`
`European Patent Office
`
`Office europeen des brevets
`
`111111111111111111111111111111111111111111111111111111111111111111111111111
`@ Publication number: 0 621 532 A 1
`
`@
`
`EUROPEAN PATENT APPLICATION
`
`@ Application number : 94302593.2
`
`@ Int. Cl.5
`
`: G06F 3/16
`
`@ Date of filing : 13.04.94
`
`@ Priority: 23.04.93 US 52310
`
`@ Date of publication of application:
`26.10.94 Bulletin 94/43
`
`@ Designated Contracting States:
`DE FR GB
`
`@ Applicant: AT & T Corp.
`32 Avenue of the Americas
`New York, NY 10013-2412 (US)
`
`@ Inventor : Rissanen, Eugene Leo
`184 Baranof West
`Westerville, Ohio 43081 (US)
`
`@ Representative : Buckley, Christopher Simon
`Thirsk et al
`AT&T (UK) LTD.,
`AT&T Intellectual Property Division,
`5 Mornington Road
`Woodford Green, Essex IG8 OTU (GB)
`
`@ Password verification system.
`
`@) Passwords are spoken by users (e.g.0001)
`and stored as speech models in a database (1 01
`in 10). The database (10) also contains a plurali(cid:173)
`ty of reference voice (RV) speech models (in
`1 00) based on speech inputs by various persons
`(1.2 ... 1 000) ; each RV speech model includes
`characters
`(0, 1 ,2, ... 9,oh), digits, or phrases
`comprising user assigned passwords. Prefer(cid:173)
`ably, a group of the RV speech models are
`selected (RV1 ,20,350,591, 1 000) based upon a
`predetermined
`level of difference between
`same and a speech model (in 101) of the user's
`spoken password. In requesting access to the
`system, a user speaks the assigned password.
`The password entered by the user to obtain
`access is compared with user's own speech
`models (in 101) and with
`the selected RV
`speech models (in 100) to determine a measure
`is
`of similarity. The validity of the password
`determined based upon this measure of simil(cid:173)
`arity.
`
`I
`
`I
`
`BASE
`
`RV
`
`REFERENCE VOICE
`REFERENCE
`VOICE DATA SCORES
`0,1 ,z,. .. 9," oh'
`33
`:
`:
`
`1
`j
`3
`i
`8
`j
`20 0,1,2, ... 9," oh'
`
`100
`:
`350 0,1,2, ... 9," oh'
`
`510
`591 0,1 ,2, ... 9," oh'
`!
`700
`!
`875
`:
`900
`
`:
`:
`:
`1000 0,1,2.-.. 9."oh'
`
`N ~ ,
`
`RANK
`ORDER
`203
`
`31
`
`201
`
`32
`
`202
`
`31
`
`200
`
`34
`
`204
`
`r101
`
`I
`
`PASSWORD FILE
`USER \PASSWORD\USER'S WORD MODEL\
`INDEX TO SELECTED RV's
`20 1350 I 591l1ooo
`ooo11 73198 1 "7".'3'."1'."9"."-t 1 1
`
`N I 14038 I '1",'4','r!,'5',"'t I 43 487\810 \325\692
`
`FIG. 2
`
`Jouve, 18, rue Saint-Denis, 75001 PARIS
`
`I
`
`I
`
`I
`
`I
`
`Facebook's Exhibit No. 1004
`Page 1
`
`
`
`EP 0 621 532 A1
`
`2
`
`Technical Field
`
`This invention relates to spoken password sys(cid:173)
`tems and in particular to a technique for verifying user
`dependent passwords.
`
`Background of the Invention
`
`Computer systems are increasingly being used in
`the work place to prepare and store documents of a
`sensitive nature relating to business operations. Due
`to the sensitive nature of business operations, it is of-
`ten necessary that users of a computer system and
`calling telephone parties accessing a computer sys-
`tem over the telephone network be assigned unique
`passwords intended to enable access to the computer
`system. The use of passwords function both to deny
`access to the computer system to those that are not
`assigned passwords and to grant access to a pass-
`word holder.
`Some business computer systems are arranged
`to initially record and store passwords assigned to
`users. In response to a prompt by the system for the
`user's password, the user enters the password onto
`a keyboard and the system compares the keyboard
`entered password with the stored passwords and en-
`ables the user to access the system when the entered
`password matches the previously stored password.
