Reputation: 1697
Microsoft-Cognitive Face API - Verify. Is there a way to avoid pictures of pictures?
What I want to do is verify users identity in my mobile app through the smartphone webcam, with a selfie.
So I made a small web app just to test microsft azure cognitive services, using the Face API. I take 2 pictures. I get both pictures faceIds with the Face - Detect, then I compare both faceIds with Face - Verify, if they are the same person the API does respond with a true value and the confidence number, false otherwise.
The thing is, on terms of security, if I take a picture of a picture, let's say I took a selfie, then I take a picture of the selfie in cellphone with the webcam, it does detect a face, and it is my face, then I take a picture of myself with the webcam, so, when I use Face - Verify, it returns true.
So, If I want to use this as an identity verification, this is a huge security risk. I was wondering if there's a way to prevent this.
Upvotes: 3
Views: 1486
Answers (4)
Reputation: 517
There is another Recognition API from Microsoft which can detect objects. I've tested and it can detect if there is a cellphone in the picture. (If you try to access with the picture in cellphone). The problem is if you try to access with the cellphone and you can't see the border of the cellphone.
Upvotes: 1
Reputation: 103
Another hard solution is that you can use text recognition service along with it. eg. generate a random number in app and ask user to include this number front of camera. (maybe user can use a paper or board to show random number on screen). So on server side you will also require to read number from the picture to verify it
Upvotes: 1
Reputation: 312
You can ask the user to do some random actions like close left eye or smile, or something like that. And you will get this in the second face detection.
Upvotes: 0
Reputation: 66
We wanted to forward a response from an engineer:
The service would not differentiate between a high quality photo or a live image. Therefore, we do not recommend the service as a single form of authentication. However, some customers have tried capturing multiple frames to verify that it is not a still image.
Upvotes: 5
Related Questions
- C# Azure Face API with local images. Bad Request exeption
- Microsoft Cognitive - Face API - Face verification - How it works
- Optimized way of face recognition using Azure Face API
- Microsoft Cognitive - Face API - Using persistedFaceId to Face to Face verification
- Get image using a persisted face-id
- Microsoft cognitive services Face API
- Face verification cognitive services
- InvalidImageSize Microsoft Face API 1.0
- Microsoft Cognitive Services Face API : FaceNotFound while using Verify API
- Microsoft Cognitive Services Face API - Get uploaded images