Voice authentication allows you to identify a caller through their voice characteristics, such as dialect, speed, volume, and tone.
A voiceprint is captured and stored with the voice’s characteristics in the form of a spectrogram, i.e. an encrypted digital representation that is saved as a binary file and cannot be played back.
When a caller enrolls into voice authentication, the voiceprint is created and stored, and it is matched later with a sample of the caller’s voice, gathered at the authentication moment.
How is the voiceprint store?
The audio required to enroll callers is sent for analysis, then a voiceprint is created with a composite marker file akin to a data blob.
This data blob is not reversible to extract the original recordings.
The original recordings are discarded once the voiceprint file has been created, encrypted, and stored with the service in the cloud.
What kind of protection mechanisms are there to safeguard voiceprints?
The solution is to built on a “Privacy by Design” approach that places emphasis on data privacy andprotection and ensures compliance with all regulatory regimes including, but not limited to, GDPR, CCPA, HIPAA, BIPA, LGPD, and Vectors of Trust.
As part of this approach, the protection of the biometric voice models is paramount, and we, therefore, apply several techniques, leveraging, where necessary, third-party modules that are compliant with FIPS 140-2 requirements.
In all deployments, voice models are never persisted or transmitted in an unencrypted state and, once used in the authentication or identification process, are immediately removed from memory.
For model encryption, the platform supports Envelope encryption, using external key management or HSM (HSMaaS) modules.
Where are the caller's voiceprints saved?
Being a SaaS (AWS) solution, it is deployed across multiple availability zones within a region and operates in an active/active configuration for maximum availability and redundancy.
The backend infrastructure operates in an active/passive multi-availability zone configuration with a 60 to 120-second failover in the event of an active node outage.
The cloud services are distributed over a load-balanced, multi-zoned environment, through which we can explicitly choose regions in AWS and other national cloud vendors.
Meaning, all sensitive data would never go extra-jurisdictional. Nor would operators transmit data outside of that AWS/other cloud regions.
Such compliance is mandatory when dealing with sensitive authentication access to health records, financial data, and other privacy-sensitive data.