customer care solutions

customer
care
solutions
from Nuance
enterprise white paper ::
Nuance VocalPassword™
Security Overview
Version 7.0
NUANCE :: customer care solutions
Contents
About this Document.......................................................................................3
Nuance VocalPassword™ Security Overview.................................................3
Architecture & System Components...............................................................3
System Components........................................................................................................................4
Product infrastructure......................................................................................................................6
Authentication..................................................................................................7
Web Server Access..........................................................................................................................7
Database Access..............................................................................................................................7
LDAP Server Access.........................................................................................................................7
File System Access..........................................................................................................................7
Authorization....................................................................................................7
System Authorization.......................................................................................................................7
Audit..................................................................................................................8
Audit levels......................................................................................................................................8
Audit Protection...............................................................................................................................9
Audited operations and entities.......................................................................................................9
Log viewer.....................................................................................................................................10
Administration................................................................................................10
Web based administration applications.........................................................................................10
The Web-based Security Console Application Data Security.........................................................11
VPMCLI...........................................................................................................................................13
SNMP.............................................................................................................................................14
Data Security
Data manipulation..........................................................................................................................14
Data Integrity & Encryption............................................................................................................14
Custom Encryption Plug-in............................................................................................................14
Multi-tenancy.................................................................................................................................14
Network Security............................................................................................15
Interface protection........................................................................................................................15
Inter-Process Communication security..........................................................................................15
Voice Biometrics Application Security..........................................................15
Mitigating recording threats..........................................................................................................15
About Nuance.................................................................................................16
2
About this Document
Nuance VocalPassword™ is an advanced biometric speaker verification system that verifies a speaker’s
identity based on voice samples acquired during interaction with voice, Web, or mobile applications.
VocalPassword 7.0 delivers state of the art accuracy as well as exceptional ease of integration and deployment,
enabling customers to utilize the biometric power of voice to protect personal self-service applications and
provide secure, efficient, and convenient access to contact centers and remote applications.
This document provides an overview of VocalPassword product security. As an authentication product,
VocalPassword implements a wide range of security measures to protect its resources against diversified
threats. This document is intended for sales engineers and for IT security personnel who evaluate the use
VocalPassword in their protected IT environments.
Nuance VocalPassword™ Security Overview
Nuance VocalPassword is a voice biometrics system which is implemented in security-sensitive environments.
As such, it must adhere to strict security requirements and comply with privacy and additional industryspecific regulations. VocalPassword is protected at both the application level and the infrastructure level
using the standard “Four A’s” of enterprise security: Administration, Authentication, Authorization, and Audit.
VocalPassword’s security design is based on the Common Criteria Protection Profile for biometric speaker
verification systems and has successfully passed third-party security audits and penetration attacks performed
by customers.
VocalPassword supports integrated Windows security and role based authorization (RBA). Together with the
security mechanisms provided by the system infrastructure, the system can be configured to meet the security
requirement of financial services, government agencies, healthcare service providers and other securitysensitive organizations.
The following diagram provides an overview of VocalPassword security architecture and mechanisms.
Integrated Windows Security
Web Service
SSL
Buffer Overflow &
SQL Injection
Check
Voice Platform
IIS
File
System
NTFS
Admin
Apps
Authentication, Authorization,
Audit
LDAP
VocalPasswordTM
Processing Server
Active Directory/
ADAM
Hashed Audio File Names
LDAP
VocalPasswordTM
DB
Full System
Audit
Authorization
Manager
Oracle / SQL Server / Sybase / DB2
Role-Based Authorization
3
NUANCE :: customer care solutions
Architecture & System Components
VocalPassword includes a set of applications, services and tools that work together in order to provide voice
biometrics services.
System Components
VocalPassword system is comprised of two main logical components – the Processing Server and the Data
Repository Server. These components can reside on a single machine or distributed among multiple machines.
A system can be comprised of multiple instances of each component.
Processing Server
The Processing Server is the main processing component of the VocalPassword system. Multiple Processing
Servers can optionally be used in a redundancy scheme for high availability purposes, or in a load balancing
scheme for scalability. The Processing Servers run the VocalPassword application that provides the following
functions:
• Service control – The Processing Server exposes a set of Web Services (SOAP/HTTP) which are used by
calling applications as well as by the system’s administration tools and Web-based GUI Applications.
