With the popularization and application of computers and the rapid development of the Internet, e-commerce has gradually become a new mode for people to conduct business activities. While e-commerce improves business efficiency and reduces business transaction costs, its own security also follows, which has become an important bottleneck restricting its further development.

At present, there are two main aspects that affect the security of e-commerce: computer network security and business transaction information security. Computer network security refers to the security of computer network as an e-commerce trading platform, including computer network equipment security, computer network system security, database security and so on. Information security in commercial transactions includes preventing information eavesdropping, tampering and camouflage. , to ensure the integrity and availability of e-commerce data, the certainty of the identity of both parties to the transaction, and the undeniable transaction behavior.

Due to the virtuality and anonymity of e-commerce trading platform on the Internet, the problems of computer network security and business transaction information security are becoming more and more prominent. The application of electronic signature technology and its legislation provide an important guarantee for the safe operation of e-commerce.

I. The meaning of electronic signature

Electronic signature is the general name of modern authentication technology. According to the Uniform Electronic Transactions Act of the United States, "electronic signature" generally refers to "an electronic sound, consistency or program associated with or logically associated with an electronic record, and the electronic sound, consistency or program is signed or adopted by someone for signing an electronic record"; According to the United Nations Model Law on Electronic Commerce, an electronic signature is the data in electronic form contained in, attached to or logically associated with a data message, which can be used to confirm the identity of the signer related to the data message and show that the signer approves the information contained in the data message; The European Union's Electronic Signature Directive stipulates that "electronic signature" generally refers to "data in electronic form connected or logically connected with other electronic records and used as authentication methods."

From the above definition, any electronic technical means that can prove the identity of the parties and approve the contents of documents in electronic communication can be called electronic signature, which is a general concept of modern authentication technology and an important guarantee for the security of e-commerce.

In short, the so-called electronic signature refers to the data contained in the data message in electronic form and accompanied by data used to identify the identity of the signer and show that the signer approves its content. Generally speaking, electronic signature is an electronic signature of electronic documents through cryptographic technology, which is not a digital visualization of written signature, but similar to handwritten signature or seal, and can also be said to be an electronic seal.

At present, electronic signature can be realized by various technical means. After confirming the exact identity of the signer, electronic signature admits that people can sign electronic records in many different ways. These methods include: digital signature based on PKI public key cryptography; Identification mark based on biometrics; Identification of handprints, voiceprints or retinal scans; Password code, password or personal identification number; This enables the receiver to identify the sender; Computers based on quantum mechanics and so on.

Secondly, the legislation of electronic signature.

Giving electronic signatures the same legal status as traditional signatures and seals from the legal point of view is the premise of the wide application and effectiveness of electronic signatures, and it is also the core content of international e-commerce legislation in recent ten years.

On April 1 2005, China officially promulgated and implemented the Electronic Signature Law of People's Republic of China (PRC) (hereinafter referred to as the Electronic Signature Law). Its promulgation provides a basic legal guarantee for the development of e-commerce in China, solves the basic problems of the legal effect of electronic signatures, and makes clear provisions on a series of issues such as e-commerce certification bodies, the security of electronic signatures, the code of conduct of signers, and the determination of disputes in electronic transactions.

With the relevant provisions of the electronic signature law, many problems in the development of e-commerce will be solved, real online transactions will be gradually developed, and some problems that restrict the development of e-commerce will be gradually solved in the development. China's e-commerce will soon be out of the state of no legal basis and blindness. However, the electronic signature method cannot solve the security problem of e-commerce once and for all. The law can only provide a basic guarantee, and the electronic signature law can improve the integrity to a certain extent. However, in order to better promote the development of e-commerce, the most important thing is to establish an honest environment with high integrity, which requires e-commerce websites and e-commerce transaction subjects to make greater efforts in the future.

Three, the relationship between electronic signature and electronic signature, electronic seal and digital signature

Electronic signature means that it exists in electronic form, is attached to the electronic document and is related to its logic, and can be used to identify the identity of the signer of the electronic document, indicating that the signer agrees with the content of the electronic document. Electronic signature must be carried out through security procedures that meet specific requirements to ensure the security of the signature. An electronic signature made according to a specific security procedure is defined as a secure electronic signature, which is different from the general electronic signature and gives it the effect of being regarded as a signature or seal in law. Therefore, the electronic signature system mainly solves the problem of signing and stamping electronic documents, and is used to identify the identity of the signer of electronic documents, ensure the integrity of documents, and ensure the authenticity, reliability and non-repudiation of documents; Electronic signature should be one of the important components of electronic signature.

Electronic seal is divided into electronic official seal and electronic name seal. It is an electronic seal that encrypts the official seal or name stamp through PKI technology and uses digital authentication storage media to apply it to electronic documents. Seals and management systems must be authorized by the government before they can be made. Electronic seal is expected to replace traditional seal in many fields and become an effective measure to promote the development of e-commerce and e-government after the implementation of electronic signature law, such as online tax declaration, electronic invoice, online settlement and annual inspection of enterprises.

Electronic signature based on PKI is called "digital signature". It is wrong for some people to call "electronic signature" "digital signature". Digital signature is just a concrete form of electronic signature. Although electronic signature has gained technical neutrality, it also brings inconvenience in use. The law has made further provisions on electronic signature, such as "reliable electronic signature" and "advanced electronic signature" in the electronic signature law. In fact, the function of digital signature is stipulated, which makes digital signature obtain better application security and operability. At present, the only practical electronic signature is public key cryptography. Therefore, the digital signature technology based on PKI has been widely used, mature and practical at home and abroad. As a public key infrastructure, PKI can provide a variety of online security services, such as identity authentication, data confidentiality, data integrity and non-repudiation, in which digital signature technology is used.

The core executing agency of PKI is the electronic certification service provider, commonly known as certification authority CA. The core element of PKI signature is the digital certificate issued by CA. The PKI services it provides are authentication, data integrity, data confidentiality and non-repudiation. The method is to encrypt/decrypt by using the certificate public key and its corresponding private key to generate the signature and verification signature of the digital message. Digital signature is the use of public key cryptography and other cryptographic algorithms to generate a series of symbols and codes, forming an electronic password for signature, rather than writing signatures and seals; This kind of electronic signature can also be technically verified, and its verification accuracy is incomparable with manual signature and stamping. This signature method can be used for authentication in a large number of trusted PKI domains or cross authentication in multiple trusted PKI domains, especially for security authentication and transmission on the Internet and WAN.

Fourthly, the application of electronic signature in electronic commerce.

The application fields of electronic signature include e-commerce, enterprise information system, online government procurement, finance, accounting, insurance, food, medicine, education, scientific research and document management. But the most important thing is that in e-commerce, it integrates the information exchange and transactions between buyers and sellers and middlemen (such as financial institutions) on the Internet, such as signing contracts, ordering and paying. At present, electronic signature plays a very important role in e-commerce in major developed countries and many other countries, including third world countries.

Due to the "Electronic Signature Law" that has been implemented in China at present, the application of electronic signature in e-commerce is mainly manifested in the following aspects:

First of all, it plays a great role in promoting and developing e-commerce in China. The purpose of the electronic signature law is to ensure the security of e-commerce, safeguard the legitimate interests of all parties concerned and promote the development of e-commerce. Electronic signature method can solve the non-repudiation of e-commerce participants and improve the security of e-commerce transactions. It can realize online automatic payment and solve the bottleneck problem of domestic e-commerce at present.

Secondly, it is applied to the financial industry, which is the most active and extensive field of electronic signature application. When banks verify the authenticity of online banking users' identities, users' identities must be true and reliable, and their signatures have practical significance, which is the basis of using digital signatures. Transactions with large transaction volume and high security requirements must use digital signatures. Because digital signature is a relatively complicated calculation method, the process of signing consumes certain system resources, which is generally used in online banking business with large transaction amount and high security requirements. As a unified third-party security certification institution in the financial industry, it has played an important role in ensuring the security of online transactions and providing fair and credible certification services. The above are the application characteristics of electronic signature in online banking; Judging from the scope and breadth of application, digital signature technology is basically adopted by online banks in China at present.

The third is the reform in Bill Law. Taking the electronic signature law as the mother law, China's negotiable instrument law should formulate and improve a set of new banking regulations based on the electronic signature law. In this way, banks can save a lot of paper printing, reduce costs and improve efficiency. There are also online securities trading, online taxation and so on. On the one hand, there is no good secure payment protocol, and more importantly, there is no legal guarantee for digital signature; Technology is the foundation and law is the guarantee. These are all areas where "electronic signature" is widely used.

Finally, the contract law is amended, and contracts can also appear in the form of electronic documents. With electronic signature as a guarantee, online bidding and online procurement can be based on electronic contracts. In order to meet the needs of traditional business operations, electronic signature and traditional manual signature or seal can be made into "electronic signature" visualization, that is, while verifying the authenticity of electronic signature, graphical handwritten signature or seal can be printed, which can adapt to the traditional authentication method and push the signature to the advanced electronic technology field.

Undoubtedly, with the further refinement of the implementation of the Electronic Signature Law and its application and popularization in practice, electronic signature will bring a profound revolution to online transactions and processing in the fields of finance, commerce and taxation, and will greatly promote the development of e-commerce and e-government in China.