CA2207876A1 - Customer authentication apparatus - Google Patents
Customer authentication apparatusInfo
- Publication number
- CA2207876A1 CA2207876A1 CA002207876A CA2207876A CA2207876A1 CA 2207876 A1 CA2207876 A1 CA 2207876A1 CA 002207876 A CA002207876 A CA 002207876A CA 2207876 A CA2207876 A CA 2207876A CA 2207876 A1 CA2207876 A1 CA 2207876A1
- Authority
- CA
- Canada
- Prior art keywords
- customer
- data
- response
- stimulus
- stored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 230000004044 response Effects 0.000 claims abstract description 59
- 238000000034 method Methods 0.000 claims abstract description 12
- 238000012795 verification Methods 0.000 claims description 8
- 238000010200 validation analysis Methods 0.000 claims description 7
- 230000001755 vocal effect Effects 0.000 claims description 3
- 238000012545 processing Methods 0.000 description 5
- 101001126084 Homo sapiens Piwi-like protein 2 Proteins 0.000 description 2
- 102100029365 Piwi-like protein 2 Human genes 0.000 description 2
- GYMWQLRSSDFGEQ-ADRAWKNSSA-N [(3e,8r,9s,10r,13s,14s,17r)-13-ethyl-17-ethynyl-3-hydroxyimino-1,2,6,7,8,9,10,11,12,14,15,16-dodecahydrocyclopenta[a]phenanthren-17-yl] acetate;(8r,9s,13s,14s,17r)-17-ethynyl-13-methyl-7,8,9,11,12,14,15,16-octahydro-6h-cyclopenta[a]phenanthrene-3,17-diol Chemical compound OC1=CC=C2[C@H]3CC[C@](C)([C@](CC4)(O)C#C)[C@@H]4[C@@H]3CCC2=C1.O/N=C/1CC[C@@H]2[C@H]3CC[C@](CC)([C@](CC4)(OC(C)=O)C#C)[C@@H]4[C@@H]3CCC2=C\1 GYMWQLRSSDFGEQ-ADRAWKNSSA-N 0.000 description 2
- 150000002500 ions Chemical class 0.000 description 2
- PCLIRWBVOVZTOK-UHFFFAOYSA-M 2-(1-methylpyrrolidin-1-ium-1-yl)ethyl 2-hydroxy-2,2-diphenylacetate;iodide Chemical compound [I-].C=1C=CC=CC=1C(O)(C=1C=CC=CC=1)C(=O)OCC[N+]1(C)CCCC1 PCLIRWBVOVZTOK-UHFFFAOYSA-M 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/33—Individual registration on entry or exit not involving the use of a pass in combination with an identity check by means of a password
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Human Computer Interaction (AREA)
- Telephonic Communication Services (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
A method of authenticating a customer wishing to access a service, includes the steps of storing digital data in a memory, the digital data representing information associated with each customer, randomly generating a stimulus related to said stored data and presenting said stimulus to a customer wishing to access the service, accepting customer input in response to the stimulus and generating customer response data therefrom, comparing the customer response data with the stored data, repeating the above steps on an iterative basis; and validating the customer when the customer response data match the stored data within predefined limits. The method provides a secure authentication system for use by banks and the like.
Description
CUSTOMER AU 1 ~;~TICATION APPARATUS
This invention relates to Customer Allthentication Apparatus, and more particularly to such app~dlus for use over a telephone network.
In modern society, the telephone is being increasingly used as a means for a customer to obtain services without the need to travel. An impe iiment of the spread of such remote services is the risk of fraud due to inadequate customer authentication.
Credit card companies have long kept a file on personal data, such as a person's mother's maiden name, that is unlikely to be known by fraudulent users. If a customer wishes to obtain information about his or her account, the operator will ask questions drawn from the customer file. This system requires operator intervention and can be defeated by a determined fraudulent user who could obtain the limited number of items of information by carrying out the necessary research in advance. Such a system has not yet been applied to automated telephone services.
An object of the invention is to provide a secure customer allth~ntication system suitable remote access of automated services.
Accordingly the present invention provides a method of authenticating a customerwishing to access a service, compri~ing the steps of storing digital data in a memory, the digital data representing information associated with each customer, randomly generating a stimulus related to the stored data and pre3~ g said stimulus to a customer wishing to access the service, accepting customer input in response to the stimulus and generating customer response data the~er~ , co.,.p~ g the customer response data with the stored data, l~ealillg such steps on an iterative basis, and validating the customer when the customer response data match the stored data within predefined limits.
In a p~ef~lled embodiment, customer a~lthentication is performed in two steps based on:
I) Customer voice print ~llthentication, and 2) Customer personal knowledge verification.
Depending on the level of security required, one or both steps may be used.
In one embodiment, the customer is first asked to repeat a series of spoken words and these are m~tehed with previous digitally stored recordings made by the customer to perform voice ~ign~ re verification. The customer is then asked a series of questions, and his or her responses are first recognized using a voice recognition unit. They are then matched with knowledge items stored in the data base. Both the spoken words and the knowledge items are randomly selected as a subset of the set of records in the data base.
The total number of records can be quite large so as to reduce the chances of a fraudulent user being able to obtain all the answers. Voice recognition can be performed on the responses or not at all.
The two checks can be combined in that, if desired, voice print alltllentication can be carried on the customer's responses to knowledge-based queries.
If desired, a timer can be arranged to time out if the user does not respond to a question within the predet~rmined period of time. An ~lthentic customer will generally be able to respond to the questions immediately whereas the fraudulent user, given the large number of questions, might have to refer to a rerele.lce source, and the timer can limit the oppo~ ily to do so by timing out if the response has not been given within a certain time period.
The invention is particularly adapted for telephone systems with a remote telephone providing the stimuli and accepting the customer input, and the rem~ining part of the eqllipment being at the service provider's premises.
One particular application of the invention is bank account manipulation. Once a person has been ~llth~nticated as a valid customer, he or she can then carry out bank transactions from any remote location (e.g. home) using the telephone key pad. The latter, if desired, can be used as a medns of accepting customer input, although voice comm~n~l~ arefe~ed because they are faster.
The invention also provides customer ~lthentication a~a~dlus compri~ing a memory for storing digital data represçntin~ information items associated with each customer, a selection unit for randomly selecting digital data associated with an information item on an iterative basis, tr~n~d~lcer means for pres~nting a stimulus related to the stored data to a customer wishing to access the service, input means for accepting customer input in response to the stimulus and generating customer response data theleLvlll, a coll~dlor for co...p~ g the customer response data with the stored data and validation means for v~lid~ting the customer when the customer response data match the stored data within predefined limits.
The tr~n~ cer means and input means can conveniently be provided by a remote telephone.
The invention can require a perfect match to all responses, although this may beunrealistic. For example, people do not always pronounce words in exactly the same way and a legili,llale customer might inadve.lelllly give the wrong response to a question. The invention makes a decision on the basis of the number of correct and wrong answers.
Criteria for ~lele~ ...ining validity can be set in advance. Furthermore, the number of iterations is flexible, and if the customer gives wrong answers or the equipment fails to recognize a voice response, the number of iterations can be increased so that the probability of error is small.
This invention thus allows a service provider to recognize and validate the identity of a caller by using two fl~lth~ntication mech~llisms, either alone or in combination:
a) voice sign~hlre verification b) caller personal knowledge verification Task b is done by requesting verbal feedback from the caller using a randomly selected subset of stimuli based on a set of pre-recorded knowledge items. In summary, the allmentis~tion system can perform voice si n~hlre verification as well as user personal knowledge verification either co~ .llly or separately.
Voice si~hlre may be pel~u~ ed on one or more pre-defined set of sounds (e.g., words).
If technology permits a wide choice of words for sign~hlre verification, then, the request for the ~ign~hlre word(s) should consist of a subset of responses to a randomly selected set of stimuli. Voice recognition can be performed by an system that performs voice processing on sounds or phonemes. A suitable is VPRO by Voice Processing Corporation of Cambridge, M~s~chlleett~
The service provider needs a ~l~t~b~e for each identity it needs to validate. This is done by recoldillg a set of responses corresponding to a set of stimuli. During validation, only a subset of the stimuli will be picked randomly for validating the person's identity. The stimuli would typically (but not neces~rily) be presented in the form of a question. The response should involve a limited set of syllables so as to facilitate the processing of the voice prmt.
The stimuli must call, not only on the person's knowledge but also on the language ability of the person. If a person is fluent, or has certain competence in more than one language, the stimuli should use the person's ability to understand stimuli in the languages he or she understands, and to provide the responses in these languages as well.
The personal stimuli ~l~t~b~ee have to be created by deciding on a set of stimuli for which the person can easily remember the response. Ideal stimuli should appeal to knowledge acquired during user's childhood. For safety reasons, the stimuli should be spoken by a person other than the person which will use the validation system. Then the answers/responses must be recorded as spoken by the target person. Obviously, all stimuli and responses have to be tested thoroughly.
The invention will now be described in more detail, by way of example only, withreference to the accolllp~lyil1g drawings in which:-Figure 1 is a block diagram of customer ~lthentication apparatus in accordance with the invenhon;
Figure 2 illushrates a sample validation hand-~h~king session;
Figure 3 illustrates a typical end-to-end operating environment;
Figure 4 shows the customer ~llth~ntication a~alus as adjunct to a service provider;
Figure 5 shows a customer ~lthentication a~palalus as a front end to a service provider system;
Figure 6 shows a physical embodiment of a customer ~lthentication apparatus; and Figure 7 shows a ~l~t~b~e shucture suitable for use in the customer ~lthentication app~lus.
Referring now to Figure 1, an ~llthentication a~pal~lus 100 is connected to a telephone 5 with a keypad Sa over a telephone line 101, which is connected in the app~lus 100 to a protection and line int~rf~ce circuit 102. This is in turn connected to a codec 103 for digitally encoding or decoding analogue signals arriving from or going to the telephone line 101. The codec 103 is also conn~cteci to the int~rf~(~e circuit 102 and control unit 2.
Control signals pass between the control unit 2 and the circuits 102, 103 over lines 104, 104.
The codec 103 is connected to a DTMF decoder 106, a speech component analyzer 107, a stimulus generator 108, and a greeting and admin message generator 109. These units are all connected to the control unit 2 via line 1 10.
The speech component analyzer 107, stimulus generator 108, and greeting and admin message unit 109 are respectively connected to a comparator 9, customer ~latab~ee 1, and general message ~l~t~b~e 111. The latter units are connecte~l to the control unit by line 112.
Database I stores in digital form a large number of groups of data items, each group being associated with a particular customer. Some of the data items comprise ~ iti7ed representations of the customer speaking selected words, and some represent responses to questions within the personal knowledge of the customer. The knowledge items could, for example, include the maiden name of the customer's mother, the names of any close relatives of the customer or any general knowledge of the customer, perhaps pe~ g to the place where the customer was brought up or went to school. If the customer is f~mili~r with more than one language, knowledge items can be stored in any language f~mili~r to the customer.
On initiation of a call, control unit 2 sends a message, which is the same for all customers, requesting the customer to enter his or her account number through the keypad. This is converted into an audio message in the codec 103. The customer keys in his or her account number through the telephone keypad 5a, and the response signals are decoded by DTMF decoder 106, which passes the results to the control unit 2.
The control unit 2 then randomly selects data items from the database 1 corresponding to the received account number, and passes these data items to the telephone 5 through the codec 103. The customer normally responds verbally although except in the case of mi~m~tçhing data, the customer can also respond through the keypad using DTMF tones.
~.~sllming the customer responds verbally, the response data is passed through codec 103 to the comparator 9, which colllpales the response data with the corresponding stored data in the ~l~t~b~e 1. The control unit 2 then allocates a score to the correct ~e ,~onses and makes a decision according to predefined criteria. The control unit 10 can be designed to require all responses to be correct, although it can allow for some errors depending on the design of the system and the level of security required.
The speech component analyzer 107 checks the voice-print of the customer. This can be in response to a request for the customer to pronounce certain words stored in the customer ~l~taba~e, and/or the answers supplied to the knowledge-based queries. For example, if the system asks for the customer's mother's maiden name, the control unit can verify both that the answer is factually correct and that the answer m~tches the customer's voice-print. This can be done either by using voice-print analysis techniques or by storing a digital l~res~ ion of the customer actually responding to the question.
Figure 2 illustrates a typical banking transaction using app~lus in accordance with the invention. The caller is identified on the left hand side of the figure and the automatic b~nking service on the right. First the caller places a call to the automatic banking service, which in turn responds by requesting the account number, which the caller enters by using the telephone keypad. The account number is transmitted as DTMF tones (although dial pulses can be used) to the automatic banking service which then initi~tes operation of the customer authentication cycle.
A random stimulus is selecte~l from the ~lat~b~e 1, and the customer's response validated.
If the response is valid, the cycle is repeated with a different randomly selected stimulus.
If his response is incol,~ , the system can either repeat the stimulus or note the response as incorrect and move onto the next stimulus. In either case, the validation unit 10 notes the incorrect response.
After a certain number of iterations, the customer is deemed authentic, and the system notifies the customer that he has been authenticated and that he can request a transaction.
The customer then requests the transaction, which is carried out by the automatic balLking service. After the transaction has been carried out, the automatic banking service sends an acknowle~lgment to the customer who can then hang up or request another transaction.
Figure 3 shows a more generic illustration of the invention. In Figure 3 a service provider 20 includes an aumentication app~alus in accordance with the invention. The service provider co~l~n,u~icates over any voice transport system 21, for example a telephone network, to a voice input device 22, which could be a telephone.
Figure 4 shows a customer ~ thentication appa,~lus in accordance with the invention as an adjunct to a service provider. Service provider 30 includes an authentication unit 31 connected to customer dat~b~e 1. The service provider dat~b~e 32 con~ills information that customers desire to access and manipulate. For instance, d~t~h~ce 32 may contain bank accounts and the like. Interaction with the service provider 30 is through the privileged user's unit 33 which is connected to the allth~ntication unit 31. The privileged user's unit co"l",unicates with a call tçrmin~tion and ~ patch unit 34 connected to the telephone line 31. The latter is also connected to a general service provider unit 35, which does not require security.
Figure 5 shows another configuration of the invention where the a~lthentication unit is provided as a front end to a multiple service provider system. Telephone line 21 is connected to call t~ ion and user idçntification and allthPntication unit 40 connected to user's personal knowledge dat~ba~e 1. A calling customer is ~l~thenticaled in the manner described with reference to Figure 2. Once allth~nticated, the customer can be connected to any one ofthe desired service providers 41 each connected to associated d~t~b~e units 40 co.~ -g information desired to be accessed or manipulated by the customer.
Figure 6 shows the physical embodiment of an a~1thçntication unit in accordance with the invention. Telephone line 21 is connected to digital or analog in1Prf~ce and switching unit 50 through switch 56. The latter allows the unit 50 to be ~ltçrn~tively connected to a local input 55 for set-up mode or control purposes. Unit 50 is connected over bus, for example an MVIP or SCSA bus to a digital signal processing unit 51. Interface unit 50 and DSP
unit 51 are connected to another bus, which could be an ISA bus, or an EISA bus, for example 52. Central processing unit 53 and user's personal knowledge storage (l~t~h~e 54 are connected to the bus 52. The implçmentation shown in Figure 6 is a more practical implementation than the one shown in Figure 1, which helps understand the principles of the invention, since it uses modern digital signal proceeeing and bus technology.
In Figure 6, the interface for the voice media connects the voice circuit to the DSP unit when required for voice eign~ re analysis and stimulus-response h~n~leh~ke. A high speed connection is provided between these two resources, and this can be implemente~l using the disclosed MVIP or SCSA bus.
Figure 7 shows the functional org~ni7~ti~n ofthe personal knowledge database 1. Each stimulus SN is associated with a corresponding response RN. The stimulus could be for example a request to speak a word in which case the stored response is a ~iigiti7~cl representation of the customer previously speaking the word. If the stimulus is a question, then the response is the expected answer.
For each new customer, the personal ~l~t~b~ee must of course be established. This can achieved by the customer visiting the service provider premises and providing a series of responses through set-up unit 11, which can, for example, include a telephone h~n-leet The control unit 2 simply requests the new customer to provide answers to a wide range of question and repeat certain selected words. The responses are digitized and stored in the new customer's personal information (1~t~b~ee within the database 1.
It will be observed that the invention thus provides an flllthentication method and appa~alus that offers secure customer validation in a telephone environment. It will be obvious that the skilled person in the art will be able to devise many di~e~ means of implementing the invention without departing from the scope of the invention as defined in the claims.
This invention relates to Customer Allthentication Apparatus, and more particularly to such app~dlus for use over a telephone network.
In modern society, the telephone is being increasingly used as a means for a customer to obtain services without the need to travel. An impe iiment of the spread of such remote services is the risk of fraud due to inadequate customer authentication.
Credit card companies have long kept a file on personal data, such as a person's mother's maiden name, that is unlikely to be known by fraudulent users. If a customer wishes to obtain information about his or her account, the operator will ask questions drawn from the customer file. This system requires operator intervention and can be defeated by a determined fraudulent user who could obtain the limited number of items of information by carrying out the necessary research in advance. Such a system has not yet been applied to automated telephone services.
An object of the invention is to provide a secure customer allth~ntication system suitable remote access of automated services.
Accordingly the present invention provides a method of authenticating a customerwishing to access a service, compri~ing the steps of storing digital data in a memory, the digital data representing information associated with each customer, randomly generating a stimulus related to the stored data and pre3~ g said stimulus to a customer wishing to access the service, accepting customer input in response to the stimulus and generating customer response data the~er~ , co.,.p~ g the customer response data with the stored data, l~ealillg such steps on an iterative basis, and validating the customer when the customer response data match the stored data within predefined limits.
In a p~ef~lled embodiment, customer a~lthentication is performed in two steps based on:
I) Customer voice print ~llthentication, and 2) Customer personal knowledge verification.
Depending on the level of security required, one or both steps may be used.
In one embodiment, the customer is first asked to repeat a series of spoken words and these are m~tehed with previous digitally stored recordings made by the customer to perform voice ~ign~ re verification. The customer is then asked a series of questions, and his or her responses are first recognized using a voice recognition unit. They are then matched with knowledge items stored in the data base. Both the spoken words and the knowledge items are randomly selected as a subset of the set of records in the data base.
The total number of records can be quite large so as to reduce the chances of a fraudulent user being able to obtain all the answers. Voice recognition can be performed on the responses or not at all.
The two checks can be combined in that, if desired, voice print alltllentication can be carried on the customer's responses to knowledge-based queries.
If desired, a timer can be arranged to time out if the user does not respond to a question within the predet~rmined period of time. An ~lthentic customer will generally be able to respond to the questions immediately whereas the fraudulent user, given the large number of questions, might have to refer to a rerele.lce source, and the timer can limit the oppo~ ily to do so by timing out if the response has not been given within a certain time period.
