FR3122266A1 - METHODS AND SYSTEMS FOR ACCESSING A USER TO A VIDEOCONFERENCE SERVICE - Google Patents

Abstract

The method (100) for accessing a user to a videoconferencing service comprises: a step (105) of initializing the authentication which comprises: a step (110) of displaying information representative of a word, a step (115) of capturing a sound signal representative of a diction of a word associated with the displayed information, a step (120) of determining a biometric voice print as a function of the sound signal captured and a step (125) for storing at least one parameter representative of the voice print, a step (130) for connection by a first terminal operated by a user, a step (135) for authenticating the user operating the first terminal, which comprises: a step (140) for generating a set of at least one word, a step (145) for displaying the generated set, a step (150) for capturing a sound signal representative of a diction of the displayed set, a second step (155) of determining a fingerprint biometric voice print as a function of the sound signal picked up, a step (160) for comparing the biometric voice print of the user and at least one stored voice print and a step (165) for authorizing or prohibiting the connection to the computing resource according to the result of the comparison step. Figure for abstract: Figure 1

Description

METHODS AND SYSTEMS FOR ACCESSING A USER TO A VIDEOCONFERENCE SERVICE

TECHNICAL FIELD OF THE INVENTION

The present invention relates to a method for accessing a user to a videoconferencing service and a system for accessing a user to a videoconferencing service. It applies, in particular, to the field of user authentication for access to a computer resource.

STATE OF THE ART

In the digital field, the authentication of users of services accessible remotely on a network entails risks of access by malicious third parties to said services.

Some authentication mechanisms implement a combination of two character strings representing a user ID and a password. However, these mechanisms do not allow certain authentication of the user in possession of these character strings.

Some authentication mechanisms, known as two-factor authentication (translated as "Two factor authentication" and abbreviated as "2FA"), implement both the combination mentioned above and a secondary character string, generated in a dynamic, sent to the user. Such sending typically takes place on a phone supposedly available to the user associated with the user ID responsible for the connection attempt. These mechanisms can be implemented on a single device, compromising the security of the associated digital service. Moreover, these mechanisms do not make it possible to authenticate with certainty the user in possession of both the combination of the user identifier, the password and the terminal having received the additional character string.

Thus, there is no satisfactory way to authenticate, with certainty, a user responsible for an attempt to access a digital service.

OBJECT OF THE INVENTION

The present invention aims to remedy all or part of these drawbacks.

To this end, according to a first aspect, the present invention relates to a method of access by a user to a videoconferencing service, which comprises:

• a user authentication initialization step which includes:
  • a step of displaying, on a graphical interface, information representative of a word,
  • a step of capture, by a sensor, of a sound signal representative of a diction, by a user whose authentication is initialized, of a word associated with the information displayed,
  • a step of determining, by a computing device, a biometric voice print of the user whose authentication is initialized according to the sound signal picked up and
  • a step of storing, in a computer memory, at least one parameter representative of the determined biometric voiceprint of the user whose authentication is initialized,
• a step of connection to a computer resource hosting the videoconferencing service by a first terminal operated by a user,
• a step for authenticating the user operating the first terminal, which comprises:
  • a step of generating a set of at least one item of information representative of a word,
  • a display step, on a graphical interface associated with the first terminal, of the generated set,
  • a step of capture, by a sensor of a second terminal, of a sound signal representative of a diction, by a user whose authentication is initialized, of the displayed set,
  • a second step of determining, by a computing device, a biometric voice print of the user operating the first terminal as a function of the sound signal picked up,
  • a step of comparing the biometric voiceprint of the user operating the first terminal and at least one voiceprint stored during the storage step and
  • a step of authorizing or prohibiting the connection to the computer resource according to the result of the comparison step.

Thanks to these provisions, the authentication carried out benefits from significant security due to the two terminals implemented as well as the use of biometric authentication of the user.

In embodiments of the method that is the subject of the present invention:

• the initialization step includes a step of recording the computer address of a second terminal associated with the user whose authentication is initialized and;
• the capture step of the authentication step is carried out according to the registered computer address of a second terminal associated with the user operating the first terminal.

