Discussion on the functions, legal responsibilities and authority of electronic check certification agencies

Functions of certification bodies

The main task of the certification body is to accept applications for digital certificates, issue and manage digital certificates. In addition, the certification authority also needs to keep the public key, and according to the provisions of foreign laws, the validity period of the public key usually does not exceed 3 to 4 years or more; in certain circumstances, the parties can revoke it in accordance with legal provisions or mutual agreement. or terminate the use of one’s own public key.

Legal responsibilities of certification bodies

The legal liability of a certification body is the most important part of its legal status. When constructing the legal responsibility framework of certification agencies, you can refer to the relevant provisions of the “Digital Signature Laws” of various states in the United States and the “Electronic Transactions Act” of Singapore.

• Reliability of the system: Certification bodies are responsible for using trustworthy systems (including computer hardware, software) to perform their duties and to disclose relevant information (such as certification business statements, certificate revocation or suspension notice, etc.), thereby ensuring the authority and impartiality of the certification body.
• Certificate Accuracy: The certification authority should issue the certificate in accordance with the certification business statement, which means that the signer in the certificate acknowledges the certificate and has a private key consistent with the public key listed in the certificate. key and constitute a functional key pair; if the certification authority does not state in the certificate that some specified information is unconfirmed, this information is accurate by default.
• Management of certificates: When receiving a request from an applicant or representative, the certification body is obliged to suspend the validity of the certificate; if it is found that there are important false statements in the certificate or there is evidence that the signer is dead, If the certificate disappears, the certificate should be revoked immediately and relevant notices should be issued at the designated location.
• Limitation of Liability: For losses caused by errors in the issuance of certificates, the certification body shall bear corresponding civil liability for compensation, but the amount of compensation shall be capped at the amount stated in the certificate; however, when the certificate is issued If the certificate is stolen and used for fraud by others, as long as the party fails to promptly notify the certification authority of the stolen certificate, the certification authority does not need to be responsible for the resulting losses.

Authority and impartiality

In order to ensure the authority and impartiality of the certification body, the following issues need to be solved:

• Unification of policies and organizational coordination: The country should establish a strong comprehensive coordination department to formulate a unified policy framework, and have a specialized agency coordinate and manage online business certification affairs nationwide to avoid problems. A situation of policy conflict or management confusion.
• Selection of certification agencies: Given that my country’s market is still in its early stages of development and corporate reputation is generally low, it is necessary to introduce government credit support in the electronic certification process. It is recommended to build a tree-like certification system: under the leadership of the National Information Work Leading Group, the Foreign Economic Relations and Trade Commission and the People’s Bank of China will serve as certification agencies (RCA) in the economic, trade and financial fields, and then set up brand certification agencies (BCA) and local governments. Certification Agency (RCA).
• Consistency of certification standards: Different standards among certification agencies will cause conflicts and increase customer burdens. Therefore, adopting unified standards that are in line with international standards will help reduce transaction costs and improve efficiency. At present, the application of my country’s information security standards has achieved initial results. In the future, on the one hand, we should vigorously promote SET, an internationally advanced standard, and on the other hand, we should independently develop new standards and strengthen international exchanges to enhance the competitiveness of domestic certification agencies in the global market.