EP2153366A2 - Procédé et dispositif de commande d'accès d'utilisateur à un service mis à disposition sur un réseau de communication de données - Google Patents

Procédé et dispositif de commande d'accès d'utilisateur à un service mis à disposition sur un réseau de communication de données

Info

Publication number
EP2153366A2
EP2153366A2 EP08718160A EP08718160A EP2153366A2 EP 2153366 A2 EP2153366 A2 EP 2153366A2 EP 08718160 A EP08718160 A EP 08718160A EP 08718160 A EP08718160 A EP 08718160A EP 2153366 A2 EP2153366 A2 EP 2153366A2
Authority
EP
European Patent Office
Prior art keywords
user
terminal
voice
access
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP08718160A
Other languages
German (de)
English (en)
Inventor
Raja Kuppuswamy
Marc Mumm
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
VOICETRUST GMBH
Original Assignee
Voicetrust Mobile Commerce Ip Sarl
VOICE TRUST MOBILE COMMERCE IP SARL
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Voicetrust Mobile Commerce Ip Sarl, VOICE TRUST MOBILE COMMERCE IP SARL filed Critical Voicetrust Mobile Commerce Ip Sarl
Publication of EP2153366A2 publication Critical patent/EP2153366A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/38Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/487Arrangements for providing information services, e.g. recorded voice services or time announcements
    • H04M3/493Interactive information services, e.g. directory enquiries ; Arrangements therefor, e.g. interactive voice response [IVR] systems or voice portals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2201/00Electronic components, circuits, software, systems or apparatus used in telephone systems
    • H04M2201/41Electronic components, circuits, software, systems or apparatus used in telephone systems using speaker recognition

Definitions

  • This invention relates to methods and apparatus for controlling user access to a service provided in a data network.
  • knowledge-based type authentication means are employed to meet the security requirements.
  • password-based or PIN-based identification / authentication processes have been known and generally used for decades.
  • additional security measures such as the provision and mandatory use of individual transaction codes or TANs, are known and widely used.
  • Even such additional security-enhancing operations are knowledge-based and therefore suffer from the typical disadvantages of all knowledge-based systems, i. on the one hand, problems associated with the loss of relevant information by the authorized user and, on the other hand, risks resulting from the access of such information by an unauthorized user.
  • voice-based authentication solutions as a special type of biomedium-based identifications / authentication have already been introduced by companies to supplement their internal knowledge-based access control mechanisms.
  • the invention provides a method which comprises:
  • the invention proposes that a special client be installed on the user's computer using voice biometrics to authenticate the user.
  • the client securely ensures the identity of the user without requiring the user to keep multiple complex passwords and without the risk of becoming a victim of fraudulent attacks.
  • the method may serve as a "two-factor authentication” to increase the level of security and to support existing conventional authentication methods such as password or PIN-based methods Serve yourself as a secure "two-factor authentication” based on voice recognition and voice authentication, without the need to use it passwords or PINs or additional hardware.
  • both embodiments aim at existing market segments and may result in cost savings and user manageability.
  • the process provides a significant benefit to all involved parties involved in critical transactions and data access operations.
  • no additional hardware or software is required on the user side.
  • User acceptance is expected to be high as the process is easy to use and safe.
  • the provider side is concerned, hardware-intensive toggling of tokens and smartcards is not required and a fast and easy centralized security administration is possible.
  • the easily achievable scalability makes the method an ideal solution for mass market online access applications in many fields. It is basically suitable for any client-server and peer-to-peer based transactions.
  • method steps (a) to (d) are performed substantially at the user terminal, and the access control signal is transmitted over the data network to a server of the service.
  • step (b) the preprocessed voice sample or the voice profile is transmitted via the data network to a voice authentication server
  • the second processing step (c) is carried out on the authentication server and the authentication server transmits the access control signal to a server of the service.
  • a second authentication procedure is performed and the access control signal is generated in response to corresponding output signals of the first and second authentication procedures.
  • the second authentication procedure here is password-based or user-ID-based. More specifically, as one embodiment, the one mentioned above "Two-factor authentication" preprocessed by the user a password or a user ID with the means of speech recognition.
  • the data network is a network based on the Internet protocol, and the client in the user terminal has a SIP call origination client. More specifically, the SIP chent is combined with an Interactive Connectivity Establishment (ICE) element or an Application Layer Gateway (ALG) to provide network address translation means.
  • ICE Interactive Connectivity Establishment
  • ALG Application Layer Gateway
  • an LJRI is associated with the user terminal for establishing the VoIP session, and the URI is used to address the authentication server.
  • the data network is a mobile radio network, and a mobile terminal is used as the user data terminal.
  • the real-time transport protocol is used for voice data transmission to the authentication server.
  • the client has a STUN client on the user terminal, although according to the current state of knowledge such a client may have certain disadvantages in comparison to the SIP chent.
  • the first processing step (b) comprises voice quota processing and / or voice quality improvement steps. Such steps as such are known in the art.
  • the device has additional authentication means which provide an output which is input to the access control signal generating means to be processed together with the output of the comparator means. More specifically, the second authentication means are substantially implemented in the user terminal or distributed over the user terminal and the authentication server.
  • the first or second processing means comprise speech quality processing means and / or speech quality enhancement means.
  • the additional authentication means comprise speech recognition means for recognizing a password or a user idea based on a speech input by the user.
  • Fig. 1 is a simplified block diagram of an embodiment of the overall configuration according to the invention
  • Fig. 2 shows a SIP client architecture according to an embodiment of the invention
  • FIG. 3 shows a SIP server architecture according to a further preferred embodiment of the invention.
  • the arrangement for carrying out the invention comprises a notebook (user terminal) 1, to which a headset 3 is connected, a provider server (“XY server”) 5 and an authentication server I 1 which are both connected via a data network 9 to the notebook 1.
  • a notebook user terminal
  • XY server provider server
  • I 1 authentication server
  • a user wants to gain access to an account at the provider XY by entering his user ID (and password) and pressing a "Cali Me” button that appears on a screen of his notebook
  • a soft token is activated on the user terminal and, in a step S3, calls the user.
  • the user provides some voice samples to verify his identity using a voice-based authentication method (known as such), and in step S4 the voice samples are transmitted to the authentication server 7.
  • the authentication server compares the current sample of the voice profile with a stored one
  • “Voiceprinting” that is, a voice profiling of the user that was previously obtained during an enrollment process and stored in a database of the authentication server, has been successfully completed if the second authentication step (voice profile comparison) has been successful
  • the requested access to the user account is granted via the XY server 5 in a last step S7.
  • Fig. 2 shows schematically those functional components of a user terminal in a SIP client architecture, which are related to the implementation of an embodiment of the invention.
  • the user terminal 1 has various interfaces, ie a microphone interface 1.1 and a loudspeaker interface 1.2 on the one hand and a network output interface 1.3 and a network input interface 1.4 on the other hand.
  • voice quality processing means 1.5, voice quality improving means 1.6 and voice ID authentication means 1.7 are connected, the corresponding internal structure being shown in the figure.
  • FIG. 3 the main components of an authentication server are shown in an architecture that serves the central implementation of voice verification on the central server.
  • the client (implemented in the user terminal) only serves to handle the call.
  • the architecture of the server 7 shown in FIG. 3 comprises a network output interface 7.1 and a network input interface 7.3 as well as encryption / decryption means 7.3, speech quality improvement means 7.4 and voice ID authentication means 7.5, the respective internal structure can be taken from the figure.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne un procédé de commande d'accès d'utilisateur à un service mis à disposition sur un réseau de communication de données, lequel procédé permet de protéger des données d'utilisateur enregistrées dans une base de données du service contre un accès non autorisé. Ce procédé consiste à entrer un échantillon vocal de l'utilisateur dans le cadre d'une session VoIP au niveau d'un terminal de données d'utilisateur qui est raccordé au moins temporairement au réseau de communication de données, à traiter cet échantillon vocal de l'utilisateur dans une première étape de traitement, au moyen d'un client spécialisé qui est mis en oeuvre dans le terminal de données d'utilisateur, afin d'obtenir un échantillon vocal prétraité ou un profil vocal présent de l'utilisateur, à traiter à nouveau l'échantillon vocal prétraité ou le profil vocal présent dans une seconde étape de traitement, à comparer le profil vocal présent à un profil vocal initial enregistré dans une base de données, puis à délivrer un signal de commande d'accès afin d'autoriser ou de refuser l'accès au service, en fonction du résultat de la comparaison.
EP08718160A 2007-03-26 2008-03-25 Procédé et dispositif de commande d'accès d'utilisateur à un service mis à disposition sur un réseau de communication de données Withdrawn EP2153366A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE200710014885 DE102007014885B4 (de) 2007-03-26 2007-03-26 Verfahren und Vorrichtung zur Steuerung eines Nutzerzugriffs auf einen in einem Datennetz bereitgestellten Dienst
PCT/EP2008/053468 WO2008116858A2 (fr) 2007-03-26 2008-03-25 Procédé et dispositif de commande d'accès d'utilisateur à un service mis à disposition sur un réseau de communication de données

Publications (1)

Publication Number Publication Date
EP2153366A2 true EP2153366A2 (fr) 2010-02-17

Family

ID=39719406

Family Applications (1)

Application Number Title Priority Date Filing Date
EP08718160A Withdrawn EP2153366A2 (fr) 2007-03-26 2008-03-25 Procédé et dispositif de commande d'accès d'utilisateur à un service mis à disposition sur un réseau de communication de données

Country Status (4)

Country Link
US (1) US9014176B2 (fr)
EP (1) EP2153366A2 (fr)
DE (1) DE102007014885B4 (fr)
WO (1) WO2008116858A2 (fr)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102007003597A1 (de) * 2007-01-24 2008-07-31 Voice Trust Ag Verfahren und Anordnung zur Erzeugung eines signierten Text- und/oder Bilddokuments
EP2359562B1 (fr) * 2008-09-15 2019-12-18 Unify Inc. Système de télécommunications numériques, progiciel et procédé de gestion d'un tel système
DE102008058883B4 (de) 2008-11-26 2023-07-27 Lumenvox Corporation Verfahren und Anordnung zur Steuerung eines Nutzerzugriffs
WO2011101576A1 (fr) * 2010-02-16 2011-08-25 France Telecom Gestion d'acces a un service dans un reseau
DE102011054449B4 (de) 2011-10-13 2021-04-01 Andreas Göke Selbstlernende personallose biometrische Zutrittskontrolle
US8903360B2 (en) * 2012-05-17 2014-12-02 International Business Machines Corporation Mobile device validation
US20140343943A1 (en) * 2013-05-14 2014-11-20 Saudi Arabian Oil Company Systems, Computer Medium and Computer-Implemented Methods for Authenticating Users Using Voice Streams
US9594890B2 (en) * 2013-09-25 2017-03-14 Intel Corporation Identity-based content access control
US8990121B1 (en) 2014-05-08 2015-03-24 Square, Inc. Establishment of a secure session between a card reader and a mobile device
US11593780B1 (en) 2015-12-10 2023-02-28 Block, Inc. Creation and validation of a secure list of security certificates
LU93150B1 (en) * 2016-07-13 2018-03-05 Luxtrust S A Method for providing secure digital signatures
US9940612B1 (en) * 2016-09-30 2018-04-10 Square, Inc. Fraud detection in portable payment readers
KR102588498B1 (ko) 2016-11-07 2023-10-12 삼성전자주식회사 통신 시스템에서 발신자를 인증하기 위한 장치 및 방법
KR102513297B1 (ko) * 2018-02-09 2023-03-24 삼성전자주식회사 전자 장치 및 전자 장치의 기능 실행 방법

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0938793A4 (fr) * 1996-11-22 2003-03-19 T Netix Inc Reconnaissance vocale pour acces a un systeme d'informations et traitement de transactions
US5913196A (en) * 1997-11-17 1999-06-15 Talmor; Rita System and method for establishing identity of a speaker
EP1659758A1 (fr) 2000-04-26 2006-05-24 Semiconductor Energy Laboratory Co., Ltd. Procédé de communication pour l'identification d'un individu au moyen d'information biologique
US20030031138A1 (en) * 2000-12-12 2003-02-13 Beckwith Robert W. Wireless transceivers using a simplified prism II system
WO2002096067A2 (fr) * 2001-05-22 2002-11-28 Teltone Corporation Systeme de controle de poste d'autocommutateur (pbx) a distance
US20020194003A1 (en) * 2001-06-05 2002-12-19 Mozer Todd F. Client-server security system and method
JP2003006168A (ja) * 2001-06-25 2003-01-10 Ntt Docomo Inc 移動端末認証方法及び移動端末
US20030125947A1 (en) * 2002-01-03 2003-07-03 Yudkowsky Michael Allen Network-accessible speaker-dependent voice models of multiple persons
US7254383B2 (en) * 2004-07-30 2007-08-07 At&T Knowledge Ventures, L.P. Voice over IP based biometric authentication
US9462118B2 (en) * 2006-05-30 2016-10-04 Microsoft Technology Licensing, Llc VoIP communication content control

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2008116858A2 *

Also Published As

Publication number Publication date
WO2008116858A3 (fr) 2009-05-07
DE102007014885B4 (de) 2010-04-01
US20100165981A1 (en) 2010-07-01
US9014176B2 (en) 2015-04-21
WO2008116858A2 (fr) 2008-10-02
DE102007014885A1 (de) 2008-10-02

Similar Documents

Publication Publication Date Title
DE102007014885B4 (de) Verfahren und Vorrichtung zur Steuerung eines Nutzerzugriffs auf einen in einem Datennetz bereitgestellten Dienst
DE102007033812B4 (de) Verfahren und Anordnung zur Authentifizierung eines Nutzers von Einrichtungen, eines Dienstes, einer Datenbasis oder eines Datennetzes
DE102008058883B4 (de) Verfahren und Anordnung zur Steuerung eines Nutzerzugriffs
DE60308692T2 (de) Verfahren und system für benutzerbestimmte authentifizierung und einmalige anmeldung in einer föderalisierten umgebung
EP2966605B1 (fr) Procédé et système destinés à l'authentification d'un utilisateur
EP3764614B1 (fr) Système d'authentification distribué
EP1302930A1 (fr) Vérification continue d'interlocuteur
EP1792248A1 (fr) Appareil portatif pour liberer un acces
WO2004038665A1 (fr) Procede permettant d'executer une transaction electronique securisee a l'aide d'un support de donnees portable
DE102008024783A1 (de) Sichere, browser-basierte Einmalanmeldung mit Clientzertifikaten
EP1964042B1 (fr) Procede de preparation d'une carte a puce pour des services de signature electronique
DE60207980T2 (de) System und Verfahren zur Benutzerauthentifizierung in einem digitalen Kommunikationssystem
EP3005651B1 (fr) Procédé d'adressage, d'authentification et de sauvegarde sécurisée de données dans des systèmes informatiques
EP3540623B1 (fr) Procédé de génération d'un pseudonyme à l'aide d'un jeton d'id
EP3107029B1 (fr) Procede et dispositif de signature electronique personnalisee d'un document et produit-programme d'ordinateur
EP3435697B1 (fr) Procédé d'authentification d'un utilisateur contre un fournisseur de services et système d'authentification
EP2933974B1 (fr) Procédé d'authentification téléphonique d'utilisateurs de réseaux publics ou privés destinés à l'échange de données
EP1406459A1 (fr) Méthode d'authentification de plusieurs facteurs par transmission d'un mot de passe par l'intermédiane de termineaux mobiles avec PIN optinel
DE10204436A1 (de) Kontinuierliche Benutzerauthentisierung mittels Spracheingabe
EP2602982B1 (fr) Authentification de participants d'un service téléphonique
DE102020134933A1 (de) Verfahren zum Erstellen einer qualifizierten elektronischen Signatur
DE102018133380A1 (de) Verfahren zum Erstellen einer qualifizierten elektronischen Signatur
EP1447794A1 (fr) Vérification continue du locuteur par la parole
EP1158492A1 (fr) Authentification d'utilisateur pour système bancaire à domicile
EP3407234A1 (fr) Dispositif et procédé de vérification d'une identité d'une personne

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20091015

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA MK RS

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: VOICECASH IP GMBH

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20130703

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: VOICE TRUST IP GMBH

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: VOICETRUST ESERVICES CANADA INC.

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: VOICETRUST GMBH

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20170119