Integrated voice biometrics cloud security gateway

US 9,412,381 B2
Filed: 03/30/2011
Issued: 08/09/2016
Est. Priority Date: 03/30/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method to authenticate a user through a triple factor authentication in one step, the method comprising:

intercepting, by a gateway, an access request sent to a network address of a resource server from a user using a user device the access request comprising a unique user record identifier;

identifying a specific user device used by the user to send the access request based on a cookie or an identifier stored in the specific user device by the gateway;

selecting a voice biometrics record of the user recorded using the specific user device used by the user to send the access request from among a plurality of voice biometrics records stored for the user during an enrollment period;

placing a call to the user device based on information from the cookie or the identifier;

sending, to the user device, a challenge message prompting the user to respond by voice, wherein the challenge message corresponds to the selected voice biometrics record;

receiving, from the user device, a voice sample of the user;

comparing the voice sample of the user against the selected voice biometrics record;

converting the voice sample into a speech-to-text phrase; and

comparing the speech-to-text phrase against a stored secret text phrase to verify the speech-to-text phrase matches the stored secret text phrase.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A triple factor authentication in one step method and system is disclosed. According to one embodiment, an Integrated Voice Biometrics Cloud Security Gateway (IVCS Gateway) intercepts an access request to a resource server from a user using a user device. IVCS Gateway then authenticates the user by placing a call to the user device and sending a challenge message prompting the user to respond by voice. After receiving the voice sample of the user, the voice sample is compared against a stored voice biometrics record for the user. The voice sample is also converted into a text phrase and compared against a stored secret text phrase. In an alternative embodiment, an IVCS Gateway that is capable of making non-binary access decisions and associating multiple levels of access with a single user or group is described.

67 Citations

View as Search Results

42 Claims

1. A computer-implemented method to authenticate a user through a triple factor authentication in one step, the method comprising:
- intercepting, by a gateway, an access request sent to a network address of a resource server from a user using a user device the access request comprising a unique user record identifier;
  
  identifying a specific user device used by the user to send the access request based on a cookie or an identifier stored in the specific user device by the gateway;
  
  selecting a voice biometrics record of the user recorded using the specific user device used by the user to send the access request from among a plurality of voice biometrics records stored for the user during an enrollment period;
  
  placing a call to the user device based on information from the cookie or the identifier;
  
  sending, to the user device, a challenge message prompting the user to respond by voice, wherein the challenge message corresponds to the selected voice biometrics record;
  
  receiving, from the user device, a voice sample of the user;
  
  comparing the voice sample of the user against the selected voice biometrics record;
  
  converting the voice sample into a speech-to-text phrase; and
  
  comparing the speech-to-text phrase against a stored secret text phrase to verify the speech-to-text phrase matches the stored secret text phrase.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 42)
- - 2. The computer-implemented method of claim 1, further comprising determining a non-binary access check result for the user, wherein the non-binary access check result for the user device is either ‘
    - GRANTED’
      
      , ‘
      
      DENIED’
      
      , or ‘
      
      LIMITED ACCESS’
      
      .
  - 3. The computer-implemented method of claim 2, wherein the user device is routed to a suspicious activity playground if the non-binary access check result for the data terminal is ‘
    - LIMITED ACCESS’
      
      .
  - 4. The computer-implemented method of claim 1, wherein selecting the stored voice biometrics record comprises matching the specific user device with a specific device used to store the selected voice biometrics record.
  - 5. The computer-implemented method of claim 1, further comprising checking a callback policy for the user device.
  - 6. The computer-implemented method of claim 5, further comprising:
    - confirming that the callback policy for the user device allows for a single step with interactive voice response backup when a user device access check is placing a call to the user device.
  - 7. The computer-implemented method of claim 1, further comprising:
    - storing the unique user record identifier;
      
      storing the voice sample of the user;
      
      storing an address of the resource server that is accessed; and
      
      recording an access time stamp for the resource server.
  - 8. The computer-implemented method of claim 1, wherein multiple voice biometrics records are stored for the user, and each voice biometrics record corresponds to a specific user device.
  - 9. The computer-implemented method of claim 2, further comprising storing multiple unique user record identifiers for the user, wherein each unique user record identifier corresponds to the non-binary access check result.
  - 10. The computer-implemented method of claim 1, wherein intercepting the access request to the resource server from a user using a user device providing a unique user record identifier comprises the unique user record identifier being provided by an authentication, authorization and accounting (AAA) protocol.
  - 11. The computer-implemented method of claim 10, wherein the user device is associated with an authorized phone number within an internal PBX network.
  - 12. The computer-implemented method of claim 10, wherein the authentication, authorization and accounting (AAA) protocol is either RADIUS or DIAMETER.
  - 13. The computer-implemented method of claim 1, wherein intercepting, by the gateway, the access request from the user using the user device to a resource server comprises intercepting, by the gateway, each access request from each user using a user device to a resource server, and wherein placing the call to the user device comprises placing a call to each user device for each access request.
  - 14. The computer-implemented method of claim 1, wherein receiving the voice sample of the user comprises receiving a voice sample of a secret phrase of the user.
  - 15. The computer-implemented method of claim 1, wherein sending the challenge message comprises providing a text message for display on the user device.
  - 42. The computer-implemented method of claim 1, wherein the unique user record identifier is not a password.

16. A non-transitory computer-readable medium having stored thereon a plurality of instructions, the plurality of instructions when executed by a computer, cause the computer to perform:
- intercepting, by a gateway, an access request sent to a network address of a resource server from a user using a user device the access request comprising a unique user record identifier;
  
  identifying a specific user device used by the user to send the access request based on a cookie or an identifier stored in the specific user device by the gateway;
  
  selecting a voice biometrics record of the user recorded using the specific user device used by the user to send the access request from among a plurality of voice biometrics records stored for the user during an enrollment period;
  
  placing a call to the user device based on information from the cookie or the identifier;
  
  sending, to the user device, a challenge message prompting the user to respond by voice, wherein the challenge message corresponds to the selected voice biometrics record;
  
  receiving, from the user device, a voice sample of the user;
  
  comparing the voice sample of the user against the selected voice biometrics record;
  
  converting the voice sample into a speech-to-text phrase; and
  
  comparing the speech-to-text phrase against a stored secret text phrase to verify the speech-to-text phrase matches the stored secret text phrase.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 17. The non-transitory computer-readable medium of claim 16, further comprising determining a non- binary access check result for the user, wherein the non-binary access check result for the user device is either ‘
    - GRANTED’
      
      , ‘
      
      DENIED’
      
      , or ‘
      
      LIMITED ACCESS’
      
      .
  - 18. The non-transitory computer-readable medium of claim 17, wherein the user device is routed to a suspicious activity playground if the non-binary access check result for the data terminal is ‘
    - LIMITED ACCESS’
      
      .
  - 19. The non-transitory computer-readable medium of claim 16, wherein selecting the voice biometrics record comprises matching the specific user device with a specific device used to store the selected voice biometrics record.
  - 20. The non-transitory computer-readable medium of claim 16, further comprising checking a callback policy for the user device.
  - 21. The non-transitory computer-readable medium of claim 20, further comprising:
    - confirming that the callback policy for the user device allows for a single step with interactive voice response backup when a user device access check is ‘
      
      DENIED’
      
      .
  - 22. The non-transitory computer-readable medium of claim 16, further comprising:
    - storing the unique user record identifier;
      
      storing the voice sample of the user;
      
      storing an address of resource server that is accessed; and
      
      recording an access time stamp for the resource server.
  - 23. The non-transitory computer-readable medium of claim 16, wherein multiple voice biometrics records are stored for the user, and each voice biometrics record corresponds to a specific user device.
  - 24. The non-transitory computer-readable medium of claim 17, wherein multiple unique user record identifiers can be stored for the user, and each unique user record identifier corresponds to the non-binary access check result.
  - 25. The non-transitory computer-readable medium of claim 16, wherein intercepting the access request to the resource server from a user using a user device providing a unique user record identifier comprises the unique user record identifier being provided by an authentication, authorization and accounting (AAA) protocol.
  - 26. The non-transitory computer-readable medium of claim 25, wherein the user device is an authorized phone number within an internal PBX network.
  - 27. The non-transitory computer-readable medium of claim 25, wherein the authentication, authorization and accounting (AAA) protocol is either RADIUS or DIAMETER.

