-electronic signature is only a way to identify the identity of the signer and confirm the relationship between the sender of the signed document and the electronic document. However, how to solve the problems mentioned above, such as judging the certainty of public key and denying the possibility of issuing documents by private key holders, are problems that electronic signature technology itself cannot solve. In other words, there is a problem to solve the credibility of private key holders. There are two possibilities. First, the key holder is subjective and malicious, that is, he consciously denies his behavior; Second, there are objective reasons, that is, the key is lost, stolen or decrypted, which makes it difficult for the sender or recipient to explain the imputation problem. In fact, similar problems also exist in our traditional business transactions, but we have a relatively complete solution. Of course, this includes supporting legal norms and protective measures. In the traditional use of signature (seal), in order to prevent the signer (seal) from providing a forged or tampered signature (seal) or the sender from denying that the signature (seal) is his own work for various reasons, some countries or regions adopt the way of filing a seal in advance through an authoritative and credible authority and providing verification certificates to prevent denial or forgery. For example, in Taiwan Province Province, China, for some important legal documents (such as real estate transaction documents), the following methods are adopted to authenticate the authenticity of the seal: in order to ensure the authenticity of the stamped document, the seal holder needs to send the seal to an authoritative household administration office for registration and filing before stamping, and apply for a seal certificate, and then send the seal certificate together with the stamped document to the recipient. The recipient will compare the seal certificate with the original, and if it is completely consistent, the document and its seal can be confirmed. In the process of electronic transactions, a third party with authoritative credibility is also needed as a Certificate Authority to perform management functions such as identification and authentication of public keys, so as to prevent the sender from denying or reduce the risks of key loss, theft or decryption. Thus, the safe use of electronic signature must cooperate with the establishment of the security certification authority system. In fact, many western countries (the United States, Canada, Germany, etc.) and Japan have established or are in the process of establishing a public key infrastructure. In this way, the combination of electronic signature and CA authentication on the network solves the credit problem that cannot be solved by electronic signature technology.

II. Procedures for electronic authentication

-The specific operating procedures for electronic authentication are as follows: before the sender makes an electronic signature, the signer must send his public key to a legally registered third party with a license to engage in electronic authentication services, that is, CA Certification Center, which will register and issue an electronic seal Certificate. Then, the sender sends the electronic signature file together with the electronic seal certificate to the other party, and the recipient can be sure of the authenticity and credibility of the electronic signature file through the electronic seal evidence and the verification of the electronic signature. Thus, in the electronic document environment, the role of CA certification center is similar to that of the third party (household administration office) in the above-mentioned traditional written document signing (stamping) environment. CA Certification Center is playing the role of a third party who exercises authoritative notarization. The electronic seal certificate issued by CA certification authority is an electronic data to prove the corresponding relationship between them, which indicates and confirms the user name and its public key. After a user obtains a certificate from a public place, it can be inferred that the public key in the certificate is indeed owned by the corresponding user himself as long as the contents of the certificate are indeed issued by the CA authority. In this way, the holder of the public key cannot deny that the corresponding key belongs to him, and further cannot deny that the electronic signature verified by the key is not signed by him. Purpose of electronic authentication

-The purpose of electronic authentication is to identify and authenticate the public key (including cross-border authentication) by CA authorities, so as to prevent or reduce the uncertainties and unsafe risks of electronic documents caused by the loss, damage or decryption of the key. At the same time, the authentication certificate can also prove the credit status of the key applicant. Institutions of electronic certification

-1. Forms of establishment of electronic certification institutions.

-generally speaking, there are two types of electronic authentication (CA) in some countries. The first category is directly established by the subordinate units of the relevant responsible departments of the state to engage in electronic certification services. Or the relevant government departments play the role of the highest level certification center in the CA system. The second category is that the relevant government departments make authorization, stipulate strict examination and approval conditions and procedures, issue Certificate, and exercise supervision power at the same time to ensure the security of online transactions. Either way, the role played by the government is crucial. The reasons are as follows:

-1) Authority.

-only the electronic certification service company authorized by the national competent department or the electronic certification certificate issued by the CA certification authority with the wholesale business license of the competent department is the most authoritative. In a certain sense, this is just like the personal identity card issued by the public security department is absolutely reliable and authoritative.

-At the same time, because the application of electronic authentication in the network has the characteristics of crossing national boundaries, only the national authorities intervene in the name of the country, so that the reliability of the effectiveness of electronic authentication has the consequence of being recognized by other countries.

-2) standardization.

-the competent government department may stipulate the technical scheme with unified laws and standardize the electronic certification standards and procedures of CA institutions at different levels. At the same time, the government authorities can play the role of the highest-level public key certification center. This is a common form of public key infrastructure system in American states and federal governments, Germany and other countries.

-3) enforceability

-Because the government authorities play the role of the state in CA certification, they have the characteristics of absolute authority and unity in the establishment of the system, the setting of standards, and the compatibility with transnational certification. Therefore, in the process of implementing electronic authentication service, its operability and enforceability are obvious. This will avoid the possibility that electronic authentication will not be implemented due to the emergence of different standards (technology and service), and it will not be able to eliminate the concern about the lack of security in online transactions.

-2. Conditions for the establishment of an electronic certification authority (CA)

-When applying for a license to engage in electronic certification services, CA institutions must meet certain examination and approval conditions. When examining and approving the wholesale license, the competent government departments should not only examine the applicant's hardware measures (such as the selection of office space) and software conditions (such as the technical expertise of the personnel in the company), but also examine the subject qualification, the ability to bear damages and other aspects. The following is a brief introduction to the conditions for CA to provide electronic authentication services under the Utah Electronic Signature Law.

-(1) Subject qualification: being a practicing lawyer; Trust machine function or insurance institution registered in Utah; Utah governor, state courts, cities, counties and other organizations that have designated public servants to carry out CA certification business according to laws or administrative orders and certified employees of this institution; Any company that has obtained a business license in Utah;

-(2) Procedure: CA itself must apply for public key certificate and store it in the public key certificate database set up or recognized by the competent authority for public viewing and reading;

-(3) notarization qualification: a notary public qualification is required or at least one employee with notary qualification is employed;

-(4) Employees must not have a serious criminal record: employees employed must not have a serious criminal record or commit other crimes of fraud, misrepresentation or deception;

-(5) professional knowledge: the employees employed must have professional knowledge in carrying out certification business;

-(6) Business guarantee: In addition to government officials or agencies applying for CA business, other applicants must provide business guarantee;

-(7) Software and hardware facilities: You must have legal rights to the software and hardware facilities required for CA business;

-(8) business place: you must have a business place in Utah or appoint an agent to perform business on your behalf;

-(9) All other regulations of the competent authority must be observed.

III. Effectiveness of electronic authentication

-The effectiveness of electronic authentication is generally guaranteed in two ways. The first and most direct way is to confirm it through legislation. This is mainly through the law to authorize the competent departments of government agencies to formulate corresponding rules, so as to ultimately ensure the effectiveness of electronic authentication, which has legal basis and guarantee. Many States in the United States adopt this approach. This is mainly manifested in the following aspects: < P >-1. Explicitly and directly recognize the acceptable technical solution standards in the form of direct legislation; (such as Utah, USA; Laws of the Hong Kong Special Administrative Region, etc. )

-2. Authorize the competent government departments to formulate corresponding rules, such as the right to issue or revoke the license of CA institutions to engage in electronic authentication business, and at the same time have the power of administrative punishment for CA institutions that violate the rules/illegal business operations;

-3. Formulate clear conditions and procedures for establishing and managing CA institutions. At the same time, at the level of supervising CA institutions, the government authorities also set up a database of all CA institutions legally registered and registered to operate electronic authentication business for customers to inquire. For example, according to the laws of Utah, the competent authority has set up a database with detailed files of all registered CA institutions in its public key certificate database. In addition to general company information (such as company name, address, telephone number and authorized business scope), it also includes information such as whether the institutions currently in use have been punished for illegal operations.