Browse Prior Art Database

Method of securing a biometric signature

IP.com Disclosure Number: IPCOM000239092D
Publication Date: 2014-Oct-10
Document File: 6 page(s) / 80K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method to provide cryptographic security to a biometric electronic signature by combining the captured biometric token and the hash value for the electronic document with a public key signature affixed by a server computer system.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 37% of the total text.

Page 01 of 6

Method of securing a biometric signature

A signature is affixed to an agreement document to identify the signer and indicate the signer 's assent to or approval of the agreement described by the document's content. With paper documents, the paper on which a document is printed is inherently immutable (i.e. difficult to change without detection) and a human signature is a biometric that is inherently difficult to forge.

Cryptographic digital signatures apply to electronic documents. The common practice is to sign an electronic document by computing a cryptographic hash value, or message digest, of the electronic document content, and then encrypt the hash value

with the cryptographic private key of the signer. The main step of validating a digital signature consists of an equality comparison between a newly computed cryptographic hash value of the content from an electronic document and the hash value stored in the digital signature, after decrypting it with the signer's public key. If the two hash values are equal, then the signed content of the electronic document remained unchanged since the digital signature was created. If an attacker changed the signed document content, then the newly computed hash value does not match the hash value in the digital signature, and the attacker is unable to change the hash value in the digital signature because it is encrypted (unless the attacker deduces or steals the signer's private key).

The significant information technology (IT) challenge for cryptographic digital signatures is the necessity of maintaining a public key infrastructure (PKI). Each person who must be able to digitally sign documents within a computer system is issued a private key, and the corresponding public key is made available to users of the computer system in a public key certificate . A public key certificate contains the identity of the signer and the public key of the signer; these are protected by a digital signature created with a master private key associated with the computer system.

A second significant problem for cryptographic digital signatures is that the user experience is completely inconsistent with the expectations of normal human users, who expect an experience akin to manually signing a piece of paper.

For this reason, practitioners often abandon cryptographic digital signatures in favor of simple electronic signing techniques that do match the users' experience expectations. Specifically, the user is given a simple pen-like device or even just the simple computer mouse pointing device or mobile device touch interface, and the user performs the manual process of signing. This is sometimes called a "wet" signature because it mimics pen and paper experience of signing. However, theoretically, the user is just providing a biometric identifier. Other biometrics such as a fingerprint or retina scan could be used instead.

Regardless of the specific biometric captured during signing, this approach has the...