Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Encryption Security

Digitally Notarized Documents in Brazil 77

Posted by michael from the cryptographers-do-it-with-numbers dept.
Remote writes: "As of next year, Brazilians will be able to obtain notary-authenticated digital documents and have them sent over the Internet (English) . You can also obtain a CD or floppy from a notary office, containing your document encrypted with an assymetric key. The key generation, though, demands that one shows up in person at the notary office for ID verification. This was made possible by legislation that recognises public-key encrypted documents and signatures as legally valid. This is one first step, and I don't see why this wouldn't be applied to things like contracts, invoices, wills, etc. Brazilian Notary and Register Association claims that one can even print as many copies of, say, your driver license as desired, though I don't see how this part would work..."
This discussion has been archived. No new comments can be posted.

Digitally Notarized Documents in Brazil More

Digitally Notarized Documents in Brazil

Comments Filter:

  • With all these (Score:2, Interesting)

    by nervlord1 ( 529523 )
    With all these laws being passed left and right towards internet and computer related technologys, i cannot work out which bloody country is the most technology and freedom with technology friendly of them all. Germany used to be my favorite, but with the recent DNS mess, i really dont know Anyone have any comments on this?
  • discussing this technology almost 5 years ago.

    unfortunatly we have here in brasil some of the best cracker in the world. sooner or later one of them will find a way to crack the digatal signatures.

    The bad point is that the press don't know the diffence between "crackers" and "hackers", so as soon as the first digitaly signed forgery shows up, the brasilian press will start mudslinging hackers as the culprits.

    it's about time we start a PR campaign to teach the public and the press about the diference.

  • Worried (Score:2, Interesting)

    by Ricardo Lima ( 29902 )
    I don't know, but as a brazilian, I'm quite worried about this. One thing is to digitally sign digital documents, but to sign digitally sign real documents and allow anyone to print them as authentic copies! This opens a large space to fraud! If I'm able to print a document, why couldn't I change it before I print it, for instance? And what would make this document that I printed in my computer a really authenticated copy? I sense a lot of frauds coming...

    • If I'm able to print a document, why couldn't I change it before I print it, for instance?

      I haven' read the article, because it's currently down. But I believe it works like this: you take your documents and they will be signed by the notary office -- you will receive a digitally signed document in a floppy or CD.

      You can then send that copy through e-mail, e.g., or print it. You can still change it and print it, but the digital signature will be ruined. If a police officer check the validity of the document, he will se that it was changed.

      • Re:Worried (Score:3, Insightful)

        by Ricardo Lima ( 29902 )
        And how could the police officer validate the digital signature? He would only look at the printed paper and it would seem all right to him.

        Digital signatures only work with digital documents. A digital signature is a hash of the entire document signed with a private key ( in this case the notary's key ). When you print the document, how could you check the signature? Should you scan it back so a computer could validate it again? How could you be sure that what I scanned would generate the same bits of the original? Actually, you can't! So we would always have a bad signature!
        • Don't forget that we - 'zilians - are a society based on paper. I work for a bunch of burocreaps and despite my futile attempts at introducing them to the wonders of sending memos to other sectors via email or our intranet BBS those f*cks preffer to print the stuff out and hand them out.

          This law won't work - it may have passed but it'll be ignored as most of our other laws are by TPTB. That's my prediction.
          • This is not a law, but a service that the notarians will provide.

          • Don't forget that we - 'zilians - are a society based on paper. I work for a bunch of burocreaps and despite my futile attempts at introducing them to the wonders of sending memos to other sectors via email or our intranet BBS those f*cks preffer to print the stuff out and hand them out.

            I'm in the US and it's the same story. The number of trees we kill because of useless memos is unbelievable. To the Training Department: printing memos and schedules for Word and Excel training on brightly colored paper only lets me know which mail to throw away without looking.

        • Perhaps the "printed" copy will be only a bar-coded document. All the "gambé" (police officer) has to do is scan the document. A display in the bar-code scanner could show your information and check the signature.

          Anyway, just the possibility of sending documents in digital form through the internet makes it worth, IMO.
          • It would be a big barcode to keep all the info that we keep in a driver's license ( we should include the photo as well ). If you mean a bar code of the digital signature, than I could print the document, create a fake ID, cut the barcode from the original, paste in the fake ID ( that's physically cut & pasting! ), and make a copy of the new I.D. Voilà! A fraud!

