Authenticating the identity claim of a user is an important step in ensuring the security of systems, networks, services and facilities, both for physical and for logical access. Existing user authentication is often performed on the basis of a user's knowledge of a single verification object, e.g., a password or a personal identification number (PIN) or on the basis of possession of a single verification object, e.g., a key or a card. Other existing authentication techniques include the use of a biometric feature as the verification object, e.g., a fingerprint, a voiceprint, an iris scan or a face scan.
Verification is typically done by comparing the verification object obtained from the user at the time of attempted access to previously stored objects. Biometric systems, for example, typically produce a similarity score measuring how close an input biometric is to a reference biometric template. A threshold is then applied to the score to make a binary decision about whether to accept or reject a given user. Possession-based user authentication systems make a binary accept/reject decision based on the presence of a physical device (e.g., a key) or a virtual device (e.g., a digital certificate). For knowledge verification, a single challenge will result in a binary decision based on the correctness of the user's response.
When multiple challenges are presented to the user for the purpose of authentication, user authentication is said to be sequential. Sequential user authentication may be accomplished by using a sequence of authentication challenges from the same mode (e.g., presenting only knowledge verification questions), or using multiple verification modes (e.g., presenting both random knowledge challenges and asking for one or more physical keys). Sequential authentication based on biometrics may be possible, depending on the type of biometric. For example, fingerprints are consistent and sequential challenges would not be beneficial since they capture the same identical fingerprint. The human voice, however, does change, and therefore sequential voice biometrics (“speaker recognition”) is beneficial.
When sequential user authentication is utilized, the set of rules or algorithms for making a binary decision to accept or reject the user may be more complicated than a simple threshold, since the results from individual interaction turns (challenges) may be contradicting. A policy is the set of rules that specify, at each turn, whether to accept the user, reject the user, or present the user with a new challenge.
A number of techniques have been proposed or suggested for combining speaker recognition and knowledge verification using conversational biometrics with a policy that governs the user interaction based on both the measured biometric (speaker recognition) and knowledge responses. For example, U.S. patent application Ser. No. 10/283,729, filed Oct. 30, 3002, entitled “Methods and Apparatus for Dynamic User Authentication Using Customizable Context-Dependent Interaction Across Multiple Verification Objects,” assigned to the assignee of the present invention and incorporated by reference herein, discloses an authentication framework that enables a dynamic user authentication that combines multiple authentication objects using a shared context and that permits customizable interaction design to suit varying user preferences and transaction/application requirements. See also, U.S. Pat. No. 6,529,871, entitled “A Way to Identify Using Both Voice Authentication and Personal Queries,” assigned to the assignee of the present invention and incorporated by reference herein.
While such conversational biometric techniques provide improved authentication frameworks with a high degree of flexibility, accuracy, convenience and robustness, they suffer from a number of limitations, which if overcome, could further improve the efficiency and security of such user authentication techniques. In particular, the above-described techniques for conversational biometrics yield a binary decision for each challenge.
A need therefore exists for methods and apparatus for conversational biometrics that yield a continuous-value score for each challenge. The continuous-value score allows for fusing of multiple biometric systems prior to setting a security level. A further need exists for methods and apparatus that measure similarity scores from knowledge verification systems. Yet another need exists for methods and apparatus that manage a sequential authentication system based on measured knowledge scores