• Algorithmic processing – This is the core biometric functionality of VocalPassword.
Each Processing Server includes two web applications that run under Microsoft IIS:
• VocalPassword Web Services – Provides a set of API methods accessed through SOAP and HTTP.
• VocalPassword Web Applications – These web applications are used by Administrators, IT managers,
Security Officers and helpdesk agents.
In addition, the VocalPassword system includes a set of utilities/desktop administration applications. These are
typically installed with each Processing Server.
Data Repository Server
The Data Repository Server is the logical name of the component which is responsible for handling and storing
persistent data. Each data repository server contains the following components:
• SQL Database – The Database is used to store audit information, log messages and other information used
for reports. VocalPassword supports most of the leading Databases.
• LDAP Directory – LDAP directory is used to securely store sensitive persistent data related to speakers,
groups, voiceprints, and configurations. VocalPassword supports multiple LDAP directories.
• Audio Files folder – A shared folder used for storing audio files.
• Persistent Data Replicator (PDR) – Nuance’s replication service, responsible for duplicating database records
and audio files between two data repository servers (Optional).
• Logger Service – This service queues log messages and saves them in the background to the database.
A VocalPassword system must include at least one Data Repository Server. Two Data Repository Servers can be
used in an active-active configuration for redundancy.
4
The following diagram outlines VocalPassword components and architecture.
VocalPassword Web Applications
VocalPassword
Native Web
Service APIs
Technical Management
Platform Admin
Voiceprint Helpdesk
Security Console
Processing Server (N+1)
Tools and Services
IIS
Processing Server
(VocalPassword
Application Pool)
Logger Service
VocalPassword
Web Applications
VXML Gateway
Custom Encryption
Hooks
Algorithmic Engines
Algorithmic Engines
Text Dependent
Algorithmic Engines
Text Prompted
SNMP Agent
Authorization
Manager
Algorithmic Engines
Text Independent
Bit (Quick Test)
Calibration
Wizard
Utterance
Validation
Liveness
Detection
Playback
Detection
ASR
(Optional)
Management
Command Line
Interface (MCLI)
Data Repository Server (1+1)
Hashed Audio
Files
File system
User
Tools and Services
Group
Database
LDAP Directory
Audit, Reports,Logs
(Oracle, SQL Server, DB2
MySQL, Sybase,Informix)
Voiceprint, Speakers
Configuration, Roles, Scopes
(Microsoft, AD, IBM Tivoli TDS)
PDR - Nuance
Data Replicator
DB/Audio Sync
Logger Service
SNMP Agent
5
NUANCE :: customer care solutions
Product infrastructure
Operation System
VocalPassword is based on .NET framework 4.0 and as such it can run only on Windows machines.
Currently the product supports the following OS:
• Windows XP
• Windows 2003 Server
• Windows 2008 Server
• Windows7
Database
A Database is used to store audit information and log messages. The database may be installed on the
same machine as the Data Repository or on a remote machine. VocalPassword utilizes common ADO.NET
infrastructure to access the database.
VocalPassword supports the following databases:
• Microsoft SQL Server 2005
• Microsoft SQL server 2000
• Oracle 10g with RAC support
• Oracle 11g with RAC support
• DB2
• MySQL 5.5
• SQL Express
LDAP Directory
LDAP is an application protocol for reading and editing directories over an IP network. The LDAP Directory is
used to securely store the application’s persistent data entities such as speakers, voiceprints, and configuration.
The supported LDAP Directories are:
• ADAM – Active Directory Application Mode - This lightweight version of Microsoft Active Directory runs as
a service on the data repository server - this is the default directory for installations on Windows XP and
Win2003 Server operating systems.
• AD LDS – Active Directory Lightweight Directory Services - This lightweight version of Microsoft Active
Directory runs as a service on the data repository server - this is the default directory for installations on
Windows 7 and Win2008 Server operating systems.
• Active Directory – Microsoft’s Directory Services product - The domain’s active directory can be used as
the LDAP directory. When used, an extension of the Active Directory Schema is required in order to support
VocalPassword entities.
• TDS – IBM Tivoli Directory Server.
Web Server
VocalPassword system uses IIS (Internet Information Services) as its web server and is based on the IIS ASP.
