TECHNICAU FIEUD

[0001] The present disclosure generally relates to a user authentication method and a user authentication system.

BACKGROUND

[0002] Identity theft occurs when someone masquerades as another person and uses the person’s identification and authentication information, e.g., identifier, password etc. without the person’s permission to access information, commit fraud or other crimes. Business entities and service providers typically mitigate identity theft by implementing multi-factor authentication, in which a user is granted access only after successful presentation of two or more factors to an authentication mechanism. Examples of the two or more factors include knowledge factors (something only the user knows, e.g., passwords), possession factors (something only the user has, e.g., security tokens) and inherence factors (something only the user is, e.g., biometric information). Multi-factor authentication typically provides an additional layer of security as another piece of authentication data beyond that of an identifier and password is required.

[0003] Some user authentication systems use facial recognition as the inherence factor to authenticate users by comparing the users’ face captured in a photograph or an image frame from a video against images stored within the system. While facial recognition may be less accurate than iris recognition and fingerprint recognition, it is widely adopted as an authentication method due to its contactless process and low cost of implementation. However, these systems have become more vulnerable to attacks. Advances in image sensor technologies, widespread sharing of self-portrait photographs on online social networks and weak data protection have allowed malicious actors to more easily obtain high-resolution face images or videos of registered users, and use these images and/or videos to circumvent authentication systems that adopt facial recognition as an authentication method, to commit identity theft.

[0004] A need therefore exists to improve the manner in which users can be authenticated.

SUMMARY

[0005] In an embodiment, there is provided a user authentication method. The method includes generating, using a processing device, a three-dimensional representation of a user’s face based on a plurality of images, each of the plurality of images capturing a different view of the user’s face, generating, using the processing device, a feature vector based on the three-dimensional representation of the user’s face, and authenticating the user, using the processing device, based on a comparison between the generated feature vector and a registered feature vector.

[0006] In an embodiment, there is provided a user authentication system. The user authentication system comprises a processing device. The processing device is configured to generate a three-dimensional representation of a user’s face based on a plurality of images, each of the plurality of images capturing a different view of the user’s face, generate a feature vector based on the three-dimensional representation of the user’s face, and authenticate the user based on a comparison between the generated feature vector and a registered feature vector.

[0007] Details of one or more embodiments of the subject matter of this specification are set forth in the accompanying drawings and the description below. Other desirable features and characteristics will become apparent from the subsequent description and the appended claims, taken in conjunction with the accompanying drawings and the background of the disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS [0008] Embodiments will be better understood and readily apparent to one of ordinary skill in the art from the following written description, by way of example only, and in conjunction with the drawings, in which:

[0009] FIG. 1 shows a flowchart illustrating an example of a method for authenticating a user, in accordance with embodiments of the disclosure.

[0010] FIG. 2 shows a flowchart illustrating an example of a method for associating a registered feature vector with a user, in accordance with embodiments of the disclosure.

[0011] FIG. 3 A shows a schematic diagram illustrating an exchange of information in a user authentication system, in accordance with embodiments of the disclosure.

[0012] FIG. 3B shows a schematic diagram illustrating an exemplary face and a plurality of images taken at different angles relative to the exemplary face, in accordance with embodiments of the disclosure. [0013] FIG. 3C shows a schematic diagram illustrating an example of a method for determining three-dimensional positions of features captured in a plurality of images, in accordance with embodiments of the disclosure.

[0014] FIG. 4 shows a schematic diagram of a system configured to authenticate a user, in accordance with embodiments of the disclosure.

[0015] FIG. 5 shows a schematic diagram of an example of a computing device used to realise the systems of FIGs. 3 and 4.

[0016] Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been depicted to scale. For example, the dimensions of some of the elements in the illustrations, block diagrams or flowcharts may be exaggerated in respect to other elements to help to improve understanding of the present embodiments.

DETAILED DESCRIPTION OF THE EMBODIMENTS

[0017] Embodiments of the present disclosure will be described, by way of example only, with reference to the drawings. Like reference numerals and characters in the drawings refer to like elements or equivalents.

[0018] Some portions of the description which follows are explicitly or implicitly presented in terms of algorithms and functional or symbolic representations of operations on data within a computer memory. These algorithmic descriptions and functional or symbolic representations are the means used by those skilled in the data processing arts to convey most effectively the substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. The steps are those requiring physical manipulations of physical quantities, such as electrical, magnetic or optical signals capable of being stored, transferred, combined, compared, and otherwise manipulated.

[0019] Unless specifically stated otherwise, and as apparent from the following, it will be appreciated that throughout the present specification, discussions utilizing terms such as “associating”, “calculating”, “comparing”, “determining”, “extracting”, “forwarding”, “generating”, “identifying”, “including”, “inserting”, “modifying”, “receiving”, “recording”, “replacing”, “scanning”, “transmitting”, “updating” or the like, refer to the action and processes of a computer system, or similar electronic device, that manipulates and transforms data represented as physical quantities within the computer system into other data similarly represented as physical quantities within the computer system or other information storage, transmission or display devices.

[0020] The present specification also discloses apparatus for performing the operations of the methods. Such apparatus may be specially constructed for the required purposes or may include a computer or other computing device selectively activated or reconfigured by a computer program stored therein. The algorithms and displays presented herein are not inherently related to any particular computer or other apparatus. Various machines may be used with programs in accordance with the teachings herein. Alternatively, the construction of more specialized apparatus to perform the required method steps may be appropriate. The structure of a computer will appear from the description below.

[0021] In addition, the present specification also implicitly discloses a computer program, in that it would be apparent to the person skilled in the art that the individual steps of the method described herein may be put into effect by computer code. The computer program is not intended to be limited to any particular programming language and implementation thereof. It will be appreciated that a variety of programming languages and coding thereof may be used to implement the teachings of the disclosure contained herein. Moreover, the computer program is not intended to be limited to any particular control flow. There are many other variants of the computer program, which can use different control flows without departing from the spirit or scope of the disclosure.

[0022] Furthermore, one or more of the steps of the computer program may be performed in parallel rather than sequentially. Such a computer program may be stored on any computer readable medium. The computer readable medium may include storage devices such as magnetic or optical disks, memory chips, or other storage devices suitable for interfacing with a computer. The computer readable medium may also include a hard-wired medium such as exemplified in the Internet system, or wireless medium such as exemplified in the mobile telephone system. The computer program when loaded and executed on a computer effectively results in an apparatus that implements the steps of the preferred method.

[0023] In embodiments of the present disclosure, the term ‘server’ may mean a single computing device or a computer network of a plurality of interconnected computing devices which operate together to perform one or more functions. In other words, the server may be contained within a single hardware unit or be distributed among several or many different hardware units. [0024] The term “configured to” is used in the specification in connection with systems, apparatus, and computer program components. For a system of one or more computers to be configured to perform particular operations or actions means that the system has installed on its software, firmware, hardware, or a combination of them that in operation cause the system to perform the operations or actions. For one or more computer programs to be configured to perform particular operations or actions means that the one or more programs include instructions that, when executed by data processing apparatus, cause the apparatus to perform the operations or actions. For special-purpose logic circuitry to be configured to perform particular operations or actions means that the circuitry has electronic logic that performs the operations or actions.

[0025] User authentication can be considered a form of fraud detection, to verify identities of users and to detect potential fraudsters before identity theft and other fraudulent acts can be carried out by malicious actors. Effective authentication can enhance data security of information systems and protect data from unauthorised users. Facial recognition may be employed in an authentication method, enabling a contactless process and offering low cost of implementation. Some authentication systems use facial recognition to identify and verify users, by comparing a human face from a photograph or an image frame from a video against images stored within the system. However, these systems have become vulnerable to attacks. Advances in image sensor technologies, widespread sharing of media self-portrait photographs on online social networks and weak data protection may enable malicious actors to obtain and use face images or videos of registered users to circumvent authentication systems that adopt facial recognition as an authentication method, to commit identity theft.

[0026] Embodiments of the present disclosure seek to provide a method and system that can authenticate a user based on a feature vector generated using a three-dimensional representation of the user’s face. The three-dimensional representation can be generated based on a plurality of images each capturing a different view of the user’s face. The plurality of images can be self-portrait photographs of the user, taken from various angles by the user, to provide different perspectives or views of the user’s face. Additionally or alternatively, the plurality of images can be self-portrait photographs of the user captured under a different lighting condition (e.g. a series of photos taken from substantially the same angle but with lighting from different directions, e.g. above/below/left/right) or self-portrait photographs of the user captured at various distances (e.g. a series of photos taken from substantially the same angle but at different distances) to provide different perspectives or views of the user’s face. The feature vector generated using the three-dimensional representation of the user’s face comprises depth information. The feature vector can be used in mitigating attempts from malicious actors to circumvent authentication systems by using face images or videos of registered users. Thus, the user authentication method and system in accordance with embodiments of the present disclosure can improve reliability and/or effectiveness of validating an inherence factor (i.e., something only the user is) in an authentication process.

[0027] The techniques described in the disclosure can produce one or more technical effects. Particularly, implementations of a user authentication method that verify a user based on a feature vector generated using a three-dimensional representation of the user’s face, can result in a more reliable, effective, and robust verification of an inherence factor in the authentication process as compared to authentication based on two-dimensional face images using traditional computer vision algorithms. The implementations can also provide liveness detection, and can determine whether facial images are of a live user or a reproduction. Such a determination can be made because three-dimensional representations generated based on a real face tend to be significantly different from representations generated based on a planar face image. This can lead to improved accuracy and reliability of fraud detection and authentication. Furthermore, the method can also facilitate the identification of users that have been exploited by malicious actors, especially when photographs of the users are presented in attempts to circumvent a user authentication process.

[0028] FIG. 1 shows a flowchart illustrating an example of a method 100 for authenticating a user, in accordance with embodiments of the disclosure. The method 100 can be implemented with a user authentication system 300 shown in FIG. 3A, which includes a device 302 that is configured to transmit a plurality of images 312, 318, a processing device 304 and a database 306. The method 100 broadly includes step 102 of generating, using the processing device 304, a three-dimensional representation of a user’s face based on a plurality of images, each of the plurality of images capturing a different view of the user’s face, and step 104 of generating, using the processing device 304, a feature vector based on the three-dimensional representation of the user’s face. The method 100 also includes step 106 of authenticating the user, using the processing device 304, based on a comparison between the generated feature vector and a registered feature vector.

[0029] The method 100 is described in detail with reference to FIG. 3A, which shows a schematic diagram illustrating an exchange of information in the user authentication system 300 in a user authentication process 310. In embodiments, the method 100 can include receiving the plurality of images 318 each capturing a different view of the user’s face. The plurality of images 318 can be transmitted by the device 302. For example, the plurality of images 318 can include self-portrait photographs of the user, taken from various angles by the user, to provide different perspectives or views of the user’s face. FIG. 3B shows a schematic diagram illustrating an exemplary face and a plurality of images taken at different angles relative to the exemplary face, in accordance with embodiments of the disclosure. Additionally or alternatively, the plurality of images 318 can include self-portrait photographs of the user captured under different lighting conditions (e.g. a series of photos taken from substantially the same angle but with lighting from different directions, e.g. above/below/left/right) or self-portrait photographs of the user captured at various distances (e.g. a series of photos taken from substantially the same angle but at different distances from the user’s face) to provide different perspectives or views of the user’s face. The device 302 can include an image sensor, and the plurality of self-portrait photographs of the user can be captured using the image sensor, via relative movement between the image sensor and the user. In one embodiment, the plurality of images 318 can be captured with the user turning his/her head relative to the image sensor. In another embodiment, the plurality of images 318 can be captured with the user moving the device 302 (and hence the image sensor) relative to his/her head. Motion data from motion sensors on the device 302 can be recorded if the image sensor is moved by the user during the process of capturing the plurality of images 318. In some embodiments, a video self-portrait can be captured by the user, and the plurality of images 318 each capturing a different view of the user’s face can be extracted from the video self-portrait using the device 302, with a library of programming functions for image and video processing. In an embodiment, the plurality of images 318 can comprise a predetermined number of image frames (e.g. 60), extracted at regular time intervals from the video self-portrait capturing motion of the user’s face, as the user’s face moves from a left side view (i.e. a view of user’s left side face, at approximately 90 degree with respect to a normal that is orthogonal from a plane of the face) to a right side view (i.e. a view of user’s right side face, at approximately 90 degree with respect to the normal that is orthogonal from the plane of the face).

[0030] Structure from Motion (SfM), an imaging technique for generating three-dimensional structures from two-dimensional image sequences, can be used to construct the three- dimensional representation 320 of the user’s face in step 102. For example, features or points (e.g., image gradients) associated with the user’s face in the plurality of images can be identified, matched and then tracked across the plurality of images 318 using the processing device 304. Trajectories of the features or points across the plurality of images 318 can be combined with camera parameters (e.g., focal length, radial distortion, etc.) using the processing device 304 to obtain depth information and the depth information can be used to determine three-dimensional positions of the features. Each three-dimensional position associated with the features can be considered a three-dimensional point, represented by a three-dimensional vector. A collection of the three-dimensional positions forms the three- dimensional representation 320 of the user’s face. The three-dimensional representation 320 is also known as a three-dimensional point cloud, and is a set of data points in space representative of the three-dimensional shape of the user’s face. Each data point has its set of X, Y and Z coordinates. In other words, the step of generating the three-dimensional representation 320 of the user’s face can include determining, using the processing device 304, the camera parameters and the three-dimensional points associated with each of the plurality of images 318 and constructing, using the processing device 304, the three- dimensional representation 320 of the user’s face based on the camera parameters and the three-dimensional points associated with each of the plurality of images.

[0031] In embodiments, motion data from the device 302 can also be used in generating the three-dimensional representation 320 of the user’s face. For example, as shown in FIG. 3C, common features or points associated with the user’s face (e.g., P and Q) can identified in each image of the plurality of images (e.g., Pi, P2 ... P _n , and Qi, Q2 ... Q _n )· The motion data and the camera parameters can be used to determine relative positions of the image sensor (e.g., Ci, C2 ... C _n ) with respect to the user’s face in the plurality of images. A line of sight or ray, passing from the camera position (e.g., Ci, C2 ... C _n ) through the common points identified in each image of the plurality of images (e.g., Pi, P2 ... P _n , and Qi, Q2 ... Q _n ) can then be determined. The intersection of these rays (triangulation) can determine the three- dimensional position of the point associated with the user’s face (e.g., P and Q).

[0032] In various implementations, multiple view stereo (MVS) approaches (e.g., volumetric reconstruction, point cloud reconstruction, depth map-based methods) can be executed by the processing device 304 to further enhance the three-dimensional representation 320 of the user’s face obtained from SfM and to generate the feature vector 322 based on the three- dimensional representation 320 of the user’s face. For example, MVS approaches can be used to further refine depth information contained in the three-dimensional point cloud, reconcile inconsistencies and remove redundancies that may arise in the SfM process, and perform fusion process on those points to obtain a dense point cloud object. The dense point cloud object is also known as the feature vector 322 and is a three-dimensional numerical representation of the user’s face. In other words, the processing device 304 can generate the feature vector 322 based on the three-dimensional representation of the user’s face in step

104.

[0033] The processing device 304 can authenticate the user based on a comparison 324 between the generated feature vector and a registered feature vector 316. The registered feature vector 316 can be retrieved from the database 306. The registered feature vector 316 is a numerical representation of the user’s face that is generated and stored within the database 306 during user registration process 308, when the user registers for a service or with a system associated with the user authentication system 300. A similarity score can be calculated based on the comparison between generated feature vector 322 and the registered feature vector 316, and the user can be authenticated based on the similarity score. In an implementation, to compute the similarity of two feature vectors, a cosine similarity method is adopted. Cosine similarity measures the similarity between two vectors of an inner product space. Mathematically, cosine similarity measures the cosine of the angle between two vectors projected in a multi-dimensional space. A smaller angle (and thus a larger cosine) indicates a higher similarity. That is, cosine similarity is measured by the cosine of the angle between two vectors and determines whether two vectors are pointing in roughly the same direction. A formula that can be used to compute cosine similarity is as follows: where A, and Bi are components of vector A and B, respectively.

[0034] The output of the similarity measurement can be a score of between 0 to 1. A score of 1 indicates that the generated feature vector 322 and the registered feature vector 316 are identical, while a score of 0 indicates that the generated feature vector 322 and the registered feature vector 316 are completely different. In various embodiments, a variability threshold based on the cosine similarity can be used to authenticate the user. For example, a variability threshold of 0.8 can be set, and the user can be authenticated on a condition that the cosine similarity score is larger than the variability threshold. That is, the generated feature vector and the registered feature vector are considered similar and the user can be authenticated if the cosine similarity score is above 0.8. The processing device 304 can transmit a message 326 to the device 302, the message 326 indicative of a result of the comparison.

[0035] In various implementations, the step 102 of generating the three-dimensional representation 320 of the user’s face can include determining, using the processing device 304, whether at least one of the plurality of images 318 matches one of a predetermined set of views of the user’s face and generating, using the processing device 304, a request for a specific view of the user’s face if none of the plurality of images 318 matches the specific view within the predetermined set of views. For example, a left side view of the user’s face (i.e. a view of user’s left side face, at approximately 90 degree with respect to a normal that is orthogonal from a plane of the face) is included in the predetermined set of views of the user’s face required to authenticate the user, and the processing device 304 can determine whether the plurality of images 318 received include the left side view of the user’s face, and generate a request for a left side view of the user’s face if none of the plurality of images matches the left side view of the user’s face.

[0036] Moreover, the authentication method can provide additional liveness detection to identify malicious actors (e.g., identity spoofers), by requiring submission of a specific view of the user’s face typically not included in self-portraits in the plurality of images during user authentication (e.g., perspective top left side view or perspective bottom right side view of the user’s face). If the specific view is not included in the plurality of images, the processing device 304 can generate a request for the specific view of the user’s face. Additionally, if the specific view is not received within a predetermined time period, the processing device 304 may flag the associated user account as under attack.

[0037] FIG. 2 shows a flowchart illustrating an example of a method 200 for associating a registered feature vector with a user in a registration process, in accordance with embodiments of the disclosure. In embodiments, as will be described in more details with reference to FIG. 3A, the method 200 can be implemented with the authentication system 300 during a user registration process 308, to register a user to the system or service associated with the authentication system 300. The authentication system 300 includes the device 302, the processing device 304 and the database 306.

[0038] The method 200 broadly includes step 202 of receiving a registration request comprising a plurality of registration images 312, each of the plurality of registration images capturing a different view of the user’s face, step 204 of generating, using the processing device 304, a three-dimensional registration representation 314 of the user’s face based on the plurality of registration images 312 and step 206 of generating, using the processing device 304, the registered feature vector 316 based on the three-dimensional registration representations 14 of the user’s face. The method 200 also includes step 208 of associating the registered feature vector with the user. The method 200 can further include transmitting, using the processing device 304, the registered feature vector 316 to the database 306 for storage. The registered feature vector 316 can be retrieved from the database 306 by the processing device 304, to authenticate the user when the user seeks access to the service or system. The three-dimensional registration representation of the user’s face and the registered feature vector can be generated by the processing device 304 in a manner similar to that of the three-dimensional representation of the user’s face and the feature vector described in the preceding paragraphs.

[0039] In embodiments, user authentication can be implemented remotely using a remote authentication server, as embodied by user authentication system 300 that is described in detail above. Remote authentication can allow fraud detection to be performed centrally and away from user terminals over unsecure communication channels. This can entail the effect that less resources are required at a local user terminal used for authentication. This can additionally or alternatively entail the effect that less restrictive requirements apply to the data communication channels, e.g., in terms of secure communication or encryption requirements. In alternative embodiments, user authentication can be implemented locally on device 400, which includes image sensor 402, processing device 404, and database 406. The image sensor 402 can be configured to function similarly as the aforementioned image sensor in device 302. The processing device 404 and the database 406 can be configured to function similarly as the processing device 304, and the database 306 respectively. This can entail the effect that processing can be performed locally and/or that less restrictive requirements apply to the data communication channels, e.g., in terms of bandwidth, latency, availability, or security.

[0040] FIG. 5 depicts an example of a computing device 500, hereinafter interchangeably referred to as a computer system 500, where one or more such computing devices 500 may be used to execute the methods 200 and 300 of FIGs. 2 and 3. One or more components of the exemplary computing device 500 can also be used to implement the systems 100, 400 as well as the processing device 402. The following description of the computing device 500 is provided by way of example only and is not intended to be limiting. [0041] As shown in FIG. 5, the example computing device 500 includes a processor 507 for executing software routines. Although a single processor is shown for the sake of clarity, the computing device 500 may also include a multi-processor system. The processor 507 is connected to a communication infrastructure 506 for communication with other components of the computing device 500. The communication infrastructure 506 may include, for example, a communications bus, cross-bar, or network.

[0042] The computing device 500 further includes a main memory 508, such as a random access memory (RAM), and a secondary memory 510. The secondary memory 510 may include, for example, a storage drive 512, which may be a hard disk drive, a solid state drive or a hybrid drive and/or a removable storage drive 517, which may include a magnetic tape drive, an optical disk drive, a solid state storage drive (such as a USB flash drive, a flash memory device, a solid state drive or a memory card), or the like. The removable storage drive 517 reads from and/or writes to a removable storage medium 577 in a well-known manner. The removable storage medium 577 may include magnetic tape, optical disk, non volatile memory storage medium, or the like, which is read by and written to by removable storage drive 517. As will be appreciated by persons skilled in the relevant art(s), the removable storage medium 577 includes a computer readable storage medium having stored therein computer executable program code instructions and/or data.

[0043] In an alternative implementation, the secondary memory 510 may additionally or alternatively include other similar means for allowing computer programs or other instructions to be loaded into the computing device 500. Such means can include, for example, a removable storage unit 522 and an interface 550. Examples of a removable storage unit 522 and interface 550 include a program cartridge and cartridge interface (such as that found in video game console devices), a removable memory chip (such as an EPROM or PROM) and associated socket, a removable solid state storage drive (such as a USB flash drive, a flash memory device, a solid state drive or a memory card), and other removable storage units 522 and interfaces 550 which allow software and data to be transferred from the removable storage unit 522 to the computer system 500.

[0044] The computing device 500 also includes at least one communication interface 527. The communication interface 527 allows software and data to be transferred between computing device 500 and external devices via a communication path 526. In embodiments of the disclosure, the communication interface 527 permits data to be transferred between the computing device 500 and a data communication network, such as a public data or private data communication network. The communication interface 527 may be used to exchange data between different computing devices 500 which such computing devices 500 form part an interconnected computer network. Examples of a communication interface 527 can include a modem, a network interface (such as an Ethernet card), a communication port (such as a serial, parallel, printer, GPIB, IEEE 1394, RJ45, USB), an antenna with associated circuitry and the like. The communication interface 527 may be wired or may be wireless. Software and data transferred via the communication interface 527 are in the form of signals which can be electronic, electromagnetic, optical or other signals capable of being received by communication interface 527. These signals are provided to the communication interface via the communication path 526.

[0045] As shown in FIG. 5, the computing device 500 further includes a display interface 502 which performs operations for rendering images to an associated display 555 and an audio interface 552 for performing operations for playing audio content via associated speaker(s) 557.

[0046] As used herein, the term "computer program product" may refer, in part, to removable storage medium 577, removable storage unit 522, a hard disk installed in storage drive 512, or a carrier wave carrying software over communication path 526 (wireless link or cable) to communication interface 527. Computer readable storage media refers to any non-transitory, non-volatile tangible storage medium that provides recorded instructions and/or data to the computing device 500 for execution and/or processing. Examples of such storage media include magnetic tape, CD-ROM, DVD, Blu-ray™ Disc, a hard disk drive, a ROM or integrated circuit, a solid state storage drive (such as a USB flash drive, a flash memory device, a solid state drive or a memory card), a hybrid drive, a magneto-optical disk, or a computer readable card such as a PCMCIA card and the like, whether or not such devices are internal or external of the computing device 500. Examples of transitory or non-tangible computer readable transmission media that may also participate in the provision of software, application programs, instructions and/or data to the computing device 500 include radio or infra-red transmission channels as well as a network connection to another computer or networked device, and the Internet or Intranets including e-mail transmissions and information recorded on Websites and the like.

[0047] The computer programs (also called computer program code) are stored in main memory 508 and/or secondary memory 510. Computer programs can also be received via the communication interface 527. Such computer programs, when executed, enable the computing device 500 to perform one or more features of embodiments discussed herein. In embodiments, the computer programs, when executed, enable the processor 507 to perform features of the above-described embodiments. Accordingly, such computer programs represent controllers of the computer system 500.

[0048] Software may be stored in a computer program product and loaded into the computing device 500 using the removable storage drive 517, the storage drive 512, or the interface 550. The computer program product may be a non-transitory computer readable medium. Alternatively, the computer program product may be downloaded to the computer system 500 over the communication path 526. The software, when executed by the processor 507, causes the computing device 500 to perform the necessary operations to execute the methods 100, 200 as shown in FIGs. 1 and 2.

[0049] It is to be understood that the embodiment of FIG. 5 is presented merely by way of example to explain the operation and structure of the system 500. Therefore, in some embodiments one or more features of the computing device 500 may be omitted. Also, in some embodiments, one or more features of the computing device 500 may be combined together. Additionally, in some embodiments, one or more features of the computing device 500 may be split into one or more component parts.

[0050] It will be appreciated that the elements illustrated in FIG. 5 function to provide means for performing the various functions and operations of the system as described in the above embodiments.

[0051] When the computing device 500 is configured to realise the system 300 to authenticate a user, the system 300 will have a non-transitory computer readable medium 512 having stored thereon an application which when executed causes the system 300 to perform steps comprising: generating, using a processing device, a three-dimensional representation of a user’s face based on a plurality of images, each of the plurality of images capturing a different view of the user’s face, generating, using a processing device, a feature vector based on the three-dimensional representation of the user’s face, and authenticating the user, using a processing device, based on a comparison between the generated feature vector and a registered feature vector.

[0052] In embodiments, the computing device 500 can include at least one processor 507 and a non-transitory computer-readable storage medium 512 coupled to the at least one processor 507 and storing programming instructions for execution by the at least one processor 507. The programming instructions can instruct the at least one processor 507 to generate a three- dimensional representation of a user’s face based on a plurality of images, each of the plurality of images capturing a different view of the user’s face, and generate a feature vector based on the three-dimensional representation of the user’s face. The programming instructions can also instruct the at least one processor 507 to authenticate the user based on a comparison between the generated feature vector and a registered feature vector.

[0053] In some embodiments, the programming instructions can instruct the at least one processor 507 to generate a similarity score based on the generated feature vector and the registered feature vector, and authenticate the user on a condition that the similarity score is larger than a variability threshold associated with the similarity score.

[0054] In some embodiments, the programming instructions can instruct the at least one processor 507 to determine camera parameters and three-dimensional points associated with each of the plurality of images and construct the three-dimensional representation of the user’s face based on the camera parameters and three-dimensional points associated with each of the plurality of images.

[0055] In some embodiments, the programming instructions can instruct the at least one processor 507 to determine whether at least one of the plurality of images matches one of a predetermined set of views of the user’s face and generate a request for a specific view of the user’s face if none of the plurality of images matches the specific view within the predetermined set of views.

[0056] In some embodiments, the programming instructions can instruct the at least one processor 507 to receive a registration request comprising a plurality of registration images, each of the plurality of registration images capturing a different view of the user’s face and generate a three-dimensional registration representation of the user’s face based on the plurality of registration images. The programming instructions can also instruct the at least one processor 507 to generate the registered feature vector based on the three-dimensional registration representation of the user’s face and associate the registered feature vector with the user.

[0057] In some embodiments, the programming instructions can instruct the at least one processor 507 to determine whether at least one of the plurality of registration images matches one of a predetermined set of registration views of the user’s face and generate a request for a specific registration view of the user’s face if none of the plurality of images matches the specific view within the predetermined set of views.

[0058] It will be appreciated by a person skilled in the art that numerous variations and/or modifications may be made to the present disclosure as shown in the specific embodiments without departing from the spirit or scope of the disclosure as broadly described. The present embodiments are, therefore, to be considered in all respects to be illustrative and not restrictive.