The invention is particularly adapted for telephone systems with a remote telephone providing the stimuli and accepting the customer input, and the rem~ining part of the eqllipment being at the service provider's premises.
One particular application of the invention is bank account manipulation. Once a person has been ~llth~nticated as a valid customer, he or she can then carry out bank transactions from any remote location (e.g. home) using the telephone key pad. The latter, if desired, can be used as a medns of accepting customer input, although voice comm~n~l~ arefe~ed because they are faster.
The invention also provides customer ~lthentication a~a~dlus compri~ing a memory for storing digital data represçntin~ information items associated with each customer, a selection unit for randomly selecting digital data associated with an information item on an iterative basis, tr~n~d~lcer means for pres~nting a stimulus related to the stored data to a customer wishing to access the service, input means for accepting customer input in response to the stimulus and generating customer response data theleLvlll, a coll~dlor for co...p~ g the customer response data with the stored data and validation means for v~lid~ting the customer when the customer response data match the stored data within predefined limits.
The tr~n~ cer means and input means can conveniently be provided by a remote telephone.
The invention can require a perfect match to all responses, although this may beunrealistic. For example, people do not always pronounce words in exactly the same way and a legili,llale customer might inadve.lelllly give the wrong response to a question. The invention makes a decision on the basis of the number of correct and wrong answers.
Criteria for ~lele~ ...ining validity can be set in advance. Furthermore, the number of iterations is flexible, and if the customer gives wrong answers or the equipment fails to recognize a voice response, the number of iterations can be increased so that the probability of error is small.
This invention thus allows a service provider to recognize and validate the identity of a caller by using two fl~lth~ntication mech~llisms, either alone or in combination:
a) voice sign~hlre verification b) caller personal knowledge verification Task b is done by requesting verbal feedback from the caller using a randomly selected subset of stimuli based on a set of pre-recorded knowledge items. In summary, the allmentis~tion system can perform voice si n~hlre verification as well as user personal knowledge verification either co~ .llly or separately.
Voice si~hlre may be pel~u~ ed on one or more pre-defined set of sounds (e.g., words).
If technology permits a wide choice of words for sign~hlre verification, then, the request for the ~ign~hlre word(s) should consist of a subset of responses to a randomly selected set of stimuli. Voice recognition can be performed by an system that performs voice processing on sounds or phonemes. A suitable is VPRO by Voice Processing Corporation of Cambridge, M~s~chlleett~
The service provider needs a ~l~t~b~e for each identity it needs to validate. This is done by recoldillg a set of responses corresponding to a set of stimuli. During validation, only a subset of the stimuli will be picked randomly for validating the person's identity. The stimuli would typically (but not neces~rily) be presented in the form of a question. The response should involve a limited set of syllables so as to facilitate the processing of the voice prmt.
The stimuli must call, not only on the person's knowledge but also on the language ability of the person. If a person is fluent, or has certain competence in more than one language, the stimuli should use the person's ability to understand stimuli in the languages he or she understands, and to provide the responses in these languages as well.
The personal stimuli ~l~t~b~ee have to be created by deciding on a set of stimuli for which the person can easily remember the response. Ideal stimuli should appeal to knowledge acquired during user's childhood. For safety reasons, the stimuli should be spoken by a person other than the person which will use the validation system. Then the answers/responses must be recorded as spoken by the target person. Obviously, all stimuli and responses have to be tested thoroughly.
The invention will now be described in more detail, by way of example only, withreference to the accolllp~lyil1g drawings in which:-Figure 1 is a block diagram of customer ~lthentication apparatus in accordance with the invenhon;
Figure 2 illushrates a sample validation hand-~h~king session;
Figure 3 illustrates a typical end-to-end operating environment;
Figure 4 shows the customer ~llth~ntication a~alus as adjunct to a service provider;
Figure 5 shows a customer ~lthentication a~palalus as a front end to a service provider system;
Figure 6 shows a physical embodiment of a customer ~lthentication apparatus; and Figure 7 shows a ~l~t~b~e shucture suitable for use in the customer ~lthentication app~lus.
Referring now to Figure 1, an ~llthentication a~pal~lus 100 is connected to a telephone 5 with a keypad Sa over a telephone line 101, which is connected in the app~lus 100 to a protection and line int~rf~ce circuit 102. This is in turn connected to a codec 103 for digitally encoding or decoding analogue signals arriving from or going to the telephone line 101. The codec 103 is also conn~cteci to the int~rf~(~e circuit 102 and control unit 2.
Control signals pass between the control unit 2 and the circuits 102, 103 over lines 104, 104.
The codec 103 is connected to a DTMF decoder 106, a speech component analyzer 107, a stimulus generator 108, and a greeting and admin message generator 109. These units are all connected to the control unit 2 via line 1 10.
