1 of 23

AcousticComms Spread Spectrum (ACSS):�An Imperceptible Identity Authentication Factor

Michael A. Ramalho, Ph.D.

February 2025

2 of 23

The Frequent Reauthentication Problem

  • OOB (re)authentications is frustrating, cumbersome, and time consuming
  • Multiple (re)authentications increasingly required in ZTFs
  • Remote/Hybrid work requires more authentications and/or more secure authentications

Situation

Complication

Implication

  • Best Case: Mental interruptions due to�(re)authentications exact a productivity toll
  • Worse Case: Not frequent enough authentications result in unacceptable data theft, system exposure,�or identity theft
  • Multi-Factor Authentication with 2nd factor being Out-of-Band (OOB) is required
  • Zero-Trust Frameworks (ZTF) require re-authentications
  • SIM/Reply/Relay protection
  • Data/App access at defined rooms sometimes required

© 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

2

3 of 23

ACSS is the Solution

  • Implement ACSS ultrasound-based spread spectrum OOB authentication
  • Implement keyed-version of�to protect against SIM swap�and replay/relay attacks
    • Not possible with NFC, RFID, or BLE solutions
  • Non-invasive OOB Auth is optimum solution
    • Improves ease of use
  • Allows for more frequent authentications
    • No productivity toll
    • Increased security

Our Perspective

Action

Benefit

  • Industry leading innovation leveraging existing user’s cell phone and laptop/tablet
    • C-code library exists
  • For secure physical location – authentication limited to acoustic volume
    • Unlike RF solutions

© 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

3

4 of 23

��How does ACSS work?�A Form of Direct Sequence Spread Spectrum (DSSS)

4

© 2025 AcousticComms Consulting Confidential. All rights reserved.

5 of 23

ACSS Ultrasound Spread-Spectrum:�Mobile phone to/from Laptop

  • Application on both laptop and mobile enabled when�authentication needed. Uses existing audio capability present�in all laptops and mobile phones. No extra hardware.
  • Connection to the mobile is an out-of-band (OOB) authentication�channel (encrypted cellular data or SMS). Analogous to OOB�MFA via SMS One Time Password (OTP) – but superior.
  • Mobile need not be immediately adjacent to laptop – works�anywhere in the room (or in mild attenuation location such�as purse or shirt pocket).
  • Optionally require facial capture to ensure person is physically�present (not in café/bathroom/etc.).
  • Not hearable – NO MENTAL INTERRUPTION!
  • Replay/Relay Attack Immune: Over the air channel can be�keyed.

6 of 23

��ACSS is Proven Technology�Extends and Improves Upon Existing Ultrasound Transmission Technology

6

© 2025 AcousticComms Consulting Confidential. All rights reserved.

7 of 23

AcousticComms Spread Spectrum (ACSS)

Proven Base DSSS Design: Leveraged, then Improved, from Cisco US 10,003,377 Experience

  • Tens of thousands of system endpoints (all Cisco cloud-connected Telepresence RoomOS endpoints)
    • Offices / Huddle Rooms (7’ x 7’) / Small Conf Rooms (7’ x 10’) to Large Conference rooms (40’ x 30’)
  • Proximity pairing with hundreds of thousands of user endpoints (e.g., WebEx Teams on PCs/MacOS/iOS/Android)
  • Multiple millions of pairing-token reception events per day (SS brings robustness, not high BW: ~ 120 bps)
  • 2nd Generation Proximity Design: ~100% reception of tokens (verified by “non-drive-by” pairing metrics)

iPhone�Android�MacBook Air/Pro�MSFT PCs

Images from www.cisco.com

8 of 23

��Optional Enhancement: Protection Against Replay/Relay�Attacks

8

© 2025 AcousticComms Consulting Confidential. All rights reserved.

9 of 23

Relay Attack

Owner locks car. Puts

RFID key in pocket�and walks away.

Attacker approaches

with software-defined�RFID-emitter device.

Mule puts smartphone�near RFID key to�read emitted code.

Mule’s phone relays�RFID code to attacker’s�emitter. Car stolen.

Attack is enabled by a standardized RF interface (RFID)

Replay Attack (Similar)

Uses a recorded authentication communications (e.g., OTP) from an authorized device�to later gain access on an unauthorized device (within validation time limits).

10 of 23

��Keyed Ultrasound Transmission�[Implemented in ACSS C Library today]

10

© 2025 AcousticComms Consulting Confidential. All rights reserved.

11 of 23

Replay/Relay Attacks Impossible With Keyed ACSS

Key A

Key B

Correct Reception

No Reception: Pilot Different�Incorrect Reception: User Codes Different

  • Keys combinations are almost infinite (over 1022 combinations)
  • Key pairs tantamount to a “one-time pad” (perfect encryption)
  • If SMS OTP transmitted: Thwarts SMS Swap (imposter’s user device would need to know key)

Assign different�“key pairs” to�different users.

Key-dependent�CRC check�insures�against incorrect�reception.

One key pair reserved as�default key pair if replay/relay�protection not required.

12 of 23

What does ACSS signal look like?

12

© 2025 AcousticComms Consulting Confidential. All rights reserved.

13 of 23

What Does ACSS Look Like?�Spectrally Similar to Cisco System’s Proximity Signal

Relatively quiet room shown. Emitted today (at low SPL) on all Cisco cloud-connected Telepresence Endpoints.��Can implement ACSS signal in hearable region (for non-seamless, perhaps initial authentications / not in present code).

~19,000 to ~21,000 Hz�(low ultrasound region)

Spectrogram: Quiet Room (just HVAC low frequency noise)

Images from www.cisco.com

14 of 23

��Radio Frequency vs Acoustic Transmission:��ACSS Authentication is localized to an Acoustic Volume

14

© 2025 AcousticComms Consulting Confidential. All rights reserved.

15 of 23

Bluetooth/BLE (iBeacon/EddyStone)

ACSS Authentications Limited to Room

Acoustic Proximity vs Radio Frequency (RF) Proximity

WALL

ACSS

Acoustic / Ultrasound

vs.

ACSS

WALL

ACSS

RF Techniques Penetrates Walls�(don’t want authentications from adjacent rooms!)

Don’t�Want�This

Thus, ACSS can also be used for “Prove you are in Room X” authentication

16 of 23

AcousticComms Patents (3)

  • Ultrasound Pairing Applications for Contact Tracing Application – 2 issued patents (US 11,881,317 &�US 11,923,085)

  • Ultrasound Non-Provisional Patent Filed for OOB Factor in MFA Framework – Pending (Priority Date December 26, 2023 - Application 19/002,640)

16

© 2025 AcousticComms Consulting Confidential. All rights reserved.

17 of 23

Multi-Factor Authentication and “Prove you are in Room X” Application

Stand-alone Emitter�(for “Prove you are in Room X” application)

Non-Provisional Filed for MFA Application

Stand-alone Emitter�is defined in prior�issued contact�tracing patents.��The MFA non-provisional�reads upon (i.e., includes�by reference) the use�of the emitter for�MFA application.

Stand-alone Emitter�COGS is sub $50.

18 of 23

Summary

18

© 2025 AcousticComms Consulting Confidential. All rights reserved.

19 of 23

ACSS is the Solution

  • Implement ACSS ultrasound spread spectrum OOB Auth
  • Implement keyed-version to thwart Replay/Relay or SIM Swap attacks
    • Not possible with NFC, RFID, or BLE solutions
  • Non-invasive OOB Auth is optimum solution
    • Improves ease of use
  • Allows for more frequent authentications
    • No productivity toll
    • Increased security

Our Position

Action

Benefit

  • Industry leading innovation leveraging existing user’s cell phone and laptop/tablet
    • C-code library exists
  • For secure physical location�application – authentication limited to specific room
    • Unlike RF solutions

© 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

19

20 of 23

Next Steps

1 - Scope Business Opportunity

2 – Mutual NDA – enables code access�

3 - Work with your engineers to�develop your applications�

4 - Define partnership/licensing/etc.

20

© 2025 AcousticComms Consulting Confidential. All rights reserved.

21 of 23

http://acousticcomms.webhop.info/

21

© 2025 AcousticComms Consulting Confidential. All rights reserved.

22 of 23

Michael A Ramalho

ramalho.webhop.info�mar42@cornell.edu

Education:�Rutgers University: BSEE and PhD�Cornell University: MEngEE�Wharton Business School Executive Program (classwork)�Udacity Artificial Intelligence Full Nanodegree (2018)

Employment:Bell Telephone Laboratories (Bell Labs)Bellcore/Telcordia Technologies

Voxware (Chief Telephony Technologist at IPO)�Cisco Systems (networking, ultrasound, video, VoIP, sig proc, AI)

Noteworthy/Other:CSCO Proximity-v2 Inventor (Discrete Sequence Spread Spectrum)

Cisco Pioneer Award Finalist / Bellcore President’s Award

Patents: US: 59+ Issued / International: 20+ Issued�Standards: ITU-T (G.711.0) & IETF RFCs (~5, IP Media & VoIP)

IMTC VoIP Forum Co-Chair�Rutgers University Industrial Advisory Board and CAIP Fellow�IEEE Comm Society Technical Program Vice Chair (Globecom)

IEEE SP/COMM and Blockchain Chair (SW FL Section)

Red Shift Company Advisory Board (startup)

Cisco University Research Board / Cisco Patent Review Committee

23 of 23

6 dB

Double�Distance

2 meters

1 meter

Direct Path� Free� Space� Attenuation

SPL of Direct and Reverberant�sound is equal at 0.6 m / 2.0 ft.

RT60 (Reverberation Metric) ~ Quiet Rooms: 0.5, Office: 0.4 – 0.7, Homes: 0.9

No�Reflections�(blue line)

Total Power

“Self-Noise” == Negative SNR�(direct to sum(non-direct))�Reverberant energy dominates!

“Diffuse field area” (SPL ~= const)

15 dB at 4 M

Any distance over ~ 2 feet unreliable or�impossible for non-SS receivers requiring:�“dominant path power” > “self noise”��Need robustness provided by SS

Answer: Room Acoustics (Direct us Reverberant Power)

Frequent Question: Why Use Spread Spectrum?

Office RT60 Reverberation