Slashdot Mirror
Sign Your Name Online With A Mouse
icke writes "Soon, the way you use your mouse could help prove who you are. According to a BBC News article, scientists have found a way for people to sign their name online using a mouse instead of a pen. The technology, based on the research from Queen Mary College, University of London by Peter McOwan, 'uses a neural network to pick out the unique features of the way that someone uses a mouse.'"
Until you get a wireless mouse. I've got one of those expensive Logitech mice, and even then, it moves erratically without warning. Not exactly good for predictable signatures, if you ask me.
...and probably easily replicable, since an actual physical presence is unneeded, and the ability to play back a "mouse stroke" will be a capable feat by any second year CS major.
If the software is smart, it will look for perfect reproductions which no human would be capable of and give an error if it detects one.
What about if you change your mouse type to something like a trackball or a laptop mouse? Your signature wouldn't work anymore, and you cannot access anything from other computer!!!
I don't think this will take off. Ever tried signing your name with your mouse? Reminds me of pictures I'd draw and put my name on when I was 4. When I use my credit card in person, each and every time I sign it differently so it DOESN'T match the signature on the back of my card just to see if anyone says anything. No one says a word. Even got away with signing "Blooooopy!" and no one noticed (no, my name is not Blooooopy!) If existing methods are trivial, how would this method work?
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
Yes, but if the human is smart, they would modify the playback macro just slighty, and in a believable way such that the algorithm determines that it is a valid signature.
Will I have 3 signatures since On this box I have a trackman that I prefer to use. Sitting right beside me I have a standard old mouse and at work I have an optical mouse. All three take time for me to get used to again each time I switch. I have to assume that it's because I'm using them slightly differently, due to the feedback. As well if I change something like the mouse acceleration because things seem to slow one day It takes awhile for me to come back into practice. How Do they deal with these changes?
Signatures are useless, there are no good way to check them. Hell, my signature seems to change every time I write it and nothing happens. The mouse signature will be at least slightly secure if there is software to check it. It would really be best if we switched to a differnt system for this kind of stuff. Thumb print or something. I know you can reproduce someone's thumb print, but it's not THAT easy.
Would a signature created with a mouse be legally-binding?
Many of laws now on the books in the U.S. allow a digitial signature to be binding if all parties agree on the digital method used.
So, if you can all agree on wiggling the mouse for a sig, then it can be legally binding.
Learning HOW to think is more important than learning WHAT to think.
I use everything from a mouse to a touchpad to a roller ball.... is my signature the same using all of these things?
How will it know? I'd get really annoyed if I had to plug in a mouse on my laptop to sign for something.
-n-
This looks like a variation on what the folks at Cybersign do. Their technology is based on matching the dynamical pattern of motion, not just the X-Y coordinate trace. A forger would have a hard time copying the variations in speed that the actual person uses even if the forger traces the same path or tries to "get good" at the signature.
Two wrongs don't make a right, but three lefts do.
The system could ask the user to also write something, (like the date, the name of the product, or the PO). This would make it hard to have the correct recording including all the connected letters. Of course this also make the training/preperation before the system can be used the first time harder.
It does, though, raise a related issue which troubles me: is it a good idea to use technology to remove the transaction from the realm of ordinary human experience?
If you use a conventional signature, the person on the other side of the transaction can at least make a gross check that the signatures (as written, and as on the credit card, for example) match. But, if I am understanding this proposal correctly, all the matching occurs "inside the machine". I worry a bit about the unintended side effects of this: "the machine is always right!"
(BTW, I think one has a very similar problem with some of the proposed electronic voting systems. Traditional ballot papers are not perfect, but I think that at least a normally intelligent person can understand the security model.)
Rich
SCO delenda est.
When I bought a ticket online from GrooveTickets, I had to sign this Flash applet, although I'm not sure how that alone is going to prevent theft because if someone was trying to use a stolen credit card, I'm sure they wouldn't have much trouble forging a signature on a Flash form with a reset button.
Actually, the anti-forgery algorithms that have been developed can tell when you're doing that; the better algorithms don't look for the outline of the letters you write (sign your name five times, and there will be differences between them), but instead look for the patterns of movement and speed while you're writing your name; if you're tracing a signature, your pen movements are going to be very different than the original signer's was.
There has been a lot of talk about how the EULAs of computer software are pretty much void. That simply clicking ?I Agree? means nothing and that the EULA of today wouldn?t stand up in court.
What about the EULA of tomorrow? If, instead of an ?I Agree? button we are presented with a ?Sign Here? white space, and the EULA states that by signing, both people agree that it is a binding contract?
See where I?m going?
Well, a Challenge-Response mechanism that uses some sort of biometric feedback mechanism would seem to be the standard crypto authentication approach to this problem.
For example: use a subset of the bio-key to sign a packet, returned packet counter signed by authenticating service including a challenge mechanism (ie. pseudo-random light fluctuations to emitter in retinal scanner, measure and return eye muscle contraction patterns). This concept could possibly be implemented in the current system of 'mouse signatures' by the authenticator specifying a glyph or pattern for the user to input, rather than an (relatively) invariant pattern.
This does not exclude the possibility of compromise (even a 'statistically perfect' crypto algorithm can be extremely poorly implemented) but it would raise the bar - both in terms of complexity and time dependency.
The only perfect cryptographic solution is to not record anything, anytime, anywhere, ever...
Q.
Insert Signature Here
One of the legends of the early radio intelligence (and other classified military radio work) was that each coder (morse that is) had a very specific tapping style that was discernible by a trained professional. Such uniqueness was noticable even if the coder switched hands.
While this uniqueness didn't provide a surefire form of authentication, professionals who feared having a broadcast recognized would sometimes retire a coder after sending a particularly sensitive message.
Seems kinda like mouse analasys. You can't prove it's them, but it's another suggestion. Can't see how it'll be useful. The mouse is easy enough to hook into in the software side--it's by no means a secure device.
Recursive (adj.): see 'Recursive'
...let's not forget us lefties out there. We are using the mouse at a totally different angle then the righty -- unless, of course, we are forced to sit at someone else's machine -- in which case we can use the mouse but our dexterity isn't what it could be...
Except for those of us who have broken down and always use the mouse on the right side. Not sure what to say about that.
(My personal opinion is that lefties who switch their mouse buttons are just weak and only add confusion to the mix...but it is 4:45am and I am tired, so that is just a cheap shot at fellow southpaws, sorry!)
To get back on track -- I'd hate to see the system not take into account the unique differences that come from the way lefties use their mice. I know I had trouble with handwriting recognition on my PDA until I could use a program like Jot/TealScript to define my own input. I could make the characters like I was "supposed" to, but because of my input angle, I was still having a problem.
I would have to say that explosives are the most abused technology in all of history.
everytime I sign one of those computer pad things (like at best buy). the sample rate is so slow that my "signature" ends up being five or six lines in different directions and it NEVER looks the same twice. whats the point of signing the thing? for a while now when I sign those things I just put an "X"
bite my glorious golden ass.
Not to mention people like my parents. They are starting out in the world of computing in their 'later years'.
Sometimes it dificult enough for them to get the mouse to click on things accuratly. How would they be expected to cope with it.
Oh and how secure is the system? Well I'm right handed, but use the mouse left handed (annoys the hell out of anyone sitting at my desk) so how would I have to sign it. The angle of stroke would vary between real world right hand and virtual world left hand.
And never will be.
Can you imagine if it authenticated every movement with a remote server?
And even if it did, we can still fiddle with the mechanics of it.
In a traditional ball-based mouse, just wire the optical sensors to another computer generating the movement pattern.
Even a trusted, self-certificating wireless optical mouse isn't that trustable. Attach any mouse to the head of an architect's A3 plotter and you can make it perform whatever sequence of movements you like -- a mouse dancing the Bolero, anyone?
NT
The signature on my credit card says 'Check Photo ID'. Not one clerk ever has.
I represent the opposite end of that spectrum. I got a Visa check card because I was sick and tired of having to show a photo id (with a photo already on my credit card). The commercials would seem to indicate that Visa check cards require no extra ID. However, I get asked for ID about twice as much now as I did before (with a regular credit card). I mean, my picture is RIGHT ON THE DEBIT CARD. *sigh* Why do you retail idiots ID me, when my picture is on my card, but the soccer mom writing a $2.50 check in front of me gets through with no hassle? I'm all for implanting lcd screens in our foreheads that display info like current bank balance. Think how much easier that'd make shopping, and dating! Now she can check out your salary before she even fake smiles at you.
http://xkcd.com/386/
If they did, and if they knew the right thing to do, they'd make you sign it - the card is not valid until signed. But yes, signatures are very rarely checked - and of course there are many instances (gas pumps with card readers, for example) where there're not even a pretext of possible checking.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood