, Greek, Nubian, aquiline, snub, and inverted. The merit of the method, they believe, is that the noses are more difficult to hide or disguise. The disadvantage is also obvious - a nose scan gives a much less accurate result than a retinal scan.

Analysis of the pattern of veins in the palm

School cafeterias usually don't shine at all, but one cafe in Florida stands out from the crowd for at least using hand scanners, which replace students with money for lunch. The system replaces cards and PIN codes with a scanner in the red light range, and it does not require physical contact with the palm. It remains to modernize the school breakfasts themselves.

The provider of technological solutions for the financial services industry Fiserv (Fireserv) announced in the spring of 2016 the launch of a palm scanner on the market Fiserv Verifast- biometric authentication systems, with the help of which financial institutions will be able to reduce the number of cases of fraud, reduce the time it takes to complete a transaction and improve the quality of services offered.

Fiserv hopes to change the quality of in-person banking for customers by speeding it up and making it safer with palm scanning technology.

Fiserv said palm-based authentication is different from traditional biometric authentication systems, which often work only in manual mode and are not very efficient. This system will provide "fast, secure and accurate" consumer identification through the use of an infrared sensor device that will read the unique pattern of veins in the palm of your hand.

Karl Guynn, director of product development at finance company Gesa Credit Union, which recently started testing Verifast in three of its subsidiaries, said: “We tested our traditional authentication process and found that identifying a person at a POS takes about 15 seconds. Palm vein pattern authentication takes about one second. In other words, we have sped up the execution of each transaction by 14 seconds. Authentication by the pattern of veins in the palm significantly speeds up transactions, so that a person can look into the office for a short time to quickly carry out the operations he needs, and go on about his business. This process is characterized by higher reliability, our customers and cashiers have highly appreciated it. "

A study by financial group Raddon found that about 83% of consumers view palm authentication as one of the extremely useful features for banking transactions. Almost 97 percent of beta testers of the service reported that they are more likely to use the technology once it is introduced in the banking environment.

Cognitive fingerprint

No one considers memorizing long strings of numbers and letters as obsolete as the American defense agency DARPA. It develops the concept of "cognitive fingerprints" that can combine scans of the iris, keyboard handwriting, and even web surfing habits for continuous user authentication.

Systemic "trolling"

Of course, no one wants to receive error messages, but these messages can play an important role in ensuring security. By randomly displaying error messages on the screen and observing user reactions, Southwest Research Institute specialists prepare to identify users and recognize intruders. So the next time the PC informs you of low memory and asks if you want to troubleshoot, check everything carefully. Perhaps they are testing you.

Individual interface settings

Experts from the University of Maryland use visual streams for additional authentication of a PC or phone user. On a desktop computer, the program analyzes the owner's typical ways of positioning and resizing windows, working patterns and restrictions when moving the mouse. Three video streams are checked on the phone at once: the image taken by the front camera, the details of the environment (as well as shoes and clothes) taken with the camera on the back, and the manipulation of the screen. Researchers expect that combining these three streams will be enough to authenticate each individual user and perform repeated checks during the operation of his device.

DNA test (in ppm hair)

This method almost unmistakably identifies the owner, but it never became everyday due to the time and cost involved. But several groups of researchers are actively working to reduce the cost and speed up the process.

Biologists from the Lawrence National Laboratory in Livermore (USA) have learned to almost accurately determine the personality of a person not only by DNA, but also by proteins contained in hair. The method, according to the creators, will revolutionize forensic science and archeology, PLoS One magazine reports in the fall of 2016.

Although the technique of protein analysis is still far from perfect, it makes it possible to accurately establish an identity not only in the first hours and days after a person's death, but even several centuries after his death. Scientists have successfully identified several people who died more than 250 years ago.

The technique works as follows: hair is dissolved in special substances that do not destroy the chemical structure of proteins inside them, and the composition of this "soup" is analyzed for the presence of 185 mutations in the structure of proteins, the combination of which is unique for each inhabitant of the Earth.

According to experts, such a set of proteins is excessive - in fact, about a hundred such markers will be enough for accurate identification. Now scientists are working to simplify and reduce the cost of the technique so that it is convenient to apply it in practice during criminal investigations and during excavations.

