With the popularization of computers and the rapid development of the Internet, e-commerce has gradually become a new model for people to conduct business activities; while e-commerce improves business efficiency and reduces business transaction costs, its own security is also Subsequently, it has become an important bottleneck restricting its further development.
At present, there are two main aspects that affect e-commerce security: computer network security and business transaction information security. Computer network security refers to the security of computer networks as e-commerce transaction platforms, which includes computer network equipment security, computer network system security, database security, etc.; business transaction information security includes preventing information eavesdropping, tampering, disguise, etc., ensuring that electronic The integrity and availability of business data, the certainty of the identity of both parties to the transaction, and the non-repudiation of transaction behavior, etc.
Due to the virtuality and anonymity of e-commerce transaction platforms on the Internet, computer network security and business transaction information security issues have become more and more prominent. The application of electronic signature technology and its legislation have contributed to e-commerce security. Operation provides important guarantees.
1. The meaning of electronic signature
Electronic signature is a general term for modern authentication technology. The United States "Uniform Electronic Transactions Act" stipulates that "electronic signature" generally refers to "an electronic signature associated with an electronic record". or logically connected electronic sound, code or process entered into or adopted by a person for the purpose of signing an electronic record"; the United Nations Model Law on Electronic Commerce stipulates that electronic signatures It is data in electronic form that is included in, attached to, or logically linked to a data message. It can be used to verify the identity of the signer related to the data message and show that the signer approves it. The information contained in the data message; the European Union's "Electronic Signature Directive" stipulates that "electronic signature" generally refers to "electronic form of data that is connected to other electronic records or is logically connected and used as an authentication method."
Judging from the above definition, any electronic technical means that can prove the identity of the parties and the recognition of the content of the document in electronic communications can be called electronic signatures. Electronic signatures are the core of modern authentication technology. A general concept, it is an important means of ensuring e-commerce security.
In short, the so-called electronic signature refers to the data contained in the data message in electronic form and attached to identify the identity of the signer and indicate that the signer recognizes the content. In layman's terms, an electronic signature is an electronic signature of an electronic document through cryptographic technology. It is not a digital image of a written signature. It is similar to a handwritten signature or seal, or it can be said to be an electronic seal.
Currently, electronic signatures can be achieved through a variety of technical means. After confirming the exact identity of the signer, electronic signatures recognize that people can sign an electronic record in many different ways. Methods include: digital signatures based on PKI public key cryptography; identification marks based on biometric statistics; identification of fingerprints, voice prints or retinal scans; a password code that allows the recipient to identify the sender, Passwords or PINs; computers based on quantum mechanics and more.
2. Legislation of electronic signatures
From a legal perspective, giving electronic signatures the same legal status as traditional signatures and seals is a prerequisite for electronic signatures to be widely used and effective. It is also the core content of international e-commerce legislation in the past ten years.
On April 1, 2005, our country officially promulgated and implemented the "Electronic Signature Law of the People's Republic of China" (hereinafter referred to as the "Electronic Signature Law"). Its introduction provides basic legal protection for the development of e-commerce in our country. It solves the basic issue of the legal validity of electronic signatures, and provides important guidance on e-commerce certification agencies, the security of electronic signatures, the signer's behavioral norms, and the conduct of electronic transactions. Clear provisions have been made on a series of issues such as the identification of disputes.
With the relevant provisions of the "Electronic Signature Law", many problems in the development of e-commerce will have a basis for solving. Real online transactions will gradually develop, and some problems that restrict the development of e-commerce will also be solved. It will be gradually solved during development, and my country's e-commerce will soon get out of the state of being helpless, blind and disorderly. However, the Electronic Signature Law cannot solve the security problem of e-commerce once and for all. The law can only provide a basic guarantee. The Electronic Signature Law can improve integrity to a certain extent. However, to better promote the development of e-commerce, the most important thing is to establish a high-credibility integrity environment, which requires electronic Business websites and e-commerce transaction entities will make greater efforts in the future.
3. The relationship between electronic signatures, electronic signatures, electronic seals and digital signatures
Electronic signatures exist in electronic form, are attached to electronic documents and are logically related to them, and can be used To identify the signer of the electronic document and indicate the signer's agreement with the content of the electronic document. Electronic signatures must be produced in compliance with specific security requirements to ensure the security of the signature. Define electronic signatures produced in accordance with specific security procedures as secure electronic signatures to distinguish them from general electronic signatures and give them the legal effect of being regarded as a signature or seal. Therefore, the electronic signature system mainly solves the problem of signing and sealing electronic documents. It is used to identify the identity of the signer of electronic documents, ensure the integrity of the document, and ensure the authenticity, reliability and non-repudiation of the document; electronic signature should be electronic One of the important components of a signature.
Electronic seals are divided into electronic official seals and electronic name seals. It is an electronic version of the seal that is encrypted through PKI technology and used in digital authentication storage media in electronic documents. Seals and management systems must be authorized by the government before they can be produced. Electronic seals are expected to replace traditional seals in many areas, such as online tax filing, electronic invoices, online settlement, and corporate annual inspections. After the implementation of the "Electronic Signature Law", they will become a key factor in promoting e-commerce and Effective measures for the development of e-government.
Electronic signatures based on PKI are called "digital signatures". Some people say that "electronic signature" is a "digital signature", which is wrong. A digital signature is just a specific form of electronic signature. Although electronic signatures have achieved technical neutrality, they also bring inconvenience to use. The law has further stipulated electronic signatures. For example, the "Electronic Signature Law" stipulates "reliable electronic signatures" and "advanced electronic signatures" . In fact, it stipulates the function of digital signatures, which enables digital signatures to obtain better application security and operability. At present, the only electronic signature with practical significance is the public key cryptography theory. Therefore, the digital signature technology based on PKI is currently commonly used at home and abroad, has mature technology, and can be actually used. As a public key infrastructure, PKI can provide a variety of online security services, such as authentication, data confidentiality, data integrity and non-repudiation, all of which use digital signature technology.
The core execution agency of PKI is the electronic certification service provider, commonly known as the certification authority CA. The core element of PKI signature is the digital certificate issued by the CA. The PKI services it provides are authentication, data integrity, data confidentiality and non-repudiation. Its approach is to use the certificate public key and the corresponding private key to perform encryption/decryption, and generate a signature and verification signature for the digital message. Digital signatures use public key cryptography and other cryptographic algorithms to generate a series of symbols and codes to form an electronic password for signature, instead of writing signatures and seals; this electronic signature can also be technically verified, and its verification accuracy is better than manual signatures. Verification of signatures and seals is unmatched. This signature method can be authenticated in a large trusted PKI domain population, or cross-certified in multiple trusted PKI domains. It is particularly suitable for secure authentication and transmission on the Internet and wide area networks.
4. Application of electronic signatures in e-commerce
Electronic signature application areas include e-commerce, enterprise information systems, online government procurement, finance, accounting, insurance industries, food, and medicine , education, scientific research and document management, etc.
But the most important one is in e-commerce, an electronic operation method that integrates information exchange and transaction behavior between buyers, sellers and the intermediaries (such as financial institutions) that serve them online, such as signing contracts, Order, pay, etc. Currently, in major developed countries and many other countries, including third world countries, electronic signatures play a very important role in e-commerce.
Due to the "Electronic Signature Law" that has been implemented in our country, the application of electronic signatures in e-commerce is mainly reflected in the following aspects:
First of all, it has a lot of implications for e-commerce in my country. great promotion and powerful development. The purpose of enacting the Electronic Signature Law is to ensure the security of e-commerce, safeguard the legitimate interests of relevant parties, and promote the development of e-commerce. With the "Electronic Signature Law", the non-repudiation of e-commerce participants can be solved and the security of e-commerce transactions can be improved; automatic online payment can be realized and the current bottleneck problem of e-commerce in my country can be solved.
The second is the application in the financial industry. The financial industry is the most active and extensive field of electronic signature applications. Banks review the authenticity of online banking users' identities. The user's identity must be true and reliable for the signature to have practical significance. This is the basis for using digital signatures. Transactions with large transaction amounts and high security requirements must use digital signatures. Since digital signature is a relatively complex calculation method, the signature process consumes a certain amount of system resources. Digital signatures are generally used in online banking services with large transaction amounts and high security requirements. As a unified third-party security certification agency in the financial industry, it plays an important role in ensuring the security of online transactions and providing fair and credible certification services. The above are the application characteristics of electronic signatures in online banking; in terms of the scope and breadth of application, digital signature technology is basically used in domestic online banking services.
The third is the reform of the "Negotiable Instruments Law". With the "Electronic Signature Law" as the parent law, our country's Negotiable Instruments Law must be based on the "Electronic Signature Law" to formulate and improve a complete set of new banking regulations. . In this way, banks can save a lot of paper printing, reduce costs and improve efficiency. There is also a lack of good secure payment protocols for online securities transactions, online taxation, etc., and more importantly, there is no legal protection for digital signatures; technology is the foundation, and the law is the guarantee. These are the greater applications of "electronic signatures" field.
The last step is the amendment to the Contract Law. Contracts can also appear in the form of electronic documents. With electronic signatures as guarantees, online bidding and online procurement can be based on electronic contracts. In order to meet the needs of traditional business operations, electronic signatures and traditional manual signatures or seals can also be visualized into an "electronic signature". That is, while the authenticity of the electronic signature is verified, the graphically processed handwritten signature or seal can be printed. stamp, so that it can adapt to the traditional authentication method and push the signature one step further into the field of advanced electronic technology.
There is no doubt that with the further refinement of the implementation of the Electronic Signature Law and its application and promotion in practice, electronic signatures will bring about a profound revolution in online transactions and processing in finance, business, and taxation. It will greatly promote the development of e-commerce and e-government in our country.