If you watch a handwriting expert authenticate a signature, they will talk about echoes of the process of signing one's name – darker or lighter lines reveal pressure variations, the shape of the loops reveals the shaking of the hand, and the flow of the ink shows if the signature was laid down without hesitation. These echoes of the act of writing make a signature far more revealing than a simple squiggle on paper. Now researchers from the Fraunhofer Institute for Computer Graphics Research (IGD) have created a credit card that contains a thorough description of these signature traits, which can be used for instant authentication.
Every signature tells its own story, but tells it so much better if the signature is written on a pressure-sensitive touch screen or touch pad. The dynamic patterns of position (and hence velocity) and of pressure being available for each part of the signature provides a wealth of data which is specific to the signer. Simply put, you can't successfully imitate the dynamic aspects of a person's signature.
The new Fraunhofer credit card recognizes a customer by comparing their newly signed signature with an earlier signature stored on a chip within the card. This biometric “on-card comparison” adds security and adds convenience. Many store clerks are hardly overly conscientious when comparing signatures, and PIN codes can be lost or compromised, either through surreptitious observation or simply by carrying the codes in a different part of the same wallet.
In practice, the use of the system is quite simple. The customer signs on a touchpad when registering for a credit card, and the biometric features of this signature are stored directly onto the chip in the card.
Then, when making a purchase, the cardholder runs the card through a scanner as usual. The customer then signs for the purchase on a writing pad using an electronic pen. The stored and signed signatures are then compared and if this comparison reveals a satisfactory level of similarity, the transaction is authorized. A PIN could then be used as an extra layer of security for large transactions.
Of course, no security procedure is without flaws – the goal is to make it difficult to take advantage of the flaws. The on-card comparison system is most likely to have a problem with false negatives – a feature shared by most biometric-based security systems. While the hardware side of the system is simple, the challenge lies in the algorithms used to make authentication decisions. Historically, it has been difficult to get beyond about five percent false positives and 10 percent false negatives. Signatures do vary, so a resilient comparison system is required that won't simply reject any variations.
Another difficulty is that signature pads often feel extremely unnatural to write on – I can assure you that some of my electronic signatures would not pass comparison with my signature of record!
The researchers introduce a prototype of the system at CeBIT 2013 in Hannover, Germany, this week.