| Date | November 2017 | Marks available | 2 | Reference code | 17N.1.SL.TZ0.1 |
| Level | SL | Paper | 1 | Time zone | no time zone |
| Command term | Identify | Question number | 1 | Adapted from | N/A |
Question
Voice biometrics technology in banking
CBR Bank is introducing voice biometrics technology that will authenticate customers when they telephone the bank. It will replace the current system, in which customers have to use passwords and/or security questions.
As part of the registration process, the customer has to say the phrase, “My voice is my password” three times. This provides a voice print that will be used to verify the customer’s identity in future telephone calls to the bank.
In addition to their voice, identify two ways how a customer can be recognized by CBR Bank’s biometrics technology.
Identify the steps used by the voice biometrics technology to authenticate a customer calling CBR Bank.
CBR Bank holds a large amount of information on its customers. Some customers are concerned about the security, privacy and anonymity of their data.
For each of the concerns above, explain one policy that CBR Bank could use to address the concerns of its customers.
The chief executive officer (CEO) of CBR Bank, Alice McEwan, said in a recent interview, “CBR Bank will be replacing all passwords, PINs and personal verification questions for our online banking and mobile banking with voice biometrics recognition.”
To what extent are the changes proposed by Alice beneficial for both CBR Bank’s customers and CBR Bank’s IT support?
Markscheme
Answers may include:
- Iris/retina
- Facial/face
- Fingerprint
- Hand / palm print
Do not accept “eye recognition” – this is too vague. Iris or retina is required for marks.
Award [1] for identifying each form of biometric identification up to a maximum of [2].
Answers may include:
- Biometric voice feature is initially recorded.
- Voice is converted from analogue to digital.
- Voice is stored in database together with other personal information.
- Voice is re-scanned when person needs to be authenticated over the phone.
- Voice is matched with information in database.
- If a match, then it is authenticated.
- If no match, then the customer is asked to repeat the phrase and is rejected after a certain number of attempts.
Award [1] for identifying each of the steps used to authenticate a customer calling CBR Bank up to a maximum of [4].
Answers may include:
Security:
- User access to data is limited to authorized personnel – to ensure data is secure during storage.
- Username and password access is implemented – to ensure data is secure during storage.
- A password policy is implemented (e.g., minimum length, mix of characters, changed after a given number of days etc.).
- Two-factor / two-step authentication is implemented (e.g., one-time password/PIN to a mobile phone, code-generating device supplied by the bank, confirmation email).
- Data is encrypted – to ensure data is secure during transmission.
- A firewall is used to protect the bank’s server.
- Bank servers are kept updated with the latest software / security patches.
- Bank employees are prohibited from accessing customer data on personal devices / devices outside the company network – to ensure that all devices are protected by the bank’s security measures.
Privacy:
- Customers are informed to specify how the data may be used – if/how it may be shared with third parties.
- Only authorized personnel will have access to the bank database – not all employees will be able to view data.
Anonymity:
- Ensure the customer’s anonymity is maintained – when data is shared with third parties, the data that could give the identity of a customer must be detached.
- Reports are kept anonymous – reports cannot allow individuals to be identified.
N.B.: The response requires an explanation of a policy and not a discussion of the problems themselves. There must be a policy for each kind of concern: security, privacy and anonymity and reason(s).
Award [1] for identifying a policy that CBR Bank could use to address the security, privacy and anonymity concerns of its customers and [1] for a development of the policy identified up to a maximum of [2].
Mark as [2] + [2] + [2].
Answers may include:
For customers:
Advantages of replacing passwords with biometric voice recognition:
- Customers don’t have to remember a password or PIN code / may not need additional verification such as one-time codes (automation).
- It is more secure, as voice characteristics are unique.
- It is harder for others to hack online banking with voice biometrics recognition (security).
- Some customers may have physical conditions that make entering PINs/passwords difficult – voice recognition will avoid having to type (access/inclusion).
Disadvantages of replacing passwords with biometric voice recognition:
- The voice recognition system may not accept foreign accents or a range of voices (systems).
- Illness (such as a cold) can change a person’s voice, making identification difficult (systems).
- A person’s voice can be easily recorded and used for unauthorized access (security).
- Someone with very similar voices (e.g., a member of the same family) may be able to gain access to the bank account (security).
For IT support:
Advantages of replacing passwords with biometric voice recognition:
- It is more secure, less likely to be hacked – fewer problems for IT staff to deal with (automation, systems).
- It is easy for customers to record by themselves – no IT staff required to set up (automation, systems).
- IT staff do not have to deal with lost password/PIN (automation, systems).