These embodiments allow the authentication service requested by a first terminal to send an authentication request to a predetermined second terminal considered to be secure by the user to be authenticated.

In embodiments of the method that is the subject of the present invention, the authentication step includes a step of authenticating the second terminal upstream of the capture step performed by the second terminal.

These embodiments further reinforce the security of the method that is the subject of the present invention.

In embodiments of the method that is the subject of the present invention, the generation step is configured to generate a set of at least two pieces of information representative of words, each piece of information representing a word being selected from a list according to at least one item of information representative of a word implemented during the display step of the initialization step.

These embodiments make it possible either to use identical words during initialization and during authentication, or to choose words for the authentication step which have a desired phonetic distance with the words used during the authentication. initialization step.

In embodiments of the method that is the subject of the present invention, the generation step is configured to generate a set comprising at least one item of information representative of a word distinct from one item of information representative of a word implemented during the display step of the initialization step.

These embodiments make it possible to choose words for the authentication step which have a desired phonetic distance with the words used during the initialization step.

In embodiments of the method that is the subject of the present invention, the generation step is configured to generate a random set comprising at least one item of information representative of a word.

These embodiments make it possible to dynamically generate the set at each connection attempt, thus increasing the security of the method as a whole.

In embodiments of the method that is the subject of the present invention, the second determination step is carried out by the second terminal, the method further comprising a step of transmitting the biometric voice print to a means carrying out the step of comparison.

In some embodiments, the method that is the subject of the present invention comprises, downstream of the authentication step:

• a capture step, by a sensor, of a sound flow of exchange between users of the videoconferencing service,
• a third step of determining, by a computing device, a biometric voiceprint of the user operating the first terminal according to the sound signal picked up,
• a second step of comparing, by a computing device, the biometric fingerprint determined during the third determination step and at least one voice print stored during the storage step and
• a step for ejecting or confirming the connection to the computer resource according to the result of the second comparison step.

These embodiments make it possible, during a videoconference, to confirm or invalidate the authentication of the user.

In embodiments, the method that is the subject of the present invention comprises:

• a step of detecting a characteristic noise value in the sound signal picked up during the capture step,
• a step of applying noise to the signal picked up during the capture step as a function of the noise characteristic value detected,

the determination step being carried out downstream of the noise type application step and upstream of the comparison step.

These embodiments make it possible to carry out an instantaneous comparison of the fingerprints under identical conditions.

In some embodiments, the method that is the subject of the present invention comprises, downstream of the capture step, a step of converting the sound signal into text representative of a user connection identifier, the connection step being carried out according to the identifier thus converted.

These embodiments allow both to capture, identify and authenticate the user based on a unique signal.

According to a second aspect, the present invention relates to a system for accessing a user to a videoconferencing service, which comprises:

• a digital mechanism for initializing the authentication of a user which comprises:
  • a means of displaying, on a graphic interface, information representative of a word,
  • a means of capture, by a sensor, of a sound signal representative of a diction, by a user whose authentication is initialized, of a word associated with the information displayed,
  • a means for determining, by a computing device, a biometric voice print of the user whose authentication is initialized according to the sound signal picked up and
  • a means for storing, in a computer memory, at least one parameter representative of the determined biometric voiceprint of the user whose authentication is initialized,
• a means of connection to a computer resource hosting the videoconferencing service by a first terminal operated by a user,
• a digital mechanism for authenticating the user operating the first terminal, which comprises:
  • a means for generating a set of at least one item of information representative of a word,
  • means for displaying, on a graphical interface associated with the first terminal, the generated set,
  • a means of capturing, by a sensor of a second terminal, a sound signal representative of a diction, by a user whose authentication is initialized, of the displayed set,
  • a means for determining, by a computing device, a biometric voice print of the user operating the first terminal as a function of the sound signal picked up,
  • means for comparing the biometric voiceprint of the user operating the first terminal and at least one voiceprint stored by the storage means and
  • means for authorizing or prohibiting the connection to the computer resource according to the result obtained from the comparison means.

The advantages of the system which is the subject of the present invention are identical to the method which is the subject of the present invention.

BRIEF DESCRIPTION OF FIGURES

Other advantages, aims and particular characteristics of the invention will emerge from the non-limiting description which follows of at least one particular embodiment of the method and of the system which are the subject of the present invention, with regard to the appended drawings, in which:

represents, schematically and in the form of a flowchart, a first succession of particular steps of the method which is the subject of the present invention,

represents, schematically and in the form of a flowchart, a second succession of particular steps of the method which is the subject of the present invention and

represents, schematically, an embodiment of the systems which are the subject of the present invention.

DESCRIPTION OF EXAMPLES OF EMBODIMENT OF THE INVENTION

This description is given on a non-limiting basis, each characteristic of an embodiment being able to be combined with any other characteristic of any other embodiment in an advantageous manner.

Note that the figures are not to scale.

A "terminal" is any electronic device capable of automatically performing calculations (and executing algorithms) and, optionally, of being interfaced with a user (via a man-machine interface, for example) or with a program computer (via a programming interface, abbreviated “API” for “Application Programming Interface”).

Optionally, such a terminal can be communicating, that is to say comprise a communication interface with a multipoint, wired or wireless data network, such as the Internet or a cellular network for example, or else according to a point-to-point mode. , such as Bluetooth (registered trademark) for example.

The exact nature of implementation of such a terminal is not limiting with regard to the present invention. Such a terminal can correspond, for example, to a single terminal (personal computer, smart telephone) or to a coordinated set of terminals (according to a conventional client-server architecture).

We call “word” a semantic unit, that is to say designating a signified in the linguistic sense.

We call “information representative of a word” any graphic, sound or textual information representative of a word. For example, the word "tree" can correspond to information formed of a string of characters, to graphic information of the image file type or to sound information of the sound file type.

We observe, on the , which is not to scale, a schematic view of an embodiment of the method 100 object of the present invention. This method 100 for access by a user to a videoconferencing service comprises:

• a step 105 of initializing the authentication of a user which comprises:
  • a step 110 of displaying, on a graphical interface, information representative of a word,
  • a step 115 of capture, by a sensor, of a sound signal representative of a diction, by a user whose authentication is initialized, of a word associated with the information displayed,
  • a step 120 of determining, by a computing device, a biometric voiceprint of the user whose authentication is initialized according to the sound signal picked up and
  • a step 125 of storing, in a computer memory, at least one parameter representative of the determined biometric voiceprint of the user whose authentication is initialized,
• a step 130 of connection to a computer resource by a first terminal operated by a user,
• a step 135 for authenticating the user operating the first terminal, which comprises:
  • a step 140 of generating a set of at least one item of information representative of a word,
  • a step 145 of displaying, on a graphical interface associated with the first terminal, the generated set,
  • a step 150 of capture, by a sensor of a second terminal, of a sound signal representative of a diction, by a user whose authentication is initialized, of the displayed set,
  • a second step 155 of determining, by a computing device, a biometric voice print of the user operating the first terminal as a function of the sound signal picked up,
  • a step 160 of comparing the biometric voice print of the user operating the first terminal and at least one voice print stored during the storage step and
  • a step 165 for authorizing or prohibiting the connection to the computer resource according to the result of the comparison step.

Schematized simply, the method 100 comprises at least three major steps, the embodiments of which are described below:

• an authentication initialization step 105, aimed at associating a biometric voiceprint with a user,
• a step 130 of connection, or connection attempt, by a user using a first terminal to a digital resource and
• an authentication step 135, via a capture of sound signals by a second terminal, comparing a biometric voiceprint captured dynamically with a biometric voiceprint initialized during the initialization step 105.

The initialization step 105 can be performed by a single device or a plurality of devices collaborating to produce the effects thereof. Thus, the initialization step 105 can be performed on a terminal (of the personal computer or smart phone type) or on a coordinated set of terminals (according to a conventional client-server architecture). The initialization step 105 can thus be carried out by a set of cooperating means to carry out the underlying steps described below. This cooperation can be ordered centrally, by a specific terminal, or decentralized by the successive execution of the steps described below by separate means.

