US20140330568A1 - System and method for auditory captchas - Google Patents

System and method for auditory captchas Download PDF

Info

Publication number
US20140330568A1
US20140330568A1 US14/337,332 US201414337332A US2014330568A1 US 20140330568 A1 US20140330568 A1 US 20140330568A1 US 201414337332 A US201414337332 A US 201414337332A US 2014330568 A1 US2014330568 A1 US 2014330568A1
Authority
US
United States
Prior art keywords
audible
word
audio streams
multiple audio
challenge
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/337,332
Inventor
Steven Hart Lewis
John Baldasare
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nuance Communications Inc
Original Assignee
AT&T Intellectual Property I LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by AT&T Intellectual Property I LP filed Critical AT&T Intellectual Property I LP
Priority to US14/337,332 priority Critical patent/US20140330568A1/en
Assigned to AT&T INTELLECTUAL PROPERTY I, L.P. reassignment AT&T INTELLECTUAL PROPERTY I, L.P. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BALDASARE, JOHN, LEWIS, STEVEN HART
Publication of US20140330568A1 publication Critical patent/US20140330568A1/en
Assigned to NUANCE COMMUNICATIONS, INC. reassignment NUANCE COMMUNICATIONS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AT&T INTELLECTUAL PROPERTY I, L.P.
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS OR SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING; SPEECH OR AUDIO CODING OR DECODING
    • G10L17/00Speaker identification or verification
    • G10L17/22Interactive procedures; Man-machine interfaces
    • G10L17/24Interactive procedures; Man-machine interfaces the user being prompted to utter a password or a predefined phrase
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS OR SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING; SPEECH OR AUDIO CODING OR DECODING
    • G10L15/00Speech recognition
    • G10L15/26Speech to text systems
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS OR SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING; SPEECH OR AUDIO CODING OR DECODING
    • G10L15/00Speech recognition
    • G10L15/22Procedures used during a speech recognition process, e.g. man-machine dialogue
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS OR SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING; SPEECH OR AUDIO CODING OR DECODING
    • G10L17/00Speaker identification or verification
    • G10L17/005

Definitions

  • the present invention relates to user verification and more specifically to auditory verification of a human user.
  • Computer systems are capable of mimicking human interactions with other computers.
  • One computer can be programmed to fill in forms, submit those forms, and generally behave in an automated way to accomplish certain tasks, especially in on-line forums like bulletin boards, blogs, online polls, commerce sites, and so forth. While many such automation tasks are benign and even helpful, the same technology can be used to automate fraud and/or attacks.
  • CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart, or CAPTCHA
  • a CAPTCHA is an image designed to be difficult or impossible to solve in an automated way, but also designed so that most humans can solve the CAPTCHA.
  • An ideal CAPTCHA also retains these two attributes even after many websites implement it.
  • a CAPTCHA graphic usually contains numbers, letters, or some combination of characters.
  • a visual CAPTCHA further employs one or more of the following techniques to alter the text in order to frustrate would-be automated attacks: warping, distorting the background, adding noise, crowding characters together, etc. These techniques make optical character recognition (OCR) difficult or impossible, but must not distort the text to the point that a human would also be unable to understand the CAPTCHA contents.
  • OCR optical character recognition
  • CAPTCHA creators and would-be attackers using OCR find themselves in a continuing arms race.
  • CAPTCHA creators find a new way to stump automated attacks and attackers work quickly to find a way to work around the problem.
  • Some notable victims in the CAPTCHA arms race who have had their CAPTCHA technology compromised are online heavyweights such as Yahoo, Paypal, Microsoft, and Google.
  • Even successful CAPTCHAs are susceptible to circumvention by means of paying humans in third world countries pennies for each completed CAPTCHA.
  • the method includes determining that a human verification is needed, presenting an audible challenge to a user which exploits a known issue with automatic speech recognition processes, receiving a response to the audible challenge, and verifying that a human provided the response.
  • the known issue with automatic speech recognition processes can be recognition of a non-word, in which case the user can be asked to repeat back or spell the recognized non-word.
  • the known issue with automatic speech recognition processes can be differentiation of simultaneous input for multiple audio streams. Multiple audio streams contained in the audible challenge can be provided monaurally. Verifying that a human provided the response can include confirming the contents of one of the multiple audio streams.
  • Audible human verification can be performed in combination with visual human verification.
  • An analogous visual concept is known as a Completely Automated Public Turing Test to tell Computers and Humans Apart, or CAPTCHA.
  • CAPTCHAs One purpose of CAPTCHAs is to prevent automated abuse of publicly available websites.
  • OCR optical character recognition
  • FIG. 1 illustrates an example system embodiment
  • FIG. 2 illustrates a functional block diagram of an exemplary natural language spoken dialog system
  • FIG. 3 illustrates an example method embodiment
  • FIG. 4 illustrates an example system embodiment
  • FIG. 5A illustrates a steady wave form
  • FIG. 5B illustrates an increasing wave form
  • FIG. 5C illustrates the sum of the steady and increasing wave forms
  • FIG. 6A illustrates speech wave form 1 ;
  • FIG. 6B illustrates speech wave form 2 .
  • FIG. 6C illustrates the sum of the speech wave forms 1 and 2 .
  • an exemplary system includes a general-purpose computing device 100 , including a processing unit (CPU) 120 and a system bus 110 that couples various system components including the system memory such as read only memory (ROM) 140 and random access memory (RAM) 150 to the processing unit 120 .
  • system memory 130 may be available for use as well.
  • the system bus 110 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures.
  • a basic input/output (BIOS) stored in ROM 140 or the like may provide the basic routine that helps to transfer information between elements within the computing device 100 , such as during start-up.
  • the computing device 100 further includes storage devices such as a hard disk drive 160 , a magnetic disk drive, an optical disk drive, tape drive or the like.
  • the storage device 160 is connected to the system bus 110 by a drive interface.
  • the drives and the associated computer readable media provide nonvolatile storage of computer readable instructions, data structures, program modules and other data for the computing device 100 .
  • a hardware module that performs a particular function includes the software component stored in a tangible computer-readable medium in connection with the necessary hardware components, such as the CPU, bus, display, and so forth, to carry out the function.
  • the basic components are known to those of skill in the art and appropriate variations are contemplated depending on the type of device, such as whether the device is a small, handheld computing device, a desktop computer, or a computer server.
  • an input device 190 represents any number of input mechanisms, such as a microphone for speech, a touch-sensitive screen for gesture or graphical input, keyboard, mouse, motion input, speech and so forth.
  • the input may be used by the presenter to indicate the beginning of a speech search query.
  • the device output 170 can also be one or more of a number of output mechanisms known to those of skill in the art.
  • multimodal systems enable a user to provide multiple types of input to communicate with the computing device 100 .
  • the communications interface 180 generally governs and manages the user input and system output. There is no restriction on the invention operating on any particular hardware arrangement and therefore the basic features here may easily be substituted for improved hardware or firmware arrangements as they are developed.
  • the illustrative system embodiment is presented as comprising individual functional blocks (including functional blocks labeled as a “processor”).
  • the functions these blocks represent may be provided through the use of either shared or dedicated hardware, including, but not limited to, hardware capable of executing software.
  • the functions of one or more processors presented in FIG. 1 may be provided by a single shared processor or multiple processors.
  • Illustrative embodiments may comprise microprocessor and/or digital signal processor (DSP) hardware, read-only memory (ROM) for storing software performing the operations discussed below, and random access memory (RAM) for storing results.
  • DSP digital signal processor
  • ROM read-only memory
  • RAM random access memory
  • VLSI Very large scale integration
  • the logical operations of the various embodiments are implemented as: (1) a sequence of computer implemented steps, operations, or procedures running on a programmable circuit within a general use computer, (2) a sequence of computer implemented steps, operations, or procedures running on a specific-use programmable circuit; and/or (3) interconnected machine modules or program engines within the programmable circuits.
  • FIG. 2 illustrates a functional block diagram of an exemplary natural language spoken dialog system.
  • the principles of enriched spoken language translation described herein can be implemented as a part of or operate in connection with a natural spoken language dialog system to provide, for example, real-time translation of speech in an automated natural speech interface via telephone.
  • a spoken dialog system which is tuned to pick up on and understand prosodically prominent segments of speech can still be effective with foreign languages processed through a translation module.
  • Spoken dialog systems aim to identify intents of humans, expressed in natural language, and take actions accordingly, to satisfy their requests.
  • Natural language spoken dialog system 200 may include an automatic speech recognition (ASR) module 202 , a spoken language understanding (SLU) module 204 , a dialog management (DM) module 206 , a spoken language generation (SLG) module 208 , and synthesizing module 210 .
  • the synthesizing module may be any type of speech output module. For example, it may be a module wherein one of a plurality of prerecorded speech segments is selected and played to a user. Thus, the synthesizing module represents any type of speech output.
  • the present invention focuses on innovations related to the dialog management module 206 and may also relate to other components of the dialog system.
  • ASR module 202 may analyze speech input and may provide a transcription of the speech input as output.
  • SLU module 204 may receive the transcribed input and may use a natural language understanding model to analyze the group of words that are included in the transcribed input to derive a meaning from the input.
  • the role of DM module 206 is to interact in a natural way and help the user to achieve the task that the system is designed to support.
  • DM module 206 may receive the meaning of the speech input from SLU module 204 and may determine an action, such as, for example, providing a response, based on the input.
  • SLG module 208 may generate a transcription of one or more words in response to the action provided by DM 206 .
  • Synthesizing module 210 may receive the transcription as input and may provide generated audible speech as output based on the transcribed speech.
  • the modules of system 200 may recognize speech input, such as speech utterances, may transcribe the speech input, may identify (or understand) the meaning of the transcribed speech, may determine an appropriate response to the speech input, may generate text of the appropriate response and from that text, may generate audible “speech” from system 200 , which the user then hears. In this manner, the user can carry on a natural language dialog with system 200 .
  • speech input such as speech utterances
  • the modules of system 200 may operate independent of a full dialog system.
  • a computing device such as a smartphone (or any processing device having a phone capability) may have an ASR module wherein a user may say “call mom” and the smartphone may act on the instruction without a “spoken dialog.”
  • FIG. 3 illustrates an example method embodiment.
  • the method includes first determining that a human verification is needed ( 302 ).
  • a system with a telephone-based interface can make such a determination.
  • a web-based system can also decide to employ an auditory CAPTCHA through a computer speaker, a microphone, a keyboard, and/or mouse.
  • the bank's system can decide that it needs to verify that the caller is a person, not an automated attacker.
  • a human determination can be provided in addition to and/or in combination with other security measures. For instance, while the caller to the bank has likely already entered account information and provided sufficient means of identification, the human verification can prevent would-be identity thieves from committing automated abuse of the bank's speech-based interface with stolen information.
  • Auditory CAPTCHAs can be combined with voice authorization security measures known commonly as speaker verification.
  • a spoken response to an auditory CAPTCHA can be retained and compared to an authorized speech sample to verify that not only is the speaker a human, but that the speaker is a particular, authorized human. This particular aspect may be useful in conjunction with automated credit card transactions over the phone.
  • Auditory CAPTCHAs can also be combined with security through something a speaker knows.
  • An auditory CAPTCHA can prompt a voice response that serves two purposes. First, the voice response can demonstrate that a person, and not an automated system, is providing the voice response. Second, the voice response can demonstrate that the person knows a particular piece of information such as a password, passphrase, operator ID, etc. Such a prompt could contain two voices, for example one female and one male, one of which prompts the user “Please state the color of the sky followed by your passphrase.” The voice response can then not only verify that the response comes from a person because she can pick out the prompt from two voices, but can also respond to the question and provide a valid passphrase. Combinations with other security techniques exist and should be readily apparent to one of skill in the art.
  • the method includes presenting an audible challenge to a user which exploits a known issue with automatic speech recognition processes ( 304 ).
  • Two primary known issues with automatic speech recognition are easily exploitable. Other issues with ASR processes exist and may be exploited in their own unique ways. Two primary issues are discussed by way of example, but should not be considered limiting of the scope of the invention.
  • the first known issue is recognition of a non-word. As non-words are not in an ASR grammar, a computer system or automated ASR bot would not recognize such a non-word, whereas a person would have no problem recognizing a non-word and conjecturing as to a likely spelling. Some examples of non-words are “clammage”, “brillig”, “poiled”, “skring”, etc.
  • One way to demonstrate recognition of a non-word is to require a listener to spell the recognized non-word.
  • One approach to verify spelling is to provide a table of acceptable spellings for each non-word. For instance, a user who is asked to spell “clammage” may think it is etymologically similar to “rummage” and spell it with two Ms, or she may think it is similar to the word “damage” and spell it with one M.
  • a table of spellings includes satisfactory variations.
  • the second known issue in ASR systems is differentiation of simultaneous input for multiple audio streams.
  • the multiple audio streams can be, for example, a male and a female voice, or an adult's and a child's voice, speaking different things at the same time.
  • ASR technology is currently incapable of segregating two or more simultaneous auditory streams, but this is a trivial task for the human ear and brain.
  • the audible challenge is provided in digital form such as an MP3 file
  • the multiple audio streams contained in the audible challenge can be provided monaurally in a single, merged structure.
  • An automated attack to defeat an audio CAPTCHA with multiple streams could easily separate out tracks, such as stereo track information.
  • a monaural digital file contains only one track which is not easily divisible, if at all.
  • a CAPTCHA could include two simultaneous audio streams which say different words, one a real word and the other a non-word. The user can be asked to identify and spell the non-word. In this manner, two nearly impossible hurdles are presented for an ASR system, while a person can easily discern the two words, identify the non-word, and formulate a possible spelling.
  • Other ASR issues can be discovered and combined with known issues. As ASR technology advances, issues can shift, alter, disappear, and reappear in various forms. It is anticipated that audio CAPTCHAs will evolve along with issues in the current level of ASR technology.
  • the method includes receiving a response to the audible challenge ( 306 ).
  • a user or an automated system provides a response to the audible challenge.
  • the response can be speech, button presses, typed words, mouse clicks, silence, an uploaded file or any other suitable type of input.
  • the method includes verifying that a human provided the response ( 308 ).
  • verifying that a human provided the response can include confirming the contents of one or more of the multiple audio streams or answering a question about the contents of one or more of the multiple audio streams.
  • verifying that a human provided the response can include checking a spoken or typed spelling of a word against a database of acceptable spellings.
  • the audible human verification described herein can be performed in combination with graphical CAPTCHAs or other human verification schemes.
  • both the audible and visual CAPTCHAs are related and integral to each other, so that one or the other is unusable without the other.
  • a visual CAPTCHA can be presented that is severely distorted and nearly impossible for a human to read.
  • a clue is provided to allow a human to understand the visual CAPTCHA. In this way, a dual-factor test for a human is applied so that even if a machine is able to decode one or the other, the entire scheme is not compromised.
  • a telephone caller can initiate human verification to verify that the other party is a person. For example, a homeowner can establish an audio CAPTCHA to “guard” her home phone line. Every caller to the homeowner must pass an audio CAPTCHA to gain access and place a call. While this may be a slight annoyance to many human callers, the homeowner can balance that slight annoyance with the desire to avoid calls from automated systems. Alternately, the homeowner can provide a whitelist of numbers which are not subject to the audio CAPTCHA while all other numbers must pass the audio CAPTCHA to place a call. Such a CAPTCHA can be modified even further to ensure that the caller is not only a human, but a human who knows the homeowner.
  • one of the audio streams may be the homeowner's voice.
  • the question of the CAPTCHA could ask, “Is the homeowner's voice one of the voices presented?” or “What is the homeowner saying in this clip?” In this way, not only are automated telemarketers blocked from making calls, but also humans who are unfamiliar with the homeowner's voice, such as human telemarketers.
  • FIG. 4 illustrates an example system embodiment.
  • An example audio CAPTCHA system 400 accepts telephone calls from callers using landlines 402 , callers using cellular phones 404 , callers using VoIP software on a personal computer 406 , and computers 408 by themselves via modem or other devices capable of communicating via a telephone connection.
  • a typical audio CAPTCHA system contains a telephone interface module 410 to interact with callers via ASR. In the case of a computer calling by itself, the CAPTCHA system ASR is actually interacting with another ASR designed to attack or spoof the system. While a telephone interface module is shown, the audio CAPTCHA system could be implemented as part of a web server which does not include phone lines at all.
  • the telephone interface module 410 is coupled with a primary system 412 to provide some benefit to callers.
  • primary systems include systems to provide access to banking, appointment scheduling, telephonic voting, web sites, online commerce, technical support, insurance claims filing, bill payment, etc. Auditory CAPTCHAs can be applied to almost any currently existing primary system 412 which is accessible via telephone.
  • the primary system 412 determines that human verification is needed, it signals the CAPTCHA module 414 .
  • the CAPTCHA module 414 is shown as connected to the telephone interface module, but it may be connected to the primary system 412 in addition or it may be connected only to the primary system 412 .
  • the CAPTCHA module 414 or the primary system 412 can determine which type of audible challenge to present to the user. In this figure, two types of audible challenges are illustrated: spelling a non-word and understanding a portion of a multi-stream audio signal.
  • the CAPTCHA module 414 retrieves a non-word, such as “skring”, and associated spellings, such as “s-k-r-i-n-g, s-c-r-i-n-g, s-c-r-e-e-n-g” from the database of non-words and spellings 416 .
  • the CAPTCHA module 414 transmits that information to the telephone interface module 410 which prepares and presents the audible CAPTCHA to the intended user, such as “Spell the imaginary word ‘skring’.”
  • the user responds to the audible challenge with a spelling, such as “S-C-R-I-N-G”.
  • the telephone interface module 410 converts the user's response and transmits it to the CAPTCHA module 414 .
  • the CAPTCHA module 414 verifies the response then signals to the primary system 412 whether the user is approved or not.
  • the CAPTCHA module 414 can retrieve multiple audio streams from the database of individual audio streams 418 and combine them on the fly. Alternatively, the CAPTCHA module 414 can retrieve pre-combined streams from a database of combined audio streams 420 . These two databases 418 , 420 can also include associated meaning information such as strings, key words, key phrases, answers to questions in the audio streams, etc.
  • the CAPTCHA module 414 transmits the stream or streams to the telephone interface module 410 which prepares and presents the audible CAPTCHA to the intended user, such as “Please listen to the following audio clip. Afterwards, please answer the question asked by the male speaker.”
  • the audio clip contains two voices speaking simultaneously, a female and a male.
  • the telephone interface module 410 converts the received response and transmits it to the CAPTCHA module 414 .
  • the CAPTCHA module 414 verifies the response then signals to the primary system 412 whether the user is approved or not. Connections shown in FIG. 4 may be direct wired connections, wireless connections, packet-based communications over a network such as the Internet, etc.
  • FIGS. 5A , 5 B, and 5 C illustrate waveforms of two dissimilar tones and how they can be combined.
  • FIG. 5A illustrates a steady wave form. Such a wave form is consistent with a steady tone, such as a steady beeping noise. The relatively long wavelength means this wave is a lower pitch.
  • FIG. 5B illustrates a wave form which is increasing in amplitude. Such a wave form is consistent with a steady tone that is increasing in volume. The relatively short wavelength means this wave is a higher pitch.
  • FIG. 5C illustrates the sum of the steady and increasing wave forms.
  • FIG. 5C demonstrates the fundamental principle of how to combine waveforms. It is a simple example of how distorted a sum of two signals can become, even when the source signals are “pure” and mathematically simple to express.
  • FIGS. 6A , 6 B, and 6 C show how combining multiple audio signals containing speech generates a sum wave that is nearly impossible for a computer to separate into its constituent elements.
  • FIG. 6A illustrates speech wave form 1 . It is not consistent or cyclical as shown in FIG. 5A and 5B . It contains many quiet periods of no speech. It contains waves of varying wavelengths, amplitudes, and frequencies. Overall, it is very representative of the relative low-level chaos of wave forms of conversational speech.
  • FIG. 6B illustrates speech wave form 2 . Wave form 2 demonstrates a very different type of wave with different patterns, but still very representative of speech-based waves.
  • FIG. 6C illustrates the sum of the speech wave forms 1 and 2 .
  • a computer-based ASR system is only able to differentiate where one wave form ends and the other one begins with great difficulty, if at all. Such a task is trivial for a human being, however. Humans are able to process and comprehend the wave forms at a very high level without thought about the individual wave forms, whereas a computer is limited to a wave form analysis for understanding of the wave form. This weakness is well known in ASR systems.
  • a wave form like FIG. 6C is capable of straightforward resolution by a person, but not by a computer.
  • Embodiments within the scope of the present invention may also include computer-readable media for carrying or having computer-executable instructions or data structures stored thereon.
  • Such computer-readable media can be any available media that can be accessed by a general purpose or special purpose computer.
  • Such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store desired program code means in the form of computer-executable instructions or data structures.
  • a network or another communications connection either hardwired, wireless, or combination thereof
  • any such connection is properly termed a computer-readable medium. Combinations of the above should also be included within the scope of the computer-readable media.
  • Computer-executable instructions include, for example, instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions.
  • Computer-executable instructions also include program modules that are executed by computers in stand-alone or network environments.
  • program modules include routines, programs, objects, components, and data structures, etc. that perform particular tasks or implement particular abstract data types.
  • Computer-executable instructions, associated data structures, and program modules represent examples of the program code means for executing steps of the methods disclosed herein. The particular sequence of such executable instructions or associated data structures represents examples of corresponding acts for implementing the functions described in such steps.
  • Embodiments of the invention may be practiced in network computing environments with many types of computer system configurations, including personal computers, hand-held devices, multi-processor systems, microprocessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers, and the like. Embodiments may also be practiced in distributed computing environments where tasks are performed by local and remote processing devices that are linked (either by hardwired links, wireless links, or by a combination thereof) through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.

Abstract

Disclosed herein are systems, methods, and computer readable-media for performing an audible human verification. The method includes determining that a human verification is needed, presenting an audible challenge to a user which exploits a known issue with automatic speech recognition processes, receiving a response to the audible challenge, and verifying that a human provided the response. The known issue with automatic speech recognition processes can be recognition of a non-word, in which case the user can be asked to spell the recognized non-word. The known issue with automatic speech recognition processes can be differentiation of simultaneous input for multiple audio streams. Multiple audio streams contained in the audible challenge can be provided monaurally. Verifying that a human provided the response can include confirming the contents of one of the multiple audio streams. Audible human verification can be performed in combination with visual human verification.

Description

    PRIORITY
  • The present application is a continuation of U.S. patent application Ser. No. 12/197,503, filed Aug. 25, 2008, the content of which is incorporated herein by reference in its entirety.
    • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention relates to user verification and more specifically to auditory verification of a human user.
  • 2. Introduction
  • Computer systems are capable of mimicking human interactions with other computers. One computer can be programmed to fill in forms, submit those forms, and generally behave in an automated way to accomplish certain tasks, especially in on-line forums like bulletin boards, blogs, online polls, commerce sites, and so forth. While many such automation tasks are benign and even helpful, the same technology can be used to automate fraud and/or attacks. In response to increasing automated attacks, the concept of a Completely Automated Public Turing test to tell Computers and Humans Apart, or CAPTCHA, was conceived. A CAPTCHA is an image designed to be difficult or impossible to solve in an automated way, but also designed so that most humans can solve the CAPTCHA. An ideal CAPTCHA also retains these two attributes even after many websites implement it.
  • A CAPTCHA graphic usually contains numbers, letters, or some combination of characters. Typically a visual CAPTCHA further employs one or more of the following techniques to alter the text in order to frustrate would-be automated attacks: warping, distorting the background, adding noise, crowding characters together, etc. These techniques make optical character recognition (OCR) difficult or impossible, but must not distort the text to the point that a human would also be unable to understand the CAPTCHA contents. In fact, one of the early attempts at CAPTCHAs intentionally exploited known problems in OCR systems by simulating situations that scanner manuals claimed resulted in faulty OCR. Attackers quickly adapted and were able to defeat early rudimentary CAPTCHA technology.
  • As computing power and OCR technology advances, CAPTCHA creators and would-be attackers using OCR find themselves in a continuing arms race. CAPTCHA creators find a new way to stump automated attacks and attackers work quickly to find a way to work around the problem. Some notable victims in the CAPTCHA arms race who have had their CAPTCHA technology compromised are online heavyweights such as Yahoo, Paypal, Microsoft, and Google. Even successful CAPTCHAs are susceptible to circumvention by means of paying humans in third world countries pennies for each completed CAPTCHA.
  • With recent discoveries and advancements in automated speech synthesis and recognition, automated interactions are now rapidly spreading to telephone-based interfaces. Automated attacks encountered on the web are now finding their way into automated telephone interfaces. However, the traditional CAPTCHAs which were designed to prevent and/or slow down automated attacks are graphics based. Telephone systems are not typically capable of displaying images, so the graphical CAPTCHA approach is not applicable. An audible CAPTCHA is the only solution universally applicable to all telephones. Efforts to date to create an audible CAPTCHA system simply extend the visual metaphor of degrading the stimulus by adding noise, but such noise is easily filtered out with the help of computer software. Accordingly, what is needed in the art is an improved way to tell humans apart from computers based on audible CAPTCHAs.
    • SUMMARY
  • Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The features and advantages of the invention may be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. These and other features of the present invention will become more fully apparent from the following description and appended claims, or may be learned by the practice of the invention as set forth herein.
  • Disclosed are systems, methods, and tangible computer readable-media for performing an audible human verification. The method includes determining that a human verification is needed, presenting an audible challenge to a user which exploits a known issue with automatic speech recognition processes, receiving a response to the audible challenge, and verifying that a human provided the response. The known issue with automatic speech recognition processes can be recognition of a non-word, in which case the user can be asked to repeat back or spell the recognized non-word. The known issue with automatic speech recognition processes can be differentiation of simultaneous input for multiple audio streams. Multiple audio streams contained in the audible challenge can be provided monaurally. Verifying that a human provided the response can include confirming the contents of one of the multiple audio streams. Audible human verification can be performed in combination with visual human verification. An analogous visual concept is known as a Completely Automated Public Turing Test to tell Computers and Humans Apart, or CAPTCHA. One purpose of CAPTCHAs is to prevent automated abuse of publicly available websites. Many forms of visual CAPTCHAs exist and are constantly refined in response to improving optical character recognition (OCR) technology. This disclosure addresses the need in the auditory field for improved audible CAPTCHAs where more traditional graphical CAPTCHAs are impractical, ineffective, or inadequate.
  • Since the likely and most common computer processing used to answer auditory challenges is ASR, both disclosed approaches leverage the unique advantages of humans as sensory processors over current capabilities of ASR systems.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • In order to describe the manner in which the above-recited and other advantages and features of the invention can be obtained, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. Understanding that these drawings depict only exemplary embodiments of the invention and are not therefore to be considered to be limiting of its scope, the invention will be described and explained with additional specificity and detail through the use of the accompanying drawings in which:
  • FIG. 1 illustrates an example system embodiment;
  • FIG. 2 illustrates a functional block diagram of an exemplary natural language spoken dialog system;
  • FIG. 3 illustrates an example method embodiment;
  • FIG. 4 illustrates an example system embodiment;
  • FIG. 5A illustrates a steady wave form;
  • FIG. 5B illustrates an increasing wave form;
  • FIG. 5C illustrates the sum of the steady and increasing wave forms;
  • FIG. 6A illustrates speech wave form 1;
  • FIG. 6B illustrates speech wave form 2; and
  • FIG. 6C illustrates the sum of the speech wave forms 1 and 2.
    •  DETAILED DESCRIPTION
  • Various embodiments of the invention are discussed in detail below. While specific implementations are discussed, it should be understood that this is done for illustration purposes only. A person skilled in the relevant art will recognize that other components and configurations may be used without parting from the spirit and scope of the invention.
  • With reference to FIG. 1, an exemplary system includes a general-purpose computing device 100, including a processing unit (CPU) 120 and a system bus 110 that couples various system components including the system memory such as read only memory (ROM) 140 and random access memory (RAM) 150 to the processing unit 120. Other system memory 130 may be available for use as well. It can be appreciated that the invention may operate on a computing device with more than one CPU 120 or on a group or cluster of computing devices networked together to provide greater processing capability. The system bus 110 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. A basic input/output (BIOS) stored in ROM 140 or the like, may provide the basic routine that helps to transfer information between elements within the computing device 100, such as during start-up. The computing device 100 further includes storage devices such as a hard disk drive 160, a magnetic disk drive, an optical disk drive, tape drive or the like. The storage device 160 is connected to the system bus 110 by a drive interface. The drives and the associated computer readable media provide nonvolatile storage of computer readable instructions, data structures, program modules and other data for the computing device 100. In one aspect, a hardware module that performs a particular function includes the software component stored in a tangible computer-readable medium in connection with the necessary hardware components, such as the CPU, bus, display, and so forth, to carry out the function. The basic components are known to those of skill in the art and appropriate variations are contemplated depending on the type of device, such as whether the device is a small, handheld computing device, a desktop computer, or a computer server.
  • Although the exemplary environment described herein employs the hard disk, it should be appreciated by those skilled in the art that other types of computer readable media which can store data that are accessible by a computer, such as magnetic cassettes, flash memory cards, digital versatile disks, cartridges, random access memories (RAMs), read only memory (ROM), a cable or wireless signal containing a bit stream and the like, may also be used in the exemplary operating environment.
  • To enable user interaction with the computing device 100, an input device 190 represents any number of input mechanisms, such as a microphone for speech, a touch-sensitive screen for gesture or graphical input, keyboard, mouse, motion input, speech and so forth. The input may be used by the presenter to indicate the beginning of a speech search query. The device output 170 can also be one or more of a number of output mechanisms known to those of skill in the art. In some instances, multimodal systems enable a user to provide multiple types of input to communicate with the computing device 100. The communications interface 180 generally governs and manages the user input and system output. There is no restriction on the invention operating on any particular hardware arrangement and therefore the basic features here may easily be substituted for improved hardware or firmware arrangements as they are developed.
  • For clarity of explanation, the illustrative system embodiment is presented as comprising individual functional blocks (including functional blocks labeled as a “processor”). The functions these blocks represent may be provided through the use of either shared or dedicated hardware, including, but not limited to, hardware capable of executing software. For example the functions of one or more processors presented in FIG. 1 may be provided by a single shared processor or multiple processors. (Use of the term “processor” should not be construed to refer exclusively to hardware capable of executing software.) Illustrative embodiments may comprise microprocessor and/or digital signal processor (DSP) hardware, read-only memory (ROM) for storing software performing the operations discussed below, and random access memory (RAM) for storing results. Very large scale integration (VLSI) hardware embodiments, as well as custom VLSI circuitry in combination with a general purpose DSP circuit, may also be provided.
  • The logical operations of the various embodiments are implemented as: (1) a sequence of computer implemented steps, operations, or procedures running on a programmable circuit within a general use computer, (2) a sequence of computer implemented steps, operations, or procedures running on a specific-use programmable circuit; and/or (3) interconnected machine modules or program engines within the programmable circuits.
  • FIG. 2 illustrates a functional block diagram of an exemplary natural language spoken dialog system. The principles of enriched spoken language translation described herein can be implemented as a part of or operate in connection with a natural spoken language dialog system to provide, for example, real-time translation of speech in an automated natural speech interface via telephone. In this manner, a spoken dialog system which is tuned to pick up on and understand prosodically prominent segments of speech can still be effective with foreign languages processed through a translation module. Spoken dialog systems aim to identify intents of humans, expressed in natural language, and take actions accordingly, to satisfy their requests. Natural language spoken dialog system 200 may include an automatic speech recognition (ASR) module 202, a spoken language understanding (SLU) module 204, a dialog management (DM) module 206, a spoken language generation (SLG) module 208, and synthesizing module 210. The synthesizing module may be any type of speech output module. For example, it may be a module wherein one of a plurality of prerecorded speech segments is selected and played to a user. Thus, the synthesizing module represents any type of speech output. The present invention focuses on innovations related to the dialog management module 206 and may also relate to other components of the dialog system.
  • ASR module 202 may analyze speech input and may provide a transcription of the speech input as output. SLU module 204 may receive the transcribed input and may use a natural language understanding model to analyze the group of words that are included in the transcribed input to derive a meaning from the input. The role of DM module 206 is to interact in a natural way and help the user to achieve the task that the system is designed to support. DM module 206 may receive the meaning of the speech input from SLU module 204 and may determine an action, such as, for example, providing a response, based on the input. SLG module 208 may generate a transcription of one or more words in response to the action provided by DM 206. Synthesizing module 210 may receive the transcription as input and may provide generated audible speech as output based on the transcribed speech.
  • Thus, the modules of system 200 may recognize speech input, such as speech utterances, may transcribe the speech input, may identify (or understand) the meaning of the transcribed speech, may determine an appropriate response to the speech input, may generate text of the appropriate response and from that text, may generate audible “speech” from system 200, which the user then hears. In this manner, the user can carry on a natural language dialog with system 200. Those of ordinary skill in the art will understand the programming languages and means for generating and training ASR module 202 or any of the other modules in the spoken dialog system. Further, the modules of system 200 may operate independent of a full dialog system. For example, a computing device such as a smartphone (or any processing device having a phone capability) may have an ASR module wherein a user may say “call mom” and the smartphone may act on the instruction without a “spoken dialog.”
  • Having discussed these fundamental concepts, the disclosure turns to the exemplary method embodiment, variations, and the remaining figures. One of the primary benefits of the principles described herein is the ability to prevent computer robots from automatically logging in and registering for services by screening them out. FIG. 3 illustrates an example method embodiment. The method includes first determining that a human verification is needed (302). A system with a telephone-based interface can make such a determination. A web-based system can also decide to employ an auditory CAPTCHA through a computer speaker, a microphone, a keyboard, and/or mouse. For example, if a caller is interacting with a speech-based interface for a bank and the caller wants to transfer funds, the bank's system can decide that it needs to verify that the caller is a person, not an automated attacker. A human determination can be provided in addition to and/or in combination with other security measures. For instance, while the caller to the bank has likely already entered account information and provided sufficient means of identification, the human verification can prevent would-be identity thieves from committing automated abuse of the bank's speech-based interface with stolen information.
  • Auditory CAPTCHAs can be combined with voice authorization security measures known commonly as speaker verification. A spoken response to an auditory CAPTCHA can be retained and compared to an authorized speech sample to verify that not only is the speaker a human, but that the speaker is a particular, authorized human. This particular aspect may be useful in conjunction with automated credit card transactions over the phone.
  • Auditory CAPTCHAs can also be combined with security through something a speaker knows. An auditory CAPTCHA can prompt a voice response that serves two purposes. First, the voice response can demonstrate that a person, and not an automated system, is providing the voice response. Second, the voice response can demonstrate that the person knows a particular piece of information such as a password, passphrase, operator ID, etc. Such a prompt could contain two voices, for example one female and one male, one of which prompts the user “Please state the color of the sky followed by your passphrase.” The voice response can then not only verify that the response comes from a person because she can pick out the prompt from two voices, but can also respond to the question and provide a valid passphrase. Combinations with other security techniques exist and should be readily apparent to one of skill in the art.
  • Next the method includes presenting an audible challenge to a user which exploits a known issue with automatic speech recognition processes (304). Two primary known issues with automatic speech recognition are easily exploitable. Other issues with ASR processes exist and may be exploited in their own unique ways. Two primary issues are discussed by way of example, but should not be considered limiting of the scope of the invention. The first known issue is recognition of a non-word. As non-words are not in an ASR grammar, a computer system or automated ASR bot would not recognize such a non-word, whereas a person would have no problem recognizing a non-word and conjecturing as to a likely spelling. Some examples of non-words are “clammage”, “brillig”, “poiled”, “skring”, etc. One way to demonstrate recognition of a non-word is to require a listener to spell the recognized non-word. One approach to verify spelling is to provide a table of acceptable spellings for each non-word. For instance, a user who is asked to spell “clammage” may think it is etymologically similar to “rummage” and spell it with two Ms, or she may think it is similar to the word “damage” and spell it with one M. A table of spellings includes satisfactory variations.
  • The second known issue in ASR systems is differentiation of simultaneous input for multiple audio streams. The multiple audio streams can be, for example, a male and a female voice, or an adult's and a child's voice, speaking different things at the same time. One way to demonstrate recognition and understanding is to simply ask what one of these voices stated. ASR technology is currently incapable of segregating two or more simultaneous auditory streams, but this is a trivial task for the human ear and brain. To prevent obvious attack tricks, if the audible challenge is provided in digital form such as an MP3 file, the multiple audio streams contained in the audible challenge can be provided monaurally in a single, merged structure. An automated attack to defeat an audio CAPTCHA with multiple streams could easily separate out tracks, such as stereo track information. A monaural digital file contains only one track which is not easily divisible, if at all.
  • These two known issues with ASR systems are combinable. For example, a CAPTCHA could include two simultaneous audio streams which say different words, one a real word and the other a non-word. The user can be asked to identify and spell the non-word. In this manner, two nearly impossible hurdles are presented for an ASR system, while a person can easily discern the two words, identify the non-word, and formulate a possible spelling. Other ASR issues can be discovered and combined with known issues. As ASR technology advances, issues can shift, alter, disappear, and reappear in various forms. It is anticipated that audio CAPTCHAs will evolve along with issues in the current level of ASR technology.
  • Next the method includes receiving a response to the audible challenge (306). A user or an automated system provides a response to the audible challenge. The response can be speech, button presses, typed words, mouse clicks, silence, an uploaded file or any other suitable type of input. Finally, the method includes verifying that a human provided the response (308). In the case of multiple audio streams, verifying that a human provided the response can include confirming the contents of one or more of the multiple audio streams or answering a question about the contents of one or more of the multiple audio streams. In the case of non-words, verifying that a human provided the response can include checking a spoken or typed spelling of a word against a database of acceptable spellings.
  • The audible human verification described herein can be performed in combination with graphical CAPTCHAs or other human verification schemes. In some cases, both the audible and visual CAPTCHAs are related and integral to each other, so that one or the other is unusable without the other. For example, a visual CAPTCHA can be presented that is severely distorted and nearly impossible for a human to read. In combination with an audio CAPTCHA as described herein, a clue is provided to allow a human to understand the visual CAPTCHA. In this way, a dual-factor test for a human is applied so that even if a machine is able to decode one or the other, the entire scheme is not compromised.
  • A telephone caller can initiate human verification to verify that the other party is a person. For example, a homeowner can establish an audio CAPTCHA to “guard” her home phone line. Every caller to the homeowner must pass an audio CAPTCHA to gain access and place a call. While this may be a slight annoyance to many human callers, the homeowner can balance that slight annoyance with the desire to avoid calls from automated systems. Alternately, the homeowner can provide a whitelist of numbers which are not subject to the audio CAPTCHA while all other numbers must pass the audio CAPTCHA to place a call. Such a CAPTCHA can be modified even further to ensure that the caller is not only a human, but a human who knows the homeowner. If the audio CAPTCHA is of the multiple audio stream kind, one of the audio streams may be the homeowner's voice. The question of the CAPTCHA could ask, “Is the homeowner's voice one of the voices presented?” or “What is the homeowner saying in this clip?” In this way, not only are automated telemarketers blocked from making calls, but also humans who are unfamiliar with the homeowner's voice, such as human telemarketers.
  • FIG. 4 illustrates an example system embodiment. An example audio CAPTCHA system 400 accepts telephone calls from callers using landlines 402, callers using cellular phones 404, callers using VoIP software on a personal computer 406, and computers 408 by themselves via modem or other devices capable of communicating via a telephone connection. A typical audio CAPTCHA system contains a telephone interface module 410 to interact with callers via ASR. In the case of a computer calling by itself, the CAPTCHA system ASR is actually interacting with another ASR designed to attack or spoof the system. While a telephone interface module is shown, the audio CAPTCHA system could be implemented as part of a web server which does not include phone lines at all. The telephone interface module 410 is coupled with a primary system 412 to provide some benefit to callers. Some examples of primary systems include systems to provide access to banking, appointment scheduling, telephonic voting, web sites, online commerce, technical support, insurance claims filing, bill payment, etc. Auditory CAPTCHAs can be applied to almost any currently existing primary system 412 which is accessible via telephone.
  • When the primary system 412 determines that human verification is needed, it signals the CAPTCHA module 414. The CAPTCHA module 414 is shown as connected to the telephone interface module, but it may be connected to the primary system 412 in addition or it may be connected only to the primary system 412. The CAPTCHA module 414 or the primary system 412 can determine which type of audible challenge to present to the user. In this figure, two types of audible challenges are illustrated: spelling a non-word and understanding a portion of a multi-stream audio signal. In the case of spelling a non-word, the CAPTCHA module 414 retrieves a non-word, such as “skring”, and associated spellings, such as “s-k-r-i-n-g, s-c-r-i-n-g, s-c-r-e-e-n-g” from the database of non-words and spellings 416. The CAPTCHA module 414 transmits that information to the telephone interface module 410 which prepares and presents the audible CAPTCHA to the intended user, such as “Spell the imaginary word ‘skring’.” The user responds to the audible challenge with a spelling, such as “S-C-R-I-N-G”. The telephone interface module 410 converts the user's response and transmits it to the CAPTCHA module 414. The CAPTCHA module 414 verifies the response then signals to the primary system 412 whether the user is approved or not.
  • In the case of understanding a portion of a multi-stream audio signal, the CAPTCHA module 414 can retrieve multiple audio streams from the database of individual audio streams 418 and combine them on the fly. Alternatively, the CAPTCHA module 414 can retrieve pre-combined streams from a database of combined audio streams 420. These two databases 418, 420 can also include associated meaning information such as strings, key words, key phrases, answers to questions in the audio streams, etc. The CAPTCHA module 414 transmits the stream or streams to the telephone interface module 410 which prepares and presents the audible CAPTCHA to the intended user, such as “Please listen to the following audio clip. Afterwards, please answer the question asked by the male speaker.” The audio clip contains two voices speaking simultaneously, a female and a male. The female voice says “What ocean is to the west of South America?” The male voice says “What color is the inside of a watermelon?” A human user can very easily distinguish between the two voices and formulate a correct response, “Red”. An ASR engine would be unable to properly distinguish between the two audio streams and could not respond in a meaningful fashion. The telephone interface module 410 converts the received response and transmits it to the CAPTCHA module 414. The CAPTCHA module 414 verifies the response then signals to the primary system 412 whether the user is approved or not. Connections shown in FIG. 4 may be direct wired connections, wireless connections, packet-based communications over a network such as the Internet, etc.
  • FIGS. 5A, 5B, and 5C illustrate waveforms of two dissimilar tones and how they can be combined. FIG. 5A illustrates a steady wave form. Such a wave form is consistent with a steady tone, such as a steady beeping noise. The relatively long wavelength means this wave is a lower pitch. FIG. 5B illustrates a wave form which is increasing in amplitude. Such a wave form is consistent with a steady tone that is increasing in volume. The relatively short wavelength means this wave is a higher pitch. FIG. 5C illustrates the sum of the steady and increasing wave forms. FIG. 5C demonstrates the fundamental principle of how to combine waveforms. It is a simple example of how distorted a sum of two signals can become, even when the source signals are “pure” and mathematically simple to express.
  • Next, we turn to FIGS. 6A, 6B, and 6C to show how combining multiple audio signals containing speech generates a sum wave that is nearly impossible for a computer to separate into its constituent elements. FIG. 6A illustrates speech wave form 1. It is not consistent or cyclical as shown in FIG. 5A and 5B. It contains many quiet periods of no speech. It contains waves of varying wavelengths, amplitudes, and frequencies. Overall, it is very representative of the relative low-level chaos of wave forms of conversational speech. FIG. 6B illustrates speech wave form 2. Wave form 2 demonstrates a very different type of wave with different patterns, but still very representative of speech-based waves. Speech recognition is a difficult enough on a single voice, but speech recognition becomes a nearly intractable task when two voices are superimposed one on the other. FIG. 6C illustrates the sum of the speech wave forms 1 and 2. As two complex wave forms are combined, the result is a very messy wave form. A computer-based ASR system is only able to differentiate where one wave form ends and the other one begins with great difficulty, if at all. Such a task is trivial for a human being, however. Humans are able to process and comprehend the wave forms at a very high level without thought about the individual wave forms, whereas a computer is limited to a wave form analysis for understanding of the wave form. This weakness is well known in ASR systems. A wave form like FIG. 6C is capable of straightforward resolution by a person, but not by a computer.
  • Embodiments within the scope of the present invention may also include computer-readable media for carrying or having computer-executable instructions or data structures stored thereon. Such computer-readable media can be any available media that can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store desired program code means in the form of computer-executable instructions or data structures. When information is transferred or provided over a network or another communications connection (either hardwired, wireless, or combination thereof) to a computer, the computer properly views the connection as a computer-readable medium. Thus, any such connection is properly termed a computer-readable medium. Combinations of the above should also be included within the scope of the computer-readable media.
  • Computer-executable instructions include, for example, instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions. Computer-executable instructions also include program modules that are executed by computers in stand-alone or network environments. Generally, program modules include routines, programs, objects, components, and data structures, etc. that perform particular tasks or implement particular abstract data types. Computer-executable instructions, associated data structures, and program modules represent examples of the program code means for executing steps of the methods disclosed herein. The particular sequence of such executable instructions or associated data structures represents examples of corresponding acts for implementing the functions described in such steps.
  • Those of skill in the art will appreciate that other embodiments of the invention may be practiced in network computing environments with many types of computer system configurations, including personal computers, hand-held devices, multi-processor systems, microprocessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers, and the like. Embodiments may also be practiced in distributed computing environments where tasks are performed by local and remote processing devices that are linked (either by hardwired links, wireless links, or by a combination thereof) through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
  • The various embodiments described above are provided by way of illustration only and should not be construed to limit the invention. For example, the principles herein may be applied to any telephone-based systems or other auditory communication and computer systems where visual analogue is not possible. Those skilled in the art will readily recognize various modifications and changes that may be made to the present invention without following the example embodiments and applications illustrated and described herein, and without departing from the true spirit and scope of the present invention.

