Meaning of event certificate-Event certificate is not a compatible digital certificate type.

According to the definition of GB/T 25056-20 18 "Information security technology certificate authentication system password and related security technology specification 3.9" issued by the State Administration of Market Supervision and the State Standardization Administration, the types of digital certificates can be divided into signature certificates and encryption certificates, and personal certificates, institution certificates and equipment certificates.

According to the definition of digital certificate in article 2. 1 15 of the technical document "GM/z0001-3", "digital certificate, also known as public key certificate, is signed by a certificate authority (CA) and includes information of public key holder, public key, issuer and information. According to the category, it can be divided into personal certificate, institution certificate and equipment certificate, and according to the purpose, it can be divided into signature certificate and encryption certificate. There is no so-called "event certificate". It can be seen that the so-called event certificate is not a certificate type with formal legal sources and compliance basis;

So what is "event proof"?

Referring to the definition of Beijing CA in item D of article 1.4. 1 of its electronic authentication business rules (CPS), "Event-based digital certificate is a digital certificate issued by Beijing CA for signature behavior business scenarios. In the business process, according to relevant information (such as electronic documents, signature behavior characteristic information, handwriting or other signature behavior evidence information, etc.), it is automatically solidified into the extended domain of digital certificates. ) submitted by the subscriber and published. The private key corresponding to the event-type digital certificate is for one-time use, and the business scenario information data is electronic signature, which will be destroyed after use "; Articles 6. 1. 1 and 6. 1.2 of CPS further stipulate that "the signature key pair of the event certificate is generated and saved by the signing device".

There is no relevant content of event certificate in CPS of Shanghai CA, but the business rules of electronic authentication of event certificate policy have been specially issued, and the definition is given in Article 1.6. 13. "Event digital certificate is a special digital certificate based on event certificate patent technology designed by Shanghai CA for instant business or specific business scenarios. In the business process, the relevant information in the business scene (electronic documents, signature behavior characteristic information, handwriting or other signature behavior evidence information, etc.). ) automatically associate digital certificate extension domain, issue event digital certificate, and realize reliable electronic signature in business process. The private key corresponding to the event digital certificate is generally used once and destroyed after being used once ";

Referring to CPS of CFCA (China Financial Certification Center), there is no "event certificate" in CFCA's business rules, but "CFCA scenario certificate" is put forward in 1.4. 1.2, pointing out that "CFCA scenario certificate is a digital certificate suitable for instant business or business signature authentication in specific scenarios. Apply automatically at the end of the business, integrate all the information in the business scene, and form the extended domain information of the digital certificate. Using scenario certificate to sign the evidence of instant business or scenario business can prove that the evidence has not been tampered with after the end of evidence collection, and ensure the relevance and consistency among multiple evidences. Scenario certificates are not limited to the number of signatures or specific files when used, and can be used to sign all evidence in instant business or scenario business respectively. After leaving the scene, the documents can't be used. Chapter 6. 1. 1 "Generation of key pair" further clarifies that "the key generation of scenario certificate is generated by the service provider responsible for scenario business and is responsible for protecting the security of the private key of scenario certificate".

From the electronic authentication business rules of several typical CA institutions, it can be seen that "event certificate" itself is not a formal certificate type, but a marketing definition derived by various CA institutions for market expansion. Comprehensive analysis of these definitions, whether "event certificate" or "scenario certificate", we can find that they have the following similarities:

The life cycle of the 1. event certificate is extremely short. If the certificate was issued at the time of the event, the event end certificate will be terminated.

2. The private key of the event certificate is not controlled by the user (the signer recorded on the certificate), but actually controlled by the service provider of the signature scenario.

The legal nature of event proof-it has no expected legal effect.

Although event certificate is not a type of certificate with compliance basis, it has actually become the most widely existing form of digital certificate in the market because of its easy acquisition. A large number of electronic contract SaaS platforms are using event certificates to provide electronic signature services. Then, does the electronic signature based on event certificate have the legal effect of "equivalent to paper signature" as expected by relevant parties?

The legal meaning of a signature is "the signer's approval of the content of the signature", so an electronic signature with expected legal effect needs to meet three conditions: 1, the fact that the document contains an electronic signature, 2, the identity of the signer can be determined, and 3, the signer (that is, the person who actually signed the document) is consistent with the identity of the "electronic signer indicated on the document".

According to the basic principle of digital certificate signature, the signature is completed by the operation of "private key", and mastering the "private key" is the premise of electronic signature. In other words, whoever has mastered the "private key" may become the actual signer;

In the scene of electronic signature of event certificate, according to the CPS rules of Beijing CA, CFCA and Shanghai CA, the "private key" of event certificate is not controlled by the user, so it is impossible for the user to become the actual electronic signer, and the signature behavior is actually completed by the business party providing the signature system; Although the validity period of the event certificate is short, the short validity period only reduces the risk of other third parties stealing private keys and forging signatures, and does not prevent the business party providing the signature system from abusing the user's signature ability. In this regard, CFCA particularly emphasizes in its CPS that "the key generation of the scenario certificate is generated by the service provider responsible for the scenario business and is responsible for protecting the security of the private key of the scenario certificate"; It can be seen that the business end of the signature system can obtain the event certificate from the CA organization in the name of the user at any time, so that the business end has the ability to forge the signature on any file in the name of the user at any time.

