Electronic Authentification Services In China: Current Situation, Problems And Government Strategies

Along with the development of internet and informatization, the popularization of e-commerce and electronic government, and the expansion and deepening in their application, trust on internet and security problems attract more and more attentions. In order to solve these problems (identity authentification, information encryption and integrity, non-repudiation), the members of Standing Committee of Political Bureau, the CPC Central Committee, at the conference in July 1996, studied on the development of commercial cryptography in our country, and made a great decision to energetically develop commercial cryptography and strengthen its management. Later, document ZBF[1996]No.27 was issued, which established the policy in twenty words as"unified leadership, centralized management, fixed-point development, specially controlled operation, satisfy the use", which showed a clear direction for development and management of commercial cryptography in our country. Afterwards, the electronic authentification and service industry, by using these advanced experiences and technologies from abroad, started developing rapidly.Up to October 2007, after over ten years of development, 27 electronic authentification institutions all around the country have been approved by departments of information industry and National Cryptography Administration Bureau. These institutions issued digital certificates and attested application of internet digital certificates in every trade all around the country. On the whole, they guaranteed the development of our country's informatization and e-commerce and electronic government in a healthy and orderly way, and greatly strengthened the confidence of users in using internet to develop their businesses.In this article, on the basis of the background that electronic authentification generated, and the development that electronic authentification service industry in our country experienced and the current environments (market environment, environment of laws and regulations, environment of internet credit, etc) in which it exists, I analyze the problem that electronic authentification service industry faces at present in detail, and then point out the reason for it, and what harms it would produce, furthermore, I put forward suggestions for solution of the problem.This article consists of three parts.In the first part, it summarizes the authentification service industry of electronic government.In the second part, the problems that electronic authentification service industry faces at present and reasons for it are deeply analyzed. The reasons mainly display as: first, at present, laws and regulations for electronic authentification and e-commerce in our country are not systematized and perfect. Second, (indicate clearly until the fifth) the scope and degree that electronic authentification being applied are deficient. Third, the problems of interconnection and intercommunication exist in electronic authentification institutions need to be solved. Fourth, the problems exist in security assurance of electronic authentification service system. Fifth, the electronic authentification institutions universally lack measures for handling claims or providing insurance for users. In addition, the application fields and scales of electronic signature authentification need to be expanded. The authority, intercommunication and reliability of CA authentification fail to reach the requirement. Quite a large part of completed electronic authentification systems are not unified in modes, the establishment of criteria is not perfect or the criteria are not carried out to the detail. Hidden dangers exist in the large amount of hardware and software from abroad, which are used in the electronic authentification system in our country. The electronic authentification institutions universally lack measures for handling claims or providing insurance for users, etc. All these problems are critical factors that stop the electronic authentification service industry from developing rapidly and sound, and the government shall do more efforts to solve the problems by using government resources and market orientation.In the third part, aiming at the problems analyzed in the second one, the countermeasures are given for government. The countermeasures are: first, strengthen the construction of laws and regulations related to electronic authentification, standardize these electronic authentification institutions and the development of its industry. Second, vigorously popularize the application of electronic authentification and enhance the cognition degree of people over authentification services. Third, speed up the development of interconnection and intercommunication of electronic authentification and build orderly internet service environment. Fourth, use as much home-made products in electronic authentification system as possible, to provide security assurance for it. Fifth, establish principles of claim mechanism, to guarantee the credit of electronic authentification industry. In addition, laws for security authentification include"credit legislation","law of electronic signature","law of electronic transactions"and"law of authentification administration", etc."Law of electronic signature"only acts as a framework in stipulating the management of electronic authentification services, complete laws and regulations and occupational standard are needed to be perfected urgently. Secondly, bring the government into full play as a guidance and demonstration role in application of digital certificates. The digital certificates shall be used firstly by government agency and civil servants in internet office, official documents processing and information transfer, and the top priority shall be especially given to such aspects as tax on internet, electronic custom declaration, internet bank, bid invitation and purchasing, electronic contract. Thirdly, a) Overall planning, perfect layout, and build national cross-region, cross-trade and cross-domain technical system, operational system and service system of electronic authentification. Strengthen the intercommunication cooperation among institutions for electronic authentification services and enhance the compatibility of certificates issued by different institutions, to upgrade the level of industry clusters. On the premise that all interest subjects in electronic authentification service industry of China develop in a healthy and balance way, bringing the competition mechanism and the function of"survival of the fittest"of market into full play, to make the electronic authentification service institutions provide more convenient and professional services for users in every field and every place. I suggest here to increase the standard of market access for electronic authentification service institutions and request them to adopt safe and reliable techniques as well as strict and efficient management to guarantee their credibility. b) Technically, the construction of CA center concerns the sovereignty and interests of China, we could not be enslaved by others, so we shall minimize our reliance on foreign countries in security and encryption techniques. The state shall reasonably control the development of CA technique, on the basis of conforming to international standards, to develop CA products of our independent property right. c) Building the electronic authentification system must have the support of standardization, which shall perform guiding effect to ensure consistency in technique and realization of overall efficiency. This is to say that the system must be built on the basis of market demand, but not only on translating the criteria of other countries or those of multinational companies and monopoly enterprises. Research on"Management Methods for Business Acceptance of Electronic Authentification Service Institutions","Management Methods for Cross-Authentification of Electronic Authentification Service Institutions","Methods for Approval of Overseas Electronic Certificates"and"Management Criteria for Operation of Electronic Authentification Service Institutions", etc., and establish standards related to electronic authentification services. Fourthly, to drive the localization of electronic authentification system by government in investing certain projects, to realize the localization of software in the system by increasing the government's purchasing, to support the enterprises who engage in development of electronic authentification software and make them stronger by bettering the preferential treatment, to put the scientific and technological achievements, related to electronic authentification, into practical application and furthermore change into the first productive force by perfecting the operational mechanism of software enterprises. Fifthly, to allow CA institutions to stipulate the using scope and liability limitation of certificates by legislation, and only to request electronic authentification service institutions to provide insurance on their civil compensation