How does the Unified Biometric System work?

    From the beginning of July, a unified biometric system, created by Rostelecom at the initiative of the Ministry of Digital Development, Communications and Mass Communications and the Central Bank of the Russian Federation, began operating in some banks. In this post we will describe in detail how the new system works, and in the comments we will try to answer your questions related to it.  

    A unified biometric system was created to make services more accessible that require legally significant confirmation of identity - primarily for residents of remote regions and people with limited mobility. The remote identification service, which is based on the Unified Biometric System, allows you to receive banking services remotely, if you have a smartphone or computer with Internet.

    What data is used

    Unlike Face ID, Siri and Google Assistant, we use both face and voice images - two types of biometric data at once. They do not require additional reading equipment, such as fingerprints. With the help of faces and voices, even twins can be recognized, which, for example, a bank operator cannot do. In general, there is no point in comparing with live operators - the Unified biometric system has a recognition accuracy of 10 -7 , that is, we will receive only one authorization error for 10 million uses. To achieve this, we took ready-made biometric algorithms and together with the developers twisted them.

    We provide processing and storage of primary data, as well as verification of their compliance. Equipment for the removal of biometrics buy and maintain banks.

    How to register in the system

    In order to register in the system, you need once to come to the bank that supports the service and give your consent to the collection of biometric data. Biometrics registration is voluntary. You can delete your biometric data at any time by filling out a form on the portal of state services, and continue to open accounts, deposits or receive loans in the old-fashioned way, through a personal visit.

    A bank operator will assist in the collection of biometric data. Data is tied to a confirmed account of public services. For registration you will also need an original passport and SNILS. The operator photographs the user's face and records how he pronounces the sequence of numbers issued by the program.

    The camera and microphone that collects data is not specialized. Requirements for equipment and data are detailed in the 321 Order of the Ministry of Communications of June 25, 2018.

    Requirements Lists
    • Photo or video camera with a resolution of at least 1280x720 pixels
    • Equivalent focal length: from 31 to 100 mm at the user's location at a distance of 0.3-0.5 m from the camera; from 28 to 100 mm - at a distance of 0.51-1.0 m
    • Automatic white balance correction must be enabled.
    • Источники освещения должны создавать в области лица освещенность: для фото-видеокамер без автоматической коррекции освещенности — не менее 300 лк; для фото-видеокамер с автоматической коррекцией освещенности — не менее 100 лк.
    • Цвета пикселей изображений фронтального типа должны быть представлены в 24-битном цветовом пространстве RGB, в котором на каждый пиксель приходится по 8 бит на каждый компонент цвета: красный, зеленый и синий;
    • Поворот головы должен быть не более 5° от фронтального положения
    • Наклон головы должен быть не более 5° от фронтального положения
    • Отклонение головы должно быть не более 8° от фронтального положения
    • Расстояние между центрами глаз должно составлять не менее 120 пикселей
    • При расстоянии между центрами глаз 120 пикселей размер изображения лица должен составлять не менее 640x480 пикселей
    • Не допускается перекрытие волосами или посторонними предметами изображения лица по всей ширине от бровей до нижней губы
    • На изображении должно присутствовать только одно лицо; наличие других лиц, фрагментов других лиц не допускается
    • Выражение лица должно быть нейтральным, рот закрыт, оба глаза открыты нормально для пользователя (с учетом поведенческих факторов и (или) медицинских заболеваний)
    • Лицо должно быть равномерно освещено, чтобы на изображении лица отсутствовали тени и блики
    • Не допускается использование ретуши и редактирования изображения
    • Допускается кадрирование изображения
    • В случае фотографирования человека в очках не допускается наличие солнцезащитных очков и ярких световых артефактов или отражения вспышки от очков
    • Изображение лица должно быть сохранено в формате .jpeg или .png; код сжатия: jpeg (0x00), png (0x03).

