high privilege biometrics

How Biometrics Guarantee Your Digital Signature is You

Humans have been using signatures since civilization began as proof of identity and intent. A signature is a person’s name or sign written in a distinctive way that is hard for another to copy. Kings used signet rings and monograms to sign orders and proclamations. Charlemagne, who ruled the Frankish Kingdom from 801 to 814, used his monogram as a sign of authority.

In China, seals — called chops — are still used for personal and business legal documents. Elsewhere in the world, people exercise the right once reserved to nobles whenever they sign checks, documents, letters, and other agreements.

Non-Repudiation is an Essential Property of Signatures

One important property of physical and digital signatures is non-repudiation. Once you have signed a document, you cannot later deny that you signed it. Legal systems have used various methods to strengthen the property of non-repudiation:

  • Handwriting experts can analyze a signature to reasonably attribute it to the signer.
  • A notary is a trained public official who validates a signer’s identity by checking official documents like a driver’s license, passport, and birth certificate and witnessing the individual as they sign a document.
  • Websites use multiple means to confirm someone’s identity including passwords, knowledge of prior transactions, security questions, and pre-registered email addresses or phone numbers. But passwords and similar checks can be guessed or hacked making legal non-repudiation difficult to enforce.

Digital signatures which use a private key to sign a document and a public key to validate the signature are the accepted means for signing electronic documents. The challenge has been to eliminate the password as the mechanism to access the private key because passwords can be hacked.

Your Biometric is Bound to your Private Signing Key

Veridium makes legal non-repudiation possible using biometric authentication instead of passwords to grant access to a private signing key. Because your biometric is yours and yours alone, no one except you can use it for signing electronic documents.

During enrollment, you register one or more biometrics using your Veridium client software. For each biometric registered, the Veridium client generates a public/private keypair, binding it to your biometrics.

An Example of Non-Repudiation

Veridium software is integrated with your application. For this example, let’s say it’s a financial application. When you request a service from the financial application, it signals the VeridiumID server and provides a short description of the service requested such as “You are requesting to transfer $5,000.00 from savings to your brokerage account.”

The VeridiumID server push notifies your Veridium client to authenticate you using 4 Fingers TouchlessID. The descriptive text is included with the notification and appears on your phone with the request to authenticate. You click yes on the message to authenticate using your biometrics.

When you authenticate successfully, the Veridium client signs the descriptive text along with some other identifying parameters. The signed text and public key for verification is returned to the financial application (via the VeridiumID server) for validation and storage. Your transaction is complete. And don’t try denying it!

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email
Uncategorized

Veridium The True Passwordless Enterprise

Veridium The True Password-less Enterprise In February 2017 when I joined Veridium as CPO, I recognised and appreciated one of the biggest challenges for Enterprise