The method has already been tested on six dozen European Americans who have agreed to donate blood and hair for DNA and protein tests. According to biologists, the identity of each of them was correctly established, which paves the way for the use of proteins in calculating the personalities of criminals from very small portions of hair. For this, a sample weighing only 1 milligram is enough, which is slightly more than one hair contains.

Auricle

The auricle is not only suitable for protecting the ear canal. The developed system remembers the tubular structure of the middle ear and the general shape of the auricle to create an “earprint” that allows accurate identification of the wearer in 99.6% of cases.

Loss or theft of a gadget can cause a lot of problems for the owner. And this is not only material losses due to the loss of an expensive gadget, but also the threat of unauthorized access to personal or corporate data, an online banking application or an electronic wallet.

In the spring of 2015, Yahoo Labs proposed a new option - to identify the owner of the smartphone by his ears. Scientists used the fact that two identical auricles do not exist in nature - this is unique biometric information.

Since the touch screen touches the ear during a call, this can lead to erratic pressing of the on-screen buttons by the ear, so the smartphone screen is always turned off during a call. At this point, scientists at Yahoo Labs proposed to authenticate the owner. Development testing has shown that the accuracy of biometric identification using an auricle fingerprint is 99.52%. The created software was named Bodyprint.

Interestingly, Yahoo Labs has also proposed modifying the procedure for accepting a call. So, until now, all phones have always demanded to press the receive button. Now you can just put your smartphone to your ear: Bodyprint software recognizes that the ear is pressed, and starts broadcasting your voice.

Since Yahoo itself is not interested in the production of gadgets, it is likely that either the technology will be licensed, or the corresponding software will be distributed as a mobile application through the Apple Store and Google Play. The main advantage of the created technology is that there is no need to install a special fingerprint sensor. There is a touch screen in any smartphone, the technology can be applied in any gadget, so its prospects are very significant.

In June 2015, it became known that Amazon received a patent for a technology that would allow unlocking the phone with the ear. If the technology is implemented, it will work as follows: a person brings the phone to his ear, the front camera takes a picture of the auricle and compares the photo with the one in the database. That is, the technology is similar to that used for fingerprint authentication.

The video from the PatentYogi project explains how authorization will work. Perhaps the company will use this technology so that when you answer a call, you just need to hold the phone to your ear.

Iris

In the summer of 2016, the two largest banks in South Korea, KEB Hana Bank and Woori Bank, are introducing a retinal identification system for mobile banking users. This was reported by the press service of financial institutions.

“The identification system will go live later this month when the Samsung Galaxy Note 7 phone, which is equipped with a retina scanner, will begin shipping in the country,” the press release said. It is expected that the launch of the new system will significantly increase the level of user security, protecting them from fraudsters operating on the Internet.

"The technology for recognizing the retina of the eye is extremely advanced and complex, which makes almost any hacking attempt useless," the document emphasizes. It also notes that data about the user's retina will be stored on the phone itself, and not on company servers. This will simultaneously provide additional user protection and simplify the use of mobile banking.

The third largest South Korean bank, Shinhan Bank, is also considering launching a similar system.

In the summer of 2015, it became known that Google has been working on contact lenses and various options for their use for a long time. The patent application talks about another of these options: scanning the iris for biometric purposes.

Previously, Google had ideas for lenses with built-in inconspicuous cameras and lenses with the ability to analyze blood sugar levels through tear fluid. The new biometric scanning method should be more difficult to hack than fingerprint sensors. The application was filed on June 2, 2015 and describes lenses and circuits with light sensors over the iris. They scan the shell and create a fingerprint, which is compared with the sample contained in the device. If there is a match, the user can log into their account or unlock the device. The lenses require a wireless power supply to operate. Since the goal is to improve user security, you can opt out of providing personal information and the data collected by the system will be anonymous.

Contact lenses can have other uses as well. For example, giving small doses of drugs (like insulin) at short intervals instead of infrequent, high-dose injections. Another option is night vision for people with vision problems. Alternatively, the substance lacriglobin in the tear fluid helps detect different types of cancer - breast, lung, brain, so lenses can help in early detection of illness or monitoring remission.