Claims (20)

We claim:
1. A method comprising:
presenting an audible challenge to a user device which exploits a previously detected issue with automatic speech recognition processes, where the audible challenge comprises presenting an audible pronunciation of a non-word pronounced like a single word, wherein the non-word does not exist in a vocabulary of natural languages, and requesting a user of the user device to spell the non-word;
receiving an audible response to the audible challenge; and
verifying an identity of the user based on the audible response.
2. The method of claim 1, wherein the previously detected issue with automatic speech recognition processes further comprises spelling of the non-word.
3. The method of claim 1, further comprising receiving multiple audio streams simultaneously, wherein one of the multiple audio streams is the audible response.
4. The method of claim 3, wherein the previously detected issue with automatic speech recognition processes is differentiation of simultaneous input for the multiple audio streams.
5. The method of claim 3, wherein, when the audible challenge is provided in digital form, the multiple audio streams contained in the audible challenge are provided monaurally.
6. The method of claim 3, wherein verifying the identity of the user comprises analyzing contents of one of the multiple audio streams.
7. The method of claim 1, wherein the audible challenge comprises a plurality of different words, where one of the plurality of different words is the non-word and another of the plurality of different words is a word which exists in the vocabulary of natural languages.
8. A system comprising:
a processor; and
a computer-readable storage medium having instructions stored which, when executed by the processor, cause the processor to perform operations comprise:
presenting an audible challenge to a user device which exploits a previously detected issue with automatic speech recognition processes, where the audible challenge comprises presenting an audible pronunciation of a non-word pronounced like a single word, wherein the non-word does not exist in a vocabulary of natural languages, and requesting a user of the user device to spell the non-word;
receiving an audible response to the audible challenge; and
verifying an identity of the user based on the audible response.
9. The system of claim 8, wherein the previously detected issue with automatic speech recognition processes further comprises spelling of the non-word.
10. The system of claim 8, the computer-readable storage medium having additional instructions stored which result in operations comprising receiving multiple audio streams, wherein one of the multiple audio streams is the audible response.
11. The system of claim 10, wherein the previously detected issue with automatic speech recognition processes is differentiation of simultaneous input for the multiple audio streams.
12. The system of claim 10, wherein, when the audible challenge is provided in digital form, the multiple audio streams contained in the audible challenge are provided monaurally.
13. The system of claim 10, wherein verifying the identity of the user comprises analyzing contents of one of the multiple audio streams.
14. The system of claim 8, wherein the audible challenge comprises a plurality of different words, where one of the plurality of different words is the non-word and another of the plurality of different words is a word which exists in the vocabulary of natural languages.
15. A computer-readable storage device having instructions stored which, when executed by a computing device, cause the computing device to perform operations comprise:
presenting an audible challenge to a user device which exploits a previously detected issue with automatic speech recognition processes, where the audible challenge comprises presenting an audible pronunciation of a non-word pronounced like a single word, wherein the non-word does not exist in a vocabulary of natural languages, and requesting a user of the user device to spell the non-word;
receiving an audible response to the audible challenge; and
verifying an identity of the user based on the audible response.
16. The computer-readable storage device of claim 15, wherein the previously detected issue with automatic speech recognition processes further comprises spelling of the non-word.
17. The computer-readable storage device of claim 15, having additional instructions stored which result in operations comprising receiving multiple audio streams, wherein one of the multiple audio streams is the audible response.
18. The computer-readable storage device of claim 17, wherein the previously detected issue with automatic speech recognition processes is differentiation of simultaneous input for the multiple audio streams.
19. The computer-readable storage device of claim 17, wherein, when the audible challenge is provided in digital form, the multiple audio streams contained in the audible challenge are provided monaurally.
20. The computer-readable storage device of claim 17, wherein verifying the identity of the user comprises analyzing contents of one of the multiple audio streams.
US14/337,332 2008-08-25 2014-07-22 System and method for auditory captchas Abandoned US20140330568A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/337,332 US20140330568A1 (en) 2008-08-25 2014-07-22 System and method for auditory captchas

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/197,503 US8793135B2 (en) 2008-08-25 2008-08-25 System and method for auditory captchas
US14/337,332 US20140330568A1 (en) 2008-08-25 2014-07-22 System and method for auditory captchas

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US12/197,503 Continuation US8793135B2 (en) 2008-08-25 2008-08-25 System and method for auditory captchas

Publications (1)

Publication Number Publication Date
US20140330568A1 true US20140330568A1 (en) 2014-11-06

Family

ID=41697173

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/197,503 Active 2031-10-03 US8793135B2 (en) 2008-08-25 2008-08-25 System and method for auditory captchas
US14/337,332 Abandoned US20140330568A1 (en) 2008-08-25 2014-07-22 System and method for auditory captchas

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US12/197,503 Active 2031-10-03 US8793135B2 (en) 2008-08-25 2008-08-25 System and method for auditory captchas

Country Status (1)

Country Link
US (2) US8793135B2 (en)

