In the final analysis, the security of electronic contracts is to ensure the true identity of each electronic contract (the identities of both parties are true and valid), the true will (the signed contract is the expression of the true will of both parties), the confidentiality of the whole process (all signed information is encrypted and transmitted), and the original text has not been changed (the contract content and signing events are tamper-proof).

These four levels cover the whole process of electronic contract signing.

And many core technologies of signing electronic contracts with confidence are just to ensure the safety and effectiveness of these four aspects. Let me explain it to you one by one.

① Real name verification

Real-name authentication of identity includes multi-directional authentication of valid identity information of units and individuals, including two elements of Ministry of Public Security, three elements of mobile phone number, three elements or four elements of bank card, face recognition, two elements of enterprise and three elements of legal person/agent. And combined with SMS, email and other means to fully ensure the true identity and true will of both parties.

② Encrypted transmission

RSA encryption algorithm asymmetrically transmits electronic contract data (identity information, electronic signature/seal information and contract content), and verifies whether the data match before and after transmission through hash algorithm.

In this process, authoritative CA institutions issue CA certificates to ensure the security and credibility of transmitted data (identity information, electronic signature/seal information, public key information, etc.). ). The private key is randomly generated by 1024 bit random code, and the decoding probability is zero.

Time stamp curing technology, the National Time Service Center of Chinese Academy of Sciences carries out time service and punctuality detection on the creation process of each electronic contract. Once the trace of modification is detected, the signing of the contract is considered invalid, thus ensuring the accuracy and uniqueness of the time in the timestamp certificate.

In the whole transmission process, the attack and tampering instruction of any link will lead to the change of hash value. If the timestamp certificate detects changes, the contract will be considered invalid and an error will be reported when the contract is opened. So as to ensure that the electronic contract is safe and confidential in the whole process of identity verification, contract initiation, transmission and signing, and cannot be tampered with.

③ Blockchain encryption deposit certificate

Blockchain deposit certificate, distributed multi-point deposit certificate, is used for data information of each electronic contract signed with confidence.

In the whole backup storage process, AES256 encryption (currently using state secret SM2) technology is adopted, and information is encrypted and stored through 14 rounds of encryption operations such as byte replacement, row replacement, column confusion, round key addition, and expanding the original key when necessary. Combined with the digital fingerprint information in the system of the Ministry of Public Security, a credible electronic contract signing evidence chain is generated in one second. When users need it, they will issue a notarial certificate of the contract after being audited by the notary office.

Ensuring electronic contracts as electronic evidence is not only safe and confidential, but also can effectively protect the legitimate rights and interests of both parties.