Integrated voice biometrics cloud security gateway
First Claim
1. A computer-implemented method to authenticate a user through a triple factor authentication in one step, the method comprising:
- intercepting, by a gateway, an access request sent to a network address of a resource server from a user using a user device the access request comprising a unique user record identifier;
identifying a specific user device used by the user to send the access request based on a cookie or an identifier stored in the specific user device by the gateway;
selecting a voice biometrics record of the user recorded using the specific user device used by the user to send the access request from among a plurality of voice biometrics records stored for the user during an enrollment period;
placing a call to the user device based on information from the cookie or the identifier;
sending, to the user device, a challenge message prompting the user to respond by voice, wherein the challenge message corresponds to the selected voice biometrics record;
receiving, from the user device, a voice sample of the user;
comparing the voice sample of the user against the selected voice biometrics record;
converting the voice sample into a speech-to-text phrase; and
comparing the speech-to-text phrase against a stored secret text phrase to verify the speech-to-text phrase matches the stored secret text phrase.
2 Assignments
0 Petitions
Accused Products
Abstract
A triple factor authentication in one step method and system is disclosed. According to one embodiment, an Integrated Voice Biometrics Cloud Security Gateway (IVCS Gateway) intercepts an access request to a resource server from a user using a user device. IVCS Gateway then authenticates the user by placing a call to the user device and sending a challenge message prompting the user to respond by voice. After receiving the voice sample of the user, the voice sample is compared against a stored voice biometrics record for the user. The voice sample is also converted into a text phrase and compared against a stored secret text phrase. In an alternative embodiment, an IVCS Gateway that is capable of making non-binary access decisions and associating multiple levels of access with a single user or group is described.
67 Citations
42 Claims
-
1. A computer-implemented method to authenticate a user through a triple factor authentication in one step, the method comprising:
-
intercepting, by a gateway, an access request sent to a network address of a resource server from a user using a user device the access request comprising a unique user record identifier; identifying a specific user device used by the user to send the access request based on a cookie or an identifier stored in the specific user device by the gateway; selecting a voice biometrics record of the user recorded using the specific user device used by the user to send the access request from among a plurality of voice biometrics records stored for the user during an enrollment period; placing a call to the user device based on information from the cookie or the identifier; sending, to the user device, a challenge message prompting the user to respond by voice, wherein the challenge message corresponds to the selected voice biometrics record; receiving, from the user device, a voice sample of the user; comparing the voice sample of the user against the selected voice biometrics record; converting the voice sample into a speech-to-text phrase; and comparing the speech-to-text phrase against a stored secret text phrase to verify the speech-to-text phrase matches the stored secret text phrase. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 42)
-
-
16. A non-transitory computer-readable medium having stored thereon a plurality of instructions, the plurality of instructions when executed by a computer, cause the computer to perform:
-
intercepting, by a gateway, an access request sent to a network address of a resource server from a user using a user device the access request comprising a unique user record identifier; identifying a specific user device used by the user to send the access request based on a cookie or an identifier stored in the specific user device by the gateway; selecting a voice biometrics record of the user recorded using the specific user device used by the user to send the access request from among a plurality of voice biometrics records stored for the user during an enrollment period; placing a call to the user device based on information from the cookie or the identifier; sending, to the user device, a challenge message prompting the user to respond by voice, wherein the challenge message corresponds to the selected voice biometrics record; receiving, from the user device, a voice sample of the user; comparing the voice sample of the user against the selected voice biometrics record; converting the voice sample into a speech-to-text phrase; and comparing the speech-to-text phrase against a stored secret text phrase to verify the speech-to-text phrase matches the stored secret text phrase. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An integrated voice biometrics cloud security (IVCS) gateway system, comprising:
-
a database; an application layer based packet forwarding and control engine comprising; a voice biometrics callback and routing policy engine, and; one or more IP protocol handlers; a voice biometrics verification server (VBVS) comprising; a third party call control, an interactive voice response (IVR) module, and a suspicious activity playground; one or more WAN Ethernet switch ports for connection to ISP cloud; and one or more LAN Ethernet switch ports for connection to resource servers, wherein the application layer based packet forwarding and control engine executes instructions to; intercept, by a gateway, an access request sent to a network address of a resource server from a user using a user device the access request the access request comprising a unique user record identifier; identify a specific user device used by the user to send the access request based on a cookie or an identifier stored in the specific user device by the gateway; select a voice biometrics record of the user recorded by using the specific user device used by the user to send the access request from among a plurality of voice biometrics records stored for the user during an enrollment period; place a call to the specific user device based on information from the cookie or the identifier; send, to the user device, a challenge messages prompting the user to respond by voice, wherein the challenge message corresponds to the selected voice biometerics record; receive, from the user device, a voice sample of the user; compare the voice sample of the user against the selected voice biometrics record; convert the voice sample into a speech-to-text phrase; and compare the speech-to-text phrase against a stored secret text phrase to verify the speech-to-text phrase matches the stored secret phrase. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
Specification