Slashdot Mirror

← Back to Stories (view on slashdot.org)

Digitally Notarized Documents in Brazil

Posted by michael on from the cryptographers-do-it-with-numbers dept.

Remote writes: "As of next year, Brazilians will be able to obtain notary-authenticated digital documents and have them sent over the Internet (English) . You can also obtain a CD or floppy from a notary office, containing your document encrypted with an assymetric key. The key generation, though, demands that one shows up in person at the notary office for ID verification. This was made possible by legislation that recognises public-key encrypted documents and signatures as legally valid. This is one first step, and I don't see why this wouldn't be applied to things like contracts, invoices, wills, etc. Brazilian Notary and Register Association claims that one can even print as many copies of, say, your driver license as desired, though I don't see how this part would work..."

6 of 77 comments (clear)

  1. Already doing that for edifact. by leuk_he · · Score: 4, Informative

    This is really nothing new. we already use digitally signed and encrypted EDIFACT messages (Invoices) where a notary is used to give out the keys. The messages are then send over internet (unreliable ) but much cheaper then X-400 (now over 5.000 euro per month)

  2. Re:Worried by Ricardo+Lima · · Score: 3, Insightful

    And how could the police officer validate the digital signature? He would only look at the printed paper and it would seem all right to him.

    Digital signatures only work with digital documents. A digital signature is a hash of the entire document signed with a private key ( in this case the notary's key ). When you print the document, how could you check the signature? Should you scan it back so a computer could validate it again? How could you be sure that what I scanned would generate the same bits of the original? Actually, you can't! So we would always have a bad signature!

    --
    Ricardo da Silva Lima
  3. Why Digital Signatures Aren't Signatures by fhwang · · Score: 5, Informative

    Everyone interested in this subject should read Bruce Schneier's piece on the subject: Why Digital Signatures Aren't Signatures. The gist of his article is that although cryptography came verify that a document can from a given computer, it cannot verify that it came from a given person, or even that that person intended to sign that document. "The mathematics of cryptography, no matter how strong," he writes, "cannot bridge the gap between me and my computer."

    --

    Do domain names matter?

    1. Re:Why Digital Signatures Aren't Signatures by swillden · · Score: 4, Interesting

      And of course you can bridge the gap between you and the computer with biometric autorisation.

      I don't think you read Schneier's article. The point is that you, the putative signer, never know what the computer, the real signer, is actually signing. How you authenticate yourself to the computer to unlock the signing key is irrelevant, and biometrics aren't really any better than other authentication mechanisms (from a security point of view, biometrics are actually very poor authentication mechanisms).

      lot of security is based on thrust.

      All security is based on controlling, quantifying and limiting trust. Schneier's point is that the trustworthiness of digital signatures depend absolutely on the trustworthiness of the software and hardware performing the signing operation. You have to trust that the key is stored securely, authentication of the user is performed securely (and correctly), that the signing operation is performed correctly and that the correct document (and *only* the correct document is signed. And if the computer in question is a standard, easily hackable PC running, such trust is almost impossible to justify.

      I started to implement a secure digital signature system based (mostly) on commodity hardware a while back. Unfortunately the project was cancelled before it was finished, but here's what we had to do:

      • Use a secure crypto card for key generation, storage and access control (the IBM 4758 (don't let the recent bad press fool you, it's an extremely secure device)). A naive person would think we're done here, and then some.
      • Use a stripped-down version of an open source operating system, thoroughly reviewed. We were going to use an old Linux kernel (from the days when it was smaller and simpler). The source had to be reviewed line by line, and the policies and procedures that had to be set up around how this code was stored and how modifications were tracked were very onerous.
      • Write and thoroughly review the document display and signing software.
      • Build the OS and software on a secure build server and burn it onto a CD. Run an MD5 hash of the CD contents and burn a few copies of another bootable CD whose only function is to verify the first CD (using the hash). Distribute the verification CDs to appropriate, trusted, people, who store them in personal safes. Put the first CD in a lockbox in a vault. Distribute keys to the lockbox to appropriate, trusted, people who don't have verification CDs.
      • Remove all drives from the PC except for one CD-ROM drive and one floppy drive, configure the BIOS to boot only from the CD-ROM drive and set a BIOS password. Lose the password.
      • Place the entire PC in a custom-built, TEMPEST-shielded, lockable cabinet, with only the CD-rom drive, floppy drive, keyboard and LCD display (not CRT) exposed. The keyboard must be entirely inside the cabinet except for the keys. No cabling can be exposed, except the power cord. Put the cabinet in a secure room and tightly control access to it.
      • When you want to sign something, write the document on a floppy in ASCII text, find someone with a lockbox key and someone with a verification CD.
      • Retrieve the system CD. Boot the secure PC off the verification CD. Insert the system CD for verification. Assuming it verifies correctly, unplug the PC, insert the system CD and your floppy and power the PC back on. The system will read your document, display it on-screen, then ask you to identify yourself. You specify your username and passcode, which are passed to the 4758 along with the document. The 4758 checks your credentials, hashes and signs the document and passes the signature back to the PC, which writes it to the floppy.
      • Return the system CD to the vault.

      There are obviously a lot of other issues I didn't mention, such as the policies and procedures around key generation, who is given signing privileges, how public keys are distributed to relying parties, how certification is done, etc., etc., etc.

      Of course, very few situations require this level of security. But there are also fairly few situations where there's any point in using software-based signing on a general-purpose PC.

      And biometrics make absolutely no difference to any of this. Biometrics are to security like syntactic sugar is to a programming language.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  4. Re:Swiss Cheese... by Tim+C · · Score: 3, Informative
    Slashdot had an article about Brazil a couple months ago explaining about how their government was planning to break the patent on an AIDS drug because they couldn't agree with the manufacturer on a price.

    Here are a few statistics for you:
    • Brazil has the highest number of people with AIDS in Latin America, at around 200,000
    • a quarter of Brazil's annual AIDS treatment budget of $300m is spent on the drug in question (nelfinavir)
    • breaking the patent would allow them to save $34.8m per year, and so improve the level of care provided


    (Sources: http://news.bbc.co.uk/hi/english/business/newsid_1 505000/1505163.stm and http://asia.cnn.com/2001/WORLD/americas/08/22/aids .drug/)

    Your comparison with Cipro is, imho, spurious. There have been what, a dozen cases of anthrax in the US since 11/9, which have lead to about 4 fatalities? On the other hand, Brazil is facing an AIDS problem of epidemic proportions. Yes, I realise that anthrax could have been a real problem, and so in the face of this potential problem the US government started making threats. Well, Brazil's problem is very real, and only going to get worse. The length of time remaining on the patent is immaterial.

    I'm not against patents, just their misuse, and in my opinion charging too much for a drug that is so vitally needed is immoral and an abuse of the patent system.

    Cheers,

    Tim
    --
    It's official. Most of you are morons.
  5. Re:Swiss Cheese... by vidarh · · Score: 3, Informative
    This is bullshit. Brazils laws allow the government to use compulsory licensing in the face of a medical emergency. Notice: Compulsory licensing, not "breaking" the patent. What this means is that they can force the manufcaturer to license a product at a reasonable price if they refuse to do so by their own choice in the case where the country faces a medical emergency.

    This is legal in Brazil, and a part of the terms you enter into when applying for a patent.

    A patent isn't some god-given right, but a privilege granted by a country for a limited period of time, provided that you fulfill whatever restrictions the particular country has placed on patents. In this case: They have to be prepared to accept compulsory licensing.

    Now, perhaps you believe that hundreds of thousands of people dying of AIDS doesn't constitute a medical emergency... In that case I'll just think you're an asshole.

    Either way, you are wrong that Brazil won't pay for the drugs - under the terms of their compulsory licensing law still pay licensing fees.