Smart Cards should be useless except in the hands of their rightful owners. At last this can become a reality following the successful implementation of reliable voice authentication within the confines of a standard 8 bit, 8k Smart Card.
Using its TESPAR technology, Domain Dynamics has demonstrated voice authentication that both runs the verification code and stores the user’s voice template on smart cards of the type now being used by banks and credit card companies. This offers greatly enhanced security and requires the card owner’s physical presence for a successful transaction. Domain Dynamics is now looking for partners to license its technology and bring real security to remote Smart Card transactions.
‘With the growth in smart card use especially in e- and m-commerce where transactions are expected to top $3 trillion by 2002, highly reliable and convenient authentication of identity is urgently required to help counteract fraud and chargebacks. We have startled many industry experts with the power and compactness of our patented TESPAR technology and its suitability for use with standard smart cards,’ said Ian Taylor, Director, Domain Dynamics. ‘TESPAR- derived algorithms require only a tiny amount of space – working alongside other applications even on a standard 8 bit smart card – to verify the key characteristics of an individual’s voice.
Even if conventional voice authentication could be fitted onto a Smart Card, TESPAR would still outperform owing to its ability to handle background noise and day-to-day variations in an individual’s voice.’
In practice, a template created from enrolment samples of the smart card holder’s voice is stored on a standard 8 bit, 8 kilobyte Java Smart Card. The voice template itself is highly secure because it consists of TESPAR’s patented analysis of the key characteristics of a person’s voice which identifies it uniquely but cannot be used to reconstruct that voice. In the transaction process, the cardholder inserts his or her card into the terminal and gives a speech sample.
A verification Applet implemented in Java byte code then runs on the Smart Card to determine if the new live voice template matches the information on the card – at no point is the voice derived data stored anywhere other than the Smart Card.
The verification process takes only milliseconds, while initial enrolment requires as few as three speech samples and takes about two minutes. Security levels can be easily adjusted to suit specific requirements through alteration of the classification strategies deployed by TESPAR’s verification algorithms.
‘The applications of high quality voice authentication on a smart card are enormous and it can easily be integrated with other security methodologies such as Public Key Infrastructure (PKI),’ continued Ian Taylor. ‘Its use in automated e- and m-commerce transactions offers obvious potential, but we also foresee a range of applications from access control for confidential data to payments made via TV set-top box or PC.’
Already UK-based Domain Dynamics has demonstrated that its TESPAR technology is robust and flexible enough to verify the key characteristics of speakers even when they are in a noisy places, have colds, are eating sweets, or are under the influence of alcohol.
Domain Dynamics has licensing arrangements with ET Voice (a subsidiary of European Telecom) to incorporate TESPAR voice authentication and word recognition technology in mobile phone handsets and with Earthport.com to provide additional speaker verification security to its Internet-based payment system.
Domain Dynamics Limited
Heaviside Laboratories 12, Cranfield University Shrivenham Swindon UK SN6 8LA
Tel:+44 (0)1793 782793
Fax: +44 (0)1793 782008
Web Site: www.ddl.co.uk