Untitled Document
[an error occurred while processing this directive]

28th January 2002

-
ABOUT US SUBSCRIBE WRITE TO US ADVERTISE ARCHIVES / SEARCH

CURRENT ISSUE

INDIA NEWS
TRENDS
NEWS ANALYSIS
OPINIONS
FOCUS
E-BIZ
TECHNOLOGY
GLOBAL NEWS
BIOMETRICS
EC SERVICES

ARCHIVES/SEARCH
WRITE TO US
SUBSCRIBE
ADVERTISE
ABOUT US

Email:
Subscribe
Unsubscribe
 
Front Page > Biometrics > Full Story
Advantage Tamilnadu

THE RAPIDLY GROWING IMPORTANCE OF BIOMETRIC BASED ELECTRONIC SIGNATURE SOLUTIONS IN BANKING, E-GOVERNANCE AND ENTERPRISES SECURE AND PAPERLESS WITH eSign (Signature Capture, Encryption/Decryption & Verification) By Mr K E Parameshwaran

Managing Director, Trilux Biometrics (India) Ltd., Chennai. He can be reached on kep@triluxindia.net. Trilux Biometrics provides total e-sign solutions and business enquires may be directed to sales@triluxbiometrics.net.

The use of biometrics in electronic handwritten signature using a variety of input devices such as pen and pad, personal digital assistants (PDA), computer displays or other contact sensitive technologies are based mainly on the selected signature dynamics. The signature is captured along with timing factors like speed, pressure and sequential stroke patterns like dots, lines etc. This method allows real handwritten signatures to be incorporated into e-documents including e-mails during electronic transactions. The signature and the content relevant to the transaction are captured and then bound to the signed document, which virtually rules out changes or alterations, by anyone. This is the kind of verification capabilities that satisfies legal requirements and facilitates truly secure on line documentation acceptable to the emerging e-World.

Governments all over the World including India have accepted the growing need of Electronic Signatures and passed Signature legislation to enable true e-business solutions. By giving electronic signatures the same legal weight as wet ink signatures on paper, the legislation enables Government, Banking and Enterprises to finally realize a fully electronic process/work flow and automation needs.

PKI (Public key Infrastructure)

PKI technology has been around for almost two decades. It was conceived as a way to transmit electronic information in a secure manner. PKI is based on a key pair system. Each user has a private key or digital certificate and a corresponding public key. The keys are used to seal (encrypt) and un-seal (decrypt). The keys are typically issued and administered by a 3rd party Certification Authority such as VeriSign. The user is responsible for safeguarding his or her private key as this key is used to encrypt and decrypt electronic documents or transmissions. The private keys are typically protected by a password or PIN. The public keys are generally made available to all people within the user’s network. The keys can only work as a pair so the CA can reissue keys if it is felt that the security of a user’s private key has been compromised.

As originally conceived, if Trilux Tech sends a document to Trilux Biometrics, then Trilux Tech would use Trilux B’s public key for encryption and Trilux B would open (decrypt) the document with his private key. This method for using PKI ensures that the document is heavily encrypted and can only be opened by a particular person. To use PKI as a signature, the user encrypts (signs) the document with the private key and the recipient opens the document with the user’s public key. The Certifying Authority and the user’s safeguarding of the private key assure authentication of the signatory.

About Dynamic/Electronic Signature

Dynamic Signatures are based on biometrics. A biometric is a human body measurement used to positively identify an individual. There are many biometric technologies that have been developed including retinal and iris scan, thumb and palm scans, voice and face recognition and even DNA analysis. However, for the purposes of using biometric technology as an electronic signature the focus is on the pen and pad based personal signature.

Pen and pad based electronic signature capture and verification has become the leader in dynamic signatures. The reasons for the wide acceptance of this biometric are based in culture. Users have been using the pen with ink based personal signature as a way to lend formal accountability to contracts and the like for ages. Pen based electronic signatures enables this same culturally accepted method to be brought forward into the digital age. By doing the act of signing and gaining all of the benefits of a true electronic signature, biometric based dynamic signature has become the clear leader for enterprises offering electronic signatures for their customers and business partners.

Beyond the cultural acceptance, robust pen based electronic signature solutions are also among the best biometrics with respect to accuracy.

The verification methods for the most sophisticated pen based solutions can be finely tuned to yield the optimal False Acceptance Rates (FAR) and False Rejection Rates (FRR).

In addition to having built-in cultural acceptance and strong biometric authentication, the pen based electronic signature is the most intuitive to use. A typical form, document or contract using this technology will have pre-designated signature fields that are simply mouse clicked when ready for signing. A signing interface appears that can, if needed, collect supplemental information about the signing event such as the intent or purpose of the signatory and the location of the signing. The signer then simply signs on a high quality cost effective pen and pad or a Palm Pilot and the ink is displayed in real time and with high fidelity in the signature box. Once again, underlying the captured ink is the biometrics of the signatory’s signature.

A sophisticated pen based electronic signature solution should not only make the signing process more efficient, but also make it much more secure. There are several key areas where security needs to be well executed. The biodynamic signature data that is collected should be secured so that it cannot be lifted from the document and used elsewhere. Different approaches or a combination of approaches can be used such as high encryption and decryption. Also, the signature needs to be bound to the document in such a manner as to make it tamper proof, typically done using hashing algorithms. Additionally, if the application in question is using “real-time” signature verification, then the storage of the signature templates needs to be well secured.

As enterprises move to a paperless environment, the need for electronic signatures is becoming a critical factor. Since the Internet and Intranets are used to exchange information it is essential to be able to sign documents electronically in a secure fashion. In both consumer and enterprise applications, the ability to securely capture signatures as well as to verify the identity of people is increasingly becoming important.

Organizations that move towards a paperless workflow process will gain significant cost savings from electronic signatures, thanks to the technology, due to its efficiency. This is best exemplified by reducing the business cycle and operating costs such as printing, distribution, collection and, storage of paper documents. Additionally, a well-implemented Electronic Signature methodology will improve overall reliability and security of every transaction.

Biometrics are unique to each individual, the underlying biometrics of Electronic Signature can be used to verify the authenticity of the signature and therefore the identity of the individual signing their name. The biometric measurements from each signature may be compared to available samples and are a secure and reliable method to assure that the signature is not a forgery.

Under the sole control of the user, the biometrics of a signature is based on an individual’s behavioural dynamics, which cannot be repeated by another person.

Using Electronic Signatures

Electronic signature replaces a wet ink signature anywhere within an organization’s workflow, office automation, attendance management etc. For example, Policy Applications, Account Opening/Closings, Administrative changes to an in effect policy, Underwriting Approvals, Claims Processing, Internal Reporting, HR forms, etc.

The other areas where a verifiable electronic signature can be utilized are to replace passwords. A handwritten electronic signature can be verified against a previously created template to allow access, therefore replacing the function of a password, but adding a higher level of security to the process. The security gained is due to the fact that a password/pass- phrase can be given to someone else or stolen or even forgotten, where a signature belongs to the signer and cannot be forged easily since it is a biometric. Some examples of electronic signatures replacing passwords are, Network access, Securing laptop or handheld computers, securing specific files on a network, access security to buildings etc.

<Back to top>

India News || Global News || E-Biz || News Analysis || Technology || Opinions ||India Trends || Comany Watch BioMetrics

© Copyright 2000: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in
Mumbai by The Business Publications Division of the Indian Express Group of Newspapers.
Please contact our Webmaster for any queries on this site.