Implementation of electronic contract signature based on Ethereu
sign at ease the third party E-contract service platform adopts reliable e-signature technology, which can ensure the true identities of both parties and prevent them from being falsely signed
At the same time, the time stamp technology and tamper proof technology are used to accurately record the signing time and content of the electronic contract, and the signature verification technology is used to easily identify whether the electronic contract has been tampered, thus eliminating the "false contract" and "illegally generated" false seal. In case of contract disputes, it also provides certificate issuing service and online one click arbitration service to provide a complete evidence chain for electronic contract disputes, protect the legitimate rights and interests of all parties, and escort each electronic contract 
in recent years, E-contract has been more and more well known and used by enterprises, and E-contract is also the inevitable trend of future Internet development. With the development of the Internet in recent years, many benefits brought by electronic contract are recognized by enterprise users. It is not only convenient to manage, but also saves a large part of the cost. At the same time, it has legal protection
Electronic signature must be bound to a specific subject, which can be a unit or an indivial. The most widely used electronic signature technology in the world is digital signature technology. The digital certificate in digital signature technology can be used to make data message. The certificate must be bound with a specific subject to use
digital certificates are divided into two types:
one is called "soft certificate", and file digital certificate, which can be stored in the computer or hosted on the cloud server
the other is called "hard certificate", which is stored in USBKEY similar to USB flash disk
in terms of legal effect, there is no difference between these two types of digital certificates. The digital certificate used by the public shall be issued by the CA institution which has obtained the electronic authentication service license issued by the Ministry of instry and information technology; Each legal CA organization should provide the directory information query service of e-signature authentication certificate and the status information query service of e-signature authentication certificate
From the perspective of judicial practice, the judge should first find out the following facts:(1) whether the digital certificate used for electronic signature is issued by Ca institution authorized by MIIT
(2) who owns the digital certificate and the process of issuing the digital certificate to the e-signer
in a word, electronic signature and electronic seal are not only used in the Internet instry, but also widely used in different scenarios in various fields, becoming an indispensable tool for digital office, as well as a sharp tool for enterprises to rece costs and increase efficiency
The realization of paperless office closed-loop is mainly divided into several stages:
1. The popularity and popularity of automatic office software make the enterprise realize all kinds of business communication, file transmission and other operations online
2. With the development of online payment technology, online business activities are becoming more and more mature
3. With the application and promotion of electronic contract and electronic signature technology, the electronic signature mode replaces the offline sending and sealing process of paper documents
so far, all kinds of business cooperation of enterprises have realized the whole process of online negotiation, confirmation of contract details, online signing and stamping, and payment of contract object, truly realizing paperless closed-loop operation
how to realize the electronic contract:
1. Implementation method: compared with the paper contract signed under the line or sent back and forth to seal, the use of electronic contract is mostly completed through the reliable third-party electronic contract platform to provide related services
enterprises can choose to use E-contract SaaS service directly (login and use without downloading plug-ins) or integrate with all kinds of key management within the enterprise (for example, integrate the function of e-Seal with OA system)
2. Use process: when the communication details in the early stage of business cooperation are implemented, the seal or signature can be stamped on the electronic version of the contract in the form of electronic seal
summary:
according to the relevant provisions of the contract law and the electronic signature law, the electronic contract with electronic seal has the same legal effect as the paper contract seal or signature. Therefore, on the basis of ensuring the validity of the contract, the seal and signature mode of the contract realized by using the reliable electronic contract technology meets the requirements of the efficiency and risk of business activities; At the same time, combined with all kinds of paperless office software, the whole paperless office closed-loop is realized
generally, in addition to the appearance part of the signature (signature or seal appearance), the real effective part of the electronic signature is the digital signature part hidden behind the appearance, which contains the signature identity information, digital certificate, contract content summary and other key information
therefore, it is not effective to make an electronic signature only by ing the appearance of the signature. Using the third-party E-contract platform to sign a contract requires only three steps to complete the creation and signing of the e-signature:
1. Log in to the third-party E-contract platform to register and authenticate
2. Use the touch screen mobile phone to input the signature by hand and save it
3. Use the saved signature to sign the contract (signature appearance adding digital certificate and identity authentication link users are not visible).
electronic contract needs the same legal effect as the handwritten signature in the traditional contract. According to the stipulation of the electronic signature law, the electronic signature of "reliable identity", "simultaneous interpreting the real identity of the contract entity, effectively preventing the document from being tampered with, and accurately recording the signing time" is the legally valid electronic signature. p>
considering the legal effect, convenience, security and legal services, a reliable third-party E-contract platform is the best choice
1. Confirm the true identity of the signer
① the third party electronic signature platform carries out real name authentication
after the user registers the platform account, the platform will require the user to carry out real name authentication, and the electronic contract can be signed only after the authentication is passed. In real name authentication, indivial users need to submit personal identity information, and enterprise users need to submit instrial and commercial information. The third party electronic signature platform will access the personal identity authentication system of the Ministry of public security and the enterprise information system of the State Administration for Instry and commerce, so as to check the user's identity information and ensure that the user's identity will not be impersonated
② CA institutions issue digital certificates
CA institutions, namely Certificate Authorization centers, are trusted third parties in e-commerce transactions. When the user passes the real name authentication of the third-party e-signature platform, he can obtain the digital certificate issued by the CA organization cooperating with the third-party e-signature platform as the basis of the user's online identity. And the core of the certificate is digital signature technology, so that the certificate can not be forged and tampered
2. Create an exclusive electronic signature
after passing the real name authentication, users can start to create their own exclusive electronic signature, which will be saved in the form of data message on the third-party electronic signature platform. Indivial users can set up handwritten signature in our platform, and can also use the electronic signature generated by the system. Enterprise users can upload and make enterprise electronic signature. When signing an electronic contract, they can choose the corresponding signature to sign. The electronic signature is equivalent to the handwritten signature or official seal in the paper contract, which has legal effect
When we need to sign an electronic contract, how can we sign an electronic signature? In fact, it's very simple. You only need to upload the edited contract document, set the corresponding signing party and signing order and other standards, and then you can add your own electronic signature and signing date to the electronic contract to complete your own signing. Then the other party will receive a text message reminder, and after the same real name authentication electronic signature process, an electronic contract is signed. Through the third-party electronic signature platform, the electronic contract signed with reliable electronic signature has legal effect4. Other services of the third party e-signature platform
in addition to real name authentication, e-signature proction, E-contract signing and E-contract management, our platform will also provide many other services, such as certification report, judicial authentication, network arbitration, legal consultation and other legal services. Once the user has a contract dispute, he can apply for the corresponding service of our platform to effectively solve the contract dispute
Excellent third-party E-contract platform can not only guarantee the legal effect of E-contract, but also provide more comprehensive help for enterprises in cost saving, convenience, security, legal services and other aspects
the biggest evidence that can effectively prove "who are you" is the ID card. If you want to prove that a valid contract is signed by you, you also need to confirm your legal identity. Different from proving "who are you", e-contracts can only be authenticated on the Internet
identity authentication, namely real name authentication, refers to the confirmation of user's identity through certain means. In the field of E-contract, enterprise users and indivial users must carry out real name authentication on the E-contract platform before signing the E-contract, so as to ensure the authenticity, legality and security of the signing behavior
electronic contract is a kind of contract which is concluded through computer network system and generated, stored or transmitted in the form of data message. The whole process of electronic contract signing (including real name authentication, digital certificate issuing and management, signature style setting, reliable electronic signature, certificate storage and issuance, judicial authentication, network arbitration and other services) is carried out on the Internet
real name authentication is the most critical link in the E-contract service chain, which is used to establish the real identity relationship between the user using the E-contract system and him. Through the real name authentication, it can ensure that the signing behavior of the electronic contract is the real behavior and the expression of the real intention of the corresponding subject, effectively avoid using the false identity or the identity of others to sign the electronic contract, and ensure the integrity of the evidence chain of the electronic contract
after real name authentication, enterprise users or indivial users can send or sign electronic contracts on the third-party electronic contract platform. At the same time, for the real name authentication users of the platform, the third-party E-contract platform can guarantee the smooth development of such links as certificate storage and issuance, judicial authentication, network arbitration after disputes, and effectively safeguard the legitimate rights and interests of both parties to the contract
however, if the user does not have real name authentication, the E-contract platform will not be able to confirm the user's real identity, nor can it accurately verify whether the identity information and contact information provided by the user are provided by himself. Then, this user will receive a response risk prompt in the E-contract signing process, and the other party who signs the E-contract with him will also receive a risk prompt, which may hinder the E-contract signing process and affect the normal cooperation
Excellent third-party E-contract platform can not only guarantee the legal effect of E-contract, but also provide more comprehensive help for enterprises in cost saving, convenience, security, legal services and other aspects
electronic signature must be bound to a specific subject, which can be a unit or an indivial. The most widely used electronic signature technology in the world is digital signature technology. The digital certificate in digital signature technology can be used to make data message. The certificate must be bound with a specific subject to use
digital certificates are divided into two types:
one is called "soft certificate" and file digital certificate, which can be stored in the computer or hosted on the cloud server
the other is called "hard certificate", which is stored in USBKEY similar to USB flash disk
in terms of legal effect, there is no difference between these two types of digital certificates. The digital certificate used by the public shall be issued by the CA institution which has obtained the electronic authentication service license issued by the Ministry of instry and information technology; Each legal CA organization should provide the directory information query service of e-signature authentication certificate and the status information query service of e-signature authentication certificate
From the perspective of judicial practice, the judge should first find out the following facts:(1) whether the digital certificate used for electronic signature is issued by Ca institution authorized by MIIT
(2) who owns the digital certificate and the process of issuing the digital certificate to the e-signer
in a word, electronic signature and electronic seal are not only used in the Internet instry, but also widely used in different scenarios in various fields, becoming an indispensable tool for digital office, as well as a sharp tool for enterprises to rece costs and increase efficiency
In short, electronic signature is the technology of direct signature and seal on electronic documents by using hash algorithm and encryption algorithm. In order to ensure the legal validity of the signed electronic document, the electronic document signed with electronic signature also needs to have the characteristics of the signature identity can be identified and the signature content can not be tampered with
However, the explanation of the above technical terms can not intuitively and easily explain the principle of electronic signature. The following is a brief introction of the process of restoring the electronic signature to realize the principle:scene: e to business needs, you and I need to sign a cooperation agreement. For the sake of convenience, you will send the electronic version of the contract to me online for signature
how to ensure that the contract can only be viewed by me and can not be maliciously stolen by others? How can I be sure that the sender of the document is you
key point 1: public key and private key appear
in order to meet the requirements of confidentiality of electronic contract content and sender authentication, we know the encryption method of asymmetric encryption
< UL >asymmetric encryption: it has a unique pair of secret keys, a public key and a private key. The owner of the public key is visible, while the private key is visible only by itself
asymmetric encryption has such characteristics: files encrypted with public key can only be decrypted with private key, while files encrypted with private key can only be decrypted with public key
when sending a contract, you encrypt the proposed electronic contract with your private key and send it; When receiving the contract, if you can use your public key to decrypt, then this file is sent by you
But how can I know your public keykey point 2: the government has issued a CA to help
I understand that the government has authorized an authority called CA to provide network identity authentication services
Ca (certificate authority): the full name of certificate authority, that is, the application, issue and management authority of digital certificate. Its main functions are: generating key pair, generating digital certificate, distributing key, key management and so ondigital certificate: it is a certificate issued by Ca organization. It includes public key, public key owner's name, CA's digital signature, validity period, authorization center's name, certificate serial number and other information. It can be used to understand the "network ID card" of an indivial or enterprise
I apply to CA to obtain your public key and use it to decrypt the electronic contract. If the decryption is successful, it means that the sender is you. The identity of the document sender is confirmed. How can we give protection to the simultaneous interpreting of the electronic contract? P>
key point 3: hash brothers appear on the
. Hash algorithm is recommended by the technical personnel (simultaneous interpreting algorithm), which can prove whether the electronic contract is tampered with in the transmission process. p> < UL >
hash algorithm: the text content is generated into a piece of code, that is, information digest, by encryption algorithm. Its main feature is that the encryption process does not need a key, and the encrypted data cannot be reversed. In other words, only two identical contracts through the same hash algorithm can get the same summary
when sending a contract, you send me the original text of the electronic contract and the hashed Abstract together. When receiving the contract, you can get a new abstract by hashing the original text of the contract. Comparing the two groups of abstracts to see if they are consistent can prove whether the document I received has been tampered with, What if the original and abstract of the file are replaced at the same time
key point 4: symmetric encryption to help
in addition to the above hash algorithm, asymmetric encryption, CA, in order to ensure that the contract from send to receive meet the three requirements, namely: sent by you, can only be sent to me, can not be tampered with, we also need to apply a new encryption method: symmetric encryption
< UL >symmetric encryption: using the encryption method of single key cryptosystem, the information encryption and decryption can only use the same password
when sending a file:
1. You get the abstract of the original text through hash operation and use the private key to encrypt it to get your digital signature. Then you encrypt the digital signature symmetrically with the original text of the contract to get the ciphertext a-encrypt the original text
2. You get my public key through Ca and asymmetric encrypt the symmetric encryption secret key in the above steps, That is my "digital envelope" -- encrypt the secret key
3, send the ciphertext A and my digital envelope to me
< UL >Digital Signature: extract the abstract of the source file with hash algorithm and encrypt the content with the sender's private key
digital envelope: encrypt the symmetric secret key with the public key of the receiver, which is called "digital envelope for Party B"
when receiving files:
1. I use my private key to decrypt the digital envelope and get the symmetric secret key, which means that it is sent to me
2. I use the symmetric secret key to decrypt ciphertext A and get the original text with your digital signature
3. I use your public key to decrypt your digital signature and get the original text Abstract in the signature, which can be decrypted, Note that the sender is you
4. Use the same digest algorithm to obtain the original digest and compare it with the digest in the decryption signature. If the digest is consistent, then the original has not been tampered with
in addition to the content of the file can not be tampered with, it is also very important to accurately record the signing time and fix the effective period of the contract. How can we ensure that the signing time of the contract can not be tampered in the network environment
key point 5: time stamp to prove
I also consulted experts. It turns out that our country has a special legal time service center, which can stamp "time stamp" on the documents we sign, that is, time stamp
< UL >time stamp: the time when a document is signed in writing is written by the signer himself, while the digital time stamp is added by the third party certification authority (DTS), which is based on the time when the document is received by DTS, so it is more accurate and credible
so far, we have accurately recorded the time of signing the contract, the content of the contract can not be tampered with, and the identities of both parties are true and effective, which is no problem! However, how to store the signed electronic contract? No matter which party signs the contract, disputes will inevitably question the security of the contract ring storage
key point 6: find an authoritative third party to deposit the certificate
the last problem of contract signing: the storage problem has also been solved! But the only drawback is: the signing process is too cumbersome! In order to ensure the validity of electronic contract, we use asymmetric encryption, hash operation, time stamp and other technologies, as well as the assistance of Ca organization, notary office and other organizations
How to sign an effective electronic contract more easily and quicklykey point 7: select a reliable third-party electronic contract platform
according to the provisions of the electronic signature law, the electronic contract signed with a reliable electronic signature has the same legal effect as the paper contract signed by hand or sealed
< UL >according to the provisions of the electronic signature law, those who meet the following conditions are regarded as reliable electronic signatures:
1) when the proction data of electronic signatures are used for electronic signatures, It belongs to the exclusive property of the electronic signer
2) when signing, the proction data of the electronic signature is only controlled by the electronic signer
3) any change to the electronic signature after signing can be found
4) any change to the content and form of the data message after signing can be found
in combination with the above electronic contract signing process, We can conclude that an effective E-contract should pay attention to the following core points: content confidentiality, content tamper proof, clear signing identity and signing time
At the same time, in order to ensure the ability of electronic contract as written evidence, the whole process of contract signing should also be stored and notarized by an authoritative third party organizationthe Ministry of Commerce pointed out in the process specification for online conclusion of electronic contract that "only through the electronic contract conclusion system of the third party (electronic contract service provider), can the fairness of the process and the effectiveness of the results be ensured"
To sum up,is the implementation principle involved in all aspects of electronic signature