Abstract: Disclosed herein are embodiments of systems, methods, and products comprises an authentication server for caller ID verification. When a caller makes a phone call, the server receives the phone call and verifies whether the phone call is from a registered device associated with the phone number. The server queries the registered device to retrieve one or more current call states via an authentication function on the registered device. The server compares the states and/or state transitions to the observed states and/or state transitions of the phone call. If the registered device states and/or state transitions match the observed phone call states and/or state transitions, the server verifies that the phone call is from the registered device and not some imposter's device. If there is no such match, the server rejects the phone call before the call phone is connected or terminates the phone call after the phone call is connected.

Abstract: Systems and methods for call detail record (CDR) analysis to determine a risk score for a call and identify fraudulent activity and for fraud detection in Interactive Voice Response (IVR) systems. An example method may store information extracted from received calls. Queries of the stored information may be performed to select data using keys, wherein each key relates to one of the received calls, and wherein the queries are parallelized. The selected data may be transformed into feature vectors, wherein each feature vector relates to one of the received calls and includes a velocity feature and at least one of a behavior feature or a reputation feature. A risk score for the call may be generated during the call based on the feature vectors.

Abstract: Systems, methods, and computer-readable media for call classification and for training a model for call classification, an example method comprising: receiving DTMF information from a plurality of calls; determining, for each of the calls, a feature vector including statistics based on DTMF information such as DTMF residual signal comprising channel noise and additive noise; training a model for classification; comparing a new call feature vector to the model; predicting a device type and geographic location based on the comparison of the new call feature vector to the model; classifying the call as spoofed or genuine; and authenticating a call or altering an IVR call flow.

Abstract: Disclosed herein are embodiments of systems and methods for zero-knowledge multiparty secure sharing of voiceprints. In an embodiment, an illustrative computer may receive, through a remote server, a plurality of encrypted voiceprints. When the computer receives an incoming call, the computer may generate a plaintext i-vector of the incoming call. Using the plaintext i-vector and the encrypted voiceprints, the computer may generate one or more encrypted comparison models. The remote server may decrypt the encrypted comparison model to generate similarity scores between the plaintext i-vector and the plurality of encrypted voiceprints.

Abstract: Methods, systems, and apparatuses for audio event detection, where the determination of a type of sound data is made at the cluster level rather than at the frame level. The techniques provided are thus more robust to the local behavior of features of an audio signal or audio recording. The audio event detection is performed by using Gaussian mixture models (GMMs) to classify each cluster or by extracting an i-vector from each cluster. Each cluster may be classified based on an i-vector classification using a support vector machine or probabilistic linear discriminant analysis. The audio event detection significantly reduces potential smoothing error and avoids any dependency on accurate window-size tuning. Segmentation may be performed using a generalized likelihood ratio and a Bayesian information criterion, and the segments may be clustered using hierarchical agglomerative clustering. Audio frames may be clustered using K-means and GMMs.

Abstract: A system for generating channel-compensated features of a speech signal includes a channel noise simulator that degrades the speech signal, a feed forward convolutional neural network (CNN) that generates channel-compensated features of the degraded speech signal, and a loss function that computes a difference between the channel-compensated features and handcrafted features for the same raw speech signal. Each loss result may be used to update connection weights of the CNN until a predetermined threshold loss is satisfied, and the CNN may be used as a front-end for a deep neural network (DNN) for speaker recognition/verification. The DNN may include convolutional layers, a bottleneck features layer, multiple fully-connected layers and an output layer. The bottleneck features may be used to update connection weights of the convolutional layers, and dropout may be applied to the convolutional layers.

Abstract: The invention may verify calls to a telephone device by activating call forwarding to redirect calls for the telephone device to a prescribed destination; receiving a message from a server verifying the call; deactivating call forwarding to receive the call; and reactivating call forwarding when the call is concluded. In another embodiment, the invention may, in response to a telephone device initiating a call to a second telephone device installed with a particular application or software, transmit a message to a server causing it to instruct the second telephone device to deactivate call forwarding. In yet another embodiment, the invention may cause a server to receive a message from a prescribed location indicating that a call was received via call forwarding, and in response to the message, transmit an instruction to the intended recipient to deactivate the call forwarding if the call is verified as legitimate.

Abstract: A method of obtaining and automatically providing secure authentication information includes registering a client device over a data line, storing information and a changeable value for authentication in subsequent telephone-only transactions. In the subsequent transactions, a telephone call placed from the client device to an interactive voice response server is intercepted and modified to include dialing of a delay and at least a passcode, the passcode being based on the unique information and the changeable value, where the changeable value is updated for every call session. The interactive voice response server forwards the passcode and a client device identifier to an authentication function, which compares the received passcode to plural passcodes generated based on information and iterations of a value stored in correspondence with the client device identifier. Authentication is confirmed when a generated passcode matches the passcode from the client device.

Abstract: Aspects of the invention determining a threat score of a call traversing a telecommunications network by leveraging the signaling used to originate, propagate and terminate the call. Outer-edge data utilized to originate the call may be analyzed against historical, or third party real-time data to determine the propensity of calls originating from those facilities to be categorized as a threat. Storing the outer edge data before the call is sent over the communications network permits such data to be preserved and not subjected to manipulations during traversal of the communications network. This allows identification of threat attempts based on the outer edge data from origination facilities, thereby allowing isolation of a compromised network facility that may or may not be known to be compromised by its respective network owner.

