Abstract: Embodiments include a computing device that executes software routines and/or one or more machine-learning architectures providing improved omni-channel authentication solutions. Embodiments include one or more computing devices that provide an authentication interface by which various communication channels may deposit contact or session data received via a first-channel session into a non-transitory storage medium of an authentication database for another channel to obtain and employ (e.g., verify users). This allows the customer to access an online data channel and enter the contact center through a telephony communication channel, but further allows the enterprise contact center systems to passively maintain access to various types of information about the user's identity captured from each contact channel, allowing the call center to request or capture authenticating information (e.g.

Abstract: Disclosed are systems and methods including computing-processes, which may include layers of machine-learning architectures, for assessing risk for calls directed to call center systems using carrier signaling metadata. A computer evaluates carrier signaling metadata to perform various new risk-scoring techniques to determine riskiness of calls and authenticate calls. When determining a risk score for an incoming call is received at a call center system, the computer may obtain certain metadata values from inbound metadata, prior call metadata, or from third-party telecommunications services and executes processes for determining the risk score for the call. The risk score operations include several scoring components, including appliance print scoring, carrier detection scoring, ANI location detection scoring, location similarity scoring, and JIP-ANI location similarity scoring, among others.

Abstract: Embodiments described herein provide for a voice biometrics system execute machine-learning architectures capable of passive, active, continuous, or static operations, or a combination thereof. Systems passively and/or continuously, in some cases in addition to actively and/or statically, enrolling speakers. The system may dynamically generate and update profiles corresponding to end-users who contact a call center. The system may determine a level of enrollment for the enrollee profiles that limits the types of functions that the user may access. The system may update the profiles as new contact events are received or based on certain temporal triggering conditions.

Abstract: A method of obtaining and automatically providing secure authentication information includes registering a client device over a data line, storing information and a changeable value for authentication in subsequent telephone-only transactions. In the subsequent transactions, a telephone call placed from the client device to an interactive voice response server is intercepted and modified to include dialing of a delay and at least a passcode, the passcode being based on the unique information and the changeable value, where the changeable value is updated for every call session. The interactive voice response server forwards the passcode and a client device identifier to an authentication function, which compares the received passcode to plural passcodes generated based on information and iterations of a value stored in correspondence with the client device identifier. Authentication is confirmed when a generated passcode matches the passcode from the client device.

Abstract: A method of obtaining and automatically providing secure authentication information includes registering a client device over a data line, storing information and a changeable value for authentication in subsequent telephone-only transactions. In the subsequent transactions, a telephone call placed from the client device to an interactive voice response server is intercepted and modified to include dialing of a delay and at least a passcode, the passcode being based on the unique information and the changeable value, where the changeable value is updated for every call session. The interactive voice response server forwards the passcode and a client device identifier to an authentication function, which compares the received passcode to plural passcodes generated based on information and iterations of a value stored in correspondence with the client device identifier. Authentication is confirmed when a generated passcode matches the passcode from the client device.

Abstract: Disclosed are systems and methods including computing-processes executing machine-learning architectures extract vectors representing disparate types of data and output predicted identities of users accessing computing services, without express identity assertions, and across multiple computing services, analyzing data from multiple modalities, for various user devices, and agnostic to architectures hosting the disparate computing service. The system invokes the identification operations of the machine-learning architecture, which extracts biometric embeddings from biometric data and context embeddings representing all or most of the types of metadata features analyzed by the system. The context embeddings help identify a subset of potentially matching identities of possible users, which limits the number of biometric-prints the system compares against an inbound biometric embedding for authentication.

Abstract: Disclosed are systems and methods including computing-processes executing machine-learning architectures extract vectors representing disparate types of data and output predicted identities of users accessing computing services, without express identity assertions, and across multiple computing services, analyzing data from multiple modalities, for various user devices, and agnostic to architectures hosting the disparate computing service. The system invokes the identification operations of the machine-learning architecture, which extracts biometric embeddings from biometric data and context embeddings representing all or most of the types of metadata features analyzed by the system. The context embeddings help identify a subset of potentially matching identities of possible users, which limits the number of biometric-prints the system compares against an inbound biometric embedding for authentication.

Abstract: Embodiments described herein provide for a voice biometrics system execute machine-learning architectures capable of passive, active, continuous, or static operations, or a combination thereof. Systems passively and/or continuously, in some cases in addition to actively and/or statically, enrolling speakers. The system may dynamically generate and update profiles corresponding to end-users who contact a call center. The system may determine a level of enrollment for the enrollee profiles that limits the types of functions that the user may access. The system may update the profiles as new contact events are received or based on certain temporal triggering conditions.

Abstract: Embodiments described herein provide for a voice biometrics system execute machine-learning architectures capable of passive, active, continuous, or static operations, or a combination thereof. Systems passively and/or continuously, in some cases in addition to actively and/or statically, enrolling speakers. The system may dynamically generate and update profiles corresponding to end-users who contact a call center. The system may determine a level of enrollment for the enrollee profiles that limits the types of functions that the user may access. The system may update the profiles as new contact events are received or based on certain temporal triggering conditions.

Abstract: Embodiments described herein provide for a voice biometrics system execute machine-learning architectures capable of passive, active, continuous, or static operations, or a combination thereof. Systems passively and/or continuously, in some cases in addition to actively and/or statically, enrolling speakers. The system may dynamically generate and update profiles corresponding to end-users who contact a call center. The system may determine a level of enrollment for the enrollee profiles that limits the types of functions that the user may access. The system may update the profiles as new contact events are received or based on certain temporal triggering conditions.

