Search
Close this search box.
Categories
Digital Signature

Learn how the Digital Signature works

Don’t confuse it with a digital certificate! This is the first step in learning how the digital signature works. It serves to validate the authenticity and integrity of a message, software, or electronic document.

Equivalent to a handwritten signature or stamped seal, the digital signature offers security and authenticity in electronic form. It is aimed at solving problems such as tampering and representation in digital communications.

If you still have doubts about the efficiency of the digital signature in your business, check out this post and clear up any doubts about how it works and the advantages of adopting this feature in your company.

The strategic value of digital signature for companies

For enterprises these solutions provide guarantees of evidence of origin, identity, and status of electronic documents, transactions, or messages. In addition, it also guarantees recognition and authenticity of what has been digitally signed.

To get an idea of the efficiency of digital signatures in companies, we can look at the United States. After all, there digital signatures have the same legal significance as more traditional forms of signed documents.

The U.S. Government Printing Office regularly publishes electronic versions of the budget, public and private laws, and congressional bills with digital signatures.

What’s behind the digital signature

Basically, digital signatures use public key or asymmetric cryptography to be created. A public key cryptography involves a pair of keys: one public and one private.

The two keys are mathematically related. The public key, as the name implies, is open and available to anyone who wants to access it. It can, for example, be stored on a public key server.

On the other hand, the private key is kept in a secure company environment, it will never be transmitted publicly. The sender of an electronic document uses his private key to encrypt that document, this is the digital signature.

Finally, the receiver then decrypts the signature with the public key to verify that it matches the attachment. In addition, the private keys are unique to each user, providing verified authenticity to the sender’s message.

Only the sender’s private key can be used to create the digital signature. The corresponding public key is used to confirm this signature, for which the digital certificate is used.

The use of digital signature optimizes investments and increases productivity

A digital signature can be used with any type of message, whether it is encrypted or not. It is used so that the recipient can be sure of the sender’s identity and that the message has arrived intact.

In this way digital signatures make it difficult for the “signer” to deny having signed something (non-repudiation). After all, the digital signature is unique for both the document and the signer.

The digital certificate contains the digital signature of the certificate issuing authority and binds a public key to an identity, and can be used to verify that a public key belongs to a specific person or entity.

Most e-mail programs, Internet browsers, and text readers, such as Adobe Reader, support the use of digital signature and digital certificate. This makes it easy to sign any outgoing email and validate incoming messages, or other types of digitally signed files.

Digital signatures are also widely used to provide proof of authenticity, data integrity, and non-repudiation of communications and transactions over the Internet.

 6 benefícios mais importantes da assinatura digital
 

You can reduce costs with digital signature

By migrating their business processes to digital media, companies reduce paper consumption and the costs associated with printing and transporting documents. This strategy allows, for example, to direct what has been saved to strategic sectors of the organization.

And even increase productivity

Besides optimizing investments in the core business, reducing printing costs and using digital media for process automation also increases productivity.

Organizations and their employees no longer perform manual processes and can focus on core activities without having to stop their tasks to print documents or take them to different departments, i.e., it is possible with digital signature to achieve strategic gains throughout the company.

Can any company use a digital signature?

Finally you may be wondering if any firm or organization can get a digital signature. How is it obtained? Is it worth investing in?

To answer this question, it is enough to review the concepts that we saw at the very beginning of the article. In other words, when a user creates a document, he signs it with a unique digital signature and sends it to the recipient.

If the sender’s signature uses a recognized certification authority, in Brazil’s case those that are homologated by the ITI, within ICP-Brazil, the recipient will trust the certification authority to confirm the identity of the publisher. In this way it authenticates the message and provides non-repudiation.

So yes, any person, company, agency, etc. can and should get a digital signature. Moreover, it is a matter of strategic company security. In addition, there are several companies, known as certification authorities (CA), which manage the issue of digital certificates and are approved by the ITI.

As you may have seen, companies can only gain by adopting digital signatures in their business processes.

In the midst of the Digital Transformation era, adopting this technology means that the company as a whole, suppliers, and customers can benefit from strategic efficiency in relation to the sale of products and services.

If you still have any questions about the subject, contact EVAL right now. Our experts are ready to help you overcome your difficulties and start your digital signature adoption project.

About Eval

A EVAL está a mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria, Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presente nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.

Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Categories
Data Protection

General Data Protection Law and its impact on the financial sector

Recently approved by Congress, the General Data Protection Law (LGPD) aims to make companies more transparent. It also intends to expand data subjects’ privacy rights.

Basically, Brazilian legislation follows the General Data Protection Regulation (GDPR), which came into force in Europe in May 2018.

The LGPD is a very significant law when it comes to the confidentiality requirements governing financial services institutions and other types of business processes that must protect users’ personal data.

Learn more about the LGPD and its main impacts on the financial market.

The LGPD, a major change in data protection and privacy

The LGPD was conceived with the aim of defining data privacy guidelines throughout Brazil. In this way, it aims to protect and give Brazilians the right to data confidentiality.

The LGPD is the most important Internet bill since the regulatory framework. In addition, it must be followed by all companies that process the personal data of residents in Brazil. It defines the procedures for collecting information, storing it, securing it and how it is processed and used.

Following the presidential approval and sanction of PLC 53/2018, the General Data Protection Law is going through a period of awareness and adoption by companies and should come into force at the beginning of 2020.

According to the LGPD, data processing will only be allowed under the following conditions:

  • The express consent of the data subject is required for the processing of personal data;
  • For the performance of a contract with the data subject or to take steps to enter into a contract;
  • To fulfill a legal obligation;
  • To protect the vital interests of a data subject or another person;
  • The processing will be necessary for the performance of a task carried out in the public interest or in the exercise of the controller’s official authority;
  • For the legitimate interests of the controller or a third party. Except where such interests are overridden by the interests, rights or freedoms of the data subject.

After the LGPD comes into force, if any company fails to comply with the law, the legal consequences could include fines and the company could have its activities suspended, in whole or in part.

In addition, where appropriate, companies can be held liable for other violations provided for by law.

LGPD and its consequences for the financial market

Failure to comply with the new Brazilian legislation results in major regulatory penalties, reputational damage and loss of consumer confidence.

For this reason, the damage done to the prestige of companies in the market is of greater concern than the financial impact of non-compliance with the new legislation.

The solution for financial institutions is to address the LGPD as a priority. Thus, allocating the necessary resources and flexibility to comply with any new regulatory requirements or one-off issues.

A comprehensive approach provides the financial market with the visibility needed to establish a clear understanding of the personal data held by the company. It also guarantees the ability to respond to requests to completely delete data when it is no longer useful.

Considering the scope of data privacy, the LGPD prohibits the processing of personal data for the purpose of unlawful or abusive discrimination.

For the financial market, this type of scenario can happen when the cross-referencing of information on a specific person or group is used to support commercial decisions, such as the consumption profile for the dissemination of offers of goods or services.

 

The General Data Protection Law also applies to foreign companies

The LGDP applies to data processing operations carried out in Brazil or abroad. If the information is collected on national territory, it is subject to the law.

This means that if a financial company or even Google collects data from a user here, but sues them in the United States, for example, they will have to follow the General Data Protection Act.

According to the new legislation, the company can still transfer the data to a foreign subsidiary or headquarters. However, the destination country must also have comprehensive data protection and privacy laws. Another option is for the other government to guarantee treatment mechanisms equivalent to those required in Brazil.

Citizens’ rights are preserved

The LGPD was unquestionably created to protect every citizen and their right to the confidentiality of their personal information. But the law also guarantees two fundamental aspects regarding the use of information in financial and online transactions:

  • Obligation on companies to notify in the event of a data breach;
  • The right to be forgotten.

The aim of the legislation is to protect citizens’ right to confidentiality and data privacy. In this way, it gives consumers the right to request that their personal information be consulted by financial institutions and, likewise, to request its deletion without requiring external authorization.

These queries allow, for example, financial institutions to retain certain data if it is necessary for compliance purposes and other legislation. However, in the absence of a valid justification, the person’s right to be forgotten prevails.

This will be a major challenge for financial institutions and other companies focusing on the digital market.

For many organizations, the difficulty will be implementing the data management practices needed to respect the right to be forgotten and the demand for greater transparency and coordination in all market segments.

About Eval

A Eval está há mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria. Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presentes nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.  

Com valor reconhecido pelo mercado, as soluções e serviços da Eval atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.  

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.  

Eval, segurança é valor.