Slashdot Mirror
Sign Your Name Online With A Mouse
icke writes "Soon, the way you use your mouse could help prove who you are. According to a BBC News article, scientists have found a way for people to sign their name online using a mouse instead of a pen. The technology, based on the research from Queen Mary College, University of London by Peter McOwan, 'uses a neural network to pick out the unique features of the way that someone uses a mouse.'"
Until you get a wireless mouse. I've got one of those expensive Logitech mice, and even then, it moves erratically without warning. Not exactly good for predictable signatures, if you ask me.
If the software is smart, it will look for perfect reproductions which no human would be capable of and give an error if it detects one.
What about if you change your mouse type to something like a trackball or a laptop mouse? Your signature wouldn't work anymore, and you cannot access anything from other computer!!!
Will I have 3 signatures since On this box I have a trackman that I prefer to use. Sitting right beside me I have a standard old mouse and at work I have an optical mouse. All three take time for me to get used to again each time I switch. I have to assume that it's because I'm using them slightly differently, due to the feedback. As well if I change something like the mouse acceleration because things seem to slow one day It takes awhile for me to come back into practice. How Do they deal with these changes?
Signatures are useless, there are no good way to check them. Hell, my signature seems to change every time I write it and nothing happens. The mouse signature will be at least slightly secure if there is software to check it. It would really be best if we switched to a differnt system for this kind of stuff. Thumb print or something. I know you can reproduce someone's thumb print, but it's not THAT easy.
Would a signature created with a mouse be legally-binding?
Many of laws now on the books in the U.S. allow a digitial signature to be binding if all parties agree on the digital method used.
So, if you can all agree on wiggling the mouse for a sig, then it can be legally binding.
Learning HOW to think is more important than learning WHAT to think.
This looks like a variation on what the folks at Cybersign do. Their technology is based on matching the dynamical pattern of motion, not just the X-Y coordinate trace. A forger would have a hard time copying the variations in speed that the actual person uses even if the forger traces the same path or tries to "get good" at the signature.
Two wrongs don't make a right, but three lefts do.
It does, though, raise a related issue which troubles me: is it a good idea to use technology to remove the transaction from the realm of ordinary human experience?
If you use a conventional signature, the person on the other side of the transaction can at least make a gross check that the signatures (as written, and as on the credit card, for example) match. But, if I am understanding this proposal correctly, all the matching occurs "inside the machine". I worry a bit about the unintended side effects of this: "the machine is always right!"
(BTW, I think one has a very similar problem with some of the proposed electronic voting systems. Traditional ballot papers are not perfect, but I think that at least a normally intelligent person can understand the security model.)
Rich
SCO delenda est.
When I bought a ticket online from GrooveTickets, I had to sign this Flash applet, although I'm not sure how that alone is going to prevent theft because if someone was trying to use a stolen credit card, I'm sure they wouldn't have much trouble forging a signature on a Flash form with a reset button.
There has been a lot of talk about how the EULAs of computer software are pretty much void. That simply clicking ?I Agree? means nothing and that the EULA of today wouldn?t stand up in court.
What about the EULA of tomorrow? If, instead of an ?I Agree? button we are presented with a ?Sign Here? white space, and the EULA states that by signing, both people agree that it is a binding contract?
See where I?m going?
Well, a Challenge-Response mechanism that uses some sort of biometric feedback mechanism would seem to be the standard crypto authentication approach to this problem.
For example: use a subset of the bio-key to sign a packet, returned packet counter signed by authenticating service including a challenge mechanism (ie. pseudo-random light fluctuations to emitter in retinal scanner, measure and return eye muscle contraction patterns). This concept could possibly be implemented in the current system of 'mouse signatures' by the authenticator specifying a glyph or pattern for the user to input, rather than an (relatively) invariant pattern.
This does not exclude the possibility of compromise (even a 'statistically perfect' crypto algorithm can be extremely poorly implemented) but it would raise the bar - both in terms of complexity and time dependency.
The only perfect cryptographic solution is to not record anything, anytime, anywhere, ever...
Q.
Insert Signature Here
One of the legends of the early radio intelligence (and other classified military radio work) was that each coder (morse that is) had a very specific tapping style that was discernible by a trained professional. Such uniqueness was noticable even if the coder switched hands.
While this uniqueness didn't provide a surefire form of authentication, professionals who feared having a broadcast recognized would sometimes retire a coder after sending a particularly sensitive message.
Seems kinda like mouse analasys. You can't prove it's them, but it's another suggestion. Can't see how it'll be useful. The mouse is easy enough to hook into in the software side--it's by no means a secure device.
Recursive (adj.): see 'Recursive'