Identity Goes Digital with Biometric Signature Verification

Before we get into the details of biometric signature recognition, it would be interesting to learn about handwriting biometrics, a more comprehensive behavioral biometrics approach where the roots of biometric signature recognition can be found. Handwriting biometrics is based on the principle that each individual has distinctive handwriting, which can be used to identify him/her.

The distinctiveness of handwriting is hardly surprising. As a kid, we could identify our friends’ and siblings’ handwriting and they could also identify ours. Each person has a unique way of writing letters and words. This process is repeated each time when the same set of letters and words are rewritten. This habitual pattern of handwriting remains intact throughout life, however, age and illness can affect it, which is also common for most other biometric modalities.

The process of identifying the author on the basis of a handwriting sample is called handwriting recognition. When coupled with biometric technology, this process of personal recognition can be automated and done without human intervention.

Biometrics has a fairly large portfolio of modalities, which are mainly categorized as morphological and behavioural. Morphological modalities are the physical patterns found on or in the human body. They can be as minute as DNA structure or as obvious as facial geometry. Behavioral biometrics, on the other hand, picks habitual and repetitive behavioral elements in human beings. For example, the manner you walk is a unique behavioral pattern, which can be used to identify you. The same is with the voice, typing rhythm, and many other behavioral patterns.

On the basis of the above explanation, you must have figured by now that signature is neither a morphological characteristic such as a fingerprint nor a biochemical modality one such as DNA. Rather it is a modality that develops over time and becomes a distinctive behavioral characteristic that can be used to identify an individual or verify his/her identity. So being a behavioral characteristic, signature verification is categorized in behavioral biometrics.

A biometric signature, an electronic signature (e-signature), biometric electronic signature, etc. are the terms used interchangeably to refer to the same modality. A digital signature, however, is a method in which the signer is required to obtain a Digital Signature Certificate (DSC) from a Certifying Authority (CA), which is a trusted third-party entity that issues digital certificates for other parties. CA has to verify the identity and address of the signer before it issues a DSC.

The world has been producing data at an astonishing speed and is set to grow exponentially by the end of this decade and further. From your social media posts to fitness bands and business processes to space exploration, most of this data is produced and stored digitally. However, regardless of all the digitization and computerization, there is also a parallel system in which data has to be maintained on paper as well. From legal instruments to bank checks and affidavits to presidential orders, this system wants things in black and white.

Why such a system is required when we have digital means to do most things? Papers-based documents have been used for centuries to create and maintain different instruments. They can be signed and sealed by different authority levels, making them look authentic and valuable.

As the data generated out of human and non-human activities takes the digital route, everything that used to involve papers is also shifting toward digitization. This shift was inevitable as digital versions of paper-based documents offer many advantages. They can be sent quickly in digital format, which is as easy as attaching them to an email. They offer improved security and save time, money, and the environment by saving papers and in turn, trees.

Despite offering many advantages, there are still some disadvantages to be addressed by electronic documents, and signing them is one of them. When it comes to signing electronic documents, they just fail to beat the simplicity of paper-based documents. You may print and sign a document and then scan again to get a signed digital version, but it further complicates the situation.

Digital signature verification or e-signature verification is an approach in which a handwritten signature is verified with digital or electronic means.

Static signature verification aims to match the static features, i.e. design and shape of the signature, and match it with the reference copy. To perform signature verification statically, the user signature can be captured on a digital pad, which can create a digital image for the verification software to process further. This type of signature verification can also be done by taking a signature on a paper and creating its digital image by scanning/imaging, which can further be processed by the signature verification software.

Once the digital image of the signature is captured, it is compared with the reference copy of the genuine signature already stored in the database. Signature verification software examines different aspects related to its shape to be below a set threshold value. If the captured signature fails to maintain variations below the threshold, it gets rejected by the software and the user is denied the transaction/service.

Static signature verification is also called off-line signature verification as it is based on static characteristics of the signature, which are invariant. Static signature verification is basically a process of pattern recognition, in which a sampled pattern is compared against a reference one to establish confidence in user/customer identity.

Since variations in signature patterns are inevitable, the task of signature verification can be narrowed to drawing the threshold of the range of genuine variation.

Dynamic signature verification is another approach of signature verification, in which the user signature is verified not only for its shape but also for the dynamic data that is generated while signing.

This dynamic data may include the number and order of the strokes, overall speed of the signature, pressure at each point, inclination, azimuth, etc. Since these characteristics are exhibited in an individual’s behavior while signing, dynamic signature verification is considered a biometric modality. This is why dynamic signature verification is also called biometric signature verification.

Since capturing dynamic characteristics is not possible on paper, a signature for dynamic verification is always captured on a pressure-sensitive digital pad or tablet running the verification software. Unlike offline electronic signature capture systems, that only captures the graphic image for the sake of static signature verification, dynamic signature verification devices also capture behavioral data.

Static signature verification is basically an approach of pattern recognition and comparison to find if they match. It is an automated version of manual pattern recognition, which makes it vulnerable to all inadequacies found in manual signature recognition. This method does not protect against common imposter attacks, which is common in paper-based signatures. Any imposter, who can imitate the signature of an authorized customer with any means, will be able to circumvent the static signature verification system.

On the other hand, dynamic or biometric signature recognition also verifies dynamic data generated while a user provides his/her signature. It relies on behavioral data such as spatial coordinate, pressure applied, azimuth, and inclination, which are captured along with the signature. These characteristics are inherent to a subject and highly individual.

Imitating these behavioral characteristics and replicating them with a spoof is a near-impossible task; hence behavioral signature verification proves to be more securer than static signature recognition.

Dynamic signatures can have a large intra-class variability, which means they can differ significantly from one sample to another, making the accuracy of the verification system suffer. This problem can be solved by analyzing static signatures side-by-side.

Signatures have served as a proven method to authenticate identity; however, when it came to identity or document verification in digital world they just seemed very unsupportive. When signatures deserted, login ID and passwords saved the day and took over digital identity authentication. Contemporary technology during the early days of information technology was unable to support signature based digital authentication. And by the time the technology was available to use signatures as digital authentication method, login/passwords had already taken the job. Login ID and passwords offered a cheap and secure way to authenticate identity without the need of any additional hardware or software.

Passwords did the job very well. This knowledge based identity verification method was flexible enough to be changed when compromised or to increase complexity to enhance security. In 1990s, passwords seemed as if they were the ultimate tool for information security. However, with time and increasing numbers of threats, passwords alone seemed insufficient to safeguard information. Two-factor and multi-factor authentication, OTPs (One Time Passwords), Security Questions and methods like limiting the number of password entry attempts, etc. were deployed to enhance password based security.

Since signatures turned unfriendly for digital authentication, login ID and password were used to verify or authenticate identity in digital world. Signatures did a great job on papers but rendered helpless on email account login page. On the other hand, people could not put their password on a document to approve it, so authentication methods becomes exclusive to digital or non-digital purposes.

Signatures are great, you can use same signature to authenticate or approve different documents or execute different transactions, unlike passwords, which are considered to be safer when same password is not used anywhere else. Online safety experts urge users to use different passwords for different services. This practice safeguards other user accounts if one account information or password is compromised. Using different passwords on different services results in a lot of passwords to remember, let’s not forget security questions and password hints which can put additional burden on your memory. These many passwords results in identity chaos and can be frustrating at times.

There are of course methods that have been developed to digitally sign the documents. Digital signature is one of such methods in which the signer is required to obtain a Digital Signature Certificate (DSC) from a Certifying Authority (CA), which is a trusted third-party entity that issues digital certificates for other parties. CA has to verify the identity and address of the signer before it issues a DSC. Digital Signature, however, is not same as electronic signature or e-signature, as they are popularly referred to.

Any electronic data that carries the intent of a signature can be called electronic signature. Accepting a package delivery by signing on touch screen, checking “Accept” checkbox of online user agreement, etc. are some of the examples of electronic signatures. In some countries, electronic signatures do have a legal significance.

Looks good so far, but the original question is still unanswered, is it practically possible hand sign a digital document with authenticity and without the need of any controlled environment or digital signatures? Let’s find out.

Biometric signature verification can be the answer to all limiting factors of hand signing a digital document. There can be no other way as natural as signing by hand to authenticate a document, let it be digital or on a paper. By measuring unique biometric data that occurs during the signing process, such as the writing rhythm, movement, acceleration and pressure, a personal profile can be created and source of the signature (the signer) can be verified using this profile. A signer can be enrolled on the biometric verification system beforehand by taking multiple samples. The system can also take care of variations in signatures as well by mapping variations in enrollment samples. Signatures itself may be imitated but the way they are drawn cannot be, and this fact makes biometric signature verification superior. With biometric verification ability, signatures can be used across digital, non-digital or online identity verification. The verification system does not treat signatures as an image, rather the personal profile is created on the basis of physical characteristics like speed, rhythm, pressure, movement and acceleration during the signing process.

Biometric signature verification can be deployed in several applications across different industry types including government and institutional use cases. Following are the potential applications in which biometric signature verification can make a difference.

Banks and financial service companies are the organizations in which signatures play a vital role in customer identification and authorization. These institutions heavily rely on signatures to authorize low to high-value transactions. With the advent of banking services on mobile phones, banks have started to facilitate identity authentication and authorization of transactions with fingerprints and face recognition as well. However, customers can be more comfortable and confident with signatures for banking transactions as signatures have long served banks successfully.

Though biometric recognition technologies such as fingerprint and face recognition have had a head start in personal recognition, there are still a lot of scopes for signature biometrics to excel. The most important advantage that signature-based personal identification enjoys is its acceptability. If organizations change face or fingerprint authentication with signature, it can give customers more assurance of the safety and security of their transactions.

Biometric signature verification system can streamline operations at government outfits by expediting verification process. Not only the existing applications that require signature verification can be improved with biometric signature verification, but many other methods of authentication can also be replaced with biometric signature verification. Government setups generally deal with huge population and verification process takes significant amount of time, which can be reduced with biometric signature verification. It also eliminates possibility of identity fraud, which is more crucial to address in government outfits. The time claimed by user verification can be dramatically reduced using biometric signature verification.

Though the retail industry has been opening up to adopt biometrics, customers who are concerned about biometric data privacy can be skeptical about the use of fingerprint or face recognition to authenticate their identity for payments. These customers, however, could rather be more comfortable signing a credit card slip and that is where biometric signature recognition has a window of opportunity.

Signing a credit card slip is not as secure as it may seem. At retail stores, cashiers can be under pressure to process customers quickly and may skip matching signatures. If signatures are captured and verified digitally/biometrically, there will be far lesser chances of errors and a lesser number of fraud cases.

In many services such as banking, telecom, etc. initial due diligence formalities have to be done before a customer can be entitled to a service. In many regulated industries, performing KYC before customers on boarding is very common. Most of the time, customer onboarding also requires customers to sign paper-based documents.

Making customers sign paper-based documents not only deteriorates user experience but also delays customer boarding and profitability. Most banks and other regulated industry businesses have started to offer e-KYC, in which customer onboarding and KYC formalities are processed electronically. Signature verification can further improve security in these KYC applications.

A signature can be an inexpensive approach to identify a person or authenticate his/her identity. Despite many advantages, most businesses rely on other means of identification such as government-issued photo IDs, other biometrics, etc. Some industry types such as banks and the financial services industry have been successfully using signatures to identify their customers and authorize transactions for ages. Now when all banks are computerized and on their way to complete digitization of their services, bank check verification is still done manually in most cases.

Manual bank check verification, however, can bottleneck banking operations, delaying transactions and hampering customer experience. Manual signature recognition is not free from errors. In many studies, it has been proved that even experts make mistakes in matching signatures, leading to false rejects and false acceptances.

This raises the need for an automated bank check verification system in which the authenticity of the bank check and a customer signature are verified electronically. However, customer signatures on bank checks cannot record dynamic or behavioral characteristics, the only viable option remains is to scan them and process them with the static signature verification system.

Online transactions traditionally require passwords for identity authentication, however passwords pose a considerable security risk as they can be guessed, shared and forgotten. Biometrically verified signatures can address the shortcomings posed by password based authentication and can provide a seamless user experience without compromising security. Biometric Signature Verification is the most natural solution to authenticate offline as well as online transactions, eliminating the need of different methods of authentication for different purposes.

Verification of passenger identity is crucially important for safe air travel as mid-air incident can be life threatening for everyone on the flight. Passengers’ identity verification can be easily performed with biometrically verified signatures. With this form of identity verification, customers no longer need to carry identity cards or documents to prove their identity. Customers can be offered to enroll for the method on their first or subsequent air travels.

Signature verification has been extensively used in verifying the identity of individuals. Despite being an age-old method, this practice is still relevant and used by individuals, businesses, and government officials to verify identity, and authorize transactions as well as different kinds of paper-based instruments. Now when most aspects of the human ecosystem are going digital, signature is also taking the digital route to become securer and more efficient.

Signature verification is an automated method of signature collection and verification, in which the signature is captured on a digitizing tablet. Historically, individual shape and design have been the distinguishing elements in paper-based signatures. Static signature verification software can verify the authenticity of static i.e. paper-based signatures by scanning them or taking them using a digital pad.

Dynamic or biometric signature verification is another approach, in which the signature is treated as a behavioral biometric characteristic and captured digitally using pressure-sensitive tablets or digitizing pads. It allows the system to capture a lot more behavioral information than just the shape and design of the signature.

As imposter attacks get more and more sophisticated, static signature verification finds it hard to stand today’s security challenges. Biometric signature verification remains the only viable option to secure this traditional yet highly acceptable method of identity verification.