Quack Hack 2018 saw the adoption of many of the latest technologies, including facial recognition software. Our team wanted to create a secure file-sharing platform, bolstered by biometric verification techniques. Here's our story from the hackathon.
Identifying yourself online is one of the most pressing business concerns of the modern age. It helps to combat fraudulent behaviour and keep us all safe. Now, in an era of increasing cyber-attacks and the introduction of PSD2, the need to find a suitable and reliable identity verification software has never been more important. So, it’s no surprise that there are numerous identity verification methods out there. But each of these verification tools has their limitations – we wanted to change that.
At our recent hackathon, we wanted to look at how we could create a reliable online transfer service using facial recognition as our verification tool. Once the team was assembled, we began to create our hack and DuckFace was born. My team included Sylvain, Obi, Simone, Tom and Nick.
What is DuckFace?
DuckFace is a facial recognition file transfer service. This proof of concept aims to provide an extra layer of security by using facial authentication as a way to authorize the recipient, thereby ensuring that files don’t end up in the wrong hands.
It is an evolution of dated verification techniques, such as the classic method: passwords. Passwords are a simple verification tool, but they are insecure and prone to human error, be it from either forgetful owners or owners who reuse the same password across multiple accounts.
Ultimately, there are only a handful of methods for verifying your identity. The three main methods consist of: possessing a verification tool, such as a card or key; using an aspect of your body through biometrics like fingerprint recognition; or verifying your identity by sharing a password or secret only you know. Many applications now require two or more of these factors – we know this as two-factor or multi-factor authentication.
That’s where biometrics can help to enhance the authentication process. Biometrics is a particularly secure authentication tool because it is typically very difficult to replicate but always with you – because it is you!
The best thing about biometric verification is that you don’t need to remember anything; all you need is a scanner for the authentication system to work. Every smartphone comes with its own camera that you can use to verify your identity, which makes biometrics one of the most exciting areas to explore in this sector. Our CEO, Danny wrote about online identity verification trends for Econsultancy.
How does DuckFace work?
Don’t worry, when you use DuckFace you don’t have to pout like a duck to retrieve your files (but feel free to try - we did!). DuckFace works in the browser by allowing users to upload documents to send to others. Recipients can securely download files, safe in the knowledge that only their face will authorise the download.
The product at first works by asking for the recipient’s email address, just like most web-based file transfer products do. With the recipient’s approval, DuckFace uses this email address to pull pictures from social media profiles to build up a database of the recipient’s face.
Following this initial stage, users can then upload documents to DuckFace’s cloud where it is encrypted and stored. A unique link is emailed to the recipient to the recipient to begin the authentication process. The recipient uses their laptop’s in-built camera to take a quick snapshot of their face. DuckFace then verifies this snapshot with the images in its database. If DuckFace matches the two with a significant degree of confidence, the authentication process is completed and the download will begin.
Behind the scenes of DuckFace
Our initial concept for identity verification using facial recognition was for sending and receiving sensitive documents. Currently, sensitive documents are typically managed via physical objects like paper documents, USB drives or CDs, all of which are easily lost, stolen or, in David Cameron’s case, an opportunity for embarrassment. Alternatively, people use internet-driven services like email or file transfer websites, but these are easily intercepted if you have access to the recipient’s (or even the sender’s) email account.
That’s why facial recognition is one of the greatest tools we have to verify identities. Facial recognition provides an additional layer of security by ensuring only one individual can receive documents.
While the main application we wanted to create was a file transfer service, we also wanted to make this a facial recognition platform that could equally apply to any other service that requires identity verification, such as logging in to accounts or confirming payments. Therefore, we created a stretch goal to release the technology as an API that others could also make use of.
We built the platform using facial recognition technology from Microsoft Azure’s Face Recognition API. Here, the Laravel-based back-end uses the source picture – in DuckFace, this is pulled from social media profiles – to encrypt the sensitive file. It is secured with an AES 256 bank-grade algorithm. We then store the file and key on different servers to ensure the file is always secure. Recipients can only decrypt the file by using facial recognition.
The product’s front-end uses simple HTML and CSS with a bit of JavaScript thrown in to enable the use of the camera.
Overcoming obstacles with facial recognition
While planning this project, we wanted to ensure we left no stone unturned when it came to finding its pitfalls and establishing a stellar product experience. We thought back to our own experiences using products like this, as well as the limitations in our own tech.
The first issue we identified is that not everyone will have access to a webcam built into their screen, which is a common feature in most laptops but rare in desktop PCs. To combat this, we ensured the product could work responsively on a mobile device. This would enable recipients to verify themselves using their phone’s camera, which could trigger the download on their desktop.
Another issue we realised is actually knowing what the recipient looks like. All we have is an email address, and we shouldn’t have to rely on the sender to tell us what the recipient looks like. With this in mind, we used the social media profiles associated with the recipient’s email address to give us access to their profile pictures, allowing us to build up a confidence level of what they looked like.
But in the end, we overcame the technical difficulties that faced our team. We created a fantastic proof of concept in a short space of time that addresses a pressing public concern: data security.
The future of facial recognition
We’re really pleased with what we’ve achieved in the short time we had. Moving forward, we’d like to build proof of concepts that relate to the other areas of identity verification mentioned previously, and see how we can integrate this with other data sources. For example, could we use the platform to allow people to create online accounts and make payments automatically, making use of open banking APIs for an all-in-one system?
We can also see this playing an important role in the rollout of PSD2 and multi-factor authentication in general. Facial recognition could be an extra verification method that is simple and convenient, yet incredibly secure. It could be the perfect companion to other verification methods.
Work with Cyber-Duck today
Interested in taking authentication further within your organisation? Want to harness the power of facial recognition software? You've come to the right place. Cyber-Duck has the technology skills and expertise you need to build a reliable and robust facial recognition authentication system.
For more information, contact our facial recognition development agency in London and Leeds today. We'll further discuss DuckFace as a proof of concept with you, and look at how our skills can be of use to your organisation. Get in touch with our friendly team today.
Find out more about the other products from this year's hack: