Current location - Quotes Website - Personality signature - Can event certificates be used for electronic signatures?
Can event certificates be used for electronic signatures?

The main function of the event certificate is to fix the electronic data formed in the event scene in the form of a signature to prevent data from being tampered with, but not to ensure the non-repudiation of the electronic signature.

In other words, the electronic signature of the event certificate itself is not a "legally binding" electronic signature in the sense of the "Electronic Signature Law", but is more of a technical tool that uses certificate signatures Technology realizes the anti-tampering function of electronic data. The meaning of event certificate

The answer can be sought from the CA certification authority’s definition of event certificate:

Refer to Beijing CA in its Electronic Certification Business Rules (CPS) Article 1.4.1 The definition of item d, "Event-type digital certificates are digital certificates issued by Beijing CA for signature behavior business scenarios. During the business process, based on the relevant information in the business scenario submitted by the subscriber (electronic documents, signature behavior characteristic information, handwriting or Other signature behavior evidence information, etc.) are automatically solidified into the extension domain of the digital certificate, and the event-type digital certificate is issued. The private key corresponding to the event-type digital certificate is for one-time use, and the information data of the business scenario is electronically signed after use. That is, it is destroyed"; the CPS Sections 6.1.1 and 6.1.2 further clarify that "the signing key pair of the event-type certificate is generated and kept by the signing device."

There is no relevant content about event certificates in Shanghai CA’s Electronic Certification Business Rules (CPS), but it has specifically issued the "Event Certificate Policy Electronic Certification Business Rules", in which Article 1.6.13 provides According to the definition, "Event digital certificate is a special type of digital certificate based on event certificate patent technology designed by Shanghai CA for real-time business or specific business scenarios. During the business process, relevant information (electronic documents, signatures) in the business scenario are automatically transferred Behavioral characteristic information, handwriting or other signature behavior evidence information, etc.) are associated with the extended domain of the digital certificate, and the event digital certificate is issued to achieve reliable electronic signatures in the business process. The private key corresponding to the event digital certificate is generally used once. It is destroyed after being used once”;

It can be seen from the electronic certification business rules that the “event certificate” itself is not a formal certificate type, but more of a certificate created by each CA agency for market expansion. Derived marketing definitions, a comprehensive analysis of these definitions, whether it is "event certificate" or "scenario certificate", can be found to have the following similarities:

1. The life cycle of event certificates is extremely short. A certificate is issued when an event occurs, and the certificate is terminated when the event ends;

2. The private key of the event certificate is not held by the user (the signer recorded on the certificate), but by the business provider of the signature scenario Actual control. The practical value of event certificates

——Used to ensure the tamper resistance of signed data

As CFCA said in its CPS, “Use scenario certificates to provide evidence for real-time business or scenario business After signing, it can be proved that the evidence has not been tampered with after the evidence collection is completed..."; although the specific function of the event certificate is not specified in the Beijing CA's CPS, it is stated in the "(2021) Jingxing Final No. 905" administrative judgment of the Beijing Higher People's Court. , it also clearly acknowledges that "Beijing Digital Certification Company issued an event-type certificate for Ping An Technology Company in February 2018. The certificate signature solidifies the business scenario information of Ping An Technology Company and users signing electronic contracts, proving the integrity of the relevant information,... The subject of electronic signature using the event-type certificate issued by Beijing Digital Certification Company is Ping An Technology Company, not the user. ...The "electronic signer" that complies with the provisions of Article 34 of the Electronic Signature Law is Ping An Technology..."

Combining the previous analysis and the self-report of the above-mentioned CA organization, the following conclusions can be drawn:

1. The actual "signer" using the event certificate is not the "recorded on the event certificate" "Certificate holder", but the business party that provides the signature system;

2. The certificate holder recorded on the event certificate is only the "nominal signer", because the actual signing behavior is not the name of the nominal signer. Because he is not an "electronic signer who needs to bear legal consequences for electronic signatures" in accordance with the provisions of the "Electronic Signature Law", electronic documents signed using event certificates have no legal binding force on the nominal signer;

3. The main function of the event certificate is to ensure the integrity of relevant electronic data in the event scenario through electronic signature technology and prevent the data from being tampered with after it is generated. However, it does not care about the process of data generation and whether the data itself is authentic. Therefore, Electronic signatures on event certificates are not non-repudiation.