|
在上一篇《電子合同的法律效力如何體現(xiàn)?》我們看到人們產(chǎn)生法律效力質(zhì)疑的并非電子合同的內(nèi)容,而是電子合同采用電子實現(xiàn)方式這一技術(shù)帶來的疑問與擔憂,譬如簽署人身份的確認,內(nèi)容易偽造、篡改等。在本文中我們就一起來探討電子合同的法律效力如何在電子簽名https://www.bjca.cn/ProductSolutions/servicedetail/?ContentID=276#service應用中進行保障。 電子合同采用可靠電子簽名技術(shù)來保障其法律效力 根據(jù)《電子簽名法》的規(guī)定,“可靠的電子簽名與手寫簽名或者蓋章具有同等的法律效力”。可靠電子簽名具有如下的特點: (1)電子簽名制作數(shù)據(jù)用于電子簽名時,屬于電子簽名人專有; (2)簽署時電子簽名制作數(shù)據(jù)僅由電子簽名人控制; (3)簽署后電子簽名的任何改動能夠被發(fā)現(xiàn) (4)簽署后對數(shù)據(jù)電文內(nèi)容和形式的任何改動能夠發(fā)現(xiàn) 可以看到采用可靠電子簽名能夠確保簽名人身份的真實性,數(shù)據(jù)內(nèi)容的完整性,并且簽名人與電子簽名以及數(shù)據(jù)內(nèi)容的關聯(lián)關系可以得以明確。不僅如此,帶有可靠電子簽名的電子合同還能確保簽名與數(shù)據(jù)內(nèi)容一旦被篡改即被發(fā)現(xiàn),實現(xiàn)簽名人簽名行為的責任認定。因此,電子合同普遍采用可靠電子簽名技術(shù)來保障其法律效力。 新晉技術(shù)標準規(guī)范可靠電子簽名的生成與驗證 《電子簽名法》確立了可靠電子簽名所具有的法律效力,但如何從技術(shù)上實現(xiàn)可靠電子簽名和如何驗證電子簽名是可靠的等問題,仍沒有得到很好的解決。目前,在電子商務市場蓬勃發(fā)展的推動下,市場涌現(xiàn)了大量的電子合同廠商,每一家都宣稱提供可靠電子簽名的電子合同產(chǎn)品,如何去判定廠商提供的產(chǎn)品是否合規(guī)呢?基于這樣的市場需求,為了貫徹落實《電子簽名法》,促進可靠電子簽名的應用普及,全國信息安全標準化技術(shù)委員會發(fā)布了可靠電子簽名的國家標準《GBT35285-2017信息安全技術(shù)公鑰基礎設施基于數(shù)字證書的可靠電子簽名生成及驗證技術(shù)要求》(以下簡稱《技術(shù)要求》,于2018年7月1日正式實施。《技術(shù)要求》中明確規(guī)定基于數(shù)字證書的可靠電子簽名生成條件: (1)合法的電子認證服務機構(gòu)為電子簽名人頒發(fā)數(shù)字證書; (2)簽名私鑰運算在國家密碼管理局審批許可的簽名密碼設備中完成; (3)簽名密碼設備通過pin、口令、生物特征等方式鑒別電子簽名人; (4)采用國家密碼管理局許可的數(shù)字簽名密碼算法; 基于國產(chǎn)密碼體系的數(shù)字簽名密碼算法,合法的第三方CA證書服務,和通過國家密碼管理局審批許可的簽名設備,是可靠電子簽名生成的關鍵。.其中涉及太過專業(yè)的簽名密碼算法機制不在此贅述,簡而言之數(shù)字簽名密碼技術(shù)保障了簽名人身份真實、數(shù)據(jù)內(nèi)容完整性和簽名行為不可否認。 《技術(shù)要求》中,在工信部、國密局的嚴格監(jiān)管下,對電子認證服務、簽名身份核實、簽名數(shù)據(jù)格式、簽名密碼設備、電子簽名程序和簽名流程等進行了嚴格要求。在這種政府監(jiān)管,信任背書、規(guī)范操作的執(zhí)行條件下才保證了可靠電子簽名的生成和驗證。 至此,我們對電子合同的法律效力從法律解讀、技術(shù)實現(xiàn)等不同層面進行了闡述。對于計劃部署電子合同的廠商會產(chǎn)生新的疑問:部署電子合同系統(tǒng)對現(xiàn)有企業(yè)信息系統(tǒng)有哪些要求?部署方式如何選擇?部署前需要重點評估和關注哪些問題?數(shù)字認證將在后續(xù)的文章中一一為你揭曉。 SecuretheLegalEffectofElectronicContractswithReliableElectronicSignatures Inthepreviousarticle,howisthelegaleffectofanelectroniccontractreflected?"Weseethatpeoplewhoquestionthelegaleffectarenotthecontentoftheelectroniccontract,butthedoubtsandconcernsbroughtaboutbytheelectronicrealizationoftheelectroniccontract.Forexample,theidentificationoftheidentityofthesignatoryiseasytoforgeandfalsify.Inthisarticle,wewilldiscusshowthelegaleffectsofelectroniccontractscanbeguaranteedinpracticalapplications. Electroniccontractsusereliableelectronicsignaturetechnologytoprotecttheirlegaleffects AccordingtotheElectronicSignatureLaw,"areliableelectronicsignaturehasthesamelegaleffectasahandwrittensignatureorstamp."Reliableelectronicsignatureshavethefollowingcharacteristics: (1)Whentheelectronicsignatureproductiondataisusedforelectronicsignature,itisexclusivetotheelectronicsignatureholder; (2)Theelectronicsignatureproductiondataatthetimeofsigningisonlycontrolledbytheelectronicsignatory; (3)Anychangestotheelectronicsignatureaftersigningcanbefound (4)Anychangestothecontentandformofthedatamessageaftersigningcanbefound