Cloakware Corp.‘s first release is bringing one of the oldest forms of identification into the digital age.
Its product, Signature, is designed to let users to access mobile devices using their signature instead of a password.
The software development kit allows developers replace passwords with hand-written signature verification on stylus-based personal digital assistants.
“”We don’t want to downplay the benefits of the signature in its own right,”” says Steve Langford, Cloakware’s director of marketing. “”But in a lot of ways, it’s the first proof of concept of what we are doing.””
Ottawa-based Cloakware has been operating in what Langford calls “”stealth mode”” for four years and Signature marks its introduction to the outside world.
Langford says its patent-pending TRS (tamper resistant software) technology changes the structure of a piece of source code before it is compiled into binary form, leaving a would-be-hacker with months of work.
“”You feed the source code into the encoder and the encoder applies very complex, deep transformations to the code,”” he says. “”We transform the code into something so that if a hacker looks at it, he doesn’t have a clue what it means.””
“”Nothing is hacker-proof,”” Langford says. “”If someone will spend a year, sure. But we’ve made it so bloody difficult that we’ve made it very unlikely they’re going to spend that effort.””
Signature was designed jointly with Redwood Shores, Calif.-based Communications Intelligence Corp. (CIC), a vendor of biometric signature verification technology. Licensees of CIC’s technology include Microsoft Corp. and IBM Corp.
Russ Davis, vice-president of product development for CIC, says Cloakware’s TRS is crucial to the jointly-developed Signature.
“”When you do a biometric certification, you have to capture samples of the data,”” he says. “”There is biometric data in the sample. We want to protect that as much as possible.””
Langford says signature verification is a vast improvement over passwords in terms of security, as cracking programs available on the Internet enable hackers using a Pentium 800 computer to break an eight-character password in just four hours. If users opt for more complex passwords to thwart attacks, he says, they increase the risk of forgetting their passwords and requiring the use of IT help desk resources. Signatures are more conducive than passwords to the handheld device interface, he says.
The software is designed to protect against forgeries and limit access denials to legitimate users by monitoring the nuances of signatures.””It not only looks at what you sign, but how you sign it — the speed, the way you accentuate things,”” he says, adding that users with erratic signatures can instead choose a code word with which to sign on.
Longford admits fingerprint scanning would also be an effective way to secure devices. However, he argues that fingerprint-authentication necessitates additional hardware.
“”Putting a fingerprint detector on a PDA is not a simple matter,”” he says. “”We’re convinced that having this signature method is going to have the broadest acceptance.””
The accuracy of fingerprint-identification can also be compromised by oily skin or dirt on the fingerprint sensor, and Davis argues the two technologies are actually comparable in effectiveness.