MAP is an Authentication Service Platform and the core interface to biometric and knowledge based systems in our technology stack. It is a highly configurable, multi-tenanted platform that simplifies integration of biometric and knowledge based authentication.

MAP encapsulates all functionality needed to perform biometric operations in an enterprise environment such as:

• Biometric data storage and encryption

• User management

• Enrollment configuration management

• Authentication configuration management

• Administration and monitoring

All biometric data (audio, features, templates, logs) are stored in databases and are encrypted by a multi- level PKI infrastructure approach.

Users are stored by our anonymous claimant concept where only a unique hash-code is stored within MAP's database. All sensitive user information is decoupled from the biometric templates.

Enrollment and authentication configurations allow for easy setup and maintenance of different security requirements. Different thresholds, passphrases or languages can be configured and selected using a configuration identifier.

All events on the platform can be monitored and administrated via graphical tools or separate APIs, supporting different management permission levels.

All functionalities are exposed via Rest or SOAP based web-service APIs with full documentation available.

 Key Features

• Challenge-and-response webservice API and documentation, separate reporting API

• Biometric profiles and configurations

• User management and template encryption

• Graphical management interface

• On premise or cloud deployment

Key Benefits

• All biometric engines available in one common platform

• Separate decision policies for different use cases and business rules

• Anonymous user management and secure storage

MAP provides:

• Access to multiple authentication algorithms/SDKs in a uniform way

• Multiple prompting modes

• Data and anonymous user (claimant) management

• Both local and remote APIs

• Security

• Reporting

Additionally, MAP encapsulates all functionality needed to perform biometric operations in an enterprise environment such as:

• Biometric data storage and encryption

• User management

• Enrolment configuration management

• Authentication configuration management

• Administration and monitoring

Benefits of MAP

• Very short verification utterances (as short as 4 seconds) make verification duration extremely fast

• Adapted to work with major languages, with new languages continuously added. Training the system to include new language involves a simple process with minimal number of sample speakers

• Abstraction layer requires no understanding of the concepts related to voice biometrics. As easy as collecting an utterance and feeding/ passing it into the platform.

• Available to both hosted and on-premise models

• Internal handling of voice data storage, encryption, quality/consistency checks and speech verification

• Extended through multiple APIs – Web Services, HTTP Rest, MSMQ, TCP and direct integration with .net assembly in on-premise deployments

• Comprehensive API handling with voice biometric processing as well as consistent configuration management and reporting functionality

• Dedicated Web and PowerShell based interfaces for system management and reporting without the need to implement the system’s API

• Full management of claimant life cycle

• Excellent protection against reply attacks through complex keyword randomization technologies

• Full control over sets of keywords used for enrollment and structuring them into enrollment utterances

• Hierarchical systems with multiple enrollment profiles, which could include numerous verification configurations

• Full control over enrollment and verification processes through system configuration. Drastic changes on security parameters do not require any change in application using platform

• Role-based security system for remote access, allowing granular provisioning of user access to functionalities, profiles and configurations

• API level compatibility with text-independent voice verifier and additional third party verifiers through simple wrappers

Please ensure all prerequisites have been installed/configured.

Identity

MAP uses the concept of identity.

note

Identity is defined as a user who is enrolled into the platform and whose identity can be ascertained by the system utilizing voice biometrics, Posession-Based Authentication, Knowledge-Based Authentication, or Facial Recognition.

Identity is defined as a user who is enrolled into the platform and whose identity can be ascertained by the system utilizing voice biometrics, Posession-Based Authentication, Knowledge-Based Authentication, or Facial Recognition.

Privacy

MAP does not store any personally identifiable data about the claimant, thus it protects biometric information from being linked to the actual person.

Configuration

Enrollment Configuration

The core of the LumenVox platform is embodied within the enrollment and verification configurations.

The Enrollment Configuration contains the full instructions related to the enrollment processes.

By using Enrollment Configuration, information which aligns to business rules may be setup:

• Number of repeats required to enroll

• Number of keywords enrolled by each user

• Keywords available for enrollments

• Sequence and randomization rules for keywords

• Maximum length of enrollment process (some phrases can be rejected due to bad quality)

 

Enrollment Configuration also controls validation of quality of the audio provided for enrollment:

•  Acceptable noise level

•  Low level of speech

• Too loud speech (potential clipping)

• Consistence between repeats of the same utterance

•  Incomplete speech of audio samples due to improper recording.

 

Finally, Enrollment Configuration defines administration functionality:

• Permanent storage of extracted voice features

• Conditions for storage of audio files

• Enrollment Configuration status

note

A credential system protects the Enrollment Configuration with separate privileges for using, viewing, creating or changing operations. This allows complex Access Control rules, Data Privacy compliances to be met and full Role Based Access definitions.

A credential system protects the Enrollment Configuration with separate privileges for using, viewing, creating or changing operations. This allows complex Access Control rules, Data Privacy compliances to be met and full Role Based Access definitions.

Profile can be managed using web-service API, PowerShell scripts and directly through a graphical user web interface.

Verification Configuration

While the information contained in the user profile is used to enroll an Identity, the verification is performed based on Verification configuration. This allows for an identity to have multiple configurations for verification, which may be applied according to the service requested.

The different Verification configurations may represent a different strength of authentication or different authentication processes. For example, access to everyday information insensitive domains may be secure with a configuration “normal” and access to accounting based services may be protected with a configuration “extreme”. Selection of verification level (configuration) is within domain of external system and can be decided based on its own rules.

Verification Configuration defines following business rules:

•  Minimum number of keywords spoken at verification

•  Maximum number of phrases asked before verification is aborted

•  Consolidated confidence level required for successful verification

•  Consolidated confidence level resulting in verification failure

•  Additional confidence level used when verification reached maximum number of phrases

•  Optional user defined labels for different ranges of final scores