sxsw ppt voice-1
DESCRIPTION
A superset of the slides I presented on voice biometrics at SxSW Interactive. The session (in conjunction with CSIdentity was to raise awareness VB as a physical and behavioral biometric.TRANSCRIPT
My Voice is My Passport: Verify Me
March 12, 2012
2
About the Speakers Dan Miller (Founder, Senior Analyst)
Founded Opus Research (1985) Analyst at IDC/Link, The Kelsey Group, Zelos Group Industry experience: Atari, Time-Warner, PacTel (AT&T) Expertise: local, DA, speech integration with Web, mobility
and enterprise software infrastructure Coverage Areas: Conversational Commerce, Internet2Go,
Biometrics Isaac Chapa (VP Information Systems/Operations,
CSID) Joined CSID 2006, overseeing ID Theft Platforms/Solutions Sr. Engineer, Grande Communications Designed and integrated DCM/VOIP Switches, Billing
Platforms, SONET and FTTH, HFC networks
3
Why We’re Here
Talk about voice biometrics Share some ideas on stronger authentication for
mobile transactions Get feedback as prospective
users/developers/implementers Describe some “real world” use cases, business cases
and demand drivers
4
Voice Biometrics & Speaker Verification
Voice Biometrics is a technology Captures an utterance from a live callerCompares it to previously stored “voiceprint”Produces a score
Speaker Verification is an application Employs a biometric engine plus business logicEnrolls customers by obtaining voice printsCompares live utterances to voice prints to produce a
“pass” or “fail” responses
5
Speaker Verification Components
Core Verification EngineReceives voice sample (“utterance”); compares it to a voiceprint
(“template”)Confirms who said it
Core Recognition EngineCompares utterance to ASR grammarDetermines what was said
Business LogicDecides if the caller passes or fails Dictates required “next steps”
6
What is Voice Print?Physical Characteristics The unique physical traits of the individual’s vocal tract, such as shape and size.
Behavioral Characteristics The harmonic and resonant frequencies, such as accents, the speed of your speech, and how words are pronounced and emphasized.
Voiceprint - Together these physiological and behavioral factors combine to produce unique voice patterns for every individual
7
Text Dependent vs. Text Independent Applications that require a specific pass phrase are Text
DependentRequire trainingCustomarily involve enrollment
Text Independent applications can use any utteranceSimplify enrollmentSupport “conversational authentication”
8
Why Now?
9
Fraud Protection Requirements
Multifactor Mandated in more use cases Includes “something you are”
Multimodal Because “the customer is always on” Embraces social networks and multiple sign-ons
Mobile Approaching 6 billion subscribers Mobile devices are becoming virtual assistants
10
+ 1 = Momentum
Passwords getting more difficultMultiple digits and special charactersFrequently updatedFragmented across sites (and IDs)
User authentication vitalTo access multiple sites, domains and devicesFor more activities, transactions and interactions“Open” approaches only as strong as weakest link
11
Entering 3rd Generation
1st Generation
IVR PIN replacementPassword Reset
Emphasis on Security
“My voice is my password”“ 0 1 2 3 4 5 6 7 8 9”Random digit liveness
2000 2005 2010 2015
2nd Generation
Enhanced ID&VMulti-factor Auth
Automation
Voiceprint on identity claimLeverage KV & ANI/CLIRandom word liveness
3rd Generation
Enhanced ID&VSecure Mobile Access
Voice Signatures- Internet via OOB
- Mobile multi-mediaConvenience
Password replacementLeverage device idRandom phrase liveness
EmbeddedVerification
Source: Nuance Communications
12
Estimated Revenues
13
Results: Registered VoiceprintsIn Millions
14
This is My Wallet
15
This is My Wallet on Phone
16
Mobile Commerce is Exploding
Mobile transactionsWill reach $670 billion by 2015Up from $240 billion in 2011
Global in natureEast Asia and ChinaWestern EuropeNorth America
represent 75% gross transaction value. (Juniper Research)
17
But Inherently Insecure
At the device levelOSes have no security shellPersonal info (including PINs) stored as text
At the network levelEncryption is the exceptionProne to keystroke logging, Bluetooth sniffing and the like
What about authenticating users?
18
What Are We Protecting
Integrity Confidentiality Availability of Data
Loosely coupled from infrastructure Secure applications and runtime environments The critical focus of security shifts:
From owning everything to owning nothing From “Where are you from?” to “Who are you?”
• Identity, credential, and access managementFrom “Internal vs. External” to “Distrust everyone equally”
Need strong authentication independent from current form factors
19
What Are We Using Usually a four digit number.
There's only 10,000 possible combinationsFour character, alpha only, password has more than
45,000 possibilitiesAlphanumeric and there's more than a million and a half
Fast computers can crack these in less than a second (and often don’t have to)
20
Today’s Requirements “Layered”
To apply appropriate level of security for risk profile
Multi-FactorTo augment PINs or PWD
Device-orientedComplex device identification
considered more secure (per 2011 “guidance” from FFIEC)
21
Lead To These Solutions
Treating mobile phones as “non-traditional endpoints”
Popular solutions:One Time Passwords – using SMS textKnowledge-based Authentication –
using non-public info“A Biometric” – fingerprint, face
recognition, iris scans…and voice!
22
Before You’d Try These
23
You Should Think About These
User Authentication Device Activation Transaction Authorization Mobile Signatures Password Reset ID Proofing
24
Superior Factor for Phones
Works on all phones Includes both physical and behavioral attributes
Physical Characteristics The unique physical traits of the individual’s vocal tract, such as shape and size.
Behavioral Characteristics The harmonic and resonant frequencies, such as accents, the speed of your speech, and how words are pronounced and emphasized.
25
On Par With Biometric Alternatives
Error rates are “acceptable” Registration is relatively easy No special equipment needed for authentication Solutions integrate with or augment existing security
infrastructure
26
Has Surprising Acceptance
In contact centers8.5 million voice prints registeredROI justified shaving minutes from authentication practices
+ fraud reduction For remote and mobile workers
For Password ResetSecure access to VPNStrong authentication for conference calls
27
Applications & Use Cases
Personalized, trusted customer care Proof of life Mobile payment authorization Device activation, “Wake Up” Enterprise VPN access control Password reset Anonymous authentication
28
But Real Security Comes With
Layering multiple factorsLike gesturesLocationMotion detectionOut-of-band authentication
And leveraging existing infrastructureFor complianceAs a go-faster To support Natural Language Interactions