Voice Biometrics & Person Authentication March 4th, 2004 By: Arthur R. Phidd Adam Kuta Robert...

Voice BiometricsVoice Biometrics

&&

Person AuthenticationPerson Authentication

March 4th, 2004

By:

Arthur R. Phidd

Adam Kuta

Robert Pottinger Cynthia Stroh

Roli WendorfAndre Darden

The Future Of Online Authentication

Presented to:

Pace University

DPS 2005 Class

Value pair identification✔ User id with password✔ Email address with password

(Even with encryption technology this is Recognition, not Authentication)

Answers to predetermined questions✔Mother's maiden name and favorite pet's name

(Security of this knowledge cannot be guaranteed)

RSA Key technology✔System generated credential thats compared to stored credentials. (Recognition not Authentication)

Speech to text conversion and comparisons✔Speech converted to an XML pattern and then compared to data in a database. (Recognition not Authentication)

The Future Of Online AuthenticationThe Future Of Online Authentication

Conventional Identification Techniques:Conventional Identification Techniques:

What Is Biometrics?Mandy Andress Infoworld May 25, 2001

JAMES BOND, Star Trek, and countless other stories of intrigue and science fiction have long heralded the use of biometrics.

Now we're finally getting a glimpse of how easy advanced security can be when an individual's unique physical characteristics are electronically stored and scanned.

Recent advances have made biometrics more reliable, accurate, scalable, and cost-effective for the enterprise. Nevertheless, the technologies remain too expensive for most organizations to deploy widely, so biometrics are ideal only for environments with the highest of security needs.


The Biometrics Solution:The Biometrics Solution:

Is there a need for it in business?

If you've ever left your network password on a yello “Sticky” stuck to your desk or computer, you understand the need for biometrics.



•Conventional schemes for uniquely identifying a user or shopper carries a very real and highly probable risk of that user’s identity being compromised.

•Also users constantly forget their passwords as they typically have multiple passwords across multiple systems.

•If remembering multiple passwords were not enough, then add to that the fact that the systems administrators require that these passwords expire on some schedule like “every 30 days”.

•Of course just when you have committed the passwords to memory, the system requires that you change your password. Basically, it does not work

Is there a need for it in business?

Conventional online CRM personalization techniques are not very effective because the techniques do not truly authenticate customers before making recommendations.

If you have ever gotten product recommendations while shopping you understand the problem. Most CRM targeting systems use “Collaborative Filtering”, Click Stream and Path Analysis to determing the level of personalization for a customer at its location.

The reason “Personalized” service works in the Bricks and Mortar world is because the sales person visually authenticates you upon entry to the store.

Conventional online personalization techniques assume that the person at the machine must be you. Obviously this is not good enough.




A Historical Context For Biometrics SecurityA Historical Context For Biometrics Security

Andre/RobertAndre/Robert

Historical ContextLinking physical characteristics to identity is nothing new;

•Crime scene investigators have been dusting for fingerprints for more than a century.

•Bartenders have depended on photo IDs to determine who's old enough to order a beer.

•Archeologists piece together the remains from a dig to identify individuals who lived and died centuries ago.

Biometrics takes these ideas and adds sophisticated technology to enhance the identification process.

“The use of an automated system to verify the identity of someone by looking at physiological or behavioral characteristics”.




The History Of Biometrics Solutions:The History Of Biometrics Solutions:

Chinese merchants in the 14th century produced hand and foot prints on paper with ink to distinguish young children from one another.

In the 1890s, an anthropologist and police desk clerk in Paris, Alphonse Bertillion, turned biometrics into a distinct field of study. Developed a method of identifying convicted criminals by body measurements (Bertillonage).

Bertillonage failed when it was discovered that different people could share the same measurements. Richard Henry of Scotland Yard developed the fingerprinting method reverting to the same methods originally used by the Chinese.

Over the past three decades biometrics has evolved from a single method, fingerprinting, to many discrete methods.

Physical: Bertillonage; Fingerprint; Facial Recognition; Hand Geometry; Iris Scan; Retinal Scan; Vascular Patterns; DNA

Behavioral: Speaker Recognition; Signature; Keystroke


Voice Biometrics Authentication:Voice Biometrics Authentication:

How Does It Work?How Does It Work?

RoliRoli

Voice Biometrics Authentication: How It WorksVoice Biometrics Authentication: How It Works

OverviewOverview

Voice Biometrics has its roots in two areas:Speech processingBiometric security

It is not important to understand what is said, rather who said it.Need to determine the link to the speaker.

Like a signature in a bank, or a finger print, a voice print has to be made and saved ahead of time. At the time of authentication, speech is compared to this voice print.

Main problems are: Accepting a wrong user (False Acceptance Rate)Invalidating a correct user (False Reject Rate)


Enrollment: Making a Voice PrintEnrollment: Making a Voice Print

Each person’s voice is unique. Voices differ due to physiological characteristics such as the vocal chords, trachea, nasal passages, and how the tongue moves inside one’s mouth to produce certain sounds.

Some pass-phrases spoken by the person are analyzed. Each spoken word is broken into segments: sub-word syllables, phonemes, or triphones.

Each segment has three or four dominant tones (called formants) that are constant over the segment and can be captured in digital form. This table of tones yields the speaker's unique voice print.

The voice print is stored as a table of numbers, where the presence of each dominant frequency in each segment is expressed as a binary entry. It is not a recording of a person’s voice.


Authenticating the SpeakerAuthenticating the Speaker

During authentication, the user’s pass-phrase is compared to the previously stored voice model, and all other voice prints stored in the database. First, some code words are extracted from the pass-phrase.

Each speech sound in the code words is queried in an anti-speaker database. Common features in the speech sample and the anti-speaker database are eliminated.

The system is now left with only the unique features of the user's voice. These unique features are compared with the enrolled pass-phrase voice print for authentication.

A threshold score of acceptability is maintained by each organization. If the match score is higher than the preset level, the user is accepted.


Verification TechniquesVerification Techniques

Speaker verification versus identification:Verification: Speaker identity has already been revealed through other information, and is verified with voice biometrics.Identification: Determining speaker identity from the voice sample.

Verification is used more commonly. Identification is much more difficult.

Text dependent versus text independent techniques:Text dependent: User repeats some information such as name, address, account number, mother’s maiden name.Text prompted: System asks user to repeat some number sequences. Used for high security applications.Text independent: Any speech is acceptable. Unobtrusive but more difficult.

All are verification methods. They receive identity of the speaker.


Smart Cards and Voice Biometrics AuthenticationSmart Cards and Voice Biometrics Authentication

Two approaches: Telephony and database oriented: expensive and less secure.Smart card based: cheaper and considered more secure. Usage is increasing faster.

Smart cards have enough processor and memory capacity to implement biometric verification.

A self contained biometric smart card offers substantial security advantages because the voice print does not leave the smart card.

Smart cards can be used to implement all three aspects of a secure system: what you are, what you have, and what you know.


Summary and IssuesSummary and Issues

Verification is done by analyzing dominant frequency locations in voice tables. Approach is similar to looking for minutiae in a finger print.

Voice biometrics authentication is convenient. Can work over the telephone. Only requires a microphone to get a sample.

Voice is affected by many things: mood, being out of breath, or being ill.

Voice samples are affected by background and channel noise.

More likely to be used for low security applications.

At present smart card approaches are cheaper and likely to become more popular than database oriented approaches.


Considerations In Evaluating Voice Biometrics Considerations In Evaluating Voice Biometrics SecuritySecurity

CynthiaCynthia

A New Set of Rules to meet existing security requirements.

Will the system reduce or eliminate fraud? Will the system replace or eliminate existing systems? If the system replace existing systems, will the required level of

performance be outside the scope of existing technologies? Could a voice biometrics system potentially affect personal

privacy and/or freedom? What accommodations, if any, will be made for accessibility

options?


Considerations in the Selection of a Considerations in the Selection of a

Voice Biometrics System:Voice Biometrics System:

In an ideal system:

All members of the population possess the characteristic that the that the biometric identifies, like voice and speech pattern.

Each biometric signature differs from all others inthe controlled population;

The biometric signatures don’t vary under the conditionsin which they are collected.

The system resists countermeasures.


Considerations - continued:Considerations - continued:

In considering performance statistics, there are two kinds of biometric systems: identification and verification

In identification systems, a biometric signature of an unknown person is presented to a system.

Verification applications include those that authenticate identity during point-of-sale transactions or that control access to computers or secure buildings.



Performance measures for identification systems System’s ability to identify a biometric signature’s owner. Performance measure equals the percentage of queries in which

the correct answer can be found in the top few matches

Performance measures for verification systems Traditionally characterized by two error statistics: false-reject rate

and false-alarm rate. Error rates come in pairs; for each false-reject rate there is a

corresponding false alarm. A false reject occurs when a system rejects a valid identity; a

false alarm.



Evaluation protocol

Determines how you test a system, select the data, and measure the performance.

