开发者

Are there existing web sites that use a photo as a electronic signature?

The use开发者_运维问答 case: to sign a electronic document, users view the document, and if they agree take a picture of themselves with their webcam (done through Flash from the browser). Then a PDF is generated containing the document and the picture in place of signature.

This is a biometric signature, which is not as strong as a digital (cryptographic) signature, but stronger than having users draw their signature, as a photo is harder to forge than a drawn signature.

Has anyone seen this technique being used on an existing web site?


This idea isn't secure by itself. When talking about digital signatures, we are looking for these properties:

  1. It is easy to verify that the signature is authentic.
  2. It is nearly impossible to forge a signature
  3. The signature applies to a certain document (or message), and cannot be transferred to another document.

Your method fails at all three:

  1. It is hard to verify a signature, unless you already know the signer visually (also take into account that blind people do use computers)
  2. It is very easy to forge a signature.
  3. The signature can be easily transferred to another document, and it isn't possible to verify that the signature and the allegedly signed document match (since there is nothing that binds the signature to the document. PDF is not secure in any way!).


What if I put up a picture of Jon Skeet before the webcam (seriously)?

This technique would be gimmicky but has very little real-life security benefit imo.


A photo is harder to forge? I think a photo is quite easily to forge. If you take a picture as someone, and use software to let the flash app take the picture as a photo, you have signed the document without the owners consent.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