+

WO1999022362A1 - Non-transferable bio-metric token-based identification methods and devices - Google Patents

Non-transferable bio-metric token-based identification methods and devices Download PDF

Info

Publication number
WO1999022362A1
WO1999022362A1 PCT/IB1998/001835 IB9801835W WO9922362A1 WO 1999022362 A1 WO1999022362 A1 WO 1999022362A1 IB 9801835 W IB9801835 W IB 9801835W WO 9922362 A1 WO9922362 A1 WO 9922362A1
Authority
WO
WIPO (PCT)
Prior art keywords
bio
token
voice
identification
owner
Prior art date
Application number
PCT/IB1998/001835
Other languages
French (fr)
Inventor
Isaac J. Labaton
Original Assignee
Enco-Tone Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Enco-Tone Ltd. filed Critical Enco-Tone Ltd.
Priority to AU10485/99A priority Critical patent/AU1048599A/en
Priority to CA002307161A priority patent/CA2307161A1/en
Priority to EP98952949A priority patent/EP1031139A4/en
Publication of WO1999022362A1 publication Critical patent/WO1999022362A1/en

Links

Classifications

    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS TECHNIQUES OR SPEECH SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING TECHNIQUES; SPEECH OR AUDIO CODING OR DECODING
    • G10L17/00Speaker identification or verification techniques

Definitions

  • the present invention relates, generally, to systems, methods and apparatus for personal identification.
  • Voice analysis, characterization and recognition technology is a mature field and is referred to herein as Speaker (identity) Verification Software (SVS) and the Speaker Verification Application Programming Interface (SVAPI) projected standard.
  • SVS Speaker
  • SVAPI Speaker Verification Application Programming Interface
  • Use of these current voice characterization and recognition technologies for personal identification purposes has several problems.
  • Second, current identification devices require the use of a database wherein each person's voice characteristic (referred to hereinafter as a Voice Print) is stored for comparison purposes. The need to store such information at the identification device necessarily limits the use of current technology for some applications. Accordingly, there is a need for new systems, methods and apparatus which will improve substantially the reliability of personal identification using voice recognition technology, and further will alleviate the need to store voice characteristic data at the decryption or identification device.
  • the present invention comprises devices including, but not limited to, a Personalization Machine; a Bio-Token (non-transferable electronic portable device) carried by a person (carrier) to be identified either as the owner/rightful possessor of the Bio-Token or not, which stores the owner's Voice Print or, alternatively, a chip
  • an Identification Device e.g., an ID server
  • the invention also may comprise any of several device variations described below.
  • the invention further comprises a number of methods designed to provide for the identification of a person holding a portable device referred to as a Bio-Token, as being either the owner/rightful possessor or not, as well as methods for certification of voice documents.
  • One method encompassed by the present invention preferably comprises the use of Speaker Verification Software, which is commercially available, to obtain the Voice Print of the rightful owner of the portable device (Bio-Token).
  • the method further preferably comprises a step of providing the owner's identification data to the Bio-Token device (see FIG.
  • the method also may comprise an optional step of encrypting the Voice Print and the owner's identification data, such encryption step referred to hereinafter as Static Encryption.
  • the method further may comprise a step of storing into the Bio-Token device carried by the person to be identified (carrier/holder), the carrier's Voice Print, Identification Data and/or Static Encryption results.
  • the above steps may be referred to in part or as a whole as a Personalization Procedure.
  • the methods of the invention further may comprise a step of distributing Identification Devices and/or Identification Software.
  • the same Speaker Verification Software previously used to create the Voice Print during the Personalization Procedure may be installed in such Identification Devices, each Identification Device thereby having the operational capability to decrypt Voice Prints and/or Identification Data.
  • Identification Devices alternatively may use any other suitable software or hardware to decrypt Voice Prints and/or identification data.
  • the present invention further encompasses methods for identification. Each time that a carrier of a portable device (Bio-Token) needs to be identified, the carrier may activate the Bio-Token device. Activation may require that the carrier first enter a PIN into the Bio-Token device.
  • the Bio-Token device then may read from its electronic memory the Voice Print of the rightful owner, previously entered, and then may merge or concatenate such digits with a time stamp or use any other method in order to create a dynamic message (such as a sequential method), wherein the dynamic message is encrypted (referred to hereinafter as Dynamic Encryption) by the Bio-Token, the result of such Dynamic Encryption referred to hereinafter as a Cipher.
  • the method also may include an optional step of encoding the Cipher into sound, in which case an Acoustic Message produced by the Bio-Token may be referred to as an Acoustic Cipher.
  • Both the audio signals of the Acoustic Cipher (Acoustic Message) and the actual voice (utterance) of the carrier (referred to hereinafter as the Voice String) then may be transmitted to the Identification Device.
  • the transmission may be made directly or indirectly, e.g., transmitted by any media of communication such as phone,
  • the Cipher encoded or not, should reach an Identification Device, on-line or off-line, together with the actual voice utterance (Voice String) of the Bio-Token's carrier.
  • the Voice String may be transmitted in the form of an answer to a variable question or request, e.g., "Please repeat the words: Bill Clinton," or " Say the date and time in minutes, hours, days and years, " or "Please say the transaction data, if any, to be certified by this identification.
  • the methods of the present invention also may comprise a step of decrypting the cipher received by the Identification Device.
  • the Identification Device decrypts the cipher (Dynamic Decryption), thereby obtaining the Statically Encrypted Voice Print and, then, Statically Decrypts the Statically Encrypted Voice Print to recuperate the Voice Print (referred to herein as the "Computed Result").
  • the methods of this invention also may include the step of analyzing the Voice
  • the Identification Device then may conclude that the rightful Owner of the portable device
  • Bio-Token is the present Carrier of the Bio-Token, whose voice response has been analyzed. Due to the fact that the Cipher also includes the authorized owner's ID Data and/or the transaction data, such as his name, and/or address, and/or driver license and/or passport number, etc., the Identification Device will have the ID Data certified with some certainty that the data corresponds to the present Carrier of the
  • an alternative method for remote identification is provided wherein the Bio-Token generates a scrambled sample of the Owner's voice. More precisely, the Bio-Token may reproduce a sample of the Owner's voice which was pre-recorded by the
  • This sample may be scrambled, before being converted into sound, by mixing it with an encoded number.
  • the encoded number preferably is a variable number, with a very large cycle for repetitions, referred to hereinafter as a pseudo- random number.
  • the Owner's voice sample mixed with the pseudo-random number is referred to hereinafter as a Scrambled Owner Voice Sample.
  • the Bio-Token may compute a new dynamic password or digital signature.
  • the dynamic password/digital signature then preferably is embedded with the Owner's ID Data and the data preferably is used as a "seed" to compute the pseudo random number for scrambling purposes.
  • the Bio-Token may then encode the dynamic password/digital signature and scrambled Owner's Voice Sample into sound, referred to hereinafter as a Scrambled Acoustic Message.
  • This Scrambled Acoustic Message may then be transmitted, directly or indirectly, to the Identification Device together with the Carrier's voice
  • the Voice String comprises the same words or phrase as the Owner's Voice Sample.
  • the Identification Device may then decode the dynamic password/digital signature and decrypt it, recuperating the Owner's ID Data and the Seed.
  • the Seed then preferably is used by the Identification Device to compute the pseudo random number and, with such information, de- scramble the received scrambled Owner's Voice Sample thereby recuperating the Owner's voice sample.
  • the Identification Device then may analyze the sample together with the carrier's Voice Sample, by means of Speaker Verification Software, and conclude whether they are similar or not. In a positive case, the Identification Device may display or transmit the owner's received ID Data.
  • the present invention further may comprise a number of suitable devices such as Personalization Machines, a multitude of Bio-Token devices, and a multitude of Identification Devices (e.g., ID Servers).
  • a Personalization Machine is a machine capable of reading from one or more media, for example, Hard Disks, floppy disks, RAM, ROM, Dangles, PCMCIA, Chip cards or others; recording and analyzing voice samples, e.g., running Speaker (identity) Verification Software; generating Voice Prints; elaborating Voice Prints; and writing into the electronic memory of a Bio- Token device.
  • Bio-Token devices are portable electronic devices with memory, having the capability to read from the memory, to compute, to encrypt, and to encode results into sound.
  • the Identification Devices preferably are devices capable of reading from one or several media, e.g., Hard Disks, floppy disks, RAM, ROM, Dangles, PCMCIA, Chip cards or others; recording, digitizing and analyzing voice samples, e.g., running Speaker (identity) Verification Software; generating Voice Prints; elaborating Voice Prints; and/or recording, digitizing and analyzing Acoustic Messages generated by the Bio-Token devices, including Acoustic Ciphers.
  • media e.g., Hard Disks, floppy disks, RAM, ROM, Dangles, PCMCIA, Chip cards or others
  • recording, digitizing and analyzing voice samples e.g., running Speaker (identity) Verification Software
  • generating Voice Prints elaborating Voice Prints
  • recording, digitizing and analyzing Acoustic Messages generated by the Bio-Token devices including Acoustic Ciphers.
  • Fig. 1 is a block flow diagram representing the functionality of the Personalization Machine (PM) for one particular case referred in the following;
  • PM Personalization Machine
  • Fig . 2 is a block flow diagram representing the functionality of the Personalization Machine (PM) for another case referred in the following, which includes Static Encryption;
  • PM Personalization Machine
  • Fig. 3 is a block flow diagram representing the functionality of the Bio-Token device for another case referred in the following;
  • Fig. 4 is a block flow diagram representing the functionality of the Bio-Token device for another case referred in the following which includes Static Encryption
  • Fig. 5 is a block flow diagram representing the functionality of the Bio-Token device for another case referred in the following, which includes Static Encryption and further includes the generation of calibration signals to correct distortion effects;
  • Fig. 6 is a block flow diagram representing the functionality if the Identification Device;
  • Fig. 7 is a block flow diagram representing the functionality of the Identification
  • Fig. 8 is a block flow diagram representing the functionality of the Identification Device with Static Encryption and further including the use of calibration signals to correct distortion effects;
  • Fig. 9 is a block flow diagram representing the Identification Process, including
  • Fig. 10 is a block flow diagram representing the Identification Process, including Bio-Token and Identification Device functionality, wherein the Identification Device reads secrets keys from a chip-card
  • Fig. 1 1 is a block flow diagram representing the Identification Process, including Bio-Token and Identification Device functionality, wherein the Identification Device reads the secrets keys from a chip-card and performs Static decryption;
  • Fig. 1 2 is a block flow diagram representing the functionality of the invention wherein the Bio-Token is implemented in a cellular phone to eliminate the cloning fraud;
  • Fig. 1 3 is a block flow diagram of the functionality of the invention wherein the Bio-Token is implemented in a Debit-Card;
  • Fig. 1 4 is a block diagram of the Bio-Token/ROV-Bio-Token components
  • Fig. 1 5 is a block flow diagram representing the functionality of the invention wherein the Bio-Token is implemented in one type of Travelers Check application;
  • Fig. 1 6 is a block flow diagram representing the functionality of the invention wherein the Bio-Token is implemented in one type of Debit-Card application;
  • Fig. 1 7 is a block flow diagram representing the functionality of the invention wherein the Bio-Token is implemented in one type of Debit-Card application;
  • Fig. 1 8 is a block flow diagram representing the functionality of a
  • Fig. 1 9 is a block flow diagram representing the functionality of an ROV-Bio- Token, Static Encryption is not shown in order to simplify the diagram;
  • Fig. 20 is a block flow diagram representing the steps for scrambling a Real
  • ROV Owner's Voice
  • Fig. 21 is a block flow diagram representing the functionality of an Identification Device for use with an ROV-Bio-Token, Static Encryption is not shown in order to simplify the diagram;
  • ROV Real Owner's Voice
  • the present invention more generally encompasses remote identification systems, methods and devices which allow the identity of a person (“Owner”) to be compared to that of a holder ("Holder” or “Carrier”) of a portable device ("Bio-Token”). Identification may be performed by a remote device ("Identification Device”) by comparing a voice sample characteristic stored in the Bio-
  • the methods of the present invention may further allow for the certification of such Utterances.
  • the methods associated with the present invention preferably comprise some or all of the following steps (see Fig. 1 ): personalizing the Bio-Token, comprising the following sub-steps:
  • Step 1 connecting the Bio-Token to a specific machine referred to as a Personalization Machine (PM); Step 2: entering a set of the Owner's ID Data into the PM;
  • PM Personalization Machine
  • Step 3 capturing a sample of the Owner's voice and generating a
  • Step 4 writing or registering into the Bio-Token's memory the Owner's Identification Data and Voice Print, or, optionally, registering such information on a chip-card which then can be inserted into the Token; and properly identifying whether the Holder of a Bio-Token is the owner, by an Identification Device (e.g., ID Server) (see Figs. 9 and 10), preferably comprising some or all of the following sub-steps: a) the Bio-Token's Holder actuates the Bio-Token; b) the Holder provides an Utterance to the Identification Device; c) the Identification Device receives an Acoustic Message generated by the Bio-Token, along with the Holder's voice (Utterance) (see Fig.
  • an Identification Device e.g., ID Server
  • the Identification Device compares the Voice Print in the Acoustic Message provided by the Bio-Token to a voice print of the Utterance.
  • a Bio-Token When a Bio-Token is switched on, the Holder may be prompted to enter a Personal Identification Number (optional). Once the Bio-Token is on and operational, it may read the Owner's Voice Print and/or Identification Data from memory, or, alternatively, from a chip card where the Voice Print and/or the Owner's ID Data are stored. The Bio-Token then preferably encrypts the Voice Print, the Owner's
  • Cipher Identification Data and the Generation Time (e.g., present GMT time and date) into a Cipher, in a manner such that each and any Cipher is distinct from the previous one, and the repetition cycle is very large (e.g., tens of years) .
  • a preferred encryption scheme is described in U.S. Patent No. 5,524,072 (PCT/US92/1 0492), but any suitable encryption scheme may be utilized. This encryption step will be referred to herein as "Dynamic Encryption" (see Fig. 3, Step 4) .
  • the Token can encode the Cipher into sound using MODEM techniques or any other method of encoding digits into sound (see Fig.
  • an Identification Device e.g., ID Server
  • an Identification Device preferably receives an Acoustic Message from the Bio-Token along with the Holder's voice ("Utterance"), and registers the time of arrival ("Capture Time") of such Acoustic Message.
  • the Identification Device suitably decrypts the Dynamic Encryption thereby recapturing the Voice Print, the Identification Data and the Generation Time.
  • the Identification Device may then analyze the Holder's utterance by means of any suitable software (such software is already commercially available).
  • Step 4 the Identification Device may then compare the Voice Print, received within the Cipher, to the results of the analysis. If the Voice Print is similar to the results of the Utterance analysis, within pre-established tolerances, then, as shown in Step 5, the Identification Device preferably goes on to check the Capture Time against the recaptured Generation Time to avoid intercepted Acoustic Messages. If OK, the Identification Device has identified and authenticated the Holder and may then proceed with a particular transaction, e.g., with the display and/or transmission of the Owner's Identification Data.
  • these methods comprise the step of personalizing the Bio-Token, which preferably comprises one or more of the following sub-steps (see Fig. 2):
  • Step 1 loading the Personalization Machine with encryption keys; Step 2 entering the Bio-Token on the Personalization Machine, Step 3 entering the Owner's Identification Data, Step 4 capturing the Owner's voice, generating the Voice Print, and, optionally, compressing, and/or mathematically elaborating such Voice Print (e.g., averaging or/and hashing the Voice Print); and
  • Step 5 Statically Encrypting the Voice Print and/or the Identification
  • a system's private key may be used to encrypt the Voice Print.
  • a private key (for example, a key referred to herein as SSPrK#l) may be used to encrypt the Owner's name and address; a private key (for example, a key referred to herein as SSPrK#2) may be used to encrypt the
  • a private key for example, a key referred to herein as SSPrK#3 may be used to encrypt the Owner's passport data; a private key (for example, a key referred to herein as SSPrK#4) may be used to encrypt the Owner's Credit Card data; a private key (for example, referred to herein as SSPrK#5) may be used to encode the owner's Social Security number; and so on, any appropriate number of keys (e.g., SSPr#n) may be used to encrypt whatever data about the Owner that may be pertinent.
  • Step 6 writing or registering into the Bio-Token memory the
  • Step 5 Statically Encrypted Owner's Identification Data and Voice Print. Because the encryption described in Step 5 differs fundamentally from the above-described Dynamic Encryption (the encryption of Step 5 is fixed, with no time variable), this step is referred to herein as Static Encryption. Accordingly, any keys utilized by the Static Encryption are referred to herein as Static Encryption Keys.
  • These methods further may comprise the step of properly identifying the Holder of the Bio-Token by the Identification Device, preferably comprising one or more of the following sub-steps (see Fig. 1 1 ) : a) the Token's Holder actuates the Bio-Token (see Fig. 4) and the Bio-Token transmits an Acoustic Cipher to the Identification Device; b) the Holder speaks (transmits an Utterance to the Identification Device); and c) the Identification Device receives the Acoustic Message generated by the Bio-Token and the Holder's voice (see Fig. 7).
  • the Holder may be required to enter a Personal Identification Number (optional). Once the Bio-Token is on and functional, it may then read the Statically Encrypted Voice Print and/or
  • the Bio-Token may then Dynamically encrypt the Voice Print, the Owner's Identification Data and the Generation Time, as discussed above, into a Cipher.
  • the Token may then encode the Cipher into sound, in which case an Acoustic Message produced by the Bio-Token may be referred to as an Acoustic Cipher.
  • Step 1 the Identification Device (e.g., ID Server) receives the Acoustic
  • Step 2 the Identification Device decrypts the Dynamic Encryption, recuperating the Statically Encrypted Voice Print, Identification Data and Generation Time; Step 3: the Identification Device decrypts the Statically Encrypted Voice
  • Print e.g., using the system's respective public key
  • Step 4 the Identification Device analyzes the Holder's voice (Utterance);
  • Step 5 the Identification Device compares the Voice Print with the results of the analysis of the Holder's voice (Utterance); Step 6: if the Voice Print is similar to the analysis of the Holder's voice, within pre-established tolerances, then the Identification Device preferably goes on to check the Capture Time against the recuperated Generation Time, to avoid intercepted Acoustic Messages; and
  • Step 7 if OK, the Identification Device preferably proceeds with the transaction, e.g., to Statically Decrypt the Owner's Identification Data, as described below.
  • a police Department's ID Servers may have all the public keys and, therefore, will be able to Statically decrypt any and all of the Owner's Identification Data.
  • an Identification Device of lower accessability may hold only a limited number of public keys, for example, a system may only hold Public Keys #1 and 2 (referred to above SSPuK#l and SSPuK#2) . In that case, the Identification Device will only be able to decrypt two pieces of the
