EP2153366A2 - Procédé et dispositif de commande d'accès d'utilisateur à un service mis à disposition sur un réseau de communication de données - Google Patents
Procédé et dispositif de commande d'accès d'utilisateur à un service mis à disposition sur un réseau de communication de donnéesInfo
- Publication number
- EP2153366A2 EP2153366A2 EP08718160A EP08718160A EP2153366A2 EP 2153366 A2 EP2153366 A2 EP 2153366A2 EP 08718160 A EP08718160 A EP 08718160A EP 08718160 A EP08718160 A EP 08718160A EP 2153366 A2 EP2153366 A2 EP 2153366A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- user
- terminal
- voice
- access
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000012545 processing Methods 0.000 claims abstract description 28
- 230000001755 vocal effect Effects 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000006872 improvement Effects 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 230000002452 interceptive effect Effects 0.000 claims description 2
- 238000013519 translation Methods 0.000 claims description 2
- 239000003623 enhancer Substances 0.000 claims 1
- 230000008569 process Effects 0.000 description 7
- 230000007246 mechanism Effects 0.000 description 6
- 230000008901 benefit Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 210000001525 retina Anatomy 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/38—Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
- H04M3/487—Arrangements for providing information services, e.g. recorded voice services or time announcements
- H04M3/493—Interactive information services, e.g. directory enquiries ; Arrangements therefor, e.g. interactive voice response [IVR] systems or voice portals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2201/00—Electronic components, circuits, software, systems or apparatus used in telephone systems
- H04M2201/41—Electronic components, circuits, software, systems or apparatus used in telephone systems using speaker recognition
Definitions
- This invention relates to methods and apparatus for controlling user access to a service provided in a data network.
- knowledge-based type authentication means are employed to meet the security requirements.
- password-based or PIN-based identification / authentication processes have been known and generally used for decades.
- additional security measures such as the provision and mandatory use of individual transaction codes or TANs, are known and widely used.
- Even such additional security-enhancing operations are knowledge-based and therefore suffer from the typical disadvantages of all knowledge-based systems, i. on the one hand, problems associated with the loss of relevant information by the authorized user and, on the other hand, risks resulting from the access of such information by an unauthorized user.
- voice-based authentication solutions as a special type of biomedium-based identifications / authentication have already been introduced by companies to supplement their internal knowledge-based access control mechanisms.
- the invention provides a method which comprises:
- the invention proposes that a special client be installed on the user's computer using voice biometrics to authenticate the user.
- the client securely ensures the identity of the user without requiring the user to keep multiple complex passwords and without the risk of becoming a victim of fraudulent attacks.
- the method may serve as a "two-factor authentication” to increase the level of security and to support existing conventional authentication methods such as password or PIN-based methods Serve yourself as a secure "two-factor authentication” based on voice recognition and voice authentication, without the need to use it passwords or PINs or additional hardware.
- both embodiments aim at existing market segments and may result in cost savings and user manageability.
- the process provides a significant benefit to all involved parties involved in critical transactions and data access operations.
- no additional hardware or software is required on the user side.
- User acceptance is expected to be high as the process is easy to use and safe.
- the provider side is concerned, hardware-intensive toggling of tokens and smartcards is not required and a fast and easy centralized security administration is possible.
- the easily achievable scalability makes the method an ideal solution for mass market online access applications in many fields. It is basically suitable for any client-server and peer-to-peer based transactions.
- method steps (a) to (d) are performed substantially at the user terminal, and the access control signal is transmitted over the data network to a server of the service.
- step (b) the preprocessed voice sample or the voice profile is transmitted via the data network to a voice authentication server
- the second processing step (c) is carried out on the authentication server and the authentication server transmits the access control signal to a server of the service.
- a second authentication procedure is performed and the access control signal is generated in response to corresponding output signals of the first and second authentication procedures.
- the second authentication procedure here is password-based or user-ID-based. More specifically, as one embodiment, the one mentioned above "Two-factor authentication" preprocessed by the user a password or a user ID with the means of speech recognition.
- the data network is a network based on the Internet protocol, and the client in the user terminal has a SIP call origination client. More specifically, the SIP chent is combined with an Interactive Connectivity Establishment (ICE) element or an Application Layer Gateway (ALG) to provide network address translation means.
- ICE Interactive Connectivity Establishment
- ALG Application Layer Gateway
- an LJRI is associated with the user terminal for establishing the VoIP session, and the URI is used to address the authentication server.
- the data network is a mobile radio network, and a mobile terminal is used as the user data terminal.
- the real-time transport protocol is used for voice data transmission to the authentication server.
- the client has a STUN client on the user terminal, although according to the current state of knowledge such a client may have certain disadvantages in comparison to the SIP chent.
- the first processing step (b) comprises voice quota processing and / or voice quality improvement steps. Such steps as such are known in the art.
- the device has additional authentication means which provide an output which is input to the access control signal generating means to be processed together with the output of the comparator means. More specifically, the second authentication means are substantially implemented in the user terminal or distributed over the user terminal and the authentication server.
- the first or second processing means comprise speech quality processing means and / or speech quality enhancement means.
- the additional authentication means comprise speech recognition means for recognizing a password or a user idea based on a speech input by the user.
- Fig. 1 is a simplified block diagram of an embodiment of the overall configuration according to the invention
- Fig. 2 shows a SIP client architecture according to an embodiment of the invention
- FIG. 3 shows a SIP server architecture according to a further preferred embodiment of the invention.
- the arrangement for carrying out the invention comprises a notebook (user terminal) 1, to which a headset 3 is connected, a provider server (“XY server”) 5 and an authentication server I 1 which are both connected via a data network 9 to the notebook 1.
- a notebook user terminal
- XY server provider server
- I 1 authentication server
- a user wants to gain access to an account at the provider XY by entering his user ID (and password) and pressing a "Cali Me” button that appears on a screen of his notebook
- a soft token is activated on the user terminal and, in a step S3, calls the user.
- the user provides some voice samples to verify his identity using a voice-based authentication method (known as such), and in step S4 the voice samples are transmitted to the authentication server 7.
- the authentication server compares the current sample of the voice profile with a stored one
- “Voiceprinting” that is, a voice profiling of the user that was previously obtained during an enrollment process and stored in a database of the authentication server, has been successfully completed if the second authentication step (voice profile comparison) has been successful
- the requested access to the user account is granted via the XY server 5 in a last step S7.
- Fig. 2 shows schematically those functional components of a user terminal in a SIP client architecture, which are related to the implementation of an embodiment of the invention.
- the user terminal 1 has various interfaces, ie a microphone interface 1.1 and a loudspeaker interface 1.2 on the one hand and a network output interface 1.3 and a network input interface 1.4 on the other hand.
- voice quality processing means 1.5, voice quality improving means 1.6 and voice ID authentication means 1.7 are connected, the corresponding internal structure being shown in the figure.
- FIG. 3 the main components of an authentication server are shown in an architecture that serves the central implementation of voice verification on the central server.
- the client (implemented in the user terminal) only serves to handle the call.
- the architecture of the server 7 shown in FIG. 3 comprises a network output interface 7.1 and a network input interface 7.3 as well as encryption / decryption means 7.3, speech quality improvement means 7.4 and voice ID authentication means 7.5, the respective internal structure can be taken from the figure.
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Telephonic Communication Services (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE200710014885 DE102007014885B4 (de) | 2007-03-26 | 2007-03-26 | Verfahren und Vorrichtung zur Steuerung eines Nutzerzugriffs auf einen in einem Datennetz bereitgestellten Dienst |
PCT/EP2008/053468 WO2008116858A2 (fr) | 2007-03-26 | 2008-03-25 | Procédé et dispositif de commande d'accès d'utilisateur à un service mis à disposition sur un réseau de communication de données |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2153366A2 true EP2153366A2 (fr) | 2010-02-17 |
Family
ID=39719406
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP08718160A Withdrawn EP2153366A2 (fr) | 2007-03-26 | 2008-03-25 | Procédé et dispositif de commande d'accès d'utilisateur à un service mis à disposition sur un réseau de communication de données |
Country Status (4)
Country | Link |
---|---|
US (1) | US9014176B2 (fr) |
EP (1) | EP2153366A2 (fr) |
DE (1) | DE102007014885B4 (fr) |
WO (1) | WO2008116858A2 (fr) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102007003597A1 (de) * | 2007-01-24 | 2008-07-31 | Voice Trust Ag | Verfahren und Anordnung zur Erzeugung eines signierten Text- und/oder Bilddokuments |
EP2359562B1 (fr) * | 2008-09-15 | 2019-12-18 | Unify Inc. | Système de télécommunications numériques, progiciel et procédé de gestion d'un tel système |
DE102008058883B4 (de) | 2008-11-26 | 2023-07-27 | Lumenvox Corporation | Verfahren und Anordnung zur Steuerung eines Nutzerzugriffs |
WO2011101576A1 (fr) * | 2010-02-16 | 2011-08-25 | France Telecom | Gestion d'acces a un service dans un reseau |
DE102011054449B4 (de) | 2011-10-13 | 2021-04-01 | Andreas Göke | Selbstlernende personallose biometrische Zutrittskontrolle |
US8903360B2 (en) * | 2012-05-17 | 2014-12-02 | International Business Machines Corporation | Mobile device validation |
US20140343943A1 (en) * | 2013-05-14 | 2014-11-20 | Saudi Arabian Oil Company | Systems, Computer Medium and Computer-Implemented Methods for Authenticating Users Using Voice Streams |
US9594890B2 (en) * | 2013-09-25 | 2017-03-14 | Intel Corporation | Identity-based content access control |
US8990121B1 (en) | 2014-05-08 | 2015-03-24 | Square, Inc. | Establishment of a secure session between a card reader and a mobile device |
US11593780B1 (en) | 2015-12-10 | 2023-02-28 | Block, Inc. | Creation and validation of a secure list of security certificates |
LU93150B1 (en) * | 2016-07-13 | 2018-03-05 | Luxtrust S A | Method for providing secure digital signatures |
US9940612B1 (en) * | 2016-09-30 | 2018-04-10 | Square, Inc. | Fraud detection in portable payment readers |
KR102588498B1 (ko) | 2016-11-07 | 2023-10-12 | 삼성전자주식회사 | 통신 시스템에서 발신자를 인증하기 위한 장치 및 방법 |
KR102513297B1 (ko) * | 2018-02-09 | 2023-03-24 | 삼성전자주식회사 | 전자 장치 및 전자 장치의 기능 실행 방법 |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0938793A4 (fr) * | 1996-11-22 | 2003-03-19 | T Netix Inc | Reconnaissance vocale pour acces a un systeme d'informations et traitement de transactions |
US5913196A (en) * | 1997-11-17 | 1999-06-15 | Talmor; Rita | System and method for establishing identity of a speaker |
EP1659758A1 (fr) | 2000-04-26 | 2006-05-24 | Semiconductor Energy Laboratory Co., Ltd. | Procédé de communication pour l'identification d'un individu au moyen d'information biologique |
US20030031138A1 (en) * | 2000-12-12 | 2003-02-13 | Beckwith Robert W. | Wireless transceivers using a simplified prism II system |
WO2002096067A2 (fr) * | 2001-05-22 | 2002-11-28 | Teltone Corporation | Systeme de controle de poste d'autocommutateur (pbx) a distance |
US20020194003A1 (en) * | 2001-06-05 | 2002-12-19 | Mozer Todd F. | Client-server security system and method |
JP2003006168A (ja) * | 2001-06-25 | 2003-01-10 | Ntt Docomo Inc | 移動端末認証方法及び移動端末 |
US20030125947A1 (en) * | 2002-01-03 | 2003-07-03 | Yudkowsky Michael Allen | Network-accessible speaker-dependent voice models of multiple persons |
US7254383B2 (en) * | 2004-07-30 | 2007-08-07 | At&T Knowledge Ventures, L.P. | Voice over IP based biometric authentication |
