When was the last time you digitally signed a casual document such as a club membership agreement or a property lease? In most cases, it is "good enough" to capture an image of the signature and being able to reproduce it. The fact that a signature can be highly realistically captured
is a concern.
The business who captures signature images has the ability of signing any documents on behalf of the signatory. Such ability allows the ground for denial. Can a digitally reproduced signature withstand a court challenge?
Here we propose a digital signature format that compliments the graphical signature. It's a textual string that validates the authenticity of the signature. It's almost
as good as full blown digital signing systems. But its power comes from its simplicity.
A signature looks like this:
Each time when a document is signed, the signatory uses a "signature secret" that only he knows. The secret, combined with another pass phrase that's only known to the other signing party, is used to compute a Validation Hash against the Hash Challenge. In the above case, the Challenge is "ABC", and the Validation is "79DF20DAA401".
The same key combination is hashed against the document identifier "DOC1" to produce a Signature Authenticator "21CCBD5901E3".
When the signature is challenged, the signatory uses the original "signature secret" to pass the hash challenge. As long as the document identifier is unique and binding, the signature recipient can prove that it's impossible to reproduce the Authenticator without the knowledge of the signature secret.
Granted, this mechanism is not perfect. It does not link a signature to both the signing parties and the document. However, it does prevent the signature capturing party from forgery. It also protects the same party from signing denial. Now both parties are protected.