Sign Your Name Online With A Mouse

icke writes "Soon, the way you use your mouse could help prove who you are. According to a BBC News article, scientists have found a way for people to sign their name online using a mouse instead of a pen. The technology, based on the research from Queen Mary College, University of London by Peter McOwan, 'uses a neural network to pick out the unique features of the way that someone uses a mouse.'"

How hard do you have to squeeze

[egg troll]

To get ink from a mouse? Yeesh.

Re:How hard do you have to squeeze

[Anonymous Coward]

I keep trying to write with a mouse, but the ink seems to keep coming out in little pellets... maybe it's time to replace the mouse balls?

Re:How hard do you have to squeeze

[EmbeddedJanitor]

I tried and the fscking thing bit me!

Re:How hard do you have to squeeze

[Warped-Reality]

It's just like getting baby oil from a baby..

This would be easy to fake

[Megor1]

You could just record the mouse movements with some macro software and then play it back whenever it asks for their signature.

Re:This would be easy to fake

[swtaarrs]

If the software is smart, it will look for perfect reproductions which no human would be capable of and give an error if it detects one.

Re:This would be easy to fake

[Anonymous Coward]

Yes, but if the human is smart, they would modify the playback macro just slighty, and in a believable way such that the algorithm determines that it is a valid signature.

Re:This would be easy to fake

[E_elven]

Because we all know that *actual* signatures cannot be forged and the clerks at stores are really hawk-eyed when it comes to making sure the customer is who they say they are.

Re:This would be easy to fake

[untaken_name]

The signature on my credit card says 'Check Photo ID'. Not one clerk ever has.

I represent the opposite end of that spectrum. I got a Visa check card because I was sick and tired of having to show a photo id (with a photo already on my credit card). The commercials would seem to indicate that Visa check cards require no extra ID. However, I get asked for ID about twice as much now as I did before (with a regular credit card). I mean, my picture is RIGHT ON THE DEBIT CARD. *sigh* Why do you retail idiots ID

Re:This would be easy to fake

[s88]

" If the software is smart, it will look for perfect reproductions which no human would be capable of and give an error if it detects one."

Why do you not assume that the macro software could be "smart" and simply add some white noise to the playback?

Re:This would be easy to fake

[c0dedude]

And if the human is smart, it will design software that embeds flaws.

Re:This would be easy to fake

[krymsin01]

Well, I suppose it'd be trivial to check an see if one of the last couple hundred times you signed your name is am exact match (something I think only a macro, and not a human, could do), and if so, reject it.

Re:This would be easy to fake

[Andrewkov]

If you've ever tried drawing anything with a mouse, you probably agree that it's not easy .. I probably couldn't even write my name and have it be recognizable as being written by the same person, let alone be an exact digital match. Maybe I'm a spaz on the mouse, but I know for a fact I'm *much* better than the average Joe-Sixpack type I see at work. So I have a hard time believing this concept will work. Stylus tablets is another story, though.. If only everyone owned one of those! :-)

Re:This would be easy to fake

[David Leppik]

I know I can't sign my name with the mouse. I'm left handed, but I use my right hand for the mouse.

It's a habit I've had since my dad bought a 128k Macintosh in 1984. The mouse cord simply wouldn't strech over to the left side.

Re:That's the point though..

[whereiswaldo]

Interesting, but there's a big problem with using a mouse to write a signature: moving from machine to machine. The ergonomics are totally different between machines, for one thing. Plus, different brands of mouse. What about mice with the thumb-rollerball? Or notebook touchpads? Or optical mice vs. crappy old mice with crud stuck in the rollers?

...lest we forget the lefties...

[uptownguy]

...let's not forget us lefties out there. We are using the mouse at a totally different angle then the righty -- unless, of course, we are forced to sit at someone else's machine -- in which case we can use the mouse but our dexterity isn't what it could be...

Except for those of us who have broken down and always use the mouse on the right side. Not sure what to say about that.

(My personal opinion is that lefties who switch their mouse buttons are just weak and only add confusion to the mix...but it is

Re:This would be easy to fake

[localghost]

And pens won't work either, because you can easily photocopy a signature and trace over it. Oh well, back to the drawing board...

Re:This would be easy to fake

[srmalloy]

And pens won't work either, because you can easily photocopy a signature and trace over it.

Actually, the anti-forgery algorithms that have been developed can tell when you're doing that; the better algorithms don't look for the outline of the letters you write (sign your name five times, and there will be differences between them), but instead look for the patterns of movement and speed while you're writing your name; if you're tracing a signature, your pen movements are going to be very different than

Re:This would be easy to fake

[G4from128k]

Obviously if someonce can log the mouse motions with an accurate timestamp, then they can replicate the signature. But then EVERY computer-connected biometric ID system is potentially susceptable to interception/replay of the biometric key signal.

In the case of this system, an arms race between the forger/loggers and the ID systems company would then ensue. The first countermeasure to mouse-loggers would be rejection of identical traces (as others have suggested). To this forgers would add statistical noise to the trace. The ID company would then need to create a more sophisticated statistical test that rejects traces that did not vary enough while staying within the statistical bounds of the 20 training samples that the systems asks for. An SVD on some transform of the sample signatures would help uncover both the strongest and weakest modes of variation. Signatures that did not match on the main pattern and did not vary sufficiently in expected way would be rejected. This would prevent either direct play-back or a simplistic addition of noise to the mouse trace.

The presence of both a predicable static pattern (the "average" signature) and modes of variation (because people don't actually sign their name identically to the nanometer/nanosecond) makes this biometric key better than other more invariant biometric features that can be copied.

Re:This would be easy to fake

[jackb_guppy]

Which then leads:

Why do people sign electronic pads at stores when they use credit cards?

You have just placed your last protection of who you are in a computer system that you have no control over.

Real dumb.

Re:This would be easy to fake

[gfody]

everytime I sign one of those computer pad things (like at best buy). the sample rate is so slow that my "signature" ends up being five or six lines in different directions and it NEVER looks the same twice. whats the point of signing the thing? for a while now when I sign those things I just put an "X"

Re:This would be easy to fake

[paRcat]

I wrote the software for my company's delivery handhelds that captures the signature of the person accepting the merchandise. I came up with a fairly novel way of storing the data so that each sig only uses ~1K... which makes it easy to send over a CDPD wireless connection to my server. At this point I have about 33000 sigs in a database.

The thing is... I really doubt this would be useful for 'stealing' an identity. Sure, when you're talking about credit card sigs, it might be slightly different, but r

Re:This would be easy to fake

[quinkin]

"...EVERY computer-connected biometric ID system is potentially susceptable to interception/replay of the biometric key signal."

Well, a Challenge-Response mechanism that uses some sort of biometric feedback mechanism would seem to be the standard crypto authentication approach to this problem.

For example: use a subset of the bio-key to sign a packet, returned packet counter signed by authenticating service including a challenge mechanism (ie. pseudo-random light fluctuations to emitter in retinal scanner, measure and return eye muscle contraction patterns). This concept could possibly be implemented in the current system of 'mouse signatures' by the authenticator specifying a glyph or pattern for the user to input, rather than an (relatively) invariant pattern.

This does not exclude the possibility of compromise (even a 'statistically perfect' crypto algorithm can be extremely poorly implemented) but it would raise the bar - both in terms of complexity and time dependency.

The only perfect cryptographic solution is to not record anything, anytime, anywhere, ever...

Q.

Re:This would be easy to fake

[gfody]

or make the challenge a game of tic-tac-toe with a tic-tac-toe schema generated by the authentication server to be unique strategy/behavior/timing so to extract some psuedo-psychological biometrics from the user.. the tic-tac-toe engine would used signed schemas generated by xml via .net framework distributed to the thin client for decryption. its fun to pull shit out've your ass on slashdot isnt it?

Re:This would be easy to fake

[cpuffer_hammer]

The system could ask the user to also write something, (like the date, the name of the product, or the PO). This would make it hard to have the correct recording including all the connected letters. Of course this also make the training/preperation before the system can be used the first time harder.

And hard to get right

[MacGabhain]

I use a trackball that's controlled by my index and middle finger at home and in my office.
(Yes, I have an office. Neener-neener.)
Most computers have mice.
I can't imagine that the motions of my whole arm for a mouse (or my thumb for the other kind of trackballs) would mimic those of my two fingers closely enough for me to sign anything anywhere that doesn't have the same or similar trackball that I'm used to.

Question

[AnimeFreak]

Would a signature created with a mouse be legally-binding?

Re:Question

[chill]

Would a signature created with a mouse be legally-binding?

Many of laws now on the books in the U.S. allow a digitial signature to be binding if all parties agree on the digital method used.

