10001110100110101
Here's an interesting topic to look at: Signature pads. We're looking into integrating signature pads into our product and I had originally thought that this was a simple "link an image to the data" sort of deal. However, after doing a bit of reading I have now realized how insecure that method is and that a better method to authenticate and encrypt the signature is to keep track of the raw pen events.
I've got some reading to do.
Monday, September 25, 2006 at 08:32:31 (UTC)
Why signatures? Signature pads rarely capture a signature that looks like a normal signature. Is this just for delivery records, or for actual authentication purposes?
llamatron
Monday, September 25, 2006 at 14:56:43 (UTC)
I'm not sure. Some states require a signature to be recorded when a transaction is made and these people want to drop the paper portion altogether. I don't know what it will be used for, but I figure that if we're going to store signatures, we should do it as properly and securely as possible no?
QYV
Tuesday, September 26, 2006 at 13:46:43 (UTC)
Hmm yes, realistically if there is a legal requirement for the signature, you'll likely have a legal obligation to store the signature accurately and securely.
Ahh.. just read that doc you linked to - interesting set of requirements, particularly in terms of linking the "doc" and signature to prevent alterations. (The doc being your transaction event.) Well done being a developer who actually reads something instead of implementing crap. =D
llamatronica
Tuesday, September 26, 2006 at 15:29:17 (UTC)
Well, knowing what to do does not preclude the possibility of implementing crap, but at least we know that we would be implementing crap. (Although I hope that we will not implement crap.)
QYV