NET 4.0 extension. VocalPassword 7.x offers an enhanced, open, and flexible Web service APIs, ensuring
smooth, platform-independent integration using any programming environment. In addition, the VocalPassword
6
Web Applications enables easy access to tools and information needed for successful deployment.
VocalPassword utilizes IIS web server security mechanisms (i.e. application session timeout, limiting access to
specific IPs etc. are supported).
Authentication
Web Server Access
VocalPassword authenticates users based on Windows Integrated Security. This ensures that system policies
regarding passwords are handled according to the local domain policies (enforced by the Domain Controller).
VocalPassword does not store passwords in its database or in any other application’s data store. Users
accessing the system, whether by programmatically calling the system’s web service API, by using one of
the administration applications, or by accessing a web page, are authenticated by the IIS using the Domain
Controller. By setting a designated configuration parameter, the system can ensure exclusive log-in to the web
applications.
Note: Authentication policies supported by Microsoft IIS, such as certificates and passports are also supported
by VocalPassword. The VocalPassword Web Applications can be configured to enable Single Sign On which
eliminates the need to re-enter user-name and password when accessing the application.
Database Access
Credentials to the system’s database are provided as part of the connection string used by VocalPassword.
By default, VocalPassword uses Windows integrated security as the database authentication method. This
means that the application’s identity is used when accessing the database. Another alternative is to specify a
username and a password in the connection string. When this is done, this identity is used by all components
accessing the database and must be managed manually. When this option is used, the password is saved
encrypted in the system’s configuration file.
LDAP Server Access
The applications access the LDAP Server using Windows Integrated Security. Note that the applications identity
is used when accessing the LDAP Server.
File System Access
File system access is controlled by the operating system. Every access to the file system by the VocalPassword
application will be performed under the credentials of the application user.
Authorization
System Authorization
Role-based Authorization (RBA)
VocalPassword utilizes Microsoft Authorization Manager (AZMAN) for managing roles and operations. AZMAN
is general-purpose role-based security architecture for Windows. Using roles, the operating system determines
whether a process or a user is privileged to perform an operation.
7
NUANCE :: customer care solutions
Roles are defined in the Authorization Store of VocalPassword’s LDAP Directory. Each role can be granted
permission to perform operations (a basic activity unit that the system performs). Every API method has a
corresponding operation. Windows users and groups can be assigned a role, and be authorized to perform
operations according to the role’s definition. The system is installed with the following predefined roles. These
roles can be customized and additional roles can be defined.
• ClientApplication
• HelpDesk
• PlatformAdmin
• MainScope
• Security
Every access to the Database, the LDAP Server, or the file system by the VocalPassword application is
performed using the credentials of the application user. Once the application validated that the network user
is permitted to perform a certain operation, the application user serves as a delegate for the network user.
This means that in order to allow an application user to perform an operation that will delete a file from the file
system for example, it is not required to add write privileges to the network user.
Audit
VocalPassword Audit is composed of the following elements:
• Every API method is logged in the system’s database.
• Other standard system infrastructure components (such as the OS, IIS, DB) have their own auditing tools and
capabilities that needs to be enabled.
• Audio files used for Enrollment/Verification may be saved for Audit purposes.
Audit levels
VocalPassword allows the system administrator to control the level of audit info detail that will be saved by the
system. There are three audit levels:
• Alg Debug – Specifies whether to audit detailed algorithmic outputs (mainly used for algorithmic
troubleshooting).
• Operational – Specifies whether to save operation level audit information (such as Enroll/Verify/Identify/
Fraudsters detection etc.). There are three options of saving operational level audit information:
– Always – the system saves all audit information.
– Conditional – the system saves audit information only for delete operations and in case of an
error in other operations.
– Never – the system does not save operational-level audit information.
• System - Specifies whether to save system level audit information. There are three options of saving system
level audit information:
– Always – the system saves all system level audit information.
– Conditional – the system saves audit information only for system level write operations and in
case of an error in read operations.
– Never - the system does not save system-level audit information.
8
In addition, a configuration parameter named “log level” enables selecting the desired log level, enabling the
system to keep different levels of log messages for different applications, services or scopes.
Audit Protection
VocalPassword audit information is stored securely in the system’s database. Besides the system specific
audit trail, VocalPassword system infrastructure (IIS, LDAP Directory, Database) logs are protected in diversified
(standard) ways.
