voice biometric overview for sftelephony meetup march 10, 2011 dan miller opus research
Post on 17-Dec-2015
214 Views
Preview:
TRANSCRIPT
Voice Biometric Overview for
SfTelephony Meetup
March 10, 2011Dan Miller
Opus Research
© 2011 Opus Research, Inc.
Why I’m here
Talk about voice biometrics Share some ideas on stronger
authentication for mobile transactions Get your feedback as prospective
users/developers/implementers Describe some “real world” use cases,
business cases and demand drivers
2
© 2011 Opus Research, Inc. Page 4
Voice Biometrics and Speaker Verification
Voice Biometrics is a technology Captures an utterance from a live caller Compares it to previously stored “voiceprint” Produces a score
Speaker Verification is an application Employs a biometric engine plus business logic Enrolls customers by obtaining voice prints Compares live utterances to voice prints to
produce a “pass” or “fail” responses
© 2011 Opus Research, Inc. Page 4
Speaker Verification Components
Core Verification Engine Receives voice sample (“utterance”); compares it to
a voiceprint (“template”) Confirms who said it
Core Recognition Engine Compares utterance to ASR grammar Determines what was said
Business Logic Decides if the caller passes or fails Dictates required “next steps”
© 2011 Opus Research, Inc. Page 5
What is a Voice Print?
Physical Characteristics
The unique physical traits of the individual’s vocal tract, such as shape and size.
Behavioral Characteristics
The harmonic and resonant frequencies, such as accents, the speed of your speech, and how words are pronounced and emphasized.
Voiceprint - Together these physiological and behavioral factors combine to produce unique voice patterns for every individual
© 2011 Opus Research, Inc. Page 6
Verification vs. Identification
For Verification: User claims an ID Application matches voiceprint to that claim
For Identification: No claim of identity ID System tries to detect “closest match” of
captured utterances to voiceprint from a population of registered users
© 2011 Opus Research, Inc. Page 7
Text Dependent vs. Text Independent
Applications that require a specific pass phrase are Text Dependent Require training Customarily involve enrollment
Text Independent applications can use any utterance Simplify enrollment Support “conversational authentication”
© 2011 Opus Research, Inc.
Why Now?
8
© 2011 Opus Research, Inc.
Fraud protection persistence
9
Multifactor Mandated in more use cases Includes “something you are”
Multimodal Because “the customer is always on” Embraces social networks and multiple sign-
ons
Mobile Approaching 6 billion subscribers Mobile devices are becoming virtual
assistants
© 2011 Opus Research, Inc.
+1 = Momentum
Passwords getting more difficult Multiple digits and special characters Frequently updated Fragmented across sites (and IDs)
Authentication becoming important To access multiple sites, domains and devices For more activities, transactions and
interactions “Open” approaches only as strong as weakest
link10
© 2011 Opus Research, Inc.
Application strengths
Mobile payment authorization Device activation Access control Password reset Anonymous authentication
11
© 2011 Opus Research, Inc.
Perspectives from RSA
12
The “Phone Channel” Traditionally Has Weaker Security
ANI detection
Voice profile (gender, age etc.) based on intuition
Phone number
Address
Weak Identity verification • Mother’s maiden name
• Social Security Number
• Basic account knowledge (last purchase etc.)
Fraudster call center online
order form(with English translation)
• “Professional callers”: fluent in numerous languages, both male and female
• Caller-ID spoofing
• Service availability during American and Western European business hours.
• Cost: $7-$15 per phone call,
• Complete fraudulent transactions by impersonating people across a broad spectrum of demographics
• i.e. 77-year old female fluent in English or a middle-aged man fluent in Italian.
Fraudster-Operated Call Centers Emerge in the Underground Economy to Facilitate Phone Fraud
Fraudster Operated Call Centers
Underground forum post advertising "Professional Call Service"
Fraudster Operated Call Centers
Review of a fraudster call center service
* Available H1 2008
How Multi-Channel Fraud is Perpetrated
Tools of the trade:• VOIP (IPBX)
• ID Spoofing
Delivery:• War dialing
• SMS
Already in play in the US
Vishing
How Fraudsters Bypass Blacklisted Call Center Numbers
Fraudster calls Spoofing access
point
Directs call to non-blacklisted phone number with Spoofed Caller ID
Call Forwarding Device
Call is forwarded to call center 800 number
Call Center services unsuspicious inbound call displaying spoofed ID of an
existing customer
Fraudsters’ Interest in Phone Banking
© 2011 Opus Research, Inc.
And Speaker V & I can help
Questions?
Contact: dmiller@opusresearch.netOr on Twitter @dnm54
Page 21
top related