New System Identifies Handwriting

Jul 31, 2007 4:21 PM

Whether its perfect penmanship or chicken-scratch, handwriting could provide an effective form of online security.

With a new authentication program called Dynahand, users are not required to remember passwords or invest in costly biometric devices, such as a fingerprint scanner. They just need to be able to recognize their own handwriting.

"I know it's my handwriting, but I don't know how I know. I can't explain to somebody else how I do it," says Karen Renaud, a computer scientist and lecturer at Glasgow University in the U.K.

She argues that's what makes the system more secure than coming up with a standard password, which gets repeated over and over at different sites, can be shared with a friend, or stolen by an adversary.

The system works using numbers instead of letters because although others may be able to recognize your penned words, they're not so good at distinguishing your handwritten numerals, reports Discovery News.

In the lab test, Renaud asked 11 individuals to write the numbers zero through nine several times. She asked other volunteers to provide samples of their numerals, too, but these were eventually used to distract the study participants.

She then scanned the numbers into a computer and used a software program, or algorithm, to analyze the characteristics of the penmanship, such as height and width of strokes. The algorithm also kept track of which numerals belonged to what person and whose handwriting was more similar or distinct.

At authentication, the program showed the participant a series of five-number PINs -- each one randomly generated from the handwritten numerals. The number was not important and the user did not have to remember it.

Instead he clicked on the PIN written in his penmanship. If he got it right, the program showed him another set of PINs. He clicked again on the correct image.

The program shows the user four sets of PINs, which takes about 28 seconds to complete, but ensures a higher level of security than just showing one set. And as with other PIN-password system, three wrong attempts and you're locked out.

In the laboratory test, 10 of the 11 people were able to recognize their own handwriting consistently.

Although most of the people got it right, 11 participants is a low number to demonstrate the effectiveness of the technology, says Steve Furnell, professor of information systems security at the University of Plymouth in the U.K.

"The idea itself is very interesting," Furnell told Discovery News. But he added that the credibility of the work didn't come through as a consequence of the low number of participants.

Furnell also questioned whether a user would be willing to spare 28 seconds for authentication.

"With a normal user ID and password, you can get through that process in 5 to 10 seconds," he says.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue