PalmTop offers legally binding E-signatures

mulan writes "Following the approval of S.761 (Millennium Digital Commerce Act), PalmTop has released software which will do just that. Using a Palm app and a Windows-based conduit, digital documents may be legally signed via the Palm device. Pricipal markets include online vendors. This could also help reduce fruadulant credit card transactions on the Internet. " It's not just PalmPilots either - custom solutions are/will be supported, including IBM's WorkPad. However, until Oct. 31, you can get free copies for the Palm (OS3 or better).

How secure is it anyway?

One question: why?

With all the devices out there not requiring any signature (gas pumps), not requiring validation of ID or signature (grocery store) or any proof that you are who you say you are - what's the use or the value of a written signature anyway these days?

According to the local police, a ring of credit card thieves moved into this area recently. They would get the card numbers (trash, receipts, etc.) and make mail-orders for goods that they could later sell (sports shoes, car parts). They would ship UPS to the card user's home address, then call up UPS and ask if they could pick up the order at the UPS station instead. They would go in and "sign" for the goods and be well on thier way before anyone was the wiser.

In no case was there any validation of signature in this process. And who was going to be expert enough to "validate" it if there were? In these days of credit and debit cards, a written signature is an anachronism.

Now, an electronic binary signature (public key anyone?) would be interesting.

Just rambling,

-bill rankin

Wrong URL

[Ageless]

The URL to the site should be http://www.penop.com

This could change our lives...

[Robotech_Master]

Ten years down the road..."

"Omigod! You're Mel Gibson! Can I...can I get your autograph?"

"Why, sure."

(fumbling with Palms)
beep!

"Wow, thanks! I'll...never erase this!"

IBM Workpad == Palm (usually)

[|DaBuzz|]

It's not just PalmPilots either - custom solutions are/will be supported, including IBM's WorkPad.

Just for reference, the IBM workpad's are just rebranded Palms (III's, V's) 'cept the Workpad z50 which is a CE mini-laptop.

Mr. Industry? It's the clue phone for you...

[Enoch+Root]

Shesh, they have this all backward if you ask me.

Why is a scribble considered legally binding? A handwritten signature is much more easy to counterfeit than a strong digital signature using PKi.

It seems to me like this is bending backwards to get some sort of digital signature of documents. Why is it that they have to use a Palm front-end to collect a signature? What's to prevent from capturing the signature as a JPG and then putting it elsewhere? What I mean is, some sort of pixelised display is not a valid way to sign a digital document.

Why not use a simple PKi architecture for signatures? The keyspace is certainly larger than a low-res collection of pixels. You don't have to do signature recognition.

It's a sad fact that the industry is taking forever to understand digital signature and identification. It's the same thing for e-commerce, for instance... Yes, you can get cracked. But you can also get tapped when saying it aloud on a phone line. Yet the first case flares up the imagination, whereas the later is just seen as a pretty unimaginative technical feat.

What I want is a central digital authentification authority, be it run by the Government or what have you. Then we can dispense with the petty scribbles.

I want my... I want my PKi...

"There is no surer way to ruin a good discussion than to contaminate it with the facts."

Problems?

[cdlu]

I forsee a lot of difficulties with using the Palm signature. If someone gets their hands on one person's digital signature on disk (or ram card or whatever else), they can use their authentic signature all over the place.

"Yes, I _am_ sure I want to sell this property to this person for $1.00."

Did any of your bother to READ the site?

[JoeShmoe]

NOTE TO SLASHDOT: Update the news article to include the proper URL...it's PenOp not PalmTop.

If you read the Product information, you can plainly see PenOp software can verify the identity of the signer using biometrics (such as signature dynamics and fingerprints), digital ids (such as Entrust certificates), and infometrics (such as passwords. I also noticed when I went to download a copy that it is appear to be keyed to your Palm's serial number. You get a PIN to unlock the software that will probably be matched to this serial number...

So to those people whining about fraud...this is not about sending a bitmap image of your signature around. That tech has existed on the Palm for years (TealPaint is a good one) and is not newsbreaking in any way.

This is secure because, in order to pretend to be you, someone would need:

1) You physical Palm device
2) The ability to sign a document in the same biometrical (if that's a word) manner...not just looking at it and copying it visually
3) A pin number to verify their identity
4) A copy of the conduit on your home PC, which probably has the other part of a digital key.

I'm no expert but the "something you have + something you know" approach in a very good one. You need a physical device and detailed information about how a person signs and/or what their PIN is.

Please, people, avoid making uninformed comments on your interpretation of how you think a system might in fact sorta kinda maybe work. =)

- JoeShmoe
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-