According to the provisions of Article 13 of the Electronic Signature Law, an electronic signature shall be regarded as reliable if it meets the following conditions:
(1) When the electronic signature production data is used for electronic signature, it belongs to the exclusive rights of the electronic signer;
(2) When signing, the electronic signature production data is only controlled by the electronic signer;
(3) Any changes to the electronic signature after signature can be found;
(4) Any changes to the content and form of the data message after signature can be found. The parties can also choose to use electronic signatures that meet their agreed reliable conditions.
Therefore, if the electronic signature does not meet the requirements of the security specification, there is a risk of being identified as an "unreliable electronic signature" and thus losing its effectiveness. Therefore, the general electronic signature service providers will attach great importance to the security of electronic signatures. Taking electronic signature as an example, we will ensure the security of electronic signature from the following aspects:
1) encrypted storage:
Fragment encryption technology is used to protect confidential or sensitive files, prevent data assets from being stolen and lost, and do not affect the normal use of users.
2) Leakage protection:
Customer's key information is encrypted and stored, so the user's ID information not only carries out security authentication and unified authorization, but also carries out watermark processing on related information for display.
3) Mandatory access control:
According to the user's identity and authority, carry out security authentication and unified authorization authentication, develop a key management system by ourselves, and strictly keep the keys.
4) Transmission process:
Use SSL to encrypt file transmission to prevent tampering and ensure authenticity and effectiveness. When your file enters our system, it will be encrypted immediately, and we ensure that only designated users can access the file.
5) Cloud protection:
The self-developed application firewall (WAF) helps to protect Web applications by filtering and monitoring the traffic between them and the Internet.
6) System protection:
Host security protection system is the last guarantee to prevent host intrusion.
7) Database audit:
Database audit can record, analyze and report users' database access behaviors, help management users to generate compliant reports and trace their sources afterwards, at the same time, strengthen the recording of internal and external database network behaviors and strengthen the security of data assets.
8)s-sdlc R&D system
E-sign treasure, follow owasp international security development standards, and ensure the security and quality of business development.
In fact, the business logic of electronic signature is very simple. 2 yuan money replaced the express fee in 22 yuan, and 2 minutes replaced the 24-hour waiting. It can not only avoid the risk of radish chapter, but also reduce costs and increase efficiency for enterprises.
For new things, the market still has a long acceptance period. For example, seals evolved from historical signatures, and even contracts we saw in many remote mountainous areas still have to be handprinted. Why? Because regional differences are the status quo of China's development, we are full of confidence in the paperless, safe and intelligent office in the future. More importantly, the environmental protection effect brought by science and technology is the driving force of this era.