Fujitsu developed smartphone user authentication technology at the beginning of 2015, which allows you to do this by the iris of the eye with just one glance: authentication takes less than a second.

It's easier than typing a code, or putting your finger on (which can be dirty or just physically awkward to touch). Iris authentication (in fact, the color of the area around the pupil is recognized) works in Fujitsu technology even if the user is wearing transparent glasses or contact lenses.

For the technology to work, the smartphone includes additional authentication equipment that weighs less than one gram. In particular, it contains a miniature infrared sensor and a camera.

Initially, the user registers their iris by looking at two special circles on the screen. The data is stored exclusively on the smartphone. Later, for authentication, it is not necessary to bring the smartphone close to the face, as in many other iris authentication systems. Thus, the Daily Mail noted that the new system works at a distance of up to 22 cm against traditional identification technologies operating at a distance of about 10 cm.

The Fujitsu product includes a special algorithm developed by the Californian company Delta ID. Fujitsu is working on an enterprise version of its new solution.

In 2014, Google announced a partnership with the Swiss pharmaceutical company Novartis, which promises to start producing lenses by 2019. Google has a number of competitors in the contact lens space of the future. Swiss company Sensimed wants to measure eye inflammation in patients with glaucoma; American Innovega can turn lenses into high-resolution displays without harm to vision; The University of Michigan is working on infrared lenses for night vision.

By smell

In 2009, in an effort to improve “the ability to identify individuals planning to harm the nation,” the US Department of Homeland Security examined whether body odor could be used as a method of uniquely identifying a person. A change in smell may be evidence of a change.

Researchers from the Polytechnic University of Madrid, in collaboration with IIia Sistemas SL, presented in early 2014 a method that claims a place in the line of biometric identification technologies on a par with recognition of faces, fingerprints and iris.

The system, developed by scientists in Madrid, is capable of identifying people by smell emanating from the body. The researchers argue that every person's body has consistent, distinct "odor patterns" that are unaffected by disease, diet, or age.

Researchers have created a sensor capable of recognizing "unique patterns" of human body odors and identifying their wearer with an accuracy of 85%. The sensor was tested on 13 volunteers, of whom eight were men and five were women.

Scientists took thirty samples of the smell from the cleanly washed palms of each of the subjects at different times of the day. According to the developers, the sensitivity of the sensor was so high that it was difficult to trick it with soap, deodorant, cologne or other attempts to change the smell.

In an official statement from the university, scientists are confident that this opens up the possibility of creating "less aggressive" ways of identifying a person than those that exist at present.

Despite the fact that the recognition of the iris and fingerprint provide high identification accuracy, in the mass consciousness, these technologies are closely associated with forensics, which causes distrust and protest, scientists say. Face recognition at the current stage of development gives too much error rate.

Thus, the development of odor sensors that make it possible to identify a person passing by them opens up opportunities for the development of more comfortable and invisible identification methods with a sufficiently high level of accuracy.

Researchers are confident that such technologies can be used at airports, at border checkpoints and in any other situations where photo identification is currently used.

Smell identification is one of the oldest methods used to find and identify people, but now in forensics, specially trained dogs are used for this. The development of methods for effectively recognizing human odor using electronic devices started relatively recently.

So, in April 2013, a group of Swiss scientists presented a method for identifying a person by smell from the mouth. Using a laboratory mass spectrometer, the scientists took breath samples from 11 subjects for nine days. Scientists have been able to prove that bad breath also has a unique molecular pattern that does not change depending on external factors, such as the use of odorous foods or smoking.

Neural connections instead of fingerprints

A unique system of connections in the brain of an individual can be used to identify a person, like a fingerprint. Such conclusions were reached by American scientists, authors of an article in the journal Nature Neuroscience, reports Lenta.ru

Neurophysiologists traditionally use a number of methods to represent the structure, function, and biochemical characteristics of the brain (eg, computed tomography) to compare brain activity in different groups of people. These methods, or neuroimaging, allow us to understand one or another feature of the brain that is characteristic of all people, and individual characteristics are usually ignored.

However, Emily Finn and her colleagues found that the unique patterns of connections between different parts of the human brain are stable enough to accurately identify the subject. Finn has worked with 126 members of the Human Connectome project. It turned out that the pattern of connections obtained during one of the neuroimaging sessions (at rest, when passing tests for memory, emotions and language skills) remains unchanged in subsequent sessions - and it is easy to identify the individual among the other participants in the experiment.

Moreover, the drawings of connections helped to predict the level of mobile intelligence (the ability to perceive and remember new things, to solve problems that a person had not encountered before). The main predictors of this ability were the connections between the frontal, parietal and temporal lobes of the brain.

In addition to the University of Oxford, the universities of Washington and Minnesota are participating in the Human Connectome project. A connectome is the sum of all connections between neurons, the number of which in the human brain is estimated at a quadrillion. The project was launched in 2010 with a budget of $ 40 million.

This technology has another significant advantage. “A fingerprint can be stolen, and the person in this case will not be able to grow a new finger to replace it. Brain imprints, however, can be easily changed: the user simply comes up with a new combination of thoughts, ”said Professor Sara Laszlo, one of the participants in the project to develop brain identification.

Implant a chip or swallow a microcomputer

The most original and unusual method of personal identification was proposed by PayPal. The company simply offered to implant chips or swallow microcomputers. This will solve the authorization problem radically and permanently. Chips and microcomputers will analyze the pulse, gastric acid composition and other internal biometric information. Details, however, have not been specified, but such a bold approach to solving the problem is at least admirable.

Notes (edit)

"Face recognition will appear here soon" - such an announcement was seen by many residents of the Voronezh region on the screens of ATMs. On June 30, 2018, Russian banks began launching the Unified Biometric System (also known as the “Rostelecom Key”), thanks to which customers can receive financial services remotely and even without bank cards. By June 30, 2019, the service for removing biometrics should be provided by at least 60% of the structural divisions of banks, and by the end of 2019 - 100%. By 2021, banks will be able to provide biometrics not only financial, but also government services.

How and why do banks collect biometric data from customers, is it possible to refuse it and whether the new technology will protect against fraudsters - in the material of RIA Voronezh.

What is biometrics?

Biometrics is a set of unique human data: fingerprints, palm shape, vein pattern, photographs of the face, retina and iris, and others. But for the Unified Biometric System, only voice and face are selected. The Central Bank notes that human recognition by these parameters is the most accessible and widespread today.

- The combination of two parameters - face and voice - allows you to accurately identify a person. In addition, video cameras are built into any smartphone or laptop, and the availability of technology is the most important factor in its spread throughout Russia. The fingerprint is more difficult to use. First, a special reader is required here; not all smartphones are equipped with it. Secondly, the fingerprint scanner has low sensitivity, and the software for working with biometrics is closed to external systems, - added to the Post Bank.

Why do you need a Unified Biometric System?

With the help of biometrics, you can open a bank account or take out a loan from the comfort of your couch. And soon it will be possible to withdraw cash from the face and voice in biometric ATMs. The mechanism by which financial services can be obtained remotely is called remote identification.

- Remote identification will increase the availability of financial services, including for people with disabilities, the elderly and people with limited mobility. It will become more convenient for the client to receive services regardless of the time of day, location or development of the bank's branch network, - explained the acting director. Roman Kostyansky, Head of the Voronezh Branch of the Central Branch of the Bank of Russia in the Central Federal District.

We are also talking about security: today a fraudster can open an account with a stolen passport. It is much more difficult to deceive biometric algorithms than a person. Given that the Unified Biometric System uses an additional link with the login and password from the State Services, this becomes almost impossible.

How does the system recognize a specific person?

To, for example, open a bank account, a person will need a smartphone or laptop (tablet or computer) with a microphone and a webcam. On the bank's website, you will need to enter a username and password from the State Services portal, turn on the recording, look into the camera and read the sequence of numbers that appears on the screen. The program may ask you to turn your head or smile. This record is sent to the Unified Biometric System, where it is compared with the control template. After that, the bank decides whether to open an account.

Is it mandatory for everyone to take biometrics?

No. Removing biometrics is voluntary and free of charge. In addition, the user can delete his digital image at any time.

Where to submit biometric data?

To use remote identification, you need to submit biometric personal data at the office of any bank equipped with special equipment. The number of points where you can pass biometrics is constantly increasing.

- If in July 2018 in the Voronezh region biometric data could be submitted only in four places, then in January 2019 the number of offices equipped for collecting biometrics reached 100. And they are open, besides Voronezh, in 18 other settlements of the region, - said Roman Kostyansky.

You can familiarize yourself with the location of the "biometric" points of banking services on the interactive map of the Central Bank.

If you have passed biometrics in one bank, then you no longer need to retake it in another - your data is already in the Unified Biometric System and the Unified System of Identification and Authentication (ESIA), it is also State Services.

How is biometrics taken?

The correspondent of RIA Voronezh tested the system on herself in one of the offices of Post Bank. The procedure for submitting biometrics takes about 15 minutes. You need to take your passport and SNILS with you - for registration on the Gosluslug portal in the Unified Biometric System. If you already have a verified account on the State Services portal, then use it.

A photograph in a bank is taken with a webcam. The next stage is voice recording: into the microphone, you need to say the numbers from 1 to 9 in forward and reverse order, then - a sample from the numbers. If you get sick and your voice has changed, it is not recommended to undergo the procedure.

Now your biometric template - the digitized face and voice - will be associated with personal data that is stored in the Unified identification and authentication system.

What is sampling from numbers for?

The creators of the biometric system are sure: even if a fraudster wants to withdraw money from a well-known politician and puts on a face or a mask, the system will recognize forgery. The point is in a random sequence of numbers. To pass off someone else's voice as your own, you will have to make several thousand recordings of your victim's voice with all possible combinations and choose the one you need in 1-2 seconds at the time of identification.

- The check is carried out as follows: a citizen records a video where he pronounces a sequence of numbers. This video is verified by algorithms of two vendors - a separate image of a face and a voice. In parallel, the system launches video verification using other biometric algorithms. If one or more of them did not identify the citizen, then the so-called anomaly module is included in the work, which analyzes the reasons for discrepancies and, if fraudulent actions are detected, sends a corresponding notification to the bank, - explained in Rostelecom, which developed the system.

Do biometrics need to be updated?

A biometric template is not permanent. Its shelf life is three years. Due to the fact that the face and voice change over the years, be prepared for the fact that after three years you will again have to come to the bank and retake biometrics.

Affect facial recognition by tattooing, piercing and makeup?

The Post Bank claims that changes in the form of tattoos, piercings, bright makeup, beards or glasses do not affect identification results. The press service of Otkritie Bank agrees with them:

- Face recognition mainly takes into account the areas around the nose and eyes. Therefore, girls should avoid complex multi-layered makeup - it can significantly reduce the likelihood of correct identification.

But the chief operating officer of Alfa-Bank Dmitry Frolov warned to do piercings and tattoos on the so-called "control points":

- It all depends on the individual characteristics and the location of the piercing or tattoo. If the piercing is located at the control points used for face recognition, then it can negatively affect the verification. In the presence of a tattoo on the face, theoretically, difficulties may arise with the construction and registration of a biometric template.

What if the client is hoarse or has lost his voice?

If you are hoarse, start or quit smoking, have lost your voice, then most likely you will not be able to log in to the system - you will have to wait until your voice recovers.

- Biometric identification of people is a revolution. A person will no longer need documents! Many operations that require confirmation can be done without any papers at all. It will be easier and faster to work with an online bank, communicate with officials, and interact with stores. The need for hundreds of passwords will also disappear. This is a significant change in all approaches in almost any field of activity. Financial - first of all. Like any revolution, this one carries many risks. The risk of “losing oneself” (when fraudsters in one way or another imitate a person's biometrics and take his place), for example, is widely covered in science fiction literature. There are also purely technological problems. For example, most likely, biometrics technology can only work with a stable 5G Internet. Difficulties in the field of security are not excluded (risks of data theft from storages, risks of forgery, risks of leakage abroad).

Elena Chufrinova

bank analyst

How does the system identify twins?

"Key" recognizes a person not only by the face, but also by the voice. Twins' voices are often different, which means that the system will not confuse them.

- Today one twin can come to the bank instead of his brother and open an account in his name - the bank operator is unlikely to notice the difference. Biometric algorithms are more likely to do this. In addition, since registration with State Services is required for the submission and confirmation of biometric data, this gives additional opportunities for personal identification, because the twins have different logins and passwords in the system, ”said Rostelecom.

Is biometric data leak possible?

The system complies with the information security requirements of the federal level. The biometric template is stored in an impersonal form separately from personal data - full name, passport data and SNILS, included in the ESIA databases ("Gosuslugi" portal).

- The voice and face are identified along with a personal record on the State Services website. This is how we ensured very high security already at the login stage. We also conduct a secure communication channel between the client's phone and the database so that the data cannot be intercepted, - noted in Rostelecom.

It is almost impossible to steal the "base of votes" - all data is stored in protected storages. To transfer personal data to the Unified Biometric System, cryptographic (encryption) means of protecting information are used.

- The data is stored in an impersonal form and in the format processed by biometric algorithms "hashes" (hashing is the transformation of an array of input data using mathematics). This means that it is impossible to recover a photograph of a person from this data. Moreover, it is impossible to associate them with a person's personal data, since they are stored in another system - the Unified System of Identification and Authentication. This means that the theft or substitution of the biometrics database will not lead to an opportunity for attackers to receive loans to someone else, the company explained.

Should I rush to take biometrics?

Andrey Sorokin and Anton Nekhaev, programmers of the Voronezh company DataArt, advise not to rush to provide banks with their biometric data and wait 9-12 months: to observe what happens to people who have already passed biometrics.

- Over the years, there will be a lot of fraudulent methods, so be careful with the biometrics you provide. Do not conduct long negotiations with strangers, post selfies less often, do not go through audio and video interviews on the street. Keep a close eye on all agents who collect biometric data. It is important with whom you share these samples, - says Andrey Sorokin.

Programmers do not exclude the possibility of biometric data leakage and their distribution through illegal channels, which will free the hands of cybercriminals.

- Sooner or later, databases will leak into the public sphere. In 20 years there will be publicly accessible bases for all people. And here there is already a possibility that we will all be “under the hood,” says Anton Nekhaev.

Have you noticed a mistake? Select it with the mouse and press Ctrl + Enter

Nowadays, speech technologies are rapidly turning from exotic IT into reality. Quite great success is shown by voice biometrics, on the basis of which various applications have been implemented that provide the creation of useful services for banks, contact centers, clinics, vehicles, voice control of mobile communications and navigation. Nuance Communications is among the companies offering a wide range of popular speech, text and document applications. Her regional director of sales and business development, Nuance Communications Martin Veselka answered questions from the PC Week / RE columnist Petra Chachina about modern possibilities of speech technologies and voice biometrics.

Martin Veselka: Voice biometrics is one of the technologies that is evolving very quickly and allows different companies to use its solutions for customer identification. In the biometric system, individual behavioral, psychological and some other characteristics are used to determine or confirm personality. A variety of biometric measurements are available, including iris scans, fingerprints, face recognition, voice recognition, signatures, and more. Voice biometrics allows a client to be identified by examining a person's vocal characteristics. It provides a relatively simple and economical way to solve a number of practical problems.

PC Week: What is driving the current interest of IT services in various industries in voice biometrics and speech technologies?

M.V .: This is due to the fact that voice biometrics and speech technologies are far from being toys, it is a highly developed technology that can be used to improve the quality of a service to such an extent that the customer can feel this improvement. The enterprise must provide the customer with an automated service, and speech technology can help with this. Nobody makes the client wait, does not redirect and does not offer to use the menu. Voice communications are convenient for the customer.

The system understands the client and is able to check his words. He may not even remember the password or number. Voice biometrics, which are used during the conversation, allow you to determine who is calling. This shortens the talk time. So the client does not need to introduce himself and give a password. His password is his voice! At the same time, he feels that his call is important and the company makes a decision immediately.

PC Week: In which industries are voice biometrics and speech technology applications most in demand?

M.V .: They are most widely used in the banking sector, insurance companies, and telecoms. Airlines are showing significant interest. The market of mobile applications for cell phones is also promising, where speech technologies are in full demand. In the automotive industry, voice systems allow you to use navigation devices on the road, are able to turn on music, air conditioning, help, without being distracted from driving, record and send SMS, etc.

In medicine, speech technologies are used to record information about clients, create electronic patient records. This optimizes the physician's work and creates clear benefits for clients. The doctor does not use a computer keyboard, he simply dictates medical indicators and diagnosis. A speech recognition system translates voice into text and records it.

M.V .: Banking contact centers are successfully using voice technologies. If the client needs basic information, then it is provided to him freely. But if he wants to conduct a financial transaction or some kind of transaction with his account, then his [status] needs to be checked. Voice biometrics is one of the types of client verification, with the help of which it is possible to identify whether a person is alive or whether a speech recording is being broadcast.

The voice biometrics system can identify the need for additional verification of the client. You can also create a “black list” of prints of votes of customers seen in fraudulent activities or attempts to unauthorized access to the accounts of other customers. This allows you to ensure the security of banking operations.

PC Week: Is the customer voice verification system more secure than PIN codes and passwords?

M.V .: I would like to point out right away that the voice biometrics system is more convenient for the customer than using PIN codes and passwords. But it can also be said that voice biometrics are more secure, as the password can be overheard and stolen during the conversation. And PIN is a big problem for all contact centers, because the operators themselves can use this information. The password and PIN are not difficult to steal, such information can go to the black market, but the voice will remain with you! But the combination of voice biometrics and questions about personal information about your life in combination allows you to achieve a high degree of reliability.

M.V .: What are the specific problems of contact centers? They do not have time to respond to requests, there are not enough operators. In this case, automatic interactive voice response devices IVR are used. But customers do not always want to work with IVR, they prefer to wait for the operator's response and waste time servicing the contact center.

The customer calls the call center, we ask him how to help him. He answers the question in a free form. With the help of a speech recognition system, we understand his request and decide where to go. We either transmit this information to the self-service system, or send a call to the operator. At the same time, we can identify the client using voice biometrics. By applying these measures, we save a lot of time compared to traditional methods, because IVR does not answer questions.

In Eastern Europe and Russia, voice biometrics is practically not used. And in Western Europe and the USA this technology is already widely used. This situation will certainly change in the next year or two. Call centers will use speech technologies such as voice biometrics to provide the best quality service for all contact center customers.

For example, a Russian bank wants to implement voice biometrics to support the credit card system for all of its customers. This will allow you to identify users. Voice biometrics installation technology is not complicated. But customers should be aware of the availability of a new service, this is an important element of its promotion.

PC Week: How Expensive Are Voice Biometrics Systems? Is the market for voice solutions for contact centers big?

M.V .: At the beginning of each project, we calculate the economic efficiency and the return on investment. Depending on the wishes of the client, the project can be done based on the number of IVR ports, or based on the number of voice prints used in the system. If the voice solution is well debugged, then the time of one call can be reduced by 20-40 seconds, and the return on investment occurs in six to nine months.

The voice biometrics market exists both within and outside of contact centers. Moreover, each call center can use voice biometrics. Today, almost all the giants of the IT industry, such as Google and Microsoft, are engaged in voice solutions. But besides call centers, there are other possibilities for using voice biometrics, for example, for managing mobile devices, providing secure access to certain rooms or to certain equipment, in the field of medicine, etc.

PC Week: And how is speech recognition used in medicine?

M.V .: In medicine, speech recognition aids in the release of nursing staff. Dictation and transcription applications have been developed to improve the quality of recording, processing and using patient data. This enables the creation of voice-guided medical archives that significantly reduce operating costs and improve patient care. The use of such systems increases the profitability of hospitals by reducing the average duration of the task and at the same time increasing the efficiency of service delivery.

M.V .: Voice engineering systems are developing rapidly. In virtually all areas of business, they create new opportunities to serve customers, improve accuracy, productivity and production efficiency, and reduce time and financial costs. They invade the lives of millions of private users. Therefore, we can expect a further increase in the number of recognized languages ​​and an increase in the number of services created on this basis.

PC Week: Thanks for the conversation.

Popular
Categories

2021
maccase.ru - Android. Brands. Iron. news