JEDDAH, 9 November 2005 — Digital signature, public key infrastructure (PKI) and smart cards have been around for more than six years, but they have been proven to be very complex to use and implement and very expensive to build.
Amazingly, a Saudi company has come up with a system that provides solutions to Internet security of e-business transactions and makes printed documents fraud-free. It can be adopted with ease of use.
The system, Electronic Certification & Authentication (EC&A), is an online service for performing authenticated e-business transactions. These include printing certified documents and verifying that these certified documents are authenticated. It provides a complete end-to-end solution to information security needs to certify and authenticate users and documents on the Internet or the Intranet.
“Our EC&A system uses the biometric features of handwritten signature in addition to a password as a way to identify and secure users performing transactions online,” says Mohammed A. Geoffrey, chief executive officer of the Jeddah-based House of Development Company (HOD).
“It was when the Internet came in business in a big way that we started working on solutions and came up with one that truly and correctly authenticates signatures,” he told Arab News in an interview.
Geoffrey said the system captures signatures using an electronic pen and a digitized pad connected to PCs or by using tablet PCs.
“The system verifies captured signatures by sending them online to the server to match the static and dynamic features with the references of signatures stored in the system database, which elevates accuracy in matching signatures to a very high level,” he said.
“Because signatures are different every time, each signature is stored in the system database with a time stamp and each signature captured is also verified for uniqueness. This feature provides a security firewall for hackers that try to sniff signatures for future use,” said Geoffrey, who studied computer science in UC-Berkeley, Sacramento State University, and graduated from St. Thomas University in Miami, Florida.
He was among the first to win a scholarship from Petromin to study computer science abroad.
After the engines verify that the signature matches the reference within the predefined threshold, the transaction approval is granted. A certified document of the approved transaction can be printed online on a printer connected to the user PC. The document is verified by scanning the document, reading the 2D barcode that is printed on these documents and displaying the decrypted information coded in the 2D barcode. The documents can also be verified by retrieving the documents information from the system database, he explained.
“We use the kind of devices which everybody uses — the pen and a pad or the tablet PC. We used it in the past for drawing and capturing signature. It now has enough pressure to simulate the regular pen at very close to 100 percent. Once you sign the document, send it over the Internet. There are engines proven to verify with a high level of security and accuracy and then return the results by either matching or not matching the signature.
“If it does not match, it will not let you in and will not complete the process. So this will be the security requirement for identifying the person sitting on the Internet unattended,” he said.
“People think fingerprints are better than signatures in e-business. Fingerprints are good when they are attended in capturing. You cannot verify the identity when they are unattended. So fingerprints are not safe in e-business transactions,” he added.
In fact, the HOD system provides the missing links in securing e-business transactions from start to finish. These systems enable beneficiaries to perform their transactions, to print and verify their documents with a very high level of confidence and security.
The system, which is “very easy to use and deploy,” saves time and effort in issuing, approving, printing and verifying e-business transactions.
“It offers a solution to regain the confidence lost in legal and financial e-business transactions,” he said, emphasizing that using the system is an effective way to combat fraud, which will recover the money lost in legal or financial frauds.
In fact, the system has introduced a new concept in document archiving by storing all of the documents components — texts, images, signatures and biometric data — in the systems database. The system can be used at any time and from anywhere.
Geoffrey said the system can be used to provide electronically authenticated services to users in governments, financial institutions, insurance companies and private enterprises. It allows the users of the system to print certified documents online and provide an automated procedure to verify offline or online that these certified documents are free from fraud.
These systems can be used to issue permits, IDs, passports, certificates, checks, policies, decrees, invoices, purchase orders, and any documents that have a legal or financial value.
For national IDs, many countries are using the smart card — one card that has every detail of the holder. Smart card is now a technology of the past. That was the time when there was no Internet and not much connectivity.
“Today, we need a tool that makes such cards fraud-free. With our technology, you can have the national ID 100 percent fraud-free. At the same time, with the Internet, you don’t need to have all the records of the holder in one single card since you need to update the records from time to time. The national ID has to be 100 percent fraud-free. I have the barcode, which can be read by any WIA Twain-compatible document scanner. So you don’t need to have specialized or expensive barcode readers. You can check the validity of the card by inserting it in any WIA Twain compatible document scanner and verifying it by our verification software,” Geoffrey said.
“I’ve registered patents for the EC&A system at King Abdul Aziz Center for Science & Technology in Riyadh and various patent offices around the world in the GCC, ECC, United States, and China. “The ready acceptance of our security solution for e-business is due to its ease of use and competitive price,” he added.
HOD’s EC&A system, which consists of several modules that can be used by different users, complies with IT standards and industry approved best business practices, with its technologies tested by certified laboratories, Geoffrey emphasized.
