Going passwordless: Stage 3 – deep learning. And cake.

tl;dr: we've done passive and step-up auth | time to add a sprinkle of deep learning | humans vs machines; why the machines win | you've got the ingredients for success but you need the right test kitchen - our dashboard | there are more baking jokes here than I thought feasible.

So, it’s been a while! I can feel the heavy air of expectancy, the hushed anticipation, but bear with me whilst I quickly recap. In Stage 1, you will remember, focused on running behavioural biometrics  passively and continuously, that begins tracking and authenticating with behavioural data from the moment an app is opened until it is closed. At Stage 2, we introduced step-up security; facial authentication with advanced liveliness detection to counter any spoofing attempts, whilst keeping intact a strong user experience.

A three step recipe for success

We have put in place strong foundations in order to “go passwordless”, then. You can consider Stage 3 a delectably thick and rich layer of buttercream icing upon Stage 1’s golden brown, springy to the touch sponge, and Stage 2’s homemade, generously spread layer of sweet, tangy raspberry jam. I’ll now finish off this masterpiece of a Victoria sponge with some beautifully piped buttercream. I’m channelling my inner Paul Hollywood and it feels good.

As an aside, I’ll be honest, there were some doubters in the office that I would actually be able to work Paul Hollywood into a blog about biometric security. And I do like a challenge. But let’s continue!

Two critical ingredients

There are two key ingredients for Stage 3 to bring you up to speed on; Deep Learning and a convenient, effective testing approach. I’ll start with one of buzzword bingo’s more recent entries, Deep Learning.

1 – Deep Learning

Deep Learning is a subset of machine learning, it’s conception inspired by how we humans operate. The core idea of a deep learning algorithm is to create an internal hierarchical representation of the data and form patterns that assist us in solving various tasks. The power of deep learning is that it enables us to solve complicated tasks with end to end solutions without having the hand tune different features.

In the context of biometric authentication, traditionally biometric authenticators have relied on machine learning using human-engineered features (for example, measuring the distance between the eyes in facial authentication), and matched identities on a manually-constructed, statistical book-of-rules. By using the same assumptions for all customers in this way, demographics and use-cases, accuracy levels are limited. Additionally, this model is not sustainable; it is labour-intensive, has a depreciative value and does not automatically adapt to specific use cases.

Taking this into account, we at AimBrain have built a deep learning platform which our biometric modules sit across. Based upon the newest and most pioneering deep learning research, it requires no human-engineered input and works by finding the most distinguishable features for every individual and use-case, separately. It is these automatically learned features that are used to build the user-specific templates for each biometric, be it behaviour, face or voice. This ensures the highest levels of accuracy, levels impossible to achieve manually, through the elimination of the general assumptions associated with older machine learning models.

The more interaction an end user has with our biometric modules, the more enhanced their stored template becomes, keeping accuracy high and thus maintaining a great user experience and security standard. The bake isn’t over though, and what we need now is a convenient, user-friendly testing environment that will work for individuals and enterprises alike who would like to test biometric authentication technology. I can only make out one question from the vast crowd of engaged readers, “Does such a thing exist, Will?”. It certainly does.

2 – The right testing environment

AimBrain On Demand is a new platform, free-for-life that lets entrepreneurs, app developers and technical audiences swap PINS, passwords and codes for facial and voice authentication. This service is capped at 1000 API calls per month, more than enough for an individual’s project or comparatively, a enterprise’s testing phase. Here’s a quick explainer video diving into more detail:

Parting passwordless thoughts

And as my three part blog series concludes, my only regret is not thinking of the Great British Bake Off sooner and gently folding it into all Going passwordless blog entries, as I have done with this one. The amount of Paul gags I could have crammed in would have been astonishing.

But anyway! Hopefully these entries have got you thinking about authentication, about what it means to remove a traditional password from a digital application (banking or otherwise) and lastly about how biometrics are the future. As members of all generations pine for a superior user experience and as cyber-crime and fraud hit record highs, the time for an enhanced authentication mechanism has never been greater.

If you would like to discuss any part of this blog series, about biometrics or the broader authentication sphere, or indeed cake-baking in general, do drop me line.

AimBrain - Simply Smarter Authentication