Electronic contracts are essentially a combination of electronic agreements + electronic signatures. Traditional paper contracts are transferred between signatories in the form of encrypted electronic agreements, and then the signatories use legally certified Sign with an electronic signature and ultimately generate an electronic contract with legal effect. So what should a legally effective electronic contract have?
According to Articles 13 and 14 of the "Electronic Signature Law of the People's Republic of China":
?1) Electronic signature production data is used for electronic When signing, it is exclusive to the electronic signer;
?2) The electronic signature production data is only controlled by the electronic signer when signing;
?3) Any changes to the electronic signature after signing All changes can be discovered;
?4) Any changes to the content and form of the data message after signing can be discovered.
To sum up, if the four elements of true identity, true intention, original text not changed, and signature not changed are met, a contract signed through electronic agreement + electronic signature technology has the same characteristics as a paper contract with traditional signature and seal. have the same legal effects.
After years of development, third-party electronic contract platforms have gradually developed from providing single-point services (i.e. electronic signature services) in the early days to full life cycle management services of contracts, including contract template management, contract circulation, Contract storage, contract performance, etc., and combined with emerging technologies such as big data, blockchain, and artificial intelligence, provide enterprises and individuals with more value-added services such as intelligent template recommendation, online judicial services, etc. The service process of the third-party electronic contract platform is shown in Figure 1
As mentioned earlier, during the circulation process of an electronic contract with legal effect, the original text and electronic signature should not be tampered with. Can effectively know. This requires understanding the use of asymmetric algorithms and hash algorithms. These two algorithms are used to encrypt the original text of the contract to ensure that the electronic contract and the signatures of the signatories have not been tampered with during the circulation process. The encryption principle diagram is shown in Figure 3: ?
?1) User A initiates a contract and obtains a unique hash value by hashing the original contract text;
? 2 ) Generate user A's public key and private key through an asymmetric algorithm, encrypt the above hash value with user A's private key, and generate user A's digital signature. In order to ensure that user A's public key is not illegally obtained and that user A's key pair is legal and trustworthy, we use a nationally recognized digital certificate service provider to host user A's public key, that is, the CA certificate. Generally speaking, the process of issuing a CA certificate is that the platform generates a key pair, and then passes the public key to the CA organization. After the CA organization reviews it, it issues a certificate with the public key. When it needs to be used, the platform itself Retrieve. For more information about the CA certificate, you can baidu by yourself;
3) Then user A’s digital signature and original contract text are transmitted to user B according to the SSL electronic protocol.
When user A initiates an electronic contract, it is usually notified to user B through mobile phone text messages, emails, platform message notifications, etc. User B then decrypts the contract, verifies his true wishes, and finally calls the electronic contract. Signature technology completes contract signing. So how to ensure that user B is indeed the signatory designated by user A, especially when user B is an unregistered user of the platform and does not have any real-name information retained. ?
I have currently experienced leading products in the industry. Most of them are through user A specifying a mobile phone number, and user B verifying the SMS verification code when receiving the text message. However, after extreme scenarios, it was found that other users Opening the text message link received by user B can also enter and view the contract and complete the contract signing after passing real-name authentication, so there are still risks of contract leakage or other risks. If double authentication is performed through mobile phone number + name, the original text of the contract can only be viewed after passing the authentication, or if the initiator specifies it, putting the signer's real-name authentication node in front can also ensure to a certain extent that the original text of the contract will not be viewed by others. leakage, thereby reducing the risk of loss.
So after user B receives the signing notification, how does the system determine that the original contract text and signature have not been tampered with. The decryption principle is shown in Figure 4:
1) After passing the identity authentication, the system first obtains the public key of user A to decrypt the digital signature of user A and obtains the hash value of the original contract text;
2) Hash the original contract text received by user B to obtain a hash value;
3) Compare the hash values ??obtained in the two steps. If they are the same, it indicates that the contract Not tampered with.
The hash algorithm and asymmetric algorithm ensure that the original text of the contract has not been tampered with during transmission. Let’s talk about using the timestamp principle to ensure that the signature has not been changed.
The time of signing is effectively confirmed through timestamp technology.
The Timestamp Issuance Center (TSA) uses digital signature technology to digitally sign the hash value of the contract and the current time. Because the hash value is unique, if the time changes, the hash value will also change. Therefore, electronic signatures with timestamps can confirm the effective time of each electronic contract signing. The principle of timestamp is shown in Figure 6:
The electronic contract industry is undoubtedly a red ocean industry. Many leading companies basically started to provide electronic signature services in the early days and began to get involved in the industry. At that time, with the development of Internet finance With the explosion of the industry, many service providers began to develop explosively with the market dividends. Later, with the decline of the mutual fund industry, many service providers began to layout the full life cycle management of contracts and develop industry solutions for human resources, logistics and other industries. Realized the transition from Industry 1.0 to Industry 2.0.
By analyzing the current overall situation of the industry from four dimensions: current policies and regulations, market economy, social factors and technical support, the PEST analysis is shown in Figure 7
According to industry analysis, with the advancement of national policies and the improvement of the awareness of the whole society, electronic contract platforms will be an incremental market with huge potential in the future. But at present, several companies at the top of the entire market have occupied more than 70% of the market share, and have deep accumulation in product maturity, service experience, technology, marketing and other aspects. So as a new electronic contract platform, what are the directions for finding business opportunities?
First, combine the platform’s main business or other related resources to intervene in the industry. For example, platforms that were previously engaged in justice, blockchain, lawyer services, etc., aimed at the legal effects of the electronic contract industry, Judicial and other related services have obvious resource advantages.
Second, new technological breakthroughs are based on the current market’s distrust of the possible contract tampering in electronic contracts during the electronic agreement process, the leakage of contract data on the platform, or the distrust of the third-party electronic contract platform itself. There are better technical ending solutions.
Third, traditional SaaS software expands or transforms business, based on the original small and medium-sized enterprises, and then expands to serve large enterprises by serving small and medium-sized enterprises.