Windows Hello 臉部驗證Windows Hello face authentication

在 Windows 10 的 Microsoft 臉部驗證是稱為 Windows Hello 的核心 Microsoft Windows 元件整合到 Windows 生物特徵辨識架構 (WBF) 的企業級身分識別驗證機制。Microsoft face authentication in Windows 10 is an enterprise-grade identity verification mechanism that's integrated into the Windows Biometric Framework (WBF) as a core Microsoft Windows component called Windows Hello. Windows Hello 臉部驗證會利用特別設定為接近紅外線 (IR) 映像來進行驗證和 Windows 裝置解除鎖定,以及解除鎖定您的 Microsoft Passport 的相機。Windows Hello face authentication utilizes a camera specially configured for near infrared (IR) imaging to authenticate and unlock Windows devices as well as unlock your Microsoft Passport.

主要優點和功能的 Windows Hello 臉部驗證Key benefits and capabilities of Windows Hello face authentication

若要使用 Windows Hello 臉部驗證的主要優點如下:These are the key benefits to using the Windows Hello face authentication:

  • 跨所有 Windows 10 裝置與平台相容的硬體 (靠近 IR 感應器) 的臉部辨識。Facial recognition across all Windows 10-based devices and platforms with compatible hardware (near IR sensor).
  • 方便使用的介面,提供單一登形式的驗證,以解除鎖定您的 Microsoft Passport。A user-friendly interface that provides single sign form of verification to unlock your Microsoft Passport.
  • 企業級的驗證和存取 Microsoft Passport Pro 支援的內容,包括網路資源、 網站和付款方式。Enterprise-grade authentication and access to Microsoft Passport Pro supported content, including network resources, websites, and payment instruments.
  • 能夠提供一致使用的映像 (IR) 中不同光源條件,也可讓細微的變更,包括鬍子,外觀的結構,以及等等的外觀。The ability to provide a consistent image (using IR) in diverse lighting conditions that also allows for subtle changes in appearance including facial hair, cosmetic makeup, and so on.

案例Scenarios

Windows Hello 臉部驗證 Windows 10 中的兩個主要案例是驗證登入或解除鎖定,並證明您仍然會有的重新驗證。The two primary scenarios for Windows Hello face authentication in Windows 10 are authentication to log on or unlock, and re-authentication to prove you are still there.

[驗證]Authentication

平均持續時間average duration < 2 秒< 2 seconds
預期的頻率expected frequency High
頻率說明frequency description 發生在每次使用者想要解除鎖定其裝置,或移至將在鎖定畫面Occurs every time a user wants to unlock their device or moves past the lock screen

重新驗證Re-authentication

平均持續時間average duration < 2 秒< 2 seconds
預期的頻率expected frequency Low
頻率說明frequency description 發生於應用程式或網站想要重新驗證使用者在其裝置之前Occurs when an application or web site would like to re-verify that the user is in front of their device

運作方式How it works

Windows Hello 臉部辨識引擎是由四個不同的步驟可讓 Windows 若要了解誰是前面感應器所組成:The Windows Hello face recognition engine consists of four distinct steps that allow Windows to understand who is in front of the sensor:

  1. 找到的臉部,並探索地標Find the face and discover landmarks

    在第一個步驟中,演算法會在相機資料流中偵測到使用者的臉部,然後再找出臉部的地標點 (也稱為對齊點為單位),這會對應到眼睛、 鼻子、 說話,等等。In this first step, the algorithm detects the user’s face in the camera stream and then locates facial landmark points (also known as alignment points), which correspond to eyes, nose, mouth, and so on.

  2. 前端方向Head orientation

    若要確保演算法有足夠的檢視中,以決定驗證臉部,它可確保使用者正朝向 + /-15 度裝置面向。To ensure the algorithm has enough of your face in view to make an authentication decision, it ensures the user is facing towards the device +/- 15 degrees.

  3. 表示法向量Representation vector

    使用地標位置做為錨點,演算法會接收來自不同的區域,來建置以表示正面的數千個範例。Using the landmark locations as anchor points, the algorithm takes thousands of samples from different areas of the face to build a representation. 在最基本的形式表示法是長條圖表示細節點周圍的淺色與深色的差異。The representation at its most basic form is a histogram representing the light and dark differences around specifics points. 不會儲存所面臨的任何映像 – 的表示法。No image of the face is ever stored – it is only the representation.

  4. 決策引擎Decision engine

    感應器前面之使用者的表示法後,它是相較於實體裝置上已註冊的使用者。Once there is a representation of the user in front of the sensor, it is compared to the enrolled users on the physical device. 表示必須跨機器學習的閾值,此演算法會接受其為正確的相符項目之前。The representation must cross a machine-learned threshold before the algorithm will accept it as a correct match. 如果有多個系統上註冊的使用者,此臨界值會隨之增加以協助確保安全性不會受到危害。If there are multiple users enrolled on the system, this threshold will increase accordingly to help ensure that security is not compromised.

註冊Enrollment

註冊是產生的表示法或您自己的表示法的整組的步驟 (例如有眼鏡您可能需要註冊並沒有它們) 並將它們儲存在系統中供未來比較。Enrollment is the step of generating a representation or set of representations of yourself (for example if you have glasses you may need to enroll with them and without them) and storing them in the system for future comparison. 此表示法的集合會呼叫您的註冊設定檔。This collection of representations is called your enrollment profile. Microsoft 永遠不會儲存實際的映像,並註冊資料永遠不會傳送至網站或應用程式進行驗證。Microsoft never stores an actual image and your enrollment data is never sent to websites or applications for authentication.

從安全性和資料完整性的觀點來看,Microsoft 會認為註冊必須要自己相異的步驟,以確保它只是一直在您的感應器前面。From a security and data integrity perspective, Microsoft believes enrollment needs to be its own distinct step to ensure it is only ever you in front of the sensor. Windows 會永遠不會自動更新您的註冊資訊,您一律可以控制。Windows will never automatically update your enrollment information – you are always in control. 這有助於確保您的設定檔不受影響近端的人員或任何其他可能會危及健全性和安全性的機制。This helps ensure that your profile is not impacted by people nearby or by any other mechanism that might compromise robustness and security. 您的設定檔可以手動更新、 重設,或您選擇的任何時間移除了。Your profile can be manually updated, reset, or removed any time you choose.

大部分的使用者可能必須一次註冊每個裝置。Most users will likely need to enroll once per device. 其他註冊所需的使用者,:Additional enrollments are needed for users that:

  • 偶爾穿上特定類型的眼鏡Occasionally wear certain types of glasses
  • 有臉部的圖形或紋理的重大變更Have had major changes to facial shape or texture
  • 移至具有高的環境環境近乎 IR light (比方說,如果您在陽光需要您的裝置外)Move to environments with high ambient near IR light (for example, if you take your device outside in the sunshine)

Near 的紅外線的優點Benefits of near infrared

發行後的第一個 Kinect Xbox 360 上使用臉部辨識,Microsoft 了解上提供一致的映像的環境光線信賴憑證者所提供使用者體驗不佳。After the release of face recognition with the first Kinect on Xbox 360, Microsoft learned that relying on ambient light to provide a consistent image provided a poor user experience. 人 live,並在各種不同的環境中,有各種光線條件中運作。People live and work in a variety of environments, with an assortment of lighting conditions. 音量調亮度、 曝光度或其他的設定,以建立可用的映像 – 全都會影響系統的健全性的成品公開 (expose) 依賴傳統色彩辨識系統。Traditional color recognition systems rely on turning up the brightness, exposure, or other settings to create a useable image – all of which expose artifacts that impact the robustness of the system.

相反地,幾近紅外線映像會在環境光源的情況下,一致,如您所見下面。In contrast, near infrared images are consistent across ambient lighting scenarios, as you can see below.

案例Scenario 從整合式相機的彩色影像Color Image from integrated Camera 從 Microsoft 參考感應器的 IR 映像IR Image from Microsoft Reference Sensor
低 light 代表觀賞電視節目或 PowerPoint 簡報Low light representative of watching TV or giving a PowerPoint presentation 從整合式相機的彩色影像 從 microsoft 參考感應器-不足的 ir 映像
側邊光源正坐在視窗或服務台 lamp 時Side lighting when sitting near a window or desk lamp 使用色彩的映像的側邊光源 從 microsoft 參考感應器-光源的邊的 ir 映像

使用紅外線也有助於詐騙,因有利於防止最容易存取的攻擊。Using IR also helps with spoofing because it helps prevent the most accessible attacks. 比方說,IR 不顯示在相片,因為它是不同的 wavelength,而且您可以看到下面,映像的映像不會顯示在相片或 LCD 顯示器。For instance, IR doesn't display in photos because it's a different wavelength, and as you can see below, the images the images do not display in photos or on an LCD display.

板型規格

精確度的測量方式How accuracy is measured

當 Microsoft 將談論的 Windows Hello 臉部驗證精確度時,有三個主要的量值使用:誤判、 真肯定和誤否定。When Microsoft talks about the accuracy of Windows Hello face authentication, there are three primary measures used: False Positives, True Positives, and False Negatives.

詞彙Term 誤判False Positive 真肯定True Positive 誤否定False Negative
描述Description 這有時也計算方式為 False 的接收速率,代表隨機使用者會取得實體存取您的裝置會辨識為您的可能性。Sometimes also calculated as a False Acceptance Rate, this represents the likelihood a random user who obtains physical access to your device will be recognized as you. 這個數字應該越低越好。This number should be as low as possible. 真肯定 」 的比率表示使用者將會正確地符合其已註冊的設定檔位於前方感應器每次的可能性。The True Positive rate represents the likelihood a user will be correctly matched to their enrolled profile each time they are positioned in front of the sensor. 這個數字應該很高This number should be high 表示使用者未對應到其已註冊的設定檔的可能性。Represents the likelihood a user is not matched to their enrolled profile. 這個數字應該很小。This number should be low.
Windows 10 的演算法Windows 10 Algorithm 小於 0.001%或 1/100,000 到目前為止Less than 0.001% or 1/100,000 FAR 大於 95%,並使用單一已註冊的使用者Greater than 95% with a single enrolled user 小於 5%與任何已註冊使用者Less than 5% with a single enrolled user

計量測量中的錯誤很重要,因此 Microsoft 將這些分類有兩種: 偏差錯誤 (系統化的錯誤) 和隨機的錯誤 (取樣)。Accounting for errors in measurement is important, so Microsoft categorizes them in two ways: bias errors (systematic errors) and random errors (sampling).

偏差的錯誤Bias errors

因為不使用代表環境和條件中使用之演算法的資料可能會發生偏差的錯誤。Bias errors may occur as a result of not using data that is representative of the environments and the conditions in which the algorithm is used. 這種錯誤可能起因於不同環境的條件 (例如光源,感應器、 距離和等等的角度),以及它並不表示,如果傳送裝置的硬體。This type of error can result from different environmental conditions (such as lighting, angle to sensor, distance, and so on) as well as hardware that is not representative if shipping devices.

隨機的錯誤Random errors

使用不符合母體擴展多元化,實際上會使用此功能的資料會產生隨機的錯誤。Random errors results from using data that doesn’t match the population diversity that will actually be using the feature. 例如,將焦點放在較少的不具眼鏡、 beards 或唯一的臉部特徵的臉部。For example, focusing on a small set of faces without glasses, beards, or unique facial features.

Windows 生物特徵辨識架構 APIWindows Biometric Framework API