Slashdot Mirror
Sign Your Name Online With A Mouse
icke writes "Soon, the way you use your mouse could help prove who you are. According to a BBC News article, scientists have found a way for people to sign their name online using a mouse instead of a pen. The technology, based on the research from Queen Mary College, University of London by Peter McOwan, 'uses a neural network to pick out the unique features of the way that someone uses a mouse.'"
To get ink from a mouse? Yeesh.
C - A language that combines the speed of assembly with the ease of use of assembly.
You could just record the mouse movements with some macro software and then play it back whenever it asks for their signature.
Everyone that disagrees with me is a paid shill
Would a signature created with a mouse be legally-binding?
Vertical motions detected. Credit authorization failed.
Thank you for shopping at Victoria Secret.
Banaaaana!
...I know all the kbd shortcuts and rarely use my mouse....err... ...You Insensitive CLOD!
While it may be a huge flourish that impresses the ladies, your signature is not as secure as it would seem. Forgeries are easy to make by skilled criminals.
Use a cryptographic key to sign. You'll be glad you did.
im screwed, i only use a keyboard :(
And what happens when you change to a different type of mouse? My change to wireless optical was quite a change which took some getting used to, and I'm sure it didn't "sign" the way I used to. Or whatever. :)
Until you get a wireless mouse. I've got one of those expensive Logitech mice, and even then, it moves erratically without warning. Not exactly good for predictable signatures, if you ask me.
My girlfriend had a pen-shaped mouse for a while, (wrist problems), and I'd imagine signing would be much more "natural" with one of those. Neat idea, though ...
David.
you switch mice? go from a trackball to a normal mouse, or go to a touch pad? there is no way you can write a signature the same way. Would you have to have a signature for every mouse in existence?
How does this work when you use a trackball? What about if I have two mice, will it still work then?
...and probably easily replicable, since an actual physical presence is unneeded, and the ability to play back a "mouse stroke" will be a capable feat by any second year CS major.
Just what I need. Computers to tell me I'm not me when I sign my name. At least with people I could make a convincing argument.
and when I buy a new mouse, I've got a new unique signature because every mouse is different.
The security system works with both optical and mechanical mice.
Before I read the article this was the first thing that leapt to my head.
Though I do still wonder whether it can pick up and ignore some of the idiosyncracies an anolog mouse may intoduce(i.e pieces of fluff on the rollers affecting the natural flow of the mouse etc.).
Will there ever be a use for my graphic tablet? I can't draw, so I thought maybe I could use it to sign my name but now I cant even use it for that??
(p.s. i cant actually sign my name either, or write. yay for 10 years of typing)
What about if you change your mouse type to something like a trackball or a laptop mouse? Your signature wouldn't work anymore, and you cannot access anything from other computer!!!
will changing my mouse, maybe to a higher/lower resolution mouse, different shape of mouse, a touchpad, a trackball, etc. change my signature? if so, how is this supposed to work? signing my name with a different pen doesn't change my signature.
will this have any effect on those nasty EULAs? do i really HAVE to agree to them now? i may be wrong but as far as i know clicking "I Agree" doesn't mean anything.
what differences does this have with mouse gesture recognition software?
I don't think this will take off. Ever tried signing your name with your mouse? Reminds me of pictures I'd draw and put my name on when I was 4. When I use my credit card in person, each and every time I sign it differently so it DOESN'T match the signature on the back of my card just to see if anyone says anything. No one says a word. Even got away with signing "Blooooopy!" and no one noticed (no, my name is not Blooooopy!) If existing methods are trivial, how would this method work?
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
We can finally write "signature sniffers" hehe..
Will I have 3 signatures since On this box I have a trackman that I prefer to use. Sitting right beside me I have a standard old mouse and at work I have an optical mouse. All three take time for me to get used to again each time I switch. I have to assume that it's because I'm using them slightly differently, due to the feedback. As well if I change something like the mouse acceleration because things seem to slow one day It takes awhile for me to come back into practice. How Do they deal with these changes?
Because I always use a mouse the same way, this will work great.... Not. I have many different computers, all with different types of mice and software. Trackballs, eraser-head laptops, trackpad laptops, and don't even get me started about different operating systems and the software they use. This is not going to work for many reasons, and I hope business realize this sooner than later.
Signatures are useless, there are no good way to check them. Hell, my signature seems to change every time I write it and nothing happens. The mouse signature will be at least slightly secure if there is software to check it. It would really be best if we switched to a differnt system for this kind of stuff. Thumb print or something. I know you can reproduce someone's thumb print, but it's not THAT easy.
"It's another way of indicating that you as an individual are sitting there on the end of the line."
Easy to fake with a mouse movement recorder.
Oh and what about people who use a trackball? does the smart biometric layer apply to those hand movements?
And the other obvious question : wouldn't it be easier to simply teach people why they should use properly formed passwords that are not "mom", "dad", "john1" or "s00persekrit"?
In short, yet another far-fetched solution to solve a non-problem.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
After recently studying for the CISSP, I learned a great deal about biometrics. The most accurate biometrics include things like iris scans, palm scans, retina scans, etc. These are so accurate because they measure characteristics that are totally unique to individuals. Signature dynamics and keystroke dynamics are some of the most ineffective biometrics around. A big problem is they can be faked. While the article states that early trials are 99% accurate, it doesn't detail how many people have actually tried this system. (A test group of 10 wouldn't be very good.) It also doesn't mention if they tried to fake it out. The real world is a harsh place on biometrics.
--
Luck is just skill you didn't know you had.
It's not a signature in the sense of signing a contract with a pen signature. It just detects different characteristics of how you move your mouse, which ends up being pretty unique. The article says it can be your name or some other identifying symbol. I don't think it really has anything to do with being "natural".
it's just ms paint with a web front end and a bunch of offshore labourers visually verifying each one !!!! ! !!
it's 99% accurate because of carelessness and post-lunchbreak bloat factor
I use everything from a mouse to a touchpad to a roller ball.... is my signature the same using all of these things?
How will it know? I'd get really annoyed if I had to plug in a mouse on my laptop to sign for something.
-n-
It's like a built-in cookie! Install some (real) spyware everyplace and track people at Internet cafes. Imagine being "wanted" and unable to use a mouse anywhere without causing an immediate convergence of feds. Or simply "watched" and tracked from computer to computer causing everyone in your path to be tagged as one of your associates.
Command line? Nope, probably you could do similar analysis on keyboard timings.
This is some scary technology if you ask me.
That's nothing, I came up with a program that not only detects the keys a person types, but the unique order they are typed in. I call this set of ASCII characters a "name."
This tagline is copyrighted material. Please send $10 for an affordable replacement.
what about people using laptop trackpads? or those pencil eraser nubs?
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
This looks like a variation on what the folks at Cybersign do. Their technology is based on matching the dynamical pattern of motion, not just the X-Y coordinate trace. A forger would have a hard time copying the variations in speed that the actual person uses even if the forger traces the same path or tries to "get good" at the signature.
Two wrongs don't make a right, but three lefts do.
I ask mostly because my signature is pretty "loopy" and occasionally the little boxes that people want me to sign in are too small and *I* wouldn't consider the result to be a "match". None of my credit cards looked like my real signature until I started just signing them with a Sharpie and going outside the box.
The Glass is Too Big: My Take on Things
I work for the University of Central Oklahoma, and they were asking me to write something that could do that for web verification for an online application for school enrollment. I found it rediculous as no normal person could make a readable sig with a mouse, and I told them so.
What is slashdot?
1) This is a slow news day
2) Researchers need to go out a little, stretch out their legs, breath some fresh air and start thinking about USEFULL things?
What if you use a trackball on one machine and a mouse on another?
I have one of each on both of the computers I Use. A Trackball on my laptop since I dont really need a surface to use it and an optical mouse on my desktop machine.
Wouldnt my fingerprint be different on each of my machines then?
Two things crossed my mind when I read the article summary:
.. although I think that would be insecure, but it would make a great addition to an existing method of authentication. A user types in their name, password and has to pass a challenge using the mouse in order to gain access.
1) Using this as a method to track users, you could identify a person by their mouse movements on a public system perhaps.. kind of scary.
2) As a method of authentication
Now I have not yet read the article, so my above ideas might be useless depending on just how reliable this whole idea is, then again my above topics might even be in the article. Just thought i'd comment with my initial thoughts. Sounds kind of neat.
I was already doing that since it was called a "mouse".
So, is a digital signature valid for the agreement that authorizes the use of the digital signature?
What about the agreement for that one?
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
Curiously, I've been using a mouse for graphic work since 1985. I can sign my name much more naturally and fluidly with a mouse than on paper, or on a graphics tablet.
It's all in the experience. I wouldn't be surprised if more of that happens in the future.
So the "signature" is tied to a specific pointing device...
so your signature is invalid if you use a laptop with a trackpoint,touchpad, or use a track ball or a tablet and a pen, etc.....
Neat idea, 100% useless in the real world.
Now if you can get a reliable identifier (How about something as simple as a ibutton ring (www.ibutton.com) and quit trying to invent the unique personal identifier that so far is only out DNA (no, no dna testers on our computers than you.)
Identification has always been tied to a unique card, number, whatever given out by a group or agency. Why not stick with the same thing just update it with current off the shelf technology that already works?
www.ibutton.com I use it to log into my computers at home, unlock my doors and even start my harley....
Do not look at laser with remaining good eye.
what about the mice that are controlled with your thumb, you know the ball that you move. i doubt it would work well with one of those mice
What is slashdot?
While it may be a strong key that impresses the geeks, your cryptographic key is not as secure as it would seem. Viruses are easy to make by skilled hackers.
+5, uses neural network technology
+2, academic researcher
+2, academic researcher studying biologically inspired hardware and software
+1, biometrics
+1, researcher teaches multimedia
+2, researcher teaches computers in society
+2, no history of employment in real world
-1, degree in physics
------------------
+14, almost certainly bullshit
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
Fun with Anagarams! LADS HOST, SHALT DOS. HAS DOLTS. AD SLOTHS, HATS SOLD. ASS HO, LTD.
Damn the rate ppl post on here. This is redundant before I hit submit and didnt even know it.
I'd classify this invention as similar to Segway in its utter uselessness. Some laugh at people who ride Segway in a park instead of walking (as humans are built to do); in the same manner some would be laughing at people who are busily wiggling the mouse trying to buy something online, instead of plugging the key (or just their password) into the system.
Again we see an invention that solves a problem that does not exist... could they please find a problem and only then get busy? Is it too much to ask, for example, to develop a wireless mouse that is using forward error correction and checksums, so that it does not "jump around" as most wireless garbage does? That would be something useful.
What happens when I swap between my home computer (normal mouse) and my laptop (touchpad)?
"Do you think we could wipe out world hunger forever if scientists figured out how to make AOL's Free CD's edible?"-
Christ... first thing I did when I read that was stop moving my mouse.. then the thought crossed my mind that by doing that, I was just setting up a new signature, so I started moving the mouse. Then, I started to think that maybe I was moving the mouse in my own special way, so I tried to make something up.
Then it occurred to me that I'm using lynx.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
Jerking off to shit porn?
Disgusting.
My pre-web skills are centered around the use of writing utensils.
I've got a Wacom tablet that receives signals from either a mouse or a pen.
I never use the pen. It's annoying and far too sensitive. The right Rotring used with skill and responsibility, on the other hand, is a thing of beauty.
...so what happens when you switch from a mouse to a trackball? I can't imagine the physical actions are that similar and must throw off the measurements somewhere.
Triv
I use a trackball. If you think mouse sigs
are childish, try it with a trackball!
This is the Constitution.This is the Constitution under the Bush administration. Any questions?
BTW, I'm sorry she developed those wrist problems after being with me, but man! she just goes and goes and goes....
And its called pbrush, lives in c:\windows\ if you use windows pre-nt
Mac users will recall MacPaint
Both these programs, magically, record vertical and horizontal mouse movements on a two-dimentional area known as a 'mouse pad'.
This program is able to record signatures, incredably, into a file on a 'computer'.
Using 'diff' (requires unix or cygwin), the two files can be compared and a difference reflected in a numerical value.
WHAT will they think up next!?!
"I tried and the fscking thing bit me!"
Apparently you grabbed the wrong thing.
We may see the click-through license replaced with the sign-through license.
I use a trackball that's controlled by my index and middle finger at home and in my office.
(Yes, I have an office. Neener-neener.)
Most computers have mice.
I can't imagine that the motions of my whole arm for a mouse (or my thumb for the other kind of trackballs) would mimic those of my two fingers closely enough for me to sign anything anywhere that doesn't have the same or similar trackball that I'm used to.
tape a pen (leaving it's lid on) to the side of your mouse and do your thing!
Maybe some mouse manufacturer will beat the crowd and include a pen like antenna that can be contained within the mouse, or taken out when needed.
Just a thought...
It does, though, raise a related issue which troubles me: is it a good idea to use technology to remove the transaction from the realm of ordinary human experience?
If you use a conventional signature, the person on the other side of the transaction can at least make a gross check that the signatures (as written, and as on the credit card, for example) match. But, if I am understanding this proposal correctly, all the matching occurs "inside the machine". I worry a bit about the unintended side effects of this: "the machine is always right!"
(BTW, I think one has a very similar problem with some of the proposed electronic voting systems. Traditional ballot papers are not perfect, but I think that at least a normally intelligent person can understand the security model.)
Rich
SCO delenda est.
'uses a neural network to pick out the unique features of the way that someone uses a mouse.'
This is the first step along the way to creating the Terminator series of personal assassination cyborgs.
The simple neural network picks out unique features of mouse movements, just like the Terminators
pick out unique faces for termination.
http://jesus.everdense.com/
my current PHB who can't wait for anything to open or appear on the screen and just clicks/types/mouses incessantly, no matter how large the program or file. I just have a visual of all his email and Words files plastered in his signature.
I can sign my name in the snow
it doesn't have to look nice.. the software analyzes the way you move the mouse.. so even some else artistically inclined could not necessarily duplicate the way the signature was drawn with any statistical closeness, even if the finished product looked virtually the same.
Many (most?) people misunderstand the purpose of a signature.
The purpose of a signature is to be able for you to know that you signed it, not for someone else. I use different signatures at different times, but I know they are mine. To that extent, signing something with a mouse is just fine, for as long as you can tell _your_ signature appart from someone else's.
When a bank caches a check with your signature, they mostly don't look at the signature at all, and if they do, it's only a cautionary measure, since one cannot definitevely compare signatures.
If a thrid party wants to hold you based on your signature, they request a *notarized* signature, which is a whole different thing, because there you sign a document in front of a state-certified witness.
grisha.org
uses a neural network to pick out the unique features of the way that someone uses a mouse
Great... as if I didn't have enough to worry about. Now I have to start more erratically using the mouse so I can't be tracked... except that being completely erratic can be a recognizable trait... ARGH!!!
When I bought a ticket online from GrooveTickets, I had to sign this Flash applet, although I'm not sure how that alone is going to prevent theft because if someone was trying to use a stolen credit card, I'm sure they wouldn't have much trouble forging a signature on a Flash form with a reset button.
OK, so maybe using mouse movements as a digital signature isn't likely to be much more than an option extra layer of security over the web.
But what about active security of terminals?
If the software could be adapted to analyse the common use of a mouse (or lack there of, I like my keyboard shortcuts too) when using a display then I might be possible to continually verify the person using the display. A failed authentication could result in a screen lock (xlock) an automated log out, account deactivation etc.
Would help stop people joyriding on your screen when you forget to lock it.
I write with my left, use a comp with my right.
And what happen when you change the mouse driver and the speed of the mouse change, you loose your "unique signature" ? Personally, I've tried once to write in photoshop and I can't beleive I could do twice a signature that look like each other!
for my pelikan 140?
I didn't think so. Screw 'em...
Fuck doing that... I'm left-handed, but mouse right-handed. No way in hell I can write a siggy with my right-hand mousing. And I have a hard-enough time doing it with a pen in my left hand. Right-handers: try pushing a pen from right to left across a page sometime while making a legible or artistic mark. My WRITTEN signature isn't the same every time I do it.
I think if they want to truly be able to verify your identity, they'll have to eventually do some kind of real-time video verification where you speak with an operator from an authorized third party who asks you a series of random questions to verify your identity. Then, they'd have an audio-video record of the transaction, and be able to verify it wasn't from a recording/macro/etc.
These people looked deep into my soul and assigned me a number based on the order in which I joined.
I am a lefty that uses a right handed mouse. This would never work for me because I don't write with my mouse hand nor am I adept with a mouse with my writing hand.
When travelling, it's ok if the airlines lose your emotional baggage.
Comment removed based on user account deletion
I read in the paper(or was it a magazine?) recently that compared digital thumbprint scanners that could be used with a PC's USB port. The prices given for these scanners were mostly in the low $100 range, but the minimum was more like $70. The quality on them was generally good(with the occasional misses, but retrying corrected the problem).
:P
The software they came with didn't seem to have a "signature" feature, just a "password-entry" one, but the technology could probably be applied fairly easily to that sort of endeavor. In a few years or so the price will drop enough so that everyone can afford them, and we won't need this sort of stuff anymore.
Of course, there's the problem of people with no thumbs, or thumbprints(a rare condition), and people who steal thumbs on the black market...but we can deal with that as it comes up
Pen shaped mouse, eh? I think we all know what that was used for.
... when I'm on *certain* sites where my *other* hand is using the mouse....
If I can agree to a contract with a mouseclick (EULA, etc...), speak to a credit card company about "my" account by providing a SSN and a mother's maiden name, and access my banking data online via a password and perhaps some combination of above, I don't see why this is an important innovation as far as the marketplace is concerned. Granted, it's cool and thus I support the intellectual endeavor, but it as well will be rife with security issues of its own. -nudicle
Sounds like a good idea, but... I use 3 computers, one with a wireless optical mouse, one with a wired ball mouse, and a notebook with a touchpad.
Undoubtedly, I make different movements with each. So which one gets 'official' me status?
Clippy: It looks like you are trying to sign up for pr0n. Would you like me to retrieve your signature facsimile for the credit card authorization?
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
That means I not only need to look for keyboard cable keystroke recorders, but I need to start looking for mouse recorders as well?
The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
..so my 'unique mouse movements' mostly consist of delta-v experimentations within the constraints of the mouse cord (and sometimes, beyond) and some expressly kinetic friction-impact procedures, accompanied by the occasional close-proximity functions by cat hair and various non-blunt objects.
Marxist evolution is just N generations away!
Hhmmm... At last, I have a use for my mouse logger trojan!
He was probably talking about the pornstar. And if there isn't a pornstar named John Handcock, there damn well needs to be one.
A lack of John Handcock is un-American(TM), dammit.
A forger would have a hard time copying the variations in speed that the actual person uses even if the forger traces the same path or tries to "get good" at the signature.
The problem is that the actual person may also have a really tough time reproducing the same speeds, patterns, etc. in their signature.
This is why handwriting analysis/comparison is almost always inadmissable in court -- it's too variable.
The reasons for this are especially apparent when you look at the handwriting of people like myself whose fine motor control (like many guys) is not so "fine"... I can type quickly, but my signature varies *widely* each time I sign my name. The slant of the letters in my handwriting, type of loops, etc. also varies depending on my mood, the pen and writing surface, my posture, etc.
My real point here is that there's certainly a future in some kind of online "signature", but I'm guessing we'll end up with a system based more on asynchronous crypto as opposed to some kind of biometrics like this.
Normal hard-copy signatures aren't particularly secure -- no one pretends they are. That's why most of the time the cashier doesn't compare the signatures (in more automated systems like many gas stations, and online, they CAN'T). That's also why we have Notary Publics in the US who will certify that you were the one who marked the paper. The advantage of hard-copy signatures is that they're tough to scam safely, in bulk.
I suspect that most online signature methods *WILL* be comparitively easy to scam in bulk, simply because this is the internet, and it's all just data.
There are only 10 types of people: those who understand decimal, those who don't, and, uh, 8 other types I forget.
There has been a lot of talk about how the EULAs of computer software are pretty much void. That simply clicking ?I Agree? means nothing and that the EULA of today wouldn?t stand up in court.
What about the EULA of tomorrow? If, instead of an ?I Agree? button we are presented with a ?Sign Here? white space, and the EULA states that by signing, both people agree that it is a binding contract?
See where I?m going?
I use a trackball...
For a second, I thought they meant that this software would watch your mouse moving and clicking habits to identify you. Then I realised that all they want is to be able to draw a stupid unique symbol with a mouse. This just seems to be the dumbest thing in the world. It's not a bad idea, but it's getting hype as if it were some fancy new security technology.
What's up with this?
The security system works with both optical and mechanical mice.
No, really? What if I have a track ball?
dumbasses
You talk better than you fool!
Or a major head trauma for that matter. I know it was high on your 'to do list' for this week, but if your identity is being confirmed by close reading of your fine motor skills, then scrambling your noodle is likely to cause you to not be recognized!
Ok, so the two problems we've pointed out so far are that 1: an attacker can just capture the mouse movements (a problem with any unencrypted data stream), and 2: the signal will vary with the type of pointing device.
If you really want to use a system like this (not that I would), just make a secure uber mouse which forms a secure connection to the mouse drivers (which also do the signature recognition), and require everyone to use that. Then the signature sequence is never seen in the clear unless someone 0wNz your box. Make it a nice, accurate, ergonomic optical mouse, (maybe cordless) so people won't complain that they like X mouse better, and explain that the hardware cost is part of making the security system work. And go ahead and design it to work like a normal mouse when the right drivers aren't there (but then no signature), and put a few megs of mass storage on it to keep a driver installer so you can use the signature software when you need to (again assuming you can trust the box).
One of the legends of the early radio intelligence (and other classified military radio work) was that each coder (morse that is) had a very specific tapping style that was discernible by a trained professional. Such uniqueness was noticable even if the coder switched hands.
While this uniqueness didn't provide a surefire form of authentication, professionals who feared having a broadcast recognized would sometimes retire a coder after sending a particularly sensitive message.
Seems kinda like mouse analasys. You can't prove it's them, but it's another suggestion. Can't see how it'll be useful. The mouse is easy enough to hook into in the software side--it's by no means a secure device.
Recursive (adj.): see 'Recursive'
It sounds like this system of verifying stuff won't work in the real world.
Writing important documents in Word?
I guess its time (since this sparked my interest) to get a Wacom writing tablet and start taking advantage of the handwriting recognition built into OS X Jaguar... :0
"Right now, somewhere in this world, Scott Baio is plowing a woman he doesn't love," - Peter Griffin, *Family Guy*
There is a much fannier one (java required). Try it and you will find a lot about yourself
http://www.sitebits.com/2000/SIG/
It is available since 2000.
Try this:
http://www.sitebits.com/2000/SIG/
You will find a lot about yourself.
And how about people like me, who can't use a mouse? I used a mouse a lot, when I was younger, until my hand started hurting like hell.
At least, after a few years of not using a mouse, it has stopped hurting, but I still can't use a mouse without the pain coming back.
Why do people sign electronic pads at stores when they use credit cards? Not just at stores, either. In the UK, at least, one courier uses handheld computer type devices - which electronically capture your signature. All you'd need to do to get an electronic copy of someone's signature would be to package up any old thing in a package, get one of these devices, deliver it, and hey presto.
Every try using an optical mouse on a glass/clear plastic desk? At Future Shop (Canada's version of Best Buy), they had one of those transparent Macs on a matching transparent desk showing off OSX so I gave it a whirl, though the friggin mouse went all over the place!
Well everyone, get out the packet sniffers, or if it's encrypted (I hope so!) the memory readers and just take a look at the data this program collected. Transmit that to the site, or however it works, and voila... instant signature of poor Joe Clueless. Even easier than forging a hand written signature!
...let's not forget us lefties out there. We are using the mouse at a totally different angle then the righty -- unless, of course, we are forced to sit at someone else's machine -- in which case we can use the mouse but our dexterity isn't what it could be...
Except for those of us who have broken down and always use the mouse on the right side. Not sure what to say about that.
(My personal opinion is that lefties who switch their mouse buttons are just weak and only add confusion to the mix...but it is 4:45am and I am tired, so that is just a cheap shot at fellow southpaws, sorry!)
To get back on track -- I'd hate to see the system not take into account the unique differences that come from the way lefties use their mice. I know I had trouble with handwriting recognition on my PDA until I could use a program like Jot/TealScript to define my own input. I could make the characters like I was "supposed" to, but because of my input angle, I was still having a problem.
I would have to say that explosives are the most abused technology in all of history.
I seen this "mental contamination meter" back in 1999. We tried to use similar java applet technology for signatures, but there was no much interest. Everyone was completelly happy with what they have.
All so the next generation of Macs can be shipped without keyboards?
Is anything actually that wrong with typing a password? Its pretty tried and tested, it just seems that these new methods are just trying to look cool.
Also, wasnt there a pen that contained motion sensors that could varify your real signature while you wrote it? It was pretty similar to this except it could detect more things like pressure and angle.
This comment does not represent the views or opinions of the user.
This kind of technology is not really new. Similar approach was tried before for credit card applications, but the problem was that nobody really needed it. Check this link, look at what this technology was finally put at.
http://www.sitebits.com/2000/SIG/
I personally think that such technology can be used for fun and internet amusements, not for real signatures.
The problem is that the actual person may also have a really tough time reproducing the same speeds, patterns, etc. in their signature.
That is the entire point of a modal analysis of the signature. It captures not only the central tendency of the signature, but also the characteristic modes of variation. The idea is that everyone's signature varies in amounts and ways that are unique to that person. Some people might vary more on the first letter, the heights of letters, the shapes of loops, slant, the spacing where the hand scoots over, etc. Analyzing a population of samples from the person gives the system a good idea about what parts of the signature vary, how they vary, and how much they vary.
The reasons for this are especially apparent when you look at the handwriting of people like myself whose fine motor control (like many guys) is not so "fine"
Like you, I too was born without an analog plotter interface. A person like myself or jtheory will simply get logged by the system as being more variable than a person like Ms. Ima Caligrapher. If a forger or mouselogger tries to replicate our signature, they will be flagged as being too perfect.
Two wrongs don't make a right, but three lefts do.
I use a trackball at work, and a mouse at home. Try replicating the movement between the two, and you'll see how different they are.
Unless you are forced to use a mouse (not trackball, pen or weird device stuck to your head), this won't, IMHO, really work.
But i am a hard core *nix guy
i dont use a mouse !
Does that depend on the equipment used? Different mice have different characteristics. I am sure that there are still some recurring patterns, but will this software be able to recognize my signature, regardless of whether I am using an optical mouse, expensive mechanical mouse with heavy ball, clunky 5-button mouse, small cheapo "Noname" (tm) mouse with light plastic ball, gaming mouse, ergonomic mouse, etc?
Future Wiki -- If you don't think about the future, you cannot have one.
I'm left-handed but i use my mouse with the right hand... I know it's weird but I can't sign my name with the right hand. I guess the solution ain't solution to everybody!
var sig = function() { sig(); }
And never will be.
Can you imagine if it authenticated every movement with a remote server?
And even if it did, we can still fiddle with the mechanics of it.
In a traditional ball-based mouse, just wire the optical sensors to another computer generating the movement pattern.
Even a trusted, self-certificating wireless optical mouse isn't that trustable. Attach any mouse to the head of an architect's A3 plotter and you can make it perform whatever sequence of movements you like -- a mouse dancing the Bolero, anyone?
NT
This places everyone who ever accepts a signature from anther person in a position to man-in-the-middle attack that person, pretty clever.... DUH!
What is needed in computer-systems is zero-knowledge proofs, or at least a challenge/response method influenced by both parties.
The real use for bio-metrics is to verify relations between identity and private-key possesion in a trusted 3rd-patry setting, not for authentication itself.
SLOGEN [ http://ungdomshus.nu : Sebastian cover music]
"It's about using the mouse as a kind of surrogate pen," said Dr McOwan.
... I've discovered a way to draw perfect circles using a mouse. Holy shit... it'll change the world.
Wow doctor! What a fucking revelation! This just in
Sometimes, I get the feeling that I'm surrounded by idiots. Oh wait a minute... I AM!
Skiers and Riders -- http://www.snowjournal.com
I work with digital signature capture for handheld computers. Not only is the bitmap image stored (which would be easy to reproduce and forge) but so is the the way the signature was written in the first place - pen stroke length, order, etc. There are other security factors in place as well. Presumably, a similiar system will be used to ensure security in mouse-driven signature capture software.
Simply put, GM6.2 could very easily be fined as forging a billion signatures too.
Would just clicking "I Agree" to a contract displayed in a scrolling read-only textarea be considered "well-recognized in society that going through this specific ritual means entering an agreement"?
Will I retire or break 10K?
If you're sat using the same computer with the same mouse and the ball's not getting dirty, etc.
then it may well work ok.
But, you cannot, e.g. sign something when using a friends laptop if there isn't a mouse attached. You can't sign if the mouse is dirty and jumps around a little.
I bet the 99% accuracy was when using identical equipment for each of the test 'signings'.
John_Chalisque
I've got a trackball. After 3 years of using it, I still can't draw anything that even resembles what I want it to be. Of course, I can't draw with crayon or pencil either.
Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche
..who writes using my left hand but uses the mouse right-handed, trying to write a signature with the right hand yields a result somewhat similar to what a two-year-old can draw with a pen in her mouth.
How about the computer asks the forger, er human some turing test questions? It could be a 30 minute test, and if it decides you are a human, then you can enter your 4 digit pin number.
My user number is prime. Is yours?
So a mouse would be required for ecommerce then? There are so many other input peripherals, many of them are better in some way for some people at some times, and we shouldn't have apron-strings tied to one input method that ought to be obsolete by now anyway. Well, maybe if the software works equally well with pens, it would be somewhat better...
And the other problem is that the software might not run everywhere. The best they could do is use Java, and that's also a pain.
We should be using smartcards or DalSemi iButtons for ecommerce. (Perhaps a PIN or password should be required too.)
Hmm. Why don't we ask the couple of generations of IT people who've tried to teach people this very lesson? Maybe they have something to say about that one. I could start with our call center: their number one call every month for the last five years has been "Please reset my password" despite several "education" campaigns.
People don't use "bad" passwords because they're uneducated nitwits, they do it because there are so many dang systems asking for passwords that they'd be driven crazy by the exercise of keeping them all straight otherwise. Either that or they'd have to write 'em all down, which kind of defeats the purpose, yes?
This motion signatures thing probably isn't the solution -- but hey, at least it does try to build on a model users know. Existing ID and authentication methods do sort of suck, so it's not like this is a solution without a problem.
"Fundamentalism" isn't about divine morality. It's about human authority.
Offense: Record and playback
Defense: Check for exact replica
Offense: Add slight differences
Defense: Check slight differences for consistency with original behavior
Offense: Analyze movement to make differences consistent with recorded macro
This sort of thing goes on and on - reminds me of using a sharpie to circumvent the null data track on copyrighted CD's.
The bottomline is that there is no real security. Even the number of bits in encryption has to be bumped as processors speed up to try to keep them from being crackable in a timely manner. Suppose encrypted credit card transcactions are being logged by someone, with only the last 3 months being kept on file. If there's a huge breakthrough with a diamond superconductor processor, the attacker can assume that most of the credit cards logged in the last few months haven't expired, crack them fairly quickly (even at a day per card), and go on a shopping spree.
The only way to never be behind in an arms race is to never start one, unfortunately this means no steps can be taken for security.
Perhaps a better answer is to start with a system already a few steps ahead of the "offense" from the word go, discouraging attempts to circumvent it. Of course this tends to be costly to develop and (with computers) processor intensive to use.
The only thing more dangerous than a file named -rf is renaming it -rf\ /
Hurm... So, if the basic idea behind this is to profile the mouse usage, how will it react when a gummed-up mouse is cleaned? Or with a new mouse? Much better chance of working with an optical, I expect, but even then, won't there be jumps and jitters in mouse-movement if the surface is changed?
Internet Explorer was unable to link to the Web page you requested. The page might use standard HTML or CSS.
logging onto pharmacy website to get my pain killers... but wait, my hand is in a cast! Let me try my left hand! Wait, I'm right-handed; my left will never work! ....
The power of Christ compiles you.
A Random Blog
I use a WACOM tablet. It has a pen and there is good support for them under Linux and XFree86.
They are pressure sensitive as well.
And they are much easier to draw with than a mouse, so signing your name would be much easier.
"We can't solve problems by using the same kind of thinking we used when we created them." -- Albert Einstein
Then there are people like me, who go both ways :-) I use my left hand to mouse with at work, and my right hand at home.
To add to the unlikelihood of this "mouse signature" system working, I use a trackball at home, a mouse for the laptop, and a trackpoint sometimes as well.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
I'm worrying about the retinal scan and blood sample.
SCO to Hell
They don't even have hands, only paws. Or at least they wish they had paws.
. . . PRINT sensor on the side of Mice!
What do you think -- a Thumb-print Sensor on the side of the mouse?
There might have to be both L-H & R-H versions.
.
(David Bowman, EVA near HUGE Monolithic Win-PC in orbit around Jupiter) "My God - its full of Malware!"
Well, there's an opportunity just begging for some of you clever EFF types to leap on it and savage its little mousey carcass.
Distribute a piece of software that randomly manipulates your mouse so that we can all be anonymouse once more.
Get to it, you freaks!
+++
"The fool doth think he is wise, but the wise man knows himself to be a fool." -- William Shakespeare, (1564-1616) Poe
- All parties agree to accept a given digital gesture as a valid signature;
- The entire text of the agreement that was digitally executed be preserved in verifiable original form; and
- The original executed document can be reproduced on any signer's request in a reasonable amount of time.
In practice, the form of the signature is the least onerous requirement. A simple "I AGREE" button is as legally valid with or without a sophisticated PKI signature, e.g., from VeriSign or Thawte. Entities that want to offer legally binding digital agreements spend much more time focusing on the storage and retrieval requirements.