The use开发者_运维问答 case: to sign a electronic document, users view the document, and if they agree take a picture of themselves with their webcam (done through Flash from the browser). Then a PDF is generated containing the document and the picture in place of signature.
This is a biometric signature, which is not as strong as a digital (cryptographic) signature, but stronger than having users draw their signature, as a photo is harder to forge than a drawn signature.
Has anyone seen this technique being used on an existing web site?
This idea isn't secure by itself. When talking about digital signatures, we are looking for these properties:
- It is easy to verify that the signature is authentic.
- It is nearly impossible to forge a signature
- The signature applies to a certain document (or message), and cannot be transferred to another document.
Your method fails at all three:
- It is hard to verify a signature, unless you already know the signer visually (also take into account that blind people do use computers)
- It is very easy to forge a signature.
- The signature can be easily transferred to another document, and it isn't possible to verify that the signature and the allegedly signed document match (since there is nothing that binds the signature to the document. PDF is not secure in any way!).
What if I put up a picture of Jon Skeet before the webcam (seriously)?
This technique would be gimmicky but has very little real-life security benefit imo.
A photo is harder to forge? I think a photo is quite easily to forge. If you take a picture as someone, and use software to let the flash app take the picture as a photo, you have signed the document without the owners consent.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论