  • the method also preferably includes the optional step of displaying or/and transmitting the Statically Decrypted portion of the Owner's ID Data.
  • the Bio-Token can store and scramble a specific Owner's voice specimen.
  • the Bio-Token is referred to as the Real Owner's Voice (ROV) Storing and Scrambling Token, or ROV-Bio-Token.
  • the ROV-Bio-Token preferably is capable of reproducing a specimen of the Owner's voice, which was pre-recorded by the PM (Personalization Machine) and stored in the ROV-Bio-Token during the personalization procedure (see Fig. 1 8, the optional Static Encryption was not included in this diagram to simplify the explanation).
  • the Real Owner's Voice specimen may be scrambled, resulting in a "Scrambled ROV Specimen," before being reproduced by the ROV-Bio-Token.
  • the above-mentioned scrambling step preferably is a variable-result-scrambling- step, which helps to avoid misuse or fraud, e.g., the recording and subsequent usage of the Scrambled Real Owner's Voice specimen in order to impersonate the Owner.
  • the Scrambled ROV Voice specimen becomes obsolete soon after being reproduced by the ROV-Bio-Token due to the fact that is scrambled using a different scrambling factor each time, each factor becoming obsolete soon after its use.
  • the Real Owner's Voice specimen may be stored in the token's memory as digits (samples), these samples preferably being the result of the digitization made in the Personalization Machine. Then, a variable number (referred as the Scrambling Number or SN) may be computed by the token's CPU and converted into digits as a first step towards its encodification into sound, (referred to herein as "SN Samples").
  • SN Samples a variable number
  • the SN Samples After being converted, the SN Samples will become a large set of hex-digits which represents the analog wave sound samples, such as would be obtained if the SN were in DTMF tones and being digitized (a possible method for accomplishing such conversion in a chip is described in a 1 993 document of Microchip Technology Inc referred as AN543).
  • SN 567fa34590b5278c7ff45639a567fa34590b5278c7ff45639a.
  • SN Samples samples, referred to herein as SN Samples
  • each digit represents the amplitude of the analog sound wave sample resulting from the conversion of the number into DTMF.
  • the first digit of SN the number 5
  • a scrambling procedure can be as simple as summing the corresponding samples of the specimen and SN samples:
  • the scrambling procedure may be accomplished by the superposition of the specimen with an encoded number.
  • the two sets of numbers may be summed, sample by sample, wherein one of the said sets represents a received and digitized Scrambled Real Owner's Voice specimen Samples and the other set represents the Scrambling Number samples, preferably, but not necessary, made with the same sampling rate (i.e.: 8000 samples/sec) (see Fig. 20).
  • sampling rate i.e.: 8000 samples/sec
  • the ROV-Bio-Token may compute the SN from a Seed number, creating a distinct number each time, and then embed and transmit the Seed number with the Acoustic Message in a manner which will allow the ROV-ldentification-Device (e.g., ROV-ID-Server) to recuperate the Seed and re-compute the SN.
  • the data needed to compute the Scrambling Number is referred to herein as the "Scrambling Number's Seed, " or just "Seed. "
  • the ROV-ldentification device may continue with the Identification procedure as described in the block flow diagram shown in Fig. 21 . All of the numbers and methods of scrambling described above are merely exemplary, and that any suitable scrambling methods will suffice.
  • modem technology may be utilized to transmit the Acoustic Message, wherein the scrambling procedure may comprise the XORing of the ROV Specimen samples with the SN samples.
  • the scrambling procedure may comprise the XORing of the ROV Specimen samples with the SN samples.
  • an utterance reproduced by the Bio-Token may be transmitted to the Identification Device (e.g., ID server) where it may then be recorded and unscrambled. More precisely, and according to this aspect of the present invention, each time the ROV-Bio-Token Holder needs to identify himself to the ROV-ldentification Device, the
  • ROV-Bio-Token may compute a new Dynamic Message, which carries embedded in it the Owner's ID Data, the Generation Time, and the Seed (see Fig. 1 9).
  • the Bio-Token then may encode the Dynamic Message and the Scrambled
  • Scrambled Acoustic Message may be transmitted to the ROV-ldentification-Device along with the Holder's voice (utterance), the words of the utterance preferably comprising the same words of the Owner's Voice Specimen.
  • the ROV-ldentification- Device then may decode the Dynamic Message and decrypt it, recuperating the Owner's ID Data, the Generation Time and the Seed.
  • the Identification Device may then use the Seed to compute the Scrambling Number and, with such information, unscramble the received Scrambled Owner's Voice Specimen thereby recuperating the Owner's voice specimen.
  • the Identification Device then may analyze the specimen against the Holder's voice (Utterance), by means of Speaker Verification Software, and thereby conclude whether the Holder's voice (Utterance) and Owner's voice reproduction (emitted by the Bio-Token) are similar or not.
  • the ID Server may display or transmit the owner's ID Data received.
  • a method of overcoming drift problems is presented wherein two or more acoustic messages may be requested by an Identification Device during a particular transaction, such that the time elapsed between the two acoustic messages will be set by the Identification Device, thereby preventing the possibility of using pre-recorded Acoustic Messages.
  • the Bio-Token may concatenate Frequency-Response-Correction-Signals to the Acoustic Message, thereby correcting any distortion that may be created due to lack of linearity. These deformities usually are caused by the sound-to-analog electric signal conversion at microphones, in addition to transmission and amplification generated distortions.
  • the Frequency-Response-Correction-Signals e.g., a sample of frequencies with the same amplitude, timely concatenated, may be added at the time the Personalization Machine records the Owner's voice and/or at the time the Acoustic Message is generated by the Bio-Token (see Figs. 5 and 8). Information about the complete transmission complex characteristic (gain vs. frequency) then may be inferred from the signals concatenated to the Cipher. This information then may be used by the
  • Identification Device e.g., ID Server
  • the said transmission complex including microphone, transmission lines, amplifiers, etc.
  • two or more acoustic messages i.e. : at the beginning and at the end of the verbal instructions
  • the Bio-Token device may be used as a Debit Card, utilizing a method for Acoustic Confirmation based on the comparison of the Owners Voice Print against the Holder's Voice (utterance) (see Fig.
  • the Personalization Machine process may be replaced by a Debit Card process.
  • An amount of money to be added to a Debit-Card-Bio-Token credit preferably is registered and/or stored in the Token's memory (e.g., $ 1 ,000.00) (see Fig. 1 3) .
  • the Token's owner may then pay an amount (e.g., $55 dollars) entering by the amount (55) into a keypad equipped on Bio-Token device, according to the method described in Fig. 1 6 (Static Encryption not included to simplify the diagram, but is an option).
  • the Bio-Token then may transmit an encoded Cipher to the Debiting Machine, which is similar to an Identification Device.
  • This Cipher may include the amount to be paid, Dynamically Encrypted, together with the Voice Print, but need not necessarily include the Owner's ID data.
  • the Debiting Machine preferably then performs any of the suitable identification methods described above for Identification Devices and/or ROV Identification Devices.
  • Dynamic encryption may be utilized to prevent interception, recording and subsequent usage of the acoustic message. Any encrypted amount stored on the Debiting Machine may then be converted to cash at a later time.
  • the Token's memory may then contain a credit balance of the remaining $945.00 for future usage.
  • the Bio-Token device may be used as an Acoustic Travelers' Check.
  • the Cipher preferably includes an amount paid, doubly encrypted, together with a Voice Print and the Owner's ID data.
  • This transaction is not anonymous, like in a debit card, but instead is an identified transaction, like a Travelers' Check.
  • the Debiting Machine may decrypt only one step of the double encryption and, then, use a part of the result (referred to herein as a "pseudo-random number") as a seed number for generating a Challenge (see Fig. 1 5, static Encryption not shown to simplify the diagram, but is an option).
  • the Debiting Machine then may display or voice the Challenge, and the Holder may, in response, voice the Challenge (to be checked by the Debiting Machine) and enter the challenge into the Bio-Token.
  • the Bio-Token may then generate a Confirmation Acoustic Message carrying the Transaction Confirmation Number (TCN) coherent with the first.
  • TCN Transaction Confirmation Number
  • the Bio-Token then may deduct from the balance (stored in the Token) the amount paid.
  • the transaction then may only be completed if the Debiting Machine receives a Confirmation Acoustic Message with the correct TCN. As before, this
  • Cipher and the Transaction Confirmation Number may be converted to cash at a later time.
  • the audio signals which represent the encoded version of the Cipher (Acoustic Cipher), and the voice of the owner (Holder's utterance), may be received by the Identification Server either directly or indirectly, e.g., transmitted by any media of communication, such as phone, Internet, data transmission lines, etc. eventually reaching, either on-line or offline, the Identification Device (e.g., ID Server).
  • the Holder's utterance is a response to a variable challenge.
  • the Cipher encoded or not, may reach the Identification Device, on-line or off-line, together with the voice of the Device's Holder (Utterance), the Utterance preferably being a voice string answer to a variable question or request, e.g., "Please repeat the words: 'Bill Clinton' ", or "Say the date and time in minutes, hours, days and years, " or "Utter, please, the transaction data, if any, to be certified by this identification.”
  • the Holder's utterance then may be analyzed, in addition, by Speech Recognition software.
  • Speech Recognition software the Identification Device may be able to check the degree of coherency of the response to the challenge, in addition to the Speaker's identity. This analysis may help to avoid the use pre-recorded strings of the Owner's voice in order to impersonate him/her.
  • the methods of the present invention also preferably comprise a step of analyzing the Utterance (Device's Holder response) received by an Identification Device.
  • the analysis preferably is performed by Speaker (identity) Verification Software, thereby providing a Computed Result from the comparison made.
  • Speaker identity
  • a Voice Print may be compressed, averaged, hashed, weight averaged or modified by any other suitable mathematical elaboration in order to reduce the amount of memory places needed to store it and, further, to reduce the time elapsed during transmission.
  • the Identification Device may conclude that the Authorized Owner of the portable device is the present Device Holder, whose voice response (Utterance) has been analyzed.
  • the Cipher also includes the authorized owner's ID Data and/or the transaction data, e.g., his/her name and/or address and/or driver license and/or passport number, etc.
  • the Identification Device has, as a result, the ID Data certified with the some degree of certainty that the data corresponds to the said present Device Holder, helping to avoid the possibility that the Device Holder is an impostor.
  • the methods and devices described above may be applied to the field of telecommunications for fighting against impersonation fraud of the caller, for calling cards, cellular phones and the like.
  • Implementation of the methods and devices of the present invention in telecommunications, such as for use is cellular phones, is particularly easy because, first, the Identification Device does not need a Database in order to identify the caller and, second, the caller sustains a conversation (series of utterances) in any case. Accordingly, to obtain an Utterance, the present invention can utilize any string of a caller's conversation and/or response to a dialing-by-voice feature, e.g., when a caller responds to the dial-tone by uttering the destination phone number.
  • This implementation can be made in a dedicated chip in a cellular phone and/or as software masked or embedded in an existing chip (see Figs. 1 2 and 23).
  • Bio-Tokens may be used in conjunction with calling Card Applications and distributed to callers.
  • the Bio-Tokens may be configured to work in conjunction with one or more Identification Devices, thereby providing a user-friendly way to identify of the callers.
  • the same can be accomplished with the ROV-Bio- Tokens/ROV-ldentification-Devices.
  • each time a caller wishes to place a call he/she will dial an access number and will reach an Identification Device.
  • the caller may send the Acoustic Message (according to any of the methods described above) and then may be identified or rejected when he/she speaks or responds to a challenge.
  • the methods and devices described above may be utilized in conjunction with military or security agencies applications, providing a method for accomplishing the distribution and usage of non-transferable ID cards or passports.
  • an Identification Device/ ROV-ldentification-Device may be installed to identify the holders of Bio-Tokens and/or ROV-Bio-Tokens.
  • the system preferably comprises Personalization Machines, a multitude of Bio-Tokens, and a multitude of Identification Devices.
  • a Personalization Machine preferably comprises a PC machine, with special slots, preferably with the ability to read from one or several media, such as Hard Disks, floppy disks, RAM, ROM, Dangles, PCMCIA cards, Chip cards or any other suitable media; to record, digitize and analyze sound; to run Speaker (identity) Verification Software and/or Speak recognition Software; to generate Voice Prints, to elaborate Voice Prints; and/or to write into a Bio-Token's memory.
  • any suitable computer-based machine comprising the above-stated functionality will suffice.
  • Bio-Tokens preferably comprise portable electronic devices with memory, possibly similar to those described in US patent 5,524,072 (PCT/US92/1 0492), and preferably having the ability to read from a keypad (e.g., PINS) or chip-cards, to read from the Bio-Token memory, to compute, to encrypt, to scramble, to display, to measure time and/or to encode results into sound (see Fig. 14).
  • a keypad e.g., PINS
  • Chip-cards e.g., chip-cards
  • Bio-Tokens may be embodied in many different applications, such as cards, hand-held devices, cellular phones, etc., as well as any other suitable portable devices that, as they are or after being modified, can provide the above-described functionality.
  • Bio-Tokens further may comprise none, one or more of the following functional elements: a display to instruct users to take certain actions, through prompts and announcements (e.g., "enter password, " or “batteries are low,” etc.); accounting capabilities, e.g., the ability to store transactions amounts, produce balances, etc.; a central processing unit (CPU); a keyboard; a card slot allowing a card to be inserted or extracted and allowing the Bio-Token to read and/or write from and/or to a chip-card, PCMCIA card or magnetic card; an alarm; a voice generator; a power supply; a ROM, a RAM and/or suitable data, address, and control busses; and /or a serial port.
  • the Bio-Token may be suitably integrated into a single customized chip, like an integrated circuit chip.
  • a serial port or other suitable connection may be suitably configured to permit the direct or indirect connection of a Bio-Token with a standard PC, or any other suitable device, to enter and discharge data to and from the Bio-Token (e.g., personalization data, stored transaction data, etc.).
  • a serial port or other suitable connection may be configured to accommodate any convenient communication interface, such as RS232, optical or the like.
  • a CPU of the Bio-Token may comprise any suitable general purpose processor.
  • ROM of the Bio-Token may be used to store software statements in a conventional manner, which may be introduced via serial input, keypad or any other suitable method.
  • the software may comprise system level supervisory programs and instructions.
  • the holder of a Bio-Token may be required to enter a password to activate the Bio-Token, and the Bio-Token will then write the information into a card which is in the token at that moment.
  • a Bio- Token also may comprise the capability to detect fingerprints, and/or the capability of voice recognition, as means of identifying the user instead of, or as a complement to, requiring a password.
  • the Bio-Token device may compute the Dynamic Encrypted version of the Voice Print digits representing the characteristic of the voice of the Device Owner (statically encrypted or not), and, if required, any other data such as the owner's ID Data, and/or card ID Data, and/or any other data entered by the owner before the transaction. This process results in a Cipher.
  • the Bio-Token device may encode the Cipher (or the Scrambled Acoustic Message in the case of the ROV-
  • Bio-Token into sound, generating the audio signals which represent the encoded version of the Cipher, in which case an Acoustic Message produced by the Bio-Token may be referred to as an Acoustic Cipher.
  • the Identification Devices are devices which preferably are able to read from one or several media (e.g., Hard Disks, floppy disks, RAM, ROM, Dangles, PCMCIA, Chip cards and/or other suitable media); to record, digitize and analyze sound; to run Speaker (identity) Verification Software; to run Speak Recognition Soft; to generate Voice Prints; to elaborate such Voice Prints and record, digitize and analyze Bio-Token generated Acoustic Messages, including Acoustic Ciphers; to de-scramble Scrambled ROV Specimens; and/or to measure time.
  • media e.g., Hard Disks, floppy disks, RAM, ROM, Dangles, PCMCIA, Chip cards and/or other suitable media
  • Speaker (identity) Verification Software to run Speak Recognition Soft
  • to generate Voice Prints to elaborate such Voice Prints and record, digitize and analyze Bio-Token generated Acoustic Messages, including Acoustic Ciphers; to de-scramble Scrambled ROV
  • Cipher along with the voice of the owner (utterance), is received by the
  • Identification Device either directly or indirectly (e.g., transmitted by any media of communication such as phone, Internet, data transmission lines, etc.) eventually reaching, either on-line or off-line, the Identification Device (e.g., ID Server).
  • the Identification Device e.g., ID Server
  • the Identification Device then may decode the audio signals representing the encoded version of digits (the Cipher), and decrypt the said digits thereby recuperating the characteristic of the voice (the Voice Print) of the specific Bio-Token device owner, together with the additional data sent, if any, within the Cipher.
  • the Identification Device also then may receive the voice of the owner
  • the ID Server then preferably analyzes and compares the voice string (utterance) to the Voice Print, using the same or similar type of Voice Recognition- Speaker Verification software as used in the PM machine, and compares the results.
  • an Identification Device may compare a voice (utterance) analysis result with a relevant part of a result of the decryption of the Cipher generated by the Bio-Token. If the two results are similar, according to certain pre-established tolerances, the Identification Device may conclude that the Holder of the device is the authorized owner. Otherwise, the Holder may be an impostor.
  • any of the above- described devices may communicate to each other by IR, optical, electromagnetic, or any other suitable communications means, instead of, or in addition to sound.
  • a portable device is presented which accomplishes the functions of both the Bio-Token and the Identification Device.
  • the device referred to herein as a Two Way Identifier, may be capable of identifying its owner to other devices and, further, identifying holders of other devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Human Computer Interaction (AREA)
  • Physics & Mathematics (AREA)
  • Acoustics & Sound (AREA)
  • Multimedia (AREA)
  • Storage Device Security (AREA)

Abstract

A person's voice input is received (1) and analyzed (3). A comparison is made to a stored voice print (4). The result of the comparison indicates whether the person is an impostor (6) or is a valid holder of a portable device.

Description

NON-TRANSFERABLE BIO-METRIC TOKEN-BASED IDENTIFICATION
METHODS AND DEVICES
TECHNICAL FIELD
The present invention relates, generally, to systems, methods and apparatus for personal identification.
BACKGROUND OF THE INVENTION
Voice analysis, characterization and recognition technology is a mature field and is referred to herein as Speaker (identity) Verification Software (SVS) and the Speaker Verification Application Programming Interface (SVAPI) projected standard. Use of these current voice characterization and recognition technologies for personal identification purposes has several problems. First, the percentage of error in voice identification, estimated to be approximately 3%, is not reliable enough for use in financial transactions. Second, current identification devices require the use of a database wherein each person's voice characteristic (referred to hereinafter as a Voice Print) is stored for comparison purposes. The need to store such information at the identification device necessarily limits the use of current technology for some applications. Accordingly, there is a need for new systems, methods and apparatus which will improve substantially the reliability of personal identification using voice recognition technology, and further will alleviate the need to store voice characteristic data at the decryption or identification device.
BRIEF SUMMARY OF THE INVENTION
It is an object of the present invention to provide methods and apparatus which will improve substantially the reliability of personal identification using voice recognition technology, and further will alleviate the need to store voice characteristic data at the decryption or identification device.
The present invention comprises devices including, but not limited to, a Personalization Machine; a Bio-Token (non-transferable electronic portable device) carried by a person (carrier) to be identified either as the owner/rightful possessor of the Bio-Token or not, which stores the owner's Voice Print or, alternatively, a chip
(e.g., in a cellular phone or other device) or a chip card which stores the same; and/or an Identification Device (e.g., an ID server) which may receive the Voice Print from the Token and the actual voice (utterance) of the Bio-Token's carrier (person carrying the Bio-Token or other Voice Print storage device). The invention also may comprise any of several device variations described below.
The invention further comprises a number of methods designed to provide for the identification of a person holding a portable device referred to as a Bio-Token, as being either the owner/rightful possessor or not, as well as methods for certification of voice documents. One method encompassed by the present invention preferably comprises the use of Speaker Verification Software, which is commercially available, to obtain the Voice Print of the rightful owner of the portable device (Bio-Token). The method further preferably comprises a step of providing the owner's identification data to the Bio-Token device (see FIG. 1 ), which may include his or her name and/or address, and/or driver license, and/or passport number, and/or any identity card, and/or transaction data, and/or amounts of money, like the credit limits (for Debit Card usage) and/or any other information useful to a particular transaction requiring reliable owner identification. The method also may comprise an optional step of encrypting the Voice Print and the owner's identification data, such encryption step referred to hereinafter as Static Encryption. The method further may comprise a step of storing into the Bio-Token device carried by the person to be identified (carrier/holder), the carrier's Voice Print, Identification Data and/or Static Encryption results. The above steps may be referred to in part or as a whole as a Personalization Procedure.
The methods of the invention further may comprise a step of distributing Identification Devices and/or Identification Software. The same Speaker Verification Software previously used to create the Voice Print during the Personalization Procedure may be installed in such Identification Devices, each Identification Device thereby having the operational capability to decrypt Voice Prints and/or Identification Data. Of course, such Identification Devices alternatively may use any other suitable software or hardware to decrypt Voice Prints and/or identification data. The present invention further encompasses methods for identification. Each time that a carrier of a portable device (Bio-Token) needs to be identified, the carrier may activate the Bio-Token device. Activation may require that the carrier first enter a PIN into the Bio-Token device. Once activated, the Bio-Token device then may read from its electronic memory the Voice Print of the rightful owner, previously entered, and then may merge or concatenate such digits with a time stamp or use any other method in order to create a dynamic message (such as a sequential method), wherein the dynamic message is encrypted (referred to hereinafter as Dynamic Encryption) by the Bio-Token, the result of such Dynamic Encryption referred to hereinafter as a Cipher. The method also may include an optional step of encoding the Cipher into sound, in which case an Acoustic Message produced by the Bio-Token may be referred to as an Acoustic Cipher.
Both the audio signals of the Acoustic Cipher (Acoustic Message) and the actual voice (utterance) of the carrier (referred to hereinafter as the Voice String) then may be transmitted to the Identification Device. The transmission may be made directly or indirectly, e.g., transmitted by any media of communication such as phone,
Internet, data transmission lines, etc. eventually reaching, on-line or off-line, an Identification Device.
The Cipher, encoded or not, should reach an Identification Device, on-line or off-line, together with the actual voice utterance (Voice String) of the Bio-Token's carrier. In a preferred embodiment of the present invention, the Voice String may be transmitted in the form of an answer to a variable question or request, e.g., "Please repeat the words: Bill Clinton," or " Say the date and time in minutes, hours, days and years, " or "Please say the transaction data, if any, to be certified by this identification. " The methods of the present invention also may comprise a step of decrypting the cipher received by the Identification Device. The Identification Device decrypts the cipher (Dynamic Decryption), thereby obtaining the Statically Encrypted Voice Print and, then, Statically Decrypts the Statically Encrypted Voice Print to recuperate the Voice Print (referred to herein as the "Computed Result"). The methods of this invention also may include the step of analyzing the Voice
String received by the Identification Device, preferably by means of Speaker (identity) Verification Software, and then comparing such analysis results with the Computed Result.
Naturally, if both results are similar, within a pre-established tolerance, the Identification Device then may conclude that the rightful Owner of the portable device
(Bio-Token) is the present Carrier of the Bio-Token, whose voice response has been analyzed. Due to the fact that the Cipher also includes the authorized owner's ID Data and/or the transaction data, such as his name, and/or address, and/or driver license and/or passport number, etc., the Identification Device will have the ID Data certified with some certainty that the data corresponds to the present Carrier of the
Bio-Token and thereby helping to avoid the possibility that the Carrier is an impostor.
In accordance with a further aspect of the present invention, an alternative method for remote identification is provided wherein the Bio-Token generates a scrambled sample of the Owner's voice. More precisely, the Bio-Token may reproduce a sample of the Owner's voice which was pre-recorded by the
Personalization Machine and stored into the Bio-Token during the Personalization Procedure. This sample may be scrambled, before being converted into sound, by mixing it with an encoded number. The encoded number preferably is a variable number, with a very large cycle for repetitions, referred to hereinafter as a pseudo- random number. The Owner's voice sample mixed with the pseudo-random number is referred to hereinafter as a Scrambled Owner Voice Sample.
With respect to this alternative aspect of the present invention, each time a Bio- Token's carrier needs to identify his or herself to an Identification Device, the Bio-Token may compute a new dynamic password or digital signature. The dynamic password/digital signature then preferably is embedded with the Owner's ID Data and the data preferably is used as a "seed" to compute the pseudo random number for scrambling purposes.
The Bio-Token may then encode the dynamic password/digital signature and scrambled Owner's Voice Sample into sound, referred to hereinafter as a Scrambled Acoustic Message. This Scrambled Acoustic Message may then be transmitted, directly or indirectly, to the Identification Device together with the Carrier's voice
(Voice String) as described above. Preferably, the Voice String comprises the same words or phrase as the Owner's Voice Sample. The Identification Device may then decode the dynamic password/digital signature and decrypt it, recuperating the Owner's ID Data and the Seed. The Seed then preferably is used by the Identification Device to compute the pseudo random number and, with such information, de- scramble the received scrambled Owner's Voice Sample thereby recuperating the Owner's voice sample. The Identification Device then may analyze the sample together with the carrier's Voice Sample, by means of Speaker Verification Software, and conclude whether they are similar or not. In a positive case, the Identification Device may display or transmit the owner's received ID Data.
The present invention further may comprise a number of suitable devices such as Personalization Machines, a multitude of Bio-Token devices, and a multitude of Identification Devices (e.g., ID Servers). Preferably, a Personalization Machine is a machine capable of reading from one or more media, for example, Hard Disks, floppy disks, RAM, ROM, Dangles, PCMCIA, Chip cards or others; recording and analyzing voice samples, e.g., running Speaker (identity) Verification Software; generating Voice Prints; elaborating Voice Prints; and writing into the electronic memory of a Bio- Token device.
Preferably, Bio-Token devices are portable electronic devices with memory, having the capability to read from the memory, to compute, to encrypt, and to encode results into sound.
The Identification Devices preferably are devices capable of reading from one or several media, e.g., Hard Disks, floppy disks, RAM, ROM, Dangles, PCMCIA, Chip cards or others; recording, digitizing and analyzing voice samples, e.g., running Speaker (identity) Verification Software; generating Voice Prints; elaborating Voice Prints; and/or recording, digitizing and analyzing Acoustic Messages generated by the Bio-Token devices, including Acoustic Ciphers.
BRIEF DESCRIPTION OF THE DRAWINGS
The subject invention will hereinafter be described in conjunction with the appended drawing figures:
Fig. 1 is a block flow diagram representing the functionality of the Personalization Machine (PM) for one particular case referred in the following;
Fig . 2 is a block flow diagram representing the functionality of the Personalization Machine (PM) for another case referred in the following, which includes Static Encryption;
Fig. 3 is a block flow diagram representing the functionality of the Bio-Token device for another case referred in the following;
Fig. 4 is a block flow diagram representing the functionality of the Bio-Token device for another case referred in the following which includes Static Encryption; Fig. 5 is a block flow diagram representing the functionality of the Bio-Token device for another case referred in the following, which includes Static Encryption and further includes the generation of calibration signals to correct distortion effects;
Fig. 6 is a block flow diagram representing the functionality if the Identification Device; Fig. 7 is a block flow diagram representing the functionality of the Identification
Device with Static Encryption;
Fig. 8 is a block flow diagram representing the functionality of the Identification Device with Static Encryption and further including the use of calibration signals to correct distortion effects; Fig. 9 is a block flow diagram representing the Identification Process, including
Bio-Token and Identification Device functionality;
Fig. 10 is a block flow diagram representing the Identification Process, including Bio-Token and Identification Device functionality, wherein the Identification Device reads secrets keys from a chip-card; Fig. 1 1 is a block flow diagram representing the Identification Process, including Bio-Token and Identification Device functionality, wherein the Identification Device reads the secrets keys from a chip-card and performs Static decryption;
Fig. 1 2 is a block flow diagram representing the functionality of the invention wherein the Bio-Token is implemented in a cellular phone to eliminate the cloning fraud;
Fig. 1 3 is a block flow diagram of the functionality of the invention wherein the Bio-Token is implemented in a Debit-Card;
Fig. 1 4 is a block diagram of the Bio-Token/ROV-Bio-Token components;
Fig. 1 5 is a block flow diagram representing the functionality of the invention wherein the Bio-Token is implemented in one type of Travelers Check application;
Fig. 1 6 is a block flow diagram representing the functionality of the invention wherein the Bio-Token is implemented in one type of Debit-Card application;
Fig. 1 7 is a block flow diagram representing the functionality of the invention wherein the Bio-Token is implemented in one type of Debit-Card application; Fig. 1 8 is a block flow diagram representing the functionality of a
Personalization Machine for use with an ROV-Bio-Token, Static Encryption is not shown in order to simplify the diagram;
Fig. 1 9 is a block flow diagram representing the functionality of an ROV-Bio- Token, Static Encryption is not shown in order to simplify the diagram; Fig. 20 is a block flow diagram representing the steps for scrambling a Real
Owner's Voice (ROV) specimen, specifically, the computation of the samples of the SN;
Fig. 21 is a block flow diagram representing the functionality of an Identification Device for use with an ROV-Bio-Token, Static Encryption is not shown in order to simplify the diagram;
Fig. 22 is a block flow diagram representing the steps for descrambling the Real Owner's Voice (ROV) specimen, and specifically, the computation of the samples of the SN at the Identification Device; and Fig. 23 is a block flow diagram representing the functionality of the invention wherein an ROV-Bio-Token is implemented in a cellular phone to protect against cloning, Static Encryption is not shown in order to simplify the diagram.
DETAILED DESCRIPTION While a number of preferred embodiments of the present invention will be described in detail herein, the present invention more generally encompasses remote identification systems, methods and devices which allow the identity of a person ("Owner") to be compared to that of a holder ("Holder" or "Carrier") of a portable device ("Bio-Token"). Identification may be performed by a remote device ("Identification Device") by comparing a voice sample characteristic stored in the Bio-
Token to a characteristic of a real voice sample ("Utterance") provided by the carrier of the Bio-Token, thereby determining whether the Holder of the Bio-Token is indeed the Owner. The methods of the present invention may further allow for the certification of such Utterances. In general, the methods associated with the present invention preferably comprise some or all of the following steps (see Fig. 1 ): personalizing the Bio-Token, comprising the following sub-steps:
Step 1 : connecting the Bio-Token to a specific machine referred to as a Personalization Machine (PM); Step 2: entering a set of the Owner's ID Data into the PM;
Step 3: capturing a sample of the Owner's voice and generating a
Voice Print from the Owner's voice sample, preferably by means of commercially available speech recognition software or Speaker Verification Software;
