Can Online Signatures Be 100% Secure?

Life used to be so simple. All it took to authorise a payment, confirm a contract, or validate receipt of goods, payment or service, was your signature.

At a stroke it signifies intent and is integral to the legal process. A signature is the simplest, most familiar and authoritative way of signifying agreement and approval.

You are not a number

Proving who you were became a question of what you know. A PIN, a password, your mother's maiden name, your favourite pet. Adding more of these layers into the authentication process gave the impression of increased security. But there's an obvious weakness. They don't really identify anyone. Anything you know, someone else can discover, or get out of you by one means or another.

Often it's not even necessary to resort to violence or threats. Research has shown that it's remarkably easy to dupe people into revealing their passwords, PINs or secret words. In a work situation it's often a matter of convenience and enables workflow processes to continue uninterrupted when individuals are not readily available.

What you are, not what you know.

Increasingly the search for a way to irrefutably establish identity has focused on biometrics. A biometric is what you are, not what you know.

Curiously, the choice of biometric has been greatly influenced by the standards set by the International Civil Aviation Organisation (IACO), set up in 1944 by the United Nations to promote safe international civil aviation.

The ICAO decided to adopt a biometric scheme for machine-readable passports involving facial recognition, optionally supported by fingerprints and iris recognition. These are among the biometrics being included in chip-based passports worldwide. Often it's only these biometrics that get considered for other forms of personal identification. The ICAO standard appears to have blinkered system designers in their choice of biometric modalities.

The ideal biometric

The choice is wide. Iris scans and voice recognition provide a great deal of security, but poor lighting, noisy working environments - even a bad cold or a heavy night out - make false positives inevitable. Fingerprints are another option, but they can be falsified by simply lifting a latent print, or sometimes by simply breathing on the scanner and re-activating a previous print!

You might think that your DNA must be the most secure biometric of all. Well, even assuming that one day we may be able to get an instant DNA analyser, it has an obvious flaw. Unless it's a face-to-face situation, can you really be sure that the DNA sample provided comes from the person it claims to be?

In any case, these biometrics may not be appropriate in all environments and are generally considered intrusive by many users.

Signing up to the signature

There's no doubt that a simple signature is the most familiar and authoritative way of signifying agreement and approval. It confirms intent and is integral to the legal process.

KeCrypt's unique biometric solution is unlike any other signature recognition system. At no time does KeCrypt's solution ever store a template, an image, or even accessible data, for comparison purposes. So nothing exists that can be copied, forged or falsely activated.

Instead, it identifies the unique characteristics of the way the signature is signed. Its acceleration, speed, pressure and time, and not the way it looks. This makes it virtually impossible to copy - or to refute! Even trying coercion will only be counter productive. Stress will simply make it less likely that someone can reproduce their own signature.

The popular choice

The convenience of ensuring 100% security with a signature alone is very attractive. In a recent independent survey, carried out by neo:researcher, 60% of online banking users in medium to large enterprises in the UK would prefer a signature over other biometrics for authentication. A convincing 83% thought it would be desirable for their bank to offer signature biometrics as an alternative to their current authentication method.

The KDA - The world's first Digital Authoriser

As everyone who's involved in workflow applications knows, the one thing they rarely do is flow. Authorisations and transactions stutter as applications have to be logged out of, and the required authoriser log-in, find the required record and approve; thus confusing network access with workflow.

KeCrypt's biometric signature verification KeSignature is easily embedded into applications requiring authorisation, and is ideal in mobile environments when PDAs and Tablet PCs are used. KeCrypt wanted workflow to flow anywhere.

To solve this problem, KeCrypt is developing the KDA - a Digital Authoriser that hot-plugs into any desktop or laptop PC. It will mean that wherever you are, you can just plug in, sign off the purchase or process - and go.

The application knows your authorisation is required and KeCrypt's dynamic signature verification ensures that it can only be you that's signing the KDA.

For the first time, workflow authorisations can operate remotely, 100% secure in the knowledge that it was the right person who authorised the transaction or signed-off the particular process.

KePay - a revolutionary financial service

KePay is a major development in Payment Authorisation technology from KeCrypt. It will provide Financial Services with the world's first 100% secure payment system that's natural, authoritative and legal.

Until now, setting up complex online Bank mandates has not been possible. Banks have not been able to translate the plain English of an authorisation mandate form into rules that operate online. Therefore they only offer restricted mandates that force businesses to develop their own internal procedures and tools to compensate.
KePay enables those rules to be simply built into complex mandates that are suitable for all for businesses. What's unique is that a clerk just out of school can set up the complex rules!
KePay uses KeCrypt's biometric verification technology to imbed a signing area into the authorisation pages. With KePay, approved signers will be able to authorise complex, high value transactions from anywhere in the world - at the stroke of a pen.

A Winner for KeCrypt says Agilisys

That's the opinion of Charles Mindenhall, CEO of Agilisys Ltd., of their new online mandating solution. Agilisys is an innovative UK IT and business service provider that designs, builds and operates technology-enabled business solutions.

Mindenhall was concerned that the dramatic growth of the Company had created a far more complex operating environment. As he said to John Dale, "The manual systems we have had to put in place around the online banking system detract from the visibility I demand. I wanted a better solution to meet the increased growth in transactions."

First, KeCrypt Systems supplied KeSignature as a Microsoft .NET object to the Agilisys project team who easily integrated KeCrypt biometric signature verification into their new purchase order system. This meant that final approval of all purchase orders required a signature.

KeCrypt then went on to develop KePay for signing off payment authorisations. Now payments can be easily set up by the finance department. Authorised signatories are automatically informed that payments await their approval, and can readily see details of those payments from their portal. To authorise, they simply sign.
As Charles Mindenhall said, "KeCrypt has produced a simple yet innovative and cost-effective solution for my organisation. I will have greater visibility of all financial transactions and approvals, with improved control and security, whilst the overall complexity of our financial processing system will be reduced."

The sign off

The signature has come full circle. Once it was almost the only way for individuals to confirm their identity in a simple, convenient, authoritative and legally acceptable way. Passwords, PINs and Smart card technology have tried to replace the signature in a digital world. Fingerprints and other biometrics have also been tried.

But now, thanks to KeCrypt's biometric signature verification, it has made them all redundant and the signature again can take its rightful place as the most appropriate means of authorisation.

Today, there's nothing more secure than your signature.