`In voice operated computer systems used both in
`business and with computer systems coupled with the
`telephone network, user passwords are recorded and
`stored as speech models (voice templates) in a pass-
`word database of the system for each user's account
`code (login identification). The word "model" as used
`herein means any digitized form of a spoken word or
`composite form of a word repeated a plurality of
`times. Typically, the computer system prompts the
`user to enter the user's account code and then
`prompts the user to enter the assigned password by
`speaking the password into audio input apparatus of
`the computer system. The system responds to entry
`of the spoken password by assembling a speech
`model of the entered password and comparing it with
`a previously recorded and stored user password mod-
`el to determine the validity of the user entered pass-
`word. In the comparison process the user entered
`password model is compared with each previously re(cid:173)
`corded and stored password model. Typically, a score
`is assigned to such comparison representing the sim-
`ilarity of the user entered password model with the
`pre-recorded and stored password model. When
`there is a match of the user entered password model
`with a previously recorded stored password model as
`determined by a score above a predetermined thresh-
`old, the system recognizes the user spoken password
`as valid and grants the user access to the system.
`A problem arises with present speech password
`systems in that inflections and changes occur from
`
`time-to-time in users' voices and to speech transmis(cid:173)
`sion characteristics of the system. These variations
`cause errors when an undesired mismatch occurs
`due to a comparison of a speech model of a valid, but
`changed, password to the prerecorded password
`model. This results in the system denying an autho(cid:173)
`rized user access to the system. Accordingly, a need
`exists for an improved password validation system
`that can recognize valid speaker dependent autho(cid:173)
`rized passwords even when different voice inflec(cid:173)
`tions occur and where system transmission charac(cid:173)
`teristics cause variations of the received voice pass(cid:173)
`word.
`
`5
`
`10
`
`15
`
`Solution
`
`It is an object of the present invention to provide
`an improved password validation method and appa(cid:173)
`ratus which provides flexibility in recognizing valid
`spoken passwords while still maintaining authentica(cid:173)
`tion accuracy.
`In accordance with an embodiment of the prefer(cid:173)
`red invention, a computer controlled database is
`linked to a telecommunication network with which
`users are provided password controlled access.
`Users are initially entered into a password database
`stored in the computer system by assigning each user
`an account code and a password, such as consisting
`of a number of numerical digits. A speech model of the
`user's password based on the user's voiced entry of
`the password is stored in the database along with the
`user's account code.
`The computer database contains a reference
`voice table consisting of prerecorded inputs by a plur(cid:173)
`ality of people who have spoken each of the permis(cid:173)
`sible numeric digits that can be assigned as pass(cid:173)
`words to users. Voice models of each reference voice
`for each digit are stored in the database. Upon a new
`user being assigned a password and voice entry by
`the user of the password, a model of the user's pass(cid:173)
`word is stored in the computer database and is iden(cid:173)
`tified by the correspondingly assigned account code.
`The user's spoken password model is then compared
`against each of the reference voice models for corre(cid:173)
`sponding digits and assigned a score for each. The
`reference voice entries are then rank ordered in ac(cid:173)
`cordance with the scores reflecting similarity. A plur(cid:173)
`ality, such as five, of the reference voices, preferably
`having contiguous rank order scores within a prede(cid:173)
`fined range of similarity scores, are selected as com(cid:173)
`parison models against which models of subsequent
`spoken passwords wi II be judged. An index to each of
`these selected voices is stored in a user data field as(cid:173)
`sociated with the corresponding user's password.
`Upon a request by a user for access to the system
`and voicing of a password, the computer system re(cid:173)
`cords the voice password. The recorded voice pass(cid:173)
`word is compared with the previously selected refer-
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`2
`
`Facebook's Exhibit No. 1004
`Page 2
`
`
`
`3
`
`EP 0 621 532 A1
`
`4
`
`ence voices to yield a composite first score and is
`compared with the user's own stored password model
`to yield a second score. If the difference between the
`first and second scores exceed a predetermined
`threshold, entry of a valid password is determined.
`
`Brief Description of the Drawing's
`
`FIG. 1 illustrates a password validation system
`which incorporates an embodiment of the present in-
`vention.
`FIG. 2 illustrates an embodiment of a database
`as shown in FIG. 1.
`FIG. 3 is a graph illustrating the relative similarity
`of reference voices which are preferably selected for
`comparison with each password.
