Lip movement: Authentication through biometrics you can change
Choosing a unique, complex and long enough password that will still be easy to remember is a big challenge for most users, and most of them would happily opt for biometric authentication in a heartbeat.
But the problem with physical biometrics – fingerprints, palm prints, iris shape, etc. – is that you can’t change them if they get compromised. A good solution to that problem might be in the combination of physical and behavioral biometrics and a password.
Lip movement + password
An elegant and relatively easy to use option is the “lip motion password” – a technology invented by Hong Kong Baptist University computer science professor Cheung Yiu-ming, and patented in the US in 2015.
The technology uses a person’s lip motions to create a password, and the system verifies a person’s identity by simultaneously checking whether the spoken password and the behavioural characteristics of lip movement match.
The system takes into consideration the lip shape and texture as the user voices (or simply silently mouths) the password, and is able to detect and reject a wrong password uttered by the user or the correct password spoken by an imposter.
“The same password spoken by two persons is different and a learning system can distinguish them,” the professor noted. So, even if an attacker knows the password, it’s impossible for him or her to use it to successfully impersonate the target.
And if, by any chance, the attacker has managed to record a video of a user’s lip while he or she was pronouncing the password, a simple change of the actual content of the password is enough to prevent future impersonation.
The technology has some more advantages: it is less susceptible to background noise and distance than traditional voice-based authentication, it’s language-independent, and can also be used by speech-impaired users. It can also be used in combination with other biometric authentication systems to improve security levels.
“Lip reading” biometrics is expected to be used – either alone or in combination with other authentication measures – in financial transaction authentication (e.g. at ATMs, electronic payment using mobile devices, etc), as well as in physical access control systems (e.g. to open doors to private or business properties).