***All content in this blog written by Masaaki Tokuyama, Founder & CEO, AnchorZ Inc.***

Background

In 2007, the first iPhone produced by Apple Inc. emerged and brought the world into a new generation with smartphones. Smartphone devices allow users to show global spread and access to a huge amount of data. It also encouraged the dramatic evolution of AI which has been researching and developing for years. The boom of smartphones created devices with various intelligence and network systems that can surpass human intelligence. It brought a huge influence on digital society transformation. While this evolution is being accelerated, user convenience is being sacrificed. However, we expected that with the acceleration of digital services, the burden on users increases and becomes more complex.

Users of various digital services have struggled to keep up with the speed of technology's evolution. There are many users that still only use ID and password for accessing digital services. At the same time, they are also having trouble remembering ever-increasing passwords. Furthermore, the research report says that 77% of authentication of internet services is performed only with user ID and a password. Only 20% of users are using two-factor authentication that includes two-step verification (Council of Anti-Phishing Japan, 2019).

This data agrees with what Google has published in 2018, in which over 90% of Gmail users do not use two-step verification to protect their accounts and personal information. Google engineer Grzegorz Milka explains that if two-step verification is enforced, it affects usability and there are concerns that some users stop using Gmail (The Verge, 2018).

The burden to users was shocking and felt like a contradiction. We realized the tradeoff between providing convenient technology to improve lives only works as designed if users do a lot of "heavy lifting". This was a problem we decided to take seriously and solve. 

Unburdening the End User

The essential elements for the digital society of the near future are "anyone", "anytime" and can be used immediately without worries. Moreover, the handling of personal information used for authentication is not entrusted to just anyone.

We focused on this problem and developed a solution that subverts the common sense of traditional authentication technology. The solution is named “DZ Security”. This video is an example using the technical element “DZ Authentication” (that is, background authentication).

Miwa Smart Lock System with DZ Security Demonstration Video:

What should be noted is the trust relationship between the user and the device. To maintain and achieve a high-security level, the registered users are authenticated by “Background Authentication”, using biometrics like face authentication, voiceprint authentication, and user behavior combined with habits and usage history. This unique technology addresses the problem that is not solved by smart locks “equipped with an AI (face recognition) camera” or “key in smartphone”.

This is a new way of thinking about authentication. The most important factor is the usage of biometrics as the “key” when authenticating a person as a registered user. Because biometrics are constantly changing daily, we would never trust the data from one year ago to identify the user now. By combining biometric data with additional data such as a user's usage history and habits, we can perform background authentication and parallel processing to provide a very high level of security. It is a different authentication method from the conventional authentication technology and provides a security solution which does not burden the user at all. Since, it is all executed in the terminal device, there is no need to pass personal information to others. The user has no way of knowing which specific data related to the authentication factor is used for authentication. By using this method, it helps to prevent technological crime effectively as it is nearly impossible for criminals to impersonate.

The registered user is identified by DZ authentication, and the unique identification information (UUID) is delivered from the device to the door with Bluetooth. If a non-registered user uses the same device in an attempted to unlock a door, for example, it would fail. However, a multi-account setting is possible with the registered user’s permission. This project is achieved through joint development with Miwa Lock Co., Ltd., which owns the largest market share in Japan’s lock market.

DZ Security authentication function implemented by software

DZ Security's face authentication and voiceprint authentication are available on the edge devices (that is, iPhone, Android, and Windows 10) based on our Machine Learning algorithm. The following is the basic configuration of the face and voiceprint authentication.

Figure 1: Face Recognition Module

Figure 2: Voice Recognition Module

The “auxiliary authentication” of DZ authentication consists of multiple identification methods such as confirming the device is a Secure Bluetooth device and user habits. As part of the authentication process, these checks are performed in parallel along with biometric data and determines the legitimacy of the user.

Figure 3: Identification Method based on DZ Authentication's unique "Auxiliary Authentication (behavior/habit/usage history etc.)"

Multiple authentications performed in the background makes the algorithm more complicated. It is difficult to adjust to dynamically fluctuating authentication method and achieve a reliable and accurate authentication environment. We have succeeded in performing this background authentication method as described in Figure 4.

Figure 4: Personal authentication method performed in the background

Overall Evaluation, which integrates and calculates multiple authentication methods (Fig. 4), has the advantages of not only improving authentication accuracy and usability but also making effective use of computational resources. To maximize these advantages, we have developed a transition matrix model between authentication methods as a mathematical model that satisfies this. It is possible to optimize the transition matrix between individual authentication sensing based on a unique evaluation index, and dynamically select the best authentication method according to the situation.

Figure 5: Recognition method transition matrix

In figure 6, we have built an ARUAR (Accumulated Registered User Absence Risk) model for optimizing the transition matrix. 

Figure 6: Accumulated Registered User Absence Risk Model (ARUAR Model)

Going from top to bottom, the Recognition Method Manager and Authentication Manager manages:

• Authentication methods and authentication results
• The Scheduler that schedules multiple authentication methods
• The domain-specific language dzPPL which is suitable for compound authentication.
  
  The compound authentication result is calculated by the User Absence Risk (UAR) and managed by the Authentication Manager. Then, the information of Recognition Method Manager and Authentication Manager is integrated into Scheduler and used for the optimization of the transition matrix. These operations are performed at high speed by dzPPL that was originally developed and optimized for compound authentication.

Arm CPU Core planning

By implementing each authentication module of DZ authentication in hardware, the background authentication function demonstrates its full potential and provides a comfortable environment for users. We aim to achieve the function of DZ authentication through using the power-saving, high-performance Arm CPU core to operate on edge devices more comfortably and at a low cost.

Figure 7: Phase1

Phase 1 uses the Xilinx Zynq-7000 series as the target device and achieves the DZ authentication function in the form of Arm core (Software) + User Logic (Hardware). In this phase, the biometric authentication function is achieved by Programmable Logic of the Xilinx Zynq-7000 series device. It optimizes the performance of each authentication element for hardware, and tries with the AI element architecture.

Figure 8: Phase2

In this phase, the usage and integration process of each authentication module of DZ authentication will complete through Arm CPU core (that is, Arm Cortex-M) + User Logic. The functions of DZ authentication are fully implemented in hardware.

By achieving DZ authentication functions through hardware, the authentication performance (i.e. processing speed) on the edge device side improves, while the cost (power consumption) is reduced. In addition, a better UI and UX for users is provided. There is no setting or operation is needed before using the edge devices, and it is possible to adapt to various devices including IoT devices. We are currently investigating other types of hardware, such as card-type devices used for personal authentication (Arm CPU core is recommended).

What is next? 

We are building a DZ Security smartphone application proof of concept for Factory Automation in Mitsubishi Electric Corp.’s factory (joint patent application in progress). Also, we are conducting research and development on its effectiveness and practical use case.

In conclusion

Our vision for security is that If a device can provide biometrics-based authentication as the only key, the risk of security loopholes is removed, and users are set free. It should be possible for the world to freely access various digital services securely, when and where they want. We believe that this should be the near future of digital society.

Learn More About AnchorZ Security Solutions

References:

Council of Anti-Phishing Japan. (2019, 5 16). インターネットサービス提供事業者に対する「認証方法」に関するアンケート調査結果（速報）を公開 (2019/05/16). Retrieved from Council of Anti-Phishing Japan: https://www.antiphishing.jp/news/info/wg_auth_report_20190516.html

The Verge. (2018, 1 23). Over 90 percent of Gmail users still don’t use two-factor authentication. Retrieved from The Verge: https://www.theverge.com/2018/1/23/16922500/gmail-users-two-factor-authentication-google