Sophos Cloud Optix
Google has filed a patent for a new technique to unlock your computing devices.
The patent describes a way to match up “facial landmarks” between two facial images, as well as performing a “predetermined facial gesture” to get there.
Fancy talk aside, we’re talking about grinning or sticking out your tongue at your phone.
Specifically, the patent covers making faces at your phone with any of these gestures:
- A blink,
- a wink,
- an “ocular movement”,
- a smile,
- a frown,
- sticking out your tongue,
- opening your mouth,
- moving your eyebrows,
- wrinkling your forehead, or
- wrinkling your nose.
The patent covers technology to match at least one facial landmark between pre-funny-face and during-funny-face images: at least one of an eye, an eyebrow, a mouth area, a forehead area, and a nose.
It’s the latest of a running series of Google’s attempts to remedy the easily hacked Face Unlock feature introduced in the Ice Cream Sandwich version of Android.
That technology was initially hacked by holding up a photo to the phone.
Google responded by introduced a technique called “Liveness Check” that requires users to blink to prove they’re alive and not just a photo.
Researchers using the most basic of photo editing tools managed to fool Liveness Check with just a few minutes of editing, animating photos to make them look like subjects were fluttering their eyelashes.
The new funny-face technology should be harder to crack, since it could ask for any of a number of gestures, forcing an intruder to do quite a lot of grimacing or photo-editing in order to illicitly use another’s Android phone.
The patent also introduces an anti-spoofing system that would beam light towards the subject and then pick up on the light beam when it’s reflected back off the subject’s cornea. By tweaking the light color, this system would theoretically prevent somebody from holding up a photo and getting in that way.
Regardless of the patent, facial recognition software isn’t quite ripe enough to reliably secure a computing device just yet, according to a consultant interviewed by The Register.
A quote from Prof Alan Woodward, chief technology officer at the consultancy Charteris:
"The problem with biometrics in the past has been that you have always been able to find a way to work round the requests to deliver what's needed. ...It sounds like Google is thinking about how [to] try and counter this with randomness and movement.
"But there's a long way between writing a patent about an idea and delivering it as a reliable security measure. I would expect people will still use traditional passwords for some time to come."
And just how might this new facial recognition technology play with Google Glass, the center of much all-things-facial speculation lately?
Google has said that Glass isn’t going to get facial recognition until the privacy wrinkles get ironed out.
A Google spokesperson told The Register that some ideas never see the light of product-development day, and that “Prospective product announcements should not necessarily be inferred from our patent applications.”
Glass aside, if Google does make a product out of the new technology, get ready to behold Android users emoting all over their phones in public.
We already have a new term for Glass wearers: “glassholes”.
We’ll have to come up with a new term for these grimacing phone users.
Melodroidmatic?
Image of man grimacing at phone courtesy of Shutterstock.
I don't understand why anyone would want this.
Wouldn't thumbprint recognition make more sense?
Perhaps I'm missing the point?
Oh, you mean the technology with many holes, like:
"Smith also explained how to defeat another kind of thumb scanner, a device that uses capacitive resistance technology to read a fingerprint. It can be thwarted simply by pressing a plastic bag filled with water against the thumb reader after someone else has used it, the German researchers discovered. Simply blowing on the reader generates enough of a pattern from latent oil left on the capacitive surface to trick the sensor into making a false-positive match." http://www.pcworld.com/article/103535/article.htm…
Thumb/finger prints are a little too personal to be stored in any central place, whereas your face is rather more public, unless you go around with a mask on.
With no physical contact required, this system could be used to autheniticate an individual on all sorts of systems. I like the sound of it so far.
Fingerprints are easy to copy and people leave hundreds of samples of their fingerprint on publicly accessible surfaces every day. If your threat model includes an evil maid attack, then fingerprints are a bad idea.
I think that a better idea would be to upgrade the phone camera so that it can be used for iris prints. If the camera had a light and a decent macro capability, then with practice you would be able to unlock your phone by holding it a couple of inches from your eye for a moment or so.
Iris prints have by far the best error rate of any biometric with an equal error rate of around 1 in a million, and the main patents ran out in 2011, so it can be implemented by anyone, and unlike fingerprints it is hard to covertly take a good enough photo to create a copy.
This is perfect for millennials: they can unlock their devices with the most common gesture, the eyeroll. That’s how I interpret an “ocular movement”.
The headline seemed bizarre, but the article explains it compellingly. Thanks