P A P E R PR E S E N T A T I O N

ON

G.PULLAIAH COLLEGE OF ENGINEERING & TECHNOLOGY,

KURNOOL.

Presented by:
A.V.LAVANYA
(2007-2011)
IIIrd B.Tech
IT
 VOICE AUTHENTICATION
ABSTRACT:
Voice Authentication is a user-
dependant pattern matching system which
uses a person’s voice print to uniquely
identify individuals using Biometric
Speaker Verification Technology. The
speech is processed through a non-contact
method, where it is not required to see or
touch the person to recognize him/her. This
method of biometric voice authentication
is ideally suited for low memory, database
independent applications using smart cards
or other physical devices such as cell
phones. Due to the value of biometric
security for use in fraud prevention, and
the added convenience of knowing a
person is who they claim to be, we believe
speaker verification will be more widely
accepted by the consumer market before
speech recognition.
The popularity of speaker
verification is swiftly growing because
speech easy to obtain without the addition
of dedicated hardware. Improved, robust
speech recognition algorithms and PC
hardware have also brought this one-time
futuristic idea into the present. At Voice
Security Systems, a decade of research and
development has lead everyone to believe
that the explosive speech processing
market is here to stay.
This paper presents the need for
this system, its working, advantages and
the areas of improvement in this swiftly
progressing voice verification system.
Introduction:
Voice ID is a type of user
authentication that uses voice prints and
pattern recognition software to verify a
speaker. An adaptation of biometrics,
voice ID relies on the fact that vocal
characteristics, like finger prints and the
people’s irises are unique for each
individual. The criteria that a voice ID
system bases decisions on are created by
the shape of the speaker's mouth and
throat, rather than more variable
conditions. Because of the relative
permanence of the characteristics it
measures, the technology is not likely to be
fooled by an attempt to disguise a voice,
and is not generally affected by changes
that can make a voice sound quite different
to the human ear, such as a bad cold or
extreme emotion. By verifying an
individual based on her biological
characteristics, she don't have to worry
about stolen PINs or passwords others can
use to impersonate her. This is what makes
biometric security, including voice
verification systems, more reliable than
passwords. Others can't impersonate you.
Although you can get someone's password
or PIN relatively easily, it is next to
impossible to steal someone's biometric
identity.
Voice Authentication:
Voice authentication captures a
person's voice—the physical
characteristics of the vocal tract and its
harmonic and resonant frequencies—and
compares it to a stored voiceprint created
during an enrollment process. The
technology is generating interest for use in
secure applications that involve repeatable
actions and where large numbers of people
need to be authenticated. These include
systems that handle remote network and
system access, password reset, time and
attendance records and inmate verification,
in vertical sectors such as law
enforcement, financial services and health
care.
Need for Voice Authentication:
Identify theft and fraud:
Over the past 10 years there has been a
dramatic increase in the use of call centres
and the internet as channels to market. This
has been matched by massive growth in
identity theft and fraud. Identity theft is
recognised as one of the fastest growing
types of fraud. A report published by the
Federal Trade Commission (FTC)
estimated that in 2003 around 10 million
Americans discovered they were victims of
identity theft. The total cost of this fraud
was estimated at over $50billion.
Tackling these risks has never been more
important to protect your business and
retain customer confidence in phone and
internet channels to market.
· Caller Authentication verifies the
true identity of callers through
their voice, rather than easily lost
or stolen passwords or PINS.
· Payment Verification adds ‘speak
on the dotted line’ digital
signatures to credit or debit card
payments over the phone or we b.
· Web Authentication dramatically
improves the security of your we b
services
· To protect confidential client
information and fighting identity
theft.
· To reduce cost of help desks and
customer contact centres.
· Fights fraud by digitally signing
customer bets in gaming.
Why Voice????
Speaking is natural and effortless. But your
voice is something that is unique to you.
No two voices are exactly the same. Voice
differs from other forms of biometric
verification such as fingerprints or iris
scans. It requires no special equipment. It
works over any phone, anywhere,
including the internet. Voice verification
integrates seamlessly with established IVR
and call centre systems improving work
flow and reducing call handing costs. It's
natural to use one's voice and widely
accepted, and it's the only biometric that
provides remote authentication.
Unlike PINS or passwords your voice
cannot be stolen or lost - making voice
verification a viable and efficient way of
combating growing levels of fraud.
Voice verification helps drive up the
quality of service delivered to clients by
reducing or even removing the dependency
on remembering an array of passwords,
PINS, or other information.

