Automatic Speaker Verification (ASV) System Can Slash Helpdesk Costs



Similar documents
Using Dialogic Boards to Enhance Voice Mail/Messaging Applications. Application Note

The Essentials Series: Enterprise Identity and Access Management. Authentication. sponsored by. by Richard Siddaway

Measuring Performance in a Biometrics Based Multi-Factor Authentication Dialog. A Nuance Education Paper

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

The Cross-Media Contact Center

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

VoiceSign TM Solution. Voice Signature Overview

CA SiteMinder SSO Agents for ERP Systems

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

RSA SecurID Two-factor Authentication

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

Getting the Most From. Your Help Desk

Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions

Extranet Access Management Web Access Control for New Business Services

Managing Wireless Clients with the Administrator Tool. Intel PROSet/Wireless Software 10.1

Application Note. Using Dialogic Boards to Enhance Interactive Voice Response Applications

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

Defender Delegated Administration. User Guide

ARMORVOX IMPOSTORMAPS HOW TO BUILD AN EFFECTIVE VOICE BIOMETRIC SOLUTION IN THREE EASY STEPS

Version 8.2. Tivoli Endpoint Manager for Asset Discovery User's Guide

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

Provide access control with innovative solutions from IBM.

Application Note. Gemalto s SA Server and OpenLDAP

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Administration Guide. Wireless software upgrades

Hitachi ID Password Manager Telephony Integration

Speaker Identification and Verification (SIV) Introduction and Best Practices Document

Tivoli Endpoint Manager for Security and Compliance Analytics. Setup Guide

Strong Authentication for Secure VPN Access

Voice Authentication for ATM Security

Active Directory Synchronization with Lotus ADSync

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

Improving Security and Productivity through Federation and Single Sign-on

A brief on Two-Factor Authentication

Intel Identity Protection Technology (IPT)

IBM Security SiteProtector System Migration Utility Guide

OVERVIEW. DIGIPASS Authentication for Office 365

Global Headquarters: 5 Speen Street Framingham, MA USA P F

WHITE PAPER Usher Mobile Identity Platform

Application Note Gemalto Access Client for windows smart card and EFS on Microsoft Windows Vista

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

Enhancing Password Management by Adding Security, Flexibility, and Agility IBM Redbooks Solution Guide

IBM Systems Director Navigator for i5/os New Web console for i5, Fast, Easy, Ready

ORACLE FINANCIAL SERVICES ANALYTICAL APPLICATIONS INFRASTRUCTURE

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Interstage Application Server V7.0 Single Sign-on Operator's Guide

Installing and Configuring DB2 10, WebSphere Application Server v8 & Maximo Asset Management

NETWRIX IDENTITY MANAGEMENT SUITE

The Intel NetStructure SIU520 Signaling Interface

PEOPLESOFT HELPDESK FOR HUMAN RESOURCES

IDGo 800 Minidriver for Windows. User Guide

Overcoming Security Challenges to Virtualize Internet-facing Applications

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

identity management in Linux and UNIX environments

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

An Oracle White Paper December Implementing Enterprise Single Sign-On in an Identity Management System

Requesting Access to IBM Director Agent on Windows Planning / Implementation

MBAM Self-Help Portals

System Security Policy Management: Advanced Audit Tasks

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

Using Voice Biometrics in the Call Center. Best Practices for Authentication and Anti-Fraud Technology Deployment

etoken TMS (Token Management System) Frequently Asked Questions

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

White paper December Addressing single sign-on inside, outside, and between organizations

CA Arcot RiskFort. Overview. Benefits

Application Note. Atmel CryptoAuthentication Product Uses. Atmel ATSHA204. Abstract. Overview

Two-Factor Authentication

Biometrics is the use of physiological and/or behavioral characteristics to recognize or verify the identity of individuals through automated means.

Intel Processors in Industrial Control and Automation Applications Top-to-bottom processing solutions from the enterprise to the factory floor

Telephony Fundamentals

Installing the BlackBerry Enterprise Server Management Software on an administrator or remote computer

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

Configuring IBM Cognos Controller 8 to use Single Sign- On

ios Team Administration Guide (Legacy)

Administrators Help Manual

IP Contact Center: Realize the Full Business Potential of IP Contact Centers

Enterprise Data Protection

Intel Embedded Virtualization Manager

SafeNet Cisco AnyConnect Client. Configuration Guide

Two-Factor Authentication

Netop Remote Control Security Server

Installing on Windows

Cisco and IBM: Enhancing the Way People Work Through Unified Communications

BlackBerry Enterprise Server. BlackBerry Administration Service Roles and Permissions Version: 5.0 Service Pack: 4.

BlackBerry Enterprise Solution and RSA SecurID

customer care solutions

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

MITEL Communications Platform

SafeNet Authentication Service

Voice Authentication On-Demand: Your Voice as Your Key

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Transcription:

Solutions White Paper Automatic Speaker Verification (ASV) System Can Slash Helpdesk Costs Table of Contents Executive Summary............................. 1 Business Challenge............................. 1 SentryCom Enterprise Voice Authentication Platform*................................... 2 Technologies................................... 2 Summary..................................... 4 Definitions and Acronyms....................... 4 For More Information........................... 4 References.................................... 4 Executive Summary In most enterprises, computer users must call the helpdesk every time they need to reset their domain access passwords something users do so often, it can end up costing a company with 10,000 computer users more than $1.5 million per year in helpdesk services. Automatic speaker verification (ASV) technology from Israeli company SentryCom Ltd. based on open, standards-based, modular platforms from Intel allows users to change their own domain passwords without compromising security, enabling enterprises to dedicate their expensive helpdesk resources to more important tasks. The system can also be used to record time/attendance for the extended enterprise (for example, for mobile or remote employees working away from the office) and for secure corporate portal access from any PC using any wireless or wireline telephone. Business Challenge When an enterprise employee calls the helpdesk for a simple domain access password reset, a helpdesk employee normally has the caller answer a predetermined security question such as What is your mother s maiden name? to verify the employee s identity. This process is inconvenient and time-consuming. It is also basically insecure, since it relies on human accuracy. SentryCom Ltd. is a General Member of the Intel Communications Alliance: a community of communications and embedded developers and solution providers. Most importantly, having employees call the helpdesk for simple password resets is extraordinarily expensive. META Group estimates that an average computer user calls the company helpdesk 21 times a year. [Meta] On average, 30% of helpdesk calls are for password resets, with an average cost of $25 per reset. [ComputerWorld] For a company with 10,000 users, that adds up to $1,575,000 per year just for password resets.

Replacing this awkward and expensive process with a selfservice system is the obvious solution. It would also save the enterprise even more helpdesk time and money if the system could automatically: Log time/attendance for roaming employees using a phone within the extended enterprise. Enable employees to gain secure Web access from any PC using a phone within the extended enterprise. Allow employees to use a single sign-on to access multiple domains using a phone. But it is challenging to find a system that can let employees perform all these functions quickly and easily and without compromising the enterprise s security or changing its infrastructure. SentryCom Enterprise Voice Authentication Platform The solution to these challenges is automatic speaker verification (ASV) technology, which verifies the caller s identity using biometric matching of voiceprints. Biometrics is the automated use of physiological or behavioral characteristics to determine or verify identity. Biometric voice recognition technology uses the distinctive aspects of the voice to verify the identity of individuals. This voice recognition technology differs from speech recognition, a technology that translates what a user is saying (a process unrelated to authentication). ASV technology verifies the identity of the individual who is speaking. The ASV speaker verification process is fast, convenient, and secure. It does not force the employee to use expensive helpdesk resources for activities such as simple password changes. Also, it does not require the enterprise to change its infrastructure or the employees to change their habits. SentryCom, based in Haifa, Israel, used ASV technology to develop its Enterprise Voice Authentication Platform* (EVAP*), which uses a simple challenge-response user interface to prevent recorded playback of the person s voice by asking the caller to say quasi-random pairs of letters or digits for example, twenty-six, forty-one or ninety-three, sixty-four. This helps to eliminate fraudulent access. Technologies The voice authentication engine is a key building block of EVAP, which integrates with Web and contact center applications to provide for secure and cost-efficient remote access. It is designed to increase and enhance security while improving end users privacy and confidence. In developing EVAP, SentryCom used a patented authentication technology to address the known difficulties of voice authentication, including: False rejection rate (FRR) False acceptance rate (FAR) Noise tolerance Voice variability over time Immunity to impostor playback attacks and mimics Speakers with colds or other voice-altering conditions Long enrollment sessions A decision-making algorithm elps to solve the traditional weaknesses of voice authentication systems, reducing error rates (both FAR and FRR) without compromising the system s robustness. The authentication engine uses a text-dependent and language-independent interface as well as real-time, random, digit-pairs prompting to detect a live user and to prevent voice playback attack. Data extracted from the user s voiceprint which can be captured from PC microphones, telephones, and cellular phones is passed on to the authentication engine. As the user speaks, the shape of his or her vocal tract changes. The different shapes that the speaker s vocal tract assumes contribute to voiceprint personalization. When the speaker is prompted to talk, the voice authentication technology extracts the speaker s voiceprint and matches it with claimed Identity. If there is a good fit, then the speaker is accepted into the system and can proceed to use the application to which he or she has requested access. The system is not affected by nasalization that occurs when the speaker has a cold, or by speakers with speech impediments, as long as the user is able to speak consistently between registration and authentication. It can also identify mimics, who largely 2

New Permanent Password Mainframe UNIX IBM OS Windows NT*/2000 LDAP Password Reset Legacy Application UserID, OTP SQL Database SentryCom is Using 4 Lines of Intel Dialogic D/41JCT-LS Telephony Board on PC SentryCom Java Consumer Server UserIDs, OTP, DateTime Caller ID, PIN, VoicePrint Return OTP SentryCom Telephony Server User ID Customer Service Send CallerID, PIN, VoicePrint, Then Get Authentication Result And OTP Flash Phonecall to Help Desk If Authentication Failed If TRUE User, Then Send UserID, OTP, DateTime Adminstrator Console Admin Tools and Viewers Get VoicePrints, Then Store Authentication Result and OTP OTP OTP Server SentryCom Authenication Server SentryCom SQL Database Server Figure 1. Solution Architecture rely upon mannerisms, rhythm, and intonation to impersonate someone s voice. Since the voice authentication technology is based on short-term vocal tract shape, it is not fooled by mimics, which are rejected by the system. The system also protect against tape recorded attacks, since the voice authentication solution is text-dependent and uses real time, random prompting. The speaker is prompted to repeat specific, randomly-generated digits correctly and within a certain time limit, which is virtually impossible using a tape recording. The interactive voice response (IVR) component of the platform allows for multiple applications within the extended enterprise: Self-serving password reset Time/attendance Web access Single sign-on (SSO) Implementing ASV technology in the enterprise environment 3

requires a flexible, cost-effective IVR platform. SentryCom choose to develop its IVR platform around the Intel Dialogic D/41JCT-LS Combined Media Board. A four-port system provides sufficient concurrency for most enterprise needs. The four-port, analog D/41JCT-LS Combined Media Board is an ideal choice for developing global, enterprise applications such as IVR, unified messaging, and contact center applications. It supports voice, fax, and software-based speech recognition processing in a single PCI slot, providing four analog telephone interface circuits for direct connection to analog loop start lines. With a variety of international approvals, the D/41JCT-LS board cost effectively expands an application s ability to serve several global market segments. The SentryCom IVR solution is implemented in both English and Hebrew. The authentication software runs on servers using Intel processors and the Windows* operating system. The middleware for the solution is Intel NetMerge CT Application Development Environment, which helps speed development of IVR applications. This set of program building blocks is specifically designed to deliver the innovative features of Intel telecommunications technologies in forms that are easier to use and quicker to learn than conventional hardware interfaces. It eliminates the need to learn telephony hardware, application programming interfaces, and protocols. This software reduces the need to write directly to a telephony device s in C or C++. Summary The EVAP solution from SentryCom Ltd., based on open, standards-based, modular platforms from Intel, allows users to change their own domain passwords without compromising security, enabling enterprises to dedicate their expensive helpdesk resources to more important tasks. The system can also be used to record time/attendance for the extended enterprise (for example, for mobile or remote employees working away from the office) and for secure corporate portal access from any PC using any wireless or wireline telephone. which has successfully tested it for enterprise password reset. The Israeli Ministry of Trade and Commerce Chief Scientist Office approved the use of the system for time/attendance reporting. It is currently being evaluated by financial institutions in Israel, the U.S., and Denmark. Definitions and Acronyms Application programming interface ASV Automatic speaker verification CT Computer telephony EVAP Enterprise Voice Authentication Platform FAR False acceptance rate FRR False rejection rate IVR Interactive voice response PCI Peripheral Component Interface SSO Single sign-on For More Information SentryCom Ltd. http://www.sentry-com.co.il Intel Dialogic D/41JCT-LS Combined Media Board Data Sheet http://www.intel.com/network/csp/products/ 6925web.htm Intel NetMerge CT Application Development Environment Data Sheets http://www.intel.com/network/csp/ products/7445web.htm References [Meta] The Value of Identity Management: How Securing Identity Management Provides Value to the Enterprise, Meta Group, 2002. [ComputerWorld] Want to Save Some Money? Automate Password Resets, ComputerWorld, July 9, 2001. EVAP has been successfully tested for Web access with AnalystOnline, an Israeli financial portal, and with the Israeli Standards Institute National Biometrics Knowledge Center. It is also in use with a multi-national company based in the UK, 4

FOR MORE INFORMATION Please contact your local Intel representative or visit our websites at: www.intel.com/telecom/go This document and related materials and information are provided as is with no warranties, express or implied, including but not limited to any implied warranty of merchantability, fitness for a particular purpose, non-infringement of intellectual property rights, or any warranty otherwise arising out of any proposal, specification, or sample. Intel assumes no responsibility for any errors contained in this document and has no liabilities or obligations for any damages arising from or in connection with the use of this document. This whitepaper is for informational purposes only, and may contain typographical errors and technical inaccuracies. The content is provided as is, without express or implied warranties of any kind. Intel, Intel NetMerge, Pentium, Intel Centrino, the Intel logo are trademarks or registered trademarks of Intel Corporation and its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others. Copyright 2004 Intel Corporation. All rights reserved. 00-9175-001 09/04 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information