This blog post is meant for people who aren’t familiar with Face Recognition Technology (FRT) but would like to learn!

When I first started interning at Blink Identity, I had limited knowledge about face recognition technology. I found that there are a lot of complex terminologies and technical concepts that hindered me from fully understanding the industry. Because of this, I thought it would be useful to take a moment and define some terminologies in a way that everyone can understand. Rather than going super technical, I’ll do my best to briefly, but clearly, define the terms so that everyone can use the definitions as a starting point. Some of these concepts overlap with other biometric technologies so the content is transferable and flexible. Hopefully by defining some of these concepts, I’ll help people gain a deeper awareness and appreciation towards face recognition technology.

The Gallery

The gallery is the database where all the biometric records are stored. The larger the gallery, the more difficult it is to provide high accuracy in the match results. The enrollment process for face recognition is pretty straightforward. Whenever a user enrolls in the database, they just take a “passport style” photograph and it’s converted into a template. Templates are unique numerical values that represent the features of the person. Once the information has been converted, there is no way for anyone to convert the templates back into an image. This procedure adds an extra layer of security so that even if a hacker hacks the system, they still can’t retrieve the images.

When a person walks past a FRT sensor, an image is captured and it’s called a probe, or the sample that the machine uses to match their identity. The probe image is converted into a template and the system will search the gallery for the corresponding template and decide whether they match or not. Blink Identity is able to accurately match a probe with a stored image within ¼ of a second, which is about the speed at which you blink!

Another thing worth mentioning about the enrollment process is that it should be optional. Companies that use FRT must remain transparent and value their user’s privacy. They must allow users the freedom to delete their information if they don’t feel comfortable with the technology. Giving control to the users will help establish trust and improve the public’s perception towards face recognition and other biometric technologies. Plus, there are biometric laws and local regulations that these companies must comply with.

Matching

When we talk about matching, we’re really referring to the verification and identification process. There’s a subtle difference between the verification process and the identification process. The verification process involves a 1:1 matching, meaning that the machine is specifically trying to match the known probe with the template that’s registered in the gallery. With this process, there may be several templates of the same person in the gallery, but they’re all of the same identity. This process is very fast because the machine just has to match the known probe with the registered template. This process can be commonly found with most smartphones such as the iPhone X. This process makes sense for personal device usage, but it isn’t scalable for mass use.

The identification process is designed for mass use because of it represents 1:N matching. Unlike the verification process, the probe is unknown, and it is matched against all of the templates in the gallery. This process is clearly harder because instead of having to match against one image to verify that they match, the image must be matched against every image in the gallery, to find out if there is a match. Companies such as Blink Identity are currently trying to improve this process so that people at live venues don’t have to wait in long lines.

During the matching process, there are possible errors that the machine could make. There could be a false negative or a false positive. A false negative, also called a false non-match, happens when the system fails to recognize the user’s identity. Most of the time, this is caused by user error during the enrollment process or transit (the moment when the user walks in front of the sensor). A false positive, also called a false match, is when the FRT incorrectly matches a probe with the wrong template. In other words, the machine matches the wrong identity but still confirms it to be true. The implication for a false negative is that it’ll be an annoyance to the user, which is bad, but poses minimal security threat. On the other hand, a false positive could pose a serious security risk to an establishment. The matching process is a trade-off because if you tune the system to minimize false negative errors, it’ll increase the chance for false positive errors and vice versa.

GDPR (Global Data Privacy Regulations):

When reading about face recognition or biometric news, the term GDPR will most likely come up. GDPR is a European data privacy law that governs the way online data is handled in various industries. The law went into effect in May of 2018 and it establishes provisions for handling of personal data. They have several guidelines to make sure that companies are compliant when dealing with online data in the EU. The law reinforces the topic of consent when acquiring online personal information. Companies must be clear with their consent requirement and present it in a transparent and simple manner. Companies must also give users the option to withdraw their consent or delete their personal information. GDPR also introduced the “Privacy by Design” concept where companies must ensure that they have a robust data protection system implemented in their operations. This requirement is the standard for most companies even before GDPR was implemented but it’s reassuring that the law reinforces companies to reassess their security. Companies that violate the GDPR terms can receive a penalty up to 4% of their annual global turnover or €20 Million. Again, this is the maximum fine and they have a tiered penalty system depending on the severity of the violation.