    Для микрофона и записи голоса:

    • Конденсаторный микрофон без автоматической регулировки усиления
    • Соотношение сигнал/шум: не менее 58 дБ
    • Диапазон частот: от 40 до 10000 Гц
    • Чувствительность: не менее -30 дБ
    • Форма диаграммы направленности: всенаправленная, кардиоида, суперкардиоида или гиперкардиоида
    • Отношение сигнал/шум для записи: не менее 15 дБ
    • Глубина квантования записи: не менее 16 бит
    • Частота дискретизации записи: не менее 16 кГц
    • Запись голоса должна быть сохранена в формате RIFF (WAV)
    • Код сжатия: PCM/uncompressed (0x0001)
    • Количество каналов в записи голоса: 1 канал (моно)
    • Не допускается использовать шумоподавление
    • На записи должен присутствовать голос одного человека
    • Запрещено получение записи голоса путем перекодирования фонограмм, записанных с помощью технических средств телефонной сети общего пользования
    • Произнесенное субъектом сообщение должно соответствовать последовательности букв и/или цифр, сгенерированной программным обеспечением информационной системы органа или организации
    • Запись голоса должна содержать указанную последовательность полностью и не должна прерываться
    • При осуществлении записи голоса эмоционально-психологическое состояние  субъекта должно быть нормальным, не возбужденным, без явных признаков заболеваний, препятствующих произнесению необходимого сообщения или способных нарушить тембр/звучание голоса
    • Сообщение, указанное выше, должно быть произнесено на русском языке

    The library for quality control of the collected data (BPC) checks and evaluates the samples collected in the banks before they are sent to the Unified biometric system. With the help of our “Assistant” module for biometrics removal, you can make sure that the necessary conditions are met when photographing. In real-time mode, the Assistant assesses the inclination of the head, the angles of rotation, the illumination, the position of the eyes, and in some cases the facial expression of a person.

    How to use the system

    To use the services of banks working with the system, you need to go to the website / application of the bank, log in through the State Services and give consent to transfer personal data to the bank, and biometric data - to the Unified biometric system. Then you need to pronounce the text from the screen - usually a random sequence of numbers. To make sure that a live person is in front of the camera, the system will ask the user to turn his head, wink or smile.

    Then the data is transferred to the system, matched with samples, and if the sample corresponds to the original data, the user starts working with the remote banking service system.  

    About retake biometric data

    Changing hairstyles, growing a beard, wearing glasses do not affect the recognition of a person by the system. However, the biometric data needs to be updated every three years. An early update is necessary if the user has plastic surgery on his face or is injured. You can update the data in all branches of banks that collect biometrics.

    About the cost of services for customers and banks

    For users, the Unified Biometric System is completely free, but banks pay 200 rubles for each new customer who comes through the system. This money is distributed between Rostelecom, the bank that registered the person, and the vendors of biometric technologies. This distribution stimulates other banks to actively collect biometrics.

    About access of banks to biometrics

    Banks do not have access to user biometric data, they are all stored centrally in the Unified Biometric System. In case of remote customer identification, the bank sees only the percentage of sample similarity and, on the basis of this, decides whether to provide a service or not. So that banks can connect their remote banking systems to the system without problems, we have developed a special API.

    About data protection

    We are responsible for the safety and security of user biometric data. The Security Operation Center (SOC) of Rostelecom constantly monitors the security of the system. Biometric templates are stored in an anonymous form in secured vaults, separately from personal data that are in the databases of federal authorities. Encryption and storage of biometric data fully complies with the requirements of the FSB and FSTEC.

    About intruders

    Of course, all biometric algorithms have their drawbacks and weaknesses. That is why we use a multi-vendor approach: it is possible to crack one algorithm, perhaps, but when there are several of them and they are constantly changing, it is much more difficult to do this.

    Apart from the fact that the system compares the control template with that obtained during the identification, it simultaneously launches the video check using other biometric algorithms. If one or several of them have not identified a citizen, then the “anomaly module” is included in the work: it analyzes the causes of discrepancies and sends a notification to the bank when fraud is detected. This check takes only a few seconds.

    A bundle of biometric identification with identification on the website of state services is another barrier for intruders. In addition, in the “Key Rostelecom” mobile application, we will protect the communication channel between the client’s phone and the database, so that the information cannot be intercepted.

    How to use the system

    We invite Habr users to test the Unified biometric system and tell about their experience. To do this, you need to register biometric data in one of the offices (the list on the card is here ). After successful registration and linking of biometrics to your account on the State Services, you will receive confirmation of the possibility of remote identification. At the moment, you can test it, you can open an account in Mail Bank through their Internet bank or draw up a loan in Home Credit Bank for goods from the store. In the future, the number of usage scenarios will, of course, increase.

    For more information about the system, you can find out in the order of the Ministry of Communications about biometric data. Or in the comments - we are ready to answer your questions.

    Also popular now: