A very common question. Permit me to intrude further into this thread with some more information, and I'll also try to relate it to facial recognition.
"What if I have a cold?" --> Voiceprints measure behavioral characteristics of the voice, as well as physical characteristics of the person's vocal track, which don't change when hoarse or nasal. (Facial recognition also uses a combination of characteristics such that adding a beard or glasses will just raise or lower the confidence level of the identification)
I'll pre-empt the other two most common questions: "What about impostors using a recording of my voice?" --> Analog-to-Digital recording, followed by Digital-to-Analog playback through the speaker, results in degraded data insufficient to match the voiceprint. High-end recording equipment fooling the system is eliminated by using "something you know" information and liveness testing -- in other words, asking the person to repeat numbers, words, or phrases that aren't introduced in advance.
"What about impressionists imitating me?" Voiceprints capture more voice features than mimics can copy, so they are not easily tripped-up by impressionists.
I imagine facial recognition has a similar story, that masks and disguises are unlikely to trip up the systems, though they would certainly lead to more false rejections.
In the end, multiple factors ("what you have" or "what you know") are required to ensure better security for any biometrics, just as face recognition should never just be about the face. The other key component is determining level of security -- tuning parameters for an acceptably low False Accept rate (we don't let ANYONE in) vs. a False Reject rate (but we don't want to inconvenience our customers). Backup security is helpful to have in case of false rejects... just like being directed to an operator when you forget your over-the-phone PIN.
Hmmm, sorry, this IS slashdot, was I supposed to throw in some cynical comment in here too?
Couldn't agree more with the multi-factor biometrics authentication story ("what you have" / "what you know" / "who you are"). The real problem with the facial recognition is the equipment required to install it anywhere where you would need a password challenge. I don't expect either banks or consumers to be running out and buying cameras to mount at all terminals where a password challenge is required. Hardware like that is expensive. And frankly, ATM security seems to be pretty fine for most folks because it is multifactor (know the PIN + have the card).
No, there are other places where biometrics security makes a lot more sense. I'm a big fan of speaker identification & verification, especially for over the phone transacations. Especially as the world goes mobile. Who wants to key in a password via T9 when you can accomplish the same thing with the voice channel built into the phone? And it's something you have (phone/ANI), something you are (voiceprint), something you know (spoken password... you know, like "Big Boy"). Best part -- no expensive hardware.
Disclosure: Yes, I work at a company that sells the stuff. I prefer to think that makes me a subject-matter expert, not a shill.
Slashdot Mirror
A very common question. Permit me to intrude further into this thread with some more information, and I'll also try to relate it to facial recognition.
"What if I have a cold?" --> Voiceprints measure behavioral characteristics of the voice, as well as physical characteristics of the person's vocal track, which don't change when hoarse or nasal. (Facial recognition also uses a combination of characteristics such that adding a beard or glasses will just raise or lower the confidence level of the identification)
I'll pre-empt the other two most common questions:
"What about impostors using a recording of my voice?" --> Analog-to-Digital recording, followed by Digital-to-Analog playback through the speaker, results in degraded data insufficient to match the voiceprint. High-end recording equipment fooling the system is eliminated by using "something you know" information and liveness testing -- in other words, asking the person to repeat numbers, words, or phrases that aren't introduced in advance.
"What about impressionists imitating me?"
Voiceprints capture more voice features than mimics can copy, so they are not easily tripped-up by impressionists.
I imagine facial recognition has a similar story, that masks and disguises are unlikely to trip up the systems, though they would certainly lead to more false rejections.
In the end, multiple factors ("what you have" or "what you know") are required to ensure better security for any biometrics, just as face recognition should never just be about the face. The other key component is determining level of security -- tuning parameters for an acceptably low False Accept rate (we don't let ANYONE in) vs. a False Reject rate (but we don't want to inconvenience our customers). Backup security is helpful to have in case of false rejects... just like being directed to an operator when you forget your over-the-phone PIN.
Hmmm, sorry, this IS slashdot, was I supposed to throw in some cynical comment in here too?
Couldn't agree more with the multi-factor biometrics authentication story ("what you have" / "what you know" / "who you are"). The real problem with the facial recognition is the equipment required to install it anywhere where you would need a password challenge. I don't expect either banks or consumers to be running out and buying cameras to mount at all terminals where a password challenge is required. Hardware like that is expensive. And frankly, ATM security seems to be pretty fine for most folks because it is multifactor (know the PIN + have the card).
No, there are other places where biometrics security makes a lot more sense. I'm a big fan of speaker identification & verification, especially for over the phone transacations. Especially as the world goes mobile. Who wants to key in a password via T9 when you can accomplish the same thing with the voice channel built into the phone? And it's something you have (phone/ANI), something you are (voiceprint), something you know (spoken password... you know, like "Big Boy"). Best part -- no expensive hardware.
Disclosure: Yes, I work at a company that sells the stuff. I prefer to think that makes me a subject-matter expert, not a shill.