The rapid development of Internet technology constantly affects people's thinking, improves our work and lifestyle, and brings us unlimited happiness and convenience. For example, it replaces telephones, letters, newspapers and so on. The impact of ordinary websites and e-mails will not be detailed in this article. With the promulgation and implementation of People's Republic of China (PRC) Electronic Signature Law, e-government and e-commerce will have a great impact on our work and life.

E-government refers to the use of modern information technology in the management and service functions of government agencies to realize the reorganization and optimization of government organizational structure and workflow, transcend the limitations of time, space and departmental division, and build a streamlined, efficient, clean and just government operation mode.

E-commerce refers to the use of network technology to help enterprises simplify processes, improve productivity and improve efficiency. It enables the company to communicate with partners, suppliers and customers conveniently, connect back-end data systems and handle business matters in a safe way. With the emergence of Internet technology, people engage in electronic transactions of goods and services widely with the help of the Internet, which not only greatly expands the scope of transactions, but also effectively shortens the transaction time and reduces the transaction cost.

First of all, e-government and e-commerce systems need security.

E-government and e-commerce carry important information of government agencies, enterprises and individuals, which must be complete, confidential and undeniable in all aspects of operation, transmission and processing. To sum up, the security problems faced by e-government and e-commerce systems through the network are:

1. Authentication: How to accurately judge whether a user is a legitimate user of the system;

2. User authorization: what rights do legal users have after entering the system, what information they can access, and whether they have the right to modify or delete;

3. Confidentiality: How to ensure that a large amount of confidential information involved in the system is not stolen in the process of transmission through the network;

4. Integrity: How to ensure that the information transmitted in the system will not be tampered with in the middle and make false transactions through repeated transmission;

5. Non-repudiation: How to ensure that users in the system do not admit what they have approved after signing.

Because the traditional "username+password" authentication method has many security risks, such as the password may be cracked; Moreover, the real identity of users who log in to the system cannot be effectively judged by the login user name, which leads to illegal users can forge and impersonate the identity of system users; Login system can take the opportunity to tamper with, destroy and so on.

During the operation of e-government and e-commerce systems, system security and information security are very important and necessary. Once an unsafe accident occurs, it should be found in time and remedial measures should be taken immediately.

Second, measures to ensure system and information security.

The key to ensure system and information security lies in management and technology. A systematic security management system should be constructed from four aspects: technical support system, operation management system, social service system and infrastructure construction. The following will analyze how to realize the information security of the system from the technical point of view:

1, Certification Authority (CA), which solves the problems of confidentiality, integrity and non-repudiation that must be solved in identity authentication through digital certificates, and generates, distributes and manages the digital certificates for identity authentication required by all entities involved in network resources. This part of the content can be found in "Confirming the legal identity of users through digital certificates", and this article will not focus on it.

2. Rights Management Infrastructure (PMI) is an infrastructure that supports many application systems. By defining roles, users, security policies, etc. After the authentication and authorization of users, the management of resources and access control of users are realized, thus solving the important rights management problem in information security. This part of the content can be found in "Implementing Authority Management through PMI", and this article will not focus on it.

3. Electronic signature: Article 14 of the Electronic Signature Law of People's Republic of China (PRC) states that "a reliable electronic signature has the same legal effect as a handwritten signature or seal" and stipulates from a legal height that "a document with an electronic signature or data message agreed by the parties shall not be denied its legal effect just because it is in the form of an electronic signature or data message". A reliable electronic signature should meet the following four conditions:

(1) When electronic signature data is used for electronic signature, it belongs to the electronic signer. In general, signature data can be produced by audit department personnel and system administrators under mutual supervision. After the production process, the original image files can be locked together or completely destroyed.

(2) When signing, the electronic signature data is only controlled by the electronic signer: the electronic signature data is usually bound with the digital certificate, and the corresponding data is only controlled by the electronic signer through the authentication of the digital certificate and the verification of the system password and the electronic signature password.

(3) Any changes to the electronic signature after signing can be found: from a technical point of view, changes to the electronic signature are relatively easy to find.

(4) Any changes to the content and form of data messages can be discovered after signing. This is very important, which is related to whether the electronic signature has the same legal effect as the handwritten signature or seal. No matter what changes have taken place in the content or form of data messages, they should be able to be detected and clearly marked.