Disadvantages of replacing passwords with biometric voice recognition:
- The voice recognition system may not accept particular accents – customers cannot access their online banking and will need support (systems).
- A person’s voice can be easily recorded and used for unauthorized access – customers may complain about unauthorized access, IT staff will have to investigate hacked accounts (security, values).
- Illness (such as a cold) can change a person’s voice, making identification difficult – a greater number of customers might need to call support to access their own account (systems).
- When the new system is implemented, CBR Bank’s IT support could be overwhelmed with overlooked bugs (reliability).
- Audio files / biometric templates will require more storage space than passwords / PINs – this may make backing up data more time consuming / require IT support to increase available storage space, etc (data).
- Initial implementation of the new system may require additional IT support staff.
- IT support staff may face an increased workload (e.g., if the old system initially has to run parallel to the new system).
In part (c) of this question it is expected there will be a balance between the terminology related to digital systems and the terminology related to social and ethical impacts.
Keywords: security, authentication, stakeholder, reliability, data, security, change, identity, power, systems, values, ethics, accountability, transparency, access, inclusion
Refer to SL/ HL paper 1, part c markbands when awarding marks. These can be found under the "Your tests" tab > supplemental materials > Digital society markbands and guidance document.
Examiners report
Syllabus sections
-
22M.1.SL.TZ0.1a.ii:
Identify two ways the smartwatch and cellphone (mobile phone) could use to communicate with each other.
-
22M.1.SL.TZ0.3c:
A new school has opened in Switzerland, and its principal and IT manager are considering two options:
Option 1: Using a local client–server network.
Option 2: Using a cloud-based service.
Evaluate these two options.
-
22M.1.SL.TZ0.3a.iii:
Identify two ways in which students could authenticate themselves on their local area network (LAN).
-
22M.1.SL.TZ0.1c:
Many people use smartwatches to monitor their vital signs and manage their health.
To what extent should an individual use a smartwatch to manage their health?
-
19M.2.SL.TZ0.1:
In Source A, employees are using an embedded microchip to gain access to the building.
Identify two digital systems, in addition to implanted microchips, that an employee could use to gain access to a building in Source A.
-
21M.1.SL.TZ0.2c:
Discuss whether Daniela should make every teacher at Orams Academy use the same learning platform or allow each teacher to choose their own preferred learning management approach.
-
18N.1.SL.TZ0.3a.ii:
Identify two file compression techniques.
-
22M.1.SL.TZ0.1a.iii:
Outline one reason why protocols such as https are used in the URL to enable digital devices such as the smartwatch and cellphone to communicate with each other.
-
22M.1.SL.TZ0.3a.i:
Identify two types of cloud computing software applications that students might use at school.
-
22M.1.SL.TZ0.3a.ii:
If the schools in Hesse can no longer use cloud computing software applications, they will need to store their data on a local file server and access it through a local area network (LAN).
Identify two ways in which data could be secured if the school stored it locally.
-
22M.1.SL.TZ0.4a.iii:
Describe the difference between identification and authentication.
-
22M.1.SL.TZ0.4b.ii:
Explain why using high-resolution images could be a challenge to the implementation of a facial recognition system.
-
18M.2.SL.TZ0.1:
Identify two trends of social media usage that can be seen in Source A.
-
19N.1.SL.TZ0.3a.iii:
Outline how a firewall functions.
-
21N.1.SL.TZ0.1a.ii:
Identify two features of a virtual private network (VPN).
-
18M.1.SL.TZ0.2a.i:
Identify two characteristics of a peer-to-peer (P2P) network.
-
18M.1.SL.TZ0.2a.ii:
Identify two characteristics of a strong password.
-
18M.1.SL.TZ0.2c:
Bitcoin transactions are made between individuals without the knowledge of banks, governments, or credit card companies. Some governments are investigating whether they should regulate digital transactions, such as those made using bitcoins.
To what extent is it appropriate for governments to regulate digital transactions, such as those made using bitcoins?
-
17N.1.SL.TZ0.1a.ii:
Identify the steps used by the voice biometrics technology to authenticate a customer calling CBR Bank.
-
17N.1.SL.TZ0.2a.i:
In addition to providing access to the internet, identify two functions of an internet service provider (ISP).
-
17N.1.SL.TZ0.2a.ii:
Identify two characteristics of a proxy server.
-
17N.1.SL.TZ0.2b:
Many schools block access to social networking websites like Twitter, Facebook and YouTube. However, other schools are investigating two different options:
- Monitoring the network to view what websites the students are viewing.
- Giving different ages of students different levels of access to social media sites.
Analyse these two options.
