Written signatures are commonly used in many different contexts to indicate and authenticate an individual's identity and/or affirmation of a document, legal instrument, or the like. Written signatures are, in general, unique to individuals and can usually be verified to establish their authenticity. In addition, written signatures have additional properties that contribute to their usefulness: people do not usually forget their signature (as they might forget an arbitrary password); signatures cannot be stolen as easily as passwords; and signatures require no special technology to use and authenticate (generally, all that is needed is a pen and paper). Furthermore, signatures have been in use for a very long time and thus have accumulated a cachet of importance and legitimacy.
One deficiency of written signatures is that it is difficult for machines, such as computers, to verify or authenticate them. Machines are more proficient at verifying individuals by checking a user-entered password or digital identifier. However, such authentication methods have significant drawbacks: for example, passwords or digital identifiers can often be easily stolen, forgotten, or even guessed. It is usually not possible to determine whether password input was keyed in by an authorized person, or even whether it was keyed in by a person or automatically sent by a machine. Even smart cards with embedded security chips may be compromised or stolen, leaving the victims of such fraud with little or no recourse in trying to prove they did not authorize a transaction.
While it is possible to combine conventional digital identification systems with biometric systems, for example using a badge along with retinal scanning, these systems place significant burden on users. For example, users must always have their badge with them and not forget their PIN—which can especially be a problem if they must interact with a number of different systems and if PINs are changed regularly for security purposes.
What is needed is an authentication system and method that combines the benefits of both signature-based and password-based methodologies, and that avoids the limitations of both. What is further needed is an authentication system and method that facilitates automated (machine-based) authentication and verification of data such as signature input. What is further needed is an authentication system and method that avoids the limitations of prior art techniques.