在上一篇《電子合同的法律效力如何體現(xiàn)?》我們看到人們產(chǎn)生法律效力質(zhì)疑的并非電子合同的內(nèi)容,而是電子合同采用電子實現(xiàn)方式這一技術(shù)帶來的疑問與擔憂,譬如簽署人身份的確認,內(nèi)容易偽造、篡改等.在本文中我們就一起來探討電子合同的法律效力如何在電子簽名應(yīng)用中進行保障.
電子合同采用可靠電子簽名技術(shù)來保障其法律效力
根據(jù)《電子簽名法》的規(guī)定,"可靠的電子簽名與手寫簽名或者蓋章具有同等的法律效力".可靠電子簽名具有如下的特點:
(1)電子簽名制作數(shù)據(jù)用于電子簽名時,屬于電子簽名人專有;
(2)簽署時電子簽名制作數(shù)據(jù)僅由電子簽名人控制;
(3)簽署后電子簽名的任何改動能夠被發(fā)現(xiàn)
(4)簽署后對數(shù)據(jù)電文內(nèi)容和形式的任何改動能夠發(fā)現(xiàn)
可以看到采用可靠電子簽名https://www.bjca.cn/ProductSolutions/servicedetail/?ContentID=276#service能夠確保簽名人身份的真實性,數(shù)據(jù)內(nèi)容的完整性,并且簽名人與電子簽名以及數(shù)據(jù)內(nèi)容的關(guān)聯(lián)關(guān)系可以得以明確.不僅如此,帶有可靠電子簽名的電子合同還能確保簽名與數(shù)據(jù)內(nèi)容一旦被篡改即被發(fā)現(xiàn),實現(xiàn)簽名人簽名行為的責任認定.因此,電子合同普遍采用可靠電子簽名技術(shù)來保障其法律效力.
新晉技術(shù)標準規(guī)范可靠電子簽名的生成與驗證
《電子簽名法》確立了可靠電子簽名所具有的法律效力,但如何從技術(shù)上實現(xiàn)可靠電子簽名和如何驗證電子簽名是可靠的等問題,仍沒有得到很好的解決.目前,在電子商務(wù)市場蓬勃發(fā)展的推動下,市場涌現(xiàn)了大量的電子合同廠商,每一家都宣稱提供可靠電子簽名的電子合同產(chǎn)品,如何去判定廠商提供的產(chǎn)品是否合規(guī)呢?基于這樣的市場需求,為了貫徹落實《電子簽名法》,促進可靠電子簽名的應(yīng)用普及,全國信息安全標準化技術(shù)委員會發(fā)布了可靠電子簽名的國家標準《GBT35285-2017信息安全技術(shù)公鑰基礎(chǔ)設(shè)施基于數(shù)字證書的可靠電子簽名生成及驗證技術(shù)要求》(以下簡稱《技術(shù)要求》,于2018年7月1日正式實施.《技術(shù)要求》中明確規(guī)定基于數(shù)字證書的可靠電子簽名生成條件:
(1)合法的電子認證服務(wù)機構(gòu)為電子簽名人頒發(fā)數(shù)字證書;
(2)簽名私鑰運算在國家密碼管理局審批許可的簽名密碼設(shè)備中完成;
(3)簽名密碼設(shè)備通過pin,、口令,、生物特征等方式鑒別電子簽名人;
(4)采用國家密碼管理局許可的數(shù)字簽名密碼算法;
基于國產(chǎn)密碼體系的數(shù)字簽名密碼算法,合法的第三方CA證書服務(wù),和通過國家密碼管理局審批許可的簽名設(shè)備,是可靠電子簽名生成的關(guān)鍵..其中涉及太過專業(yè)的簽名密碼算法機制不在此贅述,簡而言之數(shù)字簽名密碼技術(shù)保障了簽名人身份真實、數(shù)據(jù)內(nèi)容完整性和簽名行為不可否認.
《技術(shù)要求》中,在工信部,、國密局的嚴格監(jiān)管下,對電子認證服務(wù),、簽名身份核實、簽名數(shù)據(jù)格式,、簽名密碼設(shè)備,、電子簽名程序和簽名流程等進行了嚴格要求.在這種政府監(jiān)管,信任背書、規(guī)范操作的執(zhí)行條件下才保證了可靠電子簽名的生成和驗證.
至此,我們對電子合同的法律效力從法律解讀,、技術(shù)實現(xiàn)等不同層面進行了闡述.對于計劃部署電子合同的廠商會產(chǎn)生新的疑問:部署電子合同系統(tǒng)對現(xiàn)有企業(yè)信息系統(tǒng)有哪些要求?部署方式如何選擇?部署前需要重點評估和關(guān)注哪些問題?數(shù)字認證將在后續(xù)的文章中一一為你揭曉.
SecuretheLegalEffectofElectronicContractswithReliableElectronicSignatures
Inthepreviousarticle,howisthelegaleffectofanelectroniccontractreflected?"Weseethatpeoplewhoquestionthelegaleffectarenotthecontentoftheelectroniccontract,butthedoubtsandconcernsbroughtaboutbytheelectronicrealizationoftheelectroniccontract.Forexample,theidentificationoftheidentityofthesignatoryiseasytoforgeandfalsify.Inthisarticle,wewilldiscusshowthelegaleffectsofelectroniccontractscanbeguaranteedinpracticalapplications.
Electroniccontractsusereliableelectronicsignaturetechnologytoprotecttheirlegaleffects
AccordingtotheElectronicSignatureLaw,"areliableelectronicsignaturehasthesamelegaleffectasahandwrittensignatureorstamp."Reliableelectronicsignatureshavethefollowingcharacteristics:
(1)Whentheelectronicsignatureproductiondataisusedforelectronicsignature,iti-clusivetotheelectronicsignatureholder;
(2)Theelectronicsignatureproductiondataatthetimeofsigningisonlycontrolledbytheelectronicsignatory;
(3)Anychangestotheelectronicsignatureaftersigningcanbefound
(4)Anychangestothecontentandformofthedatamessageaftersigningcanbefound
Itcanbeseenthattheuseofreliableelectronicsignaturesensurestheauthenticityoftheidentityofthesigner,theintegrityofthedatacontent,andtheassociationbetweenthesignerandtheelectronicsignatureanddatacontentcanbeclarified.Notonlythat,electroniccontractswithreliableelectronicsignaturesensurethatsignaturesanddatacontentarediscoveredoncetheyhavebeentamperedwith,andthatthesignatory'ssignaturebehaviorisrecognized.Therefore,electroniccontractsgenerallyusereliableelectronicsignaturetechnologytoprotecttheirlegaleffectiveness.
Newtechnologystandardstostandardizethegenerationandverificationofreliableelectronicsignatures
TheElectronicSignatureLawestablishesthelegaleffectofreliableelectronicsignatures,buthowtoachievereliableelectronicsignaturesandhowtoverifyelectronicsignaturesisstillnotwellsolved.Atpresent,undertheimpetusoftheboominge-commercemarket,alargenumberofelectroniccontractmanufacturershaveemergedinthemarket.Eachcompanyclaimstoprovidereliableelectronicsignatureelectroniccontractproducts.Howtojudgewhethertheproductsprovidedbythemanufacturersareincompliance?basedonsuchmarketdemand,inordertoimplementtheElectronicSignatureLawandpromotethepopularizationofreliableelectronicsignatureapplications,theNationalInformationSecurityStandardizationTechnicalCommitteeissuedanationalstandardforreliableelectronicsignatures.GBT35285-2017InformationSecurityTechnologyPublicKeyInfrastructureisbasedonTheTechnicalRequirementsforReliableElectronicSignatureGenerationandVerificationofDigitalCertificates(hereinafterreferredtoasthe"TechnicalRequirements")wasofficiallyimplementedonJuly1,2018.The"TechnicalRequirements"clearlystipulatestheconditionsforgeneratingreliableelectronicsignaturesbasedondigitalcertificates:
(1)Alegalelectroniccertificationserviceagencyissuesadigitalcertificatetoanelectronicsignatory;
(2)ThesignatureprivatekeyoperationiscompletedinthesignaturecryptographicdeviceapprovedbytheStateCryptographicAuthority;
(3)Thesignaturecryptographicdeviceauthenticatestheelectronicsignerbymeansofpin,password,biometrics,etc.;
(4)DigitalsignaturecryptographyalgorithmapprovedbytheNationalCryptographicAuthority;
Thedigitalsignaturecryptographyalgorithmbasedonthedomesticcryptosystem,thelegalthird-partyCAcertificateservice,andthesignaturedeviceapprovedbytheNationalCryptographicAuthorityarethekeytothegenerationofreliableelectronicsignatures.Themechanismofsignaturecryptographyinvolvingtoomuchprofessionalisnotdescribedhere.Inshort,thedigitalsignaturecryptographytechnologyguaranteestheidentityofthesigner,theintegrityofthedatacontentandtheundeniablesignaturebehavior.
Inthe"TechnicalRequirements",underthestrictsupervisionoftheMinistryofIndustryandInformationTechnologyandtheStateSecretsBureau,strictrequirementswereimposedonelectronicauthenticationservices,signatureidentityverification,signaturedataformats,signaturecryptographicdevices,electronicsignatureproceduresandsignatureprocesses.Thegenerationandverificationofreliableelectronicsignaturesareguaranteedundersuchconditionsof-supervision,trustendorsementandstandardoperation.
Sofar,ourlegaleffectsonelectroniccontractshavebeenelaboratedondifferentlevelssuchaslegalinterpretationandtechnicalrealization.Thereisanewquestionforvendorsplanningtodeployelectroniccontracts:Whataretherequirementsfordeployinganelectroniccontractsystemforanexistingenterpriseinformationsystem?Howtochoosethedeploymentmethod?Whatissuesneedtobeevaluatedandfocusedbeforedeployment?Digitalcertificationwillbeannouncedinthefollowingarticles.