Forgot your password?
typodupeerror
Handhelds Hardware

PalmTop offers legally binding E-signatures 79

Posted by Hemos
from the sign-it-all-away dept.
mulan writes "Following the approval of S.761 (Millennium Digital Commerce Act), PalmTop has released software which will do just that. Using a Palm app and a Windows-based conduit, digital documents may be legally signed via the Palm device. Pricipal markets include online vendors. This could also help reduce fruadulant credit card transactions on the Internet. " It's not just PalmPilots either - custom solutions are/will be supported, including IBM's WorkPad. However, until Oct. 31, you can get free copies for the Palm (OS3 or better).
This discussion has been archived. No new comments can be posted.

PalmTop offers legally binding E-signatures

Comments Filter:
  • by Anonymous Coward
    The ultimate id is biomarker, and the ultimate biomarker is DNA, unless you have twin/clones running around. I thought the movie with instantaneous DNA match devices was unrealistic, but I can see commercial pressures in this direction.
  • by Anonymous Coward on Thursday October 21, 1999 @06:08AM (#1596834)
    One question: why?

    With all the devices out there not requiring any signature (gas pumps), not requiring validation of ID or signature (grocery store) or any proof that you are who you say you are - what's the use or the value of a written signature anyway these days?

    According to the local police, a ring of credit card thieves moved into this area recently. They would get the card numbers (trash, receipts, etc.) and make mail-orders for goods that they could later sell (sports shoes, car parts). They would ship UPS to the card user's home address, then call up UPS and ask if they could pick up the order at the UPS station instead. They would go in and "sign" for the goods and be well on thier way before anyone was the wiser.

    In no case was there any validation of signature in this process. And who was going to be expert enough to "validate" it if there were? In these days of credit and debit cards, a written signature is an anachronism.

    Now, an electronic binary signature (public key anyone?) would be interesting.

    Just rambling,

    -bill rankin

  • Why do you assume that the signature is stored or used as a bitmap? That would not only be more expensive in terms of storage, it would remove the ordering and speed information from the strokes.

    A shape forgery is reasonably easy. A shape, style, and speed forgery, OTOH, is unprecedented.

    At the same time, I can see an opportunity for me to forge my own signature -- I could record my signature and hack it into the Palm, and make the PalmOS imitate that exact pen movement whenever I enter a grafitti stroke. Then I can deny that I signed a given document, and show reasonable doubt by demonstrating that someone could have used the pen echo.

    I don't see much chance for someone aside from me being able to steal my authentication, though. Even with that signature imitator, they'd still have to get my Palm away from me (here, Billy! Here's a free Palm Vx!) and get me to tell them my passcode.

    -Billy
  • Figuring out the entropy of the signature is harder than that, though. Let's suppose your grid is 120x120 (that's the PalmPilot, so it's realistic). Let's say my signature is a straight line covering half the display -- 60 pixels with about one bit per pixel (because my hand will wander up and down about one pixel for every one I traverse).

    Sixty bits is actually getting halfway reasonable, but there's more -- my speed in making the signature is also characteristic. You're ignoring that in your (lack of) analysis. I'm not going to attach numbers to that for now; the speed there can vary immensely, though, so it's a substantial factor.

    This pseudo-analysis ignores the fact that most people don't sign with an almost straight line at constant drawing speed, but rather sign something which once looked like their name. Thus, 60 bits is a strict lower bound. Considering that this digital signature method also depends on a pregenerated key (passphrase protected), this signature seems to me to be quite solid (in theory; of course, we know that the code isn't public).

    Now, you point out that Joe User is revealing parst of his private key with every signature. This is true, but with the addition of the preencoded key brute-forcing the signature becomes very unattractive.

    Signed, BilOey JnxlY
    (William Tanksley)
  • Figuring out the entropy of the signature is harder than that, though. Let's suppose your grid is 120x120 (that's the PalmPilot, so it's realistic). Let's say my signature is a straight line covering half the display -- 60 pixels with about one bit per pixel (because my hand will wander up and down about one pixel for every one I traverse).

    Sixty bits is actually getting halfway reasonable, but there's more -- my speed in making the signature is also characteristic. You're ignoring that in your (lack of) analysis. I'm not going to attach numbers to that for now; the speed there can vary immensely, though, so it's a substantial factor.

    This pseudo-analysis ignores the fact that most people don't sign with an almost straight line at constant drawing speed, but rather sign something which once looked like their name. Thus, 60 bits is a strict lower bound.

    And do you know what the worst part is? The signature isn't part of the key -- it's transmitted fully publicly. The signature is simply a visual (and technicly analysable) proof that the person who originally registered the appropriate password actually approved of the document. This is something that normal authentication systems don't have -- a means of checking what person is associated with the secret key.

    In order to compromise this system, an external attack would have to discover the passphrase AND forge the signature well enough to both look recognisable and analyse as belonging to the victim.

    Now, I can see a cool internal attack: capture your own signature, macro it, and use the same signature to sign two letters, one of which is trivial and in your control, the other of which you use to get something, then when payment is requested you dispute it on the basis that the signature is an obvious electronic copy of the one on this other letter.

    In other words, forgery remains the same basic problem, but it seems a little easier to fight now, since the signature can be completely analysed (including speed info) and there's a passphrase/secret key involved.

    Signed, BilOey JnxlY
    (William Tanksley)
  • Actually, a "digital signature" is a lot more secure than a physical one these days. Although it's hard to forge a written signature by hand, it's trivial to scan or photocopy it, and only moderately difficult to digitize it into X-Y plotter coordinates (to draw it with a real pen).

    Digital signatures are much better since they start by taking a digital checksum (e.g. md5sum) of the document being signed, and then sign this information with an RSA-style private key. Therefore, each document gets a different digital signature, and copy-pasting the signature block onto a different document will produce an invalid signature.

    Another bonus is that if your private key (perhaps stored in a Dallas Semiconductor crypto iButton [ibutton.com]) is stolen, you can just revoke your public key so that no further signatures from that key are trusted.
  • It's trivial to swap the keys on the server, and in doing that you've blown the whole signature idea. You can send an email to me, but Bob's made sure i have his public key with your name attatched to it, so then he can send a completely different signed email and i'd never know the difference without a phone call...

    You'd know the difference because Bob would be hard pressed to get his forged key signed by people in your web of trust.

    Or how about i go through whatever paperwork is involved and get a keypair from the issuing authority, but given them all of your information instead. I now have a means of generating untraceable signatures.

    Anyone who trusts a key based on only one signature is foolhardy. Good luck defrauding multiple signature authorities and tampering every single keyserver.

  • Sorry, I don't appear to have been making much sense there but I think that you got the general gist of it......:-)

    Long days and no coffee make Rob a silly boy.....
  • The problems with current digital verification systems is that they rely on the user to provide the security. Passwords, PGP Keys, Signatures, PIN numbers can all be written down, copied, monitored or grapped.

    The only way I can see that documents/transactions can certified as being accurate is if the verification takes place in front of you. This is why documents, such as passport applications, require witnesses from professionals.

    Don't get me wrong, I am not looking for a situation where retina scans coupled with finger print technology are incorporated into everything under the sun, I just feel that more steps could be taken to ensure the authenticity of digital "signatures".

    Perhaps implimentating a central register of "signature" verifiers - such as banks - is the way forward. A user would then digitally sign a web order with their Visa number on it and then the issuing bank - or maybe even the Visa people - would authorise against the signature. Okay, the administration of such a system would be a nightmare but not impossible!

    With the current system announced by 3Com, the lack of platforms supported will be it's downfall. But hey, we knew that much anyway......
  • Forgive my flaming cyncism, but the way the legislative process really works in this country anymore is, it ain't really law until somebody sues and it's upheld. When I see a lawsuit over whether an e-sig is binding, I'll believe the technology's mature in all respects.

    Fellow /.'ers, please feel invited to correct any ignorance on my part.

  • Hi, the main problem with this is consumer protection. The threshold to do something that is legally binding is lowered tremendously (blatant assertion, I know).
  • Go read "Applied Cryptography" for answers to all your questions, including the "brand new" wrinkle you just thought of (that everybody else in the industry thought of and solved years ago.)

    You can find it on Amazon/BarnesandNoble/Fatbrain/wherever.
  • Pilot and Palm Pilot are probally refering here to the old, old ones. It probally should have said Pilot and Pilot Pro or something. They are talking about pre Palm 3.
  • by Ageless (10680) on Thursday October 21, 1999 @05:56AM (#1596846) Homepage
    The URL to the site should be http://www.penop.com [penop.com]
  • I've thought for a while that what we really need is a system we can use over the phone, on paper applications, etc. What I'd like to see is some sort of centrally managed PKI (gov't, likely), that gives everyone a little credit-card calculator (like the SecurID tokens). Then, when they're giving an order, or signing a document, they give the number on the token (SSN or something), the date as displayed by the token, and the cryptographic hash of the two (as calculated by the token). Alternatively, the information requestor could provide additional numbers to enter into the hash (like an order number or something).

    The recipient of the information would take all the data, do some crypto-magic on it, and validate it against the public key for the individual as defined in the big-brother database. If the signing date is too old (like they gave a date from two weeks ago), reject the signature.

    If the DB says that the token was reported stolen on some date, and the signing date was after that date, reject the signature (if it was signed before, accept it, within normal parameters--like if you're checking a signature on record rather than processing a new order).

    This provides a very secure, use-once, electronically verifiable signature in any medium -- web, telephone, vending machine, mail-in credit card application, whatever.

    What's wrong with this idea? (aside from the obvious issues of actually making it happen)? I probably forgot to mention one or two things, as I've never bothered to write this down before (I've thought about it off and on for the last few years), but if anyone can tell me why this can't work, I'd love to hear it...


    -----
    david.

  • But from several earlier discussions, so please don't moderate it as such...

    No matter how much progess we make on the digital signature front, we still need to ask if we can trust who is in charge of managing the keys.

    It's trivial to swap the keys on the server, and in doing that you've blown the whole signature idea. You can send an email to me, but Bob's made sure i have his public key with your name attatched to it, so then he can send a completely different signed email and i'd never know the difference without a phone call...

    Or how about i go through whatever paperwork is involved and get a keypair from the issuing authority, but given them all of your information instead. I now have a means of generating untraceable signatures.

    At least with current signatures, there's handwriting analysis available, which can generally tell if the signer of the document is trully the signer... It doesn't stop copying and pasting, but until i encounter my own forged signature, I feel much more comfortable with real sigs rather than digital ones.

    Lastly, RSA is completely theoretical security. It's security rests in the difficulty of factoring large prime numbers. If next year a researcher at IBM discovers the way factor them and announces it to the world, okay, all of our digitally signed documents are invalid, but that's not so bad...

    What if the NSA/CIA/FBI/IRS, or anyone else figures that out, but neglects to tell anyone else? That's my main gripe.
  • If there's one centrally run authority, as would need to be the case in a scenario where digital signatures are accepted as valid signatures, then you have to count for the corruption factor.

    A court would probably not rule my signature was valid if the keypair used to sign/verify it was yours. It would need to be in a trusted repository. Otherwise, I could make 5,000 keys with different people's email addresses/ID's and create a script that cross signed them all. They'ed all very in the web of trust i created. If i had a few of those keys signed by people outside my web, who were genearlly trested, or at least not known to have done bad before, I'd be golden...

    What i'm thinking is that a central board will generate the keypairs and divy them out to people who request them... That's bad. But using current PKI would also be incredibly cumbersome. How many different keyservers exist?
  • It's a part-time job to help pay for my college education. Pays better than on-campus work.
  • Well, I downloaded the software--or tried to, at least. I got about 900K into the 1.2-meg download before I accidentally caused the download to abort, and couldn't get back in to download it again. Oh well, I'll try again this evening.

    I'm not sure how useful this is going to be; I dual-boot and am in Linux most of the time (since I found sync utilities for my Palm), and even when I'm in Windows, I don't have Word on it--I don't have the hard drive space! On the other hand, I can get a legitimately-registered copy of Office 2000 from my school, if I just had the space on which to put it...guess I'm going to have to see about getting one of those 12-gig hard drives to move all my games onto...

    Well, I'll just have to see how useful this turns out to be. At least it's free (until October 31).

    If the PenOp people are smart, they'll soon come out with plugins and packages for other popular wordproc applications, including the Linux ones. I've written their tech support address to ask about that possibility, and would suggest that anyone else with an interest in this new technology do the same. Maybe if they perceive demand, they'll do it sooner.
  • I got an email back today, noting the following:
    Whilst we have ported portions of our code to several UNIX platforms we currently have no plans to support LINUX. However I will forward your message to our product manager for consideration.
    Which would seem to suggest that if enough people write them to have an impact, they could come out with the necessary software...

    The email address is support@penop.com [mailto].
  • (I guess it's too late in the day for this message to have much chance of getting moderated up to where many people will read it. Oh well.)

    As someone who works a register at K-Mart (just got back from a four-hour shift today, in fact), I've had a bit of time and cause to ruminate on this subject.

    My K-Mart accepts credit cards (of course) and debit cards. As a matter of policy, register operators are supposed to verify signatures on receipts against signatures on back of cards (and ask for ID if the card is unsigned). It's kind of an annoying hassle for both operator and customer ("Why do you have to compare my signature? Doesn't the picture on the license look enough like me?"), which is why a lot of checkout operators don't do it (especially with the new PINpads we've got that let customers run their own cards through). But I do, and occasionally get complimented on my perspicacity by the customers.

    The thing is, a lot of the time the signatures don't look a darned thing alike, and what am I supposed to do? Some people just don't sign the same from signature to signature; am I supposed to deny them their purchase based on their inability to duplicate a scrawl?

    I, as a cashier, would feel a lot better with some sort of digsig pad (kind of like the folks at Best Buy and Circuit City have, I suppose) with an LCD display signature device--something that would take the customer's signature and flash a little thingie on the screen saying "Verifying..." on it and then verify it against the credit card company or bank's database. After all, we do this already with debit cards or the MICR reader on checks. It would be less work and less responsibility for us (and less likelihood that the #%$@^!! register printer would choose to eat the credit card slip instead of printing it out). And I think the customers would feel better, too, knowing that their signature was being checked on, and not just eyeballed by fallible cashiers with pressure on them to get to the next person in line.

    (And maybe that way it would also eliminate those credit card slips we have to have signed for the bank to authorize the transactions. Card number, expiration date, and signature, all in the same place...talk about a security risk!)
  • by Robotech_Master (14247) on Thursday October 21, 1999 @06:13AM (#1596854) Homepage Journal
    Ten years down the road..."

    "Omigod! You're Mel Gibson! Can I...can I get your autograph?"

    "Why, sure."

    (fumbling with Palms)
    beep!

    "Wow, thanks! I'll...never erase this!"
  • On the same token, I highly doubt that this company would try and sell a system that is advertised as secure without putting in a lot of thought into the system as a whole, and ensuring protection against fraud.

    Not a good assumption. Go read Applied Cryptography. There are a lot of companies that have gone and put out systems that were advertised as secure that in reality were almost trivially breakable. I want to know all the details about their system before deciding whether it's secure or not. If the details aren't disclosed, it's not secure.

  • Why is a scribble considered legally binding?

    1) Uh, common law?
    2) The fact that more people in the world can write than own computers, esp. Palm Pilots?
    3) The fact that there are a lot of people who fear machines, and would rather accept a signature as a wo/man's word of honour?
    4)Lotsa other reasons, too. But 1 and 2 are the biggies.

    PPoE
  • Pardon? What an inane restriction; limiting this software to webservers only running Win32 operating systems is going to severely limit its use. A vast majority of the webservers out there are running Apache or other U-ix-based servers. Does anyone running a website on Windows 98 really have a need for digitally authenticated documents?

    No kidding. Anybody running Win98 as their web server has more pressing security issues to worry about than digital signatures.

    Though it's a step in the right direction, I don't think that this is the program that's going to make digital authentication of documents a reality. The best solution for digital signatures has been and continues to be public-key encryption (PGP, et. al.).

    I think that the intention, or eventual direction, of this is sort of a melding between key encryption and physical signatures.


    \//
  • I still think problems.

    The first problem is the classic one: key management. Tons has been written about it, but it usually boils down to either (1) central "approved" authority (== govt), or (2) a web of trust (a la PGP). Both approaches have serious problems, IMHO, and key management continues to be a big mess.

    The second problem is also the classic one: poor passphrases. Again, well-known, and again, hard to do something about.

    Plus the third problem, which just popped into my mind: Let's say Alice gives me a digitally signed note saying "Dear bank, please give to the bearer $10". Fine. I go to the bank and get $10. Rinse, repeat as desired. In other words, what to do about multiple copies of a signed document?

    Kaa
  • OK, time for a lesson on Digital Signatures! Copying of a digital signature is very, very, very difficult. You must get or subvert the signer's private key which would be kept on the Pilot. Presumably, the user would use a passphrase to encrypt the private key on the pilot, and the private key would only be decrypted when the passphrase was entered so that something could be signed.

    You can't just copy a digital signature from another document because it is inextricably linked to every bit in the signed document. The process for document D is as follows:
    1. Take a cryptographic Hash of D to get H(D) (It is very hard to make another D with the same H(D))
    2. Prompt user for passphrase P. Take a hash of passphrase H(P) and use it to decrypt the encrypted private key E(H(P), private). So, D(H(P), E(H(P), private) ) == private
    Encrypt H(D) with the signer's private key and include it as the signature. E(private, H(D)) == signature
    3. Now anyone who knows the public key of the user can verify the signature by decrypting the signature using the user's public key and hashing the document itself and then comparing. E(public, signature) == H(D) =?= H(D)
    If it matches, the signature is valid, if one bit is changed in D, then it is incredibly unlikely that the H(D)'s will match.

    I do agree that a poor implementation and poor passphrases from the user do make this scheme a bit troublesome. Assuming good passphrases are used, you would need to borrow the pilot and subvert it in someway. Or... look for emissions from the pilot and try to steal the passphrase or private key that way. Either are more likely to work than breaking the signature scheme.
    They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -----Benjamin Franklin

  • Well I downloaded and installed this application...

    The fact that you can only sign Word and Adobe documents (as of right now) limits the real useage of this. What about spreadsheets, other word processors, Accounting software (ie: invoices and cheques)?

    I found at first that it was difficult to sign your Palm when it was in the cradle, but through experimentation I found that you can start the signing process, remove your Palm from the cradle, sign on the dotted line, place you palm back into the cradle and then click the OK button to upload the signature to the document...

    I wonder when it will support IR transfer... that would make things a lot easier (and a lot more usefull, ie: IR transmitter/recievers in ABM machines... sign to get your money)

  • Are they just making a digital version of the traiditional handwriting signature and adding some auditing features to it? If there are, then are ask what in the hell are they smoking? The system the article seemed to mention relies on trusted third parties to validate documents (something which can easily be abused by powerful institutions such as various factions of our government).

    Why not go over to a public-private key method of signing document? When I sign something, you don't need an intermediate party as long as you have some way of getting my key (which can be handed over in person, or extracted from dozens of publically run sights). My key can of course be compared to my digital fingerprint (which is on both the sig file of my emails and my business cards).

    The whole notion of using handwriting to validate documents is an outdated idea that should be done away with once and for all. Just use pgp or (gpg) or whatever. Makes life simpler. Less open to abuse. Its already there.

    Just my 2c.

  • by |DaBuzz| (33869) on Thursday October 21, 1999 @05:57AM (#1596862)
    It's not just PalmPilots either - custom solutions are/will be supported, including IBM's WorkPad.

    Just for reference, the IBM workpad's are just rebranded Palms (III's, V's) 'cept the Workpad z50 which is a CE mini-laptop.
  • While the program works with at least four different lines of palm-top organizers, it does not support the Pilot and PalmPilot organizers.

    So it doesn't work on the PalmPilot but it needs PalmOS 3.0? I really don't get it.

    This is correct. The PalmPilot organizers were the PalmOS v2 organizers. The Pilots were the v1 organizers. All of the Palm organizers that have PalmOS v3.x are called "Palm" WITHOUT the Pilot suffix due to a lawsuit that was filed against 3Com a while ago.

    --bdj

  • intersection(Slashdot readers, People who read before commenting) is O(1).

    'nuff said. ;-)

    --bdj

  • Users must have a host computer or a Web site running on Microsoft Windows 95, 98 or NT 4.0 to use the PocketSign program.

    Pardon? What an inane restriction; limiting this software to webservers only running Win32 operating systems is going to severely limit its use. A vast majority of the webservers out there are running Apache or other U-ix-based servers. Does anyone running a website on Windows 98 really have a need for digitally authenticated documents?

    Though it's a step in the right direction, I don't think that this is the program that's going to make digital authentication of documents a reality. The best solution for digital signatures has been and continues to be public-key encryption (PGP, et. al.).

  • For those of us using the older models, eg. Palm Professional, we're SOL to run this software... *Unless* you've got one of the upgrades that effectively makes your Palmpilot Pro a Palm III. I'm using the Pager upgrade, which lets me run PalmOS3.x so it looks like it's not going to be a problem. Before someone smacks me for stating the obvious, new users come here too... why, I remember when I was a new user... that innocent smile, that gleam in my eye... Oh wait, that was the day they dropped Ecstasy into my morning Coke. Nevermind. :)
  • Well, if they use the serial number of the Palm to seed the password, then I wonder what effect not filling it in has.
    I didn't put in a serial number and still received the info.
    Then again, serial number wasn't one of the _required_ options... i think it's just for market tracking more than security (the form I mean, not the application :) )
    Now I must go hide from the grammar police, my participle is dangling.
  • >It's not just PalmPilots either - custom >solutions are/will be supported, including IBM's >WorkPad. However, until Oct. 31, you can get >free copies for the Palm (OS3 or better).

    IBM Workpads are Palm devices. They are just OEM units from 3COM with the IBM logo and a black case. BTW, there is no such thing as a PalmPilot anymore. They dropped the 'Pilot' with the release of the Palm III. The actual PalmPilot units will NOT work with this as they are running PalmOS 2.0, unless they have had the 3COM 2M w/ IR upgrade installed.
  • If anything, Gattaca has proven that biometrics, even taken far enough such as DNA or retinal scan, can still be counterfeit.

    So I'm not sure it's the solution.

    "There is no surer way to ruin a good discussion than to contaminate it with the facts."

  • >Why is a scribble considered legally binding?

    1) Uh, common law?

    That's what I'm questioning. Why a signature is considered unique and unreproductible, whereas a digital signature is still up in the air.

    2) The fact that more people in the world can write than own computers, esp. Palm Pilots?

    Fancy that. The signature program runs on a Palm Pilot. Kinda invalidates the thought that they're doing that instead of PKi because it's easier.

    3) The fact that there are a lot of people who fear machines, and would rather accept a signature as a wo/man's word of honour?

    They fear machines, yet they buy Palm Pilots?

    "There is no surer way to ruin a good discussion than to contaminate it with the facts."

  • Why do you assume that the signature is stored or used as a bitmap? That would not only be more expensive in terms of storage, it would remove the ordering and speed information from the strokes.

    I didn't mean they were necessarely stored as bitmaps, but I was questioning the resulting keyspace.

    Say your grid is 50x50. Each pixel is either black or white. That means 2^2500 possibilities. It seems impressive, until you consider the number of contraints on it; for instance, you'll never have a completely black grid. Most of the time, the black dots will be connected into a line. If the pen point is fat, you'll always have a black point next to another. If you know the person's name, it's another indication of what the signature will be like.

    So, in effect, it's a rather big keyspace, but with so many restrictions (not to mention you can know what the keyspace is like, just by finding the person's signature, which is not secret!) that in the end it's worthless next to traditional digital certificate keyspace.

    It's like showing your private key in public, but you hide out bits of it. Any security administrator will tell you it's not just stupid, it's an invitation to a crack.

    So, in short, with this thing, they're going to great lengths to provide a security system which is, well, total crap compared to any moderately-strengthed cryptosystem.

    But it sounds cool, so I bet the layman will say, 'Oh! THAT's what they meant by digital signature!' and swallow it up. It's not impressing this cryptogeek, however.

    "There is no surer way to ruin a good discussion than to contaminate it with the facts."

  • by Enoch Root (57473) on Thursday October 21, 1999 @06:34AM (#1596872)
    Shesh, they have this all backward if you ask me.

    Why is a scribble considered legally binding? A handwritten signature is much more easy to counterfeit than a strong digital signature using PKi.

    It seems to me like this is bending backwards to get some sort of digital signature of documents. Why is it that they have to use a Palm front-end to collect a signature? What's to prevent from capturing the signature as a JPG and then putting it elsewhere? What I mean is, some sort of pixelised display is not a valid way to sign a digital document.

    Why not use a simple PKi architecture for signatures? The keyspace is certainly larger than a low-res collection of pixels. You don't have to do signature recognition.

    It's a sad fact that the industry is taking forever to understand digital signature and identification. It's the same thing for e-commerce, for instance... Yes, you can get cracked. But you can also get tapped when saying it aloud on a phone line. Yet the first case flares up the imagination, whereas the later is just seen as a pretty unimaginative technical feat.

    What I want is a central digital authentification authority, be it run by the Government or what have you. Then we can dispense with the petty scribbles.

    I want my... I want my PKi...

    "There is no surer way to ruin a good discussion than to contaminate it with the facts."

  • by cdlu (65838) on Thursday October 21, 1999 @05:49AM (#1596873) Homepage
    I forsee a lot of difficulties with using the Palm signature. If someone gets their hands on one person's digital signature on disk (or ram card or whatever else), they can use their authentic signature all over the place.

    "Yes, I _am_ sure I want to sell this property to this person for $1.00."
  • What stops some one from copying that signature to a file and using it whenever they feel like? If this passes there'll be wide spread fraud all over the place.
  • Anyone know how secure this kind of thing is? What type/level of encryption is required for the new law?

    How is the system supposed to circumvent the obvious problems that have already been pointed out...?
  • Has anyone actually gotten this thing to work? If I insert a signiture box into a new doc, then try and sign it, Word 2000 promptly crashes. Of course, I'm not surprised...

    PalmPilot Pro w/ 2mb/IR upgrade and OS 3.3
  • This is the most recent info on the status of current legislation regarding e-signatures that I could find during my lunch hour: http://www.techlawjournal.com/internet/19991014.ht m

    The "Following the approval of S.761 (Millennium Digital Commerce Act)" bit is a little misguiding, I believe. As far as I can tell (disclaimer - I'm a legal ignoramus) the laws governing the use of digital signatures remain unchanged.

    If you ask me, this is EXTREMELY importantant legislation. What defines an acceptable digital signature? Who (current debate seems to concern state/national authority) defines acceptable use of digital signatures? Etc.

    I think this subject deserves immediate and intense attention by people wise to the issues. E.G. the /. public. Get this on people's radar screens!!! Else don't complain when the federal government passes some kind of fatally misinformed legislation.
  • I don't know about the rest of the net, but on /. I think the number one mistake is lose/loose. Not actually a typo, but it is everywhere. Every day or two it rears its ugly head.

    As far as digital signatures go: I don't see a whole lot of use for this in my life, but it beats using a thumbprint for anything. I don't know how widespread this is, but many banks in this area now require a thumbprint if you go in to cash a check and you are not a customer of said bank.
  • This ties into a story I remember seeing on /. earlier, about work to allow paying from small computing devices like cell phones & palmtops.

    I can imagine it being very convenient - you step up to a vending machine (or some other service-providing device), it sends you a small signed contract via an infrared link, you review the contract (which might include details like transferring $x from your bank account to theirs), you sign it by putting your finger on a finger-print reader built into your device (which is used to unlock a possibly longer, randomly-generated private key) and then both parties can transmit the contract to their respective banks (or maybe the vending machine will take care of that, since it's more important for the machine to make sure that payment is taken care of before delivering the goods...)

    There's probably lots of variations on this kind of thing - having a biometric sensor installed on your "personal electronic device" which allows you to unlock keys sounds like a very convenient method of authentication & encryption. And if somebody steals your "PED", they'd have to steal your fingers too, for it to do them any good.
  • Not much porting effort there...
  • This is not the case if I read this correctly. The signature file contains details of the transaction as well as the signature, making it a one off authentication. I assume it is RSA encrypted in a way that stops the file from being altered.
  • "Did any of your bother to READ the site?"

    "1) You physical Palm device"

    [cries]

    I proof-read that submission twice! Can't someone invent a program that can keep me from looking like such an idiot on a regular basis?

    Serious (however off-topic)...has anyone ever ranked the number one typo on the Internet? I would be shocked if it isn't you/your...

    - JoeShmoe

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-
  • by JoeShmoe (90109) <askjoeshmoe@hotmail.com> on Thursday October 21, 1999 @06:50AM (#1596884)
    NOTE TO SLASHDOT: Update the news article to include the proper URL...it's PenOp [penop.com] not PalmTop.

    If you read the Product information, you can plainly see PenOp software can verify the identity of the signer using biometrics (such as signature dynamics and fingerprints), digital ids (such as Entrust certificates), and infometrics (such as passwords. I also noticed when I went to download a copy that it is appear to be keyed to your Palm's serial number. You get a PIN to unlock the software that will probably be matched to this serial number...

    So to those people whining about fraud...this is not about sending a bitmap image of your signature around. That tech has existed on the Palm for years (TealPaint is a good one) and is not newsbreaking in any way.

    This is secure because, in order to pretend to be you, someone would need:

    1) You physical Palm device
    2) The ability to sign a document in the same biometrical (if that's a word) manner...not just looking at it and copying it visually
    3) A pin number to verify their identity
    4) A copy of the conduit on your home PC, which probably has the other part of a digital key.

    I'm no expert but the "something you have + something you know" approach in a very good one. You need a physical device and detailed information about how a person signs and/or what their PIN is.

    Please, people, avoid making uninformed comments on your interpretation of how you think a system might in fact sorta kinda maybe work. =)

    - JoeShmoe
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-
  • Not a good assumption. Go read Applied Cryptography. There are a lot of companies that have gone and put out systems that were advertised as secure that in reality were almost trivially breakable.

    You're right. I guess sometimes I (naively) forget that companies sometimes (or maybe most times) are out to make money and not serve the greater good of us all. Plus, it's almost always a good rule to never assume anything.

    I want to know all the details about their system before deciding whether it's secure or not. If the details aren't disclosed, it's not secure.

    I agreee. The main point (which I should have stuck to) that I was trying to get across was that it is premature to discuss security without knowing details.

  • I think it is a bit premature to assume that something is a bad idea just because you don't understand the technology behind it or because you don't know what security measures the company has in place to prevent ill-use. One would assume that the signature is encrypted and that signing the document is like signing in PGP; it just let's people know that it's you without giving up your secret key. But, since I don't know all that much about cryptography (wish I did though), I won't say for sure. :)

    On the same token, I highly doubt that this company would try and sell a system that is advertised as secure without putting in a lot of thought into the system as a whole, and ensuring protection against fraud. And if the system is insecure, I'm pretty such that the Slashdot-er's will be the first to find that out and make it known to the world, thus preventing the so called wide spread fraud.

    Once again the world is saved by Slashdot.

  • Certificates/PKis etc. are just too heavy for people at this point, even technical people. Nobody gets it. Check out the level of technical sophistication in this conversation alone - it's unusually clueless for slashdot.

    (I'm not a specialist, BTW, but I did have to do a basic crypto coding job recently so I had to figure out the basics).

  • I'm still confused here....

    Looks like a great idea for home-based browsers looking to verify themselves over the Web. The combination of physical device (the Palm) and biometrics (the scribble) are connected to the user's browser, and that connects to the vendor via the 'Net.

    So what happens in a traditional walk-in shop ?

    Do I walk in and sign the shop's Palm on the counter (losing the secure digital signature), or do I walk in carrying my own Palm and dock it into the shop's cradle ? As a retailer, I seem to be choosing between either rather poor security (scribble alone) or requiring all my customers to carry their own Palms. I can see this as an in-house application for workflow, quality control etc., but I can't see it affecting retailing in the near future.

    Also (a minor point) what happens when a Palm dies and the signature is serialed to that Palm ? If yours hasn't croaked at least once, you've been lucky.

    It'll never replace the tattooed barcode....

  • Well no crying wolf until we have seen more of this. I allready have a separate identification box for my bank accounts, why should a palm be less secure? One well protected storage for ID:s is alot better than a dozen half-protected. (Never mind the password, I'll just use my name or I'll forget it)
  • Was anyone else confused by these two paragraphs?

    Users must have a host computer or a Web site running on Microsoft Windows 95, 98 or NT 4.0 to use the PocketSign program. In addition, the palm-top device must use the Palm OS 3.0 operating system and have a Palm HotSync Cradle or HotSync cable connection.

    While the program works with at least four different lines of palm-top organizers, it does not support the Pilot and PalmPilot organizers.

    So it doesn't work on the PalmPilot but it needs PalmOS 3.0? I really don't get it.

    On another topic, I hope they release some of the specifications for how they prevent someone from copying the signature from the certificate and then just using it to sign another one. All of these details might be in the pa tent [penop.com] they've filed, but I think the patent is generic.

  • It certainly is the week for Palm news, isn't it?


    --
    Max V.
  • I sure hope that they will have a good technique to deal with fraud. It would not be hard to forge someones electronic signature.
  • The concept is wonderful. I'm so sick of having to do half of my business on the web only to have to wait for an application or something else to hit snail mail before I can continue. I had to do this with my online back, with E-Trade, with credit cards and with my credit report. Mostly financial information needs a true signature to complete. While this is a great step in the right direction.. almost.. there is a problem. We not only have someone storing a signature on file to use elsewhere but the criminal aspect is immense. So you require realtime signatures ? Fine, I could code a program to take your signature and not only "re-write" it real-time, but vary it slightly from each signature so that it appears not to be a carbon copy. It's going to be almost impossible to do this realistically. I would almost prefer, for my own safty, that this not be legally binding. Signatures would have to be "disputable" like credit card transactions are now.


    SL33ZE, MCSD
    em: joedipshit@hotmail.com
  • Actually, a signature need not be your name scribbled down. Illiterate people without penmanship skills could just mark with an X. The concept of a signature is that there was an intent to sign. i.e. if I seal a deal with a handshake, it is the same, you seal a deal to confirm that everyone is on board.

    The signature provides a record of sorts, which is why it became common.

    A digital signature is NOT a human signature encoded. I worked on a paper compiling the laws on digital signatures, technologies involved, and applications. Some of our ideas were really cool, but I doubt will ever see the light of day because they protect users with a free market approach. Feel free to check out my group's paper if you're interested:
    http://www-swiss.ai.mit.edu/6.805/student-papers /fall98-papers/identity/linked-white-paper .html

    Anyway, the way it works does not depend upon anyone be trusted with the key. The private key is generated by you and (in theory) known only to you, but in practice, it is known to your computer and further encrypted with a password that you supply.

    Now, everybody knows how Public Key Encryption works, right?

    Say I have a Message in Clear-Text (M), a Private Key (K) and a Public Key (P).

    If you send me a message, you encrypt it with my public key that everyone can know, we don't care.

    E(M, P) = C (Cypher Text)

    I then take the Cypher Text,
    D(C, K) = M

    and only I have the message.

    However, PKI has another feature, authentication.

    Okay, let's try the following:

    E(M, K) = C (Message + Private Key -> Cypher Text)

    D(C, P) = M and the message is recovered. With this method, anyone can read it, but if you know my public key, you can confirm that it was sent by me since only I have my private key. Now, in practice we'll use a cryptographic hash of a small size (128 bits makes forgery next to impossible... you want to try 2^128 variations on a message to convey the meaning you want until the hashes match?!?!?)

    Where: H1 and H2 are related hashing functions...

    H1(M, K) = CH1 (Cypher-hash)
    H2(M, P) = CH2 Confirm(CH1, CH2) = true

    alternatively you have an equation that inputs M, P, and CH and determines if it is valid. Zero knowledge proofs can extend this concept, but I won't pretend to understand them.

    Basically, the idea is that by attaching a few bytes at the end of a message, other people can determine that it was send by you.


    Now, when you get a digitally signed document, you usually have a HUGE attachment, why? Well, the problem with the digital signature is the public key.

    i.e. Alice receives a signed message from Bob,
    how does she get his Public key? More importantly, how to we get the public keys securely so nobody can spoof them?

    i.e. Say that Slashdot.org decides to be a Certificate Authority (the keys to this scheme), and offers to stores keys. How does Alice know that the Public key listed for Bob is real and not someone pretending to be slashdot, or Bob, etc.

    Here is the approach. I connect to a CA and create a new Private Key, Public Key combo. I send the Public Key to the CA, signed by my private key. They confirm that the Public Key matches the signed copy, and authenticate it. They then issue me a digital certificate which includes my information (ideally, when they are real, confirmed by me in person, but for now, just via e-mail for simple gee I have a certification certificates, but expect real authentication), my public key, and it is signed by the CA. If you trust the CA (set in your software) then you can trust the public key because the CA authenticated it.

    Now this gets really interesting when CA Trust hierarchies get involved. i.e. slashdot the CA isn't trusted by default, so they work with a better known VA, say VeriSign who verifies their procedures. VeriSign then signs their certificate with authoritization. So, you get my certificate, signed by slashdot, signed by VeriSign, and if you allow VeriSign to sign for others... you get the idea...

    Again the situation can bring the power to you. The premise of our paper is the notion of unbundled digital identities.

    In the Real World, to buy alcohol I show a drivers license, which includes my picture (authentication) as well as address, DL# (SSN in some states), my age, the fact that I drive, etc., etc. This is a lot of information. We don't worry about it now because nobody at the liquor store is recording it. Digital Information, however, is almost always stored.

    What we were working on was a procedure by which you can confirm to say a liquor store (it's unfortunant, but the main uses we found for it was booze and porn) that I am >=21, and nothing else, as well as ways to prevent people from trading certificates.

    Check out the paper if you'd like and tell me what you think. It's long, feel free to skim it. We entered it for a legal conference, which accepted it, but we had a paperwork situation as it was over the summer and everyone was gone. The version for the legal conference is only 12 pages and gives you a background on the idea, the full paper has a LOT of info, including current laws on Electronic Signatures and Digital Signatures (VERY different). 12 pages, in rtf format:
    http://web.mit.edu/covell/www/digid12.rtf


    Alex

Air is water with holes in it.

Working...