2

We are developing a Web Application for manage dental clinics. The app can generate PDF files through the PHP backend (for example invoices, quotes etc.).

Each of those PDF file needs to be digitally signed by both the app user (the clinician) and the patient. The sign we are looking for is the Legally Signature European Standard (which requires biometrical parameters or a certificate issued by a trusted provider such as Infocert (but we are not 100% sure how to then use such certificate)).

On average, in our country, each patient signs 5-10 documents and because of this we ruled out third party services such as Docusign, Pandadoc, Eversign.. because the average cost of those api services would be excessive for our needs (and country economy).

Another solution we did think about is to use the signature pads (such as Wacom's) that are capable to collect biometrical parameters, but we have no idea how to integrate such devices with our Javascript frontend (assuming it is even possible to interface those devices through the web browser).

Assuming our backend displays the PDF already generated to the client, what would it be the best approach to apply a digital signature to it through the client (which would then send back the signed PDF to the server for storage) ? Is there a way to interact with signature pads devices through the browser (to extract the biometrical parameters together with the visual signature) ?

Philip Kendall
  • 22,899
  • 9
  • 58
  • 61
Nite
  • 129
  • 2
  • Do clients have a touch pad or touch screen on their devices? Is this something meant to be a "point of sale" solution, or remote solution? – Greg Burghardt Sep 07 '20 at 16:36
  • 1
    Wacom-style tablets just act as a fancy mouse, so there shouldn't be any special JavaScript concerns. You'd just want a fullscreen canvas area where they can sign. Perhaps the image of the signature could then be added to the PDF server-side? However, the issue is more whether such approaches would be legally compliant, less so whether the tech can be implemented easily. – amon Sep 07 '20 at 18:54
  • @Greg Burghardt Clients connect to the web application hosted on our website through a browser. They have their own tablet or signature pad. Documents are signed by the patients in person. – Nite Sep 07 '20 at 18:58
  • @amon According to what we know, Wacom's also collect biometrical parameters on the signature (such as pressure), which are required to have a legally compliant signature. The simple graphical signature would not be enough (we already have a JS system implemented to caputure the simple signature) – Nite Sep 07 '20 at 19:03
  • @Nite The [Pointer Events](https://developer.mozilla.org/en-US/docs/Web/API/Pointer_events) API supports pressure, and even has [broad cross-platform support](https://caniuse.com/pointer). Might depend on the operating system though, I'd have more faith on Windows than on Linux-based terminals. – amon Sep 07 '20 at 19:08
  • @amon The problem is that pressure alone in not sufficient. Could you take a look at this link on the Wacom website ? [link](https://www.wacom.com/en-my/support?guideTitle=What-are-the-possibilities-available-for-electronic-handwritten-signatures%3F&guideId=003-945) Basically the problem is to access the "digital fingerprint" of the signer from within the browser. – Nite Sep 07 '20 at 19:38
  • ok, I'm starting to see why this is tremendously difficult. And I'm really not an expert on this. It seems that potentially, trying to do this as a pure web app might be overly complicated? Might be easier to run a local component that can integrate with signature hardware, and have that component communicate the signature to the backend. I know that you want to avoid SaaS signature services, but developing browser integration from scratch would seem to be more expensive. – amon Sep 07 '20 at 21:31

0 Answers0