-
18M.1.SL.TZ0.1c:
The Okavango Medical Centre has received additional funding from the local authority. The centre is investigating the possibility of using these funds to purchase IT equipment that would allow surgeons in Gaborone to carry out surgery remotely.
Evaluate the impact of the purchase of this IT equipment on the medical centre and its patients.
-
18M.1.HL.TZ0.6:
Policing as a human activity?
Toby Walsh, Professor of Artificial Intelligence at the University of New South Wales, Australia, notes that the use of police robots raises “many important questions that we, as a society, have to think about”.
Singapore has started testing patrol robots that survey pedestrian areas in the city-state. Xavier, the mall-cop robot, will be autonomously rolling through the Toa Payoh central district for three weeks scanning for “undesirable social behaviours”.
Figure 4 shows an example of a patrol robot.
Figure 4: An example of a patrol robot
[Image by Jdietsch. PatrolBot.jpg (https://commons.wikimedia.org/wiki/File:PatrolBot.jpg).
Under copyright and licensed under a Creative Commons Attribution 3.0 International License,
https://creativecommons.org/licenses/by-sa/3.0/deed.en (image cropped)]
It has been claimed that the use of patrol robots will lead to more efficient policing.Discuss the extent to which police departments should use patrol robots as a strategy to aid policing.
-
18N.1.SL.TZ0.3b.i:
Explain why each image has its resolution reduced before it is uploaded to ACP’s website.
-
17N.1.SL.TZ0.2a.iii:
Identify two ways that the government could have determined the identity of the persons responsible for posting the offensive images on social media.
-
18M.1.SL.TZ0.1a.i:
Identify two characteristics of voice over internet protocol (VOIP).
-
18M.1.SL.TZ0.2a.iii:
The use of a password is one method of authentication.
Identify two other methods of authentication.
-
21M.1.SL.TZ0.3a.i:
Lyrebird uses a person’s voice print to determine their identity.
Identify three other methods of biometric identification that could be used to determine a person’s identity.
-
21M.1.SL.TZ0.2a.iii:
Identify two potential disadvantages of using online digital media.
-
21M.1.SL.TZ0.3a.ii:
A person’s voice print can be compressed.
Identify three problems that may result from compressing the voice print.
-
18N.1.SL.TZ0.2a.iii:
Outline the difference between the internet and the World Wide Web.
-
19N.1.SL.TZ0.3b:
There are two possible methods for ensuring students use the TailorEd online learning system responsibly. They are:
- restricting access to sites that may be considered inappropriate
- educating the students about acceptable use.
Analyse these two methods.
-
20N.1.HL.TZ0.5:
Clouds under the sea
Microsoft has located one of its data centres on the seabed. Project Natick is now operating 100 feet below the surface of the North Sea (see Figure 4).
Figure 4: An artist’s representation of a data centre on the sea bed
[Adapted under sea photo by NOAA on Unsplash]
Microsoft has chosen to develop data centres on the seabed because they claim there are concerns about the environmental impact of data centres built on land. These seabed data centres can be constructed and placed on the sea bed in 90 days. This is compared to the two years that are required for land-based data centres.
Google patented their design for an underwater data centre in 2009. Even though functioning prototypes have been trialled, none have been used commercially.
The demand for data storage is doubling every two years, so it is likely that an increasing number of data centres will need to be constructed. These data centres can be constructed either under the sea or on land.
Discuss whether companies like Microsoft should build data centres on the seabed.
-
21N.1.SL.TZ0.3c:
The chief executive officer of MediResearch is considering using cloud-based storage to store the genome data.
Discuss whether MediResearch should move to cloud-based storage.
-
20N.1.SL.TZ0.2a.i:
Identify two pieces of information that would be used to identify a device on the IT network.
-
18M.2.SL.TZ0.4:
Mobile devices provide many benefits for children but can also be used inappropriately. Some groups claim it is the responsibility of parents to ensure their children use their mobile devices responsibly, while other groups claim that responsibility lies with other stakeholders, such as schools.
With reference to all the sources and your own knowledge, to what extent do you agree that parents should be responsible for ensuring their children develop safe and healthy habits for mobile device usage?
-
17N.1.SL.TZ0.1c:
The chief executive officer (CEO) of CBR Bank, Alice McEwan, said in a recent interview, “CBR Bank will be replacing all passwords, PINs and personal verification questions for our online banking and mobile banking with voice biometrics recognition.”
To what extent are the changes proposed by Alice beneficial for both CBR Bank’s customers and CBR Bank’s IT support?
-
19M.1.SL.TZ0.2b.iii:
Explain why the data collected about Hurricane Irma was not encrypted prior to being transmitted.
