The present invention generally pertains to systems and methods for user authentication. More specifically, the present invention is related to a machine-based system for authenticating a human user.
With the popularity of highly technological communication systems, providers of services have begun to provide automated programs for client access. For example, a client can access a banking account from various communication systems, such as telephone systems and network systems, to perform a variety of tasks. For example, the Internet can be accessed through cellular phones, personal data assistants (PDAs), desktops and kiosks. Such tasks include transferring money, depositing money, withdrawing money and accessing account balances. These service providers could potentially reveal valuable information about clients that is attractive to a hacker (a person who illegally gains access to secured information).
Attacks by hackers include using computer programs that attempt to exploit automated service programs designed to accommodate human users. In many instances, automated service programs are not configured to consistently differentiate between human access and machine access. Currently, many service providers rely on a client's knowledge of certain secrets. For example, such secrets can include PINs (personal identification numbers), passwords, social security numbers and information not readily known to the public, such as a user's mother's maiden name. However, not only can these secrets be easily forgotten by a client, their overuse can lead to easy discovery.
To heighten security, biometric-based approaches, such as fingerprint and voiceprint technologies, are becoming popular. For example, when a user accesses an automated service program over the telephone, the user is asked to supply a voice sample to a speech verification system to verify that the voice sample matches the voiceprint of the user they claim to be. However, biometric-based security samples can be copied or recorded for later use by a hacker. It is relatively easy to record a voice sample and replay the recording over the telephone. Speech verification systems are not always configured to differentiate between a live voice and a recording.
A Reverse Turing Test (RTT) has been utilized to determine whether a human or machine is requesting access to automated service programs. Such tests are based on the assumption that certain pattern recognition tasks are significantly harder for machines to perform than humans. For example, it is easier for a human to recognize patterns in distorted speech or a distorted image than a machine. A telephony application can, in one instance, play a noisy prompt that asks the user to spell a word and recite a digit sequence. A Web application can, in another instance, ask its user to type the alphanumeric string embedded in a distorted image. Problems with these types of solutions include issues arising from the fact that similar sounding words can have different spellings, many people are poor spellers, and it can be a challenge to commit a sequence of digits to memory. Also, over time, machines are likely to develop the capacity to hack these types of simple authentication tests.
In addition to protecting clients from unauthorized access to automated services, there is a need to heighten security to police interactions with personal computing devices and mobile devices. There is also a need to enhance the security associated with digital signature use when sending email. Currently, these technologies commonly require only a password or PIN input to access information. As discussed above, passwords and PINs are easily forgotten by a user and are easily discoverable by hackers. Those listed herein are only a few of many specific applications that will benefit from enhanced security.