How ArmorVox Ensures Strict Data Security
Auraya’s next-gen voice biometric engine ArmorVox was built with security and convenience in mind right from the very beginning. Ensuring that all data is stored securely and in compliance with the various regulatory requirements mandated by authorities around the world continues to be one of Auraya’s main strengths.
Storing Data
Through ArmorVox’s advanced machine learning algorithms, organisations implementing voice biometrics solutions retain total control over their customers’ voice data – and customer data can be stored in a manner that maintains compliance with data sovereignty rules.
Importantly, no data is ever removed from the organisation’s control. This means organisations can choose where to store their Personally Identifiable Information (PII) and their voiceprint data. The databases that contain PII data can either be on-premise, in the cloud or in a hybrid arrangement. The voiceprint database can be stored separately from the PII data again in a location controlled by the organisation. It is recommended that PII data and voice print data are stored separately to comply with Auraya’s Secure by Design principles.
Encrypting Data
When creating a secure voiceprint, an individual speaker is recorded to capture a voice audio file. Data is always encrypted both in transit and at rest. The recording is posted to ArmorVox and the acoustic parameters, which are unique to each individual, are extracted and scrambled from the voice file to create a new encrypted ‘feature vector file’. This new file contains the unique voice characteristics of the individual speaker and is a one-way hash that can only be analysed by ArmorVox, ensuring that no PII is obtainable from the feature vector set. Feature vector files are then further encrypted by isolating only the required acoustic parameters to create voiceprints. Like feature vector files, these voiceprints are not audible and can only be analysed by ArmorVox as they are proprietary data sets. To ensure additional security, this encryption process is a one-way encryption method which makes voice file reconstitution impossible.
Deleting Data
Depending on the business needs organisations have the choice of if and where to keep the voice recordings that create the voiceprint. The original voice recordings can be immediately destroyed after creating the feature vector files or they can be stored with other historical call recordings.
ArmorVox provides organisations with the capability to destroy stored voiceprints and all associated acoustic parameter data tied to the voiceprint. This allows organisations to securely remove the voiceprints for consumers who choose to opt-out of voice biometric systems.