This is a reposting of some thoughts I logged on www.voicebiocon.com

Lightbulbs are turning on all over the blogosphere and soon will provide sufficient illumination of a long-standing issue that will shape mobile access to social networks, financial institutions and corporate mail and message stores. This is an especially important development now that there is a clear path from locked-down, premises-based computing and collaboration resources into shared servers and “virtualized” computing environments “in the cloud.”

AT&T Labs is taking a leadership role in promoting anonymous authentication. As illustrated in a diagram in this article by Brian Oliver Bennett in “Laptop”, the architecture underlying Watson, its core automated speech processing platform, puts speaker verification on the same level as such core capabilities as speech recognition, text-to-speech (TTS) rendering, natural language understanding (NLU) and advanced dialog management.

Laptop’s Bennett was especially interested in SAFE (Secure Authentication For Everyone) and its potential to protect mobile users as they use laptops and mobile devices to carry out their favorite online activities, like social networking or accessing personal information. As he explains:

Most interesting though is AT&T’s Safe (Strong Authentication For Everyone) security protocol. It uses four factors for authentication; voice, account info, validated mobile device, and location. The good news is these protocols are envisioned to operate behind the scenes to enable faster, more convenient account protection and login.

The video in this Gizmodo post (though noisy and a bit hard to follow) provides a solid usecase for voice based authentication for both laptop and mobile subscribers using Facebook. Anyone who has had his or her FB account compromised will immediately appreciate the value of a service that authenticates the user (not just a recognized device, browser or client).

Another little appreciated but fundamentally important aspect of voice biometric-based authentication is its support of anonymous validation. On services like Facebook or any social network where a user might benefit from using an alias (think “Fake Steve Jobs”), such pseudonym users find great benefit in a resource that can assure them that makes sure that impostors will be thwarted, should they try to obtain access under false pretenses. In this case, the system doesn’t care about revealing who you are, but can ensure others (your readers or the people with whom you want to carry out business) that you are who you claim to be.

Anonymous authentication is at the heart of supporting electronic commerce and will play an increasingly important role on the mobile internet. This fact is recognized by members of the World Wide Web Consortium (W3C) as they codify the standards that underlie future Web- and cloud-based services. Note this post by W3C Team Member Dave Raggett in which he notes that he is working on a method of anonymous credentialing, which he equates to a student ID card and cites the usecase where a university student need only “prove you are a current student, but not for your actual identity.”

Raggett says that he is working with personnel at IBM’s lab in Zurich to develop an extension to Firefox that supports “zero knowledge proof” of identity. As described, it would use a PIN or passphrase, but – as the video mentioned above indicates – that phrase (or series of random digits) can be spoken, rather than keyed, into the system to prevent false accepts and temper false rejects as well.

Raised awareness of mutifactor, anonymous authentication among application developers, standards makers and major brands (like AT&T and IBM) hold the promise of accelerating introduction of marketable products within realistic planning horizons. Associating anonymous authentication with the globally accepted (and fundamentally insecure) social networks should be a relatively near term boon to real world use.

Categories: Articles

Tags: AT&T, social networking, multifactor authentication, Voice biometrics, IBM