The signature model used by Autentique is based on an auditable verification process, widely used in the industry for over 25 years. This model fully complies with the requirements of the U.S. eSignature Act and the European Union's eIDAS, with specific adaptations for the judicial audit context in Brazil. These adaptations include the verification of data such as complete name, date of birth, and the signatory's registration information.
Security measures for legal compliance
Below are the procedures and security measures implemented by Autentique to ensure compliance with the legislation. Click on the corresponding menu to access the information you wish to obtain.
Document authenticity verification
Document authenticity verification
The authenticity of a document in Autentique is ensured through three digital authentication methods (the authentication triad):
MD5
SHA1
SHA256
These encryption algorithms applied to the document enhance theoretical security and reduce the likelihood of hash collisions (when different files produce the same result). The SHA256 algorithm, for instance, provides theoretical security until the year 2086. This system also protects against attacks such as the Birthday Paradox and follows Kerckhoffs's Principle, which advocates transparency in security methods.
Identity verification of the parties
Identity verification of the parties
The identity of signatories is confirmed through three authentication layers:
1. Unique code sent via email
Each signatory receives an exclusive link at the provided email address. This link, accessible only by them, confirms that the signatory has access to the specified email.
2. Personal data required at the time of signing
Full name
Date of birth
3. Automatically collected connection data
IP address
Geolocation
Device and browser identifiers
Browsing and access history
These data are stored for audit purposes and can be used in judicial cross-checking if the signature is disputed.
Alternative Authentication Methods
Personalized signature links can be sent directly to the signatory.
Upon accessing the link, the signatory can choose an additional authentication method:
Login via Facebook or Google
Phone number confirmation via SMS
Validation of an email address
Integrity and fraud detection
Integrity and fraud detection
If a signature is questioned, Autentique provides ways to verify authenticity and detect fraud:
Cross-checking collected data:
Autentique's information can be compared with records from the internet provider, email service, or the signer's social networks.
Identifying suspicious access
The service monitors users who access multiple accounts or attempt to sign documents with different personal data (e.g distinct names)
Cataloging abnormal behavior
The system detects, records, and blocks irregular or suspicious activities.
Requirements for signing
Requirements for signing
To sign a document on Autentique, the agent must:
Have access to the signer's email.
Possess the signer's personal data (name, and date of birth).
Even with this information, fraud is detected through connection verification and other tracking methods integrated into the system.
Signature appearance
Signature appearance
The signature appearance on Autentique is purely aesthetic. It is not used in the audit or validation process. The visual element is customizable by the signer and does not affect the digital verification of the document.
