8 / 46
8
Informaon Technology Instute), the organizaon
responsible for performing the Root Cerfying Authority
(AC-Raiz) part, and also registraon and cancellaon of
registries of other parcipants in the chain, supervising
and auding the processes (ITI, 2016).
Digital signatures
are specific and codified data that
accompany a specific coded “cyberdocument” in which
it is possible to prove authorship of the message, as well
as if it was modified aer leaving the origin.
Thus, digital signatures comply with authencity
requirements, integrity and lack of repudiaon in
electronic media. That is, the author of an acon knows
that only his corresponding public key may decipher it.
Thus, the address of said message is the identy of the
issuer.
Digital cerficates, therefore, arise with the funcon
of guaranteeing that a specific public key belongs
to a specific organizaon (user-machine interface).
According to ITI (2016), digital cerficate ICP-Brazil
operates as a virtual identy that allows for safe and
undoubted idenficaon of the author of a message or
transacon in electronic media, like the web.
This electronic document is generated and signed by
a trustworthy third party, i.e., a Cerfying Authority
(AC) which, following rules established by the ICP-Brasil
Managing Commiee, connects an organizaon (person,
process, civil servant) to a set of cryptographic keys.
Cerficates contain data on the owner, in accordance
with the Safety Policy of each Cerfying Authority, and
are for personal and untransferrable use (ITI, 2016).
3.
Final considera!ons
With regard to the alignment of acvies promoted by
organizaons through their compliance agents, digital
signatures have been idenfied as a levelling mechanism
for said pracce, idenfying authors and, consequently,
processes executed in inadequate or incorrect manner,
judicially recognizing said acvies.
Cerficaon is seen as a way to facilitate and ensure in
electronic form the principles of authencity, integrity
and confidenality of documents. Countries such as
Germany, Argenna, Spain and Brazil regulated digital
cerficaon in order to ensure secure electronic
transacons by means of cerficates and digital
signatures.
The infrastructure of the digital cerficaon, in line with
the standards, standardizaon and regulaons of ICP-
Brazil guarantee the authencity and integrity of digital
documents digitally signed.
The applicability of digital cerficates standard ICP-Brazil
was idenfied in the most varied of scopes in terms of
organizaons’ electronic systems, be it for use in access
to the company’s internal systems, for adaptaon of
soware used by the financial area, or for homologaon
of access to operaons to be performed in the network
by this area.
When dealing with acons considered fraudulent in the
corporate environment, it is necessary to understand
that the opon for objecve responsibility of companies
consists in considerable legal news in the domesc
conjecture, to considerably alter relaons between the
companies and staff and collaborators. As the CFO has
the responsibility to produce, transmit and disseminate
financial data recorded in digital electronic media, the
digital signature provides the security needed to meet
the interests, fulfill rights and dues, which require
verificaon of data and informaon electronically.
Organizaons must therefore consider all dishonest
or guilty acvies their responsibility, no maer if it is
known or not, as well as implemenng Ancorrupon
Laws as the base for penalizaon, therefore, expecng
the mechanism presented in this work to contribute to
these purposes.
4.
References
CASTRO, Marcos Vinicus Marns; SANTOS, Mariana
Mello. A eficácia da prova eletrônica. Available at: goo.
gl/jk5k0B. Last viewed in 09.2016.
FUNENSEG: Introdução ao Gerenciamento de Riscos.
ITI – Instuto Nacional de Tecnologia da Informação.
Available at: hp://www.i
.gov.br/icp-brasil.Last
viewed in 09. 2016.
Manual se Controles Internos - Comissão Técnica
Nacional de Compliance e Controles Internos. Available
at:
goo.gl/jDJhQy.Last viewed in 09. 2016.