Case Study: Secure Biometric Authentication Solution Based On Data Science

October 26, 2018 107 Views
← Back
Case Study: Face & Voice Recognition Via Machine Learning


Client: US-based company that offers software products and services for enterprises


Business goals: Provision of enterprises with a verification-as-a-service solution for secure access to sensitive data


Product: Microservice-based Web software that enables biometric authentication with facial capture and voice recognition; API is available for integration with 3rd-party software


Applied technologies:


Back End: Python 3, Django, Django REST Framework, Flask, Celery, MoviePy, ffmpeg, OAuth2, Java, Amazon S3, PostgreSQL, Redis, Plivo, CI/CD (Docker, Docker Swarm, Jenkins)

Front End: JavaScript, React, WebRTC (OpenTok)

• Agile management framework, UI/UX design, manual testing, automated API testing



Product structure: microservice-based Web software enables biometric authentication with face and voice recognition, Machine Learning, and WebRTC data streaming.



From an idea to a software product:
forming a vision within 2 days of brainstorming


Storage of private and sensitive information presupposes advanced requirements towards security and reliability—and secure access is the first step. Modern enterprise software should have an opportunity to replace password-based authentication with more secure biometric means, easily accessible on mobile devices.

Such was the idea that the client addressed us with—and within 2 days we brainstormed and documented the vision and workflow of the future software product, as well as a tech stack for implementation.



This verification-as-a-service product is based on microservice architecture.


Building a microservice-based architecture




The product is based on microservice architecture, which allows to distribute the scope conveniently. Each microservice becomes a separate subproject with its specific functionality, which makes it easier in writing, support, and enhancement. This also allowed us to select optimal languages and frameworks according to the goals and specifics of each microservice.

What we eventually received was high-quality, failsafe and horizontally scalable code with pipelined parallelism, independent updates, and wise distribution of developer effort with next to no down time.



WebRTC is used as a video/audio streaming tool for biometric (face and voice) authentication.


WebRTC: streaming tool for authentication




The biometric authentication flow includes facial capture and voice recognition. In order to make the product fast and not overload the front end, each step is performed on the server side.

There was an obstacle, however: audio/video streaming was available for all platforms bar iOS, where MediaStream Recording API is not supported by browsers. The problem was solved with OpenTok, an off-the-shelf WebRTC service that was integrated with the product and covered iOS just as perfectly.



OpenCV was used for initial preparation of image processing. TensorFlow, Keras, and dlib were applied for actual face/voice recognition.


Data Science: gathering datasets for biometric recognition




The final highlight of this project is applied Data Science for proper biometric recognition. OpenCV was used for initial preparation of image processing. TensorFlow, Keras, and dlib were applied for actual face/voice recognition and for an antispoofing model. Finally, Tesseract OCR was used for recognition of text on the user's documents.

Our task included creation of a custom dataset with audio and video recordings of mobile users to improve recognition. As of now, all the models are continuously trained to keep the level of recognition and attack prevention at an all-time high.




Author: Yuriy Luchaninov, Lead Solution Architect at MobiDev

Yuriy Luchaninov, Lead Solution Architect


The final product became highly customizable, with all the internal complexity hidden under a simple user interface. Our client's partnering businesses are currently able to integrate this solution with their own products via API. Another feature worth noting is single sign-on, in order to spread single authentication across multiple enterprise systems for the convenience of users.


Please feel free to contact us with your ideas and questions!

Read more:
scroll top