.jpg)
The role of electronic signature platforms and the ICP-Brazil ecosystem
Do you know the role of electronic signature platforms in the process of formalizing digital documents?
In addition to offering several options to authenticate the identity of the person who is signing the document, such as ICP-Brazil Digital Certificate, the platforms also perform essential functions to ensure the validity and security of the signed document.
What's more, do you know what ICP-Brazil is and how electronic signature platforms integrate its ecosystem?
In this content, we will discuss the roles played by the electronic signature platform in the processes of formalizing digital documents, in addition to its integration with the ICP-Brazil ecosystem.
The role of electronic signature platforms
Electronic signature platforms are environments that provide their users with the possibility to sign digital documents, in an agile and secure manner.
Within the electronic document signature process, platforms perform three main functions:
The authentication of the signatories
The authentication of signers refers to the process that allows the identification, electronically, of the person who is signing the document.
In this context, the authentication methods correspond to the forms provided by the platform that allow the electronic identification of the signer in the electronic signature process.
Clicksign offers 14 methods for identifying the signers of a document, of the simplest, with the Token via emailing or cell phone, even the most refined, such as Facial Biometry and the ICP-Brazil Digital Certificate.
The platform user who is sending the document for signatures is the one who provides the personal identification data of the signers and chooses the methods to authenticate them. It is the responsibility of this user to choose the methods appropriate to the type of document that will be signed, according to their needs, convenience and legal requirements.
The link between the signer and the document
It is also necessary for platforms to establish the connection between the person who expresses their will - the signer - and the signed document.
At Clicksign, all signed documents have a complete history of signatures, this section is called Document Log. The Log is where the entire authentication process of the signers is recorded in detail, including the data used to identify them and the methods to authenticate them.
Through the Log, the platform issues a record that works as a link between the document and the signers, with the purpose of identifying people and ensuring their verification.
The Integrity of the signed document
Electronic signature platforms must ensure that the signed document has not been modified after the signature process has been finalized. In other words, guarantee the integrity of the signed document.
Clicksign uses two security factors to guarantee the integrity of the documents signed on the platform: Hash Code And the ICP-Brazil Digital Certificate.
Every document signed on Clicksign has a Hash Code, which is a high-security technology, a mathematical calculation used to encrypt the signed document. By verifying the hash code, it is possible to detect any change made to the content of the document after its signature, however minor or more insignificant. This unique code, therefore, is able to guarantee the integrity of the document signed on the platform.
The platform also offers a second layer of security. Every signed document contains the Clicksign ICP-Brazil Digital Certificate, which, in addition to ensuring the integrity of the signed document, indicates that the document was signed on the platform.
Electronic signature platforms and the ICP-Brazil ecosystem
ICP-Brazil (Brazilian Public Key Infrastructure) was established by Provisional Measure No. 2,200-2/2001 and its structure comprises (i) the Steering Committee, (ii) the Root Certification Authority - AC Raiz, (iii) the Certification Authorities - AC and (iv) the Registration Authorities - AR.
The Steering Committee is competent to coordinate ICP-Brazil, establishing the operating rules and accreditation of ACs and ARs, in addition to auditing and supervising AC Raiz.
AC Raiz is the National Institute of Information Technology - ITI and the first authority in the certification chain. It is up to the ITI to execute the guidelines of the Steering Committee, manage the certificates issued by ACs and ARs, in addition to auditing and supervising them. ITI is prohibited from issuing digital certificates to end users.
ACs are the entities that are accredited to issue digital certificates to end users. In other words, ACs are the companies that issue certificates to individuals and legal entities. The list of accredited CAs can be found on the ITI website.
Finally, we have the ARs. These entities are operationally linked to a particular CA and their responsibility is to identify and register end users and forward requests for digital certificates to the ACs for issuance.
This entire structure exists to, among other functions, enable the issuance of ICP-Brazil Digital Certificates, an electronic document whose main function is to prove the identity of the citizen or company in electronic media and to provide a legal and secure way to digitally sign documents and transactions carried out in these environments.
The ICP-Brazil Digital Certificate is nothing more than a Authentication method of the signer. When using it to sign a document, the signer will be making a qualified electronic signature, in accordance with the law.
Electronic signature platforms, on the other hand, are the environment where people are authenticated at the time of signing. The platform collects and records the authentication method used in the document and protects it, so as to enable the detection of any subsequent change.
On the Clicksign platform, for example, it is possible for the user to sign a document with any type of electronic signature required by law: simple, advanced and qualified - the one that uses an ICP-Brazil Certificate as an authentication method.
Therefore, when the legislator creates hypotheses for the use of a specific type of electronic signature, such as the qualified one, he is referring to the authentication method used by the signer and not to the platform that was used to carry out the process.
Is Clicksign accredited by ICP-Brazil?
As an electronic document signature platform, Clicksign is part of the ICP-Brazil ecosystem, as it allows the authentication of the signer through a Digital Certificate whose issuers are accredited by ICP-Brazil.
In addition, every document signed on the platform has the Clicksign ICP-Brazil Digital Certificate, one of the security factors to ensure that the signed document was not modified after its finalization.
Start using ICP-Brazil digital certificates on Clicksign.
