What is the electronic signature on the Internet? What's the use?

In order to understand what an electronic signature is, we need to start with the traditional manual signature or stamp. In traditional commercial transactions, in order to ensure the security and authenticity of the transaction, it is necessary to have a written contract or official document signed or sealed by the parties or the person in charge, so that both parties can identify who signed the contract and ensure that the signer or seal recognizes the contents of the contract, thus making the contract legally valid. In the virtual world of e-commerce, contracts or documents are expressed and transmitted in the form of electronic documents. In electronic documents, the traditional handwritten signature and seal can not be carried out, and it must be replaced by technical means. Legally speaking, signature has two functions: identifying the signer and indicating the signer's approval of the contents of the document. Therefore, UNCTAD's Model Law on Electronic Signatures defines an electronic signature as "data contained in, attached to or logically associated with a data message, which can be used to identify the signer related to the data message and show that the signer approves the information contained in the data message." ; The EU Framework Directive on Electronic Signature defines an electronic signature as "data attached in electronic form or logically linked with other electronic data as an authentication method". Different laws may have different definitions of electronic signature, but the essence is the same. Therefore, an electronic technical means that can identify the true identities of both parties in electronic documents, ensure the security, authenticity and non-repudiation of transactions, and play the same role as handwritten signatures or seals can be called electronic signatures.

At present, there are many technical means to realize electronic signature, such as digital signature based on public key cryptography; Or use unique identification marks based on biometrics, such as fingerprints, voiceprints or retinal scans; Pattern recognition of electronic images of handwritten signatures and seals: cryptographic codes representing identity (symmetric algorithm); Computers based on quantum mechanics and so on. However, the relatively mature electronic signature technology widely used in advanced countries in the world is still digital signature technology based on PKI. Due to the principle of technology neutrality in legislation, the signature mentioned in the current electronic signature law generally refers to "digital signature". It is a special form of electronic signature.

The so-called digital signature is to use a series of symbols and codes generated by some cryptographic operation to form an electronic password to "sign" instead of writing a signature or seal. Technically, this kind of electronic signature can also be verified by algorithm, and its verification accuracy is unmatched by manual signature and seal in the physical world. In ISO7498-2 standard, digital signature is defined as: some data attached to a data unit, or cryptographic transformation of the data unit, which allows the receiver of the data unit to confirm the source and integrity of the data unit and protect the data from being forged by people (such as the receiver). The definition of digital signature in American Electronic Signature Standard (DSS, FIPS 186-2) is that data is calculated by using a set of rules and a parameter, and the identity of the signer and the integrity of the data can be confirmed by this result. According to these definitions, digital signature has become the most widely used, most mature and most operable electronic signature method in e-commerce and e-government. It uses standardized procedures and scientific methods to identify the signer and approve the electronic data content. It can also verify whether the original text of the file has changed during transmission, and ensure the integrity, authenticity and non-repudiation of the transmitted data.