① Third-party electronic signature platform carries out real-name authentication.
After the user registers the platform account, the platform will require the user to carry out real-name authentication, and the electronic contract can only be signed after the authentication is passed. In real-name authentication, individual users need to submit personal identity information, and enterprise users need to submit enterprise information. The third-party electronic signature platform will access the personal identity authentication system of the Ministry of Public Security and the enterprise information system of the State Administration for Industry and Commerce to check the user identity information and ensure that the user identity will not be impersonated. In the personal authentication link, our platform can provide WeChat and Alipay face-brushing authentication methods to help users conduct self-authentication quickly and completely. Enterprise user authentication, because it involves a lot of information, we will confirm the authenticity of the enterprise identity by checking the payment information of the enterprise to the public account.
② Digital certificate issued by CA organization.
CA, the certification authority, is a trusted third party in e-commerce transactions. When the user passes the real-name authentication of the third-party electronic signature platform, he can obtain the digital certificate issued by the CA organization cooperating with the third-party electronic signature platform as the basis of the user's online identity certificate. Certificates are based on digital signature technology, so they cannot be forged or tampered with.
So what is digital signature technology?
As one of the important methods to maintain the security of data information, digital signature can solve the problems of forgery, denial, counterfeiting and tampering, and its main functions are as follows:
(1) replay attack protection. The replay attack commonly used by hackers in computer field refers to the attacker sending a data packet that the destination host has received to deceive the system, which is mainly used to destroy the correctness of authentication during the authentication process. This kind of attack will repeatedly maliciously or fraudulently repeat an effective data transmission. Attackers use network monitoring or other means to steal authentication credentials and then resend them to the authentication server. In digital signature, if some techniques are adopted, such as stamping the signature message or adding a serial number, replay attacks can be effectively prevented.
(2) anti-counterfeiting. Others can't forge the signature of the message, because the private key is only known to the signer, so others can't construct the correct signature result data.
(3) tamper-proof. The digital signature is sent to the receiver together with the original file or abstract. Once the information is tampered with, the receiver can judge that the file is invalid by calculating the abstract and verifying the signature, thus ensuring the integrity of the file.
(4) prevent denial. Digital signature can be used as the basis of identity authentication, and can also be used as evidence of signer's signature operation. In order to prevent the receiver from denying it, the digital signature system can require the receiver to return his signed message to the sender or a trusted third party. If the receiver does not return any message, the communication will be terminated or restarted, and the signer has no loss, so neither party can deny it.
(5) Confidentiality. Once the handwritten signature file is lost, the file information is likely to be leaked, but the digital signature can encrypt the message to be signed. In network transmission, the message can be encrypted with the public key of the receiver to ensure the confidentiality of the information.
(6) Identity authentication. In digital signature, the customer's public key is a sign of his identity. When signing with a private key, if the receiver or verifier passes the verification with his own public key, then it can be determined that the signer is the one who owns the private key, because only the signer knows the private key.
Therefore, electronic seal is also an application of electronic signature technology.