A brand new mode of identification is on the way from July 1 for Aadhaar card holders to use alongside other systems. Nandagopal Rajan explains how this new mode will work.
Why is yet another authentication mode being offered for Aadhaar?
With several recent complaints that the two existing biometric authentications for Aadhaar — fingerprints and iris scans — haven’t worked, the Unique Identification Authority of India (UIDAI) has decided to enable face authentication as an additional mode starting from July 1. This facility is to help those unable to use the existing biometrics for authentication because their fingerprints are worn out (from old age or hard work) or their iris is affected by injury or disease. There have been reports that people with these issues weren’t able to get Aadhaar-related benefits.
However, this mode will be used with “one more authentication factor”, which means it will be in combination with a fingerprint, an iris scan or a one-time password (OTP). The UIDAI has also clarified that face authentication shall be on a by-need basis.
Till now, the UIDAI has performed more than 1.04 billion biometric transactions out of 1.51 billion authentications done.
So, how does facial authentication actually work?
Facial authentication is based on technology that recognises a face based on the spatial geometry of distinguishing features. There are different versions of this technology, widely believed to be the least intrusive and fastest biometric tech.
Apple, for instance, uses FaceID on its new iPhone X smartphones that have the TrueDepth camera which captures face data by projecting and analysing over 30,000 invisible dots to create a depth map of the face plus an infrared image. OnePlus has Face Unlock, which uses over “100 identifiers” with pointers like the distance between the eyes or the nose and upper lip.
How will the UIDAI start using face authentication?
The UIDAI has announced that it will work with biometric device providers to integrate face authentication into the certified registered devices and maybe even provide a standalone registered device for this aspect.
Also, it will work to provide software development kits (SDKs) and devices with the ability to “capture face image, check liveliness and create digitally signed and encrypted authentication input”. Necessary details will be released by March 1.
Can face authentication be faked?
Face authentication is as unique as fingerprints — but it is not foolproof. It certainly cannot be unlocked using a photo of the user or even by scanning a sleeping person’s face. That is because most authenticators are also looking at liveliness as a factor for authentication, usually done by gauging the attentiveness of the subject’s eyes.
But there have been cases where siblings, especially twins, or children with similar features have been able to unlock devices with face authentication. This is the reason why the UIDAI wants to use this in ‘fusion mode’, which means requiring one more authentication factor.