Amazon files patent for replay attack detection method to protect voice authentication
A patent filed by Amazon for a replay attack detection technology for biometric voice authentication systems has been published by the U.S. Patent and Trademark Office.
The filing for “Detecting replay attacks in voice-based authentication” describes a system in which a “watermark signal” is included by the device in the captured audio of a voice authentication factor spoken by the user.
“When a user speaks a voice authentication factor, a unique watermark is played in the environment in which the user is speaking,” the inventors write in the application. “Accordingly, the watermark should be captured by any surreptitious recording equipment that is recording at a relative fidelity that is high enough to accurately reproduce characteristics of the speaker’s voice.”
If a previously-used watermark is detected in the audio of an authentication attempt, the system recognizes the audio as a recording, and can optionally demand another factor, such as a PIN or fingerprint scan. In the various embodiments presented, the watermark could alternatively be used once, in effect marking the transaction as current, and never again, or could be produced at a low frequency to distinguish between a current and previous watermark.
Research from Pindrop indicates that the rapid increase in voice interactions is being accompanied by a major spike in fraud through the voice channel as criminals leverage new technology for advanced fraud techniques like replay attacks.
A pair of Canadian credit unions launched banking services through Amazon Alexa late last year.