Voice authentication with Whispeak and ForgeRock

Voice authentication with Whispeak and ForgeRock

ForgeRock’s mission is to Help You Simply and Safely Access the Connected World. To do so, one strategy is to get rid of passwords and use modern authentication mechanisms. These alternatives can be configured out of the box with ForgeRock’s user journey Orchestrator but in some situations you may need different technologies. With Whispeak you can authenticate with your voice; you don’t need any additional device (no mobile, no card, no token/usb key, …), you just have to be you and speak. This is really powerful when there is a high employee turnover in your company or when your workforce can’t use their hands (in a factory for instance). Let’s see how we can easily combine ForgeRock and Whispeak.

A few words about Whispeak and ForgeRock

image

Whispeak is a company that provides voice recognition software that uses artificial intelligence to identify and authenticate someone with biometrics. This company is built with a strong focus on GDPR and CNIL compliance and it can be used in Saas or self-managed mode (OnPremVM or Private Cloud).

image

ForgeRock is a Web company that provides the only Identity platform that can be used for any type of identities (workforce, customer, IoT, etc…) and consumed either as a Saas or as a self-managed software. ForgeRock’s Identity platform covers the full Identity scope : Access Management, Identity Management, Identity Governance and Directory.

How it works

To authenticate with your voice you first have to register it (i.e. to associate your voice with your user profile). This journey to register your voice will be configured in ForgeRock. The following figure shows the sequence diagram to register/enroll your voice.


Sequence Diagram : Enrolling voice

Once your voice is registered/enrolled and associated to your user user profile you can use it to authenticate. The authentication sequence diagram is detailed in the next figure.


Sequence Diagram: Authenticating with voice

These two sequence diagrams will be done in one user journey configured in ForgeRock. The figure below shows this user journey.


Voice authentication user journey

Note: I this blog I’m using Whispeak API v1. The documentation id available here https://doc.whispeak.io/v1.

Let’s see how to configure it in ForgeRock!

How to configure it in ForgeRock

First of all we will create the scripts that we’ll use in the tree.

Connect to your ForgeRock Identity platform console (https://<YOUR-FORGEROCK-TENANT>/platform/) and follow theses steps.

Create a script to display a voice Recorder and to get a token from Whispeak:

Info: This script is uploading a client-side javascript that will display a voice recorder and then send it back to ForgeRock. Then ForgeRock will use it in the journey.

  1. Select your realm (default is alpha), browse to Scripts and click on New Script to create a new one and choose a Journey Decision Node type,
  2. On the script creation page, name your script VoiceRecorder,
  3. In the script field enter the following code and click on Save Changes.

Create a second script to send the recorded voice, the ID and the token to Whispeak to validate it:

Info: This script is creating a multipart form containing the ID and the recored voice to send it in an HTTP POST request to Whispeak to check if the recorded voice is valide compared to the voice signature associated to the ID.

  1. Browse to Scripts and click on New Script to create a new one and choose a Journey Decision Node type,
  2. On the script creation page, name your script whispeakCheck,
  3. In the script field enter the following code and click on Save Changes.

Create a third script to display a voice Recorder and to get a token from Whispeak:

Info: This script is the same as VoiceRecorder except that this time we all the /enroll API from Whispeak to enroll the voice and associate it to the user Profile.

  1. Browse to Scripts and click on New Script to create a new one and choose a Journey Decision Node type,
  2. On the script creation page, name your script voiceEnroll,
  3. In the script field enter the following code and click on Save Changes.

Create a fourth script to send the recorded voice to Whispeak to enroll it:

Info: This script is creating a multipart form containing the recored voice to send it in an HTTP POST request to Whispeak to create the user ID and store the voice signature. Here we also store the Whispeak ID associated to the voice into ForgeRock User profile to use it later when we want to authenticate.

  1. Browse to Scripts and click on New Script to create a new one and choose a Journey Decision Node type,
  2. On the script creation page, name your script whispeakEnroll,
  3. In the script field enter the following code and click on Save Changes

Note 1: In all these scripts you’ll have to change a few parameters to match you Whispeak setup. apiKey should be updated to match your Whispeak API KEY, myCustomer is equal to your customer name in Whispeak admin console and myApplication is equal to your application Id in Whispeak.

Note 1: In theses script we store Whispeak ID and Revokation links & key in ForgeRock user profile. Whispeak ID is stored in fr-attr-istr2 and Revokation links & key are stored in fr-attr-imulti1.

Now that all scripts are ready, let’s create the journey. This journey will be able to register a voice and use it to authenticate.

Note: This user Journey is designed for ForgeRock Identity Cloud Login UI (platform-login-ui) and can’t be used as is with AM UI.

  1. Browse to Journeys and click on New Journey to create a new one called LoginWhispeak for Identity Object Alpha realms — User,
  2. Add a Scripted Decision node, name it Register Whispeak, select whispeakEnroll script, add true and failed outcomes, link true to Success exit (Green circle icon) and false to Failure exit (red circle icon),
  3. Add a Scripted Decision node, name it voiceEnroll, select voiceEnroll script, add true outcomes, link true to Register Whispeak node,
  4. Add a Message Node, name it Do you want to Enrol?, add a message: “Your voice is not yet enrolled in our system. Do you want to enrol it ?”, a Positive answer: “Yes” and a Negative answer: “No”. Link true to voiceEnroll node and link false to Success exit (Green circle icon),
  5. Add a Data Store Decision node and link true to Do you want to Enrol? node and link false to Failure exit (red circle icon),
  6. Add a Platform Password node, leave default parameters and link it to Data Store Decision node,
  7. Add a Scripted Decision node, name it whispeakCheck, select whispeakCheck script, add true, failed add unregistered outcomes, link true to Success exit (Green circle icon), link unregistered to Platform password node, failed outcome will be linked in the next step,
  8. Add a Retry Limit Decision node, leave default parameters, link reject outcome to Failure exit (red circle icon), Retry outcome will be linked later,
  9. Add a Scripted Decision node, name it voiceRecorder, select voiceRecorder script, add true outcomes, link true to whispeakCheck node,
  10. Link unregistered outcome from whispeakCheck node toRetry Limit Decision node,
  11. Link Retry outcome from Retry Limit Decision node to voiceRecorder node,
  12. Add an Attribute Present Decision node, set Present Attribute parameter to true, link true to voiceRecorder node and link false to Platform Password node,
  13. Add an Identify Existing User node, leave default parameters, link true to Attribute Present Decision node and link false outcome will be linked later,
  14. Add a Platform Username node, leave default parameters and link it to Identify Existing User node. Link the start (Blue circle icon) to this node,
  15. Finally, Link false outcome from Identify Existing User node to Platform Username node. Et voila !

The following figure presents the journey in ForgeRock Intelligent Authentication web designer.


Voice registration and authentication user journey

Demonstration

The next figure shows the result in action from the user perspective.


Voice authentication with Whispeak and ForgeRock

Important note: This scenario is only possible if you enrolled your voice with Whispeak and it has been associated with your ForgeRock account.

Conclusion

This guide how to configure ForgeRock Identity Cloud to use Whispeak to authenticate with your voice is another example of an integration of ForgeRock with a tier component; It’s quick and easy. In addition, this use case with biometric voice authentication can answer to a frequent question from our customers : how can I strongly authenticate someone without being forced to use a tier device (mobile, usb key, smart card, …)?

2 Likes