The use of biometric authentication systems is starting to grow at a high speed. According to a study by Juniper Research, more than 600 million mobile devices will have this type of authentication system by the year 2021– which means multiplying the number of smartphones with biometric technology by 3 in 5 years.
In this post, we want to explain what exactly biometrics is, what it’s for, how we apply biometric technology in our advanced electronic signature solution, and how the biometric data we collect during any signature process serves to complement and reinforce the electronic evidences that unequivocally prove the signer's identity.
This post is also available in Spanish.
What is biometrics and what is it for?
Basic definitions: biometrics and biometric recognition
As Avivah Litan, a reputed Gartner analyst with expertise in security analysis, user behavior analysis, fraud detection and prevention, and identity verification says, “biometrics is certainly the most secure form of authentication. It’s the hardest to imitate and duplicate”.In reality biometrics is not only difficult to copy, but it is practically impossible to do so, as it refers to the measurement of a number of features or distinctive characteristics of each individual, meaning that they are unique traits for each person.
By the definition of the word biometrics, biometric features are measurable, and they are known as biometric identifiers. They are classified in two types:
- Traits or physical characteristics, such as the fingerprint, DNA, the shape of the hand, iris, retina, face, etc.
- Traits or behavioral characteristics, such as the writing rhythm, the signature, pulse, gait or the voice.
The biometric recognition or biometric authentication is the use of biometrics to identify or verify (authenticate) a person, measuring one or more of their biometric identifiers and determining their authenticity.
Therefore, technologies that use biometric authentication systems serve to identify or verify (authenticate) people and control accesses, whether it is a physical location or a virtual platform. Among the most common biometric technologies are fingerprint captures, facial or iris recognition technologies, and voice recognition technologies.
How is identification different from verification or authentication?
Both identification and verification, also called authentication, are two ways of recognizing a person's identity.
The difference between them is that the verification or authentication involves confirming or denying a person’s alleged identity. To confirm or deny if the person is who he/she claims to be.
Meanwhile, identification involves identifying or recognizing a person from a set of N people in a database.
What other systems of identification and authentication exist?
In addition to biometric authentication systems, which rely on something physical, there are other systems that allow to identify a user or verify its identity. These systems can be classified according to what they use it for:
- Systems based on something the user knows, such as a password or a PIN number.
- Systems based on something the user has, such as a token or coordinates card.
The electronic evidences in advanced electronic signature solutions
The advanced electronic signature solutions available in the market usually offer a series of electronic evidences that can be related with the signer in case of a dispute or litigation regarding the authorship of the signature:
- One on hand, they can prove the email address and/or telephone number where a signature request was sent. The email address is considered a data closely linked with each individual, but it really does not guarantee that only one person has the password to access that email account. Besides, the owner of an email account has not been identified in advance.
- On the other hand, they offer a series of elements about the context in which the signature was made: unique data from the device with which a document was signed (computer, tablet or mobile), geolocation data that can show the exact point where the signature was made, the IP address used, and so on.
Biometrics, a distinctive feature of our advanced electronic signature solution
Signaturit’s advanced electronic signature solution, in addition to collecting all of this electronic evidence generated during the signing process, has a biometric authentication system that allows to identify the signer by measuring one of its behavioral traits: the graph.
The information that is measured consists of the points that make up the graph, its position, the writing speed and acceleration and, in devices that allow it, also the pressure made when writing the signature.
Therefore, in a scenario of a dispute, the signer can be forced to repeat his/her signature, using the same device that he/she used when making the original signature. By comparing the biometric data collected in both moments of the signature, and thanks to the fact that this data is uniquely linked to each individual, we can verify the signer’s identity – meaning we can confirm if that person is the same person who signed the document.
What role does the time stamp play in a signing process with Signaturit?
In order to guarantee the validity of the biometric information that is collected during a signing process with Signaturit, this information is integrated into what we call the audit trail - and we ensure its integrity with an official time stamp.
The official time stamp is what allows us to guarantee that there has not been any modification of the data captured during a signing process after the completion of the signature.
With the ability to prove that all this information cannot be altered, we guarantee that the data provided in a dispute scenario could only have been produced in the moment of the signature.
In sum, the combination of our biometric authentication system along with the time stamp allows us to offer to our customers the best solution to request and make advanced electronic signatures, which have a greater evidentiary value than simple signatures, and thus offer greater legal security than the latter.
This post is also available in Spanish.
- What impact has the new EU Data Protection Regulation had on biometric data?
- What exactly is an audit trail and what electronic evidence does it contain?
- What should you consider when evaluating different solutions for electronic signatures?