Between cyber criminals and other supposedly legitimate organisations that help themselves to our data, the issue of using biometrics to authenticate users before allowing them to execute transactions has quickly become more important than ever.
Readers of this handbook will note that the use of fingerprint biometrics (as well as hand and vein readers) is growing rapidly, while facial biometrics is also starting to find its home in the commercial world. The problem with biometrics at this point in time is that it requires a person to be present when the biometric is read (Although Facebook is using facial biometrics to supposedly identify people in photographs its members place on the site, one has to ask whether you would rely on this recognition to trust your bank account).
Our current batch of biometric solutions do nothing to help verify a person when they are not on site. When calling a bank or insurance fund’s call centre, when calling your company’s support line because you forgot your password, or when trying to transact online, your fingerprint is pretty useless – who has a bank-certified fingerprint reader at home?
Local voice biometrics expert OneVault is about to change all this. The company specialises in voice biometrics, but specifically remote authentication via phone or computer. Paul Hutton, CEO of OneVault demonstrated the capabilities of the technology to Hi-Tech Security Solutions.
After registering your voice print, which should be done in a manner that accurately authenticates who you are, the user simply calls a call centre and provides an identifier, an identity or member number for example. The number can be typed into the phone after which the user is asked to say the numbers one to nine to authenticate their identity. OneVault’s system recognises the voice patterns and verifies the caller’s identity or denies them access. Once verified, the user and organisation can transact safe in the knowledge that the user is who they claim to be.
Hutton demonstrated a live solution in place at one of the large IT service providers in the country. The company has implemented a system that allows users who have forgotten their password to be sent a new one – all without talking to a support person. The user verifies him/herself as described above, with SMS notifications sent to their cellphone alerting them to the fact that they have logged into the voice system. Once verified, a new password is sent via another SMS and the user can get on with their job without wasting time.
A similar system can be used for banking or for any other remote transaction. Additionally, it’s also possible to allow users to verify their identities over their computer’s microphone. Voice authentication can be extended to offer single sign-on capabilities in the enterprise, or anywhere traditional biometrics is used – with the exception of very noisy environments. Although Hutton says the company has done significant work to reduce background noise and any other noise that may occur over a phone connection.
As with other biometrics, the user’s voice is not stored, but specific features of the voice are encrypted and stored securely. The technology developed by OneVault ensures that using a recording or mimicking someone’s voice will not gain you access to their account. If the user has laryngitis or some severe illness that affects their voice, the system may reject them and refer them to another authentication mechanism.
If the system is unsure that the voice on the other end of the line is yours, it will ask you to repeat a series of random numbers (which an impostor would not be aware of) to further verify your identity via voice print.
OneVault is also pushing the envelope in the hosting arena by offering a hosted authentication service. In this service, OneVault will retain users’ voice prints and offer the authentication service to businesses that need to verify customers’ identities. The hosted consumer version of OneVault will be called SpeaKey. This hosted service will contain the personal information of customers, including the voice prints, identity number as well as FICA and RICA information – or anything the user needs to or is willing to trust to SpeaKey.
When a user wants to identify themselves at a bank, for example, SpeaKey will use OneVault’s technology to verify the user and, with their permission, authorise and transfer FICA information to the bank.
Voice biometrics offers similar capabilities to that commonly offered by fingerprint solutions. The difference is that voice biometrics can authenticate users remotely and it can be done anywhere without any specialised equipment – apart from a phone or a microphone. And with the hosted service, sensitive personal information needs only be registered in one place, from which any number of companies can reliably authenticate their customers.
Bytes partners with OneVault
Bytes Systems Integration has partnered with authentication service provider OneVault and will integrate OneVault’s hosted voice biometric solutions into its solution offerings.
As more transactions are conducted online, companies demand significantly enhanced, multi-level authentication solutions to mitigate risk and reduce fraud. Traditional methods can be time consuming, inconvenient and costly, but voice biometrics offers a secure, convenient and cost-effective solution for remote access and authentication.
“Bytes already has an established customer base for both authentication and identity management solutions and we believe that adding a voice biometric solution to our offering reinforces the breadth and depth of our offering to customers,” says West McMullin, director, Bytes Converged Solutions. “Voice biometrics, as a technology, has evolved and grown significantly across the world over the past couple of years and we believe it has a strategic place in our clients’ customer engagement channels. The partnership with OneVault makes sense and we are looking forward to creating new opportunities with this offering.”
“OneVault is excited about the partnership with Bytes,” says Paul Hutton, CEO, OneVault.
“We believe that voice biometrics is going to change the way companies think about, apply and implement authentication solutions. As Bytes SI is a leading systems integrator to many South African companies, OneVault’s hosted voice biometric solution is a perfect fit and supports Bytes SI’s objective of bringing innovative solutions to their clients.”
For more information, contact Paul Hutton, OneVault, 083 600 4600, paul@onevault.co.za
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version