            As I said, digital signatures are for digital documents. The ability to be able to have my digital signature public and a way to represent me is nice, but this notarys should be REALLY SECURE to make this system work and I don't believe that they will be.

            • but this notarys should be REALLY SECURE to make this system work

              Nah, the whole notion of notaries is quite bad from a security standpoint, whether the signatures are digital or not. Nearly anyone can become a notary, the only verification the notary verifies is your ID and the only thing he or she does is place a stamp and a signature on a piece of paper. Each step is vulnerable to fraud and forgery.

              However, that's okay, because the purpose of a notary isn't to provide absolute, ironclad proof. The purpose is to provide evidence that can be weighed in court against all the other bits and pieces of evidence, including the sworn testimony of the notary. For example, by itself, a notarized will making you the sole heir of the Howard Hughes fortune would obviously get you nothing except maybe an indictment for forgery. Add to that the testimony of the notary and some evidence to show that you were in fact Howard's best buddy and that he'd often talked of giving his fortune to you and you might begin to have a case. OTOH, a notarized bill of sale showing that you paid your brother $1000 for his old stereo would be all a small claims judge would need to make your (now-estranged) brother hand over the JVC.

              The notary system sucks from a security standpoint, but it works quite well in the real world. I suspect this digital notary thing would work the same, but that no one will use it.

        • The signature can be made from the text of the document with whitespace removed. It can trivially be entered back into a computer and verified.

          Obviously this wouldn't work anywhere where you would need to have a picture, or a representation of a handwritten signature. In that case you would need to be able to present a digital version of the document.

          • Like an id card or a driver's license. It would work for an elector's id, or the CPF ( note: it is a kind of IRS id, the closest we have for a Social Security Number ). Not very useful, IMHO.

            My point is:

            Digital signatures are designed to be used with digital documents. They do not work with printed ones. Period.
        • I don't think they actually meant "print". It's an automated translation of a brazilian document.

          It actually says "...will be able to print how many electronic copies to want of the document."
          'print electronic copies' probably just means copy.
          Micheal mis-interpreted it, and you guys probably didn't actually read it did you?

        • Re:Worried (Score:2, Interesting)

          by drinkypoo ( 153816 )
          And how could the police officer validate the digital signature? He would only look at the printed paper and it would seem all right to him.

          Basically the only way to do this would be to have a sufficiently dense barcode which contained a signed ID number, and have a computer which the barcode was read with which would print out a picture of their ID for comparison, or at least their picture.

    • This is a national PKI, guys. They are not just playing around. The Federal government will run a root CA, regional CAs and RAs will be established, and every citizen will have the right to use the system. Everyone will be able to get a key pair.

      There are clear rules in Brazil which distinguish the applicability of an authenticated copy and an original document. You can get a physical, authenticated copy of your driver's license and use it for a zillion things, but you must drive with your original driver's license. The digital copies will be just as good as authenticated copies.

      I have not had access to the actual documents that explain the notarization system, but I am quite sure that you will need to notorize (get a timestamp and a signature from a digital notary) each printed copy of the documents.

      The BIG issue here is whether we want the Federal Governmente to operate the Root CA. Among other powers, it will hold a backup copy of each private key in the national system.

      On the other hand, there is no point in discussing this, since the Federal Government has established the national PKI already. The rules are set, and they are reasonable.

      What really worries me is that the government and media have made no effort to explain any of this to the people of this very poor and ignorant country.

  • Others? (Score:2, Funny)

    by imrdkl ( 302224 )
    like contracts, invoices, wills, etc

    Music files?

    • Doubtful... (Score:2, Interesting)

      by ebbomega ( 410207 )
      Highly...

      The reason stuff like this would work on stuff like official documents but not on stuff like music is because if one country imposed legislation on it, there would always be another country without it. And since filesharing expands beyond patrial (is that a word?) borders, all the music that supposedly gets encrypted would just be worked around by another country. It works on official documents because... well, there's no real public demand for online official documents because they don't exist yet. And since the media and the demand for the media isn't already in place, it's not uncontrollable.

      Also, people are going to spend hour upon hour of playing with music files trying to crack the encryption because, well, people are more than happy to redistribute the music they own, as opposed to say their driver's license, which I don't think they really want to hand out to some guy on the street.

      At least, that's how I see it.

    • This technology allows for authentication. Given a file and a registry of public keys, you can be certain that the file is an identical copy of the one reviewed by the notary represented by the public key.

      In the case of music, you could be certain that you have a copy of the genuine original, not a track modified by someone else. Artists and/or record companies could sign digital music files so that you know you aren't getting a modified version.

      But this technology doesn't extend to copy control / protection. It does not consider the viewer/user at all, only the originator.

      • this technology doesn't extend to copy control / protection

        I realize that, but I think it's fair to say that there are those who wish that it could. (extend) Watermarking and device-based protections are the (insert "lame" here for karma) attempts that have been made. But I suspect there may also be chaffing and winnowing [mit.edu] possibilities. (This was pointed out to me the other night in a different thread)

        They will not stop trying until this works, imho.

  • Already doing that for edifact. (Score:4, Informative)

    by leuk_he ( 194174 ) on Friday November 23, 2001 @06:42AM (#2603211) Homepage Journal
    This is really nothing new. we already use digitally signed and encrypted EDIFACT messages (Invoices) where a notary is used to give out the keys. The messages are then send over internet (unreliable ) but much cheaper then X-400 (now over 5.000 euro per month)
  • An encrypted document is not valid except to the person(s) who hold the key to decrypt it. In this case, thats the owner and the notary. It also makes sense that notaries would be the first group to have signing rights for electronic documents which are owned by people that dont have their own key. Of course, it would be better to have one's own key for signing, then use the symmetric key which is agreed by both parties only for the encryption.

    Alternatively, the document could be signed by both parties, but that kinda reduces the value of an individuals signature key, imho. In any case, a shared symmetric encryption key seems to me to be much like a notary stamp.

    Disclaimer: the above may be a load of bunk. The site is slashdotted right now.

  • Digital Documents will be a big step in Brazil administration. In a near future this could be possible voting from home, through internet.

    In a short ranged time period, we won't need any more travel to other cities to sell houses, or anything else that needs assign any kind of paper. You can do it from home!

    I guess all brazilians thanks our governments efforts to come that true, because if you past all your entire life dealing with dozens of documents Brazil uses a lot of differents documents independently, as ID and Driver's license.

    This action can too improve sells through Internet, because government supports security to the citizen.

    This law can push the present situation to a step further in simplifying all transactions and accelerating selling/buying through Internet even of houses.

  • Why Digital Signatures Aren't Signatures (Score:5, Informative)

    by fhwang ( 90412 ) on Friday November 23, 2001 @07:57AM (#2603337) Homepage
    Everyone interested in this subject should read Bruce Schneier's piece on the subject: Why Digital Signatures Aren't Signatures [counterpane.com]. The gist of his article is that although cryptography came verify that a document can from a given computer, it cannot verify that it came from a given person, or even that that person intended to sign that document. "The mathematics of cryptography, no matter how strong," he writes, "cannot bridge the gap between me and my computer."
    • The article is not that good, but there are many many userful links below the article.

      A lot of security is based on thrust. This is the main thing. Same thing goes for signatures. You can sign a paper but they thrust you that you did read (an can) the paper. Signatures can be faked as well.

      And of course you can bridge the gap between you and the computer with biometric autorisation.

      • Re:Why Digital Signatures Aren't Signatures (Score:4, Interesting)

        by swillden ( 191260 ) <shawn-ds@willden.org> on Friday November 23, 2001 @02:29PM (#2603998) Journal

        And of course you can bridge the gap between you and the computer with biometric autorisation.

        I don't think you read Schneier's article. The point is that you, the putative signer, never know what the computer, the real signer, is actually signing. How you authenticate yourself to the computer to unlock the signing key is irrelevant, and biometrics aren't really any better than other authentication mechanisms (from a security point of view, biometrics are actually very poor authentication mechanisms).

        lot of security is based on thrust.

        All security is based on controlling, quantifying and limiting trust. Schneier's point is that the trustworthiness of digital signatures depend absolutely on the trustworthiness of the software and hardware performing the signing operation. You have to trust that the key is stored securely, authentication of the user is performed securely (and correctly), that the signing operation is performed correctly and that the correct document (and *only* the correct document is signed. And if the computer in question is a standard, easily hackable PC running, such trust is almost impossible to justify.

        I started to implement a secure digital signature system based (mostly) on commodity hardware a while back. Unfortunately the project was cancelled before it was finished, but here's what we had to do:

        • Use a secure crypto card for key generation, storage and access control (the IBM 4758 (don't let the recent bad press fool you, it's an extremely secure device)). A naive person would think we're done here, and then some.
        • Use a stripped-down version of an open source operating system, thoroughly reviewed. We were going to use an old Linux kernel (from the days when it was smaller and simpler). The source had to be reviewed line by line, and the policies and procedures that had to be set up around how this code was stored and how modifications were tracked were very onerous.
        • Write and thoroughly review the document display and signing software.
        • Build the OS and software on a secure build server and burn it onto a CD. Run an MD5 hash of the CD contents and burn a few copies of another bootable CD whose only function is to verify the first CD (using the hash). Distribute the verification CDs to appropriate, trusted, people, who store them in personal safes. Put the first CD in a lockbox in a vault. Distribute keys to the lockbox to appropriate, trusted, people who don't have verification CDs.
        • Remove all drives from the PC except for one CD-ROM drive and one floppy drive, configure the BIOS to boot only from the CD-ROM drive and set a BIOS password. Lose the password.
        • Place the entire PC in a custom-built, TEMPEST-shielded, lockable cabinet, with only the CD-rom drive, floppy drive, keyboard and LCD display (not CRT) exposed. The keyboard must be entirely inside the cabinet except for the keys. No cabling can be exposed, except the power cord. Put the cabinet in a secure room and tightly control access to it.
        • When you want to sign something, write the document on a floppy in ASCII text, find someone with a lockbox key and someone with a verification CD.
        • Retrieve the system CD. Boot the secure PC off the verification CD. Insert the system CD for verification. Assuming it verifies correctly, unplug the PC, insert the system CD and your floppy and power the PC back on. The system will read your document, display it on-screen, then ask you to identify yourself. You specify your username and passcode, which are passed to the 4758 along with the document. The 4758 checks your credentials, hashes and signs the document and passes the signature back to the PC, which writes it to the floppy.
        • Return the system CD to the vault.

        There are obviously a lot of other issues I didn't mention, such as the policies and procedures around key generation, who is given signing privileges, how public keys are distributed to relying parties, how certification is done, etc., etc., etc.

        Of course, very few situations require this level of security. But there are also fairly few situations where there's any point in using software-based signing on a general-purpose PC.

        And biometrics make absolutely no difference to any of this. Biometrics are to security like syntactic sugar is to a programming language.

        • If you are only trying to make it possible for one person to digitally sign documents with their own key, it can be much simpler than all that. Just write a module for a PDA that generates the key internally and can sign documents on it, and wave lots of warning signs at the user when they do something that would copy their private key off the PDA. If you never run the PDA software on anything you don't read first (or put any untrusted software on it), how can you screw up? Obviously you need a PDA where the data transfer can be adminstered from the PDA side, not the random-untrusted-PC side, but the software work for this seems like a lot less than custom-tailoring and auditing an entire linux kernel. You could even physically mangle the communication link so that it works in one direction only, and when you sign something, manually transcribe the result, which should be a reasonably short hex string. Or only sign hashes of documents (which is typical anyway) and also input the hash by hand, but then you have to trust the computer generating the hash, since you don't get to inspect the plaintext on the PDA as you sign it.

          What are you concerned about Tempest radiation for, anyway? Maybe the system bus would leak information about the private key, but the _monitor_? All it should be doing is displaying the contract, and the contract doesn't need to be secret... indeed, it will not remain so if there is ever a dispute about the signers.
          • Schneier actually suggests using a handheld in the article.

            At least that means this solution is obvious. Generate your keypair on your PDA, and then secure it physically.

          • Just write a module for a PDA that generates the key internally and can sign documents on it, and wave lots of warning signs at the user when they do something that would copy their private key off the PDA.

            The system was going to be used for signing documents with extremely high value. A PDA-based solution could not have offered adequate security.

            Obviously you need a PDA where the data transfer can be adminstered from the PDA side, not the random-untrusted-PC side, but the software work for this seems like a lot less than custom-tailoring and auditing an entire linux kernel.

            Two things: First, you'd be surprised how small a Linux kernel can be. Second, we were doing the Linux kernel audit for another project anyway.

            What are you concerned about Tempest radiation for, anyway?

            I neglected to mention that digital signatures were not the only purpose of this system. It was also to be used for secure imports of symmetric key parts. The key parts were to be displayed on-screen.

            • How does high value make a PDA inadequate? Just treat the PDA like something valuable, as valuable as the contracts it can potentially sign. Put it in a safe when you aren't using it, for example. Were you going to sign things more valuable than a PDA's weight of gold? Probably, OK then, a PDA's weight of cashier's checks with lots of zeroes on them? Exactly.

              And if you need multiple parties to sign a document before it is valid, you can either just put multiple locks on the safe, or use multiple safes and use an appropriate multiparty signature protocol.
        • Unfortunately the project was cancelled before it was finished, but here's what we had to do:...

          How far did you get.. and what kind of organisations is this?

          (from a security point of view, biometrics are actually very poor authentication mechanisms.)

          Could you explain this? Because biometics are going to be a very important issue to prove you are you.

          In my opinion it proves the point "Person A" was behind this device at that time. If fixes the gap between the PC and person. I do understand it does not yet prove that person did read the document he signed. (And the pc can be hacked, and a standard pc is much more hackable than your solution)

          • How far did you get.. and what kind of organisations is this?

            Sorry, can't tell you.

            Could you explain this? Because biometics are going to be a very important issue to prove you are you.

            But they don't.

            If you look closely at the processes involved in biometric authentication you see there are many points where they're vulnerable to attack. I won't go into all of the details, but I'll try to give you an overview.

            • Capture. To begin with we have to capture your biometric scan initially, associate it with you and get it into the database. This is pretty easy to secure, but it has to be done.
            • Template storage. That biometric scan has to be stored somewhere. An attacker who can gain access to the database can insert his own template. Less obviously, he can do a denial-of-service attack by corrupting yours, which can open up a whole range of new social attacks. Also, templates can't be stored in hashed form like passwords, because template matching is fuzzy.
            • Scanning. When you authenticate yourself, a scanner grabs biometric information via some sort of scanner and converts it to a string of bits. If compromised, the scanner can mess with it in all sorts of ways.
            • Transmission. In many cases the scanner must transfer the biometric data to another system for comparison (this other system may be directly attached to the scanner, but it's still a separate unit). It can be modified, or, far worse, copied. Once the attacker has a copy of your scan data he can replay it at will to impersonate you. It's important to realize that he doesn't need to make a phone finger or retina. It's much easier to bypass the scanner and just send the bit string in directly. A scanner that timestamps and digitally signs and encrypts the data would help.
            • Comparison. Some system must compare the scan with the template. Another good place to attack, particularly since this system must have access to the template database.
            • Other compromise. Your body is a rather visible and accessible thing, which makes it a bad thing to use as a password. Your fingerprints are left everywhere, you can be tricked into allowing an attacker to scan your retinas in a variety of ways.

            So you see, from a security point of view, a biometric scan is just a password that's not well-secured, is complicated to use (technically complicated, not complicated to the user) and can't really be replaced once compromised (you only have ten fingers, two eyes, etc.) Most of the above compromise points apply to passwords as well, and most can be adequately closed, but, overall, a well-chosen passphrase, never written down and only entered into a secured terminal is more secure than biometric authentication.

            Of course, the best authentication is three-factor (something you have, something you know, something you are).

    • Digital Signatures as a direct replacement for pen signatures is really a bad idea. Basically, what an X.509 certificate says is "On [date] a public key [hash] was held by [individual or orgnaization] and I have absolutely no idea what hardware, software and security procedues [individual or organization] uses to protect it. Signed by [issuer]".

      Digital Notarization is a much better idea. It's the equivalent of a notarization seal, not a pen signature. Digital Notaries are required to employ certain security measures or else they could lose their license and have their certificates revoked. A Notarized Digital Signature says "On [date], I have verified the identity of [individual or authorized representative of organization] and obtained their informed consent of the content of the following document [hash]. If necessary, I will testify to this fact in court. Signed [notary]".
    • The trouble is, even with a 'real' signature on a piece of paper, the document can be altered post-signature. Which is why for some very important documents, you sign very large over the top of the doucument so that the ink will be below the alterations if any are made.

      I think going with a Handspring Visor with an iButton imbedded (and being careful about what software you install) will be 'safe enough' for most cases.
  • The slashdot spin on this seems to be that it's a good thing.

    How is this a good thing? Sure it may make being able to notarize things more convenient. And having it recognized as 'official' may be beneficial for many people. Especially businesses and other types of organizations who often need something to be canonized before they can embrace it.

    What does this really mean though? If my key is compromised and someone uses it to 'sign' a contract, does that mean I'm bound by it?

    Or will duress-like provisions apply?
  • Brazilian Notary and Register Association claims that one can even print as many copies of, say, your driver license as desired, though I don't see how this part would work..."

    Well, if you have an image containing a bar code that is a digital signature of the data (name,date of birth,expiry date etc) on the licence, made by the government's secret key, anyone with a barcode scanner and a palmtop that can run PGP or something can validate the document. All you need is the government's public key.

    I think that would be a very elegant way to save money, while making the production of false documents more difficult.

    • Validating the signature wouln't validate the document.

      The signature is valid only with the matching document. He should need to scan the full document to see if the signature is OK.

      And that would be a little harder.
  • We all do relalize, that if the security of the notary is compromised, it is easy to generate digital signatures. What makes it worse, is if the key is secretly compromised (i.e. downloaded)
  • Internet based services are way behind where they should be. Something as basic as timestamping [timestamp.com] is still having trouble getting of the ground after several years. Think of all the things that you should be able to accomplish, simply (although not necessarily freely) but just can't yet.

  • That Translation Sucks (Score:1, Insightful)

    by Anonymous Coward
    Brazilians will be able to digitalize any certified document and can make as many copies they want

    Brazilian citizens, starting next year, will be able to get in a notary's office a floppy disk, or a CD-ROM, containing driver and identity cards, birth certificate and property deeds, guaranteed to be authentic, secure and legal. With the disk the citizen will be able to print as many electronic copies as many times as wanted, in the house, the office, or to send them over the Internet, respecting legal restrictions.

    This is one of the simplifications that will be at the disposal of the Brazilian citizens in the contract that the Association of the Notaries and Registers of Brazil (ANOREG-BR) signs today, Monday, at 3:00, with the SERPRO (Federal Job of Data Processing), SGAN-Document 601-Section V, here in Brasilia (the Capital). To make a long story short, digital certificates could be distributed so that the notaries and registers will allow the electronic sending of any document, that will have the same attributes as the normal document. The trial version will have initial implantation in 10 notary's offices in Rio De Janeiro.

    The information is from the president of Association of the Notaries and Registrations of Brazil (ANOREG-BR), clarifying that such modernization now is possible after the passing of the Provisional remedy that instituted Infrastructure of Brazilian Public Keys (ICP-Brazil), giving to legal validity digital documents and signatures.

    According to the contract, it legalizes, the ANOREG-BR as the Authority Certifier of the notaries and Registers (notary's offices). SERPRO will initialize the creation of the digital certificates, giving the encrypted electronic form of documents, through a combination of numbers, letters and symbols, a guarantee (haha) that the source will be secure and bad guys cant crack into it.

    For the creation of the Digital Certificate, the bearer generates two encrypted keys (a public and private one). The private key, used to sign documents digitally, will remain exclusively under control of the bearer of the certificate. The public key and the identification of the bearer define the content of the Digital Certificate. This, in turn, digitally is signed by the Authority Certifier, with process of identification for the bearer of the key will ALWAYS be made in notary's office.

    Still according to Léa Portugal, the Digital Certificates sent by the ANOREG-BR will contain extensions that aim at to extend the degree of security and the reliability of the procedure practiced for the notary jobs and of the register. These extensions will allow, among other things, the users of the procedure to verify if the bearer of the certificate possess delegation of the public power to guarantee the act in question.

    Innumerable advantages

    With the implanted system, Luiz explains Gustavo Leão Ribeiro, president of the ANOREG-DF, a real estate deal will be able to be received from the notary's offices, through the Internet, and all at one time, all the necessary certificates to the finish the deal, with the documents that proves the inexistence of restrictions to the property, such as mortgage, non-availability, distrainment etc. will be available. In the same way, a bank that negotiates a loan with a customer will prove, electronically, the validity and the availability to guarantee the loan.

    Says Luiz Gustavo: the advantage of the contract with the SERPRO is that the agency uses the "digital language" of the government and that the digital documents generated by the notary jobs and registrars will enjoy of the same level of acceptance that the normal documents generated for the public management (the paper kind). Securitywise, it definitively guarantees that any attempt to alter the text or signature of the digital certificates will invalidate the document. Moreover, the SERPRO will always guarantee, to the notary acts and of public registers, the same technology, security and reliability supplied the diverse organizations of the public management, from the Presidency of the Republic.

    The private keys, clarified the president of the ANOREG-DF, remains exclusively under control of the bearer of the certificate, and its security can be magnified with the use of intelligent cards (smart cards), that still can be improved with diverse biological-related readers (fingerprint, voice, retina etc.).

    For more information:
    Assessorship of the Press of the ANOREG-BR - Luis Joca (Texto and Cia - Consultant in Communication: (61) 322.1675/1408 and 9983.3589)
    Assessorship Technique - Arnaldo Viegas de Lima: (21) 9874,4997
    Dra. Léa Portugal, president of the ANOREG-BR: (61) 9984-5554
    Dr. Luiz Gustavo Leão Ribeiro: (61) 9985.2396
  • Is anyone doing online notarization in the U.S. anyone know? Is it even possible under any U.S state's current law?

    I've been thinking it'd be nice if webmasters had a way to notarize information and then point to that notarization (on the notary's website, for credibility). This would a way to backup certain claims in a way easy for people to verify. Good idea?
    • Do be careful when you see the word "notary" in reference to a foreign country. I guess for the purposes of what you said up there and what the article is about, you can sorta use it in the same way.

      49 states are "common law" states. A notary public in these states doesn't do anything else except notarize (certify) documents (that the person is whom they claim to be and that they sign the document intentionally and not under duress...etc.)

      Brazil, most foreign countries, and Lousiana are "civil law" jurisdictions. Notaries in those places do a lot more than just certify documents. They are actually lawyers who have quite a lot of interesting powers and duties. For instance, a Lousiana notary is involved in the buying/selling of a home (in the other 49 states, we use "title agencies.)

      My point is, in the 49 states, notaries don't really do all that much...whereas notaries in civil law countries are quite a part of everday life--so there may not be all that much of a reason for notaries to go online here--but notarial services in civil law countries is quite a convenience.
      • good info, thanks.

        Notaries may not do much in 49 states but it'd be a good start to putting Clinton's digital signature law to use if one could, with a few clicks, legally certify it's you intentionally signing a document. Example: I submitted a spam to SpamCop.net recently and got back a notice from the spammer's ISP saying that they are being sued for damages and to restore service by the spammer and that they need people (the more, the better) to send them a notarized statement (that what they had received was spam and that their complaint/email to SpamCop was not simply a request to opt-out of a mailing list they'ed opted-into blah blah). It was a bit of a hassle getting to a notary for that, i'd rather have just digitally signed the boilerplate document they provided with my PGP private key or one from a Thawte personal certificate and forwarded it to an online notary who notarized, printed, and snail mailed it.

        Once digital signatures and other aspects of cryptographic techniques are well accepted and integrated, everyone is wired with their little bioauthentication scanners, and all newly published info is available (for a price) online, we can get more creative. Example: it should go a long way to combatting ignorance and uncertainty based on credibility gaps when reporters can back up statements not just by citing references as at present but by linking to a statement, from a notary, that all their citations have been verified to have come from the sources claimed. (Further details and any provisos available at a click.)

        As this fiction fades to fact, see them rendered twain.
  • He said assymetric. Heh heh.

Slashdot Top Deals

What is research but a blind date with knowledge? -- Will Harvey

Close