Enrolment and Verification:
Step1: User enrolment
1. The customer enters his account
or ID no., and then the system
prompts him to speak a pass
phrase (typically either a chore
password or a series of digits)
three times.
2. The speech analysis system
applies a mathematical algorithm
to the input to create a unique
voice print. Having the user
repeat the pass phrase enables
the system to account for
variances.
3. The voice print is stored in a
speaker register database.
Step2: User Authentication
1. The user enters or speaks his
account ID and s peaks the pass
phrase.
2. The voice authentication system
stores the input and compares it
to the voice print in the speaker
registry database.
3. If the voice matches, he/she is
granted access, otherwise he/she
is rejected.
Working of the speech analysis
system:
The Voice Verification System
implemented in this project is a speaker
dependent, pattern-matching system.
During pattern- matching operations, the
unit takes in a speakers voice, compares
the waveform to that of the template and
decides whether or not the input passes a
threshold level. The implementation of
this system can be divided into two halves:
the front-end and the back-end.
The front-end consists of three
main parts: The Average Magnitude
calculation modules, the Ze ro-Crossing
calculation modules and the speech
location determination modules.
The input speech waveform is first taken in
by a microphone and converted to digital
format by an Analog-to-Digital Converter.
The eight-bit data is then processed to
find the average magnitude and zero-
crossing rate, which are stored in two
separate SRAMS. There are three
threshold values used: the upper and lower
magnitude thresholds, ITU and ITL,
respectively, and the zero-crossing rate
threshold IZCT. Therefore the endpoints to
the location of the speech are determined
three times for high accuracy and high
sensitivity.
The back end consists of a
waveform warping module and a
pattern-recognition module. The back-
end functions as a memory and storage
database, as well as a decision
Unit that implements an algorithm to
pattern match the template waveform
(speaker’s voice) to that of the input
waveform.
Two factor authentication:
Voice authentication does well
when combined with a backup process,
and that's where speech recognition comes
in. This is referred to as Two factor
authentication. As for security concerns,
voice authentication applications typically
use two- factor authentication, where a user
provides something that shows who they
are—their voice—along with something
they know, such as a password or an
account number. In these cases, voice
authentication is combined with speech
recognition to identify what the speaker is
saying.
Need for two factor authentication:
'Two factor authentication' models are
generally more secure. In some sectors the
two factor model is now the standard. An
example of this is internet banking in the
USA. In 2005 US financial services
regulator, The Federal Financial Institution
Examination Council, said that
· Single-factor authentication
methodologies may not provide
sufficient protection for Internet-
based financial services.
· The FFIEC agencies consider
single-factor authentication,
when used as the only control
mechanism, to be inadequate for
high-risk transactions involving
access to custome r information
or the movement of funds to
other parties.
Benefits of two factor authentication:
· Voice verification is the only
biometric ('something you are')
that will work over the phone or
we b - without the need for any
special equipment.
· Voice verification is more cost
effective than distributing PIN
key fobs, hardware tokens etc
that can be easily lost, stolen, or
simply not at hand when your
customer wants to contact you.
· Voice verification is natural and
effortless. It enables
organisations to offer a better
customer experience and highe r
levels of security.
Web Authentication:
Security internet and other remote
access services has never been more
difficult or important. Passwords can be
easily stolen and provide only a low level
of security. Digital certificates only verify
the actual computer accessing your service,
not necessarily the person at the keyboard.
Web authentication delivers the ultra high
level of website access security and
identifies protection required to protect
confidential information and transactions.
It is easy too and more convenient for end
users than constantly carrying smart cards
or tokens, which can be easily stolen.
Instead all that is required is access to a
phone and a short phone call which can
last less than 30 seconds.
Working:
The user accesses the website
login page.
· The website automatically
generates a unique session
code which is displayed on
the user screen, together
with a phone number.
· The user calls the voice
system and is asked to
speak their ID and session
code. The user’s identity is
voice verified.
· Voice verification system
sends the session code and
verified user ID to the
we bsite server. The
we bsite server generates a
‘use once’ pass code which
is sent back to Voice
verification system.
· Voice verification system’s
text to speech engine
converts the pass code into
words spoken back to the
user.
· The user enters the use
once pass code into the
we bsite login page to
complete the process.
Key Benefits of Web Authentication:
1. Verifies the actual
person accessing
your we b service.
2. At no stage does
the user need to
enter a user ID or a
password into the
browser,
preventing theft by
keystroke
recording.
3. A pass code can be
issued by a valid
session code
generated by the
customer’s website.
If the user has been
‘phished‘ and
directed to a third
party site the
session code
displayed can’t be
used to obtain a
pass code from the
customer’s system.
4. Sophisticated
identity
 verification process deal of their costly time resetting.
defeats impostors. Furthermore, the delay between the request
5. A user’s spoken and receipt of the new password represents
words can digitally lost employee productivity.
sign the pass code, Voice authentication shifts the
thereby legally burden of resetting passwords from help
associating it with desk/security staff to self-service
the user. automated systems. It supplies the security
6. Unlike traditional needed to authenticate the caller,
passwords, pass dramatically reduces the cost of resetting
codes can time out passwords, and virtually eliminates
if not used within a employee downtime. A password reset
short period of deployment is also a good way to assess
time. the rates of biometric false rejection and
false acceptance errors and techniques for
minimizing those errors, such as
Threshold setting, challenge-response, and
caller/device ID.

