A superset of the slides I presented on voice biometrics at SxSW Interactive. The session (in conjunction with CSIdentity was to raise awareness VB as a physical and behavioral biometric.

1. My Voice is My
Passport: Verify Me
March 12, 2012

2. About the Speakers
 Dan Miller (Founder, Senior Analyst)
 Founded Opus Research (1985)
 Analyst at IDC/Link, The Kelsey Group, Zelos Group
 Industry experience: Atari, Time-Warner, PacTel (AT&T)
 Expertise: local, DA, speech integration with Web, mobility
and enterprise software infrastructure
 Coverage Areas: Conversational Commerce, Internet2Go,
Biometrics
 Isaac Chapa (VP Information Systems/Operations,
CSID)
 Joined CSID 2006, overseeing ID Theft Platforms/Solutions
 Sr. Engineer, Grande Communications
 Designed and integrated DCM/VOIP Switches, Billing
Platforms, SONET and FTTH, HFC networks
2

3. Why We’re Here
 Talk about voice biometrics
 Share some ideas on stronger authentication for
mobile transactions
 Get feedback as prospective
users/developers/implementers
 Describe some “real world” use cases, business cases
and demand drivers
3

4. Voice Biometrics & Speaker Verification
 Voice Biometrics is a technology
 Captures an utterance from a live caller
 Compares it to previously stored “voiceprint”
 Produces a score
 Speaker Verification is an application
 Employs a biometric engine plus business logic
 Enrolls customers by obtaining voice prints
 Compares live utterances to voice prints to produce a
“pass” or “fail” responses
4

5. Speaker Verification Components
 Core Verification Engine
 Receives voice sample (“utterance”); compares it to a voiceprint
(“template”)
 Confirms who said it
 Core Recognition Engine
 Compares utterance to ASR grammar
 Determines what was said
 Business Logic
 Decides if the caller passes or fails
 Dictates required “next steps”
5

6. What is Voice Print?
Physical Characteristics Behavioral Characteristics
The unique physical traits of The harmonic and resonant
the individual’s vocal tract, frequencies, such as accents, the
such as shape and size. speed of your speech, and how
words are pronounced and
emphasized.
Voiceprint - Together these physiological and
behavioral factors combine to produce unique voice
patterns for every individual
6

7. Text Dependent vs. Text Independent
 Applications that require a specific pass phrase are Text
Dependent
 Require training
 Customarily involve enrollment
 Text Independent applications can use any utterance
 Simplify enrollment
 Support “conversational authentication”
7

8. Why Now?
8

9. Fraud Protection Requirements
 Multifactor
 Mandated in more use cases
 Includes “something you are”
 Multimodal
 Because “the customer is always on”
 Embraces social networks and multiple sign-ons
 Mobile
 Approaching 6 billion subscribers
 Mobile devices are becoming virtual assistants
9

10. + 1 = Momentum
 Passwords getting more difficult
 Multiple digits and special characters
 Frequently updated
 Fragmented across sites (and IDs)
 User authentication vital
 To access multiple sites, domains and devices
 For more activities, transactions and interactions
 “Open” approaches only as strong as weakest link
10

11. Entering 3rd Generation
Password replacement
Leverage device id
Voiceprint on identity Random phrase liveness
“My voice is my claim 3rd Generation
password”
Leverage KV & ANI/CLI
“ 0 1 2 3 4 5 6 7 8 9” Enhanced ID&V
Random word liveness
Random digit liveness Secure Mobile Access
2nd Generation Voice Signatures
1st Generation Embedded
-Internet via OOB
Enhanced ID&V Verification
- Mobile multi-media
IVR PIN replacement Multi-factor Auth Convenience
Password Reset Automation
Emphasis on Security
2000 2005 2010 2015
Source: Nuance Communications
11

12. Estimated Revenues
12

13. Results: Registered Voiceprints
In Millions
13

14. This is My Wallet
14

15. This is My Wallet on Phone
15

16. Mobile Commerce is Exploding
 Mobile transactions
 Will reach $670 billion by 2015
 Up from $240 billion in 2011
 Global in nature
 East Asia and China
 Western Europe
 North America
represent 75% gross transaction value.
(Juniper Research)
16

17. But Inherently Insecure
 At the device level
 OSes have no security shell
 Personal info (including PINs) stored as text
 At the network level
 Encryption is the exception
 Prone to keystroke logging, Bluetooth sniffing and the like
What about authenticating users?
17

18. What Are We Protecting
 Integrity
 Confidentiality
 Availability of Data
 Loosely coupled from infrastructure
 Secure applications and runtime environments
 The critical focus of security shifts:
 From owning everything to owning nothing
 From “Where are you from?” to “Who are you?”
• Identity, credential, and access management
 From “Internal vs. External” to “Distrust everyone equally”
 Need strong authentication independent from current
form factors
18

19. What Are We Using
 Usually a four digit number.
 There's only 10,000 possible combinations
 Four character, alpha only, password has more than
45,000 possibilities
 Alphanumeric and there's more than a million and a half
 Fast computers can crack these in less than a
second (and often don’t have to)
19

20. Today’s Requirements
 “Layered”
 To apply appropriate level of security for
risk profile
 Multi-Factor
 To augment PINs or PWD
 Device-oriented
 Complex device identification
considered more secure
(per 2011 “guidance” from FFIEC)
20

21. Lead To These Solutions
 Treating mobile phones as “non-
traditional endpoints”
 Popular solutions:
 One Time Passwords – using SMS text
 Knowledge-based Authentication –
using non-public info
 “A Biometric” – fingerprint, face
recognition, iris scans…and voice!
21

22. Before You’d Try These
22

23. You Should Think About These
 User Authentication
 Device Activation
 Transaction Authorization
 Mobile Signatures
 Password Reset
 ID Proofing
23

24. Superior Factor for Phones
 Works on all phones
 Includes both physical and behavioral attributes
Physical Characteristics Behavioral Characteristics
The unique physical traits of The harmonic and resonant
the individual’s vocal tract, frequencies, such as accents,
such as shape and size. the speed of your speech, and
how words are pronounced and
emphasized.
24

25. On Par With Biometric Alternatives
 Error rates are “acceptable”
 Registration is relatively easy
 No special equipment needed for authentication
 Solutions integrate with or augment existing security
infrastructure
25

26. Has Surprising Acceptance
 In contact centers
 8.5 million voice prints registered
 ROI justified shaving minutes from authentication practices
+ fraud reduction
 For remote and mobile workers
 For Password Reset
 Secure access to VPN
 Strong authentication for conference calls
26

27. Applications & Use Cases
 Personalized, trusted customer care
 Proof of life
 Mobile payment authorization
 Device activation, “Wake Up”
 Enterprise VPN access control
 Password reset
 Anonymous authentication
27

28. But Real Security Comes With
 Layering multiple factors
 Like gestures
 Location
 Motion detection
 Out-of-band authentication
 And leveraging existing infrastructure
 For compliance
 As a go-faster
 To support Natural Language Interactions
28

29. Thank you.
Dan Miller
Dmiller@opusresearch.net
@dnm54 on Twitter
Isaac Chapa
ichapa@csid.com
29