The display step 110 is carried out, for example, by implementing a computer program executed by an electronic calculation circuit associated with a display peripheral (such as a computer screen, for example). Such a computer program is configured to, as a function of an identifier representing a word, such as an entry in a local (hard disk) or remote (database) computer memory, controlling the display of corresponding information on the display device.

In variants, step 110 of display is understood to mean the step of supplying a graphic and/or sound signal representative of a word. In such a variant, in addition to or instead of the display of graphic information, a command corresponding to the reading of a sound signal corresponding to the determined word is sent to a peripheral for reading sound signals (such as a loudspeaker speaker, for example).

In variants not shown, the method 100 includes a step of selecting at least one item of information representative of a word to be implemented during the step 110 of display. The selection made may depend on the following criteria:

• user language,
• language of the desired word,
• security associated with a candidate word for selection, said security being measured as a function of the difficulty of biometric spoofing associated with the pronunciation of the word and
• frequency of selection of a candidate word for selection among other prior selections.

In variants, the selection of words is carried out according to several distinct languages.

The capture step 115 is carried out, for example, by a microphone-type sensor associated with a local or remote computer memory. In variants, the capture step 115 implements a sound signal processing means, software or electronic, to extract determined characteristics from the sound signal picked up (for example by increasing the signal-to-noise ratio of the sound signal picked up).

The triggering of the capture step 115 can be automatic, that is to say triggered by the transmission of a digital command or manually, that is to say by the user.

This capture step 115 can be performed on the terminal associated with the graphical interface or on another terminal available to the user, in a manner analogous to the performance of the authentication step 135.

The determination step 120 is carried out, for example, by implementing a computer program executed by an electronic calculation circuit. During this determination step 120, at least one value of at least one biometric characteristic is calculated. Such a biometric characteristic is, for example:

• the timbre of the voice,
• the pitch of the voice or
• the valence of the voice.

The calculation corresponding to such a characteristic is abundantly described in the scientific literature.

The storage step 125 is carried out, for example, by the implementation of a storage device of a terminal, a remote database or a distributed register. During this storage step 125, a value representative of the biometric voice print is stored. This value can correspond to a biometric characteristic value or to a value enabling reconstitution, for example. The sound signal picked up having been used during step 120 of determination can also be stored. In variants, the determination step 120 is implemented on an ad hoc basis, when the authentication of the corresponding user must be carried out. This makes it possible to update the biometric voiceprint in the event of a change in the determination algorithm implemented.

The connection step 130 is carried out, for example, by a terminal sending a request for access to a computer resource present on a data network, such as the Internet for example. The computer resource corresponds, for example, to the URL (for "Uniform Resource Locator", translated as "Uniform resource localization") or to the IP address (for "Internet Protocol", translated as "internet protocol") of a videoconferencing service.

The connection step 130 is followed by the user authentication step 135 before the access of the first terminal to the videoconferencing service as such is effective.

The authentication step 135 can be performed by a single device or a plurality of devices collaborating to produce the effects thereof. Thus, the authentication step 135 can be performed on a terminal (of the personal computer or smart phone type) or on a coordinated set of terminals (according to a conventional client-server architecture). The authentication step 135 can thus be carried out by a set of means cooperating to carry out the underlying steps described below. This cooperation can be ordered centrally, by a specific terminal, or decentralized by the successive execution of the steps described below by separate means.

The generation step 140 is carried out, for example, by implementing a computer program executed by an electronic calculation circuit. During the generation step 140, a set of words is determined randomly or not, from a finite list having been implemented during the display step 110 or from a larger list. The selection of words from the set may also depend on criteria of:

• user language,
• language of the desired word,
• security associated with a candidate word for selection, said security being measured as a function of the difficulty of biometric spoofing associated with the pronunciation of the word and
• frequency of selection of a candidate word for selection among other prior selections.

In variants, the selection of words is carried out according to several distinct languages.

In particular embodiments, the generation step 140 is configured to generate a set of at least two pieces of information representative of words, each piece of information representative of a word being selected from a list as a function of at least one piece of information representative of a word implemented during step 110 of displaying step 105 of initialization.

For example, the words chosen may have common phonemes.

In particular embodiments, the generation step 140 is configured to generate a set comprising at least one item of information representative of a word distinct from one item of information representative of a word implemented during step 110 d display of initialization step 105.

In particular embodiments, the generation step 140 is configured to generate a random set comprising at least one item of information representative of a word.

The display step 145 is carried out analogously to display 110. During this display step 145, the generated set is displayed. In variants, another message representative of an identifier and/or password entry is displayed.

The capture step 150 is performed, for example, analogously to the capture step 115 on a second terminal. This second terminal is distinct from the first terminal. In variants, the second terminal and the first terminal are combined.

Step 155 of determination is carried out, for example, analogously to step 120 of determination. This determination step 155 is carried out by the first or the second terminal.

In some embodiments, the second determination step 155 is carried out by the second terminal, the method further comprising a step 180 of transmitting the biometric voice print to a means carrying out the comparison step.

The transmission step 180 is carried out, for example, by the transmission of a fingerprint transmission command by the second terminal to a network card of said second terminal. The emission can correspond to the emission of a signal according to a wired or wireless network.

The comparison step 160 is performed, for example, by implementing a computer program executed by an electronic calculation circuit. During this comparison step 160, at least one biometric characteristic value of each fingerprint is compared. If these two values correspond, within a predetermined degree of error, the comparison step 160 determines that the biometric fingerprints correspond. Otherwise, the comparison step 160 determines that the biometric fingerprints do not match.

The comparison step 160 can be performed on the first terminal, on the second terminal or on a third-party terminal, of the remote server type hosting the videoconferencing service.

The step 165 of authorization or prohibition of the connection is carried out, for example, by the implementation of a computer program executed by an electronic calculation circuit. This authorization or prohibition step 165 is associated with the connection step 130. If the biometric fingerprints match, the connection is authorized while if these fingerprints do not match, the connection is prohibited.

In particular embodiments, such as that shown in :

• the initialization step 105 includes a step 170 of recording the computer address of a second terminal associated with the user whose authentication is initialized and;
• the capture step 150 of the authentication step 135 is carried out according to the registered computer address of a second terminal associated with the user operating the first terminal.

The recording step 170 is carried out, for example, by implementing a computer program executed by an electronic calculation circuit. This recording step 170 can be performed on a local or remote terminal (of the server type) associated with a computer memory. This recording may follow a request to enter an IT address (such as a telephone number or a terminal identifier) sent to the user. The terms "computer address" here designate any address on a data network, including cellular networks and the Internet in particular.

The second terminal implemented during the registration step 135 then corresponds to the second terminal whose computer address is registered. For example, if a telephone number has been associated with the user, during the capture step 150, the capture must be performed by the telephone associated with the telephone number.

In particular embodiments, such as that shown in , the authentication step 135 includes a step 175 of authenticating the second terminal upstream of the capture step 150 performed by the second terminal.

The authentication step 175 is carried out, for example, by implementing a computer program executed by an electronic calculation circuit. For example, during this authentication step 175, a unique and temporary code is sent from an authentication server to the second terminal, this code having to be manually entered on the first terminal by the user to be provided to the authentication server for validation.

In particular embodiments, such as that shown in , the method 100 comprises, downstream of the authentication step 135:

• a step 185 of capturing, by a sensor, a sound flow of exchange between users of the videoconferencing service,
• a third step step 186 of determining, by a computing device, a biometric voice print of the user operating the first terminal according to the sound signal picked up,
• a second step 187 of comparison, by a calculation device, of the biometric fingerprint determined during the third determination step and at least one voice print stored during the storage step and,
• a step 188 of ejecting or confirming the connection to the computer resource according to the result of the second comparison step.

These embodiments allow authentication of a user during use of the videoconferencing service.

The capture step 185 is carried out, for example, by a capture peripheral implemented in the videoconferencing service for the transmission of ordinary messages between participants. Such a sensor is a microphone, for example.

The third step 186 of determination is for example carried out analogously to one of the steps, 120 and 155, of determination. This determination step 186 is carried out, for example, by an authentication server associated with a server hosting the videoconferencing service.

The second comparison step 187 is for example carried out analogously to the comparison step 160. This comparison step 187 is carried out, for example, by an authentication server associated with a server hosting the videoconferencing service.

Step 188 of ejecting or confirming the connection is carried out, for example, by implementing a computer program executed by an electronic computing device. During this step 188, for example, the authentication server determining that the fingerprints do not match, sends an ejection command to the server hosting the videoconferencing service. Conversely, if the fingerprints match, no such command is issued.

We observe, in , a second particular embodiment of the method 200 object of the present invention. Such an embodiment can be partially or completely combined with any variant of the embodiment shown in .

The method 200 comprises several embodiments which can be independent of one another.

A first embodiment provides that the method 200 comprises:

• a step 151 of detecting a characteristic noise value in the sound signal captured during the capture step 150,
• a step 152 of applying noise to the signal picked up during the capture step 115 according to the noise characteristic value detected,

the step 120 of determination being carried out downstream of the step of applying the type of noise and upstream of the step 160 of comparison.

These embodiments allow a fairer comparison between sound signals with a view to determining their biometric voice prints or the values of associated biometric characteristics.

In these embodiments, the sound signal picked up during the capture step 115 is not implemented immediately by the step 120 of determining a biometric voice print. This sound signal is preferably stored in a computer memory for later use, concomitantly with step 155 of determining a biometric voice print.

Step 151 of detecting a characteristic noise value in the sound signal picked up is carried out, for example, by implementing a signal processing computer program implemented by an electronic computing device. During this detection step 151, a signal representative of the noise in the received signal, that is to say the part of the signal not emitted by the user's diction, is identified. At least one characteristic value of the noise, which may correspond to a type or to a volume of noise for example, or even the signal of the noise as a whole, is preferably stored.

The step 152 of applying a noise characteristic value to the sound signal picked up is carried out, for example, by implementing a signal processing computer program implemented by an electronic computing device. During this application step 152, a noise corresponding to the noise characterized in the signal picked up during the detection step 151 is applied to the signal picked up during the capture step 115 upstream of the step 120 for determining a biometric voiceprint. Such noise can be generated artificially, such as white noise for example.

In these embodiments, the storage step 125 can be configured to store the sound signal captured during the capture step 115.

A second embodiment provides that the method 200 comprises, downstream of the capture step 150, a step 153 of converting the sound signal into text representative of a user connection identifier, the connection step 130 being carried out according to the identifier thus converted.

In this embodiment, the objective is to carry out, in a double way, an identification and an authentication of the user at the same time.

The conversion step 153 is performed, for example, by implementing a computer program implemented by an electronic computing device. During this conversion step 153, a text-to-speech algorithm is for example implemented.

In this embodiment, the first terminal and the second terminal can be confused.

In this embodiment, the representative information displayed during a step of displaying, 110 and/or 145, a word can correspond to an identifier of the user.

In this embodiment, the representative information displayed during a step of displaying, 110 and/or 145, a word can correspond to a diction instruction.

We observe, in , schematically, an embodiment of the system 300 object of the present invention. This system 300 for user access to a videoconferencing service comprises:

• a digital mechanism 305 for initializing the authentication of a user which comprises:
  • a means 310 for displaying, on a graphical interface, information representative of a word,
  • a means 315 for capturing, by a sensor, a sound signal representative of a diction, by a user whose authentication is initialized, of the word associated with the information displayed,
  • a means 320 for determining, by a computing device, a biometric voice print of the user whose authentication is initialized according to the sound signal picked up and,
  • a means 325 for storing, in a computer memory, at least one parameter representative of the determined biometric voiceprint of the user whose authentication is initialized,
• a means 330 for connection to a computer resource by a first terminal operated by a user,
• a digital mechanism 335 for authenticating the user operating the first terminal, which comprises:
  • a means 340 for generating a set of at least one item of information representative of a word,
  • means 345 for displaying, on a graphical interface associated with the first terminal, the generated set,
  • a means 350 for capturing, by a sensor of a second terminal, a sound signal representative of a diction, by a user whose authentication is initialized, of the displayed set,
  • a means 355 for determining, by a computing device, a biometric voice print of the user operating the first terminal as a function of the sound signal picked up,
  • means 360 for comparing the biometric voiceprint of the user operating the first terminal and at least one voiceprint stored by the storage means and,
  • a means 365 for authorizing or prohibiting the connection to the computer resource according to the result obtained from the comparison means.

