An Overview of Apple's Second Round of Face ID Secrets Published by the U.S. Patent Office this week
When Apple introduced Face ID with iPhone X in 2017, the tech site "Motherboard" posted a report about Face ID security being fooled by a 3D-Printed mask. Researchers from the Vietnamese cybersecurity firm "Bkav" used a highly sophisticated facial scanning system and a professional artist to fool Face ID successfully. Meaning that your average hacker wouldn't be able fool Face ID, only Mission Impossible-type of pros could.
Apple filed a new patent application months after Face ID had been cracked on iPhone X so as to ensure that the 3D mask approach would fail in the future. The patent application was made public this week.
Specifically, Apple notes early on what the goal of the new Face ID technology is to do: "Spoofing" attacks typically utilize invalid data, e.g., data from another device or module purporting to be from a device's camera or images of masks, busts, 3D projections, etc. that are not actually current images of a known user. For example, malicious entities may send signals pretending to be from a device's camera unit, to trick the device into thinking that its camera captured an image of the user, when the image was actually previously-captured by another camera. This is one example of an attack that involves spoofing a camera. As another spoofing example, a malicious entity may present a mask or bust of an enrolled user to a camera of the device in an attempt to pass an authentication process as the enrolled user. In various embodiments, the disclosed techniques may reduce or eliminate the effectiveness of such schemes, such that authorized users who intend to authenticate biometrically are successfully authenticated while others are denied."
It would appear that Apple changed its Face ID formula. Just for starters, Apple's patent claims point to two illumination modes are used in Face ID with the first using a flood illumination process followed by a second illumination mode that uses multiple discrete points of illumination using a vertical-cavity surface-emitting laser (VCSEL) to determine depth.
Next, Apple uses a 'secure circuit' configured to generate a different cryptographic nonce for ones of different facial recognition sessions, provide a cryptographic nonce to the camera unit, and confirm that each image in the sequence includes the cryptographic nonce.
Further, the secure circuit is configured to communicate with the camera unit using an elliptic curve Diffie-Hellman (ECDH) session and wherein the secure element is configured to use a different ECDH exchanged secret key for communications during each of multiple different facial recognition sessions with the camera unit.
15 Detailed Points about Face ID
This is a very detailed patent application with a systematic overview of how Face ID functions in iDevices. Those wishing to delve deeper into Apple's biometric authentication system will be able to review the following:
- Overview of Exemplary Device
- Overview of Using Pseudo-Random Sequence of Image Capture Modes
- Overview of Secret Illumination Pattern Techniques
- Exemplary Secure Circuit Techniques for Authentication Security
- Exemplary Secure Circuit Implementation
- Exemplary Camera Module
- Exemplary Emitter Arrays for Depth Capture and Probing Pattern
- Exemplary Probing Pattern Method
- Exemplary Storage of Calibration and Enrollment Data
- Exemplary Lockout Techniques
- Exemplary Method for Using Sequence of Image Capture Modes
- Exemplary Facial Recognition Session with Multiple Validation Checks
- Exemplary Organization of Modules
- Exemplary Device Configuration Method
- Additional Exemplary Embodiments
Apple's patent application 20190044723 was filed back in Q3 2018 and Published last Thursday. You could check out the details here.
Some of Apple's Inventors
Ivan Krstić: Head of Apple Security Engineering and Architecture
Petr Kostka: Software Engineer Manager, Core Biometrics. Projects: Face ID, Touch ID, Apple Pay
Lucia Ballard: Engineering Manager, Security and Privacy Engineer
Feng Tang: Machine Learning Algorithm Manager at Apple
Etai Littwin: This is an odd one. Etai's LinkedIn profile shows him as the senior algorithm developer at "RealFace," a company rumored to have been acquired by Apple in 2017. Etai is clearly listed on Apple's Face ID patent but his profile page still has him working at RealFace. Perhaps Apple is allowing this Israeli company to function independently while still answering to Apple.
Eitan Hirsh: Software and Algorithms Manager came to Apple via PrimeSense
Tal Kaitz: Algorithm Team Leader (works from Israel)
Jonathan Pokrass: Software & System Engineer came to Apple via PrimeSense
Ziv Hendel: Software Architect who came to Apple via PrimeSense
Andrei Kolin: Image Processing. Specialties included Computer Vision, Optics, Mobile Sensors, AR/VR, Wearable Devices and Satellites. Kolin, works out of Israel, came to Apple via Samsung where he was Computer Vision Expert and Team Leader.
Thorsten Gernoth: Computer Vision Engineering Manager, Camera Algorithm Engineer.
Lucie Kučerová: Software Development Engineer came to Apple via AuthenTec
Matt Waldon: Director, Depth Hardware. He came to Apple via Lockheed Martin Space Systems working on infrared camera systems.
Thomas Mensch: Secure Systems Engineer who came to Apple via Telenav
Christopher Zeleznik: Sensor Analog Engineer
Michael Malone: Sensor Engineer who came to Apple via their acquisition of InVisage Technologies
Anup Sharma: Core Sensing Technologies
About Making Comments on our Site: Patently Apple reserves the right to post, dismiss or edit any comments. Those using abusive language or negative behavior will result in being blacklisted on Disqus.