What is Digital Handwritten Signature (DCP)
Russian letters "I", differing in the shape of the trajectory, and an example of finding extreme points for quick comparison of dynamic curves. Source: D.V. Kolyadin, I.B. Petrov, “An algorithm for extracting extreme points as applied to the problem of biometric verification of handwritten signatures . ” Investigated in Russia. - M.: MIPT, 2005.
A handwritten signature from ancient times remains one of the most popular ways to confirm documents. The composition of the handwritten signature is not legally established. This can be a first and last name in handwritten form or just a cross (“X”): any arbitrary collection of characters decorated using letters, letterless elements, all kinds of curls and strokes.
But now an ordinary autograph is more than just a stroke on paper. He is able to fulfill the role of a biometric identifier, and the concept of “signature” has expanded significantly:
- Physical signature (wet signature): a physical mark on a document, put by a person with his own hand. Previously, it was simply called a “signature”, but now the definition of wet is sometimes specifically indicated so as not to be confused with an electronic signature (ES) and a digital handwritten signature (DPC).
- An electronic signature (EDS), it is also a digital signature (CPU), an electronic digital signature (EDS).
- Digital handwritten signature (CRP) : a man’s own handwritten signature made using appropriate software tools (including tablets, displays) to confirm the integrity and authenticity of a signed document in electronic form.
Physical signature (wet signature)
A physical ink signature on paper is still the basic component of a document verification system, although recently this is not the only and not the most reliable way of verification. For example, the MasterCard international payment system announced the cancellation of a handwritten signature from April 2018 when calculating by credit or debit card in the USA and Canada. According to the statistics of the payment platform, now 80% of card purchases in the USA are made without confirmation by signature, and from April 2018 this number can grow to 100%.
According to MasterCard, the removal of a handwritten signature is another step in the digital evolution of payments and security. The payment system came to the conclusion that the refusal of a physical signature does not reduce the security of payments in the modern era, when smart cards with chips, authorization tokens, biometric identification methods and new digital contactless payment platforms like Masterpass are widely used.
Despite the prevalence of a physical signature, it is visually difficult to distinguish a real signature from a fake. Even two signatures of the same person can differ significantly. Without an examination, you cannot be sure that the received document was indeed signed by a specific person, especially if the document was signed without witnesses.
Verification of a handwritten signature requires a special procedure. There are automated verification systems in which signature recognition algorithms rely on pattern recognition algorithms or mathematical methods for analyzing curves. There are also specialized institutions (forensic centers) where specially trained experts carry out an examination of the authenticity of a handwritten signature. But in any case, neither automated nor expert assessment can fully guarantee that a particular copy of the signature really matches the original. If the handwritten signature is “simple”, that is, consists of a small number of elements (1-2 letters), then it is objectively impossible to reliably determine its authenticity. And in any case, the examination requires one or more “originals” of the handwritten signature, when the signature carrier personally signs in the presence of witnesses. Only then can it be established whether he owns a copy that is being examined.
Electronic signature - the requisite of an electronic document obtained as a result of cryptographic conversion of information using a private key.
In Russia, a legally significant certificate of electronic signature is issued by a certification center (certification center). The legal conditions for the use of electronic signature are regulated by the Federal Law of the Russian Federation dated April 6, 2011 No. 63-FZ “On Electronic Signatures”. The latest changes to this law were made in December 2015 and were described on them at Habrahabr . Here are the two most important innovations:
1. Offices issuing certificates are forbidden to enter additional fields from certificates and their mandatory requirements. Now, having one single qualified electronic signature you can be authorized and use all state information systems .
2. Now it doesn’t matter who exactly issued the ES key certificate , since all verification certificates allow you to build a chain of certificates to the Head Certification Authority, so that users only need to have the certificate of the State Certification Center in trusted ones.
It is important to note that all Russian qualified signatures are valid only in the territory of the Russian Federation, and to verify the signature, it is necessary to additionally install the root certificate of the corresponding national certification center. Thus, the main customers of Russian CAs are government agencies that are required to work with GOSTs. And international digital signatures, such as GlobalSign , can be used around the world, including in Russia.
World's Largest Trusted Services for Electronic Documents - Adobe Trusted List (AATL) and Microsoft Root Trust. Certification Authorities and trusted service providers included in this list issue certificate-based digital identifiers and time stamp services that comply with legal and regulatory requirements in the world, such as the EU eIDAS standard.
Microsoft supports two types of digital signatures, which are divided into visible and invisible. An
invisible digital signature is not displayed in the contents of the document itself. But the recipients of the document will be able to determine that it was signed by finding a red ribbon in the status bar of the document at the bottom of the screen or by viewing the signature area.
The visible digital signature is displayed as a signature line, as in a physical document. Adding one or more lines of digital signature to a document allows you to specify who should sign the document. The signer applies his digital signature in the created signature line and can add an image of his physical signature.
The PDF Signing Certificate is used for certification and for approving PDF documents. The recipient of the certified document knows that the document is genuine, received from a trusted source, and has not been tampered with. Signature approval document is an electronic analogue of a handwritten signature on physical documents.
Digital handwritten signature
Finally, it is worth mentioning another interesting technology - digital handwritten signature. The CRP has not yet been enshrined in Russian law, but there is reason to believe that this will happen in the future. For example, in neighboring Belarus, digital handwritten signatures have been legalized since March 3, 2018 in the banking sector.
CRP can be affixed:
- remotely using special software and hardware (including tablets and displays);
- with the personal presence of the client.
In essence, the CRP is a digital analogue of a physical signature. This is a definite attempt to mitigate the inherent weaknesses of a physical signature, including the difficulty of determining the authenticity of a signature.
The PCR examination can be carried out almost instantly using a software approach. A digital tablet records not only the outline of the signature symbols, but also other parameters that are analyzed during the examination of the physical signature - the position of the end of the pen (stylus) at certain points in time, the angle of the pen and the pressure exerted on the tablet. The data obtained with the help of graphic tablets reflects the dynamics of the muscular movements of the arm, and, therefore, are a biometric characteristic of a particular person.
For example, the illustration below shows an example of information collected from a tablet in the process of dynamic recognition of digital handwritten signatures: stylus coordinates, pressure, azimuth and tilt.
In the case of a physical signature, the listed characteristics are analyzed by experts. The CRP analysis is performed programmatically by the listed characteristics using pattern recognition techniques, such as the dynamic transformation of the time scale algorithm , hidden Markov models and vector quantization (Kohonen neural networks).
Dynamic handwriting recognition is an example of behavioral biometrics. Methods based on behavioral biometry are considered to be better protected from falsification than physiological biometry with static recognition (fingerprint, iris, palm geometry, etc.), although there are some difficulties due to the variability of characteristics. In this area there is an active research work.
The first international competition for handwritten signature verification programs: SVC (Signature Verification Competition) was held in early 2004. Now the ICFHR (International Conference on Frontiers in Handwriting Recognition) is held annually, in the framework of which several competitions are organized .
Thus, over time, a handwritten signature can get a “second life” in the digital age if it is recognized as a reliable method of biometric verification and if appropriate legislation is adopted to legalize the centralized payment service.