Benefits of password reset by voice

Password Reset:
Password Reset is a fully
automated voice verified service that
enables employees, agents or clients to
reset their own passwords, anytime,
anywhere over the phone. IDs and
passwords, by themselves, provide little
protection against attack. Yet we continue
to rely on them because they are the
foundation upon which much of our
security is built.
In an effort to make passwords
more resistant to attack, security
departments now require that passwords be
changed frequently and the passwords,
themselves are becoming increasingly
longer and difficult to remember. This
increasing spiral of password complexity
has given birth to the password-reset
industry. In many organizations, requests
to reset expired, forgotten, and
compromised passwords account for one
quarter or more of all calls to the corporate
help desk. This means highly- trained,
expensive technicians are spending a great
authentication:
· Password only issued to true
recipient
· Helpdesk staff not required to have
access to passwords or confidential
caller information.
· Facilitates ‘Strong Password
Policy’.
· Enforces password security
Miconceptions about voice
authentication:
There are a number of misconceptions about
voice authentication that stand in the way of
successful deployments of the technology.
Misconception: Voice authentication is the
same as speech recognition.
This is a very dangerous misconception but
not a surprising one given that Voice
Authentication is often marketed in
conjunction with speech recognition. Both
analyze and extract information from the
stream of speech but Speech recognition
analyzes the words and phrases a person is
saying. In other words, it recognizes what a
person is saying. It has no interest in
determining who is speaking. In fact, most
speech-recognition systems try to remove
information that distinguishes one person
from another in favor of “speaker
independent” recognition of words and
phrases. Voice authentication captures and
analyzes information for the purpose of
determining whether the speaker is who
she/he claims to be. It has no interest in
determining what the person says except, in
some cases, to ensure that the person is
saying what the system expects to hear.
Misconception: Voice authentication is
behavioral and, therefore, changeable but
fingerprint, iris, face recognition, and
similar biometrics are unchanging and,
therefore, more reliable.
enrolment process. SRI International and
MIT are working on that problem.
Nuance has continued that work,
using speaker model synthesis to develop a
machine learning algorithm that identifies
what has changed in a voice template
based on changes in the equipment used,
creating a transform template for each kind
of equipment used.
Model adaptation is a key to
improving accuracy. Here the parameters
of the voice print are adjusted based on
slight changes in a person’s voice, making
a template more accurate over time.
Some people can use a system all
the time and its stable, but some people
have more natural variants, even though its
subconscious. Some caution has to be
applied because a model will adapt if an
impersonator with a high enough match
score got through.

All biometrics are both behavioral and

physical. Voice authentication systems are
physical because most of their analysis is
based on the size and shape of a person’s
vocal tract (vocal cords, throat, mouth, and
nose). Voice authentication uses very little
Information related to an individual’s dialect
or style of speech.

Voice Concerns:
In accuracy tests in lab settings,
voice authentication systems compare well
with other biometric systems. In real world
use, however, they have to deal with
behavior and environmental factors such as
background noises or changes in user
voices.
One of the biggest challenges stems
from cross channel issues – when a person
uses a different type of phone to
authenticate than the one he used during