Overview of the Last Article
When compared to the Physical-based Biometrics, there are only two Behavioral based Biometric modalities. The last article covered a technology which has been around for quite a long time, which is that of Keystroke Recognition.
In fact, it even dates all the way back to when the Morse Code first came out. From the various signals which were transmitted back and forth, military intelligence officers could decipher a unique rhythm and pattern by the operator. Since then, this modality has grown into a viable means in which to verify the identity of an individual.
It should be noted that the market applications of Keystroke Recognition are still extremely limited. For example, it can be found in financial applications. If a client wishes to place a brokerage trade over the phone, rather than having to answer a series of challenge questions, all he or she has to do is enter a short passphrase on their handset, and within seconds they will be verified.
Also, this modality is starting to see some use with regards with to wireless and Smartphone devices. Although Fingerprint Recognition is still the dominant technology which is being used, Keystroke Recognition serves well as a secondary, or Multimodal solution.
Since this is a Behavioral based Biometric, there are no raw images which are actually captured, unlike the other modalities we have covered. Instead, a number of key variables are captured, which include the following:
- The overall typing speed
- The time which elapses when various keys are held down on the computer keyboard
- The pattern in the sequences of the keys which are used when capital letters are being typed
- The time it takes for an individual to move from one key to another.
To create both the Enrollment and the Verification Templates, very sophisticated statistical modeling is used, primarily that of the Hidden Markov Models.
A very close “cousin” to Keystroke Recognition is that of Signature Recognition, which is the topic of this article.
An Introduction to Signature Recognition
For the longest time, along with the fingerprint, signatures have always been associated with that of law enforcement. But unlike the other Biometric modalities, the use of a signature in which to confirm the identity of an individual also creates a legally binding contract or agreement between two or more parties. As a result, Signature Recognition has generated much more interest than that of Keystroke Recognition.
This double usage of Signature Recognition was actually enacted by the Clinton Administration back in the last decade. The legislation has become known as the Electronic Records and Signatures in Commerce Act (or Electronic Signatures Act). This makes the use of Signature Recognition legally binding even in E-Commerce based transactions, whether it is at an online store, or at the credit card kiosk of a Point of Sale Terminal (“POS”).
For example, when an individual swipes his or her card at the POS, they are prompted to sign their name. The image of this particular signature is then captured and transmitted over to the sensor pad, and from there, to the credit card company. These entities have large databases where specialized software matches this signature to the image that is actually stored.
If this match appears to be authentic enough, then the electronic transaction is subsequently approved. In fact, there is very often a lot of confusion as to this type of signature versus a digital based signature.
The latter is merely the name of the individual which is typed on a computer keyboard, but the primary difference is that encrypted bit strings are created and literally attached to it on an electronic document.
The Differences Between a Signature and Signature Recognition
In this same regard, there is also confusion between an actual, physical signature, and the use of Signature Recognition itself. With the latter, it is very important to note that it is not the actual signature image that is stored and compared in the database of this modality.
Rather, just like Keystroke Recognition, it is the behavioral patterns which are inherent in the process of creating a signature which is stored and compared. Some of the variables which are captured include the changes in timing, the pressure, and the speed which is applied to the pen when composing a particular signature.
It is important to keep in mind that although it is relatively straightforward to duplicate the actual,
visual appearance of a signature, it is very difficult to replicate the behavioral characteristics of the way the signature is signed.
How Signature Recognition Works
Signature Recognition is primarily used for verification purposes only, and not for identity-based applications. This is due to a number of scientific reasons, which include the following:
- The hand, which is used to compose the signature, can be greatly affected by genetic factors and the various physical ailments which are associated with it (such as arthritis, rheumatism, the aging process, etc.)
- Composing the signature is a very dynamic process, which can change very quickly over just a brief period
- Unlike the Physical-based Biometric technologies, there is virtually no permanence or long-term stability associated with Signature Recognition.
The very first Signature Recognition device to come out in the marketplace made use of static variables when an individual signed their signature. This included such factors as the height, spacing, slope, as well as the various characteristics regarding the shaping of the letters.
By the mid-1970’s, Signature Recognition became a much more dynamic process in the sense that various spatial, pressure and temporal variables were now taken into consideration.
These factors included the downward pressure which was applied to the pen, the level of pressure at which the pen itself was gripped at, and the angle at which the pen was held while the individual signed his or her name.
Today’s Signature Recognition devices can now collect and analyze even more granular level data such as the acceleration of the pen, and any pauses while the signature is being composed. Neural Network technology can also be incorporated into this modality, which can literally learn even the slightest of changes and variations in the way an individual signs their name.
Also, by using Neural Networks, the database which houses both the Enrollment and Verification Templates can be updated dynamically, in real time.
Today, Signature Recognition makes use of a pen and a specialized writing tablet, which is connected to either a local computer or a central server for further processing. To acquire the data during the Enrollment process, an individual is required to sign his or her name several times on the writing tablet. It should be noted that the robustness of the Enrollment Template is a direct function of the quality of the writing tablet.
There are several constraints to the data acquisition phase. First, a signature cannot be too long or too short. For instance, with the former, too much behavioral data will be presented. As a result, it will be very difficult for the Signature Recognition device to identify any consistent and unique data points.
In comparison, with the latter, not enough unique data will be captured, thus resulting in a much higher False Acceptance Rate (“FAR”).
Both the Enrollment and Verification processes must be conducted in the same type of environment as well as under the same conditions. For example, if the individual stands during the Enrollment process but sits down in the Verification phase, the respective templates may vary substantially from one another.
Once the data acquisition phase has been completed, the Signature Recognition system will then extract the unique features from the behavioral characteristics. Statistical profiles are used to create both the Enrollment and the Verification Templates using Hidden Markov Models. Different statistical weights are also assigned to each unique feature.
Ethical Hacking Training – Resources (InfoSec)
These templates can be as small as 3 kB. One of the biggest challenges in Signature Recognition is the constant variability in the signatures themselves. This is due to the fact that an individual never signs his or her name in the same fashion, on any two consecutive attempts.
For example, the writing slope can switch tangentially from left to right (even vice versa), and up and down (and also vice versa). Also, the exact pressure put onto the pen can change greatly every time that an individual has to submit a Verification template. Even light reflection exposed onto the surface of the Signature Recognition capture device can indirectly cause great variances.
The Advantages and Disadvantages of Signature Recognition
The most significant benefit of Signature Recognition is that it is highly resistant to impostors. For instance, as discussed previously, although it is quite easy to forge the actual signature, it is very difficult to mimic the behavioral patterns which are inherent in the process of signing.
Second, when compared to the other Biometric modalities, Signature Recognition is deemed to be very noninvasive, and in fact, it is quite user-friendly. As a result, the acceptance of rate of it is quite high.
Third, there is always a strong level of concern amongst the users of Biometric systems if their templates will be stolen if the system is compromised. This fear is especially prevalent for the Physiological based Biometrics, because, one cannot change the structure of their hand, fingertip, iris, or even retina.
But with this modality, the actual structure of the signature can be changed very quickly, because of its fluid and dynamic nature. Thus, it is very difficult to spoof.
Regarding disadvantages, Signature Recognition is prone to much higher levels of error rates, particularly when the behavioral characteristics of the signature are mutually inconsistent from one another.
When compared to all of the other Biometric modalities, Signature Recognition holds great promise regarding adaptability and implementation. First, there is the ease of use. All the end user has to do is simply sign his or her name on the specialized writing tablet. Thus, there is hardly any need for in-depth training.
Second, the implementation costs of a Signature Recognition system are very low. The expenses which are involved regarding procurement and deployment are minimal when compared to the much more complex Biometric modalities, such as that of Retinal Recognition.
Third, a Signature Recognition system can be very easily embedded into existing security processes, without severely disrupting any other operations. For example, no major wiring or installation is needed.