1. Field of the Invention
The invention relates to the conversion of physical or biological signatures into digital signatures. More particularly, the invention relates to generating digital signatures using biometric identification.
2. Description of the Related Technology
Physical signatures are becoming an anachronism in the electronic world and the process of verifying pen-and-ink signatures, photographs or fingerprints on paper or other materials are costly and error-prone. At least with physical documents, however, the signer retains the basic “contextual controls” of document preparation and physical delivery. On a digitally signed electronic document, on the other hand, a signer controls only the encoded signature. All time, place and manner controls are absent, and nothing distinguishes a valid user signature from one fraudulently produced by another user who somehow obtained the first user's data, algorithms and keys.
Public-key cryptography is a computer security technology that can support the creation of electronic document systems, providing that the user's digital signature on an electronic document, i.e., the user's electronic authentication and verification of the electronic document, can be given sufficient practical and legal meaning.
These systems have enormous commercial significance because, in many cases, large cost reductions can be realized over current paper transaction procedures. This improvement is sufficiently dramatic that many organizations are, for economic and competitive reasons, compelled to use them once their practicality has been demonstrated.
Disadvantageously, known systems do not allow for authentication of messages using biometric information. Biometrics is the measure of an individual's body or behavior in order to identify or verify the individual's identity. Biometrics provides for new ways to identify a user with his fingerprint, voiceprint, iris scan, facial picture, hand geometry or various other unique features of his body or behavior. Biometric measurement data, albeit subject to statistical variations, is nevertheless conventionally used to verify the identity of individuals. Typical methods used are based on statistical hypothesis testing where an individual's biometric measurements are stored at the time of “enrollment”. Then, during “verification”, biometric measurements are taken again and compared to the stored measurements. Various algorithms can be used to convert the measurements into mathematical representations and accept a range of biometric data. This conversion and statistical analysis is useful because sequential biometric measurements have a range for any one individual, especially when taken at different times and places using even slightly different equipment.
There is a need for new and improved systems for authenticating messages. The system should analyze biometric information as provided by the user as part of the authentication process. The system should also include features to safeguard the keys that are used in the authentication process.