Skip to main content
European Commission logo print header

Objective Control for TAlker VErification

Article Category

Article available in the following languages:

User authentication by voice can be robust and secure

A new platform put together by EU researchers means automatic speaker verification – authenticating people by their voice – could finally become a feasible alternative to passwords for accessing places, devices and services.

Digital Economy icon Digital Economy

EU researchers have designed OCTAVE — a platform for Automatic Speaker Verification (ASV) that can provide a reliable and secure way of using people’s voices to check their identities. ‘We set up the project with the aim of getting rid of passwords in all apps and increasing confidence in ASV technology,’ says Sebastiano Trigila, project coordinator and member of staff directorate at Italy’s Fondazione Ugo Bordoni (FUB). Most people find managing passwords for countless devices and services frustrating. It is also costly for businesses: studies show recovery and reset requests may account for 30 % of calls to helpdesks. The growth of smart services often involves scenarios unsupervised by people, such as controlling access to a sensitive area in a building. This rules out token-based approaches like smartcards. But concerns about security, in particular spoofing, have held back the take-up of voice biometrics. ‘We wanted our system to be able to dissuade attacks such as recording my voice for submission to an ASV system or a more sophisticated attack like synthetic speech,’ says Mr Trigila, ‘the OCTAVE project has shown all these attacks can be detected and rebuffed.’ Secure in the cloud With the OCTAVE solution, businesses do not have to get equipped with ASV systems of their own, but can use ASV as a cloud service, offered by a trusted platform run by a dedicated third-party player. When a business, acting as service provider, needs to authenticate a user, it can rely on such a player. To keep data safe, OCTAVE uses a distributed system. User data does not reside in one single server but on a cloud of servers operated by independent players who communicate through standard and secured protocols. Personal and service-profile data stay on the provider’s server, while only audio samples and automatically generated numerical IDs travel through the OCTAVE system. Audio samples are used to generate and store voiceprints and then immediately discarded. Unbreakable system ‘Even if you steal a voiceprint, you must break multi-key encryption and hack a server chain, to be able to put the puzzle back together’ notes Mauro Falcone, project technical leader and a senior FUB researcher. As another key innovation, the system makes sure voices are real before sending the audio sample off for verification, so spoofing is detected at an early stage. Trials conducted in summer, 2017 — controlling access to restricted areas at Milan’s Linate airport and providing customer support for Findomestic online banking — showed that people found the system easy to use. Standard testing data, such as the ASV 2017 antispoof benchmark, showed the system performs well even in the presence of background noise. ‘Whenever we tested the results, we were in the top five ranking compared to the literature. Several other initiatives only tested their core algorithms, whereas we tested the whole system,’ says Mr Falcone. OCTAVE has published various articles in academic journals and has inspired a follow-up project in Finland. Commercial partners ValidSoft and Atos Spain plan to start offering the service on a commercial basis. Mr Trigila is optimistic about the prospects for ASV — ‘It is not only powerful technology, but is also unbreakable in a cloud context,’ he remarks.

Keywords

OCTAVE, voice biometrics, Automatic Speaker Verification, anti-spoofing, passwords, smart systems

Discover other articles in the same domain of application