A requester seeking access to a secured destination often supplies an alleged identity, i.e., he tells who he is. This alleged identity then often needs to be authenticated. That is, confirmation needs to be obtained that proves the requester is actually the person that he claims to be.
Among the known techniques for authenticating the identity of a requester are techniques that take advantage of the uniqueness of each person's voice. In one such technique, the requester is prompted to speak a series of utterances such as a sequence of numbers. The particular utterances which are included in the series, as well as their order therein, may be different each time a particular identity is alleged. Access to the secured destination is granted if the representations of each of the utterances as repeated by the requester match previously stored templates of those utterances, as uttered by the person in question, to within predetermined tolerance limits. Otherwise, access is denied.
A problem with this technique is that utterances made by an authorized person can be mechanically recorded by an attacker seeking fraudulent access to the secured destination. The attacker then requests access, alleging the identity of the authorized person whose utterances he has recorded. In response to the authentication prompt, the attacker causes the recorded utterances to be reproduced in the order that forms the requested series of utterances. Since each utterance of the formed series is reproduced from a recording of the authorized person actually saying the utterance, each element will match its corresponding template to within the predetermined tolerance limits. The attacker will therefore be able to obtain fraudulent access.