How does the Unified Biometric System work?
Since the beginning of July, a unified biometric system, created by Rostelecom at the initiative of the Ministry of Digital Development, Communications and Mass Communications and the Central Bank of the Russian Federation, began operating in some banks. In this post we will describe in detail how the new system works, and in the comments we will try to answer your questions related to it.
A unified biometric system was created to make services more accessible that require legally significant confirmation of identity - primarily for residents of remote regions and people with limited mobility. The remote identification service, based on the Unified Biometric System, allows you to receive banking services remotely, if you have a smartphone or computer with Internet.
Unlike Face ID, Siri and Google Assistant, we use both face and voice images - two types of biometric data at once. They do not require additional reading equipment, such as fingerprints. With the help of faces and voices, even twins can be recognized, which, for example, a bank operator cannot do. In general, there is no point in comparing with live operators - the Unified biometric system has a recognition accuracy of 10 -7 , that is, we will receive only one authorization error for 10 million uses. To achieve this, we took ready-made biometric algorithms and together with the developers twisted them.
')
We provide processing and storage of primary data, as well as verification of their compliance. Equipment for the removal of biometrics buy and maintain banks.
In order to register in the system, you need to come once to the bank that supports the service and give your consent to the collection of biometric data. Biometrics registration is voluntary. You can delete your biometric data at any time by filling out the form on the portal of state services, and continue to open accounts, deposits or receive loans in the old-fashioned way, through a personal visit.
A bank operator will assist in the collection of biometric data. The data is tied to a confirmed account of public services. For registration you will also need an original passport and SNILS. The operator photographs the user's face and records how he pronounces the sequence of numbers issued by the program.
The camera and microphone that collects data is not specialized. Requirements for equipment and data are set out in detail in the 321 Order of the Ministry of Communications of June 25, 2018.
The library for quality control of the collected data (BPC) checks and evaluates the samples collected in the banks before they are sent to the Unified biometric system. With the help of our “Assistant” module for biometrics removal, you can make sure that the necessary conditions are met when photographing. In real-time mode, the Assistant assesses the inclination of the head, the angles of rotation, the illumination, the position of the eyes, and in some cases the facial expression of a person.
To use the services of banks working with the system, you need to go to the website / application of the bank, log in through the State Services and give consent for the transfer of personal data to the bank, and biometric data - to the Unified Biometric System. Then you need to pronounce the text from the screen - usually a random sequence of numbers. To make sure that a live person is in front of the camera, the system will ask the user to turn his head, wink or smile.
Then the data is transferred to the system, matched with the samples, and if the sample corresponds to the original data, the user starts working with the remote banking service system.
Changing the hairstyle, growing a beard, wearing glasses does not affect the recognition of a person by the system. However, the biometric data needs to be updated every three years. An early update is necessary if the user has plastic surgery on the face or is injured. You can update the data in all branches of banks that collect biometrics.
For users, the Unified Biometric System is completely free, but banks pay 200 rubles for each new customer who arrives using the system. This money is distributed between Rostelecom, the bank that registered the person, and the vendors of biometric technologies. This distribution stimulates other banks to actively collect biometrics.
Banks do not have access to user biometric data, all of which are stored centrally in the Unified Biometric System. In case of remote customer identification, the bank sees only the percentage of similarity of samples and, on the basis of this, decides whether to provide a service or not. So that banks can connect their remote banking systems to the system without problems, we have developed a special API.
We are responsible for the safety and security of biometric user data. The Security Operation Center (SOC) of Rostelecom constantly monitors the security of the system. Biometric templates are stored in an impersonal form in secure repositories, separately from personal data that are in the databases of federal authorities. Encryption and storage of biometric data fully complies with the requirements of the FSB and FSTEC.
Of course, all biometric algorithms have their drawbacks and weaknesses. That is why we use a multi-vendor approach: it is possible to crack one algorithm, perhaps, but when there are several of them and they are constantly changing, it is much more difficult to do this.
Apart from the fact that the system compares the control pattern with that obtained during the identification, it simultaneously launches the video check using other biometric algorithms. If one or more of them did not identify the citizen, then the “anomaly module” is included in the work: it analyzes the causes of discrepancies and, if it detects fraud, sends a notification to the bank. This check takes only a few seconds.
A bunch of biometric identification with identification on the website of state services is another barrier for intruders. In addition, in the “Key Rostelecom” mobile application, we will protect the communication channel between the client’s phone and the database, so that the information cannot be intercepted.
We invite Habr users to test the Unified biometric system and tell about their experience. To do this, you need to register biometric data in one of the offices (the list on the card is here ). After successful registration and linking of biometrics to your account on the State Services, you will receive confirmation of the possibility of remote identification. At the moment, you can test it, you can open an account at Mail Bank through their Internet bank or draw up a loan at Home Credit Bank for goods from the online-samsung.ru store. In the future, the number of usage scenarios will, of course, increase.
You can find out more information about the system in the order of the Ministry of Communications on biometric data. Or in the comments - we are ready to answer your questions.
A unified biometric system was created to make services more accessible that require legally significant confirmation of identity - primarily for residents of remote regions and people with limited mobility. The remote identification service, based on the Unified Biometric System, allows you to receive banking services remotely, if you have a smartphone or computer with Internet.
What data is used
Unlike Face ID, Siri and Google Assistant, we use both face and voice images - two types of biometric data at once. They do not require additional reading equipment, such as fingerprints. With the help of faces and voices, even twins can be recognized, which, for example, a bank operator cannot do. In general, there is no point in comparing with live operators - the Unified biometric system has a recognition accuracy of 10 -7 , that is, we will receive only one authorization error for 10 million uses. To achieve this, we took ready-made biometric algorithms and together with the developers twisted them.
')
We provide processing and storage of primary data, as well as verification of their compliance. Equipment for the removal of biometrics buy and maintain banks.
How to register in the system
In order to register in the system, you need to come once to the bank that supports the service and give your consent to the collection of biometric data. Biometrics registration is voluntary. You can delete your biometric data at any time by filling out the form on the portal of state services, and continue to open accounts, deposits or receive loans in the old-fashioned way, through a personal visit.
A bank operator will assist in the collection of biometric data. The data is tied to a confirmed account of public services. For registration you will also need an original passport and SNILS. The operator photographs the user's face and records how he pronounces the sequence of numbers issued by the program.
The camera and microphone that collects data is not specialized. Requirements for equipment and data are set out in detail in the 321 Order of the Ministry of Communications of June 25, 2018.
Requirements Lists
For microphone and voice recording:
- Photo or video camera with a resolution of at least 1280x720 pixels
- Equivalent focal length: from 31 to 100 mm at the user's location at a distance of 0.3-0.5 m from the camera; from 28 to 100 mm - at a distance of 0.51-1.0 meters
- Automatic white balance adjustment must be enabled
- Sources of illumination should create light in the face area: for photo-video cameras without automatic correction of illumination - at least 300 lux; for photo-video cameras with automatic light correction - not less than 100 lux.
- The colors of pixel images of the frontal type should be represented in a 24-bit RGB color space, in which there are 8 bits for each pixel for each color component: red, green, and blue;
- Head rotation should be no more than 5 ° from the frontal position
- The inclination of the head should be no more than 5 ° from the frontal position
- The deviation of the head should be no more than 8 ° from the frontal position
- The distance between the centers of the eyes should be at least 120 pixels.
- When the distance between the centers of the eyes is 120 pixels, the size of the face image must be at least 640x480 pixels
- It is not allowed to overlap the image of the face across the entire width from the eyebrows to the lower lip with hair or foreign objects.
- Only one person should be present in the image; the presence of other persons, fragments of other persons is not allowed
- The facial expression must be neutral, the mouth is closed, both eyes are open normally for the user (taking into account behavioral factors and (or) medical diseases)
- The face should be evenly lit, so that there are no shadows and highlights on the face image.
- Retouching and image editing are not allowed.
- Cropping of the image is allowed.
- In the case of photographing a person with glasses, sunglasses and bright light artifacts or flash reflection from glasses are not allowed.
- The face image must be saved in .jpeg or .png format; Compression code: jpeg (0x00), png (0x03).
For microphone and voice recording:
- Condenser microphone without automatic gain control
- Signal to noise ratio: at least 58 dB
- Frequency range: 40 to 10,000 Hz
- Sensitivity: not less than -30 dB
- Shape pattern: omnidirectional, cardioid, supercardioid or hypercardioid
- Signal-to-noise ratio for recording: at least 15 dB
- Record quantization depth: at least 16 bits
- Record sampling rate: at least 16 kHz
- Voice recording must be saved in RIFF (WAV) format
- Compression code: PCM / uncompressed (0x0001)
- Number of channels in voice recording: 1 channel (mono)
- No noise cancellation allowed
- The recording must contain the voice of one person.
- It is forbidden to receive voice recordings by recoding phonograms recorded using technical means of the public telephone network.
- The message pronounced by the subject must correspond to the sequence of letters and / or numbers generated by the information system software of the body or organization
- Voice recording must contain the specified sequence completely and should not be interrupted.
- When recording a voice, the emotional and psychological state of the subject should be normal, not agitated, without obvious signs of diseases that impede the pronunciation of the necessary message or that can disturb the timbre / sound of the voice
- The message above should be spoken in Russian.
The library for quality control of the collected data (BPC) checks and evaluates the samples collected in the banks before they are sent to the Unified biometric system. With the help of our “Assistant” module for biometrics removal, you can make sure that the necessary conditions are met when photographing. In real-time mode, the Assistant assesses the inclination of the head, the angles of rotation, the illumination, the position of the eyes, and in some cases the facial expression of a person.
How to use the system
To use the services of banks working with the system, you need to go to the website / application of the bank, log in through the State Services and give consent for the transfer of personal data to the bank, and biometric data - to the Unified Biometric System. Then you need to pronounce the text from the screen - usually a random sequence of numbers. To make sure that a live person is in front of the camera, the system will ask the user to turn his head, wink or smile.
Then the data is transferred to the system, matched with the samples, and if the sample corresponds to the original data, the user starts working with the remote banking service system.
About retake biometric data
Changing the hairstyle, growing a beard, wearing glasses does not affect the recognition of a person by the system. However, the biometric data needs to be updated every three years. An early update is necessary if the user has plastic surgery on the face or is injured. You can update the data in all branches of banks that collect biometrics.
About the cost of services for customers and banks
For users, the Unified Biometric System is completely free, but banks pay 200 rubles for each new customer who arrives using the system. This money is distributed between Rostelecom, the bank that registered the person, and the vendors of biometric technologies. This distribution stimulates other banks to actively collect biometrics.
About access of banks to biometrics
Banks do not have access to user biometric data, all of which are stored centrally in the Unified Biometric System. In case of remote customer identification, the bank sees only the percentage of similarity of samples and, on the basis of this, decides whether to provide a service or not. So that banks can connect their remote banking systems to the system without problems, we have developed a special API.
About data protection
We are responsible for the safety and security of biometric user data. The Security Operation Center (SOC) of Rostelecom constantly monitors the security of the system. Biometric templates are stored in an impersonal form in secure repositories, separately from personal data that are in the databases of federal authorities. Encryption and storage of biometric data fully complies with the requirements of the FSB and FSTEC.
About intruders
Of course, all biometric algorithms have their drawbacks and weaknesses. That is why we use a multi-vendor approach: it is possible to crack one algorithm, perhaps, but when there are several of them and they are constantly changing, it is much more difficult to do this.
Apart from the fact that the system compares the control pattern with that obtained during the identification, it simultaneously launches the video check using other biometric algorithms. If one or more of them did not identify the citizen, then the “anomaly module” is included in the work: it analyzes the causes of discrepancies and, if it detects fraud, sends a notification to the bank. This check takes only a few seconds.
A bunch of biometric identification with identification on the website of state services is another barrier for intruders. In addition, in the “Key Rostelecom” mobile application, we will protect the communication channel between the client’s phone and the database, so that the information cannot be intercepted.
How to use the system
We invite Habr users to test the Unified biometric system and tell about their experience. To do this, you need to register biometric data in one of the offices (the list on the card is here ). After successful registration and linking of biometrics to your account on the State Services, you will receive confirmation of the possibility of remote identification. At the moment, you can test it, you can open an account at Mail Bank through their Internet bank or draw up a loan at Home Credit Bank for goods from the online-samsung.ru store. In the future, the number of usage scenarios will, of course, increase.
You can find out more information about the system in the order of the Ministry of Communications on biometric data. Or in the comments - we are ready to answer your questions.
Source: https://habr.com/ru/post/424751/
All Articles