Simple digital signatures for regular users.

Question

I have a system which is a CRM of sorts, it essentially manages customers claims that they have been mis-sold insurance.

This system is expected to handle a fairly high volume of claims and several call center desks have been enlisted to that effect.

The general workflow of the system is; call center recieves a claim and enters it onto the system submitting it for approval, head office check the details of the claim approving it if it meets the neccasary criteria. On approval a one time only secure URL is emailed to the customer which they can then visit to view the 5 generated documents which contain the details of their claim. Each document requires at least one signature (from the claimant and their partner if appropriate), our client has specified that only one of these documents requires a proper signature (legally) which must be received by snail mail from the customer. The other documents they would like digitally signed (to speed up the claim process, simplify it for the claimant, cut down on paper, postage costs, etcetera).

In doing this i have to take into account that the majority of claimants likely have very little technical knowledge and so must keep this process as simple (user friendly) as possible.

As mentioned each claimant is sent a 'one time only' URL which they can use to login to sign the document, when they have viewed the documents they are given the option to sign; at which point they are asked for a password, this is then hashed (along with some personal data) and added to the footer of each document page. A visual signature is generated with nice signature like font and added to the relevant signature boxes along with the disclaimer "Please accept the electronic signature above as acceptance of your terms of business and instructions to proceed".

They can then download the generated PDF for their own records.

The system commissioner seems to think this is acceptable, howver I am not sure and would like to know if this is the right way to go about it, and if not, is there a better way bearing in mind i must keep this as simple as possible.

Thanks.

Answer 1

I would generate an image(barcode or barcode-matrix), like a checksum that is generated with some nasty algorithm on the server (RSA sounds good to me) that could be checked later if needed. Don't use a signature font, that's just tacky.

Answer 2

This is an incorrect use of a message digest function. The resulting hash of a secret be given to a user (or attacker...), even if it is salted. Hashes are useful for password storage because it adds an extra complexity that the attacker must overcome. Adding personal data can make the hash more difficult to break, but if an attacker had a lot of computing resources they could make a lot of guesses and then obtain someones personal information as well. A good way to think of it as that a resulting hash will leak information about the original message if the attacker can make enough guesses.

There are 2 ways you can go about doing this. The first method is something i just made up that I like. So the user logs in with this 1 time URL and then is presented with a draw box, where by using their mouse courser they sign their name. This image is then appended with a secret that only you know (Cryptographic Nonce) to create the Key "k" in an MAC, the Message "m" would be the entire document that is to be signed. This is a good way to tie together these important pieces of information using cryptography. This could also be used to prove that the signed document wasn't tampered with. However, the resulting hash which is being used as authentication code could only be verified and created if you have the secret that you provide. This would come into play if you need to prove the authenticity in a court room.

A more common approach is to use PDF's Built-In digital signatures. I have used this first hand in contract agreements. If you do go this route and a case where to make it to court it would likely be easier to defend your self in saying that a user signed the document. There are however some serious problems with this approach. Most important this is very difficult for non-tech savvy users, although it maybe okay to automatilly singing them with Adobe's PDF SDK. A draw box could still be used, and the image of the clients name could be written to the document prior to the application of the digital signature. Key distribution is going to be a pain in the ass. Its costs money because you have to pay for to use a PKI provided by someone like VeriSign (* insert vomit here *). Further more a PKI is defending against attacks that are not reliant to your needs. Although going this route means that anyone should be able to verify the authenticity of this document.

You just want to prove that a document is signed and wast tampered with. Given the nature of this problem I would make sure a lawyer looks over your proposed solution.