Face recognition technology is a biometric recognition technology based on human facial feature data. With the rapid development of big data, artificial intelligence, cloud computing, 5G and other technologies, face recognition technology has gained wide application space. Face recognition technology has been popularized in finance, medical treatment, security check, payment, entertainment and many other fields, which has brought new opportunities for the development of digital economy and society and People’s Daily life. Bring convenience at the same time, all kinds of risks and hidden dangers emerge endlessly.
In 2021, a face recognition event on CCTV’s “March 15” gala sparked widespread public discussion. Some sanitary brand stores in consumers unaware of the case, the use of camera violations steal face data. Once customers enter the store, they will be captured by the camera and generate automatic number, customer face information is secretly obtained.
“Change face”, “steal face”, “lose face” phenomenon emerges in endlessly, in addition to the shortcomings and defects of face recognition technology, there are businesses for face recognition abuse and not responsible, and the abuse of technology
Face recognition faces three types of risks
Top image business security experts analysis, the current face recognition risk is mainly divided into counterfeiting, attack, theft and other three categories.
The first type, through various means to achieve the fake login of face information.
Deception: wearing glasses, hats, masks and other camouflage means, through the detection method to determine as abnormal, so you can confuse the algorithm judgment, to deceive the system.
Hijacking: crack the device or system port, through packet hijacking, replace the human image through interactive living detection with the digital sample used for attack, so as to deceive the background system algorithm and make it make a misjudgment.
The second type, through the attack on the face recognition system, realize the termination of the face recognition system.
Block: DDoS traffic attacks block identification and authentication, making the face recognition system invalid.
Tamper: remote intrusion tamper with face recognition system verification process, information, data, etc., so that false or invalid face data through. Certification,
Hijacking: through hijacking transmission, verification, database and other information, the background or front end of the real data to replace false data, in order to achieve false face information through.
Third, through the theft of face recognition information, the realization of fake face.
Through all kinds of open or illegal means, collect, save, steal normal face data, and then illegally used.
“Face protection” requires both regulation and technology
Development and safety, regulatory authorities take multiple measures to promote face security applications. In July 2021, the Provisions of the Supreme People’s Court on Several Issues concerning the Application of Law in the Trial of Civil Cases involving the Use of Face Recognition Technology to Process Personal Information clearly protect citizens’ face recognition data. Various regions have also introduced the corresponding face recognition measures, such as mandatory face recognition information and so on.
In order to regulate the healthy development of face application, industry institutions gradually lead the standard formulation. On April 7, 2021, cloud computing and big data research institute of China academy of information and communication initiative sponsored by “trusted face application guardian plan”, aimed to standards, testing, evaluation, industry self-discipline, promote the industry and the social consensus, promote healthy development of the industry, for the “name” of facial recognition technology and application, promote the healthy development of the industry.
Recently the second batch of “trusted face application guardian plan” member units announced, top image and many other enterprises selected. Ding Xiang will cooperate with all walks of life to actively explore credible guidance for face application governance and development, help face recognition application security development, and build a credible face application ecology.
Technological “face protection” innovations are also emerging, so far falling into four categories.
The first category, improve the multidimensional face data. Source data collection is more complex. The use of 3D multidimensional portrait collection, so that the portrait more three-dimensional multidimensional, so as to avoid face imitation.
Second, improve the accuracy of face recognition. The model and algorithm are used to improve the identification of authenticity. Detection based on spatial domain, such as image forensics detection, biological frequency detection, such as GAN artifact detection, detection based on biological signals, visual acoustic inconsistency and visual unnatural, etc.
Third, to ensure the security of face recognition system. Second validation of portrait recognition; Prevent API interfaces from being tampered and hijacked, ensure the authenticity of output effects and network effects, and discover device and system ports and communication anomalies; Timely warning, prevent filling false portrait, confuse the true and false portrait, portrait information is tampered with; Ensure the integrity and confidentiality of face data storage and transmission.
The fourth category is to improve the risk control ability of face recognition applications. Through the safety management of the whole life week, enhance the early warning, interception and protection ability of face recognition from the source to the whole chain of application, and improve the risk early warning and security protection ability of face recognition application.
To top elephant recently intercepted the discovery of the “attendance punch artifact” as an example. This tool cracked the official App of an insurance company, blocked the camera image collection, intercepted wireless network detection, hijacked GPS, forged false LBS location. After relevant Settings, the agent will input his/her work id and upload photos to complete the “clock in”.
Based on advanced technologies such as threat probe, flow computing and machine learning, the Top Image Mobile situational awareness defense system is an active security defense platform integrating device risk analysis, operational attack identification, abnormal behavior detection, early warning and protective disposal. It can detect malicious behaviors such as camera hijacking and device forgery in real time. Effective prevention and control of false attendance, face recognition cheating, clocking cheating and other risks, good guarantee of the company’s normal attendance order.
At present, the top image mobile situational awareness defense system has been used in many insurance companies. Among them, after the deployment of a provincial branch of an insurance company, more than 10,000 agents were found to have faked attendance by hijacking face information, and more than 150,000 risky operations were intercepted and prevented in the same month, saving 5 million yuan of agency costs for the branch.