A “mechanism” is here called a functional set of means cooperating to produce an effect. Such a mechanism can be distributed or unitary, partly local or remote.

The means referenced in the correspond, mutatis mutandis, to the examples presented opposite the corresponding steps in Figures 1 or 2.

As can be understood, the present invention makes it possible to carry out authentication by identification of a user (speaker) and by voice recognition via two distinct channels as for example described below.

Speech recognition and subsequent authentication rely on the fact that a person can be uniquely identified by the characteristics of their voice. The basic principle is that users are "enrolled" by capturing a sample of their voice and using it as a basis for comparison for the future. Often multiple records will be made by the user in order to generate a reliable baseline.

Once this baseline is captured, users can be identified and authenticated from their voice by comparing a subsequent voice capture to the baseline.

In order to eliminate false positives and add an additional layer of security, a variant of the present invention provides that not only must the user's voiceprint match the voiceprint of a registered user, but also that users have replayed a specific sequence of words via a separate channel/terminal from the one on which the sequence of words is displayed.

The sequence of words is for example generated randomly on the fly and the distinct communication channel must also be authorized to interact with the system via a telephone number or a SIP address (for “Service initiation protocol”, translated by initiation protocol on duty). The record captured by the authentication system can therefore perform the following operations to authenticate a user:

• display a random sequence of words,
• call the user through a separate device / channel,
• capture a recording of the user reciting the sequence,
• match the voice to a user and,
• converting the spoken sequence to text and matching the spoken sequence of words to the sequence of words that the authenticating person was asked to recite.

The terminal displaying the text may be different from the terminal used to capture the voice. The voice-capturing terminal will either be a SIP-enabled device that can be called directly from the conferencing system, or a traditional phone line or mobile device whose number has been approved by a higher authority, i.e. say an account administrator, and associated with the user trying to log in.

To access a virtual room, the user must first enter the unique address of the virtual room (URL) in their browser. If the biometric option is activated in the room, the user is prompted to enter his identifier. Once this is done, the user ID is sent to a centralized server via an API call which will determine if the user ID is associated with biometric information. If the user's ID is associated with a voice biometric credential, the authenticator web page or application displays text for the user to read. This text will be a random sequence of words or numbers generated on the fly.

The user has the option of using the terminal's microphone or calling a phone number that prompts them to enter a PIN code (for "Personal Identification Number") and then recite the text displayed on the screen. In both cases, the biometric fingerprint of the voice used to read the text is compared to the characteristics of the voice recorded with the user ID and the spoken text must match the text displayed on the screen.

The user has a limited time to read and announce the text, after which the process fails, leading to access denial. If the spoken words match the text, the voiceprint matches the user's voiceprint, and the user is whitelisted (access permission), access to the room is granted and the user enters the room. In addition to user authentication, the user is also identified and any roles or settings associated with the user are loaded and applied to the user's session. Otherwise, the authentication process fails and an error message is displayed. The user has for example three authentication attempts in this way, after which his access to the room will be revoked and a warning email is sent to the owner of the room.

Claims (10)

Method (100) for access by a user to a videoconferencing service, characterized in that it comprises:

• a step (105) of initializing the authentication of a user which comprises:
  • a step (110) for displaying, on a graphical interface, information representative of a word,
  • a step (115) of capture, by a sensor, of a sound signal representative of a diction, by a user whose authentication is initialized, of the word associated with the information displayed,
  • a step (120) of determining, by a computing device, a biometric voice print of the user whose authentication is initialized according to the sound signal picked up and
  • a step (125) of storing, in a computer memory, at least one parameter representative of the determined biometric voiceprint of the user whose authentication is initialized,
• a step (130) of connection to a computer resource hosting the videoconferencing service by a first terminal operated by a user,
• a step (135) for authenticating the user operating the first terminal, which comprises:
  • a step (140) of generating a set of at least one item of information representative of a word,
  • a step (145) for displaying, on a graphical interface associated with the first terminal, the generated set,
  • a step (150) of capture, by a sensor of a second terminal, of a sound signal representative of a diction, by a user whose authentication has been initialized, of the displayed set,

• a second step (155) of determining, by a computing device, a biometric voice print of the user operating the first terminal as a function of the sound signal picked up,
• a step (160) of comparing the biometric voice print of the user operating the first terminal and at least one voice print stored during the storage step and
• a step (165) for authorizing or prohibiting the connection to the computer resource according to the result of the comparison step.

