While my Acrobat plug-in for PGP is taking shape, I am unhappy with PKI in general.  One idea I am going to be exploring soon is using voice to sign documents.  I don't know if signing by voice qualifies as E-SIGN.  Filing tax returns with voice signature seems to be disallowed since 2000.  Voice signature products seems to be out there, but not wildly popular.  Still the idea could be fun to play with.

What I am thinking of works like this.

Registration by Phone - a user either calls from or is called at certain phone number known to belong to that person.  The user is asked to repeat a few short sentence.  Recording is stored and analyzed.

Registration by Web – a user reaches a web page by e-mail or simply browsing.  The web page has an embedded voice recording control (could use Flash for this).  The user is asked to repeat a few short sentences displayed on the web page.  Recording is stored and analyzed.

Signing – Clicking on a web page or an Acrobat form with signature field brings up the voice signing plug-in.  The user is asked to say something like "I, Don Park, have read the entire contract and agree to all terms."  Recording or some derivate of the recording is saved into the Acrobat file.  The user may optionally call a phone number to make a recording which is then fetched by either the client or by a server, either during signing or during verification.  User may be asked to punch into the phone an extension displayed on the web page or type in a number given over the phoneline into the web page.

Verification – There are many options on verification of a voice signature, starting with doing nothing until a dispute arises.  In a typical business settings, voice can simply be played back to be recognized by a person who has communicated with the signing party before over phone.  Voice analysis can be applied, of course, to verify that the voice is that of the same person who registered.