`FIGS. 4, 5, and 6 are flow diagrams illustrating
`exemplary steps of a password validation method
`used by the system of FIG. 1 in accord with the pres-
`ent invention.
`
`Detailed Description
`
`In an exemplary embodiment of the invention, a
`password identification system 1 shown in FIG. 1 is
`intended for use in a wide variety of applications tore-
`strict user access to computer systems and to the
`physical facilities and services provided to certain
`users by the system. In one application, a computer
`system serves a number of users 2 and 3, and stores
`data files, at least some of which, are restricted for
`use by users 2 and 3. Each authorized user is identi-
`fied by a unique account code and corresponding
`password. In another application, a company 5 may
`have a number of physical facilities such as private
`telephone lines which company 5 wants to restrict ac-
`cess to users 50, 51, and 52 who are each given an
`account code and password that enables access to
`the physical facilities available for use by the compa-
`ny. In yet another application, a provider of financial
`services may provide a user electronic access to user
`account files wherein access to an account file is gov(cid:173)
`erned by an account code and unique password as(cid:173)
`signed to a user.
`Password system 1 is capable of enrolling (initial-
`ly entering) user spoken passwords and subsequent-
`ly recognizing the passwords when spoken by the
`same user that previously enrolled the password.
`Password system 1 has line interface apparatus com-
`prising a plurality of access circuits 15, line circuits 16
`and trunk circuits 17, each of which are well known
`and need not be explained for an understanding of the
`invention. These circuits interconnect password sys-
`tem 1 with users 2, 3, and 5. Access circuit 15 may be
`connected with any one of a number of well known
`voice activated devices that enables users 2 and 5 to
`directly receive from and enter spoken alphanumeric
`sounds into password system 1. Line circuits 16 and
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`3
`
`trunk circuits 17 may be coupled with corresponding
`line circuit and trunk circuits of telephone switching
`systems of telephone network 4 and enable a user 3
`connected to telephone network 4 to place and re(cid:173)
`ceive telephone calls and enter spoken alphanumeric
`sounds into password system 1.
`Each access, line and trunk circuit 15, 16, and 17,
`respectively, is also coupled to switch 13 and control(cid:173)
`led by data bus 18 extending from central processor
`unit 11. A number of voice prompt and recognition
`units 14 are each connected with switch 13 and con(cid:173)
`trolled via central processor unit 11 and data bus 18
`to generate audio prompt messages used to instruct
`users 2, 3, and 5 interconnected with access, line and
`trunk circuits 15, 16, and 17 in the use of password
`identification system 1 and to prompt calling users 2,
`3, and 5 for password information. Each voice prompt
`and recognition unit 14, which is controlled by central
`processor unit 11, transmits password information re(cid:173)
`ceived from users 2, 3, and 5 in response to the gen(cid:173)
`erated audio prompt messages over data bus 18 to
`central processor unit 11. Received password infor(cid:173)
`mation is recorded under control of central processor
`unit 11 in database 10. Switch 11, which is intercon(cid:173)
`nected with access, line and trunk circuits 15, 16, and
`17, and with voice prompt and recognition units 14, is
`coupled to central processor unit 11 via data bus 18
`and selectively connects ones of voice prompt and
`recognition units 14 with ones of access, line and
`trunk circuits 15, 16, and 17, connected with users 2,
`3, and 5.
`Password system 1 may comprise a general pur(cid:173)
`pose IBM compatible computer, such as a 386 or 486
`or an AT&T 382-400 or 382-310 simplex or duplex
`computer. Such computers need not be described in
`detail for an understanding of the invention and in
`general have a central processor unit 11 and a mem(cid:173)
`ory unit 12 each interconnected by address, data and
`control leads to data bus 18. Data bus 18 enables
`central processor unit 11 to communicate with each
`connected element in the operation of password sys(cid:173)
`tem 1. Central processor unit 11 is programmed in ac(cid:173)
`cordance with programs stored in memory 12 to en(cid:173)
`roll, recognize, and validate user spoken passwords.