Audited operations and entities
Auditing Audio Files
VocalPassword support auditing audio files used in the system using two configuration parameters:
• SaveEnrollAudio - Specifies whether to save enrollment audio.
– Always – Enrollment audio is always saved
– UntilTrained – Enrollment audio is saved temporarily and deleted as soon as the voiceprint is
trained.
– Never – Enrollment audio is never saved.
• SaveOperationalAudio – Specifies whether to save operational audio (the audio associated with Verify,
Identify, and Fraudsters Detection operations).
LDAP Server Audit
LDAP Server supports audit capabilities and enables flexible audit configuration. For more information turn to
http://technet.microsoft.com/en-us/library/cc779161(WS.10).aspx
API Audit
Every call to an API method is logged in the system’s database. The API record includes the following details:
• Request ID – A 64bit unique identifier assigned to each API call. This ID is unique across all the system’s
servers and can be used to reference other details stored in the database about the request such as
verification score, or failure details.
• Method Name – The API method name.
• Input Parameters – The values of the API method parameters.
• Finish Status – An error or success code.
• Timestamp – The exact time of the request execution.
• Server name – The name of the processing server that handled the request.
• Client ID – The IP address of the client.
• User name – The windows username of the client.
• Data repository server name – The name of the data repository server on which the data was originally
stored.
• Session ID – A token which is received from the StartSession command that launched the current session.
• Scope – The scope which is the context of the current API operation.
9
NUANCE :: customer care solutions
Log viewer
VocalPassword saves log messages in the database based on the LogLevel parameter in the system
configuration. Log messages can be accessed using the Log Viewer which enables online or offline viewing of
an application’s log messages. The Log Viewer is available as a Windows application or as a web page in the
Technical management application.
Use the Log functionality to troubleshoot the system or analyze past system activity. The log section is divided
into two views:
• History Log View which enables auditing past system activities. Log information retrieval can be controlled by
dates and log level. Once retrieved, log information can be saved, sorted, filtered or saved to a file.
• Online Log View which is used to monitor system activities in real time. The Online Log View displays
system-wide log messages as they are recorded in the VocalPassword data base, enabling isolating faults
and communicating them with the vendor. Log messages can be saved to a file.
Administration
Web based administration applications
VocalPassword provides a set of web-based administration applications allowing management of all system
aspects. The following applications are provided out-of-the-box:
Technical Management
Platform Admin
Voiceprint Helpdesk
Security Console
VocalPassword Technical
Management Application
enables technical
personnel, who are in
charge of the systems’
health, to monitor
VocalPassword system’s
component status, audit
system-wide logs, schedule
administrative tasks such
as audio purging, upload
and view system licenses,
and more.
VocalPassword Platform
Admin is a web based
Application that provides a
variety of tools for properly
setting up the system and
its biometric functionality as
well as managing speakers,
voiceprints and groups.
Use this application to
configure VocalPassword,
perform queries and
reports, and monitor the
system usage.
VocalPassword Voiceprint
Helpdesk provides a set
of tools enabling auditing
and reviewing a speaker’s
interactions with the
system. Use the Helpdesk
functions to audit
verification results and
decisions, edit speaker
information, delete a
speaker, edit a voiceprint
and more.
The VocalPassword Security
Console Application enables
security personnel to audit
VocalPassword operation
and analyze specific
verification and identification
processes. The application
provides tools for managing
fraudsters voiceprints and
groups. In addition, the
security console collects
and presents diversified
security alerts.
Access to these applications is controlled by Windows Integrated Security and VocalPassword’s role based
authorization.
10
The Web-based Security Console Application
The VocalPassword Security Console Application enables security personnel to audit VocalPassword operation
and analyze specific verification and identification processes. The application provides tools for managing
voiceprints as well as all aspects of user authorization. The Security Console Application is divided into four
functionalities: Authorization Manager, Voiceprint Helpdesk, Configuration, Log. The following screenshot
presents these functionality.
1. Authorization Manager Functionality – allows managing all aspects of User Authorization. Using roles,
the system can make determinations, such as whether a process is privileged to perform an action.
