Cyber-Sign does biometric signature verifications write
- By John Breeden II
- May 10, 1999
Given the right equipment, your personal signature can sign you onto a network.
Just about every biometric verification device Ive tested has an inherent
weakness. The flaw usually does not grant access to illegitimate users, but it can and
does keep out authorized users.
Take voice verification programs, which commonly break down when the user has a cold.
Fingerprint readers do better, but a cut or burned finger might keep the user out until
the skin heals.
Ive even seen a high-end optical reader fooled by a pinkeye infection.
But when youre sick, a handwritten signature stays pretty much the same. How else
could you sign checks for the doctor?
Cyber-Sign Inc. has come up with a software package that lets you sign your way onto a
network, using any digitizing pad that comes with a pressure-sensitive pen.
Authorized users introduce themselves to Cyber-Sign Biometric Signature Verification by
writing their names three times. If all three signatures match closely, the users receive
two-digit access numbers that they must type before signing their way onto the network [GCN, May 3, Page 38].
My signature is legible but messy. Cyber-Sign read it easily and logged me in.
Other signatures fared worse. One volunteers John Hancock had seven elaborate and
graceful loops that tripped up Cyber-Sign about half the time. At the other end of the
spectrum, acceptance peaked around 75 percent for a tester with a sparse signature
consisting of a couple of wavy lines.
The acceptance bar can be raised, but in my opinion its unwise to dumb down the
softwares artificial intelligence. I experimented with changing the factory settings
but quickly restored them after I accidentally dropped my pen while signing and got in.
Cyber-Sign is quite strict in native mode. Although it sometimes does not let
authorized users in, I could never get it to admit someone who was not supposed to have
rights. As it examines a signature, it looks at the pressure of each pen stroke, the time
taken to complete the signature and, of course, the appearance. If any variable is
off-key, it denies admittance.
I experimented by signing my own name slowly, as I imagined a forger would. The extra
time caused Cyber-Sign to reject me.
I also recruited an acquaintance who signs her boss name as part of her job. She
could no longer get in after I made her boss an authorized user. Although she reproduces
his name on legal documents, she does not press down on exactly the same strokes as he
does. Cyber-Sign analyzes a signature as a three-dimensional object that gets thicker when
the signer presses down.
For extra security, users could sign in with a word or phrase instead of their names. I
tested this theory and it worked fine, providing a sort of biometric password separate
from the signature. Then again, signatures are so difficult to forge that such extras are
John Breeden II is a freelance technology writer for GCN.