GB2391992A

GB2391992A - Method of authentication

Info

Publication number: GB2391992A
Application number: GB0222736A
Authority: GB
Inventors: Samuel Edward Anthony Green; Derek William Louden Griffith; Eduardo Henrique Kor Rodrigues; Ian Alexander Newby; Alexander Stuart Mcki Anderson
Original assignee: Domain Dynamics Ltd
Current assignee: Domain Dynamics Ltd
Priority date: 2002-08-12
Filing date: 2002-10-01
Publication date: 2004-02-18
Also published as: GB0222736D0; GB0218706D0

Abstract

A Java applet (33) is downloaded from a web server (31) running on a server computer (6) to a web-browser (30) running on a client computer (5). The applet (33) enables the client computer (5) to collect biometric data such as spoken responses or fingerprints, to characterise the biometric data and to send characteristic data (35) to the authentication server (32) for further processing.

Description

( Method of authentication Description

I'hc prescot invention rehires to a method of authentication.

In many Intcrnet applications, such HIS e-COmmL'rCe, it is desirable t<> validate the identity >f a user. i;or example, if a user.tccesscs art <>nlinL bank account, the user is usually asked to supply confidential inf> tmation, such as identification numbers, pass\v>rcls or personal details. 'I'hc inform,ltit>n is chcclccl against information In previously supplied by or given to the user \vhen the acc>urlt is opened and which is held by the bank. If there is a match bet\vcen the information currently prl>viclecl by the user and st>red by the bank, then the user's identity is va]idatecl. However, this approach relies <>n the inEc>rmatir> n icing kn<\vn <\nl! tr> a limited group, prefcrabl,, just the user and the bank.

iuthcntication using spoken response, fingerprint, retinal cmfiguraticn, iris pattern and r>ther biometric data, may pr<>vidc an alcrnativc >r addition to ccnventi>nal methods of validating a user. Iliomctric authenticati>n has the advantage that it is n>t simply basecl on confidential information. Il>wevcr, bi<.tnctric authentication On h as several drawb,lcks. FirsrlN, coca usmg kn\vn c<>mprcssic.'n tcchniclues, the amount of data transmitted through the Interact can be utlaccctahlv high.

ticconclly, even using current error clctccti<'n and C>rrectiorl algorithms, the integrity of the information may be lost particularly vhen transmitting >ver large distances.

[thirdly, the computational power required to v alidate many users simultanc>usly is 2, pr>hilitively high.

I'he present invcotion seeks tic help 'vcrcomc these disad; antages and to pro\ Ida a mcth>d of authentication for use o\cr a nctvork, such as the Intcrtlet.

ju According to a first aspect of the prcsLtlt inventi>rl there is provilcd a method Off authcnticatim for use Over a nct\vork, the methoLI cctnprisitlg transmitting a ccnnputcr program from a server computer t<, a client ctmputcr and e:<ecuting the c<,mputcr program at the client c, mputcr, the client crmputcr thereafter requcstirl, (..sc: 49().S')

( - -

a user tc> prN icle biometric data, <btaining a rcc'rdcd signal hased rn thc biometric d:lnl, deriving, characteristic data frr>m thc rcc<rdetl signal fr>r charactcrising thc i>i>metric data anl transmitting thc characteristic dat.l fr>m thc clietlt crmputcr t> a scr\ cr cotmputcr.

- I'his has several acivantages. It helps tl, share pr,cessitlg bet\vecn thc client and scrcr comp.ltcrs. It can also reduce thc am>unt >f infr> rmation transmittcci tr, the scrcr comr)utcr.

UJ l'hc bi>metric data may include spl>kcn response, fingerprint, hanciprint, face pattern, secnt, I)N;\, iris pattern, retinal configuratin, hand\vriting, voice or acoustic signature.

Rclucsting thc user to prr.'vidc biometric c;iata mav c'mprise requesting thc user to pridc a rcsp,nse. C)btaining the rec>rcleci signal i):lSCd on thc biometric data may c>mprisc oitaining a recorded signal including a recorUcci signal portion corrcsp(>nciing to thc rcsponsc. I)criving characteristic data frr>m thc recordeci signal f'r characterising thc biometric ciata ma, comT,risc cicri ing a set of feature data f>r characterising thc rccordecl signal portirn. 'I'ransmitting thc characteristic 2H d:lta frrm thc clicot computer to a server c'mputer ma!' c>mprise rransmitting thc sct,f feature data from thc client computer t<.> a server c>mputer. 'l'hc method may further comprise thc client cl>mputer calibrating an input dcicc and setting a signal Icv:l >f the recorded signal. The method may further comprise thc client computer determining an endpoint of the recorded signal.

J. ()btaining thc recorcled signal may c<>mprisc capturing generatablc <> r transient bi(!mctric clata. (,eneratable biometric data means l., irmetric lata vhich is capable >f being generated by the user, such as a sp(:>ken rcsponsc >r handvrittcn response, and which does n>t already exist. I'hc transient bi<,metric data may be a spoke 30 rcsp<>nsc. Rcqucstinú< thc user to ptovide bicmetric data may c>mprise rcLlucsting thc user to: pr> ide a spoken resplnsc t(, a prlmpt. ()btaining thC rec(> rded signal based on thc

- biometric data may crmprisc ohtaining a recorcictl signal inclttiing a rccorOctl s,pnal p<,rtion corrcspntling tt, thc spoker1 rcspr>nsc Deriving characteristic data fr<>m thc rec>rLlcd signal for charactcrising tht bi>metric data may cotnprisc deriving a SCt of tcaturc vectors f<>r charactcrisillg thc rccortlcti signal pr>rtin1. 'I'ransmitti'1g thc 5 characteristic Cianl frr>tn thc clicat computer to a scrvcr computer transtnitting thc sct of feat'rt vect>rs frrm the client cot11putcr to a servct cotuputcr. 'I'hc mcth<,tl may furthct cot11prisc thc client computer calil>rating a micrr>phonc anci al1 amplifier for setting a signal lesel.>f thc recorded signal. ''I'hc methr> ti may further c.>mprisc thc client c'mputcr detcrmining an enclpoint of thc recordcti signal.

()btainh1g the rccorLlet1 signal may comprise capturing permancat 1> iometric tiata.

lcrmanct1t'' mcar1s not substantially challging over a period of time during \vhich a user may necci aurhLt1ticating. Usually biometric ciata is considcrctl to be permanent if does not change substantially over a peri>d <>f years >r tcns of years.

Nevertheless bi>n1ctric data which changes substantiallN ovcr a rclativcly long perioci such as months or years may still be c<>nsiderecl permanent over a rclaticly short peric>d f>r cxamplc days or wccks if the rclativel, short period is at Icast as loll" as thc perioti frr>m cnrolmcot until final expectccl pr>tcotial authcnticatior lcrmancut bi<> mctric data may bc handwritin',.

llcquesting thc user tr> pr->vide birmetric data may comprise requesting thc user to prr>vidc a \vritten response to a prcmpt. C)btaining the rec, rdeci signal bascLi on the bi>metric clata may comprise obtaining a recordcci signal including a rec>rUcLi signal portion c'rrcsp,ndi'1g to the written resp,nsc.

2s ()btaining thc rccordctl signal ma, c>mprise reading petmancnt bi> mLtric ciata.

Recucsting the user t> provide bi>mctric data mav comprise reciuesting thc user to submit at least a body portic>n for sensing by a bic>metric sensor. Itcatlit1g thc o biometric clata may cc>mprisc capturing an imayc. ReadinK thc bic>mctric data may c>mprisc rcccrLIinga pattCrtl c>r a cc> nfiguration. ()btaining thc rccc>rdcci signal bastti on thc bi,mctric data comF'rises rccc>rding a rcprcscntation <>f thc bic>mctric

( data. (')1'taining the rccc>rOcd signal based on the biometric data may comprise taking a fin,L;crprint or taking a chemical sample for example lay sampling sccot.

lthe meth<,tl ma\ comprise the client computer rcqucsting the computer pr<>gram s from the server computer. 'I'hc method may c<>mprisc the client computer cIynamicall! d<>wnloading the computer pr<>gratn from the server computer. 'I'he method ma\ comprise the client computer accessing a web papc provided by the server cc>mputcr and requesting the c>mputcr pr>gram from the server computer vithout prompt lo the user I'.:;ccuting the c>mputcr program may <>ccur ) sulstantiall: immediately after the computer program is transmitted from a server computer t> a client computer. "tiulstantially immcdiatcly" means \vithin a few seconds. The method may c>mprisc the client computer requestin% the user to, provide i Is further li>metric data, <>I>taining recorded signals for respective li<>metric data, deriving rcsT>cctive characteristic data and transmitting the characteristic data from the client cc>mputer to the server computer. 'I'he method may further comprise the server computer combining characteristic data so as to provide archetyrpc characteristic <data. 'I'hc method may further comprise the server cotllptltcr 2) cramparin, characteristic data with archctspc characteristic Ll:lta s<> as to determine a score dependent upon a degree of matching.

According t> a second aspect of the present invention these is provided,' methQc of operating a server computer c<>mprising receiving a request from a clicot 2s computer, transmitting a computer pr<>gram to the client computer, the computer program when executed by a ctmputcr causing the computer tc> request a user to provide biometric data, to obtain a rec<> rclcd signal including a recorded signal portion based on the hi>mctric data, tr> derive characteristic data from the recor<lcd signal corrcs> ondiilg to the biometric data and t<> transmit the characteristic data 30 from the client computer t> a server c<>mputcr.

I'hc method may further comprise receiving the characteristic data from the Clint c<,mputcr. 'l'hc meth>cl may further comprise combining characteristic data so as to

- 5 ( prcvide arehetvpe eharaeteristie data. 'l'he methrct may further eomprist comparing characteristic clata \vith archetvtc eharactLristie data s'as to determine a se're dL'pL'ntlCtit Up(>T1 a dcyree of matching.

Yeer>rcling t(> a thirtl aspect of the preser1t invcnti,'1 there is provitlcd a sigT1al reptesenting cct1trol ec>des f<>r causing computer apparattts tc> perform thc methc>d.

\eer>tding to a fourth aspect tf thc present invcrItic>n there is pt> vicled apparatus eorlfigurLcl to perform the methoct.

l'hc scner computers may be the same. In other \v<>rcls, the elieT,t computer may dovnload the eomputcr and uploatl the eharaeteristie data to thc same eom,outer.

l'he computer program may be exeeutalle on a virtual machine. 'I'he computer prc>gram may bc in Java anti tnav be a lava apples.

Aeeording to a fifth aspect orr thc present inventi>n there is pr<>vided a signal tepresenting control eodes fc>r CaUsitlp computer apparatus tt) perform a methtl comprising recluesting a user tc> pro iclL lion1etrie data, obtaining a ree>rded signal based orl the biometric data, deriving eharacteristie data frotn the reecrclecl signal 20 ftyr eharacterising the bi>metrie dat.t and transmitting the eharaeteristie clata fro the client computer to another computer apparatus. 'l'he signal mar represent !'teeodt of a Java apples.

Aee>rding to a sixth aspect of the prcsetlt inventi<>T1 there is pr> viclcd a data earrier 25 storing the signal.

I.mlotliments of the present invLT1tion Will now le described br way cf e:;ample, vith reference to the aeeompa'1!,irl dra\vings in \vhieh: T; igurL I is a sehematie cdiagram lf an authenticati<>TI system fcyr performing a 7 method of authentieatirn; I;igure is sh>\vs a distributecl authet1ticati>n ss stem ineludir1g a elieut eomputcr and a server computer; I igurc is a schematic ctiagran1 of thc client compittcr sh<\vn itl 1'igTtrc;

- () ligurc is a sehematie diagram of the server e<>m>uter sh<,wn in l'igurc 2; I;igurc 5 is a pr>eess flow diagram of a meth>cl of authenrieati'n; I;igure (, sho\vs a vveb servtr transmitting a lava appiet t> a wely lr>wscr; I;igurc 7 sl>\vs a Java apples and an authelitieati>tl server cxehatigitig inf<>rmatir>n; 5 l:igurc sh<>ws a lava appiet and an authentieatio'1 server ecehangitl data during an eoroltnent stage; I;igutes 9a to t)e show messages displaseLI durilg an enr<>lment stage; I:igurc 1() shovs a Java apples ancl an authenticatiotl server e:;ehanging data during an authentication stape; 0 [:igurcs l la tr> 1 Id sh<'w messages lispla! ecl cluring a'1 authcnticati<>'l stage l:igure 19 is an analog tepresentation <>f a ree>rded signal; I;igure 13 is a generic representatic>n tf a reeorcied signal; I-'igure 14 is a digital representation of a reecrdecl signal; I;igure I 5 illustrates clivicling a reeorciccl sigilal into timesliees; I;igurc 1fi is a prteess flov diagram of a meth>d of peneratill a featurcKram; I;igure 17 illustrates generation >f a feature v cet<,r; I;igure 1X illustrates eneration >f a featuregram fr>m a plurality >f feature vectors; I;igure 1') illustrates ecplieit endpointitig; I;igure 9() illustrates creation of a speceh fcaturegratn; "H l'igure 21 illustrates generatic>n of a speech featurcgram arehetvpe; I'igure 22 sh>ws a probability distribution funeri>n; I:igurc 23 sh,ws a continuous distribution funeti>n; I:igure 24 shows an authentieatio'1 1,iotuetrie; I;igure 9.S illustrates eomparist>n of a featurcram archetype with an authentieatic>n 2 s featuregram; and l; igure 9(, sitr>ws a client eom>uter witIt biotnetrie seosors.

Nuthentieation using spoken res>c>nse Referring to I:igure 1 an authentieati>n s! stem 1 f'>r performing a method of o autiltntieation is shown. 'l'he authentieatiott system 1 1imits aeeess b!' a USC: 2 to a secure system.. 'I'he secure system.3 ma! lc atl <>e-line batik aee>utit. ']hc aurheuticati,n system 1 is manacci 1>! a system aciministrator 4.

( - 7 \n authentication system is deserilctl in (,1\ ()211X49.() filecl on 22> 11ay 2()(>.

RcFcrrin, t' l;igure 7, the authentietti>n system 1 is Llistrilutccl anti jnCIULILS a client c<'mputcr 5 a server cr>mputcr (> ancl a net\vr>rk 7. In this ctse, thc net\vork 7 is thc 7 Internct. 'lthe network may be virec:T <'r \vireless or ineluclc one cr more virel and onc rr m>rc wireless seetior1s. 'l'he net\vcrk may, include a >ers<.>nal area nLt\vc> rk (n<'t stl<,wn), a local area network (nt>t shown) ancl/or a wiLle area nct\vork (n>t shown). 'I'hus, a}\luetooth_ <>r Wit;i wireless link may c<> ntleet the client compttcr 5 t'.tn aeeess nocle (not shown) which in turr1 is eonrlcctecl t, a Ic>cal area net\v>rk lO (not sh>wn) \vhich is in turn eonneetcd to thc Intcrnct.

I'he mcrhoLI of authentication is perf.>rmed b,, client computer 5 anLI the server comptlter (>. 'I'hus, thc functiot1s of authentieatiot1 Systet11 l may bc thought as being (1;V;LICCI bet\veen thc client computer 5 ar1d the scrcr c<>mputcr (> in contrast to a single eomputcr, for example as Icserilccl in (,13 ()21 IX42.()..jr'/.

A meth<>cl À,f autheotieatiot1 using s>oker1 response will no\v bc deseribccl.

Referrin, t' I;igure.>, the clicot eomputcr.5 is shown in m>re cIetail. 'I'he elicnt 20 computer 5 is a personal computer (I'(l) anL1 may bL LleSI-tC)P 1(, laP-tOP 13(., hanl held pers>nal:ligital assistant (ll.),;) c>r cellular telephone. 'I'he clicot e,mptrtcr 5 incitIcics a micr>phone into which a user tmav prc>viLlc a sp<>ken resl?onsc ar1LI whict1 con\erts a sound signal into an clcctrical signal, an amplifier') for, Implifving, the clcctrical signal, an analog-to-digital (/1)) converter l() for sampling the 2s amplified signal and generating a dip,ital signal, a filtcr I 1, a processor 12 fat performing sigr1al pr<>cessing on the cligital sip,nal, v<>latilc mem<?r!' l.3 ancl n>n volatile tnemr?r! 14. In this example, thc i\/l) converter l() samples the am'?lificd signal at l l()>S H% and prlvides a l(-hit ptllse code moclulation (1(:1it) rcprcsentati<,n of thc signal. 'l'he cligital sip,nal is filtcrecl Ising a 4th order ll)()Hz 30 high-p.lss filtcr tr'rctncyve any 1)(; ?ffset. 'l'hc amplifier t), the,\/I) converter 1() anLI/,r filtcr l 1 mav be implemented in a sound caruI >r similar dcvicc.

- - hc client ecmptlter 5 maV additionallN cr alternatively hc >rovi<lcd \vlth a heaLIset (n<,t shcwn) for the user which inelu<lcs a mierc>phonc into which thc user maN pr<>viLIc thc spokLrl rcspc>l1xc.

5 'I'he client e<,mputcr 5 further includes a digital-to-analog (I)/i\) ec>nverter 15, another amplifier l (> and a speaker 17 for ptc>viding audic.> prc>mpts allLl a mtnitc>r 18 fc>r >r<'viding text prc.>mpts tc> thc user 2. 'I'he client ec.mputer 5;'ls> incluLtes storage 1'), sueh as a hard disk, a keboarcl and mcuse 2() and input/<'utput (1/()) eireuit 91, f<>r all<>\vill data t<> 1'c transn1itted and reeeivcd tc> and fr<m the nctw<>rk 70 7 (;igure 2). 'I'hc l/() eireuit 21 may te a modem fcr ec> nneetic>n by a tcle>h<>nc line to an Interuet tierviee l'rc>vider (16;1') (not shc>\vn) anLI/c>r a net\vcrk intcrfaec earel for eonneetic>n to a l<> eal area nctwc>rk (not shovn) which in turn is ec>nr1cetc tc> an ltil'.

1' /\s vill be explained in m>re detail later, the client ec>mputer.S I'> aLls and rul1s a web-l>rc,\vscr 3() (I:igure 7) sueh as I\IierosohCR) Intcrllet E*2xplc>rcr <>r Netscape Navigat<>r vhieh is Java enabled.

Referring to ltigurc 4, the server computer ('is sho\vn in m<>re Ltetail. 'I'he server I 20 ec.>mputcr (, is in the fcrm of a personal e<>mputer (1> (2). 'I'he server e>mputer (l includes a pr<'eessor2>.N, vc>latile memor, 7,>4, nc>r1-vclatile mem<>ry 2S, stcmae 7(>, a display 27, ar1 interface 2X, sueh as a keyboard and mc>use, and an 1/() eireuir 29 for alit)WinK Llata tCJ be transmitted and received to and frc>m the netwc>rk 7 (I; igurc 2).

l'he interfaec 2X allc>ws aeeess ty the system administrat<>r 4 (I;igure 2). 'I'he 1/() 2s eireuit 21 may bc a mc>dem for eonneeti<>n hy a tclcphone line tc> an Interoct tierviec lr>victcr (ltil') (n<>t sho\vn) and/c>r a netw<>rk interfaec eard for eonneetc>r1 tc> a l<eal area netw<> rk (nc>t shown) which in turn is eonneeted to an 151>. 'I'he seeurc system 4 may 1)t' 1<>CatCLt cn thc server cc>mputct (>, ec>nneeted tc> the scrvcr ec>mputcr (> via a Ic>eal area nctwcrk (nc>t sho\vn) c>r eonneetecl tc> thc serv c r I 30 ec>mputcr (> via the Intcrnet 7.

\s \vill be cxplaineL1 in more detail later, tint' ser-cr computer G runs a \veh server 31 (}-'igurc (I), such as /\pachc, and an authenticati/>rl serf, cr 32, which in this C,ISC is a V',.)iCt' autilentication server (I'igurc (I).

Rcfcrring t.> l igure 5, the autllcrlticati,m pr>ccss c<.mpriscs two stages, namely Cnr(>lmCrIt (>tC'p >1) and authentication (Step 89).

l'he aim <>f cor>lmcat is to ol>tain specimens <>f li'.,mctric data, such as, a plurality <>f specimens c>f speech, from a user and t<> pr,.,cess them s<> as to derive a compact 0 data structure for example comprisirlp acoustic infortnati>rl-bearing attributes that charactcrise the Wily the user speaks.

In this emboditncnt, cotolmLnt includes askirlp, a user to provide one or Marc rcsporlscs to a prompt and try make recordings. teach recording is divided into 15 frames which arc converted inter> feature vccn.>rs. 'l'he feature vectors may be concatenated to form a sc>-callcd "featurcram".

I'hc featuregram is pr<>cessed so> as t., isolate a portion \vhich c<> rrcsponds to the spoken resp<.'nsc provided by the user. 'I'his is called a "speech featuregram".

2) by c<->mbinirlg two or Marc speech featurcrams based on speech utterances ma.lc by, the same user in respc>nsc to the same pr.>mpt, a reliable anal distinctive template may be formed for each prompt for each user. The template is referred as a "speech featurcram archetype" (1;(;,-) . ()nc or more speech featuregram 25 archetypes corresponding tr> difEcrent prompts may be stored in an authcoticati<>n biometric, which is subsecucotls used in authentication.

lDuritl authentication further specitncrls of li<,mcrtic data, in this casc speech I xpecimcns, arc ol>taitlcd. 'l'hc specimens arc used to getlerate speech fcaturcgrams 30 which arc cotuparcd with corrcsp<>nlirl speech featuregram archetypes so t<> <Ictcrminc vhcther the authcutic:ltitly user is the same as the cnrollirl user.

1() h'eaturegrams anal featuregram archetypes are cleseriLecl in more detail in (;B ()21 I X4.( spa anal are also Lit scribed in more detail later.

>at' pr<,ccsscs are conm>n to troth car>lmcot and auttieuticati<'rl, such as 5 enerati<>n calf featuregrams. 'I'hus, it is alvantageous try eneratc featuregrams at the client computer 5 and transmit them t> the server e<> mptiter (> f>r further prc>cesshg, such as (during eur>lmeot) Lleriving spee<:h featuregram archetypes and (during authetitieation) comparing speech featurcyrams witl1 speech featuregram arched Tics.

I() llefcrring to flute 6, the client computer is shown running a webbrowser 3(). IX user accesses a web page (not shown) prcvilel a web server 31, such as 1\pache, running on the server computer (I. I'he server computer (> als> runs an authenrieation server 39, such as a Java applieati<>n.

I; I'he web-pape includes buttons which, when pressecl, begins eorolment tar autheutieati'n. If a button is pressed, lava appiet e>cie 33 is 1'wnloaded to the client computer S. 2r' lleEerring to l:igure 7, the lava appicr c<>dc.33 is run by the weld bro\vset 30. I'he appict 23 establishes a connection \vith the authentication server 32 which starts a new thread of executi<>n and parameters.34 arc cxchanc<l I'hc lava apples 3.3 may d<> a numl>er <if things. It can cause the client computer 5 5 t<> perform a calibration process using specimcos of sl,<>ken utterances, t<> capture recordings, to generate featuregrams, t> perform en3<>inting and to perform sanity checks as described in C'B ()211842.(}. //,tr' ()nc <>r more featurctams, preferallv speech featuregrams.15, are transmittal t> the server c<>mputer 6. I'hc server c<>mputcr (> may (during corolmcnt) create speech featuregram archetypes, set '>ass lo lcvcis anti create an authenticati<>n li'metric her each Llscr and (during authentication) compare speech fcaturcrams witl1 c<>rrcsp'nding speech featurcyram archet),pes and check for replay attack as cicscritcLI in Cil3 ()211342 () She'll.

( In l;igurc 7, the appiet 33 and the authenrieati'n server,2> are sh<> \vn tr. le ec>mn1unieatisg withctt using the wet server 31. Pl<>wevtr, thc authentieatit>n scrvcr N maN! bc laa applieati>n oe;>thcr progran1 svhieh exchanges data with the asispitr. '.S thr>ugh thc web server.31.

I /lf71me,t lt ferrit1g to l;igurex X an.l t)a t<, 9e, an cnr>lment s, lrocess, pt rfortnecl vhen an enr>lmeut \,ersic>sl of the appiet 33 is dcwnl>.ltled ancl rus, \vill n'.>w be deseriled.

l:itrts 9a to t)e sh'w screen shots 37, 37',.37.37, 37; at cliffereat stapes <>f the enr<>lment pr'eess.

llefcrring t, l'igure 9a, the applet..3 presents the user with an es1trs form and asks thc user t> provicle pers>nal details, sueh as name anti s,, <>ste'cic (stesp l'l).

l\,ste<'cics ma, alsc, be kn'wn as:/,IP ct>tlCS.

()nee thc tser eaters their name atitl s,Jostcodc isl e>rrcspr>ncling fieitis lti, 3X ancl s,rcsses a "5iulmit" lutttn 3'), the asps,let 3.3 estahlishes a eonseeti<>n with tile 2/) authen'.-eatir> n server.12 f<>r exchanging parameters 34 (l'igure 7) (step l'9). 'I'he authentieatirn server 39 creates a new thread for the transaeti<'n. ()tlCC a C<> s1s1eCtion has leen estahlished, the apspiet.3 transmits a message 'l. NIl" t, inf<>rm the authentieaticn server.9 of the type of transaeti<>l leing perf'rmccl (step l,1). I'he apples..N also transmits the user's cietails, which in this ease eoms,rise the 2s user's name and posteocie (step P4 & l'S). I'he autl1esitieation server.32 returns a messape "(:;\l. " to inclicate that it has reeeivetl the user's details and to is1struet the appict 33 t> move (>tl to the next stage of cnrolmcot (step l'(i) llcfcrrh1g to l:igurc 9b, the appict 3.3 performs a calibration s,r,cess during which 3H the user pr>vides specimen <>f spccch uttcranccs (step 1'7) 'lthc user mav guidecl througl1 thc calibration pr>cess, for cxampic usin, a so called "calibration izard" 4().

\ p..lrposc c>f calibration is tr> sct the gain r>f the miercphone amE, lificr (rigurc 3) f'r example to avoid saturari>ll. ( r>mmonlN this is knovn as setting a ree<>rding, vc>lume. \ calibrati>n pr,ecss is descrilccl in mc>rc cletail in (;1\ ()211X42.() sra.

Whcn thc ealilrati<>n process eutls, the apples.33 transmits ealibratic>n data to thc authetltieatir>n server 32, which stc>rcs the clata as part of thc authentication lil>metrie (stc, 1S & 1'<)). l hc apples..3 ma\ return informati,n inclttLiing the t pe anLJ e,nfi',urati<>n <>f the elicut e<>mputer 5, the type of mierophc>ne (I;igurc 3) an speaker 17 (I; igurc 3) and rhc type and gain settings of thc amplifiers), 1 (> (I;ig, ure 0 3). lthe autheotieation server 32 retums a message'l*,NItIll.( " t, indicate that it received the calibratic>tl data artLI t> instruct the apples..3 t> pr>eeeL1 witll thc next stage c>f enr>lmetlt, namely rec> rding, (step 1'10).

Referring to l;igure <)e, the apples 33 presents the user with a wamitly, 41 that the! are gc>ing tr> be protnpted a plurality of times and, when ready, to press '(:c>ntinue" 4) (step 1'1 1).

2(7 I'hc authenticati'n server 32 transmits a plurality <f parameters.34 (I;igure 7) t> the apples 3.N regarciing wh.lt to reeorct and h,w tl> create featurep,rams, stleh as samplin, frequenes, whether to use data ec. ,mpression, a number c>f pr<>mpts t<> bc used, a number of repetitions of prompts to be usecl and a pluralit! of prompt (steps 1'12 t<> I'l(). I) ata c'mpressi<>n may comprise reducing or 'mitting, 25 overlapping rf timesliees.

Table 1 lek>w provides examples >f s<>me typical parameters:

1.3 1 alle I Message type Example biample l;rccluene! (H z) I 1()'5 ('<> mpress lilag (N'/N) N ... .. _

Nutnber <,f prompts 4 Numbet- >f repeats (R) 4 lrompt 1 52 Prompt 2 o' lrc>mpt _ _ _ I'rompt 4.37 _ I'he authcutieation server 32 generates a personal iclcutiOcr (Pll)), for example using thc user's name and p<>ste<> dc (step 1'17) ancl transmits it tc the apples.S (step 13 1 8).

l'hc apples 33 transmits a mc ssayc "ti l:\R 1'" to the autheotieation scrvcr 32 tr> inform it that recording has started itld to warn it that featuregrams arc about to be t0 sent (step 1'1')).

lleferritlg to I:igurc ')d, thc apples 3.3 ciispl,lys a text prompt 43, sueh as "I'le.lse say 52" and displays a timer 44 to indicate a time Icft f<>r responding (step P2()).

Typieally, the user is allo\vcd three seconcls to rcspr>nd. While the text prrmpt 43 is s displayed, thc apples 33 ree<>rds a sp<>kcrl rcsponsc. 36 (I;igurc 7) (step 121).

['he applct 33 then,cnerates a speech featurcgram (step 1'22). l'his eymprises dividing thc recorLIed signal into timesliees (oerlapping timcslices if the eompressic>n flag is not set), converting eaeh timcslice into a feature vcetcr, 2O eoncatenatin,L: feature vcetors t, f<> rm a featuregram and performing eoclpointing t> identify a portion of the reer>rdccl signal whie}1 contains a spoken utterance and isolate the reccrcled signal p<>rtion t' generate the speech featuregram.

( - 14

()ncc thc applct.3 has cncratcd a speech featurcgram, it transmits thc fcaturcram S to thc nuthentication scrvcr 3?, t>gerher with data iclLTlrifying thc prompt atld indicatitlp its duration (steps 1'2 > & 1'94).

Xtcps 1() tc> 1'24 arc rcpeatcd for each prompt ancl each prtmpt is repcatcd a prctlctcrminctl of times. 'I'hus, in this case thcrc arc 4 pr, mpts and 4 repeats. 'I'hc order tnaV be dctcrminecl b thc applct 3..

Wh:ll thc authenticatiotl server.> has reccivcd all thc featuregrams.35 it was 10 cxc'cting, it sends a mcssapc to thc apples 33 containing thc user s 111) (step 13?5).

llcfcrring tc, I;'igurc)c, thc apples.13 aisplavs a message 4.S that enrolmcut is ct>mpletc and informs thc user of their I'll) (step]>6).

I f, at as time, the applct..3 rlics, f<,r cxamplc clue t, thc \vel.> bro\vser cl>sing, thc a721et 33 sends a message "\13()RI"' to thc autherltication scrvcr. lf the authentication server 3? receives this message, it st>ps thc transactirn thread from contitluing. '['his has thc adantayc of being robust since it helps to prcvcnt scrvcr threads frrm persisting aftet applct disc<>nnLctict1 anti thus "unclogs' the scrvcr.

() lthe authentication server 39 comlines speech featuregrams cr> rrespcnding to thc same prompt to form a plurality of s2,>Lccl1 featurcram archetypes (step 127).

I'hcse are stored together with information relating t' the prompts and calibratir>n data in an authenticati>n liometric (step p2ti).

s /\ methc>d of creating speech featurcra2n archetpcs anLI a mcthc>d >f cncrating authentication bi,metrics is dcscribctl in (;B (011842>.1).rra.

- I HIIJelI/ /iOn ()ncc cnrolmcnt has been successfully completed, thc user is rcgistcred as a valid user..\cccss t' thc sccurc s stem.3 or autllc.>risation <>f a transactio21 is contlitic>rral on successful authentication.

- 15 llcfcrring tr> ligurcs 1() ancl 1 la t<> 1 ILI, an authcnticatir>n prc>cess, perfrmccl when an authentication version >f apples 33 iS d<> \vilil>adctl ancl rulI, vill nl\v 17e clc scril7c1. I;igurcs I la t<> 1 ld show screen shots 4(>,, 4(>,, 4(>,, 4(',, 4(., at

clifferent stages of thc authentication process.

l(Lfcrring t<> I;igurc 'I la, the apT71ct.'73 presents thc tscr with an cntr\ f>rm atlcl asks thc user to pr>viclc their l'ID (step (21).

()ncc thc user cntcrs their l'ID in thc field providccl 47 and presses a "tiul7mit"

17utt>n 4S, the apples 33 establishes a connccti>t1 with thc authentication server 32 f>r c:;changitlg parameters 34 (1 igurc 7) (step (7'7). '1'hc authenticatir7n server 32 creates a ne\v thread f'>r this transaction. ()nec a conuccti<>11 has 17cen established, thc apples 33 transmits a message "VAI." to inf<>rm the autllenticati<>n server.32 of thc type r>f transaction being pcrf'rmed (step (23. 'lthc apples 33 als<> transmits thc user's 1711) (step (4). 'l'he authcuticati>n server 327 checks thc validity 7f thc 111) (step ()$) and if valid returns a messac "lll)()ti" (stc7 ((i). lf nt7t a valicl T,ll), thc authenticati,n scrvcr. ?72 sends a mcssagc "1>lL')N()'I'()li" ancl thc apples 33 will finish with thc corresponding rnessagc.

l'hc authcaticati<>n scrvcr.?2 sends clata relating t> thc rect>rding device and reccrding v<>lumc (steps (27 & (3). lt then sencls a message "V\I,RT.(-"' tr:> instruct thc apples 33 to begin recording (step (29). Additi>nall >r alternatively, thc apples ma perform a calibrati<'n process.

lleferring to I:igurc I lb, the applct 3.3 presents thc ser \vith a \varning 4) that tines arc c>ing tc> lc proTnpted a plurality <>f times and, when ready, tc, press "(:c>ntinuc" 5() (step () 1 ()).

() 1 11C authcoticatic>n sencr 39 transmits a pluralit! c>f parameters to thc applct..N regarding what tc> rccc>rd ancl hlw tr> crcatc fcaturegrams, such as sampling freclucnc!, whether tc> USC data comprcssi>rl, a nuT'll> cr of proT,lpts tc, bc usUcl, a

( - 1

mimler of repetitions,f pr<,mpts tr, le used and a pluralit!! r>f pr'>mpt (steps ()11 t'()I:). Lallc below pr<>vicles examples 'f sr>me tpical messages: l.lllc Message type Examplc _ _ _, _

Siample lirequenes (Hz) 11()25 (.,mpress l:lag (N /N) N _.. Number of prompts 4 .... Numler >f repeats (R) l __ _ _.

l'rompt 1 52 . I'rompt 29 - l'rompt 3 4.3 I'r,mpt 4 37 . _......

lhe appict 33 transmits a message I'ART t> the authentic;ltin server 32 t' inform it that recording has started and to warn it that fcaturcrams are about tc'le scot (step ()IG).

RcEcrrinu t> I4igurc 1 lc thc apples 33 clisplavs a text pr'mpt.''1 sueh as l'leasc se,:- 2') ancl lisplas a timer.52 to indicate a time left f'r resplncling (step (717).

lpieall; the user is all>vecl three seconds t, resp<>ncl While thc text prompt Sl is display cd the appict 3.3 recorcis a spoken response (step () lS).

lhe appict 33 then gencratcs a speceh featuregram (step (219). lhis comprises di idin% the recorded signal into timesliccs (if thc ermprcssicn flag is not sct then thc timesliccs overlap) converting caeh timeslice ins, a feature vector eoneatcnating feature ect>rs to form a featureram and performing endpointing to iclentifv a p<'rti'n >f the recorded signal which cont:lins a spoken uttcranee and t) is,latc the rceorded sign:ll portion t, generate the speech featuregram.

()nCc the appiet 33 has generated a featuregram it transmits thc fcaturcram to thc authentication screr 3 rr,gether with clata identifvilig thc prompt ancl inclicating its clurati>n (steps () & (>1).

1 7 tcps p17 to ()1 arc repcatec1 for each prompt. Thus in this case there arc 4 preempts. 7 When the authettticaticn server 32 has received all the fcaturegrams it was expecting, it competes each fcaturegratn with a correxp>ncling featurcKram archetvpc f'r the saruc prt>mpt (step (29). It collects the scores for each comparison anal dctcrmincs whether there is a match or not (step Q23). 'l'hc authentication server.32 sends a message to the apples..3 informing it whether the to user passecl or not (step (94).

Referring to leisure I Id the apples.. clisplays an appropriate result (step ()25).

(;enerating featuregratns at the client computer has several advantages. It reduces Is the amount off information transmitted to the authentication server. For example a spoken response typically comprises (4 kB of data whcrc:s a featureyram may comprises only 2 kl],f data. It is more robust and it helps to share processing between the client and server colt1putcrs.

20 The processes uscL1 (Llurinp curolmc'1t) to generate featurLgrams 35 anti authentication biometrics and (during authentication) to generate featuregrams.35 and to compare featurcgrams 15 with featregram archetypes will now tic clescribcd in more detail: 2s Recording, RcEcrring again to l'ipurc.3 at the client computer 5 a spoken response is rccorUcLI by the microphone X amplified by amplifier 9 and sampled using,:/I') converter l() at 11()25 lIz t, provide a 1(-bit l'(.l\f digital signal. I'refcrably the rccrrcling lasts shouts sec<>lltls 'l'he signal is then filtered tc> remove an, cl.c. c<.,mponent. 'I'hc 30 signal may he stored in volatile memory 13.

- 18 Rcferring tc> I-igurcs 12, 13, 14, an cxamplc >f a rcclrclcd signal 54 is shown in analog, partitir>nccl allLl Ltigital rcprcsentati>ns. I he partiti>ned rcprescntatic>n helps show that th.at thc rec>rLlcLI signal 54 mav cl>mprise difEcrcnt sections 55, 5(i, 57.

RcfLrring particular!, t> [;igurc 12, thc recorded signal 54 maV comprise one c>r more speech utterances 55, one >r more lackgrotlnLt nc>ises 5(> and/or one c>r more silence intervals 57..\ speech uttcrat1cc 55 is clcEined as a perioLt in a recorLted signal 54 which is dcriveLt solel!' from thc spoken rcsp>nse of thc user. i\ backgrounct ntise 56 is clcEincd as a pcri'd in a rec>rclcd signal arising frotn auctiblc n} s(>undx, but nct 'riginating frrym the speech utterance. iN silence interval 57 is ctefined as a period in a recorLIcd signal which is frcc from backgrounct n>ise and speech utterance.

i\S explained earlier, the purpose rf the curolmcnt is to c>ltain a plurality of s specimcus of speech s> as to cncr.ltc an authenticaticyn li>mctric. lo help achieve this, rcc>rclcd respc>nscs are charactcrised by cncratin, "featurcyrams" which comprise sets of feature vect<>rs. l hc rcc>rdings arc als<> cxaminccl sr> as to isralatc speech from background n>ise and silences.

o I hc rccr>rdings arc inspectecl t<> iclentif spoken urteranccs. I his is known as "enclpointing". l\, identifying speech ttcrances, a speech fcaturcyram mas I'c generated which corrcsp<>ncls to p,rti<>ns >f the rccorclcd signal comprising speech utterances. 2s Rcfcrring to l;igurc 15, a portion 54' of the> recorclcd signal 54 is shown. I hc recorded signal 54 is cliicled into frames, rcfcrred t> herein as timcsliccs 58. lhc recorded signal 54 is diviclcd intc> partial!! -o crlappiny timcslices 58 having a prcclctermined periocl. In this cxamplc, timeslices 5t! have a period of 5() ms, i.c.

t= S()ms7 ancl <,vcrlap 1'v 5()"i,, i.c. t?= >5 ms. Howcvcr, if compression is used then 7H there is no overlap.

- 19 I',lt.,regram,7eneration lleferring t<, lip,urcs 1(,, 17 and 1S, a pr<>ccss h! which a feattregram is generated at thc client c<,mputcr 5 will hc cleserilcd in m<,rc detail s -I hc ree<>rded signal 54 is divicled into timeslices 58 (step l l) I.ael1 timesliee 58 is converted intt> a feature veet'r 59 using, a feature transf<>rm G() (step 12) I hL c<>ntcnt <>f the feature v cetor 5') depends <'n thc transf<'rm ((} usecl In general, a tc.ture veet.>r 5) is a >ne-Llimensic>nal data structure cJ'nprising, data relatecl to m ac>uxtic inf<>rmation-bearing attributes of tlc timeslice 58 I vpieally, a feature veet<>r 59 ec>mprises a string <>f numUers, f<>r example 1() to 5() numbers, whie rcrcsent the ICt>ustie features cf signal crmpriseLI in the timeslice SS.

In this example, a so-ealled eepstral transf<>rm (1() is used In this example, for a sampling rate of I 1 ()25Hz, eaeh feature veet<'r 59 comprises twel e signed t3-bit integers, typiealls representing the sec<> nd to thirteenth calculatcLI eepstral eoeffieients I)ata relating to energy (in clB) mav be included as a 1 3'i' feature I his has the advantay,c of helping tr> impro c thc pcrf<>rmancc <,f a \v<>rcl spotting, routine th,lt \v<,ulcl othervise operate >n the feature vect<n c<'cfficieuts al,slc j lurtller cletails regarding cepstral transforms mav le f<>tml on page 1 15 in "I;undamentals of 5;pceeh Reeognition" b! Ralincr & luang, (lrcntiee Tlall, t)).

()ther transfrms mav be used For e:<amplc, a licar prcLlictive coefficient (1,1'(1) transform may le used in eonjunetion vith a regressi<>n alp,<>rithm so as t<> produce 1.13t cepstral coefficients AIternativels, a I 1.31' \It transf<>rm maV be used.

I.itlcar predictive c<>cfficient (I.l'(.) transform is deseribel Ih 13 li:\tal, "I.ffeetieocss of linear preLIietion eharaeteristics rf thc speech wave for aut'matie 7' scaker identificati<>n and vcrificati,n", Jollrnal of \c<>ustical Socicty >f iimerica, n'>1 55, pl7-13()4-1.12, lune 14)74 I;urther details rcu,arcling, thc 11 Lil, YR transf>rm mav Ic fund in (,13-13-21(2(5

( - 90 -

llcferring to I itirc IX, a featuregram (1 comprises a set or e<, neatenation of feature -cen?rs 5). 'I'hc fearurcgram 61 includes speech utterances haekyr,unLI noise anti silence intervals.

I'hc featurLgram ('l ma! be sent from the client computer.'' tc> the server computer (i for codpoi'1tinK fair cleterminit1g a speech featuregram. Ht.>wcvcr it is preferable tr> perfortn enLIpoi'1ting at the client computer and to transmit a speech fcaturegram 35.

to 'lpoi''ing I'ndpcinting seeks to iLIentifv portions of a recorded signal which contains spoken utrcrat1ces. '['his allr>ws g eneration of speech featuregrams \vhieh eharaeterise the sp>ken utterances. In this case explicit endp:>inting is used.

/, I'xplicit eudpr>inting seeks to k)cate approximate endpoints >f a speech utterance in a particular domain without using any tar priori knowledge of the \vorcls that might have been sl>oken. Implicit endpr.> intilly tracks changes in signal cilergv profile over time arid frequency anti makes boundary Lleeisions basecl fin Keocral assumptions regarding the nature of profiles that arc Indicative of speech and those that are 20 represent.ltis e <,f noise or silence. Explicit eadpointing canoc>t easily clistinguish betwceTl speech spoken by the enrolling user anti speech prt)minently f<)rming part <)f background noise. 'I'herefore it is desirable that n<:) one else speaks in close

proximity to the valid user when enrc)lmeot takes place.

5 Referring to ligure l') an explicit endpointing process 6> gcacrates a plurality of pairs ().3)f possible start and stop points for a stream of timcsliees 5t\.

I'.ntlpOitltitlg is dCSCril>CL] in more detail on pages 14.3 to 14) of "I; undamentals of pCCC}1 eCC>gnitit)n" spry.

In)

( Crerltin$,l.pee,/'/eamre,</am ()nee thc cudpcints c.,f thc reec>rded signal 54 (Figure 12) hay-c 1,ccn identified ancl, cptiot1ally, the rectrclcti stgnal (I:igurc 19) passes a plurality tf sanity cheeks, sueh 5 eheeking signal-t> noise ratic>, the'1 a SpCCC}I fCatUrCgratll ma\ lc created.

ReFerring tu l igurc 9), a specc-h featuregt-am 35 is ereateci using a prc>cess fi4 b! ecneatcnating feature eetcrs 5) cxtraeted frcm the SCCtiC> II cf the featuregram 6'1 that >riginates fr,m the speech uttcranec.'lthe spceeh seeticn c>f the featurcyram 61 lo is Ic.>eateLi using the speech eodpoints 6.2>.

lthe spceeh featureyram.35 is then transmitted from thc client comptlter S to the server cc>mputer G. 5 (treating l.peeei! /eatI/regrtm arJJefy/'e l'he aim cyf thc cnrc>ltnent is tc, prc>vicle a eharaeteristie vciecprint f<>r cne,r more \vcrds c>r phrases. I-lowe-er, speeimcos of the same \vcrci c>r phase prC)VitiL'Li lv thc same user usually differ frot1l onc anc.>ther. 'I'herefore, it is cicsirable tc> cltain a plurality of speeimcns;HlCi cierivc a mccicl or arehety;al speeimcn. 'l his may in clve 20 discarding cne or mure specimens that differ significantly frc>m cther specimens.

Iteferring to l:igtlrc I, a specel1 featuregram arehctyT,c fi5 is ealeulatcd at the scrvcr eotuptlter 6 (I;igure (>) using an acraging process fi(> using w-featuregrams.35', 35,,...,.35. In this case, fcur featurcrams 35 are usecl, thc av eragc cf the three 2s mc>st similar featuregrams being used to create the featuregram arehctspc G5.

Seffing an rynafe/'a.,, /e7'e/ \ featurcgram archetype fi5 is cbtained fr> r each prc>mpt. l'hus, during sul:>seLIuent authentication, a user is aslLed to prcvide a response le., a prcmpt.,\ speech 30 featuregram.35 is cltaincl anct ecmpared \vith the speeel1 fcaturegram archetype 65 at the server eomputet G (I:igurc fi) using a d! namie time \varping prc>ccss which is dcserilcLI in more tlLtail later. 'l he ec>mparisc>t1 produecs a secre anLI thc sccre is

( - 9 -

c>mparetl with a presto pass level.,\ sc<>rC \vhich falls hel\v the pass Icvcl intlicarcs a good match and sit the user is accepted as being a v alid user.

\ valid user is likeI,- tr, pr>vide a rcsprmsc that results in a k>w score, falling below s the pass Icvcl, anal which is accepted. Ho\vcver, there ma; lo occasions when even a valid user provides a rcspc>nsc that results in a high score and which is re jccted.

(,onvcrseIs, an imp<>st,r may, he expected to proviLIc poor responses which arc usually rciccted. Nevcrthcless, they may occasionally provide a sufficecntly cksc- -

matching, response which is accepted. Thus, the pass Ic\el affects the proportion 'f 10 valid users lacing incorrectly rejected, i.c. the "false reject rate" (I:RR) and the prt>portion of impostors which are acccptcd'i. e. "false accept rate" (1;111).

In this Example, a neutral strategy is adopted which shows nil bias tc> wards prevcoting unauthrrised access or allowing auth>risetl access.

I\ pass Icvel for a fiecd-word or fixed-phrase prompt is detcrminccl using prcviouslN acquired captured recordings taken from a wide rang off representative speakers.

i\ featurcyram archetype is reobtained for each of a first set off users for the same 20 pr>mpt ill a manger hereinbefore described. 'I'hcrcaftcr, each user provides a spoken response tc> the prompt from which a featurcram is <,I>taincd and c,mparcd with the user's featuregram archetype using a dynamic time warping pr,cess sit as produce a score. '[this produces a first set of scores corresponding to valid users.

25 'I'hc T'roccss is repeated fc>r a second set of users, again using the same prompt.

()nce more, each user provides a spoken response to the prompt from which a featrregram is obtained. Ilowe\'er, the featuregram is compared with a different user's featuregram archetype..\nothcr set of scc>res is protlucetl, this time c>rrcsp,nding to impostr>rs.

licfcrring to l;igure 22, frequency of scores for valid users and imprstots arc fitted t<> first and second probability density functions 67', (37 rcscctivel! using:

- O] -

p(x) = (),, exp|_ (Inx) -1 whcrc, p is prol>abilit\;, x is score, is mean score and is stanclard Icviati<>n.

(.)ther prt>babilitv clensitv functions tnay bc usecl.

l'hc mean score p; ftr valic1 users is cxpectccl to bc 1o\vcr than thc mean sc>rc, fc>r the imp<,stors. I;urthermtte, the standard deviatiorl 6, for the valil users is usually smaller than thc standard deviatirn 62 of the second densit! function 70 Referring t<' I:igurc 23, thc first and second prr>bability dcosity functions 67,, (72are numerically integratecl t. proLIuced first and scc<>nd continur.us clensits functir>ns G8,, 68. 'I'hc pc>int of intcrscction G') of the hrst and seconcl cr>ntinuous densit\; functions 174, 174, is thc cclual errrr rate (1.RIt), wherein FRR = [;/\R. 'I'he scrrc at thc point of intersecti>n Gt) is usel as a pass score for the prompt.

(.reaiinp, an authenication biomefric lleferring t<> I;igure 24, an authenticati<>n bir>mcttic 70 is shown. 'I'hc authenticatior bir>metric 7() comprises sets of clata 71, 712,...71, ct>rresponcling to fcatureram archet'pes G5 and associated prompts 72. 'I'he authentication biometric 7() rrla, 2n further c'mprise ancillary informati'n including thc number of prmpts n> l, issued uluring authcnticatitn 7.3, sc<>ring strategy 74 ancl gain settings 75. 'hc biometric 7) ma, include further information, f<>r example rclatecl n, high-lc cl k:>gic for analysing scores.

25 'lhc authenticaticm biometric 7() is stored in storage 2(, (};igurc 4).

Matching autIJentiationJeturee,rans wiff tI,e anthentication bioe/rie Rcferring t> I;igure 25, a clnamic titue warping prrcess 77 is usel n, c<, mparc a speech featuregram.35 ibtainecl clurirl authenticatir>rl with a speech fcaturegram 30 archetspe 65 obtained cluring cnr>lment. 'I'his is achieecl bv c,mpressing anci/or cxpancling, ciiffercnt sections of thc speech featurcyram.35 until a rcgi>n inside thc

- _ 4 specch fcaturegram.35 matches the speech featurcgram archctvpc (5. The best fit is known as the winning path anti a "cost of alignmcot'' 78 is <output which specifics ht'vv cleric the fit is. 'I'hc cost 73 is used t, cletcrminc whether the speech featurcgram.35 is sufficicntl! Accuse" to the speech featuregram archetype G5 and 5 thus whether to validate the user.

Dynamic time warping is described in more detail on pages SKI to 22G c>f "I undarocntals of Speech Recognition" spar.

70 ()ther types of biometric data mat; be used instead of voice. '[these may include permanent biometric data such as physical characteristics such as fingerprint handprint face pattern scent 1)N,\ iris pattern and retinal configuration.

I'crmanent biometric data do not change or substantially do not change. These ma! include generatablc biometric data such as handwriting or acoustic signature.

1) Rcfetring to Figure 26 the clictIt computer 5 may include one or more sensors.3) 3'), -IN for capturing biometric data. The sensors 39. 39. IN may he peripheral devices connected via the input/'utput circuits 21 car incorporated into the server computer 5. If authentication using voice is not used then the microphone 20 amplifier <),L/I) converter li) and filter 11 ma' be omitted.

The server computer 6 runs an atthenticati'n server appropriate to the fir each type of biometric data.

2s Authentication using fingerprint A method of authenticatiotI using finecrprint will now be described.

I'he method is similar to the method of authentication using spoken rcsponscs.

However there are some diffcrcnccs including the type of biometric data used 30 namely fingerprint the manner in which it is captured the number <of specimens taken the manner in which it is charactcrised the form of data which is returned to the authentication scrap er 39 and the manner in which the data is processed by the server 39. '1'hc method ma!' also hIcludc appropriate calibration anal sanit\ checks.

- Rcfcrring to Figure 2(i, the first sensor 3), is suitable for recording fingerprints and ma.v include optical or capacitive arratlgcments for recording a fingerprint pattern.

I',xamples <>f fingerprint sensors are given in (;13-iL-1.3777)7, W()-i\971234() and 12 1- iN - 1.394(4.

l'hc client computer 5 dovnll>ads a lava a>plL.t..1 as described earlier. 'lthc lava apples coLIe.33 causes the clicut computer 5 to rcqucst the user to provide a fingerprint, for example by asking them to >lace a finger against the sensor 39, It to also causes the client computer 5 generate characteristic <1ata for charactcrising the fingerprint, fi>r example as described in chapter 5 of 'Introduction to I;ingerprint

(:omparison" by (Tary Jones (2())1)) llSBN ()-)(>filt)7()-3--81 and in C.A-1577797.

I:or example, this may include detcrminitl the Ic>cations of an end of a ridge or valley, or bifurcation. 'I'hus, the characteristic data may comprise a plurality of sets t, of co-l>rlinates. The Java apples code..3 causes the client computer 5 to transmit the characteristic data to the server computer (I.

I'hc server computer 6 may (during cnrl>lmetlt) store the characteristic data in the authentication biometric 7(). The server computer 6 (during authentication) may 20 compare characteristic data stored in the authcotication bil>mctric \vith characteristic data gcncratcd during authenticatil>n and determine whether there is a match. (generating characteristic data at the client computer 5 has several advantages. It As reduces the amount of information transmitted to the server computer 6, it is more robust and it helps to share processing betwccrl the client and server computers 5, 6. ilthougl1 the embodiments hcreinhef<>re described using the single type of (7 biometric, two or more biometrics may bc used. '[thus, the authentication biometric Slav store data relating to two or more difEcrcut types of biometric l;-,r cxamplc, cnrolment may involve recorcling spoken rcspl>nscs and fing:rpritlts. 5; ulscLucnt authcotication may require the user to pr<>vidc spoken rcsplnses and/or

- 2() finds rprints L' sing two car more biometrics has the advantage car providing additional security.

It will be appreciated that many modifieatic>ns may he made to the cml> oclimcnts 5 described above. I;or example a Java application or an c:; ceutable file may bc dc>wnloac3c cl to the client computer and run. () thet types calf elude which are clynamieallv low-nl,adahle and executable may be used. '['he eoclc may be an interprc:ted or Compiled code. iN single or many Java applcts may be dovnlcaded for example one apples for recording one applct for cndpointing CtC. fat single 0 apples may be used for both enrolment and authentication. Separate server e<>mputcrs may he used for the wel> server and the authentication server 'the client Computer may unload the Computer program from memory after e:<eeuticn and this may be done automatically. It will also be appreeiatccl that the terms "authenticating" and "identifying" may be used interchangeably.

I;

Claims

>7 Claims

1. meth<'cl c>f authentication fc>r use over a nctwc>rk thc mcthtd ec> mprising: transmitting a computer program from a serter et>mputer tc> a elieut e>mputcr s and cxeeuting saicl ettuputer prc,gram at saicl elicat ec>mputer said client ec>mputer thercaftcr reclucsting a user tc> prc> vide bic>mctrie data c>l>taining a reeortlecl signal based c>n said liometrie data deriving eharaeteristie data frc>m said reeorcled signal for eharaeterising said hiometrie data and transmitting said eharaetcristie data frc>rn 0 saicl client ecmputer to a server computer.

2. A methocl aeeording to claim 1 wherein recluesting said user t<> >n> vicle biometric clata comprises requesting saicl user to prcviclc a response.

15 3. A tneth<>d aeecrcling to claim 1 c>r 2 wherein c>htaining said recorded signal basec3 Ott saitl 1'iometrie clata et>mprises obtaining a reec>rded signal including a reeorcled signal portion eorrespt>nding tc> said response.

