This invention refers to a process and arrangement for authenticating a user of facilities, a service, a database or a data network.
In conventional access control systems, as applied to data networks, identification or authentication means, respectively, of the knowledge-based type are being used to fulfil the security requirements. In particular, for decades password-based or PIN based identification/authentication schemes are known and generally used. More specifically, in spy- or fraud-sensitive applications, such as home banking applications, supplementary security measures like the provision and obligatory use of individual transaction codes or TANs, respectively, are known and widely used. Even such supplementary security-enhancing schemes are knowledge based and suffer, therefore, from the typical disadvantages of all knowledge based schemes, i.e. problems related to the loss of the relevant information by the authorized user on one hand and risk arising from the access to such information by an unauthorized user on the other hand.
Therefore, in recent years considerable efforts have been made to include other types of identification/authentication schemes into the security mechanisms of data networks. In particular, approaches to add “possession-based” (tokens) and/or “being-based” (biometry-based) schemes to the well-known knowledge-based schemes, or even to substitute the latter schemes with such new ones, have been tried. For example, in automatic cash dispensers, biometrical authentication schemes based on fingerprint or retina recognition, respectively, have been proposed for controlling the access to bank accounts. Furthermore, the meanwhile well-established fingerprint-based access control means of notebooks and other personal computers should be mentioned as some kind of means for controlling the access to data networks.
More recently, voice-based authentication solutions, as a specific type of biometry-based identifications/authentications, have widely been introduced by firms to supplement their internal knowledge-based access control schemes.
In internet and mobile based services and activities, in particular in internet market places like ebay or internet financial transaction systems like PayPal, with the rapidly growing worldwide user base the number of fraudulent attacks increases significantly. The probability of a successful attack on accounts of a worldwide internet-based service with millions of users is much higher than with phishing attacks on local banks.
Thus, voice-based authentication is also being discussed as a security scheme for internet and mobile network based services and data access systems.
Facing this type of sophisticated application on a huge scale, voice biometric solutions have to cope with several technological challenges and to achieve a high level of user acceptance. Specific challenges are linked to the enrolment procedure, cross-channel problems, security requirements, flexibility and scalability demands.
For the enrolment process, a unique user ID is required to identify the user. However, there is no universal form of user IDs to identify users of voice biometric systems. The formatting varies from company to company. In the enterprise market the personal number of the employees is often used for identification, whereas in the consumer market the name of a person or any other substitute to the name (login name, e-mail address, mobile number) are used or can be used to identify the user, at least with a certain degree of reliability.
Today, for this step, automatic speech recognition (ASR) is used. However, basically the integration of ASR in a voice verification solution is limiting its scalability. ASR solutions are not available in all languages or suffer from several problems in a number of languages. This means: Although a voice verification solution could, in principle, be offered to customers in these specific countries, the solution as it is offered now (including a speech recognition and a voice verification part) cannot be provided to customers in these countries due to the missing or sub-optimal ASR component.
The elimination of the ASR component would make the system easier to use and easier to scale, but until now there is no solution to avoid the integration of the speech recognition component into a voice profile based authentication system.
Furthermore, security is a big issue for customers. Until now, most voice biometric security solutions exclusively rely on voice authentication as the only real security layer besides the user ID (checked with voice recognition). However, this means that the threshold of the voice authentication security layer had to be set high to ensure a high resulting level of security. This can result in limitations during the usage of the system.
The usage of different types of phones (fixed line (wired), fixed line (DECT), mobile phone, VoIP) results in problems in the usage of voice biometric solutions. As the bandwidth of the different telephony channels is ranging from 8 kbit/s (VoiP) to 64 kbit/s (ISDN) and even much more, the quality of the voice sample differs. A user enrolled with a VoIP phone can have problems with verification on a wired fixed line phone, as the voice sample provided on the fixed line phone differs from the voice sample provided during enrolment on the VoIP phone. A solution for this problem would be to decrease the threshold which determines the sensitivity of the system.
Combined with the security requirements, the cross-channel problems may lead to an inconvenience factor in the usage of voice authentication products, related to higher false rejection rates (FRR) and problems during enrolment and usage of the solution.
As already mentioned above, to use a voice biometric system each user has to register in the system, storing his/her voiceprint in the database. Only after the user has enrolled in the system he/she can use the system. A problem linked with the enrolment process is that most voice biometric systems try to achieve a 100% enrolment level of the users in the start period of the system implementation. This results in a high load on the voice channels in the first weeks/months after the installation. A higher number of voice channels are needed to handle the high number of enrolling users. If a system is only used with the number of voice ports, which are needed to guarantee a convenient daily usage after the enrolment phase, some of the users, which want to enrol, may not be served as the voice ports are blocked.