Digital Signature / Keystroke Biometrics
A digital biometrics signature is equivalent to a traditional handwritten signature in many respects since if the signature is properly implemented is more difficult to forge then the traditional type.
Digital signature schemes are cryptographically based and must be implemented properly to be effective. Digital signatures can be used for electronic mail, contracts, or any message sent via some other cryptographic protocol.
Although messages include information about the person sending the message, that information may or may not be accurate. A digital signature may be used to authenticate the source of the message.
Each signature has a secret key. That secret key is used to validate the signature was indeed sent by the user that it implies has sent it. Many applications can appreciate the importance of high confidence in sender authenticity from government applications to financial institutions.
In certain instances the sender and receiver of a message with a digital signature need to be confident that the message and signature has not been altered in any way during transmission.
The use of encryption can be used to hide the contents of a message without changing the signature. It is possible though to change an encrypted message without understanding it.
However, if a message has been digitally signed, any changes to the message after signature will invalidate the signature. Also, there is no efficient way to modify a message and its signature to produce a new message with a valid signature because it is considered to be computationally infeasible.
A secret/private key can be stored on a user’s computer and protected by a password but this has some disadvantages. The user can only use that particular computer to use the signature secret key and the security of the secret key must depend on the security of that computer.
A more secure solution is to store the secret key for the digital signature onto a smart card. Many smart cards have been designed to be tamper resistant.
In a typical digital signature implementation, the hash calculated from the document is sent to the smart card, whose CPU encrypts the hash using the stored private key of the user, and then returns the encrypted hash.
The user must activate the smart card by entering a PIN code. It can be implemented that the secret key never leaves the smart card. If for some reason the smart card is stolen, the thief must also have the PIN code in order to generate a digital signature.
This system of using the smart cards makes the digital signature very difficult to copy and the loss of such a card can be detected by the owner and those cards’ privileges can be revoked.
Secret/private keys stored and protected by computer alone are much easier to copy and these compromises are much more difficult to detect and can go on for some time before security devices have been alerted.
Another process to computer security uses keystroke dynamics. It is possible to enhance a computer’s security by using a special algorithm which when used in addition to the security password, checks if the keyboards’ keys have been pressed in the user’s pre-recorded and unique way of typing that particular password. Authenticating this way of typing can be very difficult.
It is easy for someone to copy the user’s keystroke patterns and the algorithm may authenticate a similar pattern to keystrokes that are slightly different. The use of keystroke biometrics with other processes makes it more difficult to copy.
Biometric keystroke authenticating does not require any expensive hardware. It is virtually just an algorithm that can be implemented and run on any computer. When this algorithm is used in combination with a password and/or a smart card, the authentication scheme greatly enhances security.
Our advertisers are the largest suppliers of digital signature / keystroke biometrics identification devices – follow the links below.