`Referring to FIGS. 1 and 2, the illustrative speech
`password system 1 records and stores in database
`100 included in database 10 a plurality of speech
`models corresponding to strings of predefined spok(cid:173)
`en numerals entered by persons into speech pass(cid:173)
`word system 1. Although only spoken number models
`are used in the illustrative embodiment, alphanume(cid:173)
`ric words and phrases could be used to provide a wid(cid:173)
`er selection of passwords that can be assigned to
`users. Typically, a substantial number of persons,
`such as 1 000 persons, each record enough speech to
`allow one speech model of each of the predefined
`terms (numbers 0-9 and "oh") from microphones of a
`telephone. The models may be hidden markov, word
`
`Facebook's Exhibit No. 1004
`Page 3
`
`
`
`5
`
`EP 0 621 532 A1
`
`6
`
`models and preferably represent at least six represen(cid:173)
`tations of each term such as based on six repetitions
`of each digit by each reference voice contributor.
`Each model has states symbolically represented as
`binary configurations and are preferably a combina-
`tion of multivariate Gaussian distributions of a 24 di(cid:173)
`mensional vector of 12 cepstral coefficients and 12
`delta cepstral coefficients.
`Database 10 may be any one of well known disk,
`tape, solid state or other type of storage device for
`storing digital information and is connected to data
`bus 18 and controlled by central processor unit 11 to
`store password information received by speech pass-
`word system 1. In addition to password information,
`central processor unit 11 is also programmed to con-
`trol voice prompt and recognition units 14 that are
`used to prompt users 2 and 3 in the use of speech
`password system 1 and on entering password infor(cid:173)
`mation into the system. Typically, such prompt mes-
`sages may be "Please enter your account code now.",
`"Please speak the password to be enrolled at this
`time.", and "What is your password?" and other types
`of messages.
`Referring to FIG. 2, database 10 includes a data-
`base 100 which contains reference voice models and
`related data fields, and a database 101 which con-
`tains password files corresponding to each enrolled
`user. Database 100 stores a plurality of files corre(cid:173)
`sponding to voice entries of persons to be utilized as
`reference voices for comparisons. In the represents-
`tion of database 100, rows correspond to files for dif(cid:173)
`ferent reference voice contributors and are identified
`by a reference voice index (1, 2, 3 ... 1 000) contained
`in the left-hand column. Each person used as a ref-
`erence voice speaks each of digits 0-9 and "oh", an
`alternative for the number zero, a plurality of times
`into a microphone such as a telephone handset. A
`voice model is stored for each person for each of
`these entries. In the illustrative example, 1000 refer-
`ence voice files representing different persons' voic-
`es each contain these stored models. The remaining
`columns in database 100 will be described in conjunc-
`tion with an explanation of database 101.
`Users seeking access through the password sys-
`tem in accordance with the present invention, will typ-
`ically be assigned an access code such as indicated
`in the "user" column of the table illustrative of data-
`base 101. The user is also assigned in the illustrative
`embodiment a password consisting of five numbers
`defined by the "password" column. A model of each
`user's voice input of each assigned password digit is
`stored as a "user's word model" for each digit. As part
`of an initial enrollment or entry into the password sys-
`tem, the user's word models of the assigned pass-
`word are compared with each of the reference voice
`models in database 100 and similarity scores are
`computed for digits in the stored reference voice mod-
`el that correspond to digits in the password. The sim-
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`4
`
`ilarity scores are indicated by "scores" in database
`1 00; these scores may, for example, be on a scale
`from 1 to 100 with 1 00 being a virtual identical match
`and one an extremely dissimilar match.
`As part of the enrollment process following the
`determination of these scores, each reference voice
`file is then rank ordered by scores as indicated by the
`"rank order'' column of database 100. The rank order
`column will consist of entries 1-1000 with 1000 cor(cid:173)
`responding to the rank order of the highest score (best
`match) and one corresponding to rank order of the
`lowest score (worst match).
`In the illustrative example, an index is stored in
`each user password file of database 101 to five pre(cid:173)
`viously identified reference voice files in database
`1 00 selected on the basis of rank order. In this exam(cid:173)
`ple, five reference voices having an approximate 20
`percentile rank order (200 of 1 000) are selected, i.e.
`indexes 1, 20, 350, 591, and 1000. These five refer(cid:173)
`ence models will be subsequently utilized for pass(cid:173)
`word access requests by the user as wi II be explained
`below.
