Search
Close this search box.
Facebook Instagram Linkedin

Month: February 2020

Categories
Digital Signature

Electronic signature with institution seal

We did an article talking about the basic electronic signature and in it we explain that, despite the advantages, it does not offer good levels of information security and legal validity, although of course it has a more acceptable usability from the user’s point of view.

Today we will cover a safer way to use this technology. The electronic signature with the institution’s seal (or third-party seal) is very similar to other electronic signature models, but offers greater security.

It works as follows: The user signs the document with a basic electronic signature, authenticated electronic signature, or even a behavioral signature; after that, a digital signature is applied by a third party, which must be a trusted institution. This part can be done by the institution where you work, such as a bank, a brokerage house or a university, for example.

At the end of the signing process, both the document and the user’s electronic signature are signed with the institution’s digital certificate. In this way, the template ensures security for the authentication of the signer and the document, as well as linking both.

Electronic signature with digital signature of the institution

The greatest guarantee lies in the fact that the institution needs a digital signature to perform the process, as well as a digital certificate. The digital signature is a more secure model of electronic signature, and the digital certificate works as a kind of identity card in the virtual world.

In this way, the electronic signature with the institution’s digital signature is able to provide information about:

  • Identification of the person who made the signature;
  • The date and time when the signature was made;
  • Integrity, in which the document cannot be altered without being noticed, since it is protected by the digital signature of a third party;
  • The collection of the same data collected in the authenticated electronic signature.

More points on one important issue: safety

As we have shown above, usually the service provider also authenticates the user, and for this it can use either simple or two-factor authentication. All these processes ensure the integrity of the file, thus making it impossible to alter it without leaving marks.

Even the user’s electronic signature can be signed, which we call authentication. However, it is necessary for a third party to verify the authentication, such as a query of the authenticator’s service history.

Finally, another relevant aspect of the security of electronic signatures with a third-party seal is that if the solution is not implemented correctly, it can lead to legal problems. After all, both the electronic signature and the institution’s digital signature alone do not guarantee the level of security and legal validity required in more stringent situations. Always remembering that it is the institution’s legal department that must decide if the signature model meets the legal requirements to be used in each of the institution’s businesses. Therefore an institution can use several subscription models.

So what is the legal validity of the electronic signature with the institution’s seal?

It can be well accepted in juries, but it is important that the person offering the solution has a history with a good level of detail and security against tampering, i.e. has data integrity and is auditable.

However, there is a point of attention! If the company providing your signature solution closes its doors, or you decide to stop working with it, the legal evidence of the documents you sign can be rendered worthless and unrecoverable. So before you choose a company, make sure you know what happens to those records if the service is no longer provided. In other words, it must have an acceptable level of interoperability that guarantees future validation.

What to expect from usability?

For end users, the electronic signature with a third-party seal works in the same way as the authenticated electronic signature model. After all, the service provider’s signature is added automatically. By the way, documents can be signed from anywhere and at any time, which makes it very easy to use.

Conheça as vantagens da assinatura eletrônica para empresas brasileiras
 

Good communication with other devices and software

The electronic signature with the institution’s seal can be recognized and validated more easily than conventional digital signatures. In this type of solution, you can see data from the electronic signature as well as information about the digital signature of the institution, as if it were a dossier, or even a summary of the evidence of the signature made by the professional, facilitating the understanding of all involved.

What to expect for adoption and usage costs

Here we have a good advantage. This model does not require devices such as readers or specific software for the end user.

Another advantage of the electronic signature with the institution’s seal is that no digital certificate is required per user. This can be advantageous for certain types of businesses. So always check with the legal department to see if this subscription model fits the business you want to apply. S

Summary of the conversation

The electronic signature with the institution’s seal is capable of ensuring reasonable levels of security and legal validity, but for this it needs to be offered with secure processes and procedures for user authentication, integrity, and management of transaction histories. To add more security it is possible to identify the signer in a specific way.

In short, it is interesting to identify and protect each user’s signature to ensure the integrity of what each signer has found in the document. Information such as the date and time the document was signed is very good to give more strength to the signatures made.

Electronic signatures with the institution’s seal can also be time-stamped, but this makes them more expensive to adopt.

Additionally, it is worth remembering what MP 2200 says that regulates electronic signatures in Brazil. In particular Art 10, para 2 “The provisions of this Provisional Measure do not prevent the use of another means of proving authorship and integrity of documents in electronic form, including those using certificates not issued by ICP-Brasil, provided that it is admitted by the parties as valid or accepted by the person to whom the document is opposed.”.

Finally, always consult yourinstitution’s legal departmentfor help in defining which electronic/digital signature model you should use for each of your company’s businesses and thus help accelerate your company’s digital transformation.

About Eval

A EVAL está a mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria, Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presente nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.

Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Categories
Digital Signature

What is the legal value of an electronic signature?

In the past, many people were reluctant to use electronic documents or signatures, questioning their legal validity and ability to use them as evidence in court cases or other legal contexts.

Here in this text the idea is to approach a little of what we have seen in these years, since the MP2200 that gave legal validity to electronic signatures. The idea in this article is a look at a technology company, so we will cover some signature models to help you in the process of defining a type of e-signature that fits well for every business in your institution.

Consulte o departamento jurídico

It is worth remembering that you should always consult with the legal department to find out what type of electronic signature should be used for each business in your organization.

