Signature Authentication - how this works

An important characteristic of ink-on-paper signatures is that they can be individually studied and analyzed by forensic handwriting experts, then compared to other existing samples for authentication. Perhaps the most  significant challenge to the validity of an electronic signature is the issue of authentication, since few technology providers support their technology with verification tools. If a signature cannot be attributed to the purposed signatory, it is worthless. Electronic signatures are no exception to this, and must be capable of authentication to be valid and binding. Insist that a technology provider has authentication tools and training in-place before selecting their solution.

Systems that embed a signature image into an electronic document (whether via PIN or biometric input) have less legal weight than faxed or photocopied signatures. Like “rubber-stamp” signatures, the object representing the signature is a superficial representation with no data linking the image to a biometric performance, and unlike a fax transaction, there is no 3rd-party record of the transmission. A bitmap, tif, or jpg image is not useful to a forensic examiner as it provides no detailed characteristics for analysis as is provided with original pen data.

The most accurate, reliable, and secure method of capturing a signature is in the form of raw pen events. A file of this type contains no images or analysis of the signature, just the pen events and position converted at high speed. This data has the additional advantage of being stored in a database or bound to the contents of a document very securely since it does not exist as a common image file format. It cannot be easily copied or viewed and used as a reference for forgers since there is no embedded image. Furthermore, since all original captured pen events are present in the e-signature itself, a forensic expert can later examine it point-by-point using specialized signature analysis software, if available.

Another issue to consider with handwritten digitized signatures is the type of biometric data, if any, which is captured and stored in the signature file. Beware of pen pressure measurement. Pressure is an unreliable biometric measurement because of the high degree of uncertainty inherent from one signing instance to another. The level of pressure a signature pad senses for a single person will vary widely based on height and orientation of the signatory to the sensor, the person’s mood, time of day, angle of the pad, size of the pen or stylus, calibration of the software, sensor age and wear, etc. As a result, a pressure-oriented primary biometric is susceptible to unnaturally high false-negative responses when automated or independent validation is attempted. In other words, when pressure is used to determine the validity of one or more signatures, it is far more likely to be a cause for rejection than for authentication, even if the signatures were created by the same user. Drastic variance makes signatures difficult to authenticate, even if they are valid.