In today’s worlds when most business transactions are made through the Internet electronic signatures finds an immense relevance. According to the US Code an electronic signature is “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” A more reliable form of electronic signatures is the biometric signature. Instead of replacing handwritten signatures biometric signature are signatures digitalized throughout the writing process. Instead of scanning the paper containing the signature, the signature is digitalized during the signing process itself. To facilitate the process the signature is taken, not on paper, but on certain biometric devices such as electronic signature pads, tablet PCs, pen pads etc.

Electronic signature pads and the like are a way forward in the attempt to establish a world free from papers. They play a significant role in online transactions which are rapidly becoming the norm of the day. Electronic signature softwares such as signature verification systems ensure that the e-documents containing e-signatures are legally binding.

However, the validity of electronic signatures has been a disputable issue. Most laws regarding electronic signatures were created in the mid-90s when the world was yet to wake up to such biometric devices. But in view of the growing demand and popularity of e-commerce and online transactions, there was a pressing need to amend the existing laws to be inclusive of issues concerning electronic signatures. Today most countries have included a framework for electronic signatures in the laws dealing with information technology.

Electronic signature software finds wide application in the banking sector. They are an essential part of e-banking, e-mortgage, online loan applications and approval systems. Amended laws in most countries have also boosted the use of digital and electronic signatures in the banking sectors. In fact use of high-end electronic signature software has led to the capture of high-quality cryptographic digital signatures which, in turn, ensures that these biometric signatures have the same authenticity, integrity and non-repudiation as their paper equivalents.

The retail industry is one of the fastest growing sectors in the world with transactions worth millions of dollars taking place every day. The ease of paying by credit card has made it the preferred mode of payment over the years; however, certain unscrupulous elements in the society have made sure that credit card fraud worth billions of dollars takes place every year. According to data collected by the United States Government, every year the amount of credit card fraud runs to more than 50 billion dollars. This loss can be easily controlled by implementing a biometric based signature verification protocol that captures the behavioural as well as the physical aspects of signature and comparing it with pre-recorded data.

The current system of credit payment is based on a perfunctory signature verification biometric systems as the retail sector does not want to scare off potential customers by insisting on a stringent signature verification system. Generally the card payment practices leans towards giving the customers the benefit of the doubt as minor credit frauds are preferable to lost sales opportunities and an unhappy clientele. So, once the card is issued it is the card owner’s responsibility to see that his card is not misused.

To prevent frauds in the retail industry the issuing banks runs sophisticated programs that notifies the card user if unusual purchases are made. However, these algorithms are not foolproof as high value purchases in the interval leading up to the festival season have been known to throw it haywire. The credit card companies blocks the card when there is a hint of credit card fraud which leads to lost business for the retail industry and inconvenience for the customer.

Credit card transactions have been using signature verification for ages; however, the system continues to remain very weak. The sales clerk may or may not check the signature against the database. The signature is normally collected as a proof of the transaction: a copy is given to the customer and another is retained by the sales clerk if the card user raises any question about the sale having taken place in the past.

Many of the larger retail stores have taken steps to check instances of credit card fraud by installing electronic signature software that captures signatures. The Federal Trade Commission has commented that credit card frauds cost the customers more than 5 billion dollars in out of pocket expenses. In many cases the losses were limited because the credit card owner was alerted in time by the bank. The dynamic signature verification system based on proven technology captures behavioural components of a signature. This will not deter thief hell bent on perpetrating credit cards; however, by detecting abrupt changes in the signature it can reduce chances of credit card fraud.

The electronic signature pad uses a digitizer to capture essential data sets including position point’s velocity, acceleration and other dynamic features that can be compared against data taken at the time of enrolment. However, in order to get a proper set of data the signature recording device should by ergonomically designed to ensure proper data capture.

Use of Signature Verification Systems

An electronic signature pad can be used to digitally sign an important piece of document which helps in maintaining the integrity of the document. It is a reliable method of sending documents over the internet making it tamperproof and proving that the sender of the message is who they claim to be. This method also guarantees that the content of the message remain unchanged during the process of transfer. The message is automatically time stamped when it is sent; therefore, the sender cannot claim later that the message was not sent by him.

