DNA Gate

A SaaS platform for robust biometric authentication.

Comment

Inspiration

I strongly believe, 20 - 30 years from now, the current way to authenticate individuals will disappear or will exist as a backup solution in favour of more robust authentication systems. Also, due to the advances in quantum computing which would be able to break most, if not all the current encryption algorithms that exist today, we can say the future of our modern information security systems is uncertain. Let's not even speak about the fact that we rely on our (sometimes) failing memories to keep our identity keys (passwords).

Wouldn't it be great if you could carry your password with you all the time without the fear of someone stealing it from you? If you are wondering if such password exists, just look at your mirror. Yes, I am talking about your face. Biometric authentication systems present an enticing solution to this problem. However, they come with their own set of challenges, namely:

  • The level of expertise needed to implement such systems
  • The infrastructure needed to deploy such systems

It is needless to say that small startups and indie developers are left out of this information security grail. But...

Nevertheless, I am happy to announce that coupling Modzy's facial embedding and audio fingerprinting models with a SaaS-architectured platform can really do wonders. The name of this wonder? DNA Gate

What it does

DNA Gate gives the possibilities to developers like you who need such systems but do not necessarily want to take an AI course at MIT to do so. How? It empowers your apps with the ability to perform biometric authentication while keeping a layer of abstraction that will help you focus on your product rather than part of your product (authentication). And how does it technically achieve this? With a DNA Gate API key, you will be able to perform the following actions to a distant server:

  • POST | /api/biometrics/info/ | Save the biometric information of your users
  • POST | /api/biometrics/info/verify/{face or voice}/{info_id} | Verify the identity through this biometric information

and more...

How we built it

DNA Gate has been really fun to build. Since we wanted an easy plug-and-play solution that developers could directly integrate into their apps without effort, we implemented it the following way:

  1. Backend This part is responsible for handling all the requests to the server and checking the identity of a user through its JWT Auth token (for frontend dashboard requests) or API key (for API requests). The heart of this component is the part that gets Modzy's reuslts and performs distance calculation between the results for identity verification.

stack FastAPI, Mongo, ModzySDK, Numpy, OpenCV

  1. Frontend We believe you should be in total control of your API usage, therefore we built a sleek dashboard to enable you to:
    • Reset or get your API key
    • View your API usage
    • more functionalities are to come...

stack React, Redux, TailwindCSS

  1. Demo Since we do not want to leave you wondering about how to use your API key, we also provide a demo app that explores the realm of possibilities you have with this API key.

stack MongoDB, Express, React, TailwindCSS

Challenges we ran into

Mainly time constraints, the in-depth tutorials on Modzy's documentation page made it easy to get the models working in minutes but as a graduate student, it's not that easy to juggle between research and fun time.

Oh forgot this one, NEVER EVER EVER deploy your solutions at the last stage of the development, especially when you have deadlines. You may face compatibility issues. In our case, we used MongoDB 5.0 locally as it provided built-in support for time-series data (metrics logging). However, when deploying our solution online, we realized that the online database provider we used had no FREE version of MongoDB 5.0 and Mongo DB 4.x (free) had no support for time-series data. Our solution was to simply remove the lines of code that used time-series functionality.

Accomplishments that we're proud of

It works!!! even after you touched it. But more seriously, we are very proud of how agnostic our platform is. You are not coupled to a particular authentication scenario. As long as you have an API key, you can do biometric verifications anywhere and in any way you wish. It's really nice for online payments.

What we learned

I could say FastAPI, TailwindCSS and blah blah blah but the most valuable thing I have learned while carrying out this project is the Keep-It-Simply-Simple dev strategy:

  1. Think about a feature before implementing it (is this feature really necessary?)
  2. If you spend more than one hour without making noticeable progress. Stop and do something else.
  3. Deploy as soon as you can

What's next for DNA Gate

Right now, there exists few biometric authentication SaaS app and it is hard to know if the demand for such products is mature. However, DNA Gate has so much more to offer to developers.

Some of these PLANNED features are:

  • More biometric information type. (right now we only support vocal and facial information)
  • Enable the developers to create apps where each app has its own API key.
  • Provide a DNAGate SDK to make the integration with other apps easier.
  • Enhance the dashboard with more functionalities like:
    • Update the user details (email, password etc)
    • Setting the type of biometric information you wish to support.
    • Perform CRUD operations on the biometric information you have (for admin maintenance).
    • Add API documentation and a cookbook recipe page.

Bonus

I know there are some concerns about privacy when dealing with biometric authentication. Some of the questions you may ask yourselves are:

  • What if someone gets a photo of me without my consent and use it to access the app?
  • Do you store pictures or me to perform this?

This is why DNA Gate was made scenario-agnostic. Since it does not force the developer to perform verifications in a particular way. It is up to the developer to make sure that the requests for verification made from users was intentional.

Example:

  • For the face, add a mouth open/mouth close classification step that asks you to open and close your mouth in a particular order to check if the verification request is intentional.
  • For voice, maybe the app will ask you to say a specific word and check using a text-to-speech library if you said these words.

Also, it does not store pictures of you. We store your biometric information as embeddings. If you do not know what embeddings are, just see them as a series of numbers that represent biometric information, like this one -> [0.65, 0.45, 2.545, 0.45]. I think if someone can recover the original information from these embeddings, then, you have more to fear from that individual.

Built With

Share this project:

Updates