Step 4: writing or registering into the Bio-Token's memory the Owner's Identification Data and Voice Print, or, optionally, registering such information on a chip-card which then can be inserted into the Token; and properly identifying whether the Holder of a Bio-Token is the owner, by an Identification Device (e.g., ID Server) (see Figs. 9 and 10), preferably comprising some or all of the following sub-steps: a) the Bio-Token's Holder actuates the Bio-Token; b) the Holder provides an Utterance to the Identification Device; c) the Identification Device receives an Acoustic Message generated by the Bio-Token, along with the Holder's voice (Utterance) (see Fig. 6); d) the Identification Device compares the Voice Print in the Acoustic Message provided by the Bio-Token to a voice print of the Utterance. Referring now to Fig. 3, a preferred embodiment of a Bio-Token will be described. When a Bio-Token is switched on, the Holder may be prompted to enter a Personal Identification Number (optional). Once the Bio-Token is on and operational, it may read the Owner's Voice Print and/or Identification Data from memory, or, alternatively, from a chip card where the Voice Print and/or the Owner's ID Data are stored. The Bio-Token then preferably encrypts the Voice Print, the Owner's
Identification Data and the Generation Time (e.g., present GMT time and date) into a Cipher, in a manner such that each and any Cipher is distinct from the previous one, and the repetition cycle is very large (e.g., tens of years) . A preferred encryption scheme is described in U.S. Patent No. 5,524,072 (PCT/US92/1 0492), but any suitable encryption scheme may be utilized. This encryption step will be referred to herein as "Dynamic Encryption" (see Fig. 3, Step 4) . Optionally, the Token can encode the Cipher into sound using MODEM techniques or any other method of encoding digits into sound (see Fig. 3, Steps 5 and 6), in which case an Acoustic Message produced by the Bio-Token may be referred to as an "Acoustic Cipher. " Referring now to Fig. 6, preferred methods of Holder identification will now be described. As shown in Step 1 , an Identification Device (e.g., ID Server) preferably receives an Acoustic Message from the Bio-Token along with the Holder's voice ("Utterance"), and registers the time of arrival ("Capture Time") of such Acoustic Message. As illustrated in Step 2, the Identification Device suitably decrypts the Dynamic Encryption thereby recapturing the Voice Print, the Identification Data and the Generation Time. As shown in Step 3, the Identification Device may then analyze the Holder's utterance by means of any suitable software (such software is already commercially available). In Step 4, the Identification Device may then compare the Voice Print, received within the Cipher, to the results of the analysis. If the Voice Print is similar to the results of the Utterance analysis, within pre-established tolerances, then, as shown in Step 5, the Identification Device preferably goes on to check the Capture Time against the recaptured Generation Time to avoid intercepted Acoustic Messages. If OK, the Identification Device has identified and authenticated the Holder and may then proceed with a particular transaction, e.g., with the display and/or transmission of the Owner's Identification Data.
In a further exemplary embodiment of the present invention, methods are provided which allow for the personal identification of a person holding a Bio-Token, which further include the certification of voice documents. Preferably, these methods comprise the step of personalizing the Bio-Token, which preferably comprises one or more of the following sub-steps (see Fig. 2):
Step 1 loading the Personalization Machine with encryption keys; Step 2 entering the Bio-Token on the Personalization Machine, Step 3 entering the Owner's Identification Data, Step 4 capturing the Owner's voice, generating the Voice Print, and, optionally, compressing, and/or mathematically elaborating such Voice Print (e.g., averaging or/and hashing the Voice Print); and
Step 5: Statically Encrypting the Voice Print and/or the Identification
Data, using system keys. For example, a system's private key may be used to encrypt the Voice Print. Furthermore, a private key (for example, a key referred to herein as SSPrK#l) may be used to encrypt the Owner's name and address; a private key (for example, a key referred to herein as SSPrK#2) may be used to encrypt the
Owner's Driver license data; a private key (for example, a key referred to herein as SSPrK#3) may be used to encrypt the Owner's passport data; a private key (for example, a key referred to herein as SSPrK#4) may be used to encrypt the Owner's Credit Card data; a private key (for example, referred to herein as SSPrK#5) may be used to encode the owner's Social Security number; and so on, any appropriate number of keys (e.g., SSPr#n) may be used to encrypt whatever data about the Owner that may be pertinent.
Step 6: writing or registering into the Bio-Token memory the
Statically Encrypted Owner's Identification Data and Voice Print. Because the encryption described in Step 5 differs fundamentally from the above-described Dynamic Encryption (the encryption of Step 5 is fixed, with no time variable), this step is referred to herein as Static Encryption. Accordingly, any keys utilized by the Static Encryption are referred to herein as Static Encryption Keys.
These methods further may comprise the step of properly identifying the Holder of the Bio-Token by the Identification Device, preferably comprising one or more of the following sub-steps (see Fig. 1 1 ) : a) the Token's Holder actuates the Bio-Token (see Fig. 4) and the Bio-Token transmits an Acoustic Cipher to the Identification Device; b) the Holder speaks (transmits an Utterance to the Identification Device); and c) the Identification Device receives the Acoustic Message generated by the Bio-Token and the Holder's voice (see Fig. 7).
Now referring to Fig. 4, when a Bio-Token is switched on, the Holder may be required to enter a Personal Identification Number (optional). Once the Bio-Token is on and functional, it may then read the Statically Encrypted Voice Print and/or
Statically Encrypted Owner's Identification Data from the Bio-Token's memory or, alternatively, from a chip card where the Voice Print and/or the Owner's Identification Data are stored. The Bio-Token may then Dynamically encrypt the Voice Print, the Owner's Identification Data and the Generation Time, as discussed above, into a Cipher. Optionally, the Token may then encode the Cipher into sound, in which case an Acoustic Message produced by the Bio-Token may be referred to as an Acoustic Cipher.
Referring now to the Identification Device (e.g., ID Server) functionality, the following steps preferably are performed (see Fig. 7): Step 1 : the Identification Device (e.g., ID Server) receives the Acoustic
Message from the Bio-Token, along with the Holder's utterance, and registers the Capture Time;
Step 2: the Identification Device decrypts the Dynamic Encryption, recuperating the Statically Encrypted Voice Print, Identification Data and Generation Time; Step 3: the Identification Device decrypts the Statically Encrypted Voice
Print (e.g., using the system's respective public key);
Step 4: the Identification Device analyzes the Holder's voice (Utterance);
Step 5: the Identification Device compares the Voice Print with the results of the analysis of the Holder's voice (Utterance); Step 6: if the Voice Print is similar to the analysis of the Holder's voice, within pre-established tolerances, then the Identification Device preferably goes on to check the Capture Time against the recuperated Generation Time, to avoid intercepted Acoustic Messages; and
Step 7: if OK, the Identification Device preferably proceeds with the transaction, e.g., to Statically Decrypt the Owner's Identification Data, as described below.
To Statically decrypt the Owner's Identification Data, the Identification Device preferably uses the corresponding key (i.e. the public key to SSPr#j j = l,,,n)) , according to the particular Identification Device's level of data accessibility and/or keys availability. For example, a Police Department's ID Servers may have all the public keys and, therefore, will be able to Statically decrypt any and all of the Owner's Identification Data. On the other hand, an Identification Device of lower accessability may hold only a limited number of public keys, for example, a system may only hold Public Keys #1 and 2 (referred to above SSPuK#l and SSPuK#2) . In that case, the Identification Device will only be able to decrypt two pieces of the
Owner's Identification Data, e.g., the Owner's name and address (using SSPuK#l) and the Owner's Driver license (using the public key referred as SSPuK#2)). The method also preferably includes the optional step of displaying or/and transmitting the Statically Decrypted portion of the Owner's ID Data. In accordance with another aspect of the present invention, methods and apparatus are provided for remote identification wherein the Bio-Token can store and scramble a specific Owner's voice specimen. In accordance with this particular embodiment of the invention, the Bio-Token is referred to as the Real Owner's Voice (ROV) Storing and Scrambling Token, or ROV-Bio-Token. The ROV-Bio-Token preferably is capable of reproducing a specimen of the Owner's voice, which was pre-recorded by the PM (Personalization Machine) and stored in the ROV-Bio-Token during the personalization procedure (see Fig. 1 8, the optional Static Encryption was not included in this diagram to simplify the explanation). The Real Owner's Voice specimen may be scrambled, resulting in a "Scrambled ROV Specimen," before being reproduced by the ROV-Bio-Token. The above-mentioned scrambling step preferably is a variable-result-scrambling- step, which helps to avoid misuse or fraud, e.g., the recording and subsequent usage of the Scrambled Real Owner's Voice specimen in order to impersonate the Owner. With respect to this aspect of the invention, in spite of the fact that the Real Owner's Voice specimen is constant, the Scrambled ROV Voice specimen becomes obsolete soon after being reproduced by the ROV-Bio-Token due to the fact that is scrambled using a different scrambling factor each time, each factor becoming obsolete soon after its use.
More precisely, the Real Owner's Voice specimen may be stored in the token's memory as digits (samples), these samples preferably being the result of the digitization made in the Personalization Machine. Then, a variable number (referred as the Scrambling Number or SN) may be computed by the token's CPU and converted into digits as a first step towards its encodification into sound, (referred to herein as "SN Samples"). After being converted, the SN Samples will become a large set of hex-digits which represents the analog wave sound samples, such as would be obtained if the SN were in DTMF tones and being digitized (a possible method for accomplishing such conversion in a chip is described in a 1 993 document of Microchip Technology Inc referred as AN543).
In order to further clarify this scrambling aspect of this invention, and referring now to Figs. 20 and 22, assume, for example, that we are after the computation of t h e v a r i a b l e n u m b e r S N i n h e x - d i g i t s , i . e . :
SN = 567fa34590b5278c7ff45639a567fa34590b5278c7ff45639a. Each one of the numbers will be converted by the Bio-Token into a concatenation of digits (Samples, referred to herein as SN Samples), wherein each digit represents the amplitude of the analog sound wave sample resulting from the conversion of the number into DTMF. Following with the example, the first digit of SN, the number 5, can be converted into a sound wave, according to the DTMF standard, which consists of 2 frequencies f., and f2,
5 Converted to → A sin (2πf, t + φ ,) + B sin (2πf2 1 +φ 2) with a duration of 75 milliseconds and a pause of 1 0 milliseconds. Therefore, if the sampling rate is 8000 samples per second, the "digitation of the number" will consist of 680 samples ( hex-digits).
If this process is repeated for each one of the 50 numbers constituting SN, we will have 34000 samples, totaling 4.25 seconds. Using this method or a similar method, the digitized Real Owner's Voice specimen is scrambled using the 34000 samples, periodically, that is, for each 4.25 sec of the duration of the Real Owner's Voice specimen, before being converted into sound by the Bio-Token . As an example, a scrambling procedure can be as simple as summing the corresponding samples of the specimen and SN samples:
Scrambled ROV Specimen Sampled) = ROV Specimen Sampled)
+ SN Sample d),
and like this for each /', from 1 to 34000, and starting again if the duration of the Real Owner's Voice specimen, is more than 4.25 sec.
Accordingly, the scrambling procedure may be accomplished by the superposition of the specimen with an encoded number. For example, the two sets of numbers may be summed, sample by sample, wherein one of the said sets represents a received and digitized Scrambled Real Owner's Voice specimen Samples and the other set represents the Scrambling Number samples, preferably, but not necessary, made with the same sampling rate (i.e.: 8000 samples/sec) (see Fig. 20). One fundamental aspect of the above-mentioned method is that in spite of the fact that the Real Owner's Voice specimen, stored in the Bio-Token, is a constant and non-timely variable, the Scrambled Real Owner's Voice specimen is constantly variable and will never repeat over a large period of time. Further, due to the fact that the Dynamic Message, which is concatenated with the Scrambled Real Owner's Voice specimen, also carries the Generation time and date, the recording and subsequent usage of the Acoustic message is prevented. The ROV-Bio-Token may compute the SN from a Seed number, creating a distinct number each time, and then embed and transmit the Seed number with the Acoustic Message in a manner which will allow the ROV-ldentification-Device (e.g., ROV-ID-Server) to recuperate the Seed and re-compute the SN. The data needed to compute the Scrambling Number is referred to herein as the "Scrambling Number's Seed, " or just "Seed. "
The ROV-ldentification Device, having re-computed the SN (see Fig. 22), then may compute the SN Samples, deducting such samples from the received and digitized Scrambled Real Owner's Voice specimen Samples and, with them, recapture the Real Owner's Voice specimen Samples, e.g., ROV Specimen Sampled) = Scrambled ROV Specimen Sampled)
SN Sample d).
Having recuperated the Real Owner's Voice specimen Samples, the ROV-ldentification device may continue with the Identification procedure as described in the block flow diagram shown in Fig. 21 . All of the numbers and methods of scrambling described above are merely exemplary, and that any suitable scrambling methods will suffice.
According to another aspect of the present invention, modem technology may be utilized to transmit the Acoustic Message, wherein the scrambling procedure may comprise the XORing of the ROV Specimen samples with the SN samples. Referring again to Fig. 21 , an utterance reproduced by the Bio-Token may be transmitted to the Identification Device (e.g., ID server) where it may then be recorded and unscrambled. More precisely, and according to this aspect of the present invention, each time the ROV-Bio-Token Holder needs to identify himself to the ROV-ldentification Device, the
ROV-Bio-Token may compute a new Dynamic Message, which carries embedded in it the Owner's ID Data, the Generation Time, and the Seed (see Fig. 1 9).
The Bio-Token then may encode the Dynamic Message and the Scrambled
Owner's Voice Specimen into sound, generating an Acoustic Message referred to herein as the "Scrambled Acoustic message" or "ROV Acoustic Message. " This
Scrambled Acoustic Message may be transmitted to the ROV-ldentification-Device along with the Holder's voice (utterance), the words of the utterance preferably comprising the same words of the Owner's Voice Specimen. The ROV-ldentification- Device then may decode the Dynamic Message and decrypt it, recuperating the Owner's ID Data, the Generation Time and the Seed. The Identification Device may then use the Seed to compute the Scrambling Number and, with such information, unscramble the received Scrambled Owner's Voice Specimen thereby recuperating the Owner's voice specimen. The Identification Device then may analyze the specimen against the Holder's voice (Utterance), by means of Speaker Verification Software, and thereby conclude whether the Holder's voice (Utterance) and Owner's voice reproduction (emitted by the Bio-Token) are similar or not. In a positive case, the ID Server may display or transmit the owner's ID Data received. According to another aspect of the present invention, a method of overcoming drift problems is presented wherein two or more acoustic messages may be requested by an Identification Device during a particular transaction, such that the time elapsed between the two acoustic messages will be set by the Identification Device, thereby preventing the possibility of using pre-recorded Acoustic Messages. According to another aspect of the present invention, the Bio-Token may concatenate Frequency-Response-Correction-Signals to the Acoustic Message, thereby correcting any distortion that may be created due to lack of linearity. These deformities usually are caused by the sound-to-analog electric signal conversion at microphones, in addition to transmission and amplification generated distortions. The Frequency-Response-Correction-Signals, e.g., a sample of frequencies with the same amplitude, timely concatenated, may be added at the time the Personalization Machine records the Owner's voice and/or at the time the Acoustic Message is generated by the Bio-Token (see Figs. 5 and 8). Information about the complete transmission complex characteristic (gain vs. frequency) then may be inferred from the signals concatenated to the Cipher. This information then may be used by the
Identification Device (e.g., ID Server) to correct the distortion of the Holder's voice created by the said transmission complex (including microphone, transmission lines, amplifiers, etc.)
According to another aspect of the present invention, the Holder may utter a particular voice message (e.g., an oral payment order, or instructions to his/her broker) and transmit two or more acoustic messages (i.e. : at the beginning and at the end of the verbal instructions) in order to avoid potential "session stealing problems. "
According to another aspect of the present invention, the Bio-Token device may be used as a Debit Card, utilizing a method for Acoustic Confirmation based on the comparison of the Owners Voice Print against the Holder's Voice (utterance) (see Fig.
1 7). For example, the Personalization Machine process may be replaced by a Debit Card process. An amount of money to be added to a Debit-Card-Bio-Token credit preferably is registered and/or stored in the Token's memory (e.g., $ 1 ,000.00) (see Fig. 1 3) . The Token's owner may then pay an amount (e.g., $55 dollars) entering by the amount (55) into a keypad equipped on Bio-Token device, according to the method described in Fig. 1 6 (Static Encryption not included to simplify the diagram, but is an option). The Bio-Token then may transmit an encoded Cipher to the Debiting Machine, which is similar to an Identification Device. This Cipher may include the amount to be paid, Dynamically Encrypted, together with the Voice Print, but need not necessarily include the Owner's ID data. The Debiting Machine preferably then performs any of the suitable identification methods described above for Identification Devices and/or ROV Identification Devices. As before, Dynamic encryption may be utilized to prevent interception, recording and subsequent usage of the acoustic message. Any encrypted amount stored on the Debiting Machine may then be converted to cash at a later time. The Token's memory may then contain a credit balance of the remaining $945.00 for future usage.
According to another aspect of the present invention, the Bio-Token device may be used as an Acoustic Travelers' Check. The Cipher preferably includes an amount paid, doubly encrypted, together with a Voice Print and the Owner's ID data. This transaction is not anonymous, like in a debit card, but instead is an identified transaction, like a Travelers' Check. In this case, the Debiting Machine may decrypt only one step of the double encryption and, then, use a part of the result (referred to herein as a "pseudo-random number") as a seed number for generating a Challenge (see Fig. 1 5, static Encryption not shown to simplify the diagram, but is an option). The Debiting Machine then may display or voice the Challenge, and the Holder may, in response, voice the Challenge (to be checked by the Debiting Machine) and enter the challenge into the Bio-Token. The Bio-Token may then generate a Confirmation Acoustic Message carrying the Transaction Confirmation Number (TCN) coherent with the first. The Bio-Token then may deduct from the balance (stored in the Token) the amount paid. The transaction then may only be completed if the Debiting Machine receives a Confirmation Acoustic Message with the correct TCN. As before, this
Cipher and the Transaction Confirmation Number, both stored on the Debiting Machine, may be converted to cash at a later time. The audio signals which represent the encoded version of the Cipher (Acoustic Cipher), and the voice of the owner (Holder's utterance), may be received by the Identification Server either directly or indirectly, e.g., transmitted by any media of communication, such as phone, Internet, data transmission lines, etc. eventually reaching, either on-line or offline, the Identification Device (e.g., ID Server).
Referring now to the general methods of identification provided by the present invention, preferably, in the case where the acoustic message reaches the ID Server off-line, the Holder's utterance is a response to a variable challenge. The Cipher, encoded or not, may reach the Identification Device, on-line or off-line, together with the voice of the Device's Holder (Utterance), the Utterance preferably being a voice string answer to a variable question or request, e.g., "Please repeat the words: 'Bill Clinton' ", or "Say the date and time in minutes, hours, days and years, " or "Utter, please, the transaction data, if any, to be certified by this identification."
The Holder's utterance then may be analyzed, in addition, by Speech Recognition software. By using Speech Recognition software, the Identification Device may be able to check the degree of coherency of the response to the challenge, in addition to the Speaker's identity. This analysis may help to avoid the use pre-recorded strings of the Owner's voice in order to impersonate him/her.
The methods of the present invention also preferably comprise a step of analyzing the Utterance (Device's Holder response) received by an Identification Device. The analysis preferably is performed by Speaker (identity) Verification Software, thereby providing a Computed Result from the comparison made. One skilled in the art will quickly recognize that a Voice Print may be compressed, averaged, hashed, weight averaged or modified by any other suitable mathematical elaboration in order to reduce the amount of memory places needed to store it and, further, to reduce the time elapsed during transmission.
Naturally, if both results are similar, within a pre-established tolerance, the Identification Device may conclude that the Authorized Owner of the portable device is the present Device Holder, whose voice response (Utterance) has been analyzed.
Due to the fact that the Cipher also includes the authorized owner's ID Data and/or the transaction data, e.g., his/her name and/or address and/or driver license and/or passport number, etc., the Identification Device has, as a result, the ID Data certified with the some degree of certainty that the data corresponds to the said present Device Holder, helping to avoid the possibility that the Device Holder is an impostor.
According to another aspect of the present invention, the methods and devices described above may be applied to the field of telecommunications for fighting against impersonation fraud of the caller, for calling cards, cellular phones and the like.
Implementation of the methods and devices of the present invention in telecommunications, such as for use is cellular phones, is particularly easy because, first, the Identification Device does not need a Database in order to identify the caller and, second, the caller sustains a conversation (series of utterances) in any case. Accordingly, to obtain an Utterance, the present invention can utilize any string of a caller's conversation and/or response to a dialing-by-voice feature, e.g., when a caller responds to the dial-tone by uttering the destination phone number. This implementation can be made in a dedicated chip in a cellular phone and/or as software masked or embedded in an existing chip (see Figs. 1 2 and 23).
According to another use of the present invention in telecommunications, Bio-Tokens may be used in conjunction with calling Card Applications and distributed to callers. In this case, the Bio-Tokens may be configured to work in conjunction with one or more Identification Devices, thereby providing a user-friendly way to identify of the callers. The same can be accomplished with the ROV-Bio- Tokens/ROV-ldentification-Devices. In principle, each time a caller wishes to place a call, he/she will dial an access number and will reach an Identification Device. At this point, the caller may send the Acoustic Message (according to any of the methods described above) and then may be identified or rejected when he/she speaks or responds to a challenge.
According to another aspect of the present invention, the methods and devices described above may be utilized in conjunction with military or security agencies applications, providing a method for accomplishing the distribution and usage of non-transferable ID cards or passports. At any relevant gate requiring an ID, passport or the like to pass through, an Identification Device/ ROV-ldentification-Device may be installed to identify the holders of Bio-Tokens and/or ROV-Bio-Tokens.
One skilled in the art will quickly recognize that any of the exemplary methods and devices relating to the Bio-Token as described above may be easily extrapolated into methods and devices relating to ROV-Bio-Tokens, also as described above, with little adaptation due to the differences of the Acoustic Cipher and the Acoustic
Message which carries the Scrambled ROV Specimen.
Referring now to exemplary devices of the present invention, the system preferably comprises Personalization Machines, a multitude of Bio-Tokens, and a multitude of Identification Devices.
A Personalization Machine preferably comprises a PC machine, with special slots, preferably with the ability to read from one or several media, such as Hard Disks, floppy disks, RAM, ROM, Dangles, PCMCIA cards, Chip cards or any other suitable media; to record, digitize and analyze sound; to run Speaker (identity) Verification Software and/or Speak recognition Software; to generate Voice Prints, to elaborate Voice Prints; and/or to write into a Bio-Token's memory. Of course, any suitable computer-based machine comprising the above-stated functionality will suffice.
Bio-Tokens preferably comprise portable electronic devices with memory, possibly similar to those described in US patent 5,524,072 (PCT/US92/1 0492), and preferably having the ability to read from a keypad (e.g., PINS) or chip-cards, to read from the Bio-Token memory, to compute, to encrypt, to scramble, to display, to measure time and/or to encode results into sound (see Fig. 14). Of course, Bio- Tokens may be embodied in many different applications, such as cards, hand-held devices, cellular phones, etc., as well as any other suitable portable devices that, as they are or after being modified, can provide the above-described functionality.
Bio-Tokens further may comprise none, one or more of the following functional elements: a display to instruct users to take certain actions, through prompts and announcements (e.g., "enter password, " or "batteries are low," etc.); accounting capabilities, e.g., the ability to store transactions amounts, produce balances, etc.; a central processing unit (CPU); a keyboard; a card slot allowing a card to be inserted or extracted and allowing the Bio-Token to read and/or write from and/or to a chip-card, PCMCIA card or magnetic card; an alarm; a voice generator; a power supply; a ROM, a RAM and/or suitable data, address, and control busses; and /or a serial port. In an alternate embodiment, the Bio-Token may be suitably integrated into a single customized chip, like an integrated circuit chip.
With respect to connecting a Bio-Token to a Personalization Machine, a serial port or other suitable connection may be suitably configured to permit the direct or indirect connection of a Bio-Token with a standard PC, or any other suitable device, to enter and discharge data to and from the Bio-Token (e.g., personalization data, stored transaction data, etc.). Furthermore, a serial port or other suitable connection may be configured to accommodate any convenient communication interface, such as RS232, optical or the like.
A CPU of the Bio-Token may comprise any suitable general purpose processor. ROM of the Bio-Token may be used to store software statements in a conventional manner, which may be introduced via serial input, keypad or any other suitable method. The software may comprise system level supervisory programs and instructions.
According to another aspect of the present invention, the holder of a Bio-Token may be required to enter a password to activate the Bio-Token, and the Bio-Token will then write the information into a card which is in the token at that moment. A Bio- Token also may comprise the capability to detect fingerprints, and/or the capability of voice recognition, as means of identifying the user instead of, or as a complement to, requiring a password. Once actuated, the Bio-Token device may compute the Dynamic Encrypted version of the Voice Print digits representing the characteristic of the voice of the Device Owner (statically encrypted or not), and, if required, any other data such as the owner's ID Data, and/or card ID Data, and/or any other data entered by the owner before the transaction. This process results in a Cipher. Then, the Bio-Token device may encode the Cipher (or the Scrambled Acoustic Message in the case of the ROV-
Bio-Token) into sound, generating the audio signals which represent the encoded version of the Cipher, in which case an Acoustic Message produced by the Bio-Token may be referred to as an Acoustic Cipher.
The Identification Devices, preferably but not necessarily PC based, are devices which preferably are able to read from one or several media (e.g., Hard Disks, floppy disks, RAM, ROM, Dangles, PCMCIA, Chip cards and/or other suitable media); to record, digitize and analyze sound; to run Speaker (identity) Verification Software; to run Speak Recognition Soft; to generate Voice Prints; to elaborate such Voice Prints and record, digitize and analyze Bio-Token generated Acoustic Messages, including Acoustic Ciphers; to de-scramble Scrambled ROV Specimens; and/or to measure time.
The audio signals which represent the encoded version of the Cipher (Acoustic
Cipher), along with the voice of the owner (utterance), is received by the
Identification Device, either directly or indirectly (e.g., transmitted by any media of communication such as phone, Internet, data transmission lines, etc.) eventually reaching, either on-line or off-line, the Identification Device (e.g., ID Server).
The Identification Device then may decode the audio signals representing the encoded version of digits (the Cipher), and decrypt the said digits thereby recuperating the characteristic of the voice (the Voice Print) of the specific Bio-Token device owner, together with the additional data sent, if any, within the Cipher. The Identification Device also then may receive the voice of the owner
(utterance). The ID Server then preferably analyzes and compares the voice string (utterance) to the Voice Print, using the same or similar type of Voice Recognition- Speaker Verification software as used in the PM machine, and compares the results. In other words, an Identification Device may compare a voice (utterance) analysis result with a relevant part of a result of the decryption of the Cipher generated by the Bio-Token. If the two results are similar, according to certain pre-established tolerances, the Identification Device may conclude that the Holder of the device is the authorized owner. Otherwise, the Holder may be an impostor.
Again, although the devices of the present invention have been described above with reference to a Bio-Token, it should be clear that an ROV-Bio-Token implementation of the methodology presented does not represent a significant hardware change or any departure from the scope of the present invention.
According to another aspect of the present invention, any of the above- described devices may communicate to each other by IR, optical, electromagnetic, or any other suitable communications means, instead of, or in addition to sound. According to another aspect of the present invention, a portable device is presented which accomplishes the functions of both the Bio-Token and the Identification Device. The device, referred to herein as a Two Way Identifier, may be capable of identifying its owner to other devices and, further, identifying holders of other devices. Although the invention has been described herein using acoustic transmission, one skilled in the art will quickly recognize that a chip-card or PCMCIA implementation of the methodology presented may be used. Furthermore, invention has been described herein in conjunction with the appended drawing figures, but those skilled in the art will appreciate that the scope of the invention is not limited to the invention as shown in the figures. Accordingly, one skilled in the art will recognize that various modifications in the selection and arrangement of the various components, methods and steps discussed herein may be made without departing from the original spirit and scope of the invention as set forth above.

Claims

We claim:
1 . A method for identifying the holder of a portable device, comprising the steps of: analyzing a characteristic of a person's voice; digitally storing said characteristic in a memory of said portable device; transmitting said characteristic from said portable device to an identification device; transmitting the voice of said holder to said identification device; analyzing said voice at said identification device; and comparing said analysis of said voice to said characteristic, at said identification device.
2. The method of claim 1 further comprising the steps of: digitally storing said person's identification data in a memory of said portable device; and transmitting said identification data from said portable device to said identification device.
3. The method of claim 2 further comprising the steps of: encrypting said characteristic at said portable device; encrypting said identification data at said portable device; decrypting said characteristic at said identification device; and decrypting said identification data at said identification device.
4. A method for identifying the holder of a portable device, comprising the steps of: digitizing a person's voice; digitally storing said digitized voice on a portable device; transmitting said digitized voice from said portable device to an identification device; transmitting the voice of said holder to said identification device; and comparing said voice of said holder to said digitized voice at said identification device.
5. The method of claim 4 further comprising the steps of: scrambling said digitized voice at the portable device; and descrambling said digitized voice at the portable device.
6. The method of claim 5 further comprising the steps of: storing personal identification data of said person on said portable device; and transmitting said personal identification data to said identification device.
PCT/IB1998/001835 1997-10-26 1998-10-26 Non-transferable bio-metric token-based identification methods and devices WO1999022362A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
AU10485/99A AU1048599A (en) 1997-10-26 1998-10-26 Non-transferable bio-metric token-based identification methods and devices
CA002307161A CA2307161A1 (en) 1997-10-26 1998-10-26 Non-transferable bio-metric token-based identification methods and devices
EP98952949A EP1031139A4 (en) 1997-10-26 1998-10-26 IDENTIFICATION METHOD AND DEVICES BASED ON NON-TRANSFERABLE BIOMETRIC TOKENS

