SYSTEM AND METHOD FOR AUTHENTICATING SIGNATURES FIELD OF THE INVENTION
The present invention relates to a system and method for authenticating signatures in general and, in particular, to a system and method for authenticating signatures transmitted over digital communication lines.
BACKGROUND OF THE INVENTION
In the field of computer graphics, it is known to use a digitizer to convert graphical data into electronic data for a computer. A user draws with an electronic pen on the digitizer tablet, and the digitizer converts the graphical data to electric signals. Such digitizers are used today for inputting data to computers, similar to a mouse. There are many occasions in which it is necessary to authenticate the signature of a person signing a document in order to ensure that the signatory is indeed the person whose name is being signed. One particular application is the field of credit cards, wherein sums of money change hands in reliance on the signature of the card holder. In the event that a card is stolen, a person who can forge the cardholder's signature can charge items against the cardholder's bank account. Similarly, when purchases are made over the telephone, the number and expiration date of the card are read to the vendor, but there is no way to verify whether the caller is an authorized user of the card.
This problem has reached new heights with the advent of the Internet, where sales are transacted by means of transmitting the number and expiration date of the credit card only, without any means of verifying the origin of the purchase. Since these communication lines are open, it is easy for a hacker to determine the number and expiration date of someone else's credit card which were transmitted over his modem, and to use that credit card for unauthorized purchases.
Authentication of signatures by means of a graphical image (or bitmap) is not a solution because a photocopy of the signature looks authentic and cannot be detected.
Accordingly, there is a long felt need for and it would be very desirable to have a method of authenticating the signature of a person, particularly a person using a credit card, both in a conventional sales transaction in a store, and over transmission lines, such as the Internet.
SUMMARY OF THE INVENTION
According to the present invention, there is provided a system for authenticating a signature including a digitizer, an electronic pen, a dynamic identification unit for measuring vectors produced during signature by the electronic pen on the digitizer, and a comparator for comparing the vectors produced during signature with a reference signature.
According to a preferred embodiment, the system also includes an encryptor for encrypting a signature record and a decoder for decoding the encrypted signature record. According to another preferred embodiment, the reference signature record is stored on an IC (integrated chip) card.
In accordance with the present invention, there is also provided a method of authenticating a signature including the steps of providing a reference signature record, signing with an electronic pen on a digitizer tablet, calculating parameters from data produced during signing on the digitizer tablet; comparing the parameters produced during signature with a reference signature record; and providing an accept or reject response in accordance with results of the comparison.
According to a preferred embodiment, the method also includes the steps of encrypting the calculated parameters
with a encryption key, and decrypting the encrypted data before comparing the parameters.
Further according to a preferred embodiment, the method includes the step of transmitting the calculated parameters over a transmission line to a remote location before the step of comparing.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention will be further understood and appreciated from the following detailed description taken in conjunction with the drawings in which:
Fig. 1 is a schematic illustration of a signature authentication system according to one embodiment of the present invention; Fig. 2 is a schematic illustration of a signature authentication system according to one embodiment of the present invention;
Fig. 3 is a flow chart of a method of providing a reference signature according to the invention; Fig. 4 is a flow chart of a method of authenticating a signature;
Fig. 5 is a detail of a method of comparing the signature in the method of Fig. 4; and
Fig. 6 is a flow chart of a method of updating a reference signature.
DETAILED DESCRIPTION OF THE INVENTION
The present invention relates to a system and method for authenticating signatures, the system and method being suitable also for authenticating signatures transmitted over communication lines. The present invention uses signature vector recognition and is based on the use of a digitizer together with software in a dynamic identification unit which calculates parameters based on data produced during signature by the electronic pen on the digitizer tablet. These
parameters, which are unique to each person when he signs his own name, are compared with the parameters in a reference signature record, or personal signature profile, which is based on data produced during a number of signatures, to determine whether the signature is authentic (i.e., signature by the authorized signatory) or forged.
For purposes of the present invention, a digitizer refers to any device which converts a location on an X,Y tablet, possibly with the angle of the pen and the pressure on the pen, to a numerical value, and an electronic pen is any device by which a person can write or sign on a digitizer tablet such that parameters of his handwriting can be detected by the digitizer. It will be appreciated that the system can be used to authenticate the handwriting of any predetermined word or words for which a reference record is made. Since the most common words used to identify a person are his signature, the present application refers to signatures, by way of non-limiting example, only.
It will be appreciated that there are many instances when it is desirable to authenticate the signature of a signatory, both in legal and business matters. The invention will be described hereinbelow with relation to credit cards, for which it is particularly suitable, by way of example only, but those skilled in the art will appreciate that it can also be applied in any other instance of signature verification where the system components can be made available .
When transmitting the signature over transmission lines for acceptance, as by a bank or credit card company, additional security can be provided by encrypting the signature with a secret key, known only to the signatory and the bank, which cannot be determined by downloading the data containing the signature signals from the transmission line.
Referring now to Fig. 1, there is shown a schematic illustration of a system for authenticating a signature
constructed and operative in accordance with one embodiment of the invention. The system includes a digitizer 10 with an associated electronic pen 12 coupled to a computer 14 for authenticating a signature at the time and place of signature. This system is particularly suitable for point of sale use. Digitizer 10 can be any conventional digitizer, such as a Wacom Digitizer, manufactured by Wacom Co. Ltd., Japan .
The signatory carries an Integrated Chip (IC) card, or smart card 15 on which is stored a reference signature record, or personal signature profile, for the signatory. Computer 14 includes a comparator 17, which compares the signature to be authenticated with the reference signature record stored on IC card 15. If the signature is within predefined tolerances of the reference signature, comparator 17 sends an accept signal to computer 14. If the signature is not within the predefined tolerances of the reference signature, comparator 17 sends a reject signal to computer 14. Referring now to Fig. 2, there is shown a schematic illustration of a system for authenticating a signature constructed and operative in accordance with an alternative embodiment of the invention. The system includes a digitizer 10' with an associated electronic pen 12' coupled to a computer 14' having a modem (not shown) for transmitting data from computer 14' to a remote location 16, generally a bank or credit card company in the present example.
At remote location 16, the data is received by a dynamic identification unit 20 arranged to receive the data produced during signature by the electronic pen on the digitizer tablet and calculate therefrom a table of parameters which constitutes a signature record. The result is provided to a comparator 22 which compares the signature to be authenticated with a reference signature record, or personal signature profile, stored in its memory 24. If the signature
is within predefined tolerances of the reference signature, comparator 22 sends an accept signal to computer 14' . If the signature is not within the predefined tolerances of the reference signature, comparator 22 sends a reject signal to computer 14' .
Operation of the system of the invention is as follows. First, a reference signature record, or personal signature profile, must be provided for the bank or credit card company or other body which must accept or reject the signature, as shown in Fig. 2. This is done at the time of opening an account or requesting a credit card. The user signs his name on a digitizer tablet coupled to the computer of the credit card company. The pen position over the tablet is recorded by the computer to produce vectors, and a mathematical analysis is performed to learn the following parameters at any given time during the signature process: pen position (X,Y coordinates) over the tablet; sequences of drawing: number of letters, relative position, and time to draw; acceleration and deceleration during signature; direction changes. Optionally the computer can also calculate pen tilt relative to the tablet and pen pressure, if the digitizer used is capable of providing this data. The digitizer data of the signature are input 30 to the dynamic identification unit in the computer. The dynamic identification unit records 32 the parameters of the signature. The recorded parameters are arranged 34 in a table of parameters. This process is repeated 36 a predetermined number of times, for example between 5 and 10, so as to permit the dynamic identification unit to calculate the tolerances 38 associated with the variations in the individual's signature, which is never identical. It will be appreciated that the range of acceptable variations in a personal signature profile will vary from person to person. Once the parameter table and
tolerances have been determined, these are stored in the computer memory for later reference as the reference signature record. It will be appreciated that, preferably, the personal signature profile consists of an array of parameters and logical tolerances or permitted variations, not an "average" signature.
A personal ID code is also recorded 39 together with the signature vector table. This personal ID code serves as an encryption key to provide additional security for signature data transmitted over transmission lines. This encryption key can be any string selected by the user which is known only to him and the credit card company. While the password selected by the credit card company, which is used in cash machines, etc. in conventional credit card authentication systems, can be used as the encryption key, it is preferable to select a key which does not appear on the card. One example of a suitable encryption key is the user's birthdate.
It is a particular feature of the invention that the dynamic identification unit will recognize a person's signature even if it is signed upside down (i.e., where the cardholder is in front of a counter) or rotated to any other angle, where the signature is smaller or larger in size, or slightly different in details.
At the time of making a credit card purchase, the purchaser's signature is authenticated as follows, as shown in Fig. 3. The customer signs with an electronic pen on a digitizer tablet in the store or on the digitizer tablet coupled to his home computer. The record of the signature is received 40 by the credit card company. The dynamic identification unit retrieves 42 the reference signature record of the cardholder. It may also retrieve 44 the personal ID code of the cardholder from the company computer if the signature is encrypted with the personal ID code. Generally this is necessary when making purchases other that at point of sale. If the record of the signature was
encrypted (described in detail hereinbelow) the record is now decrypted 46. If no recognizable signature record is received 48, the signature is rejected.
If the decryption results in a recognizable signature record, or if the signature record was not encrypted, the dynamic identification unit proceeds to identify the signature 50, as shown in detail in Fig. 4. The dynamic identification unit traces 52 the vector lines in the signature record and fills a parameter table 54 with the various parameters. The parameter table of the signature record is compared 56 with the reference parameter table stored in the computer memory.
Parameters for comparison are selected, for example, from the characteristics listed above. Any or all may be selected for use by the programmer. For example, the comparator can determine whether there is a significant difference in time of writing the signature 58, which could indicate copying rather than an authentic signature. It can determine whether there is a difference in the number of vectors 60, i.e., whether a letter has been added or omitted. It can look for a change in the angle of the pen 62. It can determine whether there is a change in the relative direction of the signature 63. And it can determine whether there are differences in pressure during signing 64. If any of the examined parameters is significantly different, i.e., outside the range of tolerances 66 (Fig. 3) , the signature will be rejected. If the signature record meets all the characteristics of the reference signature record, the signature will be authenticated and accepted. An indication of acceptance is then sent to the point of purchase.
When making transactions at the point of sale, generally the physical lines are sufficiently secure that no encryption is required, although it can be used, if desired. However, for transactions over the Internet, encryption is recommended to prevent theft of the credit card details. In this case,
the Web surfer will have his own digitizer tablet coupled to his computer. After typing in the credit card number, as in conventional credit card purchases over the net, a signature authentication software driver will pop an input window to the cardholder's screen. The cardholder will type his personal ID code and then sign his name on the digitizer tablet. The vectors produced during signature on the digitizer tablet are calculated and the software encrypts the signature data using the personal ID code as the encryption key, as known.
The encrypted signature record is sent to the vendor, which may be a site on the Internet. The vendor forwards the signature record, as is, to the credit card company for authentication of the signature. When the encrypted signature record reaches the credit card company, it is authenticated as described above with reference to Figs. 3 and 4. When the reference signature data of the cardholder is retrieved, the encryption key is also retrieved, permitting the dynamic identification unit to decrypt the signature record and compare it with the reference signature. In accordance with the results of the comparison, the credit card company will notify the vendor that the signature is accepted or rejected.
Preferably, the authenticating computer will include means for detecting hacking. For example, if two identical signatures are received, one after another, the computer is preferably programmed to reject the second signature, even if it falls within the personal signature profile. This is because, in real life, no one signs his or her name exactly the same way twice in a row. On the other hand, over time, a person's signature tends to change. Therefore, according to a preferred embodiment of the invention, updating means is provided for changing the personal signature profile or reference signature record, in accordance with perceived, consistent changes in the
signature. A flow chart of one example of suitable software for accomplishing this updating is illustrated in Fig. 5.
In Fig. 5, the comparator receives the signature for authentication and compares it with the personal signature profile (block 70) . If the result is not close to the edge of the tolerances or permitted variations, the comparator exits the program (block 72) . If the result is close to the edge of the tolerances or permitted variations, an invalid counter is incremented by one (block 74). The counter is checked (block 76) and, if the result is less than a pre-selected number, e.g. 5, the comparator exits the program (block 78) . If the results equals the pre-selected number, the old signature is replaced by the new signature (block 80) , and the Tolerance Table is rebuilt to include the new signature parameters and permitted variations (block 82) . At the same time, the Invalid Counter is cleared.
According to another embodiment of the invention, the signature authentication is utilized for network access, instead of a password. In this embodiment, the personal signature profile is provided to the network, in lieu of a personal passwork. When access to the network is desired, the user signs a digitizer coupled to his workstation, and the signature is compared with the personal signature profile. This method greatly increases security within the network, by preventing access to a hacker who discovered the password by unauthorized means, or to an unauthorized person who was given the password.
It will be appreciated that the invention is not limited to what has been described hereinabove merely by way of example. Rather, the inventon is limited solely by the claims which follow.