Having made these initial considerations, let’s get to it. In most Western countries this reluctance to use electronic signatures is already unnecessary, as legislation has been updated to recognize electronic documents and signatures. In other words, it cannot be denied legal effect, enforceability, or admissibility as evidence in legal proceedings just because they are in electronic format.

To get an idea of the impact of electronic signatureIn the US the Electronic Signatures in Global and National Commerce Act, the Uniform Electronic Transactions Act, and other (state) laws also regulate in this regard.

Here in Brazil it could be no different. Through Provisional Measure No. 2200 of August 24, 2001, almost 19 years ago, which established the Brazilian Public Key Infrastructure, the ICP-Brasil, the authenticity, integrity, and legal validity of documents in electronic form, support applications, and enabled applications that use digital certificates, as well as secure electronic transactions were guaranteed.

Additionally, he also talks about other forms of electronic signatures without the need for digital certificates, which add value to the business, so it is important that the legal area of the institution validates which electronic signature model should be used in each case.

In addition, we have the Civil Code and the National Tax Code that also serve as the legal basis for the use of the electronic signature in electronic transactions.

E-signatures represent one of the biggest opportunities to start doing digital business

What is an electronic signature? This is a signature made electronically using information systems, in which there are several types, among the best known:

  • Digital Signature ICP-Brasil;
  • Digital Signature;
  • Electronic signature with third-party seal;
  • Behavioral e-signature;
  • Authenticated electronic signature;
  • Basic electronic signature;

Most of them seek to identify the author of the action, others furthermore seek the integrity of the data, and finally, the most secure one also seeks a mechanism that guarantees non-repudiation.

So we are sharing with you different types of existing subscriptions for you to learn about, helping you with the choice of the best alternative – be it your institution. Our goal is to explain and help, not to set absolute rules. Because there may be specific legislation, rules and/or standards for different specializations, performances, and documents to be signed.

Thus, this guide does not assume that it is necessary to choose only one type of signature in the institution; several types of signature can coexist in the same infrastructure, responding to different types of needs and documents, providing a secure and scalable way of digital transformation of the institution.

Conheça as vantagens da assinatura eletrônica para empresas brasileiras
 

Main Features

In order to reflect the same legal value as a handwritten signature, an online electronic signature must meet the following conditions:

  • The signer must have an associated identity;
  • The intention to sign is also another important question;
  • Integrity is important, so the document to be signed must be original, unalterable and uneditable;
  • Another important point is whether the signature system is auditable, whether it provides important information for future verification;

Anyway, there are other features that can be added and provide even more security, but this should be the basics.

Are electronic signatures legal everywhere?

The answer is that it depends on where you are doing business.

In 27 countries – including Brazil, China, the United States, Russia, Australia, Canada, and European Union countries – the electronic signature is legally binding. Besides believing in the security of electronic signatures, it is essential that you research the laws and the weight of digital or electronic signatures in the country you are in.

If you live in a country that has not yet passed legislation, you can of course fall into a gray area of the law and your electronic signature will be accepted in many if not most contracts, however, it may not be legally binding in court.

So, which electronic documents are really valid?

In short, any electronic version should be considered equal to its equivalent version, ensuring that it meets the functional characteristics of the formal requirements of the applicable law.

Only in specific situations should an explicit paper document be used, for example to buy real estate in most countries you will need to go to a notary or legal representative for an action.

Fortunately, in most personal or business situations, the format of the document is the individual’s choice, even to the extent of a contract written on a napkin, if desired!

Examples of electronic signatures:

Basically there are different types of documents to be signed electronically:

  • Internal Authorizations,
  • E-mails,
  • Commercial contracts,
  • Contracts with suppliers,
  • NDA;
  • Internal memos,
  • HR Processes,
  • Purchase orders.

In short, all processes, forms, contracts that need a signature can use the electronic signature, as long as they do not have legislation mandating the use of handwritten signatures. Finally, it is necessary to pay attention to whether the type of document to be signed has specific legislation for the case. So always consult the legal department.

In addition, there are different file formats for signed documents, including:

  • Word format,
  • PDF,
  • XML,
  • Image formats, like JPG or PNG for example.

The most common file format is PDF, because it is easy to view and there is already a culture of it being a format that does not change. So you can have a prior negotiation of what is going to be signed, and then when everyone is in agreement, the PDF is generated with the content to be signed.

The electronic signature is already a reality

In a survey done by EVAL at CIAB 2019, 92% of decision makers said they use electronic signatures. No wonder that most of today’s transactions can already be signed electronically.

Think of the plethora of online documents formed with the click of an “I Accept” button, or with a name typed at the end of a reply e-mail, or authenticating the user, as well as obtaining a behavioral electronic signature, or even a digital signature.

The latter, the ICP-Brasil digital signature, is always compared to the notary-authenticated handwritten signature, so if you have documents that require notary authentication this may be the recommended electronic signature model. But remember, always consult the legal department to know the best electronic signature model to be used for each business of your institution.

About Eval

A EVAL está a mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria, Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presente nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.

Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Where We Are

Rua Paulistânia, nº 381, 2º andar,
Sumarezinho
São Paulo - SP,
ZIP CODE: 05440-000

Contact

(11) 3670 - 3825
(11) 3865 - 1124
[email protected]

Facebook Instagram Linkedin
logo-tales-azul
keyfactor-logo
logo-valid-certificadora-digital
google-safe-browsing
Privacy Policy

Copyright © 2023, EVAL TECNOLOGIA EM INFORMÁTICA. All rights reserved - CNPJ 05.278.889/0001-97