`FIG. 3 illustrates a graph representing the rank
`ordering of the reference voice files in database 100
`relative to a particular user's model of the user's as(cid:173)
`signed password. An important aspect of the present
`invention resides in the recognition that the selection
`of comparison voices which are not substantially sim(cid:173)
`ilar to the voice model of the user's password can be
`advantageously utilized for validation of password re(cid:173)
`quests, especially where variations in the voice re(cid:173)
`sponse by a valid user or changing system conditions
`can distort or change the speech characteristics of
`the user's entry of a correct password. Based on ex(cid:173)
`perimental results, it is believed that the selection of
`reference voices for comparisons considered by rank
`order should be selected from a group less than 80
`percent (800 of 1 000) in the illustrated graph and
`more preferably, less than 50 percent (500 of 1 000)
`such as the illustrated range of slightly less than 20
`percent (200 of 1 000) to slightly greater than 40 per(cid:173)
`cent (400 of 1 000). Advantages of such selected com(cid:173)
`parison voices will be further explained below.
`Referring to FIG. 4, the exemplary password
`method begins at "START" 200 and continues to step
`201 with the user's call being answered by password
`system 1. In step 203 a decision is made if the call is
`requesting enrollment, i.e. initial entry, of a password,
`access to password verification, or other service not
`associated with the password system, i.e. miscellane(cid:173)
`ous services. This determination can be based on the
`number dialed, other parameters controllable by the
`calling party, or a DTMF reply by the calling party to
`a voice request generated by the system. A determi(cid:173)
`nation by step 203 that neither enrollment nor access
`has been requested, i.e. a miscellaneous request
`causes the method to terminate at "END" 204. As(cid:173)
`suming the decision in step 203 is "enrollment", an ac-
`
`Facebook's Exhibit No. 1004
`Page 4
`
`
`
`7
`
`EP 0 621 532 A1
`
`8
`
`count code or personal identification number (PIN) is
`assigned to the user in step 205 and it is transmitted
`to the user in step 207. Next a password is assigned
`by the system under control of the CPU to the user in
`step 209. The user is requested to speak the assigned
`password by a voice prompt in step 211. The user's
`vocalization of the assigned password is recorded
`(stored) in step 213. In step 215 a determination is
`made if the user has made an acceptable response
`to the request. If NO, control returns to step 211
`where the user is again prompted to speak the pass-
`word. It will be noted that steps 211,213, and 215 may
`be repeated a predetermined number of times to store
`a plurality of vocalizations of the same password by
`the user in order to derive a composite or average vo-
`calization of the password. A YES decision in step 215
`results in a disconnect message being sent to the
`user as indicated in step 217.
`Continuing with the password enrollment in FIG.
`5, the CPU of the system 1 assembles in step 219 a
`composite model based on the stored vocalization(s)
`of the password by the user. In the illustrative exam-
`ple, the recorded model of the password numbers are
`then compared with the voice models for correspond-
`ing numbers of each of the reference voice files in
`step 221. A score is assigned to each reference voice
`file based on similarity of the reference voice and
`user's models of corresponding voiced numbers in
`step 223. The scores are then rank ordered as indi-
`cated in step 225. For a database containing 1000 ref-
`erence voice files, each file would be assigned a rank
`between 1 000 and 1 with 1000 representing the most
`similarity. A predetermined number of reference voic-
`es, such as five in the illustrative example, ranks near
`a predetermined target rank order, such as at a 20
`percentile rank that would include ranks of 200, 201,
`202, 203, and 204, in step 227. The rank order target
`is preferably selected from a range of 15- 50 percen-
`tile and more preferably in a 20-40 percentile range.
`In step 229, the user's password model and index to
`each selected reference voice are recorded in the
`user's file in database 101 with the assigned account
`code and password. Following step 229, this method
`ends by exiting these steps as indicated by "END"
`231.
`FIG. 6 illustrates a continuation of the flow dia(cid:173)
`gram of an exemplary method in accord with this in(cid:173)
`vention. Upon a decision in step 203 of FIG. 4 that "ac(cid:173)
`cess" to the system is being requested by a user, the
`user is prompted in step 301 (FIG. 6) for the user's ac-
`count code which was assigned to the user as part of
`the initial password enrollment. Step 303 determines
`if a valid account code has been given by the user. A
`NO decision results in step 305 determining if a pre-
`determined number of prior attempts have been ex-
`ceeded. A YES determination by step 305 causes the
`process to be terminated as indicated by "END" 306.
`A NO decision by step 305 which represents that the
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`5
`
`limit of tries was not exceeded, returns the user to
`step 301 for another attempt to enter a valid account
`code. A YES determination by step 303 corresponds
`to the user having entered a valid account code and
`is followed by the user being prompted to speak the
`user's password at step 307. In step 309 a speech
`model of the password spoken by the user is saved.
`In step 311 the user's file in database 101 is iden(cid:173)
`tified based upon the user's account code. The user's
`word model stored in the identified user's file is com(cid:173)
`pared with the model of the password spoken by the
`user in requesting access, and a first score is gener(cid:173)
`ated based upon this comparison. In step 313 a com(cid:173)
`parison is made of the model of the password spoken
`to request access to the system with each of the ref(cid:173)
`erence voices identified by index in the user's file. A
`second score is generated based upon a composite
`of these comparisons, such as by averaging the five
`scores generated by these comparisons. The differ(cid:173)
`ence between the first and second scores is calculat(cid:173)
`ed in accordance with step 315. In step 317, a deter(cid:173)
`mination is made if the difference determined in step
`315 is greater than a predetermined threshold. In a
`typical example, the first score will have a relatively
`high degree of similarity since the valid user's entry
`of the password should relatively closely match the
`stored voice model of his prior entry of the same pass(cid:173)
`word. However, it is expected that the comparison of
`the user's password with the five reference voices will
`yield a second score indicative of a relatively poor
`measure of similarity since each of the reference
`voices was selected to have a relative low degree of
`similarity, such as at the 20 percentile rank. Thus, a
`substantial difference will typically exist between the
`first and second scores, thereby permitting a reason(cid:173)
`able choice of predetermined thresholds upon which
`to make the determination as indicated in step 317. A
`threshold can be selected to provide a substantial de(cid:173)
`gree of security while accommodating variations in
`the voice reply of the user or of system characteris(cid:173)
`tics. For example, a "raspy" pronunciation of the pass(cid:173)
`word by a valid user such as due to a sore throat may
`still possibly be recognized as a valid password entry
`because it is the difference between the first and sec(cid:173)
`ond scores which is utilized. In this example, there
`will be greater variation and, hence a lowerfirst score
`but likewise there is likely to be a greater variation
`with regard to the reference voices and, hence a lower
`second score is also likely. Thus, the differential be(cid:173)
`tween the first and second scores may produce a re(cid:173)
`sult still high enough to meet the threshold.
`Upon a YES determination by step 317, the user
`is granted system access as indicated in step 319 and
`this method terminates as indicated by "END" 321. A
`NO determination by step 317 results in a determina(cid:173)
`tion by step 323 as to whether the difference between
`the first and second scores exceeded at least a lower
`threshold of limit. If the lower threshold is not exceed-
`
`Facebook's Exhibit No. 1004
`Page 5
`
`
`
`9
`
`EP 0 621 532 A1
`
`10
`
`ed, i.e. a NO determination, the method terminates at
`"END" 325. A YES determination by step 323 indicat(cid:173)
`ing that the lower threshold has been exceeded, the
`method returns to step 307 and permits the user an-
`other attempt to enter the password. This allows the
`user at least an additional attempt to enter the pass-
`word where at least the threshold of step 323 was
`met.
`It is believed that the advantages of the present
`invention can be ascertained from the foregoing de-
`scription of an embodiment of the invention. The pres-
`ent invention permits a substantial degree of security
`to be maintained while also permitting speech varia-
`tions of the entry or transmission of a password to be
`accommodated by the recognition of the entry as a
`valid password. An important aspect that contributes
`to this improved result is the selection of reference
`voice models as the basis of a comparison which are
`not substantially similar to the password. In the em-
`bodiment of the invention, utilizing scores based
`upon a comparison of the password entered by a user
`to gain access with both a stored prior entry of the
`password by the user and with the preselected refer-
`ence voices permits appropriate thresholds to be set
`which expand the tolerance of this system as com-
`pared with password systems in which comparisons
`with closely similar models are utilized.
`Although an embodiment of the present invention
`and a method in accordance therewith have been de-
`scribed above and illustrated in the drawings, the
`scope of the invention is defined by the claims which
`follow.
