Useful Links

Useful Links

Part of castle school education trust

"Castle School Education Trust is committed to high quality education across the primary, secondary and sixth form key stages. Our schools cover the South Gloucestershire area. We encourage independence within each school within a strong framework of values."

Visit Website

Downend

Biometric Technology

What is Biometric Technology?

Biometric technology is being used at many locations around the country including banks, supermarkets and in many schools and colleges.   Whilst the use of biometric recognition

has been steadily growing over the last decade or so, these past couple of years have seen an explosion in development and interest particularly in mobile devices where they are commonly used to verify the owner of the device before unlocking or making purchases.

What is Facial Recognition?

Facial recognition is an identification method to authenticate users at the point of use/sale. It is a category of biometric technology that maps an individual’s facial features (such as the length and width of the nose, the distance between the eyes and the shape of the cheekbones) mathematically and compares this data against a database of known users. 

What are the benefits of Facial Recognition?

The utilisation of biometric technology  provides enhanced security and safeguarding as these cannot be lost, shared, or guessed in the same way that cards or PINs can. This ensures that in the catering industry, the funds are being used by the intended user and that when purchasing items any allergen information is considered and could prevent the user purchasing items where the product is known to contain an allergen that the user is known to be allergic to. 

Additionally, facial recognition offers a completely contactless method of identification as users no longer need to hand over a card, enter a PIN, or place their finger on a fingerprint reader.

In a school canteen setting, there is an increased speed of transaction which will further reduce the time spent by users queuing to pay for their items, allowing them more time to enjoy their break times, and allowing the caterer to serve more users in a shorter time frame.

Data Capture, Security, Storage, and Retention

What personal data does the cashless system process?

Staff and student personal data is retrieved from the school’s Management Information System, including:-

  • name used to identify the user account and if staff or student
  • name used to identify free school meal allowances
  • name used to identify year/class details
  • name used to identify date of birth
  • name used to identify dietary preferences/allergen information to support prevention of users purchasing and consuming items which may cause them harm
  • photograph - to identify who the user account belongs to and to allow till operators to verify that the presented user is the owner of the user account
  • student email address - for post 16 students and staff there will be the facility to be able to pre-order their food via a mobile app. Users use their school email address as their unique username and to securely onboard/reset passwords when required.

Where is the data located?

The Trust has a service contract with CRB Cunninghams to host the system and its data for them. CRB Cunninghams utilise Microsoft Azure hosting and all data is held within Data Centres within the United Kingdom.

How is the data stored?

Facial recognition data is stored as a unique string of characters known as a faceprint template. This data is encrypted using AES 256 and will be hosted on a secure Azure server by CRB Cunninghams. To provide further enhanced protection, the SQL databases that we use are protected by Transparent Data Encryption, which uses AES 256 encryption to secure the data at rest as detailed at: https://docs.microsoft.com/en-gb/azure/sql-database/transparent-data-encryption-azure-sql

Will CRB Cunninghams have access to the data?

Only authorised members of CRBC staff can access the data for support purposes once a support case has been raised by the school. 

During transit is the data encrypted?

Yes. All data in transit between the Hosted Solution and end user device(s) is provided using a NetTCP interface, which encrypts data being transmitted using Transport Layer Security (TLS).  Additionally, the messages being transmitted are encrypted using 256-bit encryption.

Additionally, when the system and its data is to be hosted by CRB Cunninghams, access to third party APIs is typically secured by HTTPS using certificates provided by those services. Access to the Hosted Solution API is provided via a .Net library (provided as a DLL file) and is secured by a licence key file, username and password that is managed directly in the Hosted Solution itself.

How secure is the use of facial recognition? Will it allow someone to access an account using a photograph of another person?

Facial recognition could be spoofed using a photograph of a user with a registered faceprint template to open another person’s account. It is for this reason, that the use of this technology is only at the Point of Sale as this is attended and operated by an authorised member of staff.

Is the data shared with any sub-contractors or third parties?

No, the data is not transferred to or shared with any sub-contractors or third parties either in the UK or internationally.

Can the face templates be used for other purposes outside of the dining hall, such as for access control or registration?

No. Facial recognition is only available at the Point of Sale and is always operated by an authorised member of school or catering staff. CRB Cunninghams do not share the face template data and do not utilise facial recognition in any way other than for this intended purpose.

How long will any faceprint data be kept?

This is the schools/Colleges (as Data Controllers) decision in line with their Data Retention Policy. No data is automatically deleted or anonymised by CRB Cunninghams, however in our role as Data Processor, we will assist the Data Controller in removing redundant data, including faceprint data, when required. Face template data can be removed ad-hoc through the software when required, such as when a user withdraws consent, or they leave the school and are not likely to return. Upon the Data Controller leaving the contract, CRB Cunninghams will offer to securely transfer the data to the client and will then delete all data including backups. 

Is the facial recognition process live/automatic?