VocalPassword utilizes Microsoft’s Authorization Manager Infrastructure to manage user authorization in the
system. Authorization Manager functionality is divided into three sections:
a. Scope management – used adding scopes (tenancies) in a multi-tenant system
b. User management – used for assigning roles to users and groups
c. Role management – used for defining, creating and customizing roles
The following screenshots depict the User Management page and the role customization functionality of the
Security Console.
11
NUANCE :: customer care solutions
2. Voiceprint Helpdesk functionality – provides a
set of tools enabling auditing and reviewing a
speaker’s interactions with the system, editing
voiceprint audio and adapting voiceprints with
audio used for verification. Voiceprint Helpdesk is
divided into two section:
a. Audit Speaker Interactions – used
for reviewing a specific speaker’s
interactions with the system.
Information available includes session
info as well as information regarding
each and every operation within the
session (i.e. Enrolment, Verification
etc.). Verification statistics and scores
are displayed including decision
reasons and extended scoring
information. Speaker audit information
can be filtered, sorted and grouped
for better analysis. Audit information
also includes the speaker’s audio. This
audio can be played back and / or downloaded assuming the system audit configuration is set to
store it and the proper security privileges are set.
b. Review Voiceprint – enables reviewing of a speaker’s voiceprint/s. Use this page to listen to audio
used for enrollment, and edit it if necessary, removing unrelated or faulty audio. The Edit Voiceprint
page enables removing and adding audio segments from / to a speaker’s voiceprint and adapting
12
it with verification audio segments if available. Use the Edit Voiceprint page to fix problematic
voiceprints that deliver high false rejection rate as well as to enhance the quality of existing
voiceprints via manual adaptation.
3. Configuration Functionality - enables the system administrator to control and manipulate the system
configuration and operation. VocalPassword system supports multiple concurrent configurations that are
used to control the system’s diversified functionality and multi-engine infrastructure. Use the configuration
functionality to comply with diversified requirements (i.e. Security, Audit), optimize the system performance,
and adjust its functionality to accommodate for a specific call / verification flow. Configuration is divided into
two sections:
a. Edit Configuration Sets – enables creating, editing, uploading, downloading, and comparing
Configuration Sets. A Configuration Set is a set of parameters and their corresponding values
that controls the operation of VocalPassword in a specific context which can be an application or
a specific operation. Configuration Sets inherit parameters’ values from the system’s “Default”
configuration set and enable the user to overwrite specific ones as necessary.
b. Configuration Audit – used to track all of the system’s configuration changes. Use this page to
review configuration changes and filter them by dates, parameter category, and more. Information
retrieved includes parameters values, timestamp, change initiator, IP and host name. Configuration
Audit page can be used by the system administrator as well as by Nuance support to isolate
system problems caused by configuration errors.
VPMCLI
VocalPassword includes a command line utility that enables administrator to perform various administration
tasks such as: retraining voiceprints or deleting history records from the database. A system administrator
using the VPMCLI must have the proper credentials and authorization to use the various functionality provided
by this utility.
13
NUANCE :: customer care solutions
SNMP
VocalPassword’s SNMP agent receives SNMP requests and sends SNMP traps to standard network monitoring
consoles complying with SNMPv2 standard. Each Processing Server has an SNMP agent service that
handles SNMP Get/Set requests and sends SNMP traps when important system events occur. VocalPassword
monitoring can be easily added to standard SNMP-based consoles.
Data Security
Data manipulation
VocalPassword checks every input against data manipulations such as: SQL injection, LDAP injection, Buffer
overflow and Cross-Site Scripting (XSS).
Data Integrity & Encryption
Voiceprints are stored in a proprietary format in the system’s LDAP directory and cannot be reverse
engineered. Voiceprints are signed with the speaker ID and the customer ID (system ID) which is a unique
key assigned to each installation. This signing protects the system voiceprints from being manipulated by
authorized users. Voiceprints cannot be used outside the specific system as well as in other VocalPassword
systems.
Customer related information (Speaker IDs, Group IDs), is encrypted by VocalPassword by default using 128
bit encryption mechanism (Rijndel). Customer-specific encryption mechanisms are supported.
Audio Files stored in the files system can be encrypted using standard OS encryption mechanisms. The
names of the saved audio files are hashed so that they cannot be associated directly with a specific speaker.
LDAP Directory store – The LDAP Directory stores used by VocalPassword (Provided by Microsoft/IBM) is
encrypted by default using proprietary encryption mechanisms.
