For m-commerce to attract
mass appeal it must be convenient, easy, and simple to use. What
could be easier than signing your name? At the recent RSA Security
Conference, four companies teamed up to demonstrate what was billed
as the first biometric end-to-end security solution that relies on
the user’s signature, not a mnemonic password.
Bringing their expertise front and center were Cloakware
Corporation, Certicom, Communications Intelligence Corporation (CIC),
and Neomar. Using a handheld device like the Palm VII with the
Neomar WAP-enabled browser, the user‘s signature is verified via
CIC’s signature-verification software, which is protected by
Cloakware’s Tamper-Resistant Software technology. Once the
signature is verified, a digital certificate is released using
Certicom’s wireless Public Key Infrastructure.
When the user signs their name on the handwriting-recognition
pad, the CIC software, which includes an algorithm, judges not only
the shape of the letters, but also the speed and pressure applied by
the user. In addition, the software recognizes the number of times
that the pen is lifted from the pad, thus making it far more
difficult to forge a signature than to get around password
protection, Cloakware’s president and CEO Fariborz Fallah told the
press.
"The solution provides a user experience that is as natural
and secure as signing a credit card slip which ties the individual
to the transaction, rather than the device to the transaction,"
explained Mr. Fallah.
Research efforts into the development of secure software-based
cryptographic key storage with biometric access control were first
undertaken by 724 Solutions, Cloakware, and CIC in 1999.
The combination of tamper resistant software, biometrics, and
cryptography will protect users from fraud when conducting such
high-risk transactions as trading stocks or banking, with the added
bonus of making it as easy as signing your name, said Guido
DiGregoric, CIC’s president and CEO.
For more information:
