将用户添加到人脸服务的最佳做法Best practices for adding users to a Face service

为了使用认知服务人脸 API 进行人脸验证或识别,你需要将人脸注册到 LargePersonGroup 中。In order to use the Cognitive Services Face API for face verification or identification, you need to enroll faces into a LargePersonGroup. 本文将深入介绍从用户那里获得有意义的同意的最佳做法,以及创建将优化识别准确度的高质量注册的示例逻辑。This deep-dive demonstrates best practices for gathering meaningful consent from users as well as example logic to create high-quality enrollments that will optimize recognition accuracy.

用于面部识别的注册应用程序的一个关键目的是,让用户有机会同意将其人脸图像用于特定目的,例如进入工作场所。One of the key purposes of an enrollment application for facial recognition is to give users the opportunity to consent to the use of images of their face for specific purposes, such as access to a worksite. 由于面部识别技术可能会被视为收集敏感的个人数据,因此,以透明和尊重的方式征求同意尤其重要。Because facial recognition technologies may be perceived as collecting sensitive personal data, it's especially important to ask for consent in a way that is both transparent and respectful. 对于用户而言,同意使他们能够做出他们自认为最好的决策。Consent is meaningful to users when it empowers them to make the decision that they feel is best for them.

根据 Microsoft 用户研究、Microsoft 的负责任的 AI 原则以及外部研究,我们发现同意可以为注册该技术的用户提供以下益处:Based on Microsoft user research, Microsoft's Responsible AI principles, and external research, we have found that consent is meaningful when it offers the following to users enrolling in the technology:

  • 知情:当要求用户提供其人脸模板或注册照片时,用户应不会有任何疑问。Awareness: Users should have no doubt when they are being asked to provide their face template or enrollment photos.
  • 理解:用户应能够用自己的话来准确描述他们需要提供的内容、需求提出方、目的以及获得的保证。Understanding: Users should be able to accurately describe in their own words what they were being asked for, by whom, to what end, and with what assurances.
  • 自由选择:选择是否同意并注册面部识别时,用户不应感到自己被强迫或被支配。Freedom of choice: Users should not feel coerced or manipulated when choosing whether to consent and enroll in facial recognition.
  • 控制:用户应能够随时撤销其同意并删除其数据。Control: Users should be able to revoke their consent and delete their data at any time.

本部分提供有关开发用于面部识别的注册应用程序的指南。This section offers guidance for developing an enrollment application for facial recognition. 本指南的内容基于 Microsoft 用户研究,适用于对个人注册面部识别以进入大楼的情况。This guidance has been developed based on Microsoft user research in the context of enrolling individuals in facial recognition for building entry. 因此,这些建议可能不适用于所有面部识别解决方案。Therefore, these recommendations might not apply to all facial recognition solutions. 对人脸 API 的可靠使用在很大程度上取决于整合它的特定环境,因此,应根据你的场景调整这些建议的优先顺序和应用。Responsible use for Face API depends strongly on the specific context in which it's integrated, so the prioritization and application of these recommendations should be adapted to your scenario.


你负责使注册应用程序符合你所在辖区的适用法律要求,并准确地反映所有数据收集和处理实践。It is your responsibility to align your enrollment application with applicable legal requirements in your jurisdiction and accurately reflect all of your data collection and processing practices.

应用程序开发Application development

在设计注册流程之前,请思考你要构建的应用程序如何遵守你向用户做出的保护其数据的承诺。Before you design an enrollment flow, think about how the application you're building can uphold the promises you make to users about how their data is protected. 以下建议有助于构建注册体验,其中包括保护个人数据、管理用户隐私以及确保所有用户均可访问应用程序的可靠方法。The following recommendations can help you build an enrollment experience that includes responsible approaches to securing personal data, managing users' privacy, and ensuring that the application is accessible to all users.

类别Category 建议Recommendations
硬件Hardware 考虑注册设备的相机质量。Consider the camera quality of the enrollment device.
建议的注册功能Recommended enrollment features 包含具有多重身份验证的登录步骤。Include a log-on step with multi-factor authentication.