An electronic signature pad can be used to digitally sign any type of document irrespective of the fact whether it is encrypted or not. The digital certificate issued at the time of sending the document can be used to verify whether the document was real or not.

How does it work?

The method of sending the message is very simple. The first step involves attaching the message to the email-note and then obtaining a hash (a summary of the message) with the help of software. After this is done a private key is used to encrypt the hash and this becomes the digital signature of the message. The receiver of the message makes a hash of the message and then uses a public key to interpret the message. If both the hashes match then the message is valid. The utility of this method has found many takers in the software distribution and financial sector because of its ease of use and reliability.

Provisions of the Indian IT Act relating digital signatures

The Indian parliament has ratified the validity of digital signatures in the Indian IT Act giving legal recognition to all electronic records along with digital signatures. According to the guidelines, set by this important legislation, the digital signatures would be implemented by a system of asymmetric crypto and hash function. The system also proposes the usage of electronic records and digital signatures in governmental work.

Applications of Signature Verification Technology in India

Indian Patent Office

The Indian Patent Office used to process patent, copyrights and trademark applications manually. However, the system was inefficient with instances of corruption rife. In order to make the system streamlined the Patent Office modified its application process making it online dispensing with the need of any human intervention. According to the new system, the applications can be filed from anywhere in the world and all the applications are digitally signed with the help of electronic signature software.

Directorate General of Foreign Trade

The DGFT processes request and issues import and export licenses. With hundred of licenses issued daily; the manual process was rife with corruption and abuse. In order to make the processing of licenses more streamlined an online system was implemented which enabled the users to file the applications online under different schemes like DEPB, EPCG leading to better MIS, audit and accountability. Under this system applications were filed online and signed digitally with the help of electronic signature software.

E-Procurement

Procurement tenders has been increasing in complexity for some time with the increase in the number of cartels, rigging and leakage of information. In order to remove these advantages an online system of tendering was devised which sought to reduce the human interface as much as possible by allowing the vendors to provide information and quote online. The reliability of the documentation was achieved through a system of digital signatures that was implemented with the help of electronic signature software.

Signature verification systems are being used by government and private organizations to reduce dependency on paper, make transactions faster and more reliable. This new way of doing business has already been ratified by parliamentary bodies in the USA, India and the European Union.

Signature verifications systems may be key based or biometric based. In key based technology the signature is associated with a key which is kept at the sender’s computer. However, the security of such systems is dependent on the integrity of the sender’s computer. If the computer is hacked there is a risk that the key may be misused. Smart cards carry no such risk, and its portability makes it very useful for professionals on the go. Biometric signature verification systems use an electronic signature pad to record biometric traits like style of writing, pressure and keystroke. This data is analyzed with the help of electronic signature software and a template created. This template is later used to validate the signature.

This system is foolproof because no two signatures are alike, and it is almost impossible to copy another’s signature with any conviction. Recognizing this trait, the Indian government passed the Information Technology Act 2000 which addressed the following issues-

• Legal Recognition of Electronic documents
• Legal Recognition of Digital Signatures
• Offenses and contraventions
• Justice dispensation system for cybercrimes

This act caused a paradigm shift in how business was done in BFSI, health, real estate sectors; making transactions quicker and removing the influence of middlemen.

Some Case Studies

Indian Patent Office

The Indian patent office processes patents, trademarks and copyright applications on a daily basis, receiving thousands applications daily. The manual system that existed before was extremely tedious and unmanageable. Since the system was secretive it was open to manipulation and conjecture. The government recognizing the loopholes that existed in the system implemented an online system of submission, where each application was to be authenticated by a system of digital signature verification system. This made the process more streamlined and removed human intervention.

Directorate General of Foreign Trade (DGFT)

The DGFT processes requests and issues import and export licenses, receiving thousands of applications every day. The manual system that existed before was prone to corruption, causing losses to the economy. The system was revamped, enabling users to file application online, without having to seek recourse to any middlemen. Each application was authenticated with the help of an electronic signature pad that records an individual’s unique biometric traits like style of writing, pressure exerted at the time of writing etc. The new online system helped in removing the irregularities from the pre-existing system and helped smooth submission of applications.

The Israeli legislature, Knesset, recently passed a law that made it legal to use electronic signatures for online transactions. The new legislation was hailed as a revolution by MK Meir Sheetrit, Chairman of the Science and Technology Committee. The law is expected to facilitate online transactions like e-banking, paving the way for paperless transactions in the world of banking and commerce.

Legislations like these are expected to become common in the future as the world gradually shifts towards a paperless society. According to estimates, transactions worth billions of dollars are executed everyday on the net, with a potential for further growth once the reliability of the system is established. The Knesset is pondering over the Biometric law, which is expected to add teeth to this legislation.

What is an Electronic Signature?

Electronic signature is a method of authenticating online transactions in a hassle-free environment, without compromising on security. The system uses electronic signature software called the Signature Verification System to send legally binding electronic documents, using biometric characteristics, which are unique to every individual. The system allocates an area on the electronic document for the signature-to be used when authenticating online documents. The signature is captured by electronic devices like electronic signature pads, writing tablets or a table PC. The electronic signature pad is one such device that uses sophisticated software to process the recorded biometric data like pressure, speed of writing and so on.

Corporation Bank becomes first to implement digital signature verification system

Corporation Bank, a premier public sector bank in India, with over 3500 outlets spread across the length and breadth of the country, became the first to implement a digital signature based authentication system. The service would be extended to all its corporate banking online customers and would be governed by the provisions of Information Technology Act, 2000.

Mr. BR Bhat, General Manager, Corporation Bank, said that the new system would provide an additional line of defense for its online customers, against the increased ferocity of phishing attacks. According to him, Corporation Bank recognized the vulnerability of the current security systems based on pin-numbers and passwords, and therefore, decided to pitch in for the new system to provider a safer banking environment.

Commenting on the precarious state of safety of banking systems worldwide, he said, that cyber crimes have made it imperative for banks to seek newer forms of technology to check the menace of password hackers. Some of these technologies included One Time Passwords, Virtual Key Board, and Dual Passwords. However, of the current systems, only Digital Signature Certificate fulfilled the twin criteria of legal validity and security satisfactorily.

Biometric technology has proved to be a boon for modern businesses and organizations, struggling to cope with password based security systems that have failed woefully to keep up with the increasing ferocity of cyber attacks.

Biometric technology has also dispensed with the need of actual physical presence at the time of executing contracts. One can now execute a contract online, signing it off digitally, with the knowledge that once sent; the message cannot be changed or manipulated, as it has been digitally secured.

Signature is something that is very unique to an individual; making it very difficult to copy without some error creeping in. Electronic signature pad uses sophisticated algorithms to record acceleration, speed and pressure at the time of signing. This information is used to confirm or deny the authenticity of a signature during online transactions. This novel method of authenticating financial transactions, legal transactions has caught on lately, with a number of private and governmental organizations recommending its use.

Each electronic signature has a key embedded into it which validates the authenticity of the sender and the message. Once the message has been digitally signed, the contents of the message cannot be modified, without concurrently invalidating the signature itself.

The security key can be stored in a computer, but, this causes the security of the keyword to be dependent on the computer. The moment the computer is compromised the security keyword risks getting compromised as well. In order to avoid this situation the user can use a smart card that stores the security key. The smart card can be protected by a pin number, protecting it against unwarranted use.

Survey in UK reveals that consumers prefer signature based authentication system

A recent research in U.K revealed that 60% of online banking user’s preferred biometric system based on Electronic Signature Software over other biometric systems. 83% of the respondents said that they would like their banker to offer electronic signature software as an alternative to their current authentication system.

Experts say that it is a cause of concern that online banking user’s are not aware of the loopholes in the system that can be taken advantage of by those, who know the system like the back of their hand. However, the research did reveal that the users were inconvenienced by the current password based security system. 60 % of the respondent said that they had difficulty remembering passwords and would prefer a system based on electronic signature software.