This Small Business Innovation Research Phase I project will determine the feasibility of developing a personal authentication system for database and network security based on dynamic signature verification. Previous work on database and network security has focused on cryptographic methods such as digital signatures, and various security management techniques to protect files and transmissions over the network-- all of which is important and essential to creating a secure database and network, but it is not enough. In any security system the biggest weakness is ultimately the people who have access to the system. This problem has been recognized in such areas as health care, where new standards are being drafted that include personal authentication as well as cryptology for maintaining secure databases that meet legal requirements (ASTM draft E31.20). It is felt that personal authentication based on signature verification best satisfies the requirements of compliance with legal regulations, low cost, high performance, and user acceptance. The proposed Phase I work includes: 1) collection of signature data; 2) research into signature verification algorithms for enrollment, signature matching, and updating (with a current prototype signature verification technology as a starting point and baseline); 3) development of a real-time prototype; 4) thorough testing and evaluation of performance and feasibility; 5) investigation into how to effectively integrate signature verification into database and network security (in particular, integration with cryptographic methods such as digital signatures). The market for personal authentication systems is potentially very large, including database and network security, general computer security, access control to sensitive areas, financial transactions, and anywhere else sensitive information is electronically stored. For electronic transactions to become widely accepted, a computer-based personal authentication system such as signature verification is needed.
