Threat intelligence expert Azril Rahim (pic below) also welcomed the step forward. "Biometric recognition, particularly face recognition, is always a good method to be used for authentication - particularly in access control and to establish trust."
"The only problem in ensuring the capability, integrity and availability of the system is how well it can handle spoofing attacks," said Azril.
"Since 2005 there has a lot of research on anti-spoofing," he continued. "In general, anti-spoofing techniques may be classified into three different groups: hardware-level, software-level and score-level. It is generally good to evaluate iPhone-X Face ID based on these three groups to see if it is up to meet the specs define in ISO/IEC 30107-1:2016 on biometric attacks."
"Facial recognition technology works by scanning the actual face as input, and then processing it for recognition and authentication," Azril said, moving onto Apple's implementation.
First, on a Hardware-Level. "It is good to learn that Apple purchased a company called PrimeSense in 2013," he commented. "The company holds several intelligent IPs (intellectual properties) in providing 3D sensing. One of the key technologies allows a blasting of 30,000 infra-red dots onto the face, scan it in 3D, and then project the sample in 3D. Just before the acquisition by Apple, PrimeSense licensed its sensor technology to Microsoft to produce Xbox Kinect. The product has won several awards in detecting human figure at blazing speeds. To read more how Xbox Kinect works, read it here."
"Apple's TrueDepth camera is using the technology in detecting the human face and can detect a spoofing attack from high resolution prints. Indeed, Apple claims that the TrueDepth camera be able to distinguish even a rubber mask based on the IR dot reflections, which are specific to actual human skin."
Secondly, on a Software-Level, Rahim said, "The latest A11 Bionic chip is more than enough for the iPhone X to run any machine learning algorithms against data it will receive from the TrueDepth camera. Software based machine learning is perhaps the earliest attempt in detecting biometric spoofing."
"In general, software base machine learning is divided into static and dynamic analysing processes," he explained. "The only real challenge with machine learning is (a) how your accurate is your data and (b) how to 'train' it. Without a doubt, 30,000 IR dots data and a specific focus model on the face should make machine learning training easier and lead to reduced false positives."
Finally, on the Score-Level, Azril said: "The initial scanning of the face will constitute the actual reference data. The combined results between hardware and software results will then be put into a scoring table. This Scoring table is used to determine if a person is wearing glasses, on heavy makeup, wearing hat, and so on. In most research, the scoring level will be the final stage in anti-spoofing protocols. The advantage of iPhone X reference data is that there is only one face - the owner's."
His verdict: "iPhone X's Face ID is simply a breakthrough in making face detection into an actual working product for access control and authenticity. Prior to this, face detection is only for motion sensor."