So, if you can all agree on wiggling the mouse for a sig, then it can be legally binding.

interesting

[Perianwyr Stormcrow]

So, is a digital signature valid for the agreement that authorizes the use of the digital signature?

What about the agreement for that one?

Re:interesting

[chill]

So, is a digital signature valid for the agreement that authorizes the use of the digital signature?

What about the agreement for that one?

Depends on the State. Many "agreements" are verbal, with witnesses. For long term use, like with a bank or financial institution, the initial agreement is either written or witnessed.

For example, some places have you click an "I Agree" button, but a human verifies that it is you. Well, they check and ID or something. After that, you can sign things remotely.

Re:Question

[Eivind]

Actually, all agreements where all involved parties agree and are aware that they're entering an agreement are legally binding. Yes, even a verbal agreement is fully legally binding.

The problem, ofcourse, is to prove exactly what was being said, with enough of a context that it's clear that all parties understood they where entering an agreement.

Paper and signatures are useful because it's a traditional method of finalising an agreement, thus when someone is asked to sign a contract, it's assumed that t

Warning:

[Exiler]

Vertical motions detected. Credit authorization failed.

Thank you for shopping at Victoria Secret.

How About...

[Suhas]

...I know all the kbd shortcuts and rarely use my mouse....err... ...You Insensitive CLOD!

Your John Handcock is not secure

[Dancin_Santa]

While it may be a huge flourish that impresses the ladies, your signature is not as secure as it would seem. Forgeries are easy to make by skilled criminals.

Use a cryptographic key to sign. You'll be glad you did.

Re:Your John Handcock is not secure

[heli0]

"Your John Handcock"

Honest mistake, or Freudian slip?

John Handcock

[shigelojoe]

He was probably talking about the pornstar. And if there isn't a pornstar named John Handcock, there damn well needs to be one.

A lack of John Handcock is un-American(TM), dammit.

Re:Your John Handcock is not secure

[s-orbital]

A freudian slip is where you say one thing, and mean your mother.

Your 4096 bits are not secure

[achurch]

While it may be a strong key that impresses the geeks, your cryptographic key is not as secure as it would seem. Viruses are easy to make by skilled hackers.

Re:Your John Handcock is not secure

[OmnipotentEntity]

The added fact that most skilled forgeries are identified by the depth of the pit in the paper (ie how hard you press down at certain points, you can imitate a shape but if you imitate it you're not doing it naturally and that shows in the patterns of heavy vs. light inking), and not by the shape of the writing, that makes the mouse signature doubly insecure. Any idiot can trace a pattern of pixels if they see it a few times.

___________

Re:Your John Handcock is not secure

[BradleyUffner]

"Yeah my signature gets me laid ALL the time.

"

Perhaps you should switch to paper instead of snow. That minght help.

Move to a new mouse?

[jpsowin]

And what happens when you change to a different type of mouse? My change to wireless optical was quite a change which took some getting used to, and I'm sure it didn't "sign" the way I used to. Or whatever. :)

Works great

[Gay Nigger]

Until you get a wireless mouse. I've got one of those expensive Logitech mice, and even then, it moves erratically without warning. Not exactly good for predictable signatures, if you ask me.

... even easier with a pen mouse.

[OzPixel]

My girlfriend had a pen-shaped mouse for a while, (wrist problems), and I'd imagine signing would be much more "natural" with one of those. Neat idea, though ...

David.

Re:... even easier with a pen mouse.

[jpmkm]

It's not a signature in the sense of signing a contract with a pen signature. It just detects different characteristics of how you move your mouse, which ends up being pretty unique. The article says it can be your name or some other identifying symbol. I don't think it really has anything to do with being "natural".

Re:... even easier with a pen mouse.

[questamor]

Curiously, I've been using a mouse for graphic work since 1985. I can sign my name much more naturally and fluidly with a mouse than on paper, or on a graphics tablet.

It's all in the experience. I wouldn't be surprised if more of that happens in the future.

Technology

[mao che minh]

"The technology, based on the research from Queen Mary College, University of London by Peter McOwan, 'uses a neural network to pick out the unique features of the way that someone uses a mouse..."

...and probably easily replicable, since an actual physical presence is unneeded, and the ability to play back a "mouse stroke" will be a capable feat by any second year CS major.

Great

[Crashmarik]

Just what I need. Computers to tell me I'm not me when I sign my name. At least with people I could make a convincing argument.

Types of mouse

[Cavalkaf]

What about if you change your mouse type to something like a trackball or a laptop mouse? Your signature wouldn't work anymore, and you cannot access anything from other computer!!!

trackball

[scovetta]

I've got a trackball. After 3 years of using it, I still can't draw anything that even resembles what I want it to be. Of course, I can't draw with crayon or pencil either.

few questions

[leekwen]

will changing my mouse, maybe to a higher/lower resolution mouse, different shape of mouse, a touchpad, a trackball, etc. change my signature? if so, how is this supposed to work? signing my name with a different pen doesn't change my signature.

will this have any effect on those nasty EULAs? do i really HAVE to agree to them now? i may be wrong but as far as i know clicking "I Agree" doesn't mean anything.

what differences does this have with mouse gesture recognition software?

Hmm..

[DroopyStonx]

I don't think this will take off. Ever tried signing your name with your mouse? Reminds me of pictures I'd draw and put my name on when I was 4. When I use my credit card in person, each and every time I sign it differently so it DOESN'T match the signature on the back of my card just to see if anyone says anything. No one says a word. Even got away with signing "Blooooopy!" and no one noticed (no, my name is not Blooooopy!) If existing methods are trivial, how would this method work?

Re:Hmm..

[Greventls]

Yeah. I agree with you. I sometimes alter the spelling of my name when I'm signing and no one says a damn thing. It is pretty noticable if my name is mispelled, since it is very common. Maybe the software will act like the lazy bank tellers and cashiers and just not care.

yeah!

[alexandre]

We can finally write "signature sniffers" hehe..

what about the differences between mice?

[strider3700]

Will I have 3 signatures since On this box I have a trackman that I prefer to use. Sitting right beside me I have a standard old mouse and at work I have an optical mouse. All three take time for me to get used to again each time I switch. I have to assume that it's because I'm using them slightly differently, due to the feedback. As well if I change something like the mouse acceleration because things seem to slow one day It takes awhile for me to come back into practice. How Do they deal with these changes?

right....

[hawkbug]

Because I always use a mouse the same way, this will work great.... Not. I have many different computers, all with different types of mice and software. Trackballs, eraser-head laptops, trackpad laptops, and don't even get me started about different operating systems and the software they use. This is not going to work for many reasons, and I hope business realize this sooner than later.

Re:right....

[oshy]

Not to mention people like my parents. They are starting out in the world of computing in their 'later years'.
Sometimes it dificult enough for them to get the mouse to click on things accuratly. How would they be expected to cope with it.

Oh and how secure is the system? Well I'm right handed, but use the mouse left handed (annoys the hell out of anyone sitting at my desk) so how would I have to sign it. The angle of stroke would vary between real world right hand and virtual world left hand.

Signatures

[jakek101]

Signatures are useless, there are no good way to check them. Hell, my signature seems to change every time I write it and nothing happens. The mouse signature will be at least slightly secure if there is software to check it. It would really be best if we switched to a differnt system for this kind of stuff. Thumb print or something. I know you can reproduce someone's thumb print, but it's not THAT easy.

Another odd idea that'll never work

[Rosco P. Coltrane]

"It's another way of indicating that you as an individual are sitting there on the end of the line."

Easy to fake with a mouse movement recorder.

Oh and what about people who use a trackball? does the smart biometric layer apply to those hand movements?

And the other obvious question : wouldn't it be easier to simply teach people why they should use properly formed passwords that are not "mom", "dad", "john1" or "s00persekrit"?

In short, yet another far-fetched solution to solve a non-problem.

Teaching about passwords is "easier"?

[ianscot]

And the other obvious question : wouldn't it be easier to simply teach people why they should use properly formed passwords that are not "mom", "dad", "john1" or "s00persekrit"?

Hmm. Why don't we ask the couple of generations of IT people who've tried to teach people this very lesson? Maybe they have something to say about that one. I could start with our call center: their number one call every month for the last five years has been "Please reset my password" despite several "education" campaigns.

People

Similar biometrics don't work

[thepacketmaster]

After recently studying for the CISSP, I learned a great deal about biometrics. The most accurate biometrics include things like iris scans, palm scans, retina scans, etc. These are so accurate because they measure characteristics that are totally unique to individuals. Signature dynamics and keystroke dynamics are some of the most ineffective biometrics around. A big problem is they can be faked. While the article states that early trials are 99% accurate, it doesn't detail how many people have actually tried this system. (A test group of 10 wouldn't be very good.) It also doesn't mention if they tried to fake it out. The real world is a harsh place on biometrics.

dudes, they're lying

[bongobongo]

it's just ms paint with a web front end and a bunch of offshore labourers visually verifying each one !!!! ! !!

it's 99% accurate because of carelessness and post-lunchbreak bloat factor

Re:dudes, they're lying

[WickedClean]

And don't forget about the pothead interns who stayed up all night drinking Natural Light and watching Cosby reruns on Nick at Night.

mouse only?

[thung226]

I use everything from a mouse to a touchpad to a roller ball.... is my signature the same using all of these things?

How will it know? I'd get really annoyed if I had to plug in a mouse on my laptop to sign for something.

Is this like Cybersign?

[G4from128k]

This looks like a variation on what the folks at Cybersign do. Their technology [cybersign.com] is based on matching the dynamical pattern of motion, not just the X-Y coordinate trace. A forger would have a hard time copying the variations in speed that the actual person uses even if the forger traces the same path or tries to "get good" at the signature.

Re:Is this like Cybersign?

[AEton]

A forger would have a hard time copying the variations in speed that the actual person uses even if the forger traces the same path or tries to "get good" at the signature.

Yeah, your kid brother would find it difficult to replicate your computer's behavior with another computer.

Your neighbor hacker would find it a challenge.

(and probably not a particularly hard one)

Doesn't sound promising

[jtheory]

A forger would have a hard time copying the variations in speed that the actual person uses even if the forger traces the same path or tries to "get good" at the signature.

The problem is that the actual person may also have a really tough time reproducing the same speeds, patterns, etc. in their signature.

This is why handwriting analysis/comparison is almost always inadmissable in court -- it's too variable.

The reasons for this are especially apparent when you look at the handwriting of people like myse

Variations in signatures are OK, even good

[G4from128k]

The problem is that the actual person may also have a really tough time reproducing the same speeds, patterns, etc. in their signature.

That is the entire point of a modal analysis of the signature. It captures not only the central tendency of the signature, but also the characteristic modes of variation. The idea is that everyone's signature varies in amounts and ways that are unique to that person. Some people might vary more on the first letter, the heights of letters, the shapes of loops, slant, th

Will failure automatically be "fraud"

[LetterJ]

I ask mostly because my signature is pretty "loopy" and occasionally the little boxes that people want me to sign in are too small and *I* wouldn't consider the result to be a "match". None of my credit cards looked like my real signature until I started just signing them with a Sharpie and going outside the box.

pretty darn useless...

[Lumpy]

So the "signature" is tied to a specific pointing device...

so your signature is invalid if you use a laptop with a trackpoint,touchpad, or use a track ball or a tablet and a pen, etc.....

Neat idea, 100% useless in the real world.

Now if you can get a reliable identifier (How about something as simple as a ibutton ring (www.ibutton.com) and quit trying to invent the unique personal identifier that so far is only out DNA (no, no dna testers on our computers than you.)

Identification has always been tied to a unique card, number, whatever given out by a group or agency. Why not stick with the same thing just update it with current off the shelf technology that already works?

www.ibutton.com I use it to log into my computers at home, unlock my doors and even start my harley....

Re:pretty darn useless...

[Lumpy]

instead of slamming something I found that rocks and am excited about, spend $20.00 on a few buttons and a reader and play with them.

you'll learn instantly that they are 100 times better than any smartcard and because you can wear them as jewelery AND set them up to requre a pin to access their contents (or better yet run a java app inside the button to report a hash....)

they are more secure than your eyeball...

roll ball mouses

[wmaker]

what about the mice that are controlled with your thumb, you know the ball that you move. i doubt it would work well with one of those mice

Bullshit alert

[exp(pi*sqrt(163))]

+5, uses neural network technology
+2, academic researcher
+2, academic researcher studying biologically inspired hardware and software
+1, biometrics
+1, researcher teaches multimedia
+2, researcher teaches computers in society
+2, no history of employment in real world
-1, degree in physics
------------------
+14, almost certainly bullshit

These journalists...

[TexVex]

Early trials of the system on students in the computer science department at Queen Mary showed that it was 99% accurate in spotting who was using a mouse to sign.

That could have been written better. Or does that really mean the system is only trying to distinguish who is signing with a mouse, as opposed to something else like a tablet or their tongue on a touch screen?

Another silliness

[tftp]

What was the problem they are solving? How again it is better than a password, or a X.509 certificate stored in your USB key?

I'd classify this invention as similar to Segway in its utter uselessness. Some laugh at people who ride Segway in a park instead of walking (as humans are built to do); in the same manner some would be laughing at people who are busily wiggling the mouse trying to buy something online, instead of plugging the key (or just their password) into the system.

Again we see an invention

Different devices

[sstrick]

What happens when I swap between my home computer (normal mouse) and my laptop (touchpad)?

Now I'm Confused

[the_mad_poster]

Christ... first thing I did when I read that was stop moving my mouse.. then the thought crossed my mind that by doing that, I was just setting up a new signature, so I started moving the mouse. Then, I started to think that maybe I was moving the mouse in my own special way, so I tried to make something up.

Then it occurred to me that I'm using lynx.

Writing with a brick

[pipingguy]

My pre-web skills are centered around the use of writing utensils.

I've got a Wacom tablet that receives signals from either a mouse or a pen.

I never use the pen. It's annoying and far too sensitive. The right Rotring [rotring.de] used with skill and responsibility, on the other hand, is a thing of beauty.

ok...

[Triv]

...so what happens when you switch from a mouse to a trackball? I can't imagine the physical actions are that similar and must throw off the measurements somewhere.

Triv

Hope Microsoft doesn't find out...

[anthony_dipierro]

We may see the click-through license replaced with the sign-through license.

How to Sign with a Mouse:

[Sophrosyne]

tape a pen (leaving it's lid on) to the side of your mouse and do your thing!
Maybe some mouse manufacturer will beat the crowd and include a pen like antenna that can be contained within the mouse, or taken out when needed.
Just a thought...

And the problem we're solving was ??

[richg74]

It's not clear to me that this is any more "secure" (in quotes because the context hasn't been defined) than a conventional signature (for example, made with a stylus on a touch-sensitive pad -- these are used by some places here in the US for credit card transactions).

It does, though, raise a related issue which troubles me: is it a good idea to use technology to remove the transaction from the realm of ordinary human experience?

If you use a conventional signature, the person on the other side of the transaction can at least make a gross check that the signatures (as written, and as on the credit card, for example) match. But, if I am understanding this proposal correctly, all the matching occurs "inside the machine". I worry a bit about the unintended side effects of this: "the machine is always right!"

(BTW, I think one has a very similar problem with some of the proposed electronic voting systems. Traditional ballot papers are not perfect, but I think that at least a normally intelligent person can understand the security model.)

Rich
SCO delenda est.

The first step....

[EverDense]

'uses a neural network to pick out the unique features of the way that someone uses a mouse.'

This is the first step along the way to creating the Terminator series of personal assassination cyborgs.
The simple neural network picks out unique features of mouse movements, just like the Terminators
pick out unique faces for termination.

All I can picture is...

[bob670]

my current PHB who can't wait for anything to open or appear on the screen and just clicks/types/mouses incessantly, no matter how large the program or file. I just have a visual of all his email and Words files plastered in his signature.

Purpose of a signature

[semanticgap]

Many (most?) people misunderstand the purpose of a signature.

The purpose of a signature is to be able for you to know that you signed it, not for someone else. I use different signatures at different times, but I know they are mine. To that extent, signing something with a mouse is just fine, for as long as you can tell _your_ signature appart from someone else's.

When a bank caches a check with your signature, they mostly don't look at the signature at all, and if they do, it's only a cautionary measure,

paranoia...

[magarity]

uses a neural network to pick out the unique features of the way that someone uses a mouse

Great... as if I didn't have enough to worry about. Now I have to start more erratically using the mouse so I can't be tracked... except that being completely erratic can be a recognizable trait... ARGH!!!

I've done something like this

[n0nsensical]

When I bought a ticket online from GrooveTickets [groovetickets.com], I had to sign this Flash applet [groovetickets.com], although I'm not sure how that alone is going to prevent theft because if someone was trying to use a stolen credit card, I'm sure they wouldn't have much trouble forging a signature on a Flash form with a reset button.

Screw That!

[msaulters]

Fuck doing that... I'm left-handed, but mouse right-handed. No way in hell I can write a siggy with my right-hand mousing. And I have a hard-enough time doing it with a pen in my left hand. Right-handers: try pushing a pen from right to left across a page sometime while making a legible or artistic mark. My WRITTEN signature isn't the same every time I do it.

I think if they want to truly be able to verify your identity, they'll have to eventually do some kind of real-time video verification where you s

Obligatory Clippy Joke

[AnalogDiehard]

Clippy: It looks like you are trying to sign up for pr0n. Would you like me to retrieve your signature facsimile for the credit card authorization?

Oh great. So now i need to check 2 cables

[hardaker]

That means I not only need to look for keyboard cable keystroke recorders, but I need to start looking for mouse recorders as well?

I have an IntelliMouse..

[E_elven]

..so my 'unique mouse movements' mostly consist of delta-v experimentations within the constraints of the mouse cord (and sometimes, beyond) and some expressly kinetic friction-impact procedures, accompanied by the occasional close-proximity functions by cat hair and various non-blunt objects.

the EULA of the future?

[Low2000]

There has been a lot of talk about how the EULAs of computer software are pretty much void. That simply clicking ?I Agree? means nothing and that the EULA of today wouldn?t stand up in court.

What about the EULA of tomorrow? If, instead of an ?I Agree? button we are presented with a ?Sign Here? white space, and the EULA states that by signing, both people agree that it is a binding contract?

See where I?m going?

Just don't have a stroke...

[tomdarch]

Or a major head trauma for that matter. I know it was high on your 'to do list' for this week, but if your identity is being confirmed by close reading of your fine motor skills, then scrambling your noodle is likely to cause you to not be recognized!

special mouse

[cosyne]

Ok, so the two problems we've pointed out so far are that 1: an attacker can just capture the mouse movements (a problem with any unencrypted data stream), and 2: the signal will vary with the type of pointing device.
If you really want to use a system like this (not that I would), just make a secure uber mouse which forms a secure connection to the mouse drivers (which also do the signature recognition), and require everyone to use that. Then the signature sequence is never seen in the clear unless someone

This is similar to Morse Code

[sQuEeDeN]

One of the legends of the early radio intelligence (and other classified military radio work) was that each coder (morse that is) had a very specific tapping style that was discernible by a trained professional. Such uniqueness was noticable even if the coder switched hands.

While this uniqueness didn't provide a surefire form of authentication, professionals who feared having a broadcast recognized would sometimes retire a coder after sending a particularly sensitive message.
Seems kinda like mouse analasys. You can't prove it's them, but it's another suggestion. Can't see how it'll be useful. The mouse is easy enough to hook into in the software side--it's by no means a secure device.

This won't work, and here's why:

[rice_burners_suck]

Yeah? What if the mouse on my laptop is a scratchpad, the one in my desktop is a trackball, the one at work is a traditional mouse full of dust, and the one on my buddy's IBM laptop is that red "dot" thingy?

It sounds like this system of verifying stuff won't work in the real world.

Trackman Marble SOL I suppose...

[The Lynxpro]

I guess its time (since this sparked my interest) to get a Wacom writing tablet and start taking advantage of the handwriting recognition built into OS X Jaguar... :0

A better (and fannier) one

[vvdd2]

There is a much fannier one (java required). Try it and you will find a lot about yourself

http://www.sitebits.com/2000/SIG/ [sitebits.com]

It is available since 2000.

MouseAlternatives?

[muffen]

I use a trackball at work, and a mouse at home. Try replicating the movement between the two, and you'll see how different they are.

Unless you are forced to use a mouse (not trackball, pen or weird device stuck to your head), this won't, IMHO, really work.

Mouse type

[danila]

Does that depend on the equipment used? Different mice have different characteristics. I am sure that there are still some recurring patterns, but will this software be able to recognize my signature, regardless of whether I am using an optical mouse, expensive mechanical mouse with heavy ball, clunky 5-button mouse, small cheapo "Noname" (tm) mouse with light plastic ball, gaming mouse, ergonomic mouse, etc?

Non-portable signatures.

[John Allsup]

If you're sat using the same computer with the same mouse and the ball's not getting dirty, etc.
then it may well work ok.

But, you cannot, e.g. sign something when using a friends laptop if there isn't a mouse attached. You can't sign if the mouse is dirty and jumps around a little.

I bet the 99% accuracy was when using identical equipment for each of the test 'signings'.