The Facial Recognition process is not live or automatic.  The use of the system requires manual operation by a member of catering staff at the Point of Sale. On the Point of Sale, the person operating the till will be presented with a live video feed being captured by an attached camera to the till, which will be in very close proximity to the till (under 1 metre). As a user presents themselves to the operator for identification, the operator presses on the user’s face within the camera feed. This captures a still image and crops out any background leaving only the user's face. This face image is then converted into a face template and compared against the database of pre-enrolled face templates. If a match is found, the users account is opened. If no match is found, then the captured image and template is destroyed.

What cameras are used?

Any USB camera can be used with Facial Recognition at the Point of Sale. Whereas any USB web camera will be able to perform facial recognition, CRB Cunninghams use “pro”, “streaming” style which are able to provide higher-quality images, auto-adjusting to changing light conditions, and auto-focusing to varying user distance, more quickly and consistently than cheaper models.

How accurate is the technology?

The accuracy of the algorithm varies depending on the number of face templates stored within the database. Our system can hold a maximum of 10,000 users. According to independent testing performed by the National Institute of Standards and Technology (www.nist.gov), assuming that there are the maximum of 10,000 users with face templates enrolled with good quality templates, the likelihood of a false positive is 0.001875%, or in other words we can expect that in every 100,000 identifications performed over the database of 10,000 there will be 2 users incorrectly identified. In a typical school usage, the number of face templates registered would be circa 1,000, therefore the likelihood of a false positive is reduced 10-fold. 

However, as the use of FRT is a manual operation, the operator will be able to notice that an incorrect account has been opened and retry the identification.

In addition to False Acceptance Rates, we also consider the False Rejection Rate. This is where a user who has been successfully enrolled is not identified by the system when the operator triggers an identification attempt. Using the same 10,000 users, for each identification attempt, there is a 0.34% chance that a previously enrolled user will be rejected and will be asked to try again.

Does Facial Recognition work with glasses, facial hair, face coverings or religious headwear?

Facial Recognition has been proven to work with users growing/removing facial hair before and after registering a template and has no issues with users wearing or removing glasses. Facial recognition is also able to work with religious items such as turbans, head scarves, and hijabs as the algorithm is only interested in facial features. Facial recognition is unable to work with full face coverings.

How does the system deal with identical siblings?

When it comes to identifying users where their face template data will be very similar, for example with identical siblings, if there are multiple potential matches, these will be presented to the operator who will then be able to manually select the user from these available options.

Do the templates need to be periodically updated to maintain accuracy?

All faces age and while this usually proceeds in a graceful and progressive manner, changes in facial appearance increase with the time elapsed between initial enrolment and future identification attempts. This is especially true when dealing with users of school age. As ageing is inevitable, it can only be mitigated by scheduled re-capture. Our software aims to handle this automatically, removing the requirement for manual re-enrolment. Each user can have up to 5 templates stored against their account (by default this is set to 3 and can be changed to as low as 1). When a user is successfully identified at the Point of Sale, if the most recent template registered for that user is older than a few weeks (default setting is 3 weeks), then the software will remove the oldest template and store the one just captured in its place. This process will ensure that a user’s face template evolves as they age.

Are there any racial and/or other biases present in the algorithm?

The facial recognition algorithm that is used by our system has been trained with increased datasets containing male and female images as well as images of all demographic regions and age groups. It has also been deployed all over the world – in Africa, many Asian countries, Latin America, but also Europe and Northern America, in a wide-range of use-cases where the number one condition is to be able to identify with a high reliability – i.e., extremely low False negative rates while keeping the False positive rates at the lowest possible values. The National Institute of Standards and Technology, who provide the dataset that the algorithm is trained upon, is also addressing this issue by increasing the test dataset – they currently test on 30 million images taken under different conditions and containing images varied by age, gender, and demography.

Are the templates stored used to further train the algorithm?

No. The templates processed by CRB Cunninghams use of the algorithm are not used to further train the algorithm.

Who are CRB Cunninghams?

CRB Cunningham aim to remain the premier supplier of software, hardware, and services to education establishments throughout the United Kingdom, specialising in cashless, online payment, and identity management solutions.  CRB Cunninghams

What appropriate guarantees in relation to security measures can CRB Cunninghams provide?

Please see the below references to our GDPR documents. In addition to our Cloud

Security Principles document for when we host the data on behalf of the client.

  • CRB Cunninghams GDPR statement
  • GDPR Addendum - User Recognition
  • Data Processor Addendum

If you require access to these documents, please contact CRB Cunninghams for further details.

What happens if I do not wish to grant permission in the use of facial recognition for my child at The Castle School?

If a parent/user does not wish to grant permission for the use of facial recognition, the student can be provided with an alternative method of identification such as using a pin number.

What if I initially opt-in for my child to use biometric recognition but later change my mind?

At any point you can contact the school via cas-enquiries.tcs@cset.co.uk and we will remove the permission from the system, automatically removing any biometric data associated with your child and providing your child with an alternative authentication method.