Abstract: In an illustrative embodiment, a user device may block all the phone numbers used by an enterprise. When an enterprise wants to call the user, the enterprise may notify the user device through a separate secure channel that an enterprise phone number is in the process of making a phone call to the user device. The secure channel may include an authentication server that may request the user device to unblock the enterprise phone number. An incoming phone call from the enterprise phone number therefore can be trusted. After the phone call is terminated, the user device may again block the enterprise phone number. An attacker may not have access to the authentication server and a phone call from the attacker with a spoofed enterprise phone number (now blocked) may be dropped by the user device.

Abstract: An automated speaker verification (ASV) system incorporates a first deep neural network to extract deep acoustic features, such as deep CQCC features, from a received voice sample. The deep acoustic features are processed by a second deep neural network that classifies the deep acoustic features according to a determined likelihood of including a spoofing condition. A binary classifier then classifies the voice sample as being genuine or spoofed.

Abstract: Systems and methods for classification using an explicit feature map or an approximate feature map based on a relative locality measure. In at least one embodiment, a method of authenticating a user operates data points having feature vectors pertaining to user events comprises selecting an approximate feature map based on a subset of features in each data point and a relative locality measure of a cluster including a plurality of the data points; mapping, to a feature space, the subset of features in each data point and a new data point pertaining to a phone call of the user using the selected approximate feature map; determining a classification of the new data point based on its relative locality measure with respect to a cluster in the feature space; storing the classification of the new data point in a memory device; and authenticating the user during the phone call.

Abstract: Utterances of at least two speakers in a speech signal may be distinguished and the associated speaker identified by use of diarization together with automatic speech recognition of identifying words and phrases commonly in the speech signal. The diarization process clusters turns of the conversation while recognized special form phrases and entity names identify the speakers. A trained probabilistic model deduces which entity name(s) correspond to the clusters.

Abstract: A score indicating a likelihood that a first subject is the same as a second subject may be calibrated to compensate for aging of the first subject between samples of age-sensitive biometric characteristics. Age of the first subject obtained at a first sample time and age of the second subject obtained at a second sample time may be averaged, and an age approximation may be generated based on at least the age average and an interval between the first and second samples. The age approximation, the interval between the first and second sample times, and an obtained gender of the subject are used to calibrate the likelihood score.

Abstract: Methods and systems for detecting new calls from an existing spam or robocaller and aggregating calls that originate from the same infrastructure using a telephony honeypot are disclosed. An example method may receive a telephone call to a telephony honeypot and store metadata and a call audio recording associated with the telephone call. A transcript may be created of the call audio recording. Audio features may be extracted from the call audio recording. The transcript may be compared to other previously-received transcripts in order to determine a similarity between the call and previously-received calls. Audio features and metadata may also be compared to determine whether the call is similar to other previously-received calls. If a call is similar, the call may be identified with the same spam campaign or robocaller as the similar, previously-received call.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprises an authentication server for authentication leveraging multiple audio channels. The server receives an authentication request regarding a user upon the user interacting with a first electronic device. The server requests the first device to transmit a first audio file of an audio sample to the server. The audio sample may be the user's audio command or a machine-generated audio signal. The server requests a second electronic device to transmit a second audio file that is the recording of the same audio sample to the server. The second electronic device is a trusted device in proximity of the first device and executes an authentication function to enable the recording and transmitting of the audio sample. The server determines a similarity score between the first audio file and the second audio file and authenticates the user based on the similarity score.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprises an authentication server for authentication leveraging multiple audio channels. The server receives an authentication request regarding a user upon the user interacting with a first electronic device. The server requests the first device to transmit a first audio file of an audio sample to the server. The audio sample may be the user's audio command or a machine-generated audio signal. The server requests a second electronic device to transmit a second audio file that is the recording of the same audio sample to the server. The second electronic device is a trusted device in proximity of the first device and executes an authentication function to enable the recording and transmitting of the audio sample. The server determines a similarity score between the first audio file and the second audio file and authenticates the user based on the similarity score.

Abstract: In a speaker recognition apparatus, audio features are extracted from a received recognition speech signal, and first order Gaussian mixture model (GMM) statistics are generated therefrom based on a universal background model that includes a plurality of speaker models. The first order GMM statistics are normalized with regard to a duration of the received speech signal. The deep neural network reduces a dimensionality of the normalized first order GMM statistics, and outputs a voiceprint corresponding to the recognition speech signal.

Abstract: Aspects of the invention determining a threat score of a call traversing a telecommunications network by leveraging the signaling used to originate, propagate and terminate the call. Outer-edge data utilized to originate the call may be analyzed against historical, or third party real-time data to determine the propensity of calls originating from those facilities to be categorized as a threat. Storing the outer edge data before the call is sent over the communications network permits such data to be preserved and not subjected to manipulations during traversal of the communications network. This allows identification of threat attempts based on the outer edge data from origination facilities, thereby allowing isolation of a compromised network facility that may or may not be known to be compromised by its respective network owner.

Abstract: In an illustrative embodiment, a user device may block all the phone numbers used by an enterprise. When an enterprise wants to call the user, the enterprise may notify the user device through a separate secure channel that an enterprise phone number is in the process of making a phone call to the user device. The secure channel may include an authentication server that may request the user device to unblock the enterprise phone number. An incoming phone call from the enterprise phone number therefore can be trusted. After the phone call is terminated, the user device may again block the enterprise phone number. An attacker may not have access to the authentication server and a phone call from the attacker with a spoofed enterprise phone number (now blocked) may be dropped by the user device.