Start 50 Plan: From R$69 to R$59/month and Plus 50 Plan: From R$119 to R$99/month.

Digital authentication: what it is, what are the types and legal validity

Publicado em:

2023

Have you ever stopped to think that your routine is filled with digital authentication processes?

How many times a day do you need to submit something that only you know or have to obtain access, permission, or express your will?

How often do you unlock your cell phone using a password, biometrics, or facial recognition?

Your company badge has had to be presented on the ground floor of the commercial building on countless occasions, hasn't it?

And at lunch, you probably use a card and simply bring it closer to the reader to pay the bill, or you must enter a password, right?

When you arrive home after another day of work, what is the security method to enter your condominium? Biometrics? Facial recognition?

Well, all of these situations involve a digital authentication.

With the technological revolution in full swing, the use of technologies that provide security to the process of accessing information, permissions and, especially, to the processes of formalizing the expression of will, is becoming increasingly important.

What is digital authentication?

In general terms, digital authentication consists of the use of technologies for a person to confirm their personal identification data in a process of formalizing the expression of will.

This technology is part of the factors that provide security to the digital signature process, ensuring the authenticity of the identification of a person in a given act of demonstration, access, or permission.

What are the types of digital authentication?

Digital authentication can be performed based on three different requirements: something that I Are you, something that I I have It's something that I I am:

Digital authentication based on something that I Are you It has the characteristic of knowledge, a requirement to present certain information that only the person being authenticated has. A classic example is digital authentication through a handwritten signature, this is because, even when digitally reproduced, it has an exclusive knowledge characteristic, since it is assumed that that signature, that drawing, is something that only you know how to make and reproduce.

Authentication, on the other hand, is based on what I I have denotes a characteristic of possession, a requirement to submit some information that is your sole property. A classic example is digital authentication from a official document, such as the RG or the CNH, a personal and non-transferable document.

Finally, when authenticating from something that I I am, resides an attribute of personal trait, a physical aspect that differentiates and qualifies you as an individual. A classic example is biometrics, a personal and unique physical aspect:

However, there are also digital authentications characterized by two or more requirements, such as Digital Certificate ICP-Brazil. This is because, when using the certificate in an authentication process, there are two aspects, that of possession And of knowledge, since the person to be authenticated has a digital certificate - whether token, card or cloud - and is also aware of the predefined password to authenticate it.

ICP-Brazil is the Brazilian Public Key Infrastructure, which represents the country's digital certification system and enables the issuance of digital certificates used for the virtual identification of citizens. These certificates can be purchased through a Certification Authority, that is, a digital certificate issuer.

What is the digital authentication of a document for?

The digital authentication process is an essential step in the formalization of electronic documents. This is because it is digital authentication that makes it possible to identify and certify the authorship of the expression of will of the people who are agreeing with the rights and obligations provided for in the document.

In other words, it is digital authentication that allows us to identify the authorship of digital signature of a signer (the one who signs).

Electronic signature platforms usually provide several methods for a signer to authenticate. The Clicksign platform, a pioneer in the Brazilian electronic signature market, offers its users the following options:

These methods are the ways provided by the Platform for a person to authenticate themselves within a subscription process, and, consequently, to perform a digital signature.

The method may be simpler, such as a token via WhatsApp, or more secure and sophisticated, such as Pix. The more forms you select, the more secure your subscriptions will be.

Considering the concepts explored previously, regarding the requirements of digital authentication, we can classify the authentication methods provided by Clicksign as follows:

What digital authentications are available on Clicksign?

We will tell you more details about the main methods provided by Clicksign in the process of digitally signing documents.

Token authentication

The process of digital authentication by token consists of the use of a 6-character temporary code that can only be used once.

It can be sent to e-mail, WhatsApp, or SMS, as defined by the one defined by the sender, who requested the subscription.

In this process, the signer to be authenticated must receive the token and reproduce it on the Clicksign platform, as a mandatory requirement for completing the digital signature process.

Pix Authentication

In the process of Pix authentication, the signer must make a symbolic transfer in the amount of R$ 0.01, as a mandatory requirement pre-defined by the sender of the document to be signed.

In this case, the platform checks the signer's personal identification data, provided by the sender and confirmed by the signer himself, comparing the number entered on the platform and the number registered with the Central Bank with the financial institution used to carry out the Pix transfer.

In other words, this authentication allows us to confirm that the signer identified on the platform is the same one who made the transfer, because if the Pix is made from an account with a different CPF, the authentication will be refused by the Clicksign Platform. An authentication that, in addition to being agile, has a high level of security, since it performs a check with the data registered and authenticated with the Central Bank.

Facial biometric authentication

In the process of facial biometric authentication, the signer must capture two images, one of their personal document and the other of their face.

Based on these images, Clicksign will perform a comparison of the face image to the document photo, carrying out a measurement conclusion and approving the signature process.

Dynamic selfie authentication

Through dynamic selfie authentication, Clicksign captures the signer's facial expressions, validated through a few movements, recognizing the existence of a real person at the time of authentication. The image, which represents a digital authentication, will be attached to the end of the signed document.

What factors provide security to the digital signature process?

Digital authentication isn't the only factor that brings security to the digital signature process.

In a document digital signature process, three security factors must be guaranteed:

Clicksign uses two security factors to ensure integrity of the signed document. Every document signed on Clicksign has a Hash Code, a high-security technology, a mathematical calculation, used to encrypt the original signed document. Thus, every signed document has a unique code that guarantees that no change has been made to its content after the signers signed the document.

In addition to the inclusion of the code, every document signed on the platform contains the Clicksign Digital Certificate, which indicates, in an auditable way, that the document was signed on the platform, and it is also possible to include authentication with Timestamp, a choice that is at the discretion of the user who owns the document.

It is worth noting that Clicksign's security practices - a pioneer in the Brazilian electronic signature market - reflect the best security, convenience, and reliability practices that exist in the world. The Platform is the only one to present the ISO 27001 Information Security certification.

The second security factor of electronic signatures is the form in which the Link between the signer (signer) and the document. At Clicksign, all signed documents have a complete history of signatures, this section is called Document Log. It is in the Log that the entire authentication process of the signers is recorded in detail, containing information such as identification data, IP address of the device used at the time of authentication, date and time of the respective authentications, in addition to the authentication methods that were selected by the user who owned the document and carried out by the signers.

In this way, the platform issues a record that works as a link between the document and the signers, with the purpose of proving that the electronic signatures of that specific document are legally valid.

Finally, the Authenticity of the signer, as we explored earlier, is demonstrated through the various digital authentication options. At Clicksign, the choice of signer authentication methods is made by the user who owns the document, depending on the type of signature they intend to use to sign a document. Thus, the user can define the level of security for the authentication of the signers, according to their convenience and need.

What is the legal validity of digitally authenticated documents?

Digitally authenticated documents are fully valid, since Brazilian legislation regulated the authenticity, integrity, and legal validity of documents signed electronically, i.e., documents formalized with a digital signature.

As we just explored, there are several options for digitally authenticating signers, and, by virtue of these variables, Brazilian legislation classified the digital signature as three different types:

The electronic signature unsophisticated, as its name says, is the one that offers the simplest form of authenticating the signer, using less refined forms of identifying the signer, such as through an email, the IP address of the device used in the authentication process, or even the geolocation of the device used by the signer.

Already the electronic signature advanced It is the one that uses the most refined methods to guarantee the proof of the authorship and integrity of electronic documents, such as Pix and facial biometrics, offering a high level of security and guaranteeing the identification of the signer in a unique way.

Finally, the electronic signature qualified It is the one that uses an ICP-Brazil Digital Certificate as a method of authenticating the signer of a document.

What documents can be digitally authenticated?

In general, every document can be digitally authenticated. In other words, any document can be signed with any type of digital signature. This is because Brazilian legislation privileges private autonomy and does not establish any hierarchy between types of electronic signatures.

Therefore, unless expressly provided by law, the parties exercise their free choice to determine which signatures will be used, whether simple, advanced or qualified.

As an example, let's cite some examples of documents that can be signed with any type of digital signature and situations in which a specific type of signature may be required.

Documents that can be signed with any type of digital signature

Corporate acts (ex: articles of association, bylaws, minutes of the meeting, etc.);
Extrajudicial enforceable securities (ex: bank credit note, general credit securities, contracts for the purchase and sale of movable property, trust sale of movable property, advance receivables agreement, credit assignment agreement);
Contracts in general (e.g.: provision of services, supply of products and services, rental of movable and immovable property, data processing agreement);
Private and judicial powers of attorney;
General employment documents (e.g. employment contract and attachments, termination term, time card, vacation notice).

Situations in which advanced or qualified electronic signatures may be required

Acts of transfer and registration of immovable property;
Registrations and amendments of constituent acts, at the headquarters of the Civil Registration Officer of Legal Entities;
Registration of minutes of general meetings of legal entities, at the headquarters of the Civil Registration Officer of Legal Entities.

Start using digital authentication on Clicksign

Clicksign is the first electronic signature company in Brazil. Our solutions are ideal for those who want to reduce costs and streamline processes. Because, from any location, through a device with internet access, it is possible to subscribe in less than 1 minute.

Through our platform, you can sign documents with any type of electronic signature required by law, according to the needs of the clients. Because we use the most advanced technologies to provide greater security and legal validity to signed documents.

Do you want to understand how Clicksign can help you? Try it free for 14 days!