Search

US-12626706-B2 - Authentication using a conversational user interface

US12626706B2US 12626706 B2US12626706 B2US 12626706B2US-12626706-B2

Abstract

A one-time passphrase is transmitted from an authentication system to a personal communication device of a user. The one-time passphrase includes common but incongruous words. The user is prompted to verbalize the one-time passphrase to a processor-implemented, conversational user interface. Utterances from the user are received by a conversational user interface, and the utterances are communicated from the conversational user interface to the authentication system via a trusted communication channel. The authentication system determines, using speech recognition, presence or non-presence of the one-time passphrase within the received utterances. The authentication system authenticates the user in response to detecting presence of the one-time passphrase within the received utterances.

Inventors

  • Eric Saund
  • KYLE DENT
  • John T. Maxwell, III
  • Jesse Vig
  • Daniel G. Bobrow

Assignees

  • Genesee Valley Innovations, LLC

Dates

Publication Date
20260512
Application Date
20210329

Claims (17)

  1. 1 . A method comprising: receiving an open credential from a user; determining, based on the open credential, an address of a personal communication device of the user; sending a one-time passphrase transmitted from an authentication system to the address of the personal communication device; prompting the user to verbalize the one-time passphrase via utterances to a processor-implemented, conversational user interface; determining, by the authentication system using speech recognition, presence or non-presence of the one-time passphrase within the utterances; in response to detecting the presence of the one-time passphrase within the utterances, authenticating the user to a session; and during the session, re-authenticating the user by: prompting the user to provide subsequent utterances, which include a subsequent one-time passphrase different from the one-time passphrase; and determining presence or non-presence of the subsequent one-time passphrase within the subsequent utterances.
  2. 2 . The method of claim 1 , wherein the personal communication device communicates the one-time passphrase to the user via a non-textual, graphical representation of common but incongruous words.
  3. 3 . The method of claim 1 , wherein the session provides the user access to a protected resource, wherein the re-authenticating further comprises: determining an initial voiceprint of the user based on the utterance; determining subsequent voiceprints of the user based on the subsequent utterances; determining a match between the subsequent and initial voiceprints exceeding a predetermined confidence threshold; and revoking access rights of the user to the protected resources in response to a mismatch between the subsequent and initial voiceprints.
  4. 4 . The method of claim 1 , further comprising receiving via the conversational user interface, a command from the user to terminate the session.
  5. 5 . The method of claim 1 , further comprising, during the session: storing change commands involving protected resources in response to verbal input by the user; and executing the stored change commands in response to the re-authenticating of the user.
  6. 6 . The method of claim 1 , wherein the utterances from the user include common but incongruous words that are selected to be easily pronounced and detected with high confidence by a voice recognition system.
  7. 7 . The method of claim 1 , wherein the utterances from the user include common but incongruous words embedded with other conversational verbiage generated by the user.
  8. 8 . The method of claim 1 , wherein the personal communication device communicates the one-time passphrase to the user via a tactile representation of common but incongruous words.
  9. 9 . The method of claim 1 , wherein the open credential is received via the conversational user interface.
  10. 10 . A method comprising: receiving an open credential from a user; determining, based on the open credential, an address of a personal communication device of the user; sending a one-time passphrase transmitted from an authentication system to the address of the personal communication device, the one-time passphrase comprising common but incongruous words; prompting the user to verbalize the one-time passphrase to a processor-implemented, conversational user interface; receiving, by the conversational user interface, utterances from the user and communicating the utterances from the conversational user interface to the authentication system via a trusted communication channel; determining, by the authentication system using speech recognition, the presence or non-presence of the one-time passphrase within the received utterances; authenticating, by the authentication system, the user in response to detecting the presence of the one-time passphrase within the received utterances; after authenticating the user, storing change commands involving protected resources in response to verbal input by the user; prior to executing the stored change commands: prompting the user to verbalize a second one-time passphrase to the conversational user interface via the personal communication device; determining, by the authentication system using speech recognition, presence or non-presence of the second one-time passphrase within second utterances communicated from the conversational user interface to the authentication system; and re-authenticating the user in response to detecting presence of the second one-time passphrase within the second utterances; and executing the stored change commands in response to successfully re-authenticating the user.
  11. 11 . A system comprising: an authentication system operable to: receive an open credential from a user of the system; determine, based on the open credential, an address of a personal communication device of the user; transmit a one-time passphrase to the address of the personal communication device, the personal communication device prompting the user to verbalize the one-time passphrase; and a processor-implemented, conversational user interface operable to: receive utterances from the user in response to the prompting; and communicate the received utterances to the authentication system; wherein the authentication system is operable to: determine, using speech recognition, presence or non-presence of the one-time passphrase within the received utterances; authenticate the user to a session in response to detecting presence of the one-time passphrase within the received utterances; and during the session, re-authenticate the user by: prompting the user to provide subsequent utterances, which include a subsequent one-time passphrase different from the one-time passphrase; and determining presence or non-presence of the subsequent one-time passphrase within the subsequent utterances.
  12. 12 . The system of claim 11 , wherein the personal communication device communicates the one-time passphrase to the user via a non-textual, graphical representation of common but incongruous words.
  13. 13 . The system of claim 11 , wherein the session provides the user access to a protected resource and, wherein the re-authenticating further comprises: determining initial voiceprints of the user based on the utterances; determining subsequent voiceprints of the user based on the subsequent utterances; determining a match between the subsequent and initial voiceprints exceeding a predetermined threshold; and revoking access rights of the user to the protected resource in response to a mismatch between the subsequent and initial voiceprints.
  14. 14 . The system of claim 11 , wherein the system is further operable to receive a command from the user via the conversational user interface to terminate the session.
  15. 15 . The system of claim 11 , wherein the utterances from the user include common but incongruous words that are selected to be easily pronounced and detected with high confidence by a voice recognition system.
  16. 16 . The system of claim 11 , wherein the utterances from the user include common but incongruous words embedded with other conversational verbiage generated by the user.
  17. 17 . The system of claim 11 , wherein the personal communication device communicates the one-time passphrase to the user via a tactile representation of common but incongruous words.

Description

SUMMARY The present disclosure is directed to authentication using a conversational user interface. In one embodiment, a system and method involve sending a one-time passphrase transmitted from an authentication system to a personal communication device of a user. The one-time passphrase includes common but incongruous words. The user is prompted to verbalize the one-time passphrase to a processor-implemented, conversational user interface. Utterances from the user are received by a conversational user interface, and the utterances are communicated from the conversational user interface to the authentication system via a trusted communication channel. The authentication system determines, using speech recognition, the presence or non-presence of the one-time passphrase within the received utterances. The authentication system authenticates the user in response to detecting the presence of the one-time passphrase within the received utterances. These and other features and aspects of various embodiments may be understood in view of the following detailed discussion and accompanying drawings. BRIEF DESCRIPTION OF THE DRAWINGS The discussion below makes reference to the following figures, wherein the same reference number may be used to identify the similar/same component in multiple figures. FIG. 1 is a diagram of a system according to an example embodiment; FIGS. 2-4 are sequence diagrams of methods according to example embodiments; and FIG. 5 is a flowchart of a method according to an example embodiment. DETAILED DESCRIPTION The present disclosure is generally related to user authentication for access to computing resources. The concept of access authentication far predates modern computers. In human history, it has been common for different individuals to be permitted different access rights to protected resources, which often was access to a particular physical location, e.g., building or room, which contained valuable objects, important people, etc. Access to these physical places may be gated through the use of known-person verification, physical keys, secret passcodes, etc. For example, those wishing to enter an area would be challenged to supply a password that was distributed throughout an organization, and guards would only allow those who could say the password to pass. In modern computer systems, a person of authority in an organization (e.g., a systems administrator) distributes secret passwords to individuals in the organization. Access to computer-based resources can be gated through the use of these secret passwords, which are entered using keyboard, keypad, or touchscreen. Often, in order to prevent onlookers from obtaining the password by reading the screen, the characters of a typed password are not displayed. Still, it is possible for unauthorized parties to obtain a secret password by observing keystrokes. To guard against passwords being observed by unauthorized parties, some systems use one-time passwords. One way of informing the intended user of a one-time password is to have the system send the password to their personal device, as a call-back message. When combined with an initial input of a long-term password, this is known as two-step authentication. Increasingly, automatic speech recognition enables users to interact with computer systems through spoken utterances. When seeking access to protected resources, it is undesirable for the user to speak a long-term secret password aloud because it could easily be heard and taken by others. However, the concept of verbal authentication is desirable, as it convenient and comes naturally to most users. Therefore systems and methods are described below that can provide a secure means of user identification that can be performed through open speech acts. Currently, access to protected resources in computer systems is gated in a number of ways. For example, a login session may be established, with establishment and termination of authentication provided by one or more of the following: a long-term password entered via keystrokes at a keyboard; a long-term password entered via alphanumeric button presses on a touchpad; a long-term password entered via alphanumeric button presses on a touchscreen; biometric measurements such as iris scanning, fingerprints, and voiceprints; and two-step authentication. For two-step authentication, a long-term password is entered on a keyboard or other manual process involving a screen or physical input device. This is followed by the system sending a one-time use password to the intended user's device, which is assumed to be under the control of the correct user. The user then enters this one-time password manually using the keyboard or similar physical input device. When the user is finished accessing protected resources, they perform a logout operation. If the user does not perform any operation under a login session for a given period of time (the timeout time), then the system may automatically exit the log