Database – The databases used by VocalPassword can be configured to encrypt stored information.
Custom Encryption Plug-in
Nuance supplies a built in encryption mechanism which uses Rijndael symmetric encryption (AES) – 128bit.
In case the customer wishes to control the system’s encryption method, he may do so through the encryption
plug-in. The encryption plug-in enables customized encryption, giving the customer full control over the
encryption algorithm and key. A configuration parameter which points to the encryption software must be set to
enable custom encryption.
Multi-tenancy
Multi-Tenancy enables logical partitioning of the entire system in an effortless manner through the use of
scopes. This allows a clear cut separation of the system’s data, configuration, audit, roles, etc. within an
organization, enabling a single enterprise to use VocalPassword for multiple/distinct applications in different
business units. Multi-Tenancy is ideal for a hosted solution, enabling a service provider to offer VocalPassword
as a service to multiple enterprises. The benefits are both from a practical aspect and from a security aspect.
14
Regardless of what system tool is used or what API method is called, everything is performed in the context of
a specific scope. Scopes are assigned to users by the system security administrator. Each session is associated
with a certain scope, the configuration set specified when calling an API method is used to determine the
desired scope.
Network Security
Interface protection
VocalPassword web service interface acess is controlled using IIS6 or IIS7 security supporting SSL encryption.
All authentication schemes are supported: Integrated, Basic, Digest, and Certificates.
Inter-Process Communication security
VocalPassword processes
The different components which compose the VocalPassword system communicate with each other over TCP
using WCF (Windows Communication Foundation. Windows Communication Foundation is the technology
used for inter process communication between different components of VocalPassword. More information
regarding WCF can be found at http://msdn.microsoft.com/en-us/netframework/aa663324. All ports used for
inter-process communication are configurable. This allows System Administrators to specify which ports will
be used in their specific site. The component used for inter-process communications is NET.TCP. This standard
component secure TCP communications in various ways.
Processing Server – LDAP Directory communication security
VocalPassword communicates with the LDAP directory via a .Net component (Microsoft Directory Entry) which
is part of Microsoft Directory Services which is part of .Net Framework. The component supports LDAPS for
secure LDAP communication.
Processing Server – SQL Database communication security
VocalPassword communicates with the SQL Server using database-specific ADO.Net provider. The provider
communication security is proprietary and database-specific.
Voice Biometrics Application Security
Mitigating recording threats
Recording threats are the threat of fraudsters using voice recordings of legitimate speakers. Following are three
methods in which VocalPassword enables diminishing these threats:
• Liveness detection (Intra-session voice variation) – This unique and patented method significantly reduces
recording threats. Following text-dependent verification, this method uses text-independent voice biometrics
technology to compare the voice sample captured during the text-dependent verification process, with an
additional sample captured by prompting the speaker to repeat a random or semi-random sentence. By
combining the obtained biometric scores and validating that the speaker indeed repeated the requested
utterance (using VocalPassword’s Utterance Validation engine or ASR), a liveness detection score is
extracted.
15
NUANCE :: customer care solutions
• Prompted passwords verification – Prompted verification requires the user to repeat a random phrase that is
a subset of speech atoms (digits/words) trained during enrollment. Prompted verification provides protection
against interception and playback attacks, as each session uses a different subset of the trained speech
atoms.
• Playback detection – VocalPassword’s patented playback detection algorithm runs as part of the verification
process and identifies audio segments that unnaturally match audio segments that were previously used for
verification/enrollment.
About Nuance Communications, Inc.
Nuance is a leading provider of speech and imaging solutions for businesses and consumers around the world.
Its technologies, applications and services make the user experience more compelling by transforming the way
people interact with information and how they create, share and use documents. Every day, millions of users
and thousands of businesses experience Nuance’s proven applications and professional services. For more
information, please visit: www.nuance.com.
©2011 Nuance Communications, Inc. All rights reserved. Nuance, the Nuance logo, The experience speaks for itself, SpeakFreely, and VocalPassword are trademarks and/or
registered trademarks of Nuance Communications, Inc., and/or its subsidiaries in the United States and/or other countries. All other trademarks are the properties of their
respective owners. WP 041511 NUCC1061
NUANCE COMMUNICATIONS, INC.
one wayside road
burlington ma 01803
781 565 5000
nuance.com