The Rise of Voice Biometrics for Mobile Phones
With everything from banking records and health data to contacts lists and photos available through our mobile phones, the ability to securely access this data is an increasingly important concern. That’s why many phone manufactures and data holders are keen on biometric security systems that reliably identify individuals.
The question of course is which biometric system to use. Face, fingerpint and iris recognition are all topics of intense research. But the most obvious choice for a mobile phone is surely voice identification. However, this approach has been plagued with problems.
For example, people’s voices can change dramatically when they are ill or in a hurry. What’s more, it’s relatively easy to record somebody’s voice during authentication and use that to break the system. So many groups have steered away from voice biometrics.
That could be set to change. Today, RC Johnson at the University of Colorado at Colorado Springs and a couple of pals lay out a new approach to voice biometrics which they say solves these problems. The new system provides secure authentication while also preserving the privacy of the user.
In the new system, users set up their accounts by recording a large number of words and phrases which are sent in encrypted form to a bank, for example. This forms a template that the bank uses to verify the user.
Ensuring that this template cannot fall into the wrong hands is important and Johnson and co have found an interesting way to do this, called Vaulted Voice Verification.
When users want to access their bank account, they dial in and give their name and password which allows the bank’s server to find their template. The server then asks the user to repeat a set of words or phrases. The problem with this step is that an eavesdropper can record the transmission, thereby gaining information about the template.
Johnson and co get around this by not transmitting the voice data at all. Instead, the bank sends two encrypted versions of each word or phrase to the mobile phone. One is the user’s voice, the other is spoken by an entirely different person.
Software on the mobile phone then has the job of comparing the user’s voice with both files and deciding which is authentic, like a multiple choice quiz. It then sends back the answers to this ‘quiz’ rather than transmitting the voice recording.
The beauty of this system is that the user’s recording of the template words are never transmitted over the network, thereby preserving their privacy.
The multiple choice approach also helps tackle the problem of voice instability given that the task is simply to work out which of the templates supplied by the bank is more likely to be the user’s voice.
Johnson and co say their tests indicate that the approach works well and certainly better than other similar voice biometric systems.
That’s not to say that we’re all going to be using this kind of voice biometric system to access our bank accounts. Merely that this form of authentication is back in contention for mobile phone type security systems in the near future.
Ref: arxiv.org/abs/1212.0042: Secure Voice Based Authentication for Mobile Devices: Vaulted Voice Verification
Geoffrey Hinton tells us why he’s now scared of the tech he helped build
“I have suddenly switched my views on whether these things are going to be more intelligent than us.”
ChatGPT is going to change education, not destroy it
The narrative around cheating students doesn’t tell the whole story. Meet the teachers who think generative AI could actually make learning better.
Meet the people who use Notion to plan their whole lives
The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.
Learning to code isn’t enough
Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.