Electronic signatures essentially “lock” the data to the form, providing the following services:
- An electronic signature provides security. This functionality is built into the technology of the signatures themselves, which causes the signature to break if the document is changed after it is signed.
- Similar to a handwritten signature, an electronic signature indicates agreement with the document that is signed. When you sign a document, you are agreeing to the contents of the document. For example, when you sign a withdrawal slip at a bank, you are agreeing to withdraw a certain amount of money, and when you sign an employment contract, you are agreeing to abide by the rules established by your employer in that document.
- An electronic signature also identifies the signer. This identification occurs in a number of ways, depending on the type of signature you use. However, in all cases they provide a mechanism for tracing the signature back to the signer.
Electronic signatures do not prevent people from tampering with a document; they simply make it obvious when tampering occurs. Tampering with the signed data causes the signature to break, which lets you know that you cannot trust the document.
Signatures do this by storing a hash of the form when it is signed. You can think of this hash as a snapshot of the form, showing exactly what the form looked like when it was signed. The next time the form is opened, it compares its stored snapshot to a new snapshot of the form, and determines if there are any changes. If there are changes, the signature will break, making it obvious to the user that some changes were detected and the form should not be trusted.
In an effort to reflect the intent of a signature, IBM
® Forms Viewer actively stops people from making changes to signed data. However, there is no way to stop somebody from opening the form in a text editor and making changes to signed data. In this case, although the change cannot be prevented, the signature will break, alerting you to the change.
In addition, some of the forms that you create might require signatures by more than one person, might contain several sections for different people to fill out and sign, or some elements might be required to be excluded from signing altogether. You can use signature filtering to configure forms for layered and incremental signing, and also for the exclusion of elements.
In all cases, IBM
strongly advises that you consult legal counsel to help determine your particular requirements with respect to the use and implementation of electronic signatures.
Electronic signatures versus encryption
Electronic signatures essentially lock the data on a form so that it is obvious when tampering occurs. Tampering with the signed data causes the signature to break, which lets you know that you should not trust the document. Electronic signatures do not encrypt the data on a form in any way; they do not prevent people from reading the information. In fact, this would defeat the purpose of the signature, which is to indicate agreement with the information provided.
If encryption is a concern, you must take other measures, such as implementing SSL security on your web site, or creating a Viewer extension that encrypts the form before it is submitted.
Signatures that cover parts of forms
Forms are frequently signed by more than one person. For example, some forms include a “For Office Use Only” section that requires an additional signature by one of the staff processing the form, in addition to the person submitting the form. In these cases, the office worker must be able to enter more information in the unsigned portion of the form and then add their own signature.
You can create one signature that signs the entire form, or one that only signs the first portion of the form, and then a second signature that signs the second portion of the form.
Parent topic: Adding signatures to forms