The speech component analyzer 107, stimulus generator 108, and greeting and admin message unit 109 are respectively connected to a comparator 9, customer ~latab~ee 1, and general message ~l~t~b~e 111. The latter units are connecte~l to the control unit by line 112.
Database I stores in digital form a large number of groups of data items, each group being associated with a particular customer. Some of the data items comprise ~ iti7ed representations of the customer speaking selected words, and some represent responses to questions within the personal knowledge of the customer. The knowledge items could, for example, include the maiden name of the customer's mother, the names of any close relatives of the customer or any general knowledge of the customer, perhaps pe~ g to the place where the customer was brought up or went to school. If the customer is f~mili~r with more than one language, knowledge items can be stored in any language f~mili~r to the customer.
On initiation of a call, control unit 2 sends a message, which is the same for all customers, requesting the customer to enter his or her account number through the keypad. This is converted into an audio message in the codec 103. The customer keys in his or her account number through the telephone keypad 5a, and the response signals are decoded by DTMF decoder 106, which passes the results to the control unit 2.
The control unit 2 then randomly selects data items from the database 1 corresponding to the received account number, and passes these data items to the telephone 5 through the codec 103. The customer normally responds verbally although except in the case of mi~m~tçhing data, the customer can also respond through the keypad using DTMF tones.
~.~sllming the customer responds verbally, the response data is passed through codec 103 to the comparator 9, which colllpales the response data with the corresponding stored data in the ~l~t~b~e 1. The control unit 2 then allocates a score to the correct ~e ,~onses and makes a decision according to predefined criteria. The control unit 10 can be designed to require all responses to be correct, although it can allow for some errors depending on the design of the system and the level of security required.
The speech component analyzer 107 checks the voice-print of the customer. This can be in response to a request for the customer to pronounce certain words stored in the customer ~l~taba~e, and/or the answers supplied to the knowledge-based queries. For example, if the system asks for the customer's mother's maiden name, the control unit can verify both that the answer is factually correct and that the answer m~tches the customer's voice-print. This can be done either by using voice-print analysis techniques or by storing a digital l~res~ ion of the customer actually responding to the question.
Figure 2 illustrates a typical banking transaction using app~lus in accordance with the invention. The caller is identified on the left hand side of the figure and the automatic b~nking service on the right. First the caller places a call to the automatic banking service, which in turn responds by requesting the account number, which the caller enters by using the telephone keypad. The account number is transmitted as DTMF tones (although dial pulses can be used) to the automatic banking service which then initi~tes operation of the customer authentication cycle.
A random stimulus is selecte~l from the ~lat~b~e 1, and the customer's response validated.
If the response is valid, the cycle is repeated with a different randomly selected stimulus.
If his response is incol,~ , the system can either repeat the stimulus or note the response as incorrect and move onto the next stimulus. In either case, the validation unit 10 notes the incorrect response.
After a certain number of iterations, the customer is deemed authentic, and the system notifies the customer that he has been authenticated and that he can request a transaction.
The customer then requests the transaction, which is carried out by the automatic balLking service. After the transaction has been carried out, the automatic banking service sends an acknowle~lgment to the customer who can then hang up or request another transaction.
Figure 3 shows a more generic illustration of the invention. In Figure 3 a service provider 20 includes an aumentication app~alus in accordance with the invention. The service provider co~l~n,u~icates over any voice transport system 21, for example a telephone network, to a voice input device 22, which could be a telephone.
Figure 4 shows a customer ~ thentication appa,~lus in accordance with the invention as an adjunct to a service provider. Service provider 30 includes an authentication unit 31 connected to customer dat~b~e 1. The service provider dat~b~e 32 con~ills information that customers desire to access and manipulate. For instance, d~t~h~ce 32 may contain bank accounts and the like. Interaction with the service provider 30 is through the privileged user's unit 33 which is connected to the allth~ntication unit 31. The privileged user's unit co"l",unicates with a call tçrmin~tion and ~ patch unit 34 connected to the telephone line 31. The latter is also connected to a general service provider unit 35, which does not require security.
Figure 5 shows another configuration of the invention where the a~lthentication unit is provided as a front end to a multiple service provider system. Telephone line 21 is connected to call t~ ion and user idçntification and allthPntication unit 40 connected to user's personal knowledge dat~ba~e 1. A calling customer is ~l~thenticaled in the manner described with reference to Figure 2. Once allth~nticated, the customer can be connected to any one ofthe desired service providers 41 each connected to associated d~t~b~e units 40 co.~ -g information desired to be accessed or manipulated by the customer.
Figure 6 shows the physical embodiment of an a~1thçntication unit in accordance with the invention. Telephone line 21 is connected to digital or analog in1Prf~ce and switching unit 50 through switch 56. The latter allows the unit 50 to be ~ltçrn~tively connected to a local input 55 for set-up mode or control purposes. Unit 50 is connected over bus, for example an MVIP or SCSA bus to a digital signal processing unit 51. Interface unit 50 and DSP
unit 51 are connected to another bus, which could be an ISA bus, or an EISA bus, for example 52. Central processing unit 53 and user's personal knowledge storage (l~t~h~e 54 are connected to the bus 52. The implçmentation shown in Figure 6 is a more practical implementation than the one shown in Figure 1, which helps understand the principles of the invention, since it uses modern digital signal proceeeing and bus technology.
In Figure 6, the interface for the voice media connects the voice circuit to the DSP unit when required for voice eign~ re analysis and stimulus-response h~n~leh~ke. A high speed connection is provided between these two resources, and this can be implemente~l using the disclosed MVIP or SCSA bus.
Figure 7 shows the functional org~ni7~ti~n ofthe personal knowledge database 1. Each stimulus SN is associated with a corresponding response RN. The stimulus could be for example a request to speak a word in which case the stored response is a ~iigiti7~cl representation of the customer previously speaking the word. If the stimulus is a question, then the response is the expected answer.
For each new customer, the personal ~l~t~b~ee must of course be established. This can achieved by the customer visiting the service provider premises and providing a series of responses through set-up unit 11, which can, for example, include a telephone h~n-leet The control unit 2 simply requests the new customer to provide answers to a wide range of question and repeat certain selected words. The responses are digitized and stored in the new customer's personal information (1~t~b~ee within the database 1.
It will be observed that the invention thus provides an flllthentication method and appa~alus that offers secure customer validation in a telephone environment. It will be obvious that the skilled person in the art will be able to devise many di~e~ means of implementing the invention without departing from the scope of the invention as defined in the claims.
Claims (13)
1. A method of authenticating a customer wishing to access a service, comprising the steps of:
a) storing digital data in a memory, said digital data representing information associated with each customer;
b) randomly generating a stimulus related to said stored data and presenting said stimulus to a customer wishing to access the service;
c) accepting customer input in response to said stimulus and generating customerresponse data therefrom;
d) comparing said customer response data with said stored data;
e) repeating steps b to d on an iterative basis; and f) validating said customer when said customer response data match said stored data within predefined limits.
a) storing digital data in a memory, said digital data representing information associated with each customer;
b) randomly generating a stimulus related to said stored data and presenting said stimulus to a customer wishing to access the service;
c) accepting customer input in response to said stimulus and generating customerresponse data therefrom;
d) comparing said customer response data with said stored data;
e) repeating steps b to d on an iterative basis; and f) validating said customer when said customer response data match said stored data within predefined limits.
2. A method as claimed in claim 1, wherein said stimulus is presented orally.
3. A method as claimed in claim 2, wherein said stored data include stored representations of spoken sounds and said stimuli include requests to make one or more of said sounds to achieve random voice signature verification.
4. A method as claimed in claim 1 or 3, wherein said stored data include items of information within the personal knowledge of the customer and said stimuli include requests to provide verbal responses to questions related to said items.
5. A method as claimed in claim 3, wherein voice recognition techniques are applied to extract response data from said verbal responses.
6. A method as claimed in claim 4, wherein said items of information are stored as digital representations of the customer's actual responses during set-up, and these are compared with said response data so as to match both content and voice-print in the same operation.
7. Customer authentication apparatus wherein it comprises:
a) a memory for storing digital data representing information items associated with each customer;
b) a selection unit for randomly selecting digital data associated with an information item on an iterative basis, c) transducer means for presenting a stimulus related to said stored data to a customer wishing to access the service;
d) input means for accepting customer input in response to said stimulus and generating customer response data therefrom;
e) a comparator for comparing said customer response data with said stored data;and f) validation means for validating said customer when said customer response data match said stored data within predefined limits.
a) a memory for storing digital data representing information items associated with each customer;
b) a selection unit for randomly selecting digital data associated with an information item on an iterative basis, c) transducer means for presenting a stimulus related to said stored data to a customer wishing to access the service;
d) input means for accepting customer input in response to said stimulus and generating customer response data therefrom;
e) a comparator for comparing said customer response data with said stored data;and f) validation means for validating said customer when said customer response data match said stored data within predefined limits.
8. Customer authentication apparatus as claimed in claim 7, wherein said transducer means comprises a speaker and said input means comprises a microphone.
9. Customer authentication apparatus as claimed in claim 8, wherein some of saidinformation items include representations of preselected sounds recorded by saidcustomer.
10. Customer authentication apparatus as claimed in claim 9, wherein some of said information items include personal knowledge items.
11. Customer authentication apparatus as claimed in claim 8, wherein said transducer means and said input means are provided by a telephone connected to the rest of the apparatus by a telephone line.
12. Customer authentication apparatus as claimed in claim 11, further comprising a voice recognition unit for receiving customer input and generating response datatherefrom.
13. Customer authentication apparatus as claimed in claim 7, wherein said memorystores digital representations of the customer's actual responses to knowledge-based queries, and said customer response data in the form of digital representations of the spoken responses are compared with said stored representations.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US66434896A | 1996-06-17 | 1996-06-17 | |
| US08/664,348 | 1996-06-17 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2207876A1 true CA2207876A1 (en) | 1997-12-17 |
Family
ID=24665632
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002207876A Abandoned CA2207876A1 (en) | 1996-06-17 | 1997-06-17 | Customer authentication apparatus |
Country Status (2)
| Country | Link |
|---|---|
| CA (1) | CA2207876A1 (en) |
| GB (1) | GB2314436A (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2000005869A1 (en) * | 1998-07-20 | 2000-02-03 | Ameritech Corporation | Method and apparatus for speaker verification and electronic monitoring |
| AU5113699A (en) | 1998-07-20 | 2000-02-07 | Ameritech Corporation | Method and apparatus for speaker verification and minimal supervisory reporting |
| GB9824697D0 (en) | 1998-11-11 | 1999-01-06 | Ncr Int Inc | Terminal |
| JP2002312318A (en) * | 2001-04-13 | 2002-10-25 | Nec Corp | Electronic device, the principal certification method and program |
| FR2824208A1 (en) * | 2001-04-26 | 2002-10-31 | Schlumberger Systems & Service | METHOD AND DEVICE FOR ASSIGNING AN AUTHENTICATION CODE |
| US6601762B2 (en) * | 2001-06-15 | 2003-08-05 | Koninklijke Philips Electronics N.V. | Point-of-sale (POS) voice authentication transaction system |
| EP1892674A1 (en) * | 2006-08-23 | 2008-02-27 | Siemens Aktiengesellschaft | Brain pattern based access control system |
| DE102006049658B4 (en) | 2006-10-18 | 2022-01-20 | Steffen Baden | access authorization procedure and system |
| DE102008032890A1 (en) * | 2008-07-14 | 2010-02-11 | Morduchowitsch, W., Dr. med. (GUS) | Method for authenticating person, involves determining person to be authenticated by using standard unit and sensing code, and detecting linguistic articulation of code by person |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2112190B (en) * | 1981-12-23 | 1985-12-18 | Omron Tateisi Electronics Co | Personal identification system |
| US5365574A (en) * | 1990-05-15 | 1994-11-15 | Vcs Industries, Inc. | Telephone network voice recognition and verification using selectively-adjustable signal thresholds |
| US5311594A (en) * | 1993-03-26 | 1994-05-10 | At&T Bell Laboratories | Fraud protection for card transactions |
-
1997
- 1997-06-17 GB GB9712528A patent/GB2314436A/en not_active Withdrawn
- 1997-06-17 CA CA002207876A patent/CA2207876A1/en not_active Abandoned
Also Published As
| Publication number | Publication date |
|---|---|
| GB2314436A (en) | 1997-12-24 |
| GB9712528D0 (en) | 1997-08-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2006306790B2 (en) | System and method of subscription identity authentication utilizing multiple factors | |
| US7383572B2 (en) | Use of public switched telephone network for authentication and authorization in on-line transactions | |
| US8161291B2 (en) | Process and arrangement for authenticating a user of facilities, a service, a database or a data network | |
| US6934858B2 (en) | System and method of using the public switched telephone network in providing authentication or authorization for online transactions | |
| EP0598469A2 (en) | Interactive credit card fraud control process | |
| AU2004315770B2 (en) | Use of public switched telephone network for capturing electronic signatures in on-line transactions | |
| JP2001503156A (en) | Speaker identification method | |
| MXPA97001934A (en) | Method and system for the establishment of an acceptance threshold for controlling fraudulen telephone calls | |
| CA2207876A1 (en) | Customer authentication apparatus | |
| WO2012096901A2 (en) | Natural enrolment process for speaker recognition | |
| WO2006130958A1 (en) | Voice authentication system and methods therefor | |
| US20050240410A1 (en) | Method and system for recognising a spoken identification sequence | |
| EP4002900A1 (en) | Method and device for multi-factor authentication with voice based authentication | |
| CA2509545A1 (en) | Voice authentication system and methods therefor | |
| AU2002318994B2 (en) | Method and system for recognising a spoken identification sequence | |
| WO2018046945A1 (en) | Providing a trusted telephone number | |
| Fogel | A Commercial Implementation of a Free-Speech Speaker Verification System in a Call Center | |
| MXPA06005283A (en) | Use of public switched telephone network for capturing electronic signatures in on-line transactions | |
| AU2002318994A1 (en) | Method and system for recognising a spoken identification sequence |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Dead |