-
18N.1.SL.TZ0.2c:
The government of Cameroon is watching the results of the Agritexte initiative. It is considering two options:
- extending the functionality of Agritexte into a web-based information system
- investing in education and training on the use of the existing Agritexte SMS system.
Evaluate these two options.
-
19N.1.SL.TZ0.2b:
Two methods for informing tourists about wildfires in Kinakora National Park are:
- short message service (SMS) texting/text messaging
- posting information on the Kinakora National Park website.
Analyse these two methods.
-
18M.1.SL.TZ0.2b.iii:
Some users of bitcoins are concerned that their anonymity may be compromised by their bitcoin address.
Explain one way in which a bitcoin address may be used to reveal information about a bitcoin user.
-
19M.1.SL.TZ0.3a.ii:
Identify two features of authentication.
-
19M.1.SL.TZ0.3a.iii:
Identify two features of encryption.
-
19M.1.HL.TZ0.5:
How to appropriately interact in an online environment
Increasing numbers of parents are claiming digital technologies that monitor online activities are the best way to protect their children from offensive content. A number of companies, such as mSpy and Qustodio, have developed online monitoring apps.
Other parents claim it is not necessary to monitor their children’s online behaviour, preferring to encourage their children to develop the knowledge and skills to make appropriate choices.
Parents can consider two different interventions to ensure their children use the online environment appropriately:
- Monitor their children’s online behaviour using apps
- Encourage their children to develop the knowledge and skills to use the online environment and make appropriate choices.
With reference to real-life scenarios, evaluate these two interventions.
-
17N.1.SL.TZ0.2c:
Many citizens have raised concerns about the surveillance of their web browsing history or the censorship of selected websites by their national government.
To what extent is it appropriate for national governments to use surveillance and censorship to control citizens’ access to websites?
-
18M.1.SL.TZ0.2b.i:
Explain one reason why bitcoin makes use of encryption when transmitting data.
-
18N.1.SL.TZ0.3a.iii:
Outline one problem that may be caused by the use of file compression techniques.
-
18N.1.SL.TZ0.3b.ii:
Explain why each image is watermarked before it is uploaded to ACP’s website.
-
21M.1.SL.TZ0.2a.ii:
Identify two reasons why there might be a lack of bandwidth at times on the school’s network.
-
21M.1.SL.TZ0.2b:
The increasing use of cloud-based applications and online collaborative tools has led to Orams Academy introducing an acceptable use policy for students and teachers.
Explain three reasons why Orams Academy decided to introduce an acceptable use policy.
-
19N.1.HL.TZ0.5:
Sharing dashcam* footage with police
Many police departments have started campaigns to encourage members of the public to upload footage of possible offences committed by drivers to police websites. The police are looking for footage of activities such as dangerous driving and driving whilst talking on a cellphone/mobile phone.
Members of the public can create an account on the police website to upload footage from their dashcam (see Figure 3). They can also upload their dashcam footage anonymously.
The police claim that using dashcam footage uploaded by the public will help reduce the number of accidents caused by dangerous driving.
Figure 3: An example of a dashcam
* dashcam: a video camera mounted in a vehicle to record activity on roads
Discuss whether this dashcam footage should be used by the police as part of their strategy to reduce the number of accidents caused by dangerous driving. -
20N.1.SL.TZ0.2c:
Discuss whether Xingu Academy should become a bring-your-own-device (BYOD) school.
-
21N.1.SL.TZ0.1a.iii:
Identify two features of a protocol.
-
21N.1.SL.TZ0.1c:
To what extent is it acceptable for Rajesh to use services like a virtual private network (VPN) to access content that may be blocked in the country he is visiting?
-
21N.1.HL.TZ0.5:
Smart farming
A government in East Africa is using the expertise of scientists at a university in the region to promote the culture of smart farming and increase the productivity of farmers (see Figure 5). To do this, they have developed an app that the farmers can use to assist them in their decision-making.
Figure 5: An example of farming in East Africa
[Palmer, N., 2010. A farmer at work in Kenya’s Mount Kenya region [image] [online] Available at: https://commons.wikimedia.org/wiki/File:2DU_Kenya_86_(5367322642).jpg (CC BY-SA 2.0) https://creativecommons.org/licenses/by-sa/2.0/deed.en [Accessed 18 May 2020].]
Unfortunately, the scientists who developed the app have received many complaints from farmers who have been unable to use it. They are considering two options:
- making the existing system more user-friendly
- educating the farmers to use the existing system.
The scientists claim by making changes to the app it will make the app more user-friendly for the farmers. However, the farmers claim it would be better to provide them with education, such as training, so they can use the existing app.
Evaluate these two claims.
