Browse Prior Art Database

System and Method to Dynamically Authenticate a Caller with Voice Signature using Smart Phone

IP.com Disclosure Number: IPCOM000247470D
Publication Date: 2016-Sep-09
Document File: 5 page(s) / 129K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method for voice certificate authentication, which uses a voice signature digital certificate for caller authentication.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 5

System and Method to Dynamically Authenticate a Caller with Voice Signature using Smart Phone

In electronic conversations, mutual authentication among parties is very important to ensure security and prevent the sharing of sensitive information with unauthorized third parties.

In traditional internet user to server communication, x509 certificate-based mutual authentication (certificate based server authentication and certificate based client authentication), is one popular trusted mutual authentication mechanism. For example, most service providers install server certificates issued by well-known and trusted authorities. When a user uses a browser to connect to the server, the browser can verify whether the server's certificate is trusted, so the user knows if the server is properly identified. Likewise, if the user has been issued a client certificate, the server can verify that user's certificate is trusted and therefore validate the user's identity.

In voice communication, there is no widely adopted or available technology for called consumers to verify the identity of the caller. Businesses that have toll-free numbers can confirm the phone number of an incoming caller via Automatic Number Identification (ANI) and match that number with the phone number that the customer has on file with the business. In this way, the business at least can confirm that the call is coming from the phone of a particular customer.

However, customers receiving an incoming call from a business, have only the Caller ID information sent with the incoming call for "verification". Unfortunately, Caller ID information is very easy to spoof; therefore, there is no good way for a customer to confirm the identity of an incoming caller.

A method is needed to provide verification to a called party that an incoming call is from an authorized representative of the company, as claimed/represented.

The novel contribution is a method for voice certificate authentication, which uses a voice signature digital certificate for caller authentication. A voice signature certification authority records the voices of the business personnel that make phone calls, extracts key identifying characteristics of the voice (i.e., a voice print ), digitally signs the voice print, and provides signed voice signatures as web services.

A smart phone dynamically downloads a caller's voice signature from the voice signature certification authority, or/and optionally saves a frequent caller's voice signature on the device. At the start of an incoming call, a smart phone voice signature verification application checks the incoming caller's voice against the certified voice signature. Optionally, it can continuously or randomly check the caller's voice signature for the duration of the call (in case the call would be transferred to or hijacked by a third party).

This solution comprises two components: a voice signature ce...