Introduction: Using biometric technology for identity authentication and human-computer interaction has become an important trend of many mobile terminal products. Ali Real person authentication technology can use in vivo detection, face comparison, combined with authoritative data sources and Ali Real person credibility model, determine the authenticity and validity of user identity online identity verification service. Ali voice print recognition technology is applied to the user identity verification of Ali platform, through which the password of Mobile Taobao can be modified. Biometric identification can provide additional and more security for mobile devices.
Wang Yan: Good morning. I am Wang Yan from the Biometric team of Security Department of Alibaba Group. Next, I would like to introduce a popular topic nowadays is biometrics, which is alibaba’s core technology practice in mobile terminal. I will tell you about it in four parts:
The first is a simple overview of biometrics
And then talk about how we use biometrics at Alibaba.
The last two talk about two biometric technologies, a face recognition, a voice print recognition, in the case of mobile phone applications.
< a >
Here’s a list of eight common and commonly used human biometrics. Fingerprints and the face are the most common, and the iPhone already uses these two technologies to unlock the whole device. Palm shape, voice, iris, veins, retina and gait are all available.
Biometrics should have these three characteristics:
The first one is unique. Each person is unique.
The second feature is a very stable, lifelong, long-term, relatively stable feature. Biometric it is different from other keys, passwords, magnetic cards that are easily lost, because you are the passport, as long as you are in biometric.
Third, if it is to be used, it must be collectable, and machines can use it for recognition, for example, faces, irises can be picked up by cameras, voices can be picked up by microphones.
The six I simply analyze the biological characteristics, from precision, iris, vein is high security is the strongest vein, anti-counterfeiting is as false capacity, and the fingerprint is generally, we can buy from taobao paper film, there must be in the middle of the four biological characteristics, professional equipment, only can do only face and voice characteristics of all mobile phones can be collected. When the application scenario is facing all mobile users, such as taobao, Alipay and wechat apps to be installed on the public’s mobile phones, face and voice can be collected at this time.
I’m going to share with you the application of the two biometric features of face and voice. Face has experienced explosive development in both technology and system. In the past 10 years, a lot of start-up companies have been established and a large number of companies have entered this industry. Here are four big facial recognition companies, valued at over a billion dollars. From the market point of view, it is also explosive development, estimated at 5.136 billion yuan, from the technical point of view of development is quite fast, the recognition rate from 74% to about 92%.
Why face recognition products can break out, there are four reasons for the outbreak, the first is the popularity of mobile phones, mobile phones with cameras can take faces, which is the most basic acquisition equipment. Face data is everywhere, including id cards, surveillance cameras, photo albums, social networks, and having a large amount of data is very beneficial to algorithms. The technology based on deep learning will gradually mature, and the recognition rate will be enough to apply, so that real commercial value will be generated. Last but not least, this kind of biometric technology can be accepted by people, because the easiest way for us to recognize a person is through his or her face, which is consistent with people’s feelings, and it will become an acceptable technology.
Let’s look at what’s hot in the last month or so:
* On August 23, Beijing Capital Airport decided to adopt facial recognition system in future security checks
* A total of 25 online fugitives were caught at the Qingdao Beer festival on August 30 using the face-rating system
* On September 1, Alipay introduced face-swiping payment at KFC restaurants in Hangzhou, which does not even require a mobile phone
* On September 10, Beijing’s public rental housing policy stated that cameras will be installed in the future to ensure that people who move in are the same as those who register
* apple 8 was released on September 12 and announced that it would replace fingerprints with faceID
* This year, Alibaba’s annual conference used Ali-identified technology to swipe its face
Another is voice print. This technology will gradually mature. More than 10 years ago, it was mainly used in the public domain, such as monitoring fugitives through the recording of telephone calls. In 2015, there have been some civilian products, including Tencent wechat in 2015 with voiceprint lock, identity based authentication services, but also the use of voiceprint technology, IFLYtek in judicial identification, car satisfaction survey, mobile customer service in Anhui, banks have used voice print technology. In the CCB system, voice print authentication is also used for transactions, and the number of transactions has exceeded 140 million times. As far as I know, CMB is also promoting voice print applications on customer service and APP.
< 2 >
Here’s how ali uses biometrics.
Here to recommend our products “are called ali certification, is through the biological recognition and identification of a large data to ensure network identity is sustained and effective, real and risk is low, after you register an account that is to say, to be certified by real people, must know behind with this account is a real person, I can always find him, that is the real men certification, My purpose is to be able to prevent the risk of identity through real person authentication, to ensure the true and effective identity.
