Electronic documents or contracts may be signed by users by affixing or adding a user's biometric signature data to the electronic document. Such biometric signature data, if not secure, may be copied by other users who wish to impersonate the signor. In other cases, a user who affixed their biometric signature data to a document may be able to repudiate a signature or deny that the document was actually signed by the user. To verify a biometric signature captured by an electronic pen and a digitized pad, for example, an enrollment administrator may need to initially enroll user signature data as signature references to a separate storage device or server. A user's signature data that is later applied to a document may be compared to the stored signature references in order to confirm that the signature data on the document is associated with the user. When applied to a document or stored on a server, signature data may be encrypted and decrypted by one or more keys unique to the user, ensuring that others are unable to forge the signature data and impersonate the user.
Enrollment data may still be at a risk for tampering, deletion, or repudiation while it is stored and during transfer from original storage to an electronic document. The problem may depend on who maintains control over the signature references. If the user has complete control over enrollment data, then the user can delete or modify the signature references they previously enrolled. The user can also repudiate a document actually signed by the user by claiming that the key or password to decrypt the signature data is lost or forgotten. If an administrator has complete control, the user may be able to repudiate signature data by claiming that the administrator changed the enrollment data.