Signature Verification / Signature Authentication
(SIGNificant Biometric Server)
The SIGNificant Suite helps introduce your company to the era of electronic signing. The SIGNificant products record the handwritten signature of a person (including measurements of parameters of pressure, acceleration, speed, rhythm, and movements in the air) and embed the signature into an electronic document. If there is a dispute about a captured signature, an expert tool is available to forensically analyze the biometric characteristics of the captured signature.
The SIGNificant Signature Verification called SIGNificant Biometric Server takes this ability one step further, enabling real-time biometric verification of a signature to the SIGNificant platform by comparison of the recorded parameters of the handwritten signatures against the preenrolled profile. The possibility of a detailed protocol for each signature-relevant action makes it a total solution; documents are only processed if their signers are authenticated and companies can prove who signed which document and when.
- Key Features
- Signature vs Fingerprint Authentication
- What results can be expected ?
- xyzmo vs Other Signature Verification Solutions
1. Enrollment (Collect Sample Signatures)
The process is initiated by the user’s enrollment. The enrollment process requires up to six initial signatures or can be done continually over time. These are collected using a signature pad or a tablet; the user simply signs his personal handwritten signature, exactly as he or she would with a wet-ink pen and ordinary paper.
2. Signature Profile Creation and Handling
The signatures are stored in profiles. The system can handle numerous profiles per user, allowing, for instance, for one profile for a standard signature and another for signing with initials only. When verifying a signature, the SIGNificant Biometric Server compares the signatures to the relevant profiles.
3. Signature Verification and Learning
Each time a user accesses the system to verify his signature, the Biometric Server compares the current signature to the signature profiles. With each authentication, the server continues to learn and fine-tune the user’s profile. This enables the system to track gradual shifts in the handwritten signature over time.
The SIGNificant Biometric Engine has three basic security modes that define how complex a personal profile has to be, and how strictly the Biometric Engine should verify the signature. The higher the security, the more likely it is that some customers will have to sign more than once before their signature is accepted. Thus the enrollment process becomes stricter, requiring more users to provide more than the 4–6 signatures needed for a standard enrollment.
- Basic – This setting is intended for scenarios where you expect large numbers of customers per day, and where you want to avoid having some users sign multiple times because of false rejections (FR), but still achieve reasonable security in the verification of signatures. Typically, this scenario suits processes where you want to enhance security or where you want to replace the signature comparison presently done by a human. In this case, these settings are a perfect fit for increasing the security dramatically whilst still having very high customer acceptance.
- Advanced – This setting is intended for scenarios where you expect large numbers of customers and skillful fraud attempts. Typically, this scenario suits processes where the signature has an important business impact (e.g. withdrawal of cash, signing important contracts etc.). Because of the importance of the signatures, you are willing to accept that some customers will have to sign more than once before the document is processed, to achieve better security against fraud.
- High – This setting is intended for scenarios where you expect very high security with medium to small numbers of customers. The security parameters allow for a near-zero percentage False Acceptance Rate; therefore this is suitable for even the most critical environments.
Dynamic Signature Verification
The system utilizes distinctive aspects of the handwritten signature such as rhythm, speed, pressure, acceleration, and movement by measuring the physical activity of signing.
The system provides secure storage and communication of captured biometric signatures.
Automatic Detection of Variations
The server automatically detects variations between signatures to make the personal profile as secure as possible. While some users sign in a very consistent way, others display a greater variance between signatures; the system recognizes and records this variance to calibrate the profile for future authentications.
Versatile Threshold Factor
The authentication process is flexible, enabling a varying authentication process for different environments, allowing organizations to easily adjust the balance between customer acceptance and security.
Clear, Fast Verification Results
The verification is performed in a transparent manner. The server compares the signature to the updated personal profile in the database and enables or rejects the entry within milliseconds.
Constant Profile Enriching
A dynamic mechanism recognizes the fluctuation rate in each of the signature parameters in real time, thus nourishing the authentication engine with added parameters and enhancing the profile every time a signature is authenticated.
Fully support of the ISO/IEC 19794-7 Biometric data interchange format standard (http://bit.ly/mH1VL1)
Detailed protocol of users’ security-relevant actions (enrollment, signature verification, suspension of signature profiles) is recorded.
Every biometric system, such as iris scan, fingerprints etc., may be hacked. Once hacked, the information may be used again and again because eyes, fingerprints etc. do not change (they are static). By contrast, a signature, even if hacked, is not reusable since no-one can ever sign the same signature twice; signatures are bound to be different from one another. Also, the user can always change a signature and create a new personal profile.
All signature verification solutions participating in the 2011 IDCAR conference were evaluated by forensic experts using different testing sets. The task was to determine whether a particular signature had been written by the author of the reference signatures or if it had been forged by another writer. In all experiments, twelve known reference signatures were presented to the systems.
IDCAR evaluated the systems according to several measurements. They generated ROC-curves to see at which point an equal error rate was reached: i.e. the point where the false acceptance rate (forged signature being accepted as genuine) equals the false rejection rate (genuine signature being rejected). At this specific point they also measured the accuracy, i.e. the percentage of correct decisions with respect to all queried signatures.
The winner was the xyzmo solution, with an accuracy of 96.27%, a false acceptance rate (FAR) of 3.70% and a false rejection rate (FRR) of 3.76%. In comparison, the second best system had false acceptance and false rejection rates above 7%!
xyzmo offers the world’s most complete, open and accurate real-time signature verification. (Read more: xyzmo wins in 2011 the international signature verification competition for online skilled forgeries) Since the end of the 1990s WonderNet has been the market leader in personal digital signature capturing and identification based on electronic biometric signature data. Together with the Hebrew University in Jerusalem, WonderNet investigated the nature of the human signature and developed mathematical methods to compare such electronic biometric signatures against pre-enrolled signature profiles. Bank Hapoalim, Israel's largest bank and financial group, and WACOM Co. Ltd. Japan, were both investors in WonderNet at that time.
Early adopters helped to improve this technology:
- The Israeli Air force uses this technology; for example, to check signatures on airplane maintenance protocols.
- Ono Academic College (OAC), a leading Israeli institution of higher education, facilitates contract signing with SIGNificant. Lecturer recruiting became easy to manage administratively, with controlled budget approvals which are biometrically authenticated in real-time, in order to secure the process.
- …and many more, including Bank Hapoalim as mentioned above.
On February 14, 2008 xyzmo shareholders bought the entire IP rights of WonderNet Ltd. (Penflow) including the most prominent technology for electronic biometric signature authentication. By incorporating this technology from WonderNet, xyzmo SIGNificant became a major international company in its field, with offices in Austria, the US and Germany, and represented by many Value-Added Resellers worldwide.
The major advantage over other solutions on the market today is that our technology is able to compare a signature against a profile which is self-learning over time. Only this approach guarantees appropriate results for signature verification and authentication, respectively, because it is human nature never to sign twice in exactly the same way, and also to alter the signature constantly over a life-time.
- A comparison with only one sample signature is mathematically much easier to handle, and thus some companies offer essentially inaccurate solutions. These “low level” solutions merely pick one random signature as a basis for the comparison. This approach only works for people who always sign in exactly the same way. Most human beings do not behave like that, and thus this approach is simply not feasible for a broader usage of that technology. Anyone can easily prove this by asking 10 random people to sign 6 times in a row, on a blank sheet of paper, in order to see how different most of these signatures are.
- A more sophisticated but still not satisfactory approach is to build a solution which takes several signatures – a profile – into consideration at the time of real-time comparison, but still using a static profile which is not self-learning. This will deliver, at the start, better results than a comparison with just one signature, but the comparison will get less and less accurate over time. This will happen for nearly 100% of human subjects.
To summarize: only the xyzmo SIGNificant approach – based on self-learning profiles – really works in the long run with sufficient accuracy. The SIGNificant Biometric Server takes the ability of self-learning profiles one step further, by using a sophisticated algorithm when building a signature profile, initially by recognizing if such a profile is of sufficient quality or not. In particular, when people sign for the first time on a signature pad they change their signing behavior a little bit, and adjust it after they get used to this new technology, or new way of signing on a signature tablet, until it becomes the “usual” way. Thus it is business-critical to take more than 2 or 3 samples for each profile and, on top of that, to check by intelligent algorithms if these profiles are a robust base for the later verification. It is much better to reject improper signatures out of a profile at this stage, namely, at the time of creating such a profile, and ask a customer to sign one additional time, instead of generating a wrong profile and “try” to use this for later comparison.
The area of electronic biometric signature verification/authentication on a large scale has just started with such high-quality standards as xyzmo introduces them to the market. There are, meanwhile, early adopters in Europe like a German company for checking signatures on quality assurance documents, or a bank which authenticates all their customers in real-time based on their handwritten electronic biometric signature with our advanced and superior technology as described. This will become a huge market over the next few years, and xyzmo sees itself clearly in the leading position and far ahead of the competition with the best and most advanced solution available. Self-Learning profiles will be the key!