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IL122023A IL122023A (en) 1997-10-26 1997-10-26 Non-transferable bio-metric token-based identification method and devices
IL122023 1997-10-26

Publications (1)

Publication Number Publication Date
WO1999022362A1 true WO1999022362A1 (en) 1999-05-06

Family

ID=11070777

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB1998/001835 WO1999022362A1 (en) 1997-10-26 1998-10-26 Non-transferable bio-metric token-based identification methods and devices

Country Status (5)

Country Link
EP (1) EP1031139A4 (en)
AU (1) AU1048599A (en)
CA (1) CA2307161A1 (en)
IL (1) IL122023A (en)
WO (1) WO1999022362A1 (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1209663A1 (en) * 2000-11-27 2002-05-29 Siemens Aktiengesellschaft Device and method for access control
US6938050B2 (en) 2002-04-23 2005-08-30 International Business Machines Corporation Content management system and methodology employing a tree-based table hierarchy which accomodates opening a dynamically variable number of cursors therefor
US6944627B2 (en) 2002-04-23 2005-09-13 International Business Machines Corporation Content management system and methodology employing a tree-based table hierarchy featuring arbitrary information retrieval from different locations in the hierarchy
US6947948B2 (en) 2002-04-23 2005-09-20 International Business Machines Corporation Version-enabled, multi-typed, multi-targeting referential integrity relational database system and methodology
DE102004013860A1 (en) * 2004-03-16 2005-10-06 Deutsche Telekom Ag Digital video, sound and or voice information encryption method, whereby a spoken key is used for encryption and if decryption is incorrect, the video and or sound track is played back in an incorrect manner
US6999966B2 (en) 2002-04-23 2006-02-14 International Business Machines Corporation Content management system and methodology for implementing a complex object using nested/recursive structures
US7013393B1 (en) 1999-12-21 2006-03-14 Pierre Stevens Universal intelligent card for secure access to system functions
US7035854B2 (en) 2002-04-23 2006-04-25 International Business Machines Corporation Content management system and methodology employing non-transferable access tokens to control data access
US7082455B2 (en) 2002-04-23 2006-07-25 International Business Machines Corporation Method and apparatus of parameter passing of structured data for stored procedures in a content management system
US7280970B2 (en) 1999-10-04 2007-10-09 Beepcard Ltd. Sonic/ultrasonic authentication device
US7383297B1 (en) 1998-10-02 2008-06-03 Beepcard Ltd. Method to use acoustic signals for computer communications
US7467386B2 (en) 2004-01-16 2008-12-16 International Business Machines Corporation Parameter passing of data structures where API and corresponding stored procedure are different versions/releases
WO2011066844A1 (en) * 2009-12-02 2011-06-09 Agnitio, S.L. Obfuscated speech synthesis
US8843057B2 (en) 1998-09-16 2014-09-23 Dialware Inc. Physical presence digital authentication system
US9219708B2 (en) 2001-03-22 2015-12-22 DialwareInc. Method and system for remotely authenticating identification devices
US9361444B2 (en) 1998-10-02 2016-06-07 Dialware Inc. Card for interaction with a computer
US9489949B2 (en) 1999-10-04 2016-11-08 Dialware Inc. System and method for identifying and/or authenticating a source of received electronic data by digital signal processing and/or voice authentication

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3896266A (en) * 1971-08-09 1975-07-22 Nelson J Waterbury Credit and other security cards and card utilization systems therefore
US4731841A (en) * 1986-06-16 1988-03-15 Applied Information Technologies Research Center Field initialized authentication system for protective security of electronic information networks
US4827518A (en) * 1987-08-06 1989-05-02 Bell Communications Research, Inc. Speaker verification system using integrated circuit cards
US5414755A (en) * 1994-08-10 1995-05-09 Itt Corporation System and method for passive voice verification in a telephone network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4993068A (en) * 1989-11-27 1991-02-12 Motorola, Inc. Unforgeable personal identification system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3896266A (en) * 1971-08-09 1975-07-22 Nelson J Waterbury Credit and other security cards and card utilization systems therefore
US4731841A (en) * 1986-06-16 1988-03-15 Applied Information Technologies Research Center Field initialized authentication system for protective security of electronic information networks
US4827518A (en) * 1987-08-06 1989-05-02 Bell Communications Research, Inc. Speaker verification system using integrated circuit cards
US5414755A (en) * 1994-08-10 1995-05-09 Itt Corporation System and method for passive voice verification in a telephone network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1031139A4 *

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7568963B1 (en) 1998-09-16 2009-08-04 Beepcard Ltd. Interactive toys
US9830778B2 (en) 1998-09-16 2017-11-28 Dialware Communications, Llc Interactive toys
US9607475B2 (en) 1998-09-16 2017-03-28 Dialware Inc Interactive toys
US8843057B2 (en) 1998-09-16 2014-09-23 Dialware Inc. Physical presence digital authentication system
US9275517B2 (en) 1998-09-16 2016-03-01 Dialware Inc. Interactive toys
US8935367B2 (en) 1998-10-02 2015-01-13 Dialware Inc. Electronic device and method of configuring thereof
US9361444B2 (en) 1998-10-02 2016-06-07 Dialware Inc. Card for interaction with a computer
US7480692B2 (en) 1998-10-02 2009-01-20 Beepcard Inc. Computer communications using acoustic signals
US7383297B1 (en) 1998-10-02 2008-06-03 Beepcard Ltd. Method to use acoustic signals for computer communications
US9489949B2 (en) 1999-10-04 2016-11-08 Dialware Inc. System and method for identifying and/or authenticating a source of received electronic data by digital signal processing and/or voice authentication
US7280970B2 (en) 1999-10-04 2007-10-09 Beepcard Ltd. Sonic/ultrasonic authentication device
US7013393B1 (en) 1999-12-21 2006-03-14 Pierre Stevens Universal intelligent card for secure access to system functions
EP1209663A1 (en) * 2000-11-27 2002-05-29 Siemens Aktiengesellschaft Device and method for access control
WO2002043050A1 (en) * 2000-11-27 2002-05-30 Siemens Aktiengesellschaft Access control arrangement and method for access control
US9219708B2 (en) 2001-03-22 2015-12-22 DialwareInc. Method and system for remotely authenticating identification devices
US6999966B2 (en) 2002-04-23 2006-02-14 International Business Machines Corporation Content management system and methodology for implementing a complex object using nested/recursive structures
US7082455B2 (en) 2002-04-23 2006-07-25 International Business Machines Corporation Method and apparatus of parameter passing of structured data for stored procedures in a content management system
US7035854B2 (en) 2002-04-23 2006-04-25 International Business Machines Corporation Content management system and methodology employing non-transferable access tokens to control data access
US6947948B2 (en) 2002-04-23 2005-09-20 International Business Machines Corporation Version-enabled, multi-typed, multi-targeting referential integrity relational database system and methodology
US6944627B2 (en) 2002-04-23 2005-09-13 International Business Machines Corporation Content management system and methodology employing a tree-based table hierarchy featuring arbitrary information retrieval from different locations in the hierarchy
US6938050B2 (en) 2002-04-23 2005-08-30 International Business Machines Corporation Content management system and methodology employing a tree-based table hierarchy which accomodates opening a dynamically variable number of cursors therefor
US8161495B2 (en) 2004-01-16 2012-04-17 International Business Machines Corporation Parameters passing of data structures where API and corresponding stored procedure are different versions/releases
US7467386B2 (en) 2004-01-16 2008-12-16 International Business Machines Corporation Parameter passing of data structures where API and corresponding stored procedure are different versions/releases
DE102004013860A1 (en) * 2004-03-16 2005-10-06 Deutsche Telekom Ag Digital video, sound and or voice information encryption method, whereby a spoken key is used for encryption and if decryption is incorrect, the video and or sound track is played back in an incorrect manner
WO2011066844A1 (en) * 2009-12-02 2011-06-09 Agnitio, S.L. Obfuscated speech synthesis

Also Published As

Publication number Publication date
IL122023A0 (en) 1998-03-10
EP1031139A4 (en) 2000-10-18
CA2307161A1 (en) 1999-05-06
IL122023A (en) 2007-06-17
EP1031139A1 (en) 2000-08-30
AU1048599A (en) 1999-05-17

Similar Documents

Publication Publication Date Title
US6957185B1 (en) Method and apparatus for the secure identification of the owner of a portable device
WO1999022362A1 (en) Non-transferable bio-metric token-based identification methods and devices
US6012144A (en) Transaction security method and apparatus
KR100471508B1 (en) A portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
TW394894B (en) Portable acoustic interface for remote access to automatic speech/speaker recognition server
EP0055986B1 (en) Security system and apparatus for the three-way communication of confidential data
US6904520B1 (en) Method and system for ensuring the securing of computer servers of games
US7861092B2 (en) Personal communication apparatus capable of recording transactions secured with biometric data
US20040061593A1 (en) Self-authenticating indentification substrate with encoded packet output
US20020191765A1 (en) Acoustic encoding of dynamic identification codes
IL138109A (en) Method and devices for digitally signing files by means of a hand-held device
JP2001508563A (en) Security system and method for remote services provided by financial institutions
EP2668739A2 (en) Secure transaction facilitator
JP4104171B2 (en) Security system and method for services provided by telecommunications operators
CN112801660A (en) Secret-free signing method and device for payment protocol
CN102150166A (en) Release of transaction data
Çabuk et al. A Proposal on initial remote user enrollment for IVR-based voice authentication systems
CN112954693B (en) Identity authentication method, identity authentication server and terminal
KR20070103816A (en) Card information delivery system using voice signal and method
JP3639797B2 (en) Electronic passbook recording method and electronic passbook registration system
Magedanz ASPECT ADVANCED SECURITY FOR PERSONAL COMMUNICATIONS TECHNOLOGY

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref document number: 2307161

Country of ref document: CA

Ref country code: CA

Ref document number: 2307161

Kind code of ref document: A

Format of ref document f/p: F

NENP Non-entry into the national phase

Ref country code: KR

WWE Wipo information: entry into national phase

Ref document number: 1998952949

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 09530206

Country of ref document: US

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWP Wipo information: published in national office

Ref document number: 1998952949

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1998952949

Country of ref document: EP

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载