Therefore, from a legal point of view, the electronic signature based on the event certificate can not establish an undeniable and unique binding force between the signature behavior and the signer's identity, so it does not conform to the basic principle of "electronic authentication", can not show "the signer's approval of the signature content", and does not have the expected legal effect equivalent to the paper signature.

Practical value of event certificate

-Used to ensure the tamper resistance of signature data.

As CFCA said in its CPS, "After the on-site certificate is used to sign the evidence of instant business or scene business, it can prove that the evidence has not been tampered with after obtaining evidence ..."; Although there is no specific function of the event certificate in the CPS of Beijing CA, in the administrative judgment No.905 of Beijing Higher People's Court (202 1), it is clearly recognized that "Beijing Digital Certification Company issued the event certificate of ……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………… ... class =' class1' > electronic signer in accordance with Article 34 of the Electronic Signature Law is Ping An Technology ... ....

Combining the above analysis with the self-report of the above CA institutions, we can draw the following conclusions:

1. The actual "signer" who uses the event certificate is not the "certificate holder recorded on the event certificate", but the business party that provides the signature system;

2. The holder of the certificate recorded in the event certificate is only the "nominal signer". Since the actual signature behavior is not done by the nominal signer, according to the provisions of the Electronic Signature Law, it does not belong to the "electronic signer who needs to bear legal consequences for the electronic signature behavior", and the electronic document signed with the event certificate is not legally binding on the nominal signer;

3. The main function of the event certificate is to ensure the integrity of the electronic data related to the event site through electronic signature technology and prevent the data from being tampered with after generation. But the process of data generation has nothing to do with whether the data itself is true or not, so the electronic signature of the event certificate is not undeniable.

Risk of abuse of event certificates

-Abuse of accident certificates and its serious consequences.

As can be seen from the last article, the main function of the event certificate is to fix the electronic data formed in the event scene in the form of signature to prevent the data from being tampered with, rather than to ensure the non-repudiation of the electronic signature. Therefore, the electronic signature of the event certificate itself is not a "legally binding" electronic signature in the sense of electronic signature law, but rather a technical tool, which uses the certificate signature technology to realize the tamper-proof function of electronic data.

However, in practice, the actual use of event certificates is very different. A large number of event certificates are directly applied to the signing of legal documents such as electronic contracts, and service providers publicly claim that they have the effect of reliable electronic signatures in the sense of the Electronic Signature Law, which has caused great misleading to users, nominal signers, signature-dependent people and even the electronic certification industry, and also brought a burden to the industry supervision of the Ministry of Industry and Information Technology.

For example, the administrative litigation case of Beijing Higher People's Court "(202 1) No.905 Jing" and "Xue Moumou" v. Ministry of Industry and Information Technology mentioned above is a typical case. In this case, Ping An Technology Company mistakenly used the incident certificate issued by Beijing CA to sign the legal document between "Bank and Xue Moumou", but in fact "Xue Moumou" never applied to Beijing CA. To this end, "Xue Moumou" complained to the Ministry of Industry and Information Technology about the illegal practices of Ping An Technology Company and Beijing CA, but the Ministry of Industry and Information Technology failed to properly handle it, which eventually led to "Xue Moumou" bringing an administrative lawsuit to the court, and the court ruled that the Ministry of Industry and Information Technology lost the case. In addition, more parties reported to the Ministry of Industry and Information Technology the unauthorized issuance of digital certificates on the SaaS platform of electronic contracts through the supervision platform of the Ministry of Industry and Information Technology ... This series of phenomena directly shows that the abuse of event certificates is actually an indisputable fact.

Just like the public security enterprise seal, the essence of electronic authentication is to establish a binding relationship between an "external logo" and a specific "person" (including natural person and legal person), so as to obtain an authoritative electronic identity certificate; As for the standard digital certificate with identity recognition function, its issuance process is usually as serious as the "resident ID card". Event certificate is not a standard digital certificate, but its main function is to prevent tampering rather than identification, so the issuing process of event certificate is much easier than that of standard digital certificate in practice. However, there is no difference in appearance between the event certificate and the standard digital certificate, which brings motives and hidden dangers to the abuse of the event certificate.

Many CA institutions unilaterally pursue the number of certificates issued and market returns, peddle the issuing channels of event certificates to the public, control the actual use of event certificates, and even cooperate intentionally or unintentionally, making more and more event certificates wrongly used as standard digital certificates for signing legal documents. Electronic authentication, which was originally based on "reputation" and supported by rigor and prudence, has become a "rubber stamp" engraving unit, ignoring legal risks and becoming a "certificate-selling institution that recognizes money and denies people".

The flood of event certificate applications has seriously affected the healthy development of the industry.

Risk Countermeasures of Event Certificate —— Several Measures to Solve the Abuse of Event Certificate

As a market-oriented certificate business innovation of CA company, the problems in its development should be solved from the CA industry, including but not limited to the following measures.

First, fully understand the seriousness of the "electronic authentication" service subjectively.

Identity is the basis of all legal acts, and the existence of electronic authentication industry is due to the need for a credible authority that can independently and prudently bind an "external identity" with the "real identity" of a "specific object", thus giving the specific object a reliable electronic identity. Although CA exists in the form of "company", it is an important part of "social credit". Electronic authentication is not only a market-oriented technical service, but also carries the corresponding public trust function. The reliability of each digital certificate may have a significant impact on the rights and interests of signers, signature relying parties and other interested parties. Therefore, it is the natural responsibility of every CA organization to ensure the seriousness of the digital certificate issuing process and the reliability of the results. The Electronic Signature Law also clearly stipulates that "after receiving an application for an electronic signature certificate, an electronic certification service provider shall check the identity of the applicant and review relevant materials" and "the electronic signature certificate issued by an electronic certification service provider shall be accurate".

However, in practice, many operations violate such requirements. Some CA companies transfer the authentication right given by law to other business partners for a fee. As long as the partner is willing to pay, the business system of the partner can interface with the CA system (RA). After receiving the instruction from the partner to issue the certificate to the "specific subject", CA will issue the certificate directly, which not only does not verify whether the specific subject actually submitted the certificate application, but also delivers the digital certificate directly to the partner, not the certificate owner. It is this practice that makes the business partner become the provider of "electronic authentication" in the practical sense, while CA becomes a "digital certificate foundry" that only cares about the issuance of certificates, which also enables the business partner to actually obtain the "digital certificate" issued by CA in the name of anyone, and then gain the ability to forge anyone's electronic signature. In the case of Beijing Higher People's Court "(202 1) No.905", it is because of this business model that Ping An Technology Company was able to obtain the certificate of "Xue Moumou" and complete the electronic signature in the name of "Xue Moumou".

Further analysis of the reasons for this phenomenon shows that the lack of understanding of the seriousness of "electronic authentication" service is an important factor;

In the real physical world, the identities of individuals and enterprises are certified by public security organs and industrial and commercial organs, and the official seals of units are made by special seal engraving institutions with administrative permission and public security organs for the record. "Authentication, engraving and archiving" constitute an organic whole of reliable identity management in the physical world; Electronic authentication is essentially the trinity of identity authentication, seal making and filing in the electronic world. Issuing digital certificates is like engraving seals, and certificate chains and public certificate lists are like public security record seals. Effective identity authentication is the source of the reliability of digital certificates, just as public security organs cannot transfer the function of identity authentication when issuing identity cards to others. When issuing digital certificates, authentication is not only the right of CA. This is also the basic obligation of CA, so we must fully realize the key role of reliable identity authentication in "electronic authentication service" and resolutely correct some CA's wrong practices of selling the initiative of identity authentication, the reliability of digital certificates and the authority of CA industry to business partners because of their unilateral pursuit of market interests.

Two, it is forbidden to use the identity of the "nominal signer" to issue an event certificate.

According to the provisions of Article 34 of the Electronic Signature Law, "an electronic signer refers to a person who holds electronic signature production data and signs the electronic signature in his own capacity or in the name of the person he represents". Therefore, only the person who holds the private key of the certificate can become an "electronic signer" in the legal sense. In the event certificate scenario, whether the business partner's information system directly generates the "private key" or a specific device in the business system generates the "private key". The "private key" cannot be held by the "nominal signer", and the actual electronic signer can only be a business partner, so it is appropriate to issue an event certificate to a business partner or partner's equipment. Signing a certificate as a nominal signer is not only suspected of violating the rules, but also easy to confuse users, which brings a burden to industry supervision and provides an opportunity for improper use by partners.

Third, provide a special OCSP certificate status list for event certificate verification.

Due to the short validity period and large number of event certificates, and the main function of event certificates is data tamper-proof, which is significantly different from the denial of standard digital certificates, it is necessary to distinguish the public certificate status list of event certificates from the standard digital certificate status list, which can not only effectively optimize the overall query performance of the certificate list, but also clearly inform users of the attributes of event certificates.

Fourth, the function of publicly expressing the event certificate is tamper-proof.

One of the main reasons why the event certificate is abused in practice is that the function of the event certificate is misleading. Although some CA institutions have clearly defined the purpose of event certificates in their CPS, not every certificate user or electronic signature dependant is an industry expert and can really understand the difference between event certificates and standard digital certificates. In order to avoid the improper use of event certificates in non-tamper-proof application scenarios such as electronic signature of legal documents, it is necessary to clearly state that this function is only tamper-proof in the extension of each event certificate, and explain the limitations of its functions on the product pages of various event certificates to further prevent the improper use of event certificates.

Verb (abbreviation of verb) corrects the business cooperation scenario of abusing event certificate

For the event proof business that has been carried out, it needs to be sorted out according to the actual business scenario. For those who meet the functional requirements of the event certificate, those who use the event certificate to sign legal documents have the concept of stealing, those who have the conditions to use the standard digital certificate should change their cooperation methods, and those who do not have the conversion conditions should stop using the event certificate.