A superset of the slides I presented on voice biometrics at SxSW Interactive. The session (in conjunction with CSIdentity was to raise awareness VB as a physical and behavioral biometric.
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Sxsw ppt voice-1
1. My Voice is My
Passport: Verify Me
March 12, 2012
2. About the Speakers
Dan Miller (Founder, Senior Analyst)
Founded Opus Research (1985)
Analyst at IDC/Link, The Kelsey Group, Zelos Group
Industry experience: Atari, Time-Warner, PacTel (AT&T)
Expertise: local, DA, speech integration with Web, mobility
and enterprise software infrastructure
Coverage Areas: Conversational Commerce, Internet2Go,
Biometrics
Isaac Chapa (VP Information Systems/Operations,
CSID)
Joined CSID 2006, overseeing ID Theft Platforms/Solutions
Sr. Engineer, Grande Communications
Designed and integrated DCM/VOIP Switches, Billing
Platforms, SONET and FTTH, HFC networks
2
3. Why We’re Here
Talk about voice biometrics
Share some ideas on stronger authentication for
mobile transactions
Get feedback as prospective
users/developers/implementers
Describe some “real world” use cases, business cases
and demand drivers
3
4. Voice Biometrics & Speaker Verification
Voice Biometrics is a technology
Captures an utterance from a live caller
Compares it to previously stored “voiceprint”
Produces a score
Speaker Verification is an application
Employs a biometric engine plus business logic
Enrolls customers by obtaining voice prints
Compares live utterances to voice prints to produce a
“pass” or “fail” responses
4
5. Speaker Verification Components
Core Verification Engine
Receives voice sample (“utterance”); compares it to a voiceprint
(“template”)
Confirms who said it
Core Recognition Engine
Compares utterance to ASR grammar
Determines what was said
Business Logic
Decides if the caller passes or fails
Dictates required “next steps”
5
6. What is Voice Print?
Physical Characteristics Behavioral Characteristics
The unique physical traits of The harmonic and resonant
the individual’s vocal tract, frequencies, such as accents, the
such as shape and size. speed of your speech, and how
words are pronounced and
emphasized.
Voiceprint - Together these physiological and
behavioral factors combine to produce unique voice
patterns for every individual
6
7. Text Dependent vs. Text Independent
Applications that require a specific pass phrase are Text
Dependent
Require training
Customarily involve enrollment
Text Independent applications can use any utterance
Simplify enrollment
Support “conversational authentication”
7
9. Fraud Protection Requirements
Multifactor
Mandated in more use cases
Includes “something you are”
Multimodal
Because “the customer is always on”
Embraces social networks and multiple sign-ons
Mobile
Approaching 6 billion subscribers
Mobile devices are becoming virtual assistants
9
10. + 1 = Momentum
Passwords getting more difficult
Multiple digits and special characters
Frequently updated
Fragmented across sites (and IDs)
User authentication vital
To access multiple sites, domains and devices
For more activities, transactions and interactions
“Open” approaches only as strong as weakest link
10
11. Entering 3rd Generation
Password replacement
Leverage device id
Voiceprint on identity Random phrase liveness
“My voice is my claim 3rd Generation
password”
Leverage KV & ANI/CLI
“ 0 1 2 3 4 5 6 7 8 9” Enhanced ID&V
Random word liveness
Random digit liveness Secure Mobile Access
2nd Generation Voice Signatures
1st Generation Embedded
-Internet via OOB
Enhanced ID&V Verification
- Mobile multi-media
IVR PIN replacement Multi-factor Auth Convenience
Password Reset Automation
Emphasis on Security
2000 2005 2010 2015
Source: Nuance Communications
11
16. Mobile Commerce is Exploding
Mobile transactions
Will reach $670 billion by 2015
Up from $240 billion in 2011
Global in nature
East Asia and China
Western Europe
North America
represent 75% gross transaction value.
(Juniper Research)
16
17. But Inherently Insecure
At the device level
OSes have no security shell
Personal info (including PINs) stored as text
At the network level
Encryption is the exception
Prone to keystroke logging, Bluetooth sniffing and the like
What about authenticating users?
17
18. What Are We Protecting
Integrity
Confidentiality
Availability of Data
Loosely coupled from infrastructure
Secure applications and runtime environments
The critical focus of security shifts:
From owning everything to owning nothing
From “Where are you from?” to “Who are you?”
• Identity, credential, and access management
From “Internal vs. External” to “Distrust everyone equally”
Need strong authentication independent from current
form factors
18
19. What Are We Using
Usually a four digit number.
There's only 10,000 possible combinations
Four character, alpha only, password has more than
45,000 possibilities
Alphanumeric and there's more than a million and a half
Fast computers can crack these in less than a
second (and often don’t have to)
19
20. Today’s Requirements
“Layered”
To apply appropriate level of security for
risk profile
Multi-Factor
To augment PINs or PWD
Device-oriented
Complex device identification
considered more secure
(per 2011 “guidance” from FFIEC)
20
21. Lead To These Solutions
Treating mobile phones as “non-
traditional endpoints”
Popular solutions:
One Time Passwords – using SMS text
Knowledge-based Authentication –
using non-public info
“A Biometric” – fingerprint, face
recognition, iris scans…and voice!
21
23. You Should Think About These
User Authentication
Device Activation
Transaction Authorization
Mobile Signatures
Password Reset
ID Proofing
23
24. Superior Factor for Phones
Works on all phones
Includes both physical and behavioral attributes
Physical Characteristics Behavioral Characteristics
The unique physical traits of The harmonic and resonant
the individual’s vocal tract, frequencies, such as accents,
such as shape and size. the speed of your speech, and
how words are pronounced and
emphasized.
24
25. On Par With Biometric Alternatives
Error rates are “acceptable”
Registration is relatively easy
No special equipment needed for authentication
Solutions integrate with or augment existing security
infrastructure
25
26. Has Surprising Acceptance
In contact centers
8.5 million voice prints registered
ROI justified shaving minutes from authentication practices
+ fraud reduction
For remote and mobile workers
For Password Reset
Secure access to VPN
Strong authentication for conference calls
26
27. Applications & Use Cases
Personalized, trusted customer care
Proof of life
Mobile payment authorization
Device activation, “Wake Up”
Enterprise VPN access control
Password reset
Anonymous authentication
27
28. But Real Security Comes With
Layering multiple factors
Like gestures
Location
Motion detection
Out-of-band authentication
And leveraging existing infrastructure
For compliance
As a go-faster
To support Natural Language Interactions
28