Abstract: In an illustrative embodiment, a user device may block all the phone numbers used by an enterprise. When an enterprise wants to call the user, the enterprise may notify the user device through a separate secure channel that an enterprise phone number is in the process of making a phone call to the user device. The secure channel may include an authentication server that may request the user device to unblock the enterprise phone number. An incoming phone call from the enterprise phone number therefore can be trusted. After the phone call is terminated, the user device may again block the enterprise phone number. An attacker may not have access to the authentication server and a phone call from the attacker with a spoofed enterprise phone number (now blocked) may be dropped by the user device.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprises an authentication server for caller ID verification. When a caller makes a phone call, the server receives the phone call and verifies whether the phone call is from a registered device associated with the phone number. The server queries the registered device to retrieve one or more current call states via an authentication function on the registered device. The server compares the states and/or state transitions to the observed states and/or state transitions of the phone call. If the registered device states and/or state transitions match the observed phone call states and/or state transitions, the server verifies that the phone call is from the registered device and not some imposter's device. If there is no such match, the server rejects the phone call before the call phone is connected or terminates the phone call after the phone call is connected.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprises an authentication server for caller ID verification. When a caller makes a phone call, the server receives the phone call and verifies whether the phone call is from a registered device associated with the phone number. The server queries the registered device to retrieve one or more current call states via an authentication function on the registered device. The server compares the states and/or state transitions to the observed states and/or state transitions of the phone call. If the registered device states and/or state transitions match the observed phone call states and/or state transitions, the server verifies that the phone call is from the registered device and not some imposter's device. If there is no such match, the server rejects the phone call before the call phone is connected or terminates the phone call after the phone call is connected.

Abstract: Disclosed herein are embodiments of systems and methods for zero-knowledge multiparty secure sharing of voiceprints. In an embodiment, an illustrative computer may receive, through a remote server, a plurality of encrypted voiceprints. When the computer receives an incoming call, the computer may generate a plaintext i-vector of the incoming call. Using the plaintext i-vector and the encrypted voiceprints, the computer may generate one or more encrypted comparison models. The remote server may decrypt the encrypted comparison model to generate similarity scores between the plaintext i-vector and the plurality of encrypted voiceprints.

Abstract: Embodiments described herein provide for automatically authenticating telephone calls to an enterprise call center. The system disclosed herein builds on the trust of a data channel for the telephony channel. Certain types of authentication information can be received through the telephony channel, as well. But the mobile application associated with the call center system may provide additional or alternative forms of data through the data channel. The system may send requests to a mobile application of a device to provide information that can reliably be assumed to be coming from that particular device, such as a state of the device and/or a user's response to push notifications. In some cases, the authentication processes may be based on quantity and quality of matches between certain metadata or attributes expected to be received from a given device as compared to the metadata or attributes received.

Abstract: A method of obtaining and automatically providing secure authentication information includes registering a client device over a data line, storing information and a changeable value for authentication in subsequent telephone-only transactions. In the subsequent transactions, a telephone call placed from the client device to an interactive voice response server is intercepted and modified to include dialing of a delay and at least a passcode, the passcode being based on the unique information and the changeable value, where the changeable value is updated for every call session. The interactive voice response server forwards the passcode and a client device identifier to an authentication function, which compares the received passcode to plural passcodes generated based on information and iterations of a value stored in correspondence with the client device identifier. Authentication is confirmed when a generated passcode matches the passcode from the client device.

Abstract: The invention may verify calls to a telephone device by activating call forwarding to redirect calls for the telephone device to a prescribed destination; receiving a message from a server verifying the call; deactivating call forwarding to receive the call; and reactivating call forwarding when the call is concluded. In another embodiment, the invention may, in response to a telephone device initiating a call to a second telephone device installed with a particular application or software, transmit a message to a server causing it to instruct the second telephone device to deactivate call forwarding. In yet another embodiment, the invention may cause a server to receive a message from a prescribed location indicating that a call was received via call forwarding, and in response to the message, transmit an instruction to the intended recipient to deactivate the call forwarding if the call is verified as legitimate.

Abstract: A technique to establish a secure session to a network-accessible application from a mobile device executing a native app. Initially, the network-accessible application is provisioned for access by an enterprise associating a set of one or more of its enterprise users with the network-accessible application. Thereafter, access to the application is enabled via an identity provider. In operation, the identity provider receives a request to validate that an enterprise user seeking access to the network-accessible application is associated with the application. The request is generated by the application in response to a login request initiated from the native app from a mobile device, wherein a certificate for the application is not available to the native app.

Abstract: In an illustrative embodiment, a user device may block all the phone numbers used by an enterprise. When an enterprise wants to call the user, the enterprise may notify the user device through a separate secure channel that an enterprise phone number is in the process of making a phone call to the user device. The secure channel may include an authentication server that may request the user device to unblock the enterprise phone number. An incoming phone call from the enterprise phone number therefore can be trusted. After the phone call is terminated, the user device may again block the enterprise phone number. An attacker may not have access to the authentication server and a phone call from the attacker with a spoofed enterprise phone number (now blocked) may be dropped by the user device.

Abstract: A method of obtaining and automatically providing secure authentication information includes registering a client device over a data line, storing information and a changeable value for authentication in subsequent telephone-only transactions. In the subsequent transactions, a telephone call placed from the client device to an interactive voice response server is intercepted and modified to include dialing of a delay and at least a passcode, the passcode being based on the unique information and the changeable value, where the changeable value is updated for every call session. The interactive voice response server forwards the passcode and a client device identifier to an authentication function, which compares the received passcode to plural passcodes generated based on information and iterations of a value stored in correspondence with the client device identifier. Authentication is confirmed when a generated passcode matches the passcode from the client device.