On August 28th, 2004, the 11th meeting of the 10th the National People's Congress Standing Committee (NPCSC) deliberated and passed the People's Republic of China (PRC) Electronic Signature Law (hereinafter referred to as the Electronic Signature Law), which established the legal effect of electronic signature and clearly stipulated that "a reliable electronic signature has the same legal effect as a handwritten signature or seal", which provided an important legal system guarantee for China's information construction. According to the provisions of the Electronic Signature Law, an electronic signature refers to data contained in a data message in electronic form and accompanied by data used to identify the identity of the signer and show that the signer approves its content. Like handwritten signature or seal, electronic signature has two basic functions: one is to identify the identity of the signer, and the other is to show the signer's approval of the document content. Electronic signature making data and electronic signature verification data are two concepts closely related to electronic signature. Electronic signature making data refers to characters, codes and other data used to generate electronic signatures and reliably associate electronic signatures with electronic signers. Electronic signature verification data is data used to verify electronic signatures, including codes, passwords, algorithms or public keys.
The Electronic Signature Law stipulates that a reliable electronic signature has the same legal effect as a handwritten signature or seal, and an electronic signature that meets the following four conditions is regarded as a reliable electronic signature: (1) When the electronic signature production data is used for electronic signature, it belongs exclusively to the electronic signatory; (2) When signing, the electronic signature production data is only controlled by the electronic signer; (3) Any changes to the electronic signature after signature can be found; (4) Any changes to the content and form of the data message after signature can be found. In addition, according to the provisions of the Electronic Signature Law, the parties can also choose to use electronic signatures that meet their agreed reliable conditions. The four conditions of a reliable electronic signature can be summarized as "four characteristics": (1) exclusiveness/uniqueness of electronic signature data; (2) confidentiality of electronic signature data; (3) Anti-tampering of electronic signature; (4) Anti-tampering of data information.
Second, what is CA certification? What is an electronic signature certificate?
CA(Certificate Authority) is a kind of identity authentication, which can check the legality of online identity. However, because it is difficult for CA to solve the security and integrity in data transmission, it generally needs to be applied together with PKI/CA. PKI(Public Key Infrastructure) is an information security architecture based on public key technology, which mainly includes two aspects: one is digital signature, which can ensure the integrity of transmitted information; Another content is encryption. After users use public key method to encrypt information, the key used in decryption does not need to be transmitted on the internet, which avoids the exposure of information after the key is stolen. But PKI can't guarantee the confirmation of user's identity, so PKI/CA, a complete concept of CA authentication, appeared.
Electronic signature authentication certificate refers to data information or other electronic records that can prove the unique relationship between electronic signer and electronic signature production data. In the network environment, it is equivalent to people holding a legal certificate that can confirm their identity-resident ID card. For simplicity, electronic signature authentication certificate can also be called electronic certificate or digital certificate. In the actual use environment, the carrier of electronic certificate is a special USB flash drive, which is a hardware storage medium with operating function-USB-key. USB KEY has a built-in smart chip and a dedicated security area for storing electronic signature making data. The data of USB KEY electronic signature cannot be exported, so the backup file cannot be used, and its security is higher than the browser certificate. Customers need to install USB flash drive when using USB flash drive.
3. Who will issue and manage the electronic signature certificate?
In the real society, the resident identity card used to confirm identity is issued by the public security organ, which is an authoritative institution that everyone can trust. In the network environment, it is also necessary to have an authoritative organization that everyone trusts to issue electronic signature authentication certificates. This authority is the electronic signature authentication service provider mentioned in the electronic signature law, which we call CA(Certificate Authority). Its main function is to issue, manage and cancel electronic signature authentication certificates (digital certificates) to applicants. Traditionally, CA can also be called CA Center, CA Certification Center, etc.
The certification center that cooperates with the national tax of the park to implement online taxation is Jiangsu CSI E-commerce Certification Center Co., Ltd. (JSCA for short). The special electronic certificate for online taxation is an electronic certificate issued by JSCA to taxpayers to meet the needs of online taxation, including identity identification and signature. It ensures the security, confidentiality and non-repudiation in the process of online tax payment, and has legal effect. Its function focuses on the business license and official seal of the enterprise.
Jiangsu CSI E-commerce Certification Center Co., Ltd. is the only electronic certification service operator in Jiangsu Province approved by the Jiangsu Provincial People's Government to issue and manage electronic certificates. Responsible for the application, issuance and operation of e-cert in all government departments in the province.
4. Why should CA certification be implemented for online taxation?
Taxpayers who pay taxes online can use the digital certificate issued by the certificate authorization and certification center, combined with encryption technology, which can ensure the confidentiality, integrity and reliability of online tax communication content and the undeniable nature of transactions, and effectively solve the original legal disputes of online tax payment.
At present, online tax filing is not a real paperless operation. Taxpayers need to print and stamp their monthly tax returns and deliver them to the tax authorities within one quarter. After adopting CA authentication, taxpayers can use electronic certificates to realize the "electronic signature" of tax-related data online, which is equivalent to the official seal of existing paper statements. Taxpayers who have passed CA certification can really handle all kinds of tax-related matters online without leaving home, which greatly facilitates taxpayers, simplifies procedures, eliminates the transportation expenses for taxpayers to and from enterprises and tax authorities, and avoids the problem of taxpayers going to and from tax authorities many times in the past.
At the same time, the realization of electronic collection of tax-related data has greatly reduced the workload of manual examination, collection, sorting and filing of paper-based original data, enabling tax administrators to devote more energy to tax source management and tax service, which is conducive to the tax authorities to further improve their work efficiency and service quality.