Hello! Details are as follows; Article 1 In order to regulate the use of passwords by electronic certification service providers, these Measures are formulated in accordance with the Electronic Signature Law of People's Republic of China (PRC), the Regulations on the Administration of Commercial Passwords and relevant laws and administrative regulations.

second

The State Cryptography Administration shall supervise and manage the use of passwords by electronic authentication service providers. Password management institutions of provinces, autonomous regions and municipalities directly under the Central Government shall undertake relevant supervision and management work in accordance with these Measures.

essay

00 to provide electronic authentication services, it shall apply for password permission for electronic authentication services in accordance with these measures.

Article 4

The system that provides third-party electronic authentication services to the public by using cryptographic technology (hereinafter referred to as the electronic authentication service system) uses commercial passwords. The electronic authentication service system shall be built by a unit with the production qualification of commercial password products.

Article 5

The construction and operation of the electronic authentication service system shall conform to the Technical Specification for Passwords and Related Security of Certificate Authentication System.

Article 6

The key service required by the electronic authentication service system is provided by the key management system planned by the State Password Administration and the password management institutions of provinces, autonomous regions and municipalities directly under the Central Government.

Article 7

To apply for a password license for electronic authentication services, the following materials shall be submitted to the password management institutions of the provinces, autonomous regions and municipalities directly under the Central Government after the completion of the construction of the electronic authentication service system:

00 (1) application form for password license of electronic authentication service;

00 (2) Copy of business license of enterprise legal person or notice of pre-approval of enterprise name;

00 (3) Technical data related to the security review of electronic certification service system, including construction work summary report, technical work summary report, safety design report, safety management strategy and specification report, user manual and test instructions;

00 (4) technical data related to interconnection test of electronic certification service system;

00 (5) certification documents that the physical environment of the electronic certification service system meets the requirements related to electromagnetic shielding and fire safety;

00 (six) certification documents that the information security products used in the electronic authentication service system comply with relevant laws and regulations.

Article 8

If the application materials submitted by the applicant are complete and conform to the prescribed form, the password management institutions of provinces, autonomous regions and municipalities directly under the Central Government shall accept and issue a notice of acceptance; If the application materials are incomplete or do not conform to the prescribed form, the password management institutions of provinces, autonomous regions and municipalities directly under the Central Government shall inform all the contents that need to be corrected on the spot or within five working days. If it is not accepted, it shall be notified in writing and explain the reasons. The password management institutions of provinces, autonomous regions and municipalities directly under the Central Government shall submit all application materials to the State Password Administration within 5 working days from the date of accepting the application.

Article 9

00 The State Cryptography Administration shall review the materials submitted by the password management institutions of provinces, autonomous regions and municipalities directly under the Central Government, organize the security review and interconnection test of the electronic authentication service system, and notify the applicant in writing of the time required for security review and interconnection test within 15 working days from the date when the password management institutions of provinces, autonomous regions and municipalities directly under the Central Government accept the application. If the electronic authentication service system passes the security review and interconnection test, the National Cryptography Administration will issue a password license for electronic authentication service and publish it; If it fails to pass the security review or interconnection test, it shall not be allowed, and the applicant shall be notified in writing to explain the reasons.

Article 10

00 Electronic authentication service password license shall include the following contents:

00 (1) license number;

00 (2) the name of the electronic certification service provider;

00 (3) the validity period of the license;

00 (4) Issuing authority and issuing date. The validity period of the password license for electronic authentication service is 5 years.

Article 11

If an electronic certification service provider changes its name, it shall, within 30 days from the date of change, go through the replacement procedures of the Password License for Electronic Certification Service with the certificate of change to the password management institution of the local province, autonomous region or municipality directly under the Central Government. Where an electronic certification service provider changes its domicile or legal representative, it shall, within 30 days from the date of change, submit the certificate of change to the password management institution of the local province, autonomous region or municipality directly under the Central Government for the record.

Article 12

If the expiration of the password use license for electronic authentication services needs to be extended, an application shall be submitted to the State Password Administration 30 days before the expiration of the license. According to the application, the State Cryptography Administration shall make a decision on whether to approve the renewal before the expiration of the license.

Article 13

00 If the electronic authentication service provider fails to obtain the electronic authentication service license issued by the competent information industry department of the State Council within 6 months after obtaining the electronic authentication service password license, the electronic authentication service password license will automatically become invalid.

Article 14

If the electronic authentication service provider terminates the electronic authentication service or the electronic authentication service license is revoked, the original electronic authentication service password use license will automatically become invalid.

Article 15

Where an electronic certification service provider carries out technical transformation or system migration of its electronic certification service system, it shall report the relevant information in writing to the State Cryptography Administration, and may continue to operate after the consent of the State Cryptography Administration. When necessary, the State Cryptography Administration may organize the security review and interconnection test of the electronic authentication service system.

Article 16

The State Password Administration and the password management institutions of provinces, autonomous regions and municipalities directly under the Central Government shall supervise and inspect the use of passwords by electronic certification service providers. The supervision and inspection shall be conducted by combining written examination with on-site verification. Supervision and inspection found that there is a situation that does not meet the licensing conditions, and rectification within a time limit; If it still does not meet the licensing requirements after rectification within a time limit, the State Cryptography Administration shall revoke its password license for electronic authentication services, notify the competent information industry department of the State Council and publish it.

Article 17

00 In any of the following circumstances, the State Cryptography Administration shall order it to make corrections; If the circumstances are serious, the License for the Use of Electronic Authentication Service Password shall be revoked, notified to the competent information industry department of the State Council and published:

00 (1) The operation of the electronic authentication service system does not conform to the Technical Specification for Passwords and Related Security of Certificate Authentication System;

00 (2) The electronic authentication service system uses the keys provided by the key management system other than those specified in Article 6 of these Measures to conduct business;

00 (3) Failing to handle the technical transformation or system relocation of the electronic certification service system in accordance with the provisions of Article 15 of these Measures.

Article 18

Staff members of the State Password Administration and password management institutions of provinces, autonomous regions and municipalities directly under the Central Government who abuse their powers, neglect their duties or engage in malpractices for selfish ends in the password management of electronic authentication services shall be given administrative sanctions according to law; If a crime is constituted, criminal responsibility shall be investigated according to law.

Article 19

The Application Form for Password License of Electronic Authentication Service shall be uniformly printed by the State Password Administration.

Article 20

An electronic authentication service provider who has obtained a password license for electronic authentication service before the implementation of these Measures shall, within 3 months from the date of implementation of these Measures, go through the formalities for replacing the password license for electronic authentication service with the password management institution of the local province, autonomous region or municipality directly under the Central Government.

Article 21

These Measures shall come into force on February 1 day, 2009. On March 3rd, 2005, the Measures for Password Management of Electronic Authentication Services issued by the State Cryptography Administration were abolished at the same time.

The necessity of editing the management measures in this paragraph.

00 mainly stipulates that commercial passwords should be used to provide electronic authentication services to the public, clarifies the conditions and procedures for electronic authentication service providers to apply for "the certification document of the national password management agency agreeing to use passwords", and also makes corresponding provisions on the operation and technical transformation of the electronic authentication service system.