Case Study: Secure Biometric Authentication Solution Based On Data Science
Client: US-based company that offers software products and services for enterprises
Business goals: Provision of enterprises with a verification-as-a-service solution for secure access to sensitive data
Product: Microservice-based Web software that enables biometric authentication with facial capture and voice recognition; API is available for integration with 3rd-party software
• Back End: Python 3, Django, Django REST Framework, Flask, Celery, MoviePy, ffmpeg, OAuth2, Java, Amazon S3, PostgreSQL, Redis, Plivo, CI/CD (Docker, Docker Swarm, Jenkins)
• Data Science: TensorFlow, Keras, dlib, OpenCV, Tesseract OCR
• Agile management framework, UI/UX design, manual testing, automated API testing
From an idea to a software product:
forming a vision within 2 days of brainstorming
Storage of private and sensitive information presupposes advanced requirements towards security and reliability—and secure access is the first step. Modern enterprise software should have an opportunity to replace password-based authentication with more secure biometric means, easily accessible on mobile devices.
Such was the idea that the client addressed us with—and within 2 days we brainstormed and documented the vision and workflow of the future software product, as well as a tech stack for implementation.
Building a microservice-based architecture
The product is based on microservice architecture, which allows to distribute the scope conveniently. Each microservice becomes a separate subproject with its specific functionality, which makes it easier in writing, support, and enhancement. This also allowed us to select optimal languages and frameworks according to the goals and specifics of each microservice.
What we eventually received was high-quality, failsafe and horizontally scalable code with pipelined parallelism, independent updates, and wise distribution of developer effort with next to no down time.
WebRTC: streaming tool for authentication
The biometric authentication flow includes facial capture and voice recognition. In order to make the product fast and not overload the front end, each step is performed on the server side.
There was an obstacle, however: audio/video streaming was available for all platforms bar iOS, where MediaStream Recording API is not supported by browsers. The problem was solved with OpenTok, an off-the-shelf WebRTC service that was integrated with the product and covered iOS just as perfectly.
Data Science: gathering datasets for biometric recognition
The final highlight of this project is applied Data Science for proper biometric recognition. OpenCV was used for initial preparation of image processing. TensorFlow, Keras, and dlib were applied for actual voice and face recognition—and in an antispoofing model. Finally, Tesseract OCR was used for recognition of text on the user's documents.
Our task included creation of a custom dataset with audio and video recordings of mobile users to improve recognition. As of now, all the models are continuously trained to keep the level of recognition and attack prevention at an all-time high.
The final product became highly customizable, with all the internal complexity hidden under a simple user interface. Our client's partnering businesses are currently able to integrate this solution with their own products via API. Another feature worth noting is single sign-on, in order to spread single authentication across multiple enterprise systems for the convenience of users.
June 04, 2019
Over the last few months, one of our teams was busy designing a solution that employs biometric identification and works within... more →
It's been predicted that the number of Internet of Things devices will reach nearly 21 billion by 2020. Their diversity is... more →
There were numerous cases when MobiDev was addressed to promptly augment an in-house team to build a software product together... more →