A method (100) according to claim 1, wherein:

• the initialization step (105) comprises a step (170) of recording the computer address of a second terminal associated with the user whose authentication is initialized and
• the step (150) of capturing the step (135) of authentication is carried out according to the registered computer address of a second terminal associated with the user operating the first terminal.

Method (100) according to claim 2, in which the authentication step (135) includes a step (175) of authenticating the second terminal upstream of the capture step carried out by the second terminal. Method (100) according to one of Claims 1 to 3, in which the generation step (140) is configured to generate a set of at least two pieces of information representative of words, each piece of information representing a word being selected from a list based on at least one item of information representative of a word implemented during the display step (110) of the initialization step (105). Method (100) according to one of Claims 1 to 4, in which the generation step (140) is configured to generate a set comprising at least one piece of information representing a word distinct from one piece of information representing a word implemented during the display step (110) of the initialization step (105). Method (100) according to one of Claims 1 to 5, in which the generation step (140) is configured to generate a random set comprising at least one item of information representative of a word. Method (100) according to one of Claims 1 to 6, which comprises, downstream of the authentication step (135):

• a step (185) for capturing, by a sensor, an exchange sound stream between users of the videoconferencing service,
• a third step (186) of determining, by a computing device, a biometric voice print of the user operating the first terminal as a function of the sound signal picked up,
• a second step (187) of comparison, by a calculation device, of the biometric fingerprint determined during the third determination step and at least one voice print stored during the storage step and
• a step (188) for ejecting or confirming the connection to the computing resource according to the result of the second comparison step.

Method (200) according to one of Claims 1 to 7, which comprises:

• a step (151) of detecting a characteristic value of noise in the sound signal picked up during the step (150) of capturing,
• a step (152) of applying noise to the signal picked up during the step (115) of capture as a function of the noise characteristic value detected,

the step (120) of determining being carried out downstream of the step of applying the type of noise and upstream of the step (160) of comparison. Method (200) according to one of claims 1 to 8, which comprises, downstream of the capture step (150), a step (153) of converting the sound signal into text representative of a connection identifier the user, the connection step (130) being carried out according to the identifier thus converted. System (300) for user access to a videoconferencing service, characterized in that it comprises:

• a digital mechanism (305) for initializing the authentication of a user which comprises:
  • a means (310) for displaying, on a graphical interface, information representative of a word,
  • a means (315) for capturing, by a sensor, a sound signal representative of a diction, by a user whose authentication is initialized, of a word associated with the information displayed,
  • a means (320) for determining, by a computing device, a biometric voice print of the user whose authentication is initialized according to the sound signal picked up and,
  • a means (325) for storing, in a computer memory, at least one parameter representative of the determined biometric voiceprint of the user whose authentication is initialized,
• a means (330) for connection to a computer resource hosting the videoconferencing service by a first terminal operated by a user,
• a digital authentication mechanism (335) for the user operating the first terminal, which comprises:
  • a means (340) for generating a set of at least one item of information representative of a word,
  • means (345) for displaying, on a graphical interface associated with the first terminal, the generated set,
  • a means (350) for capturing, by a sensor of a second terminal, a sound signal representative of a diction, by a user whose authentication has been initialized, of the displayed set,
  • a means (355) for determining, by a computing device, a biometric voice print of the user operating the first terminal as a function of the sound signal picked up,
  • means (360) for comparing the biometric voice print of the user operating the first terminal and at least one voice print stored by the storage means and,
  • a means (365) for authorizing or prohibiting the connection to the computer resource according to the result obtained from the comparison means.