28. An integrated voice biometrics cloud security (IVCS) gateway system, comprising:
- a database;
  
  an application layer based packet forwarding and control engine comprising;
  
  a voice biometrics callback and routing policy engine, and;
  
  one or more IP protocol handlers;
  
  a voice biometrics verification server (VBVS) comprising;
  
  a third party call control,an interactive voice response (IVR) module, anda suspicious activity playground;
  
  one or more WAN Ethernet switch ports for connection to ISP cloud; and
  
  one or more LAN Ethernet switch ports for connection to resource servers,wherein the application layer based packet forwarding and control engine executes instructions to;
  
  intercept, by a gateway, an access request sent to a network address of a resource server from a user using a user device the access request the access request comprising a unique user record identifier;
  
  identify a specific user device used by the user to send the access request based on a cookie or an identifier stored in the specific user device by the gateway;
  
  select a voice biometrics record of the user recorded by using the specific user device used by the user to send the access request from among a plurality of voice biometrics records stored for the user during an enrollment period;
  
  place a call to the specific user device based on information from the cookie or the identifier;
  
  send, to the user device, a challenge messages prompting the user to respond by voice, wherein the challenge message corresponds to the selected voice biometerics record;
  
  receive, from the user device, a voice sample of the user;
  
  compare the voice sample of the user against the selected voice biometrics record;
  
  convert the voice sample into a speech-to-text phrase; and
  
  compare the speech-to-text phrase against a stored secret text phrase to verify the speech-to-text phrase matches the stored secret phrase.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 29. The system of claim 28, wherein the application layer based packet forwarding and control engine executes instructions to determine a non-binary access check result for the user, and the non-binary access check result for the user device is either ‘
    - GRANTED’
      
      , ‘
      
      DENIED’
      
      , or ‘
      
      LIMITED ACCESS’
      
      .
  - 30. The system of claim 29, wherein the user device is routed to a suspicious activity playground if the non-binary access check result for the data terminal is ‘
    - LIMITED ACCESS’
      
      .
  - 31. The system of claim 28, wherein to select the stored voice biometrics record comprises to match the specific user device with a specific device used to store the selected voice biometrics record.
  - 32. The system of claim 28, wherein the application layer based packet forwarding and control engine executes instructions to check a callback policy for the user device.
  - 33. The system of claim 32, wherein the application layer based packet forwarding and control engine executes instructions to:
    - confirm that the callback policy for the user device allows for a single step with interactive voice response backup when a user device access check is ‘
      
      DENIED’
      
      .
  - 34. The system of claim 28, wherein the application layer based packet forwarding and control engine executes instructions to:
    - store the unique user record identifier;
      
      store the voice sample of the user;
      
      store an address of the resource server that is accessed; and
      
      record an access time stamp for the resource server.
  - 35. The system of claim 28, wherein multiple voice biometrics records are stored for the user, and each voice biometrics record corresponds to a different type of user device.
  - 36. The system of claim 29, wherein multiple unique user record identifiers can be stored for the user, and each unique user record identifier corresponds to the non-binary access check result.
  - 37. The system of claim 28, wherein the unique user record identifier is provided by an authentication, authorization and accounting (AAA) protocol.
  - 38. The system of claim 37, wherein the user device is an authorized phone number within an internal PBX network.
  - 39. The system of claim 37, wherein the authentication, authorization and accounting (AAA) protocol is either RADIUS or DIAMETER.
  - 40. The system of claim 28, further comprising one or more PSTN ports.
  - 41. The system of claim 28, further comprising one or more SIP trunk ports.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ack3 Bionetics Pte Limited
Original Assignee
Ack3 Bionetics Pte Limited
Inventors
Bhaskaran, Sajit
Primary Examiner(s)
Sirjani, Fariba

Application Number

US13/076,261
Publication Number

US 20110246196A1
Time in Patent Office

1,959 Days
Field of Search

704/235
US Class Current

1/1
CPC Class Codes

G06F 21/313   using a call-back technique...

G06F 21/32   using biometric data, e.g. ...

G10L 15/26   Speech to text systems G10L...

G10L 17/08   Use of distortion metrics o...

G10L 17/24   the user being prompted to ...

H04L 63/0861   using biometrical features,...

H04W 12/065   Continuous authentication

Integrated voice biometrics cloud security gateway

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Integrated voice biometrics cloud security gateway

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links