Principles of Privacy Preserving Face Verification

Privacy by Design principles for systems

In the previous section we have seen how SensePrints are data structures that are privacy preserving (it cannot be determined that two SensePrints, when compared to each other, were generated from the same person's face).

We have also seen how SensePrints have the property of Biometric Verifiability (given a person's face and a SensePrint, it is possible to verify that it was the same person for whom the SensePrint was generated earlier).

In this section, we highlight the Privacy by Design principles that should underscore any good system.

Unlinkability - Given two data structures (SensePrints) alone, it should be impossible to tell if they were generated from the same data (face + metadata) or from different data.
Irreversability - Given a SensePrint, it should be impossible to obtain the original face that was used to generate the SensePrint. This property is typically not satisfied by traditional Face Verification systems as they offer a similarity score between two templates. This similarity score makes traditional technology susceptible to Hill Climbing Attacks.
Revocability and Renewability - In traditional systems, it is possible to generate only one feature vector / template from a single image. This means that your face acts as a password that can never be changed. To be revocable and renewable, your face must act as a password that can change. The ability of SenseCrypt to generate multiple SensePrints from the exact same data is what makes it revocable and renewable. If a SensePrint needs to be replaced, a new one can be generated from exactly the same image and data and such a SensePrint would be entirely different from the one being revoked.

PreviousPrivacy Preserving Biometric Verifiability NextSenseCrypt Server

Last updated 1 year ago

Principles of Privacy Preserving Face Verification

Privacy by Design principles for systems

In this section, we highlight the Privacy by Design principles that should underscore any good system.

Unlinkability - Given two data structures (SensePrints) alone, it should be impossible to tell if they were generated from the same data (face + metadata) or from different data.
Irreversability - Given a SensePrint, it should be impossible to obtain the original face that was used to generate the SensePrint. This property is typically not satisfied by traditional Face Verification systems as they offer a similarity score between two templates. This similarity score makes traditional technology susceptible to Hill Climbing Attacks.
Revocability and Renewability - In traditional systems, it is possible to generate only one feature vector / template from a single image. This means that your face acts as a password that can never be changed. To be revocable and renewable, your face must act as a password that can change. The ability of SenseCrypt to generate multiple SensePrints from the exact same data is what makes it revocable and renewable. If a SensePrint needs to be replaced, a new one can be generated from exactly the same image and data and such a SensePrint would be entirely different from the one being revoked.

PreviousPrivacy Preserving Biometric Verifiability NextSenseCrypt Server

Last updated 1 year ago