`
`Claims
`
`1. A spoken password verification apparatus in(cid:173)
`cluding means for storing a first speech model of
`a first entry of a password spoken by a user, the
`apparatus characterized by:
`means for storing a plurality of reference
`voice (RV) speech models based on speech in(cid:173)
`puts by persons, each RV speech model includ(cid:173)
`ing said password;
`means for selecting at least one RV
`speech model based on a predetermined differ-
`ence of similarity between said first speech mod-
`el and said one RV speech model;
`means for storing a second speech model
`of a second entry of a password spoken by a
`user;
`
`means for comparing said second speech
`model and said selected one RV model to deter(cid:173)
`mine a measure of similarity;
`means for determining the validity of said
`second entry of the password based on said
`measure of similarity.
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`6
`
`2. The spoken password verification apparatus of
`claim 1 wherein said means for storing RV
`speech models further comprises a database
`having files that each store an RV speech model
`corresponding to a person having spoken at least
`said password.
`
`3. The spoken password verification apparatus of
`claim 1 wherein said means for selecting said at
`least one RV speech model comprises means for
`determining a similarity score for each RV
`speech model by comparing said first speech
`model with each of said RV speech models.
`
`4. The spoken password verification apparatus of
`claim 3 wherein said means for selecting said at
`least one RV speech model further comprises
`means for ranking said RV speech models based
`on said similarity scores, said selecting means
`selecting said at least one RV speech model
`based on a predetermined threshold ranking that
`corresponds to a substantial difference of simi(cid:173)
`larity scores of said first speech model and said
`at least one RV speech model.
`
`5. The spoken password verification apparatus of
`claim 3 wherein said means for selecting said at
`least one RV speech model further comprises
`means for ranking said RV speech models based
`on said similarity scores, said selecting means
`selecting said at least one RV speech model
`based on a predetermined threshold ranking from
`a range of said RV speech model rankings of 15
`- 50 percentile, where a 100 percentile ranking
`represents an RV speech model with the most
`similarity to said first speech model.
`
`6. The spoken password verification apparatus of
`claim 5 wherein said range of said RV speech
`model rankings consists of 20- 40 percentile.
`
`7. The spoken password verification apparatus of
`claim 1 wherein said determining means compris(cid:173)
`es means for generating first and second similar(cid:173)
`ity scores based on a comparison of said second
`speech model with said first speech model and
`with said at least one RV speech model, respec(cid:173)
`tively, means for comparing the difference be(cid:173)
`tween said first and second similarity scores,
`and said determining means determining that the
`password corresponding to said second speech
`model is valid if said difference between said first
`and second similarity scores exceeds a predeter(cid:173)
`mined threshold.
`
`Facebook's Exhibit No. 1004
`Page 6
`
`
`
`EP 0 621 532 A1
`
`CONTROL
`
`PASSWORD IDENTIFICATION SYSTEM
`13
`15
`1 - - - - - - - t - 1 ACCESS t-------. -t
`..--""'--,
`...____.
`CONTROL
`:
`.
`5
`• . .
`....---~ SWITCH
`rruJ~'
`~ 15
`I = 1 - - - - -H ACCESS ~--··
`
`14
`
`VOICE
`PROMPT &
`RECOGNITION
`UNIT
`
`VOICE
`PROMPT &
`RECOGNITION
`UNIT
`
`CENTRAL
`PROCESSOR
`UNIT
`
`FIG. 1
`
`7
`
`Facebook's Exhibit No. 1004
`Page 7
`
`
`
`EP 0 621 532 A1
`
`RV
`
`•
`
`•
`•
`
`REFERENCE VOICE
`REFERENCE SCORES RANK
`ORDER
`VOICE DATA
`. •
`.
`33
`203
`1 0,1,2, ••• 9,• oh·
`• .
`•
`.
`.
`3
`• .
`:
`.
`.
`8
`:
`20 0,1,2, ... 9,• oh·
`.
`. .
`:
`•
`.
`. .
`100
`.
`. •
`350 0,1 ,2,··· 9,· oh·
`.
`. .
`•
`.
`.
`510
`:
`• .
`591 0,1,2,··· 9,• oh·
`.
`.
`•
`700
`.
`•
`. .
`•
`:
`•
`875
`. •
`:
`. •
`900
`•
`•
`1000 0, 1,2, ••• 9,· oh·
`
`31
`
`201
`
`32
`
`202
`
`31
`
`200
`
`34
`
`204
`
`10
`
`~ 100
`
`101
`
`PASSWORD FILE
`USER PASSWORD USER'S WORD MODEL
`INDEX TO SELECTED RV