I work for a state Agency and we want to use digital stamps as our signatures on our internal documents. I have created the form in LiveCycle and I know that in Adobe Reader by default the stamp will use the person's sign on ID for the stamp and then the person adds their name and other information.
However, if the person right clicks the stamp, and edits the Identity and puts in another sign on ID number, such as their supervisor's and stamps the document, there is no way to tell that both of those stamps, with different sign on IDs and names, were created by the same person.
If there is a script I can enter in LiveCycle, that when the form is opened in Adobe Reader, that would lock the Identity field of a stamp created in Adobe Reader from allowing a change to the sign on ID, then that would solve our problem and maybe the problem for other state agencies wanting to follow suit.
The digital signatures are even worse. I made one in my name, my supervisor's name and my dog's name, attached them all to a document, validated all the signatures and they look absolutely authentic. Why would Adobe make digital signatures like that? If we could just find some evidence within the data showing that all the signatures were applied by the same person or on the same computer, then we could use them. But the stamps at least grab that unique sign on number that we use and applies it to the stamp if the user doesn't alter it.
I'm on a time crunch as we hoped to launch this after the first of the year but our attorneys are saying, "uh, uh" until something can be done to prevent fraud. We have over 3,000 people in our agency so EchoSign would be out of the question.
I'd appreciate any suggestions.
You will not get what you need using stamps, especially if you ever want to use dynamic XFA forms.
The digital signatures that were signed with a self-signed digital ID won't fully validate unless the user chooses to trust the corresponding digital certificate first. You should only trust a digital certificate if you trust its source. The problem is using self-signed IDs will be difficult to use on the scale you're talking about.
Digital signatures are the best approach for your needs. They can provide both nonrepudiation of document origin as well as document integrity. You just have to figure out how to implement a solution you can afford.
You agency can become its own certificate authority and issue certificates to its employees. You'd just have to find a way to implement and manage such a system.