Click here to Skip to main content
15,311,717 members
Please Sign up or sign in to vote.
4.00/5 (1 vote)
See more:
What constitutes a "legal" digital signature for a web form (not a document)?

OPTION 1: I worked on a project where a doctor makes notes on the health of a patient. When the web form is submitted a PDF is generated and digitally signed with a digital .CER certificate and the PDF is saved to the file system. Each doctor had their own .CER file and password which was a real PITA to maintain and the overhead of generating, storing, and backing up PDF's is quite high.

There are also third-party solutions like CoSign which allow the user to authenticate to CoSign as the form submits and, if properly authenticated, somehow digitally signs that form. I believe all of these solutions require an export to various types of documents and then storage of the document and require the end signer to have an account with CoSign. That isn't going to work...

All of these signatures require the data to be stored in a document which is not ideal for many projects.

OPTION 2: I went to the Microsoft store at the Mall of America and purchased a new Surface (to be later returned :/ ) and when checking out they gave me a tablet (ironically it wasn't a Surface) and a pen and I jotted down my signature. Another example is the Square app which also requires the user to jot down their signature on a touchscreen of some sort. I would assume the signature is stored as an image somewhere in a database but does that constitute a "legal" document?

I've worked at a small medical device company which had their doctors evaluate tests on the web and digitally "sign" their evaluation, but all that did was upload an image of their signature saved in the database.

OPTION 3: Yet another way I've seen this done is when filling out my FAFSA for college tuition aid back in the day. They'd ask you to review the terms, yada yada, and then at the bottom I had to type in my full legal name "as it appears above" and the submit the form. What are they doing behind the curtains??

The project I'm working on is a simple one-page contract for a construction company which explains all of the services to be rendered and requires a signature and date. The electronic version of this form would collect all of the required data in a web form and save it to a data store.

My initial reaction was to provide a <canvas> based HTML5 element that can be signed on an iPad or something. Does the data need to be exported to a document and then signed using a digital signature or can the data be legal and "signed" in the data store?
Updated 4-Feb-13 7:23am
Mike Meinz 4-Feb-13 14:22pm
You probably need to consult an attorney and the company auditor. At my company, the attorney's and auditor's opinion was that we were ok if we had a defined procedure that identified the person and then stored the associated documents so that other users could not change them. We developed a DLL that our programmers could use that asked the user to type in their Microsoft Active Directory password (The same one they used to login) to verify their identity. They programmers used the DLL to verify identity and then stored the data in SharePoint with appropriate access permissions on the SharePoint library or in a database with appropriate access permissions.

1 solution

I agree with Mike, you need the company legals to define how strict your requirements are.

You need to ask who do we trust, if the data is just in the database, do we need a system that prevents a DBA modifying supposedly signed records??

I know of a system used to track drug samples left with doctors. The regular transactional records were in the database, but a separate encrypted Blob was stored with the same information, and the Drs captured signature. This was encrypted with sales rep logon account. This was the record for legal purposes (and approved by the FDA).

Thus it was tamper proof - a dba couldn't manipulate the Blob data, as they couldn't sign a different record, yet the regular transactional data was available for reporting, etc.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900