Successful evaluations are administered by independent groups and tested on biometric signatures not previously seen by a system.

If you don’t test with previously unseen biometric signatures, you’re only testing the ability to tune a system to a particular data set.



Scenario evaluations Measure overall system performance for a prototype scenario

that models an application domain. Test complete biometric systems under conditions that model

real-world applications. One scenario evaluation objective is to test combinations of

sensors and algorithms. Creating a well-designed test, which evaluates systems under the

same conditions, requires that you collect biometric data as closely as possible in time.

To compensate for small differences in biometric signature readings taken over a given period, you can use multiple queries per person.



Speaker recognition suffers from several limitations.

Different people can have similar voices, and anybody’s voice can vary over time because of changes in health, emotional state, and age.



NIST (National Institute of Standards and Technology - speaker recognition)

Speaker-recognition evaluations measured verification performance for conversational speech over telephone lines.

Data used consisted of speech segments for several hundred speakers.

Recognition systems were tested by attempting to verify speaker identities from the speech segments.

A false alarm percentage rate of up to 10% was computed depending on speaker device and connection.



Government Influence Government services to citizens requires two types of human

identification: positive identification to prevent multiple persons from using a single identity, and negative identification to prevent a single person from using multiple identities.

The Immigration and Naturalization Service (INS) uses voice recognition and hand geometry to speed up border crossings.

Automated Permit Port (APP), is used after hours at small ports of entry along the Canadian border.

This positive identification system uses voice verification to confirm the claimed identities of those crossing the border.

The voice verification database does not communicate with other government systems.



Potential impact that government use of these technologies might have on personal freedoms

Biometric information is available to law enforcement agencies through the subpoena process.

Fear that government could use some unforeseen technological advances to compile biometric records for the real-time tracking of individuals.

Congress has passed a number of laws requiring, suggesting, or allowing the use of biometric measures to identify some citizens in specific circumstances including drivers’ licensing, immigration, social services, and airport security.



Voice biometrics security for persons with disabilities. Speak - n – See provides a voice actuated security camera system

for a person restricted to bed. National Science Foundation sponsored effort to have student

engineers at universities throughout the US design and construct devices for persons with disabilities.

Enables a physically disabled individual to effortlessly view indoor and outdoor areas of her apartment from any location within the apartment.

The voice-controlled device consists of three video cameras and a wireless Display/Control Unit.

The Speak - n – See device is a complete, portable, wireless video-surveillance system.




Market Acceptance Of Voice BiometricsMarket Acceptance Of Voice Biometrics

Arthur/Adam Arthur/Adam


While the idea behind biometrics and voice biometrics in particular, is a noble a plausible one, the truth is that it follows the normal acceptance curve of the typical emerging technology. In other words, people are’nt throwing out their yellow post-it with their passwords written on them.

TRACKING OFFENDERS:According to Dr. Judith Markowitz, the corrections industry remains the largest established market for speaker authentication next to law enforcement and intelligence.

These tools verify that offenders are abiding by court-ordered sentencing regarding restrictions on their movements outside of their homes. The systems are designed to call the offender or receive calls from the offender at scheduled times. For example:

An adult offender may be required to be at a given work location from 8 a.m. until 5 p.m., attend AA meetings from 6-8 p.m. on Tuesdays and Thursdays, and then return home

Market Acceptance Of Voice Biometrics Market Acceptance Of Voice Biometrics


PASSWORD RESET:

Password reset is a fast-developing commercial market for speaker authentication. Because it is an employee-facing application, it allows the deploying organization to test and evaluate the technology internally and assess its benefits before making it available to the market place for customer-facing deployments.

This application is simple and as such has a low risk impact profile. The implementation on the organization’s computing infrastructure can be phased and controlled and deployment time can be relatively short.

This approach is not only useful for evaluation of speaker authentication but they are also valuable for building a business case for using the technology in other domains.



CALL CENTER SPEAKER AUTHENTICATION:

There has been a increase in the number of implementations of Speaker authentication in call centers.

As with speech recognition, call-center deployments have the potential for being a huge market. Call centers are under increasing pressure to automate as a way of reducing cost, and providing services 24/7.

Usually speaker authentication is partnered with speech recognition for customer-facing and partner-facing applications. Most often, speaker authentication is added to existing speech-recognition applications but it is an increasingly popular feature of new deployments as well. By integrating the ACD and CTI components of the call center telephony infrastructure with Speech-To-Text translation, a call could immediately be made to a CRM data-store to retrieve pertinent context specific information for that customer.

This will create an air of person specific personalization.



ANY DEVICE VOICE BIOMETRICS;

Many first-stage Voice Web applications of today look beyond standard telephones. In warehouses and factories, speech I/O is done through wearable devices and radio-frequency transmission.

The voice application network technology has already extended the reach of those systems to support just-in-time and e-commerce ordering systems.

In-vehicle systems, such as the OnStar Virtual Advisor, utilize embedded far-field microphones to provide many of the same services available from voice portals and voice application networks.

Distributed speech technology is enabling next-generation PDAs, such as iPaq, to access a range of services from the Voice Web, including dictation and unified messaging.

Small footprint voice biometrics are being embedded into toys and cell phones. They are also being put onto smart cards for point-of-sale speaker authentication.



VOICE WEB & ANY DATA:

The Voice Web provides a basis for achieving the anywhere, anytime, any device goal. It is, however, an abstraction that can be described as a series of stages culminating in the anytime, anywhere, any device condition.

The Voice Web applications that are moving into the mainstream today are still at the earliest stage of evolution. They are highly constrained in the content (Internet and other content) that can be accessed, since interaction is menu oriented, designed primarily for standard telephones and operate in a single language (or a restricted set of languages).

Even these incarnations of the Voice Web support consolidation of content and systems that is a step towards realizing the anytime, anywhere, any device goal. Consumers can use voice portals to get the weather, find the nearest Starbucks or hear what is playing at local movie theaters.

Corporate customer relationship management (CRM) systems, such as the one deployed by JiffyLube, is starting to offer customers appointment scheduling and service alerts.

Software vendors are extending search so soon Google will respond to a voice keyword or phrase search request. For example: “Get me the contents of President Bush's last state of the union”



“There has also been a change in the way speaker authentication is marketed.

The selling points have moved away from fraud reduction and pure security. Now, both vendors and their customers are talking about ease-of-use and ROI.

This is an indication that the market is starting to believe that the technology works which means the focus can be shifted to standard business-case issues. This change is also an indication that the market is beginning to mature.”, says Dr. Markowitz..


“An introduction evaluating biometric systems”, Phillips, P.J., Martin, A., Wilson, C.L., Przybocki, M., Nat. Inst. Of Stand. and Technol., USA, “Computer”, Feb. 2000, Vol. 33, Issue 2, pp. 56 – 63.

“Federal biometric technology legislation”, Wayman, J.L., US Nat. Biometric Test Center, USA, “Computer”, Feb. 2000, Vol. 33, Issue 2, pp. 76 – 80.

“Speak – n – See [voice actuated security camera for disabled persons]”,Michaud, T.D., Pruehsner, W.R., Enderle, J.D., Department of Electrical and Systems Engineering, Connecticut University, “Bioengineering Conference”, 2000 Proceedings of the IEEE Annual Northeast, April 2000, pp. 157-158.

“What is Biometrics” , Meg Mitchell Moore, DarwinMag, September 2001.

“Voice Biometrics – Are you who you say you are?”, Dr. Judith Markowitz, Speech Technology Magazine, November/December 2003.


References:References:

Voice Biometrics, Judith A. Markowitz, Communications of the ACM, September 2000.

How does Voice Biometrics work?, OTG website, http://www.otg.ca/biometrics/how.html

Smart Cards and Biometrics in Privacy-Sensitive Secure Personal Identification Systems , Smart Card Alliance, White paper, 2002.

http://www.otg.ca/biometrics/how.html

“An introduction evaluating biometric systems”, Phillips, P.J., Martin, A., Wilson, C.L., Przybocki, M., Nat. Inst. Of Stand. and Technol., USA, “Computer”, Feb. 2000, Vol. 33, Issue 2, pp. 56 – 63.

“Federal biometric technology legislation”, Wayman, J.L., US Nat. Biometric Test Center, USA, “Computer”, Feb. 2000, Vol. 33, Issue 2, pp. 76 – 80.

“Speak – n – See [voice activated security camera for disabled persons]”, Michaud, T.D., Pruehsner, W.R., Enderle, J.D., Department of Electrical and Systems Engineering, Connecticut University, “Bioengineering Conference”, 2000 Proceedings of the IEEE Annual Northeast, April 2000, pp. 157-158.

References Continued:References Continued:


Voice Biometrics & Person Authentication March 4th, 2004 By: Arthur R. Phidd Adam Kuta Robert...

Documents

Transcript of Voice Biometrics & Person Authentication March 4th, 2004 By: Arthur R. Phidd Adam Kuta Robert...