What's Your Social?

The Government Paperwork Elimination Act of 1998(1) requires that most transactions accomplished by filing a paper form with the Government be converted to an electronic format. It also requires that before these filing transactions can take place, some type of identity verification or authentication must be completed. Authenticating the identity of an online user is difficult for any organization, harder still when the user community is as large as those served by U.S. Government Web sites. Meeting the requirements of the 1998 Act has sparked investigations by various agencies into authentication solutions relying on smart cards, digital certificates and other physical devices. Unfortunately, this only confounds the less technical user and can be expensive to deploy. Hoping to avoid these obstacles, the U.S. Social Security Administration recently conducted a "Voice Print Proof-of-Concept" on their Business Services Online Web site. Users seeking access to wage reporting facilities were invited to test a Web-based approval process employing speech recognition and voice biometrics. During their online session, users received synchronized automated telephone to provide a voice channel. The proof-of-concept was sponsored by the SSA's Office of the Senior Financial Executive. It was one of the first attempts by a U.S. Government agency to use biometrics in a public facing application. Authentify, Inc. of Chicago, Ill., developed the proof-ofconcept (POC) application and hosted the telephony and voice processing. The largest corporations and smallest businesses file more than 100 million online wage reports with the SSA annually. The existing process requires that a user register online and wait to receive a PIN in the mail. "We need a reliable control system but one that isn't too hard to navigate," said Chuck Liptz, the project sponsor from the SSA. "Voice is appealing when considering the size and make-up of our user community." The Web-based application developed during the POC enables real-time PIN delivery and a delegated approval process. In the application flow, a corporate financial supervisor enrolls for access to the online wage reporting facilities. During their enrollment, a voice biometric is created and PIN delivered via an automated telephone call. The biometric is used to authenticate the supervisor upon a return visit for PIN replacement, or authorizing the access of additional employees. To begin the process, a non-supervisory employee applying for online access is prompted to provide telephone and e-mail contact information for their supervisor. The supervisor receives an automatically generated e-mail notifying them of the employee's access request. Embedded in the e-mail is a link to the authorization process that will place a telephone call to the supervisor. During the call, the previously obtained biometric is used to authenticate the supervisor, who in turn speaks an approval or denial of the access request. The latter serves as an electronic signature of the approval. The biometric, the approval voice recording, network timestamps and transaction ID, are all collected as part of the transaction record, providing an irrefutable audit trail should an approval be subsequently called into question. The application places calls over the PSTN as the voice channel vs. VOIP for both voice quality and the audit trail. The ability to link a person not only to a voice biometric, but also to a particular telephone number and Web session raises the security level, while deterring those who might otherwise try to spoof the system. This is a patent-pending approach. Users who tested the application were invited to fill out an online survey indicating their reaction to the SSA's use of voice biometrics. Responses were structured to let users indicate their comfort level on a 1 to 5 scale. In the survey, a low score of 1 represented a "very uncomfortable" feeling while a 5 indicated a "very comfortable" reaction. In response to the question, "How comfortable are you using your voice as an authentication tool?" the response average was 4.72. To the question, "How comfortable are you with providing the Social Security Administration with a recording of your voice?" the response average was 4.49. Authentify and the SSA specifically selected the words "voice recording" in the survey to eliminate any confusion over what a "voice biometric" might be. It was intended to trigger a visceral response from the users. If there was a concern over the government having a voice "print," they wanted to know up front. The proof of concept appeared on the SSA Web site this past January and was available for a little more than five months. A detailed report on the project and its findings is due to be completed in the next several months. A second phase of the project that would expose a larger audience to the voice print application is contemplated for next year. (1) http://www.cio.gov/documents/paperwork_elimination_act.html. John Zurawski is vice president of sales and marketing at Authentify. He can be reached at john.zurawski@authentify.com.
SpeechTek Covers
for qualified subscribers
Subscribe Now Current Issue Past Issues