Home / Cases / Biometrics

Password-free biometric authentication system

Industry:

Security

Team:

5 members

Country:

USA

About the client

A startup from the USA with the idea of creating an innovative password-free authentication system. The technology allows users to log in to websites and accounts, encrypt/decrypt emails, be authorized and/or verified in services, and even be authorized by gadgets within Smart House ecosystems – all without passwords. Wherever they are and whatever computer, device, browser is used. All you need is have a look at the smartphone or touch it for being recognized by smart algorithms.

Challenge

To implement the idea of password-free biometrics authentication system, the Client required a full set of developments. Namely:

  • unique face recognition algorithm

  • iPhone’s fingerprint recognition feature enabled on developed platform

  • iOS application for user authorization

  • an integrating tool (a button) for websites enabling password-free log in

  • an encryption system for emails

On top of that, to provide a full support of a server, including creating and maintaining a database.

Team

For this project Vakoms assigned a dedicated team

Algorithm specialist

1 engineer

Web backend

2 engineers

iOS

1 engineer

Quality assurance

1 engineer

Solution

Vakoms augmented the Client’s staff in autumn 2014. Our specialists got involved in conducting business analysis, and carried out a thorough research on technologies and devices which might be used in the implementation of the idea.

Recognition Algorithms

The propeller of the password-free authentication system was to be a smart face recognition algorithm. It was written and is being elaborated on Python, using OpenCV (Open Source Computer Vision) and Mahatos SURF (Speeded-Up Robust Features) libraries. What it does is a realtime comparison between a photo of a face just taken via the app with a person’s characteristic features stored on a server in a MySQL database. The system has to take into account different parameters, including lighting and angle during photography, keypoints on the face, etc.

Besides, the algorithm has self-learning capabilities. It reveals the smallest changes in the face, like hair, wrinkles, scars and replenishes its database, providing more accurate recognition over time.

Also, the platform supports authorization via fingerprint recognition. For now, it is implemented only on iPhone thanks to Touch ID technology, but the Android version of this feature will be developed later.

Mobile Application

An integral part of the Client’s password-free authentication system is a native application, yet for iOS only. It enables finger or face recognition of a user who intends to log in on a website. The system sends a push-notification to the smartphone, asking the user to touch iPhone’s Home button or look in a camera and place his/her face in a special framework on the screen. Then these data are processed via bespoken algorithms.

In the app development Vakoms used Objective-C and OpenSSL for data encryption.

Authorization Button for Websites

On top of recognition algorithm and iOS application for authorisation, the Client, as a service provider, offers a special log-in button for websites that support OpenID protocol.

Following the registration in the system, clients receive API and thus are allowed to integrate the button into their websites. By pushing it, site users open an OpenID Provider popup which launches an authorization mechanism, which includes sending push-notification mentioned earlier.

The button is written with Javascript, HTML and CSS, while OpenID Provider itself is developed in Node.JS.

Encrypting Emails

Another useful tool within the project is Gmail Encryptor – an extension for Chrome browser which ensures secure correspondence. For its development Vakoms’ specialists used Javascript and jQuery.

The plug-in adds a turn on/off button to Gmail’s composing interface. After enabling this option a text is being encrypted by means of PGP technology and sent to a recipient. To execute the decryption a user on the other end has to perform an authorization with smartphone’s camera in the app.

Server

Of course all the fun happens on the server side. We have been providing full support since the very beginning of the project, in particular, coding on Python and testing.

Initially the server was developed and launched locally at Vakoms. After successful probation, our Back End and Web programmers performed an integration with the Client’s official website. Eventually, the server was deployed on Rackspace.

Here are some interesting features:

  • to ensure flexibility, more control and structuring of processing of connection sessions, we use Server State Machine technology

  • all requests are processed using WebSocket SSL Protocol (WSS)

  • the server stores recognition algorithms and PGP keys

  • keys are generated during initial registration of a user. When a person starts using an extension, the server delivers a private key and erases it from its database to ensure better security

  • we use MySQL database with Redis as an interlayer between the server and database. It ensures the caching of information about users and devices, allowing us to decrease the load on the database

  • the server uses RQ (Redis Queue) Python library for queueing jobs and processing them in the background with workers. This prevents the server from being stuck on separate tasks

  • Vagrant dockers allows for fast deployment of the whole service ecosystem anytime on any machine

Result

At present, we have fully functional password-free authentication platform, which is to be commercially launched before long. At first, users will be able to log in to websites or encrypt/decrypt emails with face or finger recognition. But later, the service will be complemented with other options. Among them – voice, retina, and palm recognition via smartphone’s camera.

Besides, the system may be ported on various devices and integrated in Smart House ecosystem. For example, a person could open an electronic door lock by simply having a glance at the in-built camera or by touching the phone’s Home button. Without any keys or any plastic cards.

Furthermore, based on Google Maps API, the system could be able to determine user’s location and give access to defined premises.

The Client plans to make the platform available under an open source license.

  • JavaScript
  • Node.js
  • Python
  • OpenCV
  • Mahatos SURF
  • Objective-C
  • OpenSSL
  • OpenID
  • jQuery
  • PGP
  • WebSocket
  • MySQL
  • Redis
  • RQ
  • Pony ORM
  • Tornado