KeCrypt plays leading role in the development of ISO Standards for biometric signatures.

Last year John Dale, managing director of KeCrypt Systems Ltd., was invited to join the BSI Biometrics committee and attended the IST/44 International meeting held in Wellington, New Zealand in January 2007.  This was the next major international gathering (and first for Dale) called to establish common standards for biometric data exchange.

Representing the UK as the editor for ISO/IEC 19794‑11 Signature/Sign Processed Dynamic Data, Dale will be responsible for the coordination and drafting of the international standards for biometric signature features.  What most impressed him was the drive by everyone to develop the standards in a pragmatic and timely manner. 

“There was a real effort to reach agreement and avoid any conflict,” he said. “ By June, when we have the next meeting in Berlin, I hope to welcome the input of other national bodies to the feature standards of signatures.”

A confusion of biometrics

Signatures need to be better placed in the selection of biometric modalities.  One of the problems facing John Dale is the general lack of a clear understanding of biometrics – even at Government level. 

As he explained, “Fingerprints are the biometric people think of first, driven by a long history of their use in the criminal justice system.  To this is now added facial scans and iris scans, mainly as a result of the drive by the International Civil Aviation Organisation (IACO) to adopt a biometric scheme for machine-readable passports.  New biometric modalities, such as vein recognition, also continue to be developed and exploited.”

Although they all have their place, there is no single biometric that is suitable for all scenarios.  And so confusion results.

What complicates standardisation, and is a particular issue slowing the wider uptake of biometric signature verification, is that the public have been given mixed messages.  At point of sale they have been told that PINs are more secure than signatures; at work they are told how vulnerable PINs and passwords are; and for legal documents they have to sign physical pieces of paper to demonstrate legal intent.

However, the facts are straightforward.  PINs and passwords are vulnerable and insecure in ALL circumstances.  When it comes to workflow and transaction processing, signatures are the most natural and appropriate biometric.  They are non-intrusive and demonstrate legal intent.  When security demands the ability to recognise the registered user, the dynamic signature is the only biometric that’s impossible to forge.

For more information on the BSI Biometrics Committee, click here.