Digital signing of web document
Question
I want our staff who have iPhones to be able to get members of the public to digitally sign a document which starts out as a Spring based web-form.
This form is only present on our intranet and only completed by our staff.
My research so far has considered a number of possible solutions:
- Electronic wet ink signature on the screen of the phone;
- Using the fingerprint scanner on phone to capture a specific finger of the member of the public and store it digitally;
- PKI system;
The purpose is to prove a particular person signed a document.
1 technically possible, but doesn't count for much as it could easily be copied.
Is it possible to capture a fingerprint via the browser and javascript on a iOS device?
Can 3 be made to fit this sort of scenario?
1 answers
solution1
1 2019-03-26 20:49:11
If you are trying to guarantee non-repudiation of the form by the member that signed it, I would recommend to use 3.
The process could go like this:
- A key pair
(K+, K-)(public, private) is generated for the user - The document is signed against
K-(information_input_by_user) - You store K+ together with your user's records in some database.
- Fetch K+ from the database and use it to prove the user is the authentic author of the signature
Note: information_input_by_user in line 2 could be any personal information related to the user (his own input) used to authenticate him.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.