4..\ metht>tl aeec>rcling to any preeecling claim wherein deriving eharaeteristie 20 data from said rce>rdccl signal fe>r eharseterising said 1,iometrie tlata eornprises cleriving a set rf feature data fc>r characterising said recorded signal pcrti<>tl.

5 A method aeeording to claim 4 vhercin transmitting saicl eharaeteristie data from saicl client e<>mputer te> a server ecmputer ec>mprises transmitting saicl set cf 2s feature data from said client ee>mputer tr> a server er>mputer.

G. methcd aee>rcling to claim 5 further eom>risitlg saicl elicnt eomputet-

ealilrating an input tleiee ancl setting a signal level c>f saiel ree<> rclecl signal.

3tJ 7. A mcthotl aeeortling tc> claim S 'r 6 further ec>mprising saict elicnt computer determining an cndpc>int c>f said reec>rclcd signal.

- ox Pi. A method aee,rding tat claim 1 wherein c>hraining the teeordctl signal e>mpriscs capturing generatablc biometric data.

). A meth<><l aee>rling to claim I or wherein:>btaining the recorded signal 5 comprises capturing transient biometric data.

t(). A method aeeerding to any preceding claim \vherein requesting said user tr> pr<>vide biometric Llata comprises requesting said user to provide a spoken response to a prompt.

11. A meth<>d aceor<ling t<> claim It) wherein obtaining said recorded signal laseLl on said biometric data comprises obtaining a recorded signal including a recorde signal portion eorresp<'nLIing to said spoken rcspc>nse.

15 12. A method aee>rding to claim 11 wl1crein deriving characteristic data from said recorded signal for eharacterising said biometric data comprises deriving a set of feature vectors fair eharaeterisinK said recorded signal p<.>rtion.

13. A meth<>d ace<'rding to claim 12 \vherein transmitting said characteristic data 20 from said client et>mputer tr> a server eon1putLr comprises transmitting saiL1 set of feature vectors from said client e> mputer to a server computer.

14. A method aeecrding tt> claim 13 further comprising said client c> mputet calibrating a microphone arid an amplifier her setting a signal level of said rec>rdLd 25 signal. 15. A method aee,r<:ling to claim 13 or 14 further comprising said client computer determining an endpoint 'f said recorded signal.

so IG. A meth'LI aeetrding to claim t or herein <'btaining the ree'r<led signal e<'mprises capturing permanent biometric data.

( 99 17. A mcthr>l accorrling to claim 1 X r>r I(> rerucsting said user to prrvidc liometric clata comprises rcltlesting saicl USttr tr> proviclr a written rcsponsr. tr> a pr()mpt. 18. \ methr>d accr>rrling to claim 17 wherein r>btaining said recorded signal based r>n saict liometric data cr> mprises r>btaining a recr>rLleri signal inclurling a recorded signal portion corresponding to said written rcsporlsc.

1').,\ methr>d acc<>rcling tr> claim 1 wherein obtaining thc recr>rded signal 0 comprises rearling permanent 1'iomctric rlata.

2).:\ mcthr>d accryrding tr> claim I or 1) wherein requesting thc user to provide biometric rlata cr>mprises rcquestirlg said user tr> submit at least a body portion fr>r scnsirlg b a biometric sensor.

1> t. A method accr>rding to claim 1 19 r>r >() whcrcin reading said biometric data comprises capturing an image.

22. iX methr>rl according tr> claim I or an! onc of claims t9 tr> 21 whcrcin reading 2) said liometric data comprises rccr>rcling a pattern.

23..-\ method according tr> claim I r>r an! 1>21C <>f claims 19 tr> 22 wherein rearling said bi<>mctric data comprises recording a configuration 2s 24. A method according to claim I r>r anx onc of claims 19 to 23 whcrcin obtairling said recr>rcled signal based on said bir>mctric rlata comprises recr>rrling a represcntatirn of said biometric data.

?5 method according tr> claim I or an! onc rf claims 1) to 24 wherein 30 obtaining said rccr>rrlcd signal based on saicl biornctric clata cr> mprises taking a fingerprint.

- 3() -

26 i\ method accrrding to claim 1, 1) or 2(), wherein reading said hi'mctric data comprises gritty a chemical sample.

:>7. A methocl according to claim 2(i, \vhercin taking the chemical sample s comprises sampling sccot.

Ott. A method according to any preceding claim, comprising said client computer rcclucsting said computer program from said sen-er computer.

ttJ 9). A mcth>d according to any preceding claim, cotnprising said client computer dytlamic.llly dt>\volc>ading said computer pr>gram from said server computer.

At). a\ method acc<>rding to any preceding claim, comprising said client cc>mputcr accessing a -cl:, page provided by the server c<>mputcr and rcclucsting said Muter s pr<>gran1 from s.licl server c<>mputcr without prompt by the user.

31..\ method according to any preceding claim, herein executing said computer program >ccurs substantially immediately after said cotnputcr program is transmitted from a server computer to a clicat c<>mptltcr.

All 32. i\ method according to any preceding claim, further comprising said client computer requesting the user to provide further biometric data, obtaining recorded signals for respective biometric data, deriving respective characteristic data and transmitting said characteristic data from said client c<'mputcr t> said server 2s cr:>mputcr. A method according to any preceding claim, furtller comprising said server computer combining characteristic dam s> as t, >r>vidc archetype characteristic data. 3) 34. A methotl according to any preceding claim, further cotntrising said server c<>mputcr c>mparing characteristic data with archetype characteristic data so as to dcrermitle a sc'rL depcodent upon a degree of matching.

( - 31

35..\ metilotl of vc>ice authentication for use c>ver a network subsranrialls as herciril'Lf'rc dcscrilcd with rcfercncc tr' l:igurcs 1 tr> 9 <>f thL accc>mpaliving clra\vings. 3G.,\ meth>cl >f operatilig a serves eomptitcr comprising: rcccivill, a reclucst fr<>m a clieot computer; transrilitting a computer program tt> the client cc>mputer, said et>mputcr prr>granl \vhcn executecl by a computer causing saicl c<> mputcr to recluest a user to 10 prt>vide lliJmetric data, tr' obtain a rec<>rdecl signal inclucling a recorded signal p>rtiotl l.'ascd <>n saicl bi>metric data, tr> derive characteristic clata fr<>m saicl recordccl siptial cc>rrestncling to said bic>metric data and tc> transmit said characteristic data from said client eomputcr tc> a server computer.

37. iN merh>cl according to claim.3(>, further crmprisitig: receivins; said characteristic data from said client cr>tnputer.

38. \ merhocl accc>rding to claim 3G or 37, further comprising: c> mbitling characteristic data so as tr> prr>vidc arciletvpe characteristic data.

2() 39. '\ methr>d acc>rding to claim 36 c>r.37, further cr>mprising: cr> mparing characteristic data with archc type eharactcristic tlata so as tr, determine a score depcncietit upon a Iegree <>f matching.

2; 40..\ method t>f operating a server ec>mputer substantially as hereinheforc describecl \vith reference to I4igures l tc> 9 >f thc acc> mpanyirig drawings.

41. 'Npparatus c'nfigured t<> perf<>rm the meth<->d aceorcling t<> anx precccling claim. 42..\ metil,d >r apparatus according t<> ens preceding claim, \vherein the server cc>mputers arc the same.

( 3 - 4.. \ method or apparatus aecr>rding t, an\' preceding claim, wherein saic1 computer program is cxecuralle Otl a virtual machine.

44. A method or apparatus accrling to an! preceding claim, wherein said 5 computer program is in lava.

45. A meth<>d or apparatus according tt> any preceding claim, \vherein said computer program is a lava apples.

lo 4G. A signal rcprcsentillg contrc>l codes for causing computer apparatus to perform a method comprising requesting a user to provide biometric data, obtaining a recorded signal leased 'n said biometric data, deriving characteristic data fr<>m said recorded signal for characterizing said biometric data and transmitting saicl characteristic data from said client computer to an<:>ther computer apparatus.

I; 47. A signal according to claim 4(S representing bytecode of a lava apples.

4X. \ signal representing control codes for causing c<:>mputer apparatus n, perform a method accordions to any one of claims.36 to 4).

49. data carrier storing a signal according to any one <>f claims.36 to 4(.