Faisal gave an excellent talk at the 5th London Alexa Devs meetup on implementing Multi-Factor Authentication in Alexa Skills using the Nexmo API.
https://www.meetup.com/London-Alexa-Devs/
2. Get creative in
verifying a user
Higher level of security
needed for voice?
Is the Alexa Voice Pin
enough?
How about looking at the
next level of authentication.
The ability to authorise a
user based on previous
locations or through Audio or
other means
Some skills may require a
higher level of security to
ensure the user is who is
they say are.
E.g. Banking Skills, Product
purchasing Skills, Health and
Medical Skills + other
Sensitive data Skills
The Alexa voice pin is handy,
especially for false positives
when ordering (Alexa TV
Adverts!)
However it is still a static
code, and once its heard by
others, is it still secure?
PREPARING FOR THE FUTURE OF VOICE
APPLICATIONS
3. HOW/WHY WE USED MULTI-FACTOR
AUTHENTICATION
The skill we were creating allows
users to purchase products.
Future implementations would
also allow you to hear a
customers purchase history.
We felt this was enough to
enable additional security for the
user and looked at some
providers who could help.
A push notification system service that lets you
send messages. Powerful and cost-effective
AWS SNS (SIMPLE NOTIFICATION SERVICE)
Voice, Video, Messaging and Authentication APIs
for a variety of applications
TWILIO
Set of cloud based communication APIs, including
SMS, Voice, Chat and Verification
NEXMO
4. USING NEXMO FOR MULTI-FACTOR
AUTHENTICATION
First we need to sign
up to get our API Key,
Secret Key and Brand
Name in order to be
able to use the Verify
API calls
To implement Nexmo
using Node JS there is
a very handy Nexmo
node package which
simplifies making calls
to the Verify API
We need to implement
the API calls and setup
the credentials for calls
correctly
Build the solution to
call the verify API at
the correct time. Once
to send the code to the
user, second to check
the user has provided
the code correctly
Test the skill on a real
Alexa device or the
online simulator
SIGN UP TO
NEXMO
INSTALL NODE
PACKAGE
IMPLEMENT
CREDENTIALS &
API CALLS
IMPLEMENT
CALLS INTO YOUR
INTENTS
TEST YOUR
SOLUTION
1 2 3 4 5
5. OTHER CREATIVE AUTHENTICATION
METHODS CURRENTLY EXPERIMENTING
LOCATION BASED
AUTHENTICATION
AUDIO AUTHENTICATION FACIAL & VOICE RECOGNITION
AUTHENTICATION
Location based authentication is
something we’ve looked into for some
clients.
The user is asked where they were on a
specific date and time range. Follow up
questions may be asked to ensure
validity.
One example is to let the user hear an
audio snippet of a song/audio book they
have been listening to over the past few
days.
The user is then required to say the
artist/author/title plus any other uniquely
identifiable information
Some companies may wish to use an
Alexa device within their store/branch.
Somewhat futuristic for Alexa, the idea is
to have a camera identify the user and let
Alexa know if the person is indeed who
they claim to be.
https://goo.gl/dXlbSC
https://goo.gl/OgSZWY
6. 6
CONTACT
FAISAL VALLI
WORK E-MAIL: FAISAL.A.VALLI@ACCENTURE.COM
PERSONAL E-MAIL: FAISALVALLI9@GMAIL.COM
LINKEDIN: HTTPS://WWW.LINKEDIN.COM/IN/FAISAL-VALLI-63B21537
TWITTER: @FAISALVALLI9