|
在上一篇《電子合同的法律效力如何體現?》我們看到人們產生法律效力質疑的并非電子合同的內容,而是電子合同采用電子實現方式這一技術帶來的疑問與擔憂,譬如簽署人身份的確認,內容易偽造、篡改等。在本文中我們就一起來探討電子合同的法律效力如何在電子簽名https://www.bjca.cn/ProductSolutions/servicedetail/?ContentID=276#service應用中進行保障。 電子合同采用可靠電子簽名技術來保障其法律效力 根據《電子簽名法》的規定,“可靠的電子簽名與手寫簽名或者蓋章具有同等的法律效力”。可靠電子簽名具有如下的特點: (1)電子簽名制作數據用于電子簽名時,屬于電子簽名人專有; (2)簽署時電子簽名制作數據僅由電子簽名人控制; (3)簽署后電子簽名的任何改動能夠被發現 (4)簽署后對數據電文內容和形式的任何改動能夠發現 可以看到采用可靠電子簽名能夠確保簽名人身份的真實性,數據內容的完整性,并且簽名人與電子簽名以及數據內容的關聯關系可以得以明確。不僅如此,帶有可靠電子簽名的電子合同還能確保簽名與數據內容一旦被篡改即被發現,實現簽名人簽名行為的責任認定。因此,電子合同普遍采用可靠電子簽名技術來保障其法律效力。 新晉技術標準規范可靠電子簽名的生成與驗證 《電子簽名法》確立了可靠電子簽名所具有的法律效力,但如何從技術上實現可靠電子簽名和如何驗證電子簽名是可靠的等問題,仍沒有得到很好的解決。目前,在電子商務市場蓬勃發展的推動下,市場涌現了大量的電子合同廠商,每一家都宣稱提供可靠電子簽名的電子合同產品,如何去判定廠商提供的產品是否合規呢?基于這樣的市場需求,為了貫徹落實《電子簽名法》,促進可靠電子簽名的應用普及,全國信息安全標準化技術委員會發布了可靠電子簽名的國家標準《GBT35285-2017信息安全技術公鑰基礎設施基于數字證書的可靠電子簽名生成及驗證技術要求》(以下簡稱《技術要求》,于2018年7月1日正式實施。《技術要求》中明確規定基于數字證書的可靠電子簽名生成條件: (1)合法的電子認證服務機構為電子簽名人頒發數字證書; (2)簽名私鑰運算在國家密碼管理局審批許可的簽名密碼設備中完成; (3)簽名密碼設備通過pin、口令、生物特征等方式鑒別電子簽名人; (4)采用國家密碼管理局許可的數字簽名密碼算法; 基于國產密碼體系的數字簽名密碼算法,合法的第三方CA證書服務,和通過國家密碼管理局審批許可的簽名設備,是可靠電子簽名生成的關鍵。.其中涉及太過專業的簽名密碼算法機制不在此贅述,簡而言之數字簽名密碼技術保障了簽名人身份真實、數據內容完整性和簽名行為不可否認。 《技術要求》中,在工信部、國密局的嚴格監管下,對電子認證服務、簽名身份核實、簽名數據格式、簽名密碼設備、電子簽名程序和簽名流程等進行了嚴格要求。在這種政府監管,信任背書、規范操作的執行條件下才保證了可靠電子簽名的生成和驗證。 至此,我們對電子合同的法律效力從法律解讀、技術實現等不同層面進行了闡述。對于計劃部署電子合同的廠商會產生新的疑問:部署電子合同系統對現有企業信息系統有哪些要求?部署方式如何選擇?部署前需要重點評估和關注哪些問題?數字認證將在后續的文章中一一為你揭曉。 SecuretheLegalEffectofElectronicContractswithReliableElectronicSignatures Inthepreviousarticle,howisthelegaleffectofanelectroniccontractreflected?"Weseethatpeoplewhoquestionthelegaleffectarenotthecontentoftheelectroniccontract,butthedoubtsandconcernsbroughtaboutbytheelectronicrealizationoftheelectroniccontract.Forexample,theidentificationoftheidentityofthesignatoryiseasytoforgeandfalsify.Inthisarticle,wewilldiscusshowthelegaleffectsofelectroniccontractscanbeguaranteedinpracticalapplications. Electroniccontractsusereliableelectronicsignaturetechnologytoprotecttheirlegaleffects AccordingtotheElectronicSignatureLaw,"areliableelectronicsignaturehasthesamelegaleffectasahandwrittensignatureorstamp."Reliableelectronicsignatureshavethefollowingcharacteristics: (1)Whentheelectronicsignatureproductiondataisusedforelectronicsignature,itisexclusivetotheelectronicsignatureholder; (2)Theelectronicsignatureproductiondataatthetimeofsigningisonlycontrolledbytheelectronicsignatory; (3)Anychangestotheelectronicsignatureaftersigningcanbefound (4)Anychangestothecontentandformofthedatamessageaftersigningcanbefound Itcanbeseenthattheuseofreliableelectronicsignaturesensurestheauthenticityoftheidentityofthesigner,theintegrityofthedatacontent,andtheassociationbetweenthesignerandtheelectronicsignatureanddatacontentcanbeclarified.Notonlythat,electroniccontractswithreliableelectronicsignaturesensurethatsignaturesanddatacontentarediscoveredoncetheyhavebeentamperedwith,andthatthesignatory'ssignaturebehaviorisrecognized.Therefore,electroniccontractsgenerallyusereliableelectronicsignaturetechnologytoprotecttheirlegaleffectiveness. Newtechnologystandardstostandardizethegenerationandverificationofreliableelectronicsignatures