Why did we develop such a product? There are three main backgrounds:
1. The first is national supervision
Now we know that the Network Security Law was released on June 1st, and other regulations stipulate that our online business must be authenticated by real names and real people. For example, wechat group owners also need to be authenticated by real names.
2. In addition, ali’s ecology or network ecology also requires platform management
Our most common black products, gray products will do some illegal behavior, such as gambling, drugs, brush, water, scalpers and so on, behind these behaviors will be the use of registered accounts to do these behaviors. But if we are certified by real people, we know who is behind the account, there is a strong deterrent effect on these illegal illegal elements, because he can be found at any time, he did not dare to do this thing.
3, if we log in to the user are real person authentication, we can establish a mutual trust trading environment.
We use this product for the ultimate purpose of building a safe Internet ecosystem together with everyone. The core functions of our real person authentication are mainly three points, and I will talk about the core points:
The first is identity
When you do the certification need you to upload your documents, such as id card, photo, we through the OCR recognition technology identified your name, number, this time by the authority’s website to check the certificate number, and name is real, if there is a show that the person is real, the real identity we here.
The second step is to see if it is real and valid, to see if the user is a real person
We take a picture in real time with a camera lens on our phone, match it to an ID photo, use facial recognition technology to see if it’s the same person, and make sure it’s a live person. We use vivisection technology to make sure that there’s a live person in front of the camera, that it’s him, that it’s real,
Third we in order to protect ecological security
Will also look at the registration of the people is a risky person, have done no wrong, this time ali’s biggest risk database, including the blacklist, including equipment and mobile phone information, I’ll know to register this person what is the degree of risk, and the risk of changes in dynamic tracking, if found to have the account of buying and selling behavior, We’re gonna have him do it again, verify it.
We have used this product internally for a long time. It has been used for two or three years. The number of people certified by us has exceeded 200 million, and there are more than 60 service scenarios.
— — — — — — — — —
↓ To open a shop on Taobao must be certified by real people to have the qualification to open a shop.
↓ For example, Xianyu has implemented the real-name authentication throughout the network. If you pass the real-name authentication, your avatar will have a label to show that you have been authenticated, and this label will bring a certain degree of trust to both sides of the transaction.
↓ Again such as Ali communications, online to buy mobile phone card, that mobile phone card to open the card, that according to the national regulations must be real name system, otherwise this card can not be used. After ali communication bought, there is an activated button, if the real name system is completed, this mobile phone card is activated, because Ali communication has been recognized by the Ministry of Communications only online card issuing channel.
↓ There is an online visa application for Japan, first of all, the visa is also a very serious issue, behind must do the real person certification.
↓ Also cooperate with Hangzhou traffic police, Shanghai traffic police (two apps), also use our real person authentication, you can pay fines, check illegal information and so on.
— — — — — — — — —
The data we use for this product are as follows. First of all, from the perspective of user experience, the one-time pass rate of users reaches 95%. From the point of view of the enterprise, the automation rate is as high as 96%. Automation is very important, which saves labor costs. The customer experience is very high and the certification can be completed in seconds. Another is through our real person certification, so that our entire Ali platform risk decreased by 80%. This product is officially released through cloud Shield real person certification on 14th. If you have the need, you can access our products through Ali Cloud.
That real person certification is now also made some applications, such as Internet cafes, hotel check-in, airport are used, new retail tao coffee, b&Q are in use. Another is the application of voiceprint recognition, we are promoting stage, in the hand of the tao to do a voice inside, the specific path is relatively deep, this product has just been developed before long, now is promoting stage, is able to do business is the password, password modification, mobile phone binding settlement tied back, then we can further promotion.
< 3 >
Is in front of the application, now tell me something about the technology itself, now face recognition is a fire, the technical threshold is more and more low, because of the deep learning, generally speaking you have enough data, good network, the recognition rate of 99% is easy to can be done, that is why have sprung up in recent years, a large number of startups face recognition. But is that enough?
If apps on your phone, including real person authentication, are based on mobile, you will find these criminals will attack the facial recognition system by flashing a photo on the camera, or playing a video on the camera, or wearing a mask to fool the facial recognition system. We saw some actual attacks in real person authentication, including photo attacks, powerpoint attacks, including pre-recorded videos, 3D software compositations, masks and so on. You to look at 3 d software synthesis, this year’s 315 reported that the party a reporter took a photo of success fooled face recognition system, the reason is that it lacks is an important part of living, living testing main purpose is to ensure that the camera is a real big living, instead of a picture, or a video or a mask. This can be said in the mobile application directly determines whether the face recognition system of our entire mobile system is available. However, from a technical point of view, the living detection technology is still not good enough, and does not match the actual application needs.
Now I’m going to focus on how biopsies should be done.
In vivo detection can be analyzed from two perspectives, one is the living person and the other is the living person, which attributes it will have. Another Angle is to look at the characteristics of the attacker.
We can analyze it from some attributes:
First is a face skin texture, color, but also three-dimensional, face size, and skin temperature, the reflection of light is not the same, there is a tiny pulse on the face, and the elasticity of the skin. Spontaneous behavior is every living person’s expression, even if they don’t smile, and a little gesture, and a wink, and a little eye movement.
Finally, the interaction ability, you can invite him to do some actions, such as shaking his head, nodding his head, smiling, or moving the mobile phone, or asking him to speak, or looking at the screen, etc., from which you can do in vivo detection. Of course, on the other hand, we can detect what is fake. The main limitation of the attack is the retaking of a photo or video, where there is a reflection, then there is a border, there is the refresh rate, the position of the light source and so on. Then we can develop a system for living detection.
There are two ways to deal with all these attacks, one from a hardware point of view, one from a software point of view, and the most obvious example from a hardware point of view is the iPhone 10, which uses a 3D camera, and an infrared camera, to deal with all of these attacks. But there’s nothing we can do with our normal phones, with all kinds of cell phones and selfies. Because we don’t. Normal phones don’t have 3D cameras and infrared cameras.
Only these software methods can be used to identify whether a living person is alive. We can invite him to do some simple interactive actions, such as nodding and smiling, and we can also do 3D detection, including the detection of photo texture retaking, so as to achieve the purpose of living detection by these means.
Let’s take a look at what the major large companies in the market do now. For ordinary mobile phones, they do some simple interactive actions, including nodding, shaking head or talking, and analyze the retaken shots, photos and screens. The client side recognizes the actions, and the server uses this method to realize the detection of living objects. Our Alibaba is also like this, first of all, action detection, and then remake recognition. Now we have embedded the most common ones.
From the perspective of domestic patent applications, it is obvious that there was an explosion of applications in 2015 and 2016. After 2015, the application of face technology exploded, and large companies applied for this technology related to living detection.
< 4 >
The last part is voice print recognition, which is also called speech recognition. It’s recognizing a person’s voice by its sound. One nice thing is that all of our cell phones can pick up sound with microphones. There are two main cases, one is called voice confirmation, is how to solve my problem, for example, after you log in the account, I will say a sentence to prove that according to this sentence confirm the account is not mine. The other is the problem of identifying who I am, like dozens of people talking, how do I know this person is a certain person. The two recognition methods are divided into two categories, one is text correlation, the other is text irrelevant. For example, not only do you recognize the voice, but you also recognize the content, so IF I ask you to read eight digits, the voice is you, and the numbers in it have to correspond, that’s called text correlation. Text irrelevant is a telephone monitoring system, as long as you have a phone I know you this person is who, this call text irrelevant.
This voice print recognition technique is very similar to the normal technique. One is to train the voice model in advance offline, train a model in pre-processing, and then build the voice pattern model of each person. For example, when a voice comes from an online application, I will match and score according to this model, and finally see the result. Here are the more mainstream methods, but I won’t go into the details.
There are also vivisection issues with sound, whether the sound is live or not, and there are also some attacks.
Attacks include, most commonly, pre-recording and playing back sound, and converting sound. I can change one person’s voice into another person’s voice with some software. Another is composition, which is used when the text is related. For example, you need to read eight-digit numbers, text input through software synthesis. Another is imitation, for example, ventriloquism is good enough to imitate another person’s voice.
So how do we technically defend against these attacks?
For example, if the recording has some fixed content, I let him play random numbers to change the content, so as to prevent the playback of the recording. The other three mainly use feature extraction, through the method of classifier to prevent it.
Biometrics are really going through an explosion right now, especially face recognition, and you’re going to see face recognition systems everywhere in the next year or two, especially in China. Thank you.
— — — — — — — —
This article is compiled by Ali Ju from shorthand manuscript, reproduced please indicate the source.