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170048388A1 (en) * 2012-10-17 2017-02-16 Kedlin Company, LLC Methods and systems for inbound call control
US10230837B2 (en) 2012-10-17 2019-03-12 Kedlin Company, LLC Methods and systems for inbound and outbound call control
US20190114496A1 (en) * 2017-10-13 2019-04-18 Cirrus Logic International Semiconductor Ltd. Detection of liveness
US20190114497A1 (en) * 2017-10-13 2019-04-18 Cirrus Logic International Semiconductor Ltd. Detection of liveness
US20190304472A1 (en) * 2018-03-30 2019-10-03 Qualcomm Incorporated User authentication
US20200012627A1 (en) * 2019-08-27 2020-01-09 Lg Electronics Inc. Method for building database in which voice signals and texts are matched and a system therefor, and a computer-readable recording medium recording the same
US10614815B2 (en) 2017-12-05 2020-04-07 International Business Machines Corporation Conversational challenge-response system for enhanced security in voice only devices
US10720166B2 (en) * 2018-04-09 2020-07-21 Synaptics Incorporated Voice biometrics systems and methods
US10770076B2 (en) 2017-06-28 2020-09-08 Cirrus Logic, Inc. Magnetic detection of replay attack
US10818296B2 (en) * 2018-06-21 2020-10-27 Intel Corporation Method and system of robust speaker recognition activation
US10832702B2 (en) 2017-10-13 2020-11-10 Cirrus Logic, Inc. Robustness of speech processing system against ultrasound and dolphin attacks
US10839808B2 (en) 2017-10-13 2020-11-17 Cirrus Logic, Inc. Detection of replay attack
US10847165B2 (en) 2017-10-13 2020-11-24 Cirrus Logic, Inc. Detection of liveness
US10853464B2 (en) 2017-06-28 2020-12-01 Cirrus Logic, Inc. Detection of replay attack
US10915614B2 (en) 2018-08-31 2021-02-09 Cirrus Logic, Inc. Biometric authentication
US10984083B2 (en) 2017-07-07 2021-04-20 Cirrus Logic, Inc. Authentication of user using ear biometric data
US11037574B2 (en) 2018-09-05 2021-06-15 Cirrus Logic, Inc. Speaker recognition and speaker change detection
US11042616B2 (en) 2017-06-27 2021-06-22 Cirrus Logic, Inc. Detection of replay attack
US11042617B2 (en) 2017-07-07 2021-06-22 Cirrus Logic, Inc. Methods, apparatus and systems for biometric processes
US11042618B2 (en) 2017-07-07 2021-06-22 Cirrus Logic, Inc. Methods, apparatus and systems for biometric processes
US11051117B2 (en) 2017-11-14 2021-06-29 Cirrus Logic, Inc. Detection of loudspeaker playback
US11264037B2 (en) 2018-01-23 2022-03-01 Cirrus Logic, Inc. Speaker identification
US11270707B2 (en) 2017-10-13 2022-03-08 Cirrus Logic, Inc. Analysing speech signals
US11276409B2 (en) 2017-11-14 2022-03-15 Cirrus Logic, Inc. Detection of replay attack
US11475899B2 (en) 2018-01-23 2022-10-18 Cirrus Logic, Inc. Speaker identification
US11631402B2 (en) 2018-07-31 2023-04-18 Cirrus Logic, Inc. Detection of replay attack
US11735189B2 (en) 2018-01-23 2023-08-22 Cirrus Logic, Inc. Speaker identification
US11755701B2 (en) 2017-07-07 2023-09-12 Cirrus Logic Inc. Methods, apparatus and systems for authentication
US11829461B2 (en) 2017-07-07 2023-11-28 Cirrus Logic Inc. Methods, apparatus and systems for audio playback

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9595008B1 (en) 2007-11-19 2017-03-14 Timothy P. Heikell Systems, methods, apparatus for evaluating status of computing device user
US8380503B2 (en) * 2008-06-23 2013-02-19 John Nicholas and Kristin Gross Trust System and method for generating challenge items for CAPTCHAs
US9186579B2 (en) * 2008-06-27 2015-11-17 John Nicholas and Kristin Gross Trust Internet based pictorial game system and method
US20100318669A1 (en) * 2009-06-16 2010-12-16 Kevin Chugh Human Interactive Proof System and Apparatus that Enables Public Contribution of Challenges for Determining Whether an Agent is a Computer or a Human
US8621583B2 (en) 2010-05-14 2013-12-31 Microsoft Corporation Sensor-based authentication to a computer network-based service
EP2647003A4 (en) * 2010-11-30 2014-08-06 Towson University Audio based human-interaction proof
US8776173B2 (en) 2011-03-24 2014-07-08 AYAH, Inc. Method for generating a human likeness score
US9141779B2 (en) 2011-05-19 2015-09-22 Microsoft Technology Licensing, Llc Usable security of online password management with sensor-based authentication
US20130006626A1 (en) * 2011-06-29 2013-01-03 International Business Machines Corporation Voice-based telecommunication login
US8590058B2 (en) * 2011-07-31 2013-11-19 International Business Machines Corporation Advanced audio CAPTCHA
WO2013022839A1 (en) * 2011-08-05 2013-02-14 M-Qube, Inc. Method and system for verification of human presence at a mobile device
US10558789B2 (en) 2011-08-05 2020-02-11 [24]7.ai, Inc. Creating and implementing scalable and effective multimedia objects with human interaction proof (HIP) capabilities, with challenges comprising different levels of difficulty based on the degree on suspiciousness
US9621528B2 (en) * 2011-08-05 2017-04-11 24/7 Customer, Inc. Creating and implementing scalable and effective multimedia objects with human interaction proof (HIP) capabilities, with challenges comprising secret question and answer created by user, and advertisement corresponding to the secret question
US10319363B2 (en) * 2012-02-17 2019-06-11 Microsoft Technology Licensing, Llc Audio human interactive proof based on text-to-speech and semantics
US9390245B2 (en) 2012-08-02 2016-07-12 Microsoft Technology Licensing, Llc Using the ability to speak as a human interactive proof
US9679427B2 (en) * 2013-02-19 2017-06-13 Max Sound Corporation Biometric audio security
US9263055B2 (en) 2013-04-10 2016-02-16 Google Inc. Systems and methods for three-dimensional audio CAPTCHA
US10277581B2 (en) * 2015-09-08 2019-04-30 Oath, Inc. Audio verification
KR20180074152A (en) * 2016-12-23 2018-07-03 삼성전자주식회사 Security enhanced speech recognition method and apparatus
US10628754B2 (en) * 2017-06-06 2020-04-21 At&T Intellectual Property I, L.P. Personal assistant for facilitating interaction routines
US10896252B2 (en) 2018-07-03 2021-01-19 International Business Machines Corporation Composite challenge task generation and deployment
US11200310B2 (en) * 2018-12-13 2021-12-14 Paypal, Inc. Sentence based automated Turing test for detecting scripted computing attacks

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020072907A1 (en) * 2000-10-19 2002-06-13 Case Eliot M. System and method for converting text-to-voice
US20020128840A1 (en) * 2000-12-22 2002-09-12 Hinde Stephen John Artificial language
US20030130847A1 (en) * 2001-05-31 2003-07-10 Qwest Communications International Inc. Method of training a computer system via human voice input
US20050022034A1 (en) * 2003-07-25 2005-01-27 International Business Machines Corporation Method and system for user authentication and identification using behavioral and emotional association consistency
US20070003913A1 (en) * 2005-10-22 2007-01-04 Outland Research Educational verbo-visualizer interface system
US20070050191A1 (en) * 2005-08-29 2007-03-01 Voicebox Technologies, Inc. Mobile systems and methods of supporting natural language human-machine interactions
US20070143624A1 (en) * 2005-12-15 2007-06-21 Microsoft Corporation Client-side captcha ceremony for user verification
US20070255567A1 (en) * 2006-04-27 2007-11-01 At&T Corp. System and method for generating a pronunciation dictionary
US20090055193A1 (en) * 2007-02-22 2009-02-26 Pudding Holdings Israel Ltd. Method, apparatus and computer code for selectively providing access to a service in accordance with spoken content received from a user
US20090235327A1 (en) * 2008-03-11 2009-09-17 Palo Alto Research Center Incorporated Selectable captchas
US20090240501A1 (en) * 2008-03-19 2009-09-24 Microsoft Corporation Automatically generating new words for letter-to-sound conversion
US7917367B2 (en) * 2005-08-05 2011-03-29 Voicebox Technologies, Inc. Systems and methods for responding to natural language speech utterance

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040254793A1 (en) * 2003-06-12 2004-12-16 Cormac Herley System and method for providing an audio challenge to distinguish a human from a computer
US8255223B2 (en) * 2004-12-03 2012-08-28 Microsoft Corporation User authentication by combining speaker verification and reverse turing test
US8036902B1 (en) * 2006-06-21 2011-10-11 Tellme Networks, Inc. Audio human verification
EP2109837B1 (en) * 2007-01-23 2012-11-21 Carnegie Mellon University Controlling access to computer systems and for annotating media files
US8245277B2 (en) * 2008-10-15 2012-08-14 Towson University Universally usable human-interaction proof

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020072907A1 (en) * 2000-10-19 2002-06-13 Case Eliot M. System and method for converting text-to-voice
US20020128840A1 (en) * 2000-12-22 2002-09-12 Hinde Stephen John Artificial language
US20030130847A1 (en) * 2001-05-31 2003-07-10 Qwest Communications International Inc. Method of training a computer system via human voice input
US20050022034A1 (en) * 2003-07-25 2005-01-27 International Business Machines Corporation Method and system for user authentication and identification using behavioral and emotional association consistency
US7917367B2 (en) * 2005-08-05 2011-03-29 Voicebox Technologies, Inc. Systems and methods for responding to natural language speech utterance
US20070050191A1 (en) * 2005-08-29 2007-03-01 Voicebox Technologies, Inc. Mobile systems and methods of supporting natural language human-machine interactions
US20070003913A1 (en) * 2005-10-22 2007-01-04 Outland Research Educational verbo-visualizer interface system
US20070143624A1 (en) * 2005-12-15 2007-06-21 Microsoft Corporation Client-side captcha ceremony for user verification
US20070255567A1 (en) * 2006-04-27 2007-11-01 At&T Corp. System and method for generating a pronunciation dictionary
US20090055193A1 (en) * 2007-02-22 2009-02-26 Pudding Holdings Israel Ltd. Method, apparatus and computer code for selectively providing access to a service in accordance with spoken content received from a user
US20090235327A1 (en) * 2008-03-11 2009-09-17 Palo Alto Research Center Incorporated Selectable captchas
US20090240501A1 (en) * 2008-03-19 2009-09-24 Microsoft Corporation Automatically generating new words for letter-to-sound conversion

Cited By (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170048388A1 (en) * 2012-10-17 2017-02-16 Kedlin Company, LLC Methods and systems for inbound call control
US9819797B2 (en) * 2012-10-17 2017-11-14 Kedlin Company, LLC Methods and systems for inbound call control
US10230837B2 (en) 2012-10-17 2019-03-12 Kedlin Company, LLC Methods and systems for inbound and outbound call control
US11042616B2 (en) 2017-06-27 2021-06-22 Cirrus Logic, Inc. Detection of replay attack
US10853464B2 (en) 2017-06-28 2020-12-01 Cirrus Logic, Inc. Detection of replay attack
US11704397B2 (en) 2017-06-28 2023-07-18 Cirrus Logic, Inc. Detection of replay attack
US10770076B2 (en) 2017-06-28 2020-09-08 Cirrus Logic, Inc. Magnetic detection of replay attack
US11164588B2 (en) 2017-06-28 2021-11-02 Cirrus Logic, Inc. Magnetic detection of replay attack
US11042618B2 (en) 2017-07-07 2021-06-22 Cirrus Logic, Inc. Methods, apparatus and systems for biometric processes
US11829461B2 (en) 2017-07-07 2023-11-28 Cirrus Logic Inc. Methods, apparatus and systems for audio playback
US11042617B2 (en) 2017-07-07 2021-06-22 Cirrus Logic, Inc. Methods, apparatus and systems for biometric processes
US11714888B2 (en) 2017-07-07 2023-08-01 Cirrus Logic Inc. Methods, apparatus and systems for biometric processes
US10984083B2 (en) 2017-07-07 2021-04-20 Cirrus Logic, Inc. Authentication of user using ear biometric data
US11755701B2 (en) 2017-07-07 2023-09-12 Cirrus Logic Inc. Methods, apparatus and systems for authentication
US11270707B2 (en) 2017-10-13 2022-03-08 Cirrus Logic, Inc. Analysing speech signals
US10847165B2 (en) 2017-10-13 2020-11-24 Cirrus Logic, Inc. Detection of liveness
US10839808B2 (en) 2017-10-13 2020-11-17 Cirrus Logic, Inc. Detection of replay attack
US10832702B2 (en) 2017-10-13 2020-11-10 Cirrus Logic, Inc. Robustness of speech processing system against ultrasound and dolphin attacks
US11017252B2 (en) * 2017-10-13 2021-05-25 Cirrus Logic, Inc. Detection of liveness
US11023755B2 (en) * 2017-10-13 2021-06-01 Cirrus Logic, Inc. Detection of liveness
US11705135B2 (en) 2017-10-13 2023-07-18 Cirrus Logic, Inc. Detection of liveness
US20190114496A1 (en) * 2017-10-13 2019-04-18 Cirrus Logic International Semiconductor Ltd. Detection of liveness
US20190114497A1 (en) * 2017-10-13 2019-04-18 Cirrus Logic International Semiconductor Ltd. Detection of liveness
US11051117B2 (en) 2017-11-14 2021-06-29 Cirrus Logic, Inc. Detection of loudspeaker playback
US11276409B2 (en) 2017-11-14 2022-03-15 Cirrus Logic, Inc. Detection of replay attack
US10614815B2 (en) 2017-12-05 2020-04-07 International Business Machines Corporation Conversational challenge-response system for enhanced security in voice only devices
US11735189B2 (en) 2018-01-23 2023-08-22 Cirrus Logic, Inc. Speaker identification
US11264037B2 (en) 2018-01-23 2022-03-01 Cirrus Logic, Inc. Speaker identification
US11475899B2 (en) 2018-01-23 2022-10-18 Cirrus Logic, Inc. Speaker identification
US11694695B2 (en) 2018-01-23 2023-07-04 Cirrus Logic, Inc. Speaker identification
US10733996B2 (en) * 2018-03-30 2020-08-04 Qualcomm Incorporated User authentication
US20190304472A1 (en) * 2018-03-30 2019-10-03 Qualcomm Incorporated User authentication
US10720166B2 (en) * 2018-04-09 2020-07-21 Synaptics Incorporated Voice biometrics systems and methods
US10818296B2 (en) * 2018-06-21 2020-10-27 Intel Corporation Method and system of robust speaker recognition activation
US11631402B2 (en) 2018-07-31 2023-04-18 Cirrus Logic, Inc. Detection of replay attack
US11748462B2 (en) 2018-08-31 2023-09-05 Cirrus Logic Inc. Biometric authentication
US10915614B2 (en) 2018-08-31 2021-02-09 Cirrus Logic, Inc. Biometric authentication
US11037574B2 (en) 2018-09-05 2021-06-15 Cirrus Logic, Inc. Speaker recognition and speaker change detection
US11714788B2 (en) * 2019-08-27 2023-08-01 Lg Electronics Inc. Method for building database in which voice signals and texts are matched and a system therefor, and a computer-readable recording medium recording the same
US20200012627A1 (en) * 2019-08-27 2020-01-09 Lg Electronics Inc. Method for building database in which voice signals and texts are matched and a system therefor, and a computer-readable recording medium recording the same

Also Published As

Publication number Publication date
US20100049526A1 (en) 2010-02-25
US8793135B2 (en) 2014-07-29

Similar Documents

Publication Publication Date Title
US8793135B2 (en) System and method for auditory captchas
US10276152B2 (en) System and method for discriminating between speakers for authentication
CN104217149B (en) Biometric authentication method and equipment based on voice
US8812319B2 (en) Dynamic pass phrase security system (DPSS)
CN104509065B (en) Human interaction proof is used as using the ability of speaking
US6671672B1 (en) Voice authentication system having cognitive recall mechanism for password verification
Gao et al. An audio CAPTCHA to distinguish humans from computers
US20130006626A1 (en) Voice-based telecommunication login
CN102737634A (en) Authentication method and device based on voice
US20100178956A1 (en) Method and apparatus for mobile voice recognition training
CA3177132A1 (en) Techniques to provide sensitive information over a voice connection
CN109087647A (en) Application on Voiceprint Recognition processing method, device, electronic equipment and storage medium
CN112417412A (en) Bank account balance inquiry method, device and system
CN110298150B (en) Identity verification method and system based on voice recognition
JP2021064110A (en) Voice authentication device, voice authentication system and voice authentication method
Seymour et al. Your voice is my passport
Badigar et al. Voice Based Email Application For Visually Impaired
Shirali-Shahreza et al. Spoken captcha: A captcha system for blind users
CN112565242A (en) Remote authorization method, system, equipment and storage medium based on voiceprint recognition
RU2790946C1 (en) Method and system for analyzing voice calls for social engineering detection and prevention
WO2022250565A1 (en) Method and system for analyzing voice calls
Šandor et al. RESILIENCE OF BIOMETRIC AUTHENTICATION OF VOICE ASSISTANTS AGAINST DEEPFAKES
Shah et al. Countermeasure to protect Automatic Speaker Verification Systems from Replay Attack

Legal Events

Date Code Title Description
AS Assignment

Owner name: AT&T INTELLECTUAL PROPERTY I, L.P., NEVADA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LEWIS, STEVEN HART;BALDASARE, JOHN;REEL/FRAME:033360/0430

Effective date: 20080821

AS Assignment

Owner name: NUANCE COMMUNICATIONS, INC., MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:AT&T INTELLECTUAL PROPERTY I, L.P.;REEL/FRAME:041504/0952

Effective date: 20161214

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION