Speech Verification Secures More Enterprise Apps

Experts at the SpeechTEK show say that authentication by voice is so easy for users that it can cause them to doubt a system's security.

NEW YORK—Speech recognition is becoming widely adopted by business with wildly variable results, but one productive use of the technology is speaker verification—the use of a voice print to replace typed passwords and PIN numbers.

A panel of experts at SpeechTEK 2005 described ways that speaker verification systems can add simplicity and security to the process of logging on to a network.

"Everybody loves security until they have to use it," said Andy Osburn, CEO of Diaphonics Inc., a provider of security solutions based on voice verification. His company has found that certain situations are well suited for speaker verification systems and others are poorly suited to the technology.

He suggested that password resetting for an in-house help desk is an ideal task for starting out with speaker verification systems, because the risk is low and the immediate return is high. But he cautioned against viewing speaker verification systems as a panacea. "Voice is not the solution to all verification challenges, but many times it is a competitive solution, and often it is the best solution."

Osburn cited two examples in which speaker verification was a good solution. One was a banking application for wire transfers, where the typical user was a sophisticated mobile professional who typically called in by cell phone to perform a limited range of functions. The second was a law enforcement scenario in which officers needed quick access to data from the field via cell phone. Implementations of speaker verification systems tend to fail when theres not a clear business case for the technology or when the buyer comes in with unrealistic performance expectations.

/zimages/6/28571.gifClick here to read how speech apps can wring more revenue from mobile users.

Human factors also play an important role in a successful installation of a speaker verification system. Jennifer Wilmer, VUI design specialist for Intervoice Inc., described the results of research the company performs at its Center for User Experience, which showed that many callers feel uncomfortable if they can log in too easily, because they fear that their private information isnt being protected well enough.

"If your callers dont feel secure, they wont use [the system]," she said. Those fears remain strong even when the application doesnt store much personal information. The users dont know that, so they feel unsafe and may refuse to adapt to the system. "Whats apparent to you as a business may not be apparent to your callers," she said.

Wilmer pointed out the importance of putting the needs of the user first; "User paranoia comes from creating security requirements based purely on business requirements and not based on user requirements," she said, but she also showed how its possible to allay fears by telling callers why youre asking for certain pieces of information, using phrases like "For security purposes, please tell us…"

Sometimes callers feel insecure because of what they infer about questions you ask. She described a self-service pharmacy application that asked callers only for their prescription number and their zip code, which might lead a caller to wonder "Am I the only person in my zip code whos taking Viagra?" But she emphasized that a well-designed and thoroughly tested speaker verification system can ensure that your callers will feel confident about you as a company.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.