Field of the Invention
The invention relates generally to the field of biometric authentication. More particularly, the invention relates to a system and method for securing business transactions using dialog-based voice recognition and voiceprint authentication.
Description of Related Technology
The ability to positively and reliably authenticate an individual is of utmost importance in areas such as e-commerce and financial services provided in a networked environment. Conventional shared secret authentication technology involves numerous disadvantages that motivate a continuing search for more reliable authentication technologies. For example, passwords and PIN's (personal identification number), while easily implemented, are easily compromised. Often, workplaces having aggressive password policies requiring passwords to be changed frequently also discourage easily remembered passwords. Thus, the inconvenience of trying to remember a password is such that end-users often write their password down so that they won't forget it. It is extremely common to see a user's password displayed in their office in plain view, perhaps on a POST-IT note affixed to their desk. Furthermore, replacing the passwords of those who have forgotten theirs is a significant expense in many organizations. The same problems are encountered in e-commerce and financial service environments. Conventional authentication methods render it relatively simple for a party to masquerade as someone else, resulting in serious invasions of privacy, and often inflicting grave financial or reputational harm.
Biometric authentication, the use of unique physical characteristics to verify an individual's identity, is receiving an increasing amount of attention. The use of fingerprints to positively identify an individual has been known for several hundred years. T. Tabuki, Verification server for use in authentication on networks, U.S. Pat. No. 5,987,232 (Nov. 16, 1999) describes the use of signatures to authenticate users requesting network access. The user records his or her signature by means of an electronic signature tablet. The recorded signature is then verified on a verification server. R. Glass, M Salganicoff, U. Cahn von Seelen, Method and apparatus for securely transmitting and authenticating biometric data over a network, U.S. Pat. No. 6,332,193 (Dec. 18, 2001) describes use of a retinal scan to authenticate a user requesting network access. Y. Yu, S. Wong, M. Hoffberg, Web-based, biometric authentication system and method, U.S. Pat. No. 6,182,076 (Jan. 30, 2001) describes a biometric authentication architecture implemented as middleware that employs encryption and passwords to lessen the possibility that a user's biometric data will be compromised while being transmitted to an authentication center.
A disadvantage to most current biometric authentication technologies is that they are subject to compromise. A user's biometric data can be intercepted and misused in the same way that a password can. In order to minimize such possibility, as described in the references above, measures must be taken to make sure that the biometric data is securely transmitted, and is authentic, requiring measures such as encryption, watermarking and passwords. It would be advantageous to provide a simple, reliable way of minimizing the possibility that biometric data has been compromised, or is not authentic.
Another disadvantage of most biometric authentication schemes is that the biometric templates are stored independently of their associated user data. The biometric data received from a user desiring authentication is first matched with a template from the template database. Subsequently, the individual associated with the matching template is provided. While such methodology is well suited for biometric identification, it is resource intensive. It would be desirable to provide a way of granting direct access to particular user's biometric template without first matching the templates.
Biometric authentication schemes are often implemented as middleware in a network environment. It would be desirable to provide a server-based architecture wherein the server is optimized for biometric authentication.
A still further disadvantage to most biometric authentication schemes is that they require dedicated sensing devices, such as specialized cameras for retinal scans and digitizing tablets for signatures. Often these devices are difficult to implement and maintain, requiring special software drivers and frequent calibration and adjustment. Thus, it would be an advance to provide a means of biometric authentication that doesn't require specialized input devices
Use of biometric authentication has been limited to granting access, often to a data network. It would be desirable to provide security for business transactions over either voice or data networks based on biometric authentication.