We did an article talking about the basic electronic signature and in it we explain that, despite the advantages, it does not offer good levels of information security and legal validity, although of course it has a more acceptable usability from the user’s point of view.
Today we will cover a safer way to use this technology. The electronic signature with the institution’s seal (or third-party seal) is very similar to other electronic signature models, but offers greater security.
It works as follows: The user signs the document with a basic electronic signature, authenticated electronic signature, or even a behavioral signature; after that, a digital signature is applied by a third party, which must be a trusted institution. This part can be done by the institution where you work, such as a bank, a brokerage house or a university, for example.
At the end of the signing process, both the document and the user’s electronic signature are signed with the institution’s digital certificate. In this way, the template ensures security for the authentication of the signer and the document, as well as linking both.
Electronic signature with digital signature of the institution
The greatest guarantee lies in the fact that the institution needs a digital signature to perform the process, as well as a digital certificate. The digital signature is a more secure model of electronic signature, and the digital certificate works as a kind of identity card in the virtual world.
In this way, the electronic signature with the institution’s digital signature is able to provide information about:
- Identification of the person who made the signature;
- The date and time when the signature was made;
- Integrity, in which the document cannot be altered without being noticed, since it is protected by the digital signature of a third party;
- The collection of the same data collected in the authenticated electronic signature.
More points on one important issue: safety
As we have shown above, usually the service provider also authenticates the user, and for this it can use either simple or two-factor authentication. All these processes ensure the integrity of the file, thus making it impossible to alter it without leaving marks.
Even the user’s electronic signature can be signed, which we call authentication. However, it is necessary for a third party to verify the authentication, such as a query of the authenticator’s service history.
Finally, another relevant aspect of the security of electronic signatures with a third-party seal is that if the solution is not implemented correctly, it can lead to legal problems. After all, both the electronic signature and the institution’s digital signature alone do not guarantee the level of security and legal validity required in more stringent situations. Always remembering that it is the institution’s legal department that must decide if the signature model meets the legal requirements to be used in each of the institution’s businesses. Therefore an institution can use several subscription models.
So what is the legal validity of the electronic signature with the institution’s seal?
It can be well accepted in juries, but it is important that the person offering the solution has a history with a good level of detail and security against tampering, i.e. has data integrity and is auditable.
However, there is a point of attention! If the company providing your signature solution closes its doors, or you decide to stop working with it, the legal evidence of the documents you sign can be rendered worthless and unrecoverable. So before you choose a company, make sure you know what happens to those records if the service is no longer provided. In other words, it must have an acceptable level of interoperability that guarantees future validation.
What to expect from usability?
For end users, the electronic signature with a third-party seal works in the same way as the authenticated electronic signature model. After all, the service provider’s signature is added automatically. By the way, documents can be signed from anywhere and at any time, which makes it very easy to use.
Good communication with other devices and software
The electronic signature with the institution’s seal can be recognized and validated more easily than conventional digital signatures. In this type of solution, you can see data from the electronic signature as well as information about the digital signature of the institution, as if it were a dossier, or even a summary of the evidence of the signature made by the professional, facilitating the understanding of all involved.
What to expect for adoption and usage costs
Here we have a good advantage. This model does not require devices such as readers or specific software for the end user.
Another advantage of the electronic signature with the institution’s seal is that no digital certificate is required per user. This can be advantageous for certain types of businesses. So always check with the legal department to see if this subscription model fits the business you want to apply. S
Summary of the conversation
The electronic signature with the institution’s seal is capable of ensuring reasonable levels of security and legal validity, but for this it needs to be offered with secure processes and procedures for user authentication, integrity, and management of transaction histories. To add more security it is possible to identify the signer in a specific way.
In short, it is interesting to identify and protect each user’s signature to ensure the integrity of what each signer has found in the document. Information such as the date and time the document was signed is very good to give more strength to the signatures made.
Electronic signatures with the institution’s seal can also be time-stamped, but this makes them more expensive to adopt.
Additionally, it is worth remembering what MP 2200 says that regulates electronic signatures in Brazil. In particular Art 10, para 2 “The provisions of this Provisional Measure do not prevent the use of another means of proving authorship and integrity of documents in electronic form, including those using certificates not issued by ICP-Brasil, provided that it is admitted by the parties as valid or accepted by the person to whom the document is opposed.”.
Finally, always consult yourinstitution’s legal departmentfor help in defining which electronic/digital signature model you should use for each of your company’s businesses and thus help accelerate your company’s digital transformation.
A EVAL está a mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria, Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presente nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.
Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.
Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.
Eval, segurança é valor.