The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

e-signature

we are trying to figure out some solutions about e-signature (digital signature) process for insurance applications. I think the best way for us is generating the signature pdf file and store it. is there any component that we can integrate into our website? what kind of standard we need to meet?
thanks.
Estelle Li Send private email
Monday, April 28, 2008
 
 
You seem to be quite confused.  A digital signature is a cryptographic construct used to identify the source of a message it has nothing to do with an actual signature. A message is signed by hashing the message to save on space then encrypting it with the signer's  private key.  To verify the signature you compare the hash with the result of decrypting the signature with the author's public key.  For more info see the wikipedia article.
Brian
Tuesday, April 29, 2008
 
 
Some statutes:
http://en.wikipedia.org/wiki/Digital_signatures_and_law
http://www.ftc.gov/os/2001/06/esign7.htm

Something about digital signatures:
http://en.wikipedia.org/wiki/Digital_signature
http://en.wikipedia.org/wiki/Electronic_signature

In the case of ESIGN, you should be able to display the digital doc for about the next 10 years.
Peter Send private email
Tuesday, April 29, 2008
 
 
I don't think the OP was meaning to store a pdf of an actual signature, but rather to generate a pdf document containing the information to be signed (probably at the final state of the workflow), and use the built in facilities in Acrobat to sign it and store in the system.

Wednesday, April 30, 2008
 
 
We've started using Adobe Certified Document Services to secure PDFs and this has worked pretty well.

I can strongly recommend GlobalSign for this:

http://www.globalsign.com/adobe-cds/index.htm

(And no - I'm not connected with GlobalSign).
Arethuza
Wednesday, April 30, 2008
 
 
thank you all. As an example, the current workflow is

1, the application enter the personal information online,
2, generate the PDF file of the application form,
3, print it, sign, and mail to some place for processing

The question is, what we need to do to replace step 3 with the e-signature or eSIGN? And how do we approve that the person ‘signed’ the document is the applicant?
Estelle Li Send private email
Wednesday, April 30, 2008
 
 
Oh well then I am the one who is confused.  I think as was pointed out in the links above, a web page that is secure(https password protected etc) can have a click here to sign document button, and the document is considered legally signed as long as you can show security to be pretty good.
Brian
Wednesday, April 30, 2008
 
 
I think what she's wanting is non-repudiation.

And for that to work, you need to prove that the person at the other end of your web session is who they say they are.  And that's a tough job at the current state of society.
xampl Send private email
Wednesday, April 30, 2008
 
 
We do have https & password protect, so the digital signed PDF could be a legal provement equavilent to fax or voice recording, right?
Sorry if I ask too many questions. I will consult the solution provider such as globalsign. Thanks again.
Estelle Li Send private email
Wednesday, April 30, 2008
 
 
Actually, I should have asked more about your requirements: we are using Adobe CDS to secure PDFs so that the authenticity and integrity of the documents is evident to recipients.

If you need people to sign PDFs and return them to indicate that they have agreed to somethig then this is slightly different (although if it is anything serious then having a certifying signature on the PDFs before they are signed is probably a Good Thing).

My biggest concern about getting end-users to sign documents is the need for them to have their own digital certificates - they should be able to use the latest version of Reader to actually do the signing, but they still need to have a certificate and you'll need the extra-cost options from Adobe to allow you to generate PDFs that can be signed in Reader.
Arethuza
Thursday, May 01, 2008
 
 
I agree with Arethuza. Each user would have to have his own certificate containing a public and private key so you'd have to direct all users above to a subscription service like Digicert or Verisign.
Ezani
Monday, May 05, 2008
 
 
Depends on exactly what you want.  One solution is to try our service EchoSign and use our widget to post a PDF insurance application form to your website, where it can then be filled out and e-signed.  The e-signed forms then are auto-routed to any email address desired.  An example is here: http://www.formerator.com.  You can try it for free.  Companies such as the Maryland Automobile Insurance Fund and the Indep. Insurance Agents of Texas use this widget.
Jason M. Lemkin Send private email
Wednesday, May 07, 2008
 
 
We already have a PDF file, which we right now print and sign. can we post it to your widget? and can your widget be integrated into our website? thanks
Estelle Li Send private email
Wednesday, May 07, 2008
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz