Cyrpto-Sign® Technology Overview

The Crypto-Sign Solution
Crypto-Sign offers a new approach to electronic signatures to to generate significant economic savings and to enhance the security of remote, web-based and wireless transactions. Crypto-Sign is a patent-pending technology which combines the benefits of the PIN /Password with those of electronic signature verification to utilize the benefits of, and eliminate the disadvantages of both systems. Its author, Rod Beatson is the founder of Transaction Security and the author of the associated patent application. Crypto-Sign is essentially a non-invasive, low cost, software-based biometric solution to the problem of identifying remote authors of electronic messages and transactions.

With the introduction of the Electronic Signatures In Global and National Commerce Act (the “E-sign® Act) an electronic signature is essentially any sign submitted electronically by the author signifying intent. This could be achieved by the submission of a password, which might release a private key to generate a digital signature to “sign® the document. Alternatively the author might submit a biometric sample to be identified by the system and hence generate the electronic signature. Crypto-Sign covers a method of using automatic dynamic verification to verify a secret sign (Crypto-Sign) made on a digitizer or a PDA. This could be used to:

1) Grant access to the PDA device.
2) Release a valid ID and electronic signature of the individual and attach it to an electronic document or a signature-bearing transaction
3) Release a private key for encrypting a message
4) Release a password, PIN to allow the individual to gain access to a computer file or network.
Such a sign, coupled with the attached valid signature would now constitute a secure electronic signature where prior to E-sign it would not have been a valid instrument. The secret sign is always submitted with an inkless stylus and is never stored, displayed or printed in its submitted form.

In the field of biometrics and particularly that of dynamic signature verification there is a belief that the submission of one’s signature on a digitizer, enabling the analysis and comparison of that signature against a previously generated template would provide a secure method of tying an electronic document to the author and give the ensuing transaction a high degree of integrity. Biometrically identified documents and transactions, using dynamic signature verification have been used in a variety of applications from the early 1980’s. Applications include cash withdrawals from retail bank branches, change control of engineering drawings, entry control to Safety Deposit boxes, identification of customers using credit or charge cards at retail point-of-sale and a number of others.

Today there are two main forms of dynamic signature verification systems. One system captures and processes pressure and acceleration signals sensed by a special pen as it moves over the writing surface.

The other dynamic signature verification system uses a digitizer or Personal Digital Assistant (PDA) as the capture instrument and works in the following manner:

The digitizer or PDA is used either with an inkless stylus writing directly on the surface, or with an ink based stylus writing upon paper positioned on the digitizer. Many systems today use the inkless stylus. In both systems the pen position is sampled many times a second to generate a stream of sequential X,Y coordinates. Some systems also sample the pen pressure at each coordinate sampling point. From the samples, which are taken at constant time intervals, it is possible to define features of the signature, which can be based upon any combination of shape, pressure and/or timing of certain events within the signature.

It is possible also to capture the (x,y,p,t) coordinates of the signature key events (for example turning points associated with x, y or p or the points at which the stylus leaves and rejoins the surface) and to use these “event coordinates®, standardized against time, in the signature definition.

>> Crypto-Sign® Perfomance

>> Download PDA-Protect®

>> About PDA-Protect®

One problem associated with dynamic signature verification is that no two signatures from the same person are ever identical and the accept/reject decision has to consider the inherent variation of the author’s signature, which is sometimes large.

Another problem to overcome in dynamic signature verification is that of the angle of the signature as it is written on the digitizer. Typically there will be changes in angle of the signature from one signature to the next and, if these are sufficiently different, the likelihood of a successful match with the signature template is low. Signature systems use different methods to correct for angle before calculating the features or the event coordinates.

The result of these problems is that it is difficult to generate a high performance set of algorithms, effective over a large population, offering powerful discrimination between an authentic signature and an attempted forgery. If the accept/reject threshold level is set too tightly, to reject potential forgeries and generate a low false accept rate (FAR), the effect is often to increase the false reject rate (FRR) to unacceptable levels.

The Crypto-Sign method has a powerful advantage over conventional dynamic signature verification methods in that the sign, which is tested statistically against a stored template, is maintained as a secret by the user in the same way a password or a PIN is kept secret. The consequence of this is that the accept/reject threshold can be loosened significantly without increasing the FAR. Consequently, the FRR reduces to give high performance. For the purpose of signing electronic documents the valid signature of the user is also stored in electronic form and is only released to the transaction/document when a verified secret sign (Crypto-Sign) has been submitted. The technique is equally valid for access control, particularly for PDA’s.