Crypto-Sign offers a new approach to electronic signatures to to
generate significant economic savings and to enhance the security
of remote, web-based and wireless transactions. Crypto-Sign is a
patent-pending technology which combines the benefits of the PIN
/Password with those of electronic signature verification to utilize
the benefits of, and eliminate the disadvantages of both systems.
Its author, Rod Beatson is the founder of Transaction Security and
the author of the associated patent application. Crypto-Sign is
essentially a non-invasive, low cost, software-based biometric solution
to the problem of identifying remote authors of electronic messages
With the introduction of the Electronic Signatures
In Global and National Commerce Act (the "E-sign" Act)
an electronic signature is essentially any sign submitted electronically
by the author signifying intent. This could be achieved by the submission
of a password, which might release a private key to generate a digital
signature to "sign" the document. Alternatively the
author might submit a biometric sample to be identified by the system
and hence generate the electronic signature. Crypto-Sign covers
a method of using automatic dynamic verification to verify a secret
sign (Crypto-Sign) made on a digitizer or a PDA. This could be used
1) Grant access to the PDA device.
2) Release a valid ID and electronic signature of the individual
and attach it to an electronic document or a signature-bearing transaction
3) Release a private key for encrypting a message
4) Release a password, PIN to allow the individual to gain access
to a computer file or network.
Such a sign, coupled with the attached valid signature would now
constitute a secure electronic signature where prior to E-sign it
would not have been a valid instrument. The secret sign is always
submitted with an inkless stylus and is never stored, displayed
or printed in its submitted form.
In the field of biometrics and particularly
that of dynamic signature verification there is a belief that the
submission of one’s signature on a digitizer, enabling the
analysis and comparison of that signature against a previously generated
template would provide a secure method of tying an electronic document
to the author and give the ensuing transaction a high degree of
integrity. Biometrically identified documents and transactions,
using dynamic signature verification have been used in a variety
of applications from the early 1980’s. Applications include
cash withdrawals from retail bank branches, change control of engineering
drawings, entry control to Safety Deposit boxes, identification
of customers using credit or charge cards at retail point-of-sale
and a number of others.
Today there are two main forms of dynamic signature
verification systems. One system captures and processes pressure
and acceleration signals sensed by a special pen as it moves over
the writing surface.
The other dynamic signature verification system
uses a digitizer or Personal Digital Assistant (PDA) as the capture
instrument and works in the following manner:
The digitizer or PDA is used either with an
inkless stylus writing directly on the surface, or with an ink based
stylus writing upon paper positioned on the digitizer. Many systems
today use the inkless stylus. In both systems the pen position is
sampled many times a second to generate a stream of sequential X,Y
coordinates. Some systems also sample the pen pressure at each coordinate
sampling point. From the samples, which are taken at constant time
intervals, it is possible to define features of the signature, which
can be based upon any combination of shape, pressure and/or timing
of certain events within the signature.
It is possible also to capture the (x,y,p,t) coordinates of the
signature key events (for example turning points associated with
x, y or p or the points at which the stylus leaves and rejoins the
surface) and to use these "event coordinates", standardized
against time, in the signature definition.