US9462118B2 (en) * | 2006-05-30 | 2016-10-04 | Microsoft Technology Licensing, Llc | VoIP communication content control |
-
2007
- 2007-03-26 DE DE200710014885 patent/DE102007014885B4/de active Active
-
2008
- 2008-03-25 US US12/593,385 patent/US9014176B2/en active Active
- 2008-03-25 EP EP08718160A patent/EP2153366A2/fr not_active Withdrawn
- 2008-03-25 WO PCT/EP2008/053468 patent/WO2008116858A2/fr active Application Filing
Non-Patent Citations (1)
Title |
---|
See references of WO2008116858A2 * |
Also Published As
Publication number | Publication date |
---|---|
WO2008116858A3 (fr) | 2009-05-07 |
DE102007014885B4 (de) | 2010-04-01 |
US20100165981A1 (en) | 2010-07-01 |
US9014176B2 (en) | 2015-04-21 |
WO2008116858A2 (fr) | 2008-10-02 |
DE102007014885A1 (de) | 2008-10-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE102007014885B4 (de) | Verfahren und Vorrichtung zur Steuerung eines Nutzerzugriffs auf einen in einem Datennetz bereitgestellten Dienst | |
DE102007033812B4 (de) | Verfahren und Anordnung zur Authentifizierung eines Nutzers von Einrichtungen, eines Dienstes, einer Datenbasis oder eines Datennetzes | |
DE102008058883B4 (de) | Verfahren und Anordnung zur Steuerung eines Nutzerzugriffs | |
DE60308692T2 (de) | Verfahren und system für benutzerbestimmte authentifizierung und einmalige anmeldung in einer föderalisierten umgebung | |
EP2966605B1 (fr) | Procédé et système destinés à l'authentification d'un utilisateur | |
EP3764614B1 (fr) | Système d'authentification distribué | |
EP1302930A1 (fr) | Vérification continue d'interlocuteur | |
EP1792248A1 (fr) | Appareil portatif pour liberer un acces | |
WO2004038665A1 (fr) | Procede permettant d'executer une transaction electronique securisee a l'aide d'un support de donnees portable | |
DE102008024783A1 (de) | Sichere, browser-basierte Einmalanmeldung mit Clientzertifikaten | |
EP1964042B1 (fr) | Procede de preparation d'une carte a puce pour des services de signature electronique | |
DE60207980T2 (de) | System und Verfahren zur Benutzerauthentifizierung in einem digitalen Kommunikationssystem | |
EP3005651B1 (fr) | Procédé d'adressage, d'authentification et de sauvegarde sécurisée de données dans des systèmes informatiques | |
EP3540623B1 (fr) | Procédé de génération d'un pseudonyme à l'aide d'un jeton d'id | |
EP3107029B1 (fr) | Procede et dispositif de signature electronique personnalisee d'un document et produit-programme d'ordinateur | |
EP3435697B1 (fr) | Procédé d'authentification d'un utilisateur contre un fournisseur de services et système d'authentification | |
EP2933974B1 (fr) | Procédé d'authentification téléphonique d'utilisateurs de réseaux publics ou privés destinés à l'échange de données | |
EP1406459A1 (fr) | Méthode d'authentification de plusieurs facteurs par transmission d'un mot de passe par l'intermédiane de termineaux mobiles avec PIN optinel | |
DE10204436A1 (de) | Kontinuierliche Benutzerauthentisierung mittels Spracheingabe | |
EP2602982B1 (fr) | Authentification de participants d'un service téléphonique | |
DE102020134933A1 (de) | Verfahren zum Erstellen einer qualifizierten elektronischen Signatur | |
DE102018133380A1 (de) | Verfahren zum Erstellen einer qualifizierten elektronischen Signatur | |
EP1447794A1 (fr) | Vérification continue du locuteur par la parole | |
EP1158492A1 (fr) | Authentification d'utilisateur pour système bancaire à domicile | |
EP3407234A1 (fr) | Dispositif et procédé de vérification d'une identité d'une personne |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20091015 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA MK RS |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: VOICECASH IP GMBH |
|
DAX | Request for extension of the european patent (deleted) | ||
17Q | First examination report despatched |
Effective date: 20130703 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: VOICE TRUST IP GMBH |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: VOICETRUST ESERVICES CANADA INC. |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: VOICETRUST GMBH |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20170119 |