One of the most common implementation of artificial intelligence in Cybersecurity is the use of biometrics
Biometrics is the measurement of physical characteristics that are used for the recognition, authentication, and identification of individuals. These physical characteristics must be universal, unique, recordable, and measurable, hence they may include fingerprints, facial, and voice traits.
While these are the best-known characteristics used in biometric authentication, researchers say that other traits such as the shape of the ears, vein patterns, facial contortions, body odors, and the way we sit or walk are other unique human identifiers.
There are a few biometric characteristics that are commonly used in biometric authentication processes.
Different Types of Biometrics
Biometrics can be divided into three main categories of characteristics: biological, morphological, and behavioral.
Biological biometrics relate to human DNA. Each person has a unique DNA code that can be identified upon examination.
Morphological biometrics include different human body characteristics and can be used for various purposes, including the authentication of an individual based on these characteristics.
Behavioral biometrics in the context of authentication refers to the use of technology to analyze the way users behave and interact online to assess whether they are the person who they claim to be.
Let’s have a look at the most popular examples of morphological biometrics.
This biometric method is the oldest one and is still quite efficient. Like all other biometric technologies, it identifies and verifies a person’s unique characteristics, in this case fingerprints, by comparing them to previously stored data. Today, fingerprint recognition has become a commodity and is widely used, from mobile devices to door locks and even for high-security access control.
This technology is easy to set up and is the most established biometric method due to the ease with which the necessary data can be acquired. However, its effectiveness is highly dependent on external elements and can be influenced by conditions such as wet or dirty fingers, scars, or skin diseases, etc.
High-quality cameras with the ability to recognize subjects are widely available, making facial recognition suitable for security and surveillance applications.
This technology is easy to set up and, in most cases thanks to current computers and smartphones, no additional hardware is needed to leverage it. However, it may fail if it is needed to authenticate twins, for example, while it can also be exposed to tampering or fraudulent attacks.
Voice is a physical trait with hundreds of characteristics that depend on the anatomy of the throat and mouth. It has become a crucial biometric identifier that can be used to authenticate anyone in seconds.
Speech recognition enables users to interact with digital devices simply by talking, allowing them to create reminders, perform searches, and complete other simple tasks. Examples of voice recognition systems include virtual assistants such as Alexa (Amazon) and Siri. However, these systems are susceptible to background noise or language problems that can cause a false input and make the system execute an action that the user did not intend.
Unlike simple speech recognition systems, voice authentication methods can be used in highly secure environments that store confidential or sensitive data. We will analyze different types of voice biometric authentication later in this article.
Eye Pattern Recognition
Iris recognition can be used to capture a unique pattern of the human retina. The blood vessels within it absorb light more intensely than the surrounding tissue, making them easy to identify. The scanning of a person’s retina is performed by projecting a beam of invisible, infrared light into their eye through the eyepiece of the scanner.
Because the blood vessels in the retina absorb light more readily than the rest of the eye, a specific pattern is created during the scan. This is later converted into computer code and stored in a database. Then, each time a user undergoes authentication via eye pattern recognition, their iris pattern is compared to its stored mathematical representation.
Types of Voice Biometrics
In this article, we want to focus on voice biometric authentication methods and have a closer look at two different types of them – namely active and passive voice biometrics.
What Is Active Voice Biometrics?
The term active voice biometrics relates to a type of voice biometric authentication method that requires users to recite a phrase or certain words multiple times to enable the system to establish their unique voiceprint. Then, each time a user undergoes the verification process, they are asked to say a specific phrase, their telephone number, or account number in order to pass the verification by the system matching that speech to the previously collected voiceprint of the user.
A passphrase can be generated each time a user contacts an institution that uses active voice biometrics, or it can be a single word assigned to that user. HSBC’s “Voice is my password” project is a typical example of active voice biometrics. The word “active” in active voice biometrics refers to the fact that a person must actively participate and knowingly say a particular phrase that will be later used for authentication purposes.
What Is Passive Voice Biometrics?
Passive voice biometrics is a different type of authentication that also requires a user to undergo an enrollment process by providing a unique voiceprint. However, with passive voice biometrics, enrollment can happen during a regular conversation – it doesn’t require a caller to recite a specific sentence or repeat the same phrase multiple times. For it to work correctly, passive voice biometric technology requires a single recording of a user’s voice that usually lasts for at least 20 seconds.
Then the system stores the person’s recorded voiceprint in the form of a mathematical model and each time they reach out to a bank, call center, or any other organization using passive voice biometrics, their speech is compared to the stored voiceprint and verified within just a few seconds (regardless of what they are saying).
Passive Voice Biometrics and Active Voice Biometrics – The Differences
There are a few differences between passive and active voice biometrics.
The first one lies in the enrollment process. In the case of active voice biometrics, a user must recite a specific statement a few times to create a voiceprint. With passive voice biometrics, a voiceprint is collected based on natural speech close to the way in which users talk normally when contacting a bank or call center, etc.
The second difference is related to the first one. In active voice biometrics, a user must say a certain passphrase each time they want to get authenticated, which is not required by passive voice biometrics. With passive voice biometrics, authentication happens when a user speaks as usual or has a natural conversation with an agent.
What’s more, passive voice biometrics enables constant authentication because the verification process can continue during a whole conversation. It doesn’t happen just at the beginning of contact like with active voice biometric methods. Companies can continuously monitor each client’s interactions in real time to keep checking whether or not they are still dealing with a verified user.
The aforementioned “Voice is my password” project proved that active voice biometrics can be cheated on. In 2017, BBC Click reporter Dan Simmons spoofed the bank’s security system with his non-identical twin brother (source). His brother just had to say a few words (he was allowed to do so repeatedly) to log in to the reporter’s bank account, and that’s probably what made it so easy to breach the system.
The authentication process is faster when using passive voice biometrics because a caller doesn’t need to say a specific word or repeat a passphrase. Instead, their voice is analyzed in the background by the passive voice authentication system while they are having a normal conversation with an agent. And the speed of the authentication process directly influences customer satisfaction. Users may eventually get frustrated if they are required to say a passphrase each time they undergo authentication.
Active vs. Passive Voice Biometrics – Summary
The digital era requires both businesses and users to protect their information and confidential data, as well as to be agile. For this reason, voice biometric authentication has become a vital tool to prevent fraud and identity theft, plus to offer a better user experience and optimize processes. The seamlessness of the passive voice biometric process, as well as the fact that it’s more user-friendly and more secure than active voice biometrics, leads us to recommend this method for every organization that cares about the security of its processes and the satisfaction of its users.