Third, the function of electronic signature system

Electronic signature generally refers to all spreadsheets attached to an electronic document and logically associated with it, which can be used to identify the identity of the signer of the electronic document, ensure the integrity of the document, and show that the signer agrees with the contents stated in the electronic document. Generally speaking, the identification of electronic signature is from the technical point of view, which mainly refers to the security measures to identify the identity of the parties through a specific technical scheme to ensure that their content and openness are not tampered with; In a broad sense, electronic signature includes not only "asymmetric key encryption" in our usual sense, but also computer passwords, biometric handwriting recognition, fingerprint recognition, and emerging eye-iris perspective recognition and facial pattern recognition. At present, the most mature and widely used electronic signature technology is the "asymmetric" cryptographic technology based on public key and key.

Some people divide electronic signature into digital signature and electronic signature, which correspond to handwritten signature and seal respectively; Some software developers are also divided into digital signature system and electronic signature system, which are divided from the quotation strategy to meet the different needs and application scale of users, and the principles and implementation methods of their key technologies are consistent. The electronic signature system shall include the following functions:

1. Electronic seal making: Handwritten signatures, seals or pictures are made into signature data files by scanning or digital photography, and the electronic seal making subsystem binds them to digital certificates, which can be stored in the seal management center or poured into ic cards or cKEY (but not poured out), and only electronic signatures are allowed.

2. Electronic signature: the official seal or personal signature of the company can be signed at any position on electronic documents in Word, Excel, WPS and other formats, and the seal is displayed transparently, which has the same effect as a paper seal or signature; Multiple units or individuals can countersign, and the seal can be moved before signing.

3. Document verification: anyone can verify the integrity of the document, that is, if the signature, content or form of the document changes after signing, it will prompt document verification; By adding bars and other forms, marks that fail verification are indicated.

4. Signature authentication: the authenticity and reliability of the seal used for authentication.

5. Cancel the signature: the signing user can cancel the chapter that has been covered. For example, if he is not satisfied with the stamp position, he can use this function to cancel the stamp, move it to a suitable position, and then sign it. However, this function is only valid for the original signer; Signature revocation can only start from the last user.

6. Check the certificate: check the relevant information of the signer.

7. Check the signature time: check the time when the signer signed the document.

8. Delete the sample chapter: you cannot delete the sample chapter with the Del key. Only sample chapters can be deleted by using this function.

9. Document locking: The document locking function is mainly used to protect documents from being tampered with. Once a document is locked, it cannot be changed; When unlocking, first authenticate the identity of the operator, and then verify the password after the identity authentication is passed. If both pass, it can be unlocked.

10, number of copies setting: In order to meet the requirements of various applications and ensure the printing controllability of signed documents, it is best to realize relatively complex printing control functions.

With the deepening of application and the rapid development of technology, the functions of electronic signature system will be further improved and increased, bringing more convenience to people's work and life; But at the same time, it also puts forward higher requirements for security and confidentiality.

Fourthly, the application of electronic signature.

Electronic documents (including official documents, announcements, contracts, orders, bills, design drawings, etc. ) is a digital product operated, transmitted, stored and processed by a computer. Compared with paper files, electronic files have the advantages of small storage capacity, fast retrieval speed, long-distance fast transmission and satisfying the enjoyment of multiple users. With the development and popularization of computer and network information technology, more and more files are generated and transmitted directly on the computer. However, with the development of e-government, some important documents and announcements are still delivered in black and white with red official seals, which does not give full play to the efficiency of electronic documents. The main reason is that operators are worried that electronic documents may be downloaded, copied, peeked at and tampered with on the Internet, which makes document senders flinch. In order to solve this problem, various electronic authentication service providers have developed electronic signature systems and adopted public key-based security systems to ensure the security management of electronic documents. With other e-government platforms, the network transmission of official documents has become a reality, which has solved the requirements of confidentiality, integrity and non-repudiation of electronic documents.

With the increase of online office and trading activities, the traditional seal has gradually failed to adapt to the new situation of the information society in the process of changing from paper office to paperless office. In this case, the emergence of electronic seal makes the power and obligee better combined, just as it is impossible to give up telephone and email and stick to the traditional post office, and people can't avoid the influence brought by electronic signature.

On April 1 this year, People's Republic of China (PRC) Electronic Signature Law came into effect, which will bring legal protection to all kinds of business activities and the public. Electronic signature may lead to a change similar to the gradual replacement of most traditional e-mails by e-mails. Some information experts believe that the emergence and popularization of electronic seal is the last link to realize the whole process of electronic information transmission, and it is one of the prerequisites to completely realize "paperless office". With the promotion of "paperless movement" and the development of e-government and e-commerce, electronic documents are increasingly replacing paper documents, which makes it an inevitable trend and trend for electronic signatures to partially replace physical seals and handwritten signatures. Just as telegraph replaces post office, telephone replaces telegraph and e-mail replaces letters, electronic signature will become a new milestone in the history of information technology development.