TheElectronicSignatureLawestablishesthelegaleffectofreliableelectronicsignatures,buthowtoachievereliableelectronicsignaturesandhowtoverifyelectronicsignaturesisstillnotwellsolved.Atpresent,undertheimpetusoftheboominge-commercemarket,alargenumberofelectroniccontractmanufacturershaveemergedinthemarket.Eachcompanyclaimstoprovidereliableelectronicsignatureelectroniccontractproducts.Howtojudgewhethertheproductsprovidedbythemanufacturersareincompliance?Basedonsuchmarketdemand,inordertoimplementtheElectronicSignatureLawandpromotethepopularizationofreliableelectronicsignatureapplications,theNationalInformationSecurityStandardizationTechnicalCommitteeissuedanationalstandardforreliableelectronicsignatures.GBT35285-2017InformationSecurityTechnologyPublicKeyInfrastructureisbasedonTheTechnicalRequirementsforReliableElectronicSignatureGenerationandVerificationofDigitalCertificates(hereinafterreferredtoasthe"TechnicalRequirements")wasofficiallyimplementedonJuly1,2018.The"TechnicalRequirements"clearlystipulatestheconditionsforgeneratingreliableelectronicsignaturesbasedondigitalcertificates: (1)Alegalelectroniccertificationserviceagencyissuesadigitalcertificatetoanelectronicsignatory; (2)ThesignatureprivatekeyoperationiscompletedinthesignaturecryptographicdeviceapprovedbytheStateCryptographicAuthority; (3)Thesignaturecryptographicdeviceauthenticatestheelectronicsignerbymeansofpin,password,biometrics,etc.; (4)DigitalsignaturecryptographyalgorithmapprovedbytheNationalCryptographicAuthority; Thedigitalsignaturecryptographyalgorithmbasedonthedomesticcryptosystem,thelegalthird-partyCAcertificateservice,andthesignaturedeviceapprovedbytheNationalCryptographicAuthorityarethekeytothegenerationofreliableelectronicsignatures.Themechanismofsignaturecryptographyinvolvingtoomuchprofessionalisnotdescribedhere.Inshort,thedigitalsignaturecryptographytechnologyguaranteestheidentityofthesigner,theintegrityofthedatacontentandtheundeniablesignaturebehavior. Inthe"TechnicalRequirements",underthestrictsupervisionoftheMinistryofIndustryandInformationTechnologyandtheStateSecretsBureau,strictrequirementswereimposedonelectronicauthenticationservices,signatureidentityverification,signaturedataformats,signaturecryptographicdevices,electronicsignatureproceduresandsignatureprocesses.Thegenerationandverificationofreliableelectronicsignaturesareguaranteedundersuchconditionsofgovernmentsupervision,trustendorsementandstandardoperation. Sofar,ourlegaleffectsonelectroniccontractshavebeenelaboratedondifferentlevelssuchaslegalinterpretationandtechnicalrealization.Thereisanewquestionforvendorsplanningtodeployelectroniccontracts:Whataretherequirementsfordeployinganelectroniccontractsystemforanexistingenterpriseinformationsystem?Howtochoosethedeploymentmethod?Whatissuesneedtobeevaluatedandfocusedbeforedeployment?Digitalcertificationwillbeannouncedinthefollowingarticles. |