Itcanbeseenthattheuseofreliableelectronicsignaturesensurestheauthenticityoftheidentityofthesigner,theintegrityofthedatacontent,andtheassociationbetweenthesignerandtheelectronicsignatureanddatacontentcanbeclarified.Notonlythat,electroniccontractswithreliableelectronicsignaturesensurethatsignaturesanddatacontentarediscoveredoncetheyhavebeentamperedwith,andthatthesignatory'ssignaturebehaviorisrecognized.Therefore,electroniccontractsgenerallyusereliableelectronicsignaturetechnologytoprotecttheirlegaleffectiveness. Newtechnologystandardstostandardizethegenerationandverificationofreliableelectronicsignatures TheElectronicSignatureLawestablishesthelegaleffectofreliableelectronicsignatures,buthowtoachievereliableelectronicsignaturesandhowtoverifyelectronicsignaturesisstillnotwellsolved.Atpresent,undertheimpetusoftheboominge-commercemarket,alargenumberofelectroniccontractmanufacturershaveemergedinthemarket.Eachcompanyclaimstoprovidereliableelectronicsignatureelectroniccontractproducts.Howtojudgewhethertheproductsprovidedbythemanufacturersareincompliance?Basedonsuchmarketdemand,inordertoimplementtheElectronicSignatureLawandpromotethepopularizationofreliableelectronicsignatureapplications,theNationalInformationSecurityStandardizationTechnicalCommitteeissuedanationalstandardforreliableelectronicsignatures.GBT35285-2017InformationSecurityTechnologyPublicKeyInfrastructureisbasedonTheTechnicalRequirementsforReliableElectronicSignatureGenerationandVerificationofDigitalCertificates(hereinafterreferredtoasthe"TechnicalRequirements")wasofficiallyimplementedonJuly1,2018.The"TechnicalRequirements"clearlystipulatestheconditionsforgeneratingreliableelectronicsignaturesbasedondigitalcertificates: (1)Alegalelectroniccertificationserviceagencyissuesadigitalcertificatetoanelectronicsignatory; (2)ThesignatureprivatekeyoperationiscompletedinthesignaturecryptographicdeviceapprovedbytheStateCryptographicAuthority; (3)Thesignaturecryptographicdeviceauthenticatestheelectronicsignerbymeansofpin,password,biometrics,etc.; (4)DigitalsignaturecryptographyalgorithmapprovedbytheNationalCryptographicAuthority; Thedigitalsignaturecryptographyalgorithmbasedonthedomesticcryptosystem,thelegalthird-partyCAcertificateservice,andthesignaturedeviceapprovedbytheNationalCryptographicAuthorityarethekeytothegenerationofreliableelectronicsignatures.Themechanismofsignaturecryptographyinvolvingtoomuchprofessionalisnotdescribedhere.Inshort,thedigitalsignaturecryptographytechnologyguaranteestheidentityofthesigner,theintegrityofthedatacontentandtheundeniablesignaturebehavior. Inthe"TechnicalRequirements",underthestrictsupervisionoftheMinistryofIndustryandInformationTechnologyandtheStateSecretsBureau,strictrequirementswereimposedonelectronicauthenticationservices,signatureidentityverification,signaturedataformats,signaturecryptographicdevices,electronicsignatureproceduresandsignatureprocesses.Thegenerationandverificationofreliableelectronicsignaturesareguaranteedundersuchconditionsofgovernmentsupervision,trustendorsementandstandardoperation. Sofar,ourlegaleffectsonelectroniccontractshavebeenelaboratedondifferentlevelssuchaslegalinterpretationandtechnicalrealization.Thereisanewquestionforvendorsplanningtodeployelectroniccontracts:Whataretherequirementsfordeployinganelectroniccontractsystemforanexistingenterpriseinformationsystem?Howtochoosethedeploymentmethod?Whatissuesneedtobeevaluatedandfocusedbeforedeployment?Digitalcertificationwillbeannouncedinthefollowingarticles. |
