Add Voice Biometrics to Mobile Apps

Using Voice Biometrics With Mobile Phones

While there are certainly many different applications for voice biometrics on mobile phones, there are only a few roles that a mobile phone plays with respect to voice biometrics. So to start, let's review them:

• Mobile Phone (No App).  Although obvious, it's worth mentioning that the primary function of a mobile phone is as a telephone. In this scenario, you would place a call over the public switched telephone network (PSTN) and your voice would be captured by a remote IVR or Call Center system for voice biometric analysis. Mobile in this case means portable, as not all mobile phones are smartphones. There are many situations where possessing a mobile phone and talking over the PSTN is quite good for voice biometrics applications.
• Voice Biometrics App (Local Mode).  This is probably the scenario most people would think of relative to using voice biometrics on a mobile phone. In this case we would need a smartphone and a related voice biometric-enabled app. And here "local" means that the voice biometric technology runs locally, without needing access to the PSTN or a WiFi network. One big advantage of this approach is you avoid paying telephone connection charges to a carrier.
• Voice Biometrics App (Cloud Mode).  This scenario would also require a smartphone. However, the smartphone app would only capture speech samples from the user -- there would be no local voice biometric processing software. The speech samples are sent over the carrier network / WiFi to a remote voice biometric service operating in the cloud or a client's own data center. This approach still avoids telephone carrier connection fees, but it also allows for centralized storage and management of voiceprints.

Within this article we'll dive into each of these mobile phone roles a bit more, and then we'll discuss some potential development approaches for smartphone apps.

The Case for Regular Mobile Phones

For users with regular, non-smart mobile phones there is unfortunately no way to leverage the power of voice biometric technology without being on a phone call that involves the carrier's telephone network. But, the fact is, this isn't necessarily a bad thing for many potential uses of voice biometric-based mobile phone authentication.

Advantages:

• No Mobile Development Costs.  There's no "app" to build, deploy, maintain, and support. These can be huge costs for many organizations.
• Large User Base.  The fact is: not everyone can afford a $300-$1,000 smartphone. In so many places around the world, flip phones and non-smart phones are the norm.
• 2-Factor Authentication Works Great.  Placing an outbound call to a registered number provides some level of the "something you have" factor. Of course, it could be argued that it's easy to forward a phone number; however, that's where voice biometrics comes into play. A fraudster might have your phone, but they won't have your voice.

Disadvantages:

• Added Carrier Costs.  Call connection fees will apply. However, there are many low-cost carrier networks, and NOT having app development costs may offset any carrier cost concerns.
• Limited Authentication Factors.  You won't really be able to exceed 2FA with a regular mobile phone. For many use cases however, this is still quite acceptable.

Although the tendency with mobile phones is to lean toward development projects with smartphone apps, VBG still supports many client applications globally that leverage regular phones. Simply stated, the use of non-smart phones with voice biometrics is still considered a "best practice" in many circumstances.

The Case for Smartphones

The use of smartphones with voice biometrics is clearly on the rise. But what's helping to fuel this trend? For one thing, carriers are reacting to the popularity of smartphones and are offering fewer and fewer regular (non-smart) phone options to their customers. Also, phone manufacturers understand that not everyone can afford $1,000 smartphones, so they are expanding their product lines to offer lower-priced alternatives with less features, different materials, etc.

Technical Capabilites

Perhaps the most important driver to smartphone adoption is the wealth of technical capabilities they possess. Today's smartphones are really full-featured computers, packing tons of memory, storage, and processing power into a tiny package. They support highly sophisticated chipsets and algorithms (including encryption). And, with the proliferation of high-speed data (WiFi) network access, the breadth of potential mobile applications is limitless.

The unfortunate reality of today's world is that fraudsters have become extremely sophisticated and technologically advanced. So, to help strengthen your voice verification (or identification) process, equally sophisticated and technically advanced authentication approaches are warranted. And smartphones are a clear and obvious tool to consider. So, what are some of the other key considerations for using smartphones with voice biometrics?

Advantages:

• Accessibility.  The use of smartphones is growing, and people are very rarely without their smartphones for long. Smartphones give you an "always available" factor.
• No Call Connection Charges.  Smartphones allow people to talk without paying carrier connection and transport fees. This is critically important for large user communities with large authentication needs.
• Multi-Factor Authentication Support.  The technical capabilities of smartphones allows for true 3 (or more) factor authentication to take place, increasingly a requirement for many companies.
• Lower Deployment Costs.  Since people are already carrying smartphones, that's one less expense for a company to have -- especially when compared to stand-alone tokens. And, smartphone users tend to take personal responsibility for their phones.

Disadvantages:

• Development Cost.  The main disadvantage of smartphones relates to the costs to develop, deploy, maintain, and support mobile applications. Hopefully, these costs are balanced out by the potential fraud costs that would occur if you didn't have your smartphone app(s).
• Economic Segregation.  Regardless of the efforts of mobile phone carriers and manufacturers, smartphones are still not affordable and available to all. This can not only be limiting to your organization, but can also create unwelcome consequences with your corporate image.

VBG is supporting more and more smartphone applications over time. So, we'll next take a look at the "local" vs. "remote" question related to the location of the voice biometrics functionality.

Using "Local" Voice Biometrics

Assuming you've reached the point where you're committed to developing a mobile app that incorporates voice biometrics, another key consideration is whether the voice biometric functionality resides on the phone (i.e., is "local") or is on a server somehere (i.e., is "remote").

It's a complex consideration, with no 100% correct answer. And, there are of course advantages and disadvantages to each approach. So, we'll first explore the local approach.

Local Advantages:

• Always Available.  You will ALWAYS be able to use voice biometric functionality if it is located on the smartphone; the same is not true for remote processing should network access become temporarily unavailable.
• No Latency.  If the voice biometrics functionality is local, there will be no latency related to device distance from the remote server, busy network traffic, etc.
• Distributed Enterprise Credentials.  Those with enterprise-wide authentication needs may favor the use of distributed credentials. That is, there is less risk from NOT having all voiceprints residing in one centralized repository.
• Isolated Individual Credential.  Related to the above point, some feel that security credentials should never be transmitted. And, security credentials should never be shared or made available across multiple websites or applications.

There are other advantages too, but these are perhaps the most important. Further below we'll consider the case for "remote" deployments of voice biometrics. As you might imagine, advantages of one approach are sometimes viewed as disadvantages of the other (and vice versa).

FIDO Alliance

These last two points made above, about centralized vs. de-centralized credentials and the transmission of credentials, are critically important to many companies in many industries.

Approximately 8 years ago, the FIDO Alliance was formed to address these very concerns. It is beyond the scope of this article to explain everything about the FIDO Alliance, but interested readers are strongly encouraged to visit their site. It is a very good organization, with worthwhile objectives and standards.

Development Tools

As you can imagine, the use of on-device voice biometric processing requires either an installable SDK from a voice biometric vendor, or on-device (chip-based) capabilities which are exposed by the mobile phone manufacturer via their preferred development APIs. And, development will generally be more complex.

Apple iPhone:

• Mac Computer.  To start with, you'll need a Mac computer running the latest version of OS X.
• Objective C.  Most iPhone apps are developed in Objective C, using Xcode.

Android Phone:

• Any Computer.  Android offers a more flexibility for the development environment (Eclipse is recommended).
• Java.  Java is the native language for Android. Download Android SDK "bundle" from Google.

Using "Remote" Voice Biometrics

We've evaluated the "local" side of the equation, now it's time to look at leveraging voice biometric processing that is "remote" from the smartphone. It's hard to argue against all the benefits of localizing voice biometrics to the device itself. However, there are distinct advantages to the remote approach.

Remote Advantages:

• Feature Access.  There are many valuable and sophisticated features that are difficult, if not impossible, to put on-device. Having remote voice biometrics processing gives you access to a richer feature set.
• Low Latency.  Remote performance will never be as good as local performance. However, with 4G and now 5G networks becoming more mainstream, remote voice biometric services are near-instant in response time.
• Centralized Credentials.  The flip side to the argument for decentralized credentials: it's easier to lock down, monitor, maintain, and upgrade credentials if they are all centrally located.
• Easier Development.  The mobile application footprint for remote voice biometrics is limited to the UI and capturing audio -- basic smartphone functions. So, development complexity, frequent application updates, and other maintenance and support hassles are greatly reduced.
• Reusable Credentials.  The flip side to not sharing credentials across applications: it can make a lot of sense to leverage centrally managed voice biometric services across IVR systems, call center systems, enterprise apps, mobile apps, etc. There is no need to manage different credentials for the same customer who wants to use different contact channels.

Development Tools

With a simpler development requirement, the choice of development tools is greatly expanded. In fact, it can make a lot of sense to use a cross-platform development framework. These can provide excellent results, with no loss of functionality or user experience.

Some Cross-Platform Tools:

• React Native.  VBG built it's VBG Authenticator™ using React Native. We'll even give customers our source code under certain circumstances.
• Flutter.  Another excellent choice that offers similar performance and flexibility as React Native.
• PhoneGap.  VBG has a full-featured mobile app for all of our active use cases, developed in jQueryMobile and PhoneGap.

Remote Application Example

As noted above, VBG developed a fully functioning voice biometrics app that leverages remote voice biometrics processing. More specifically, our app is coded using jQuery Mobile and PhoneGap and uses our RESTful API to communicate with VBG Pro™, our subscription-based voice biometrics service operating in VBG's data center. The app supports every active use case VBG support, and some example screenshots appear below:

Home Screen

Enroll Sample OK Screen

Verify Success Screen

What Does the App Do?

The VBG demo app is fully developed -- it contains best practices surrounding all key functions available in VBG Pro™. Key features:

• Core Functions.  The app supports enrollment and re-enrollment (creating a voiceprint), as well as verification. It works for RandomPIN™, Static Text Passphrases, and Static Numeric Passphrases -- and for any language we support.
• Audio Quality Assessment.  Because it uses remote audio processing, we are able to leverage our suite of audio quality assessment tools, ensuring that speech samples are of adequate quality to use for voice biometrics..
• Automatic Speech Recognition.  Also included is ASR for all languages we support. For active use cases, we can help to ensure that the user repeated exactly what we asked them to repeat..
• Fraud and Spoof Detection.  We're also able to access more sophisticated functionality, simply, and easily.
• Verification Decision.  The ultimate use of the app is to have the person confirm their identity; VBG's scoring supports a pass/fail result.

What Doesn't the App Do?

The VBG demo app is best thought of as a "starter application". It does everything you need from a voice biometric functionality standpoint, but nothing else. The "something else" is up to each developer.

For instance, what is the purpose of the app in the first place? Are you trying to unlock the phone? Are you trying to protect a gallery of pictures or access to other data or features? Something else?

Our intention was to provide the app to clients and allow them to incorporate all the pre-built functionality into their main application. We weren't trying to build an app with a specific purpose.

A Final Note

For developers or those more technically inclined who were hoping to see what coding would be like with VBG technology, please check out our Are You a Developer? article in this series. You'll get a much better feeling for our system and API there.

But please note that the VBG Platform has been developed to be very flexible and easy to use. For instance, once you become familiar with our basic RESTful API, you can develop for any environment -- IVR system, call center system, mobile apps, enterprise apps, IoT devices, etc.