将用户信息(如别名或标识号)与人脸 API 中的人脸模板 ID(称为个人 ID)链接起来。Link user information like an alias or identification number with their face template ID from the Face API (known as person ID). 检索和管理用户的注册时需要此映射。This mapping is necessary to retrieve and manage a user's enrollment. 注意:在应用程序中,应将个人 ID 视为机密。Note: person ID should be treated as a secret in the application.

设置一个自动化过程来删除所有注册数据,包括不再是面部识别技术的用户(如前员工)的人脸模板和注册照片。Set up an automated process to delete all enrollment data, including the face templates and enrollment photos of people who are no longer users of facial recognition technology, such as former employees.

避免自动注册,因为它不会为用户提供在获取同意时建议提供的知情、理解、自由选择或控制权利。Avoid auto-enrollment, as it does not give the user the awareness, understanding, freedom of choice, or control that is recommended for obtaining consent.

向用户请求保存用于注册的图像的权限。Ask users for permission to save the images used for enrollment. 此权限在模型更新时非常有用,因为在新模型中,新的注册照片大约每 10 个月需要重新注册一次。This is useful when there is a model update since new enrollment photos will be required to re-enroll in the new model about every 10 months. 如果未保存原始图像,用户将需要从头开始完成注册过程。If the original images aren't saved, users will need to go through the enrollment process from the beginning.

允许用户选择不将照片存储在系统中。Allow users to opt out of storing photos in the system. 为了使该选项更加明确,可以添加第二个保存注册照片的同意请求屏幕。To make the choice clearer, you can add a second consent request screen for saving the enrollment photos.

保存照片后,会创建一个自动化过程,以便在模型更新时重新注册所有用户。If photos are saved, create an automated process to re-enroll all users when there is a model update. 已保存其注册照片的人员无需再次注册。Those who saved their enrollment photos will not have to enroll themselves again.

创建一个应用功能,当用户在注册过程中遇到问题时,指定管理员可以覆盖某些质量筛选器。Create an app feature that allows designated administrators to override certain quality filters if a user has trouble enrolling.
安全性Security 认知服务遵循最佳做法来加密静态和传输中的用户数据。Cognitive Services follow best practices for encrypting user data at rest and in transit. 下面是一些其他做法,可帮助你在注册过程中遵守你对用户做出的安全承诺。The following are additional practices that can help uphold the security promises you make to users during the enrollment experience.

执行安全措施以确保在注册过程中任何人都无法访问个人 ID。Take security measures to ensure that no one has access to the person ID at any point during enrollment. 注意:在注册系统中,应将个人 ID 视为机密。Note: PersonID should be treated as a secret in the enrollment system.

通过认知服务使用基于角色的访问控制Use role-based access control with Cognitive Services.

对密钥和机密使用基于令牌的身份验证和/或共享访问签名 (SAS) 来访问数据库等资源。Use token-based authentication and/or shared access signatures (SAS) over keys and secrets to access resources like databases. 通过使用请求或 SAS 令牌,你可以在不影响帐户密钥的情况下授予对数据的有限访问权限,还可以指定令牌的到期时间。By using request or SAS tokens, you can grant limited access to data without compromising your account keys, and you can specify an expiry time on the token.

切勿在应用中存储任何机密、密钥或密码。Never store any secrets, keys, or passwords in your app.
用户隐私User privacy 提供一系列注册选择来解决不同级别的隐私问题。Provide a range of enrollment options to address different levels of privacy concerns. 请勿强制用户使用其个人设备注册面部识别系统。Do not mandate that people use their personal devices to enroll into a facial recognition system.

允许用户在任何时间以任何理由重新注册、撤销同意以及从注册应用程序中删除数据。Allow users to re-enroll, revoke consent, and delete data from the enrollment application at any time and for any reason.
可访问性Accessibility 遵循辅助功能标准(例如 ADAW3C),以确保应用程序可供行动不便或有视觉障碍的用户使用。Follow accessibility standards (for example, ADA or W3C) to ensure the application is usable by people with mobility or visual impairments.

后续步骤Next steps

按照构建注册应用指南,开始使用示例注册应用。Follow the Build an enrollment app guide to get started with a sample enrollment app. 然后对该应用进行自定义或编写你自己的应用,以满足你的产品需求。Then customize it or write your own app to suit the needs of your product.