Apple got a new patent for an advanced Face ID feature that will add an additional biometric factor to the classic user identification process.
iPhone and iPad users have been familiar with the Face ID technology since 2017 when it made its debut with the release of the iPhone X. It’s generally thought of as a handy and highly secure way to unlock devices and even make purchases without having to enter passwords. The facial recognition routine is not perfectly accurate in every situation, though. The so-called “evil twin” attack demonstrates how a potential adversary can be erroneously identified as the legitimate device owner based on similar face patterns. In an attempt to address vulnerabilities of that kind, Apple has recently made a move that’s intended to complement the usual Face ID workflow with an extra feature. According to Patently Apple, a blog that covers the tech giant’s Intellectual Property initiatives, vein recognition might soon take Face ID to the next level.
The potential efficiency of the new approach stems from the fact that mimicking the unique pattern of blood vessels underneath the skin of your face is close to impossible. Also referred to as “subepidermal imaging”, this technique will apply to “difficult biometric authentication cases”, as stated in the document officially registered with the United States Patent and Trademark Office on July 21, 2020. In plain words, if the conventional facial recognition fails to verify a user with 100% certainty, the vein-based mechanism will kick in to perform additional checks. This could become a breakthrough in dealing with false positives that the Face ID feature in its current state might be susceptible to. According to the patent information, the user identification logic will also be enhanced by a technology resembling artificial intelligence (AI) to distinguish between similar-looking faces.
This security measure appears to fit the context of Apple’s recent strategy aimed at improving its authentication practices overall. In February 2020, it joined the FIDO Alliance, an international association committed to endorsing the implementation of password-less login procedures across different industries. This collaboration showcases the Cupertino-based company’s increased efforts to reduce dependency on passwords, which have gained notoriety for being low-hanging fruit for cybercriminals over the years.
During this year’s Worldwide Developers Conference (WWDC) held in late June 2020, Apple announced one more shift in this direction. It is reportedly planning to introduce Face ID and Touch ID for the web. This move makes a difference because the biometric authentication methods are currently leveraged to authenticate with applications and services rather than websites. With the upcoming release of Safari 14 next fall, they will extend their reach to the website environment. The functionality will rely on the Web Authentication API and the Secure Enclave processor that will manage private keys for login sessions. Simply put, users will be able to sign into sites with their faces or fingerprints. All of these initiatives, including the latest face vein matching technology, are by all means welcome because they contribute to the security and privacy of a regular user.