5 Replies Latest reply on Oct 8, 2013 4:13 PM by IsakTen

    requiring signatures


      Our organization is creating fillable forms using adobe xi pro. Up unti now we have had the user print pdf files from out website, complete and mail in, including parent/guardian signature and student signature.  If we include signature fields in the form, how does one know if the person who sbmitted the "signed" form is really a parent or guardian. Anyone can create a digital id with the instructions adobe provides. and then complete the form. I am curious if any other members of the forum have this situation and how they solved it.

        • 1. Re: requiring signatures
          MichaelKazlow MVP & Adobe Community Professional

          If someone walks into a bank with photo id and swears before a notary, that they are the guardian or parent of someone, how do you know if they are not lying. If someone walks into court and swears before a judge, you still do not know they are telling the truth. A digital id is no more proof than a regular id. There are different forms of digital id. Some will make it more sure that the person is who he/she says they are. They never guarentee the veracity of the statements they make.

          • 2. Re: requiring signatures
            George_Johnson MVP & Adobe Community Professional

            With self-signed IDs, you have to set up a direct trust relationship. A signature cannot be fully verified unless you add a particular users digital certificate to your list of trusted certificates. You should only add a trusted certificate if you are sure of the source. You can be sure of the source if someone hands you a flash drive with a signed document, if you receive a signed document from a user via email 1 minute after you ask them to send it, of they submit a signed document to your web server that has access controls (e.g., username/password) that's secure, and a number of other ways. If you have a system where just anyone can submit a form, without you first getting a signed document (or separate digital certificate), then you can't trust the signatures.

            • 3. Re: requiring signatures
              Bernd Alheit Adobe Community Professional & MVP

              Up unti now we have had the user print pdf files from out website, complete and mail in, including parent/guardian signature and student signature.

              How did you check the signatures in the past?

              • 4. Re: requiring signatures
                yla_john Level 1

                Actually, since the form was coming to us from parents or adult advisors etc we do not really have a way to verify. I think what we will do is have some boxes to check that they “agree to …” type language and just have them fill in the names.




                Thanks for the help



                • 5. Re: requiring signatures
                  IsakTen Level 4

                  To securely use digital signatures you cannot use self-signed signing credentials (certificates). Each potential signer needs to procure a signing credential (digital ID) from a reputed Certificate Authority. This cosst money, those certificates are not free. Digital signatures signed with this kind of certificates attest to the following three parameters: document integrity -- document has not changed since signing; the identity of the signer and non-repudiation -- the signer is the original owner of the certificate (i.e. was not stolen).

                  The self-signed signing certificates, that you get for free, are not useless. They still attest to the integrity of the document (the document has not changed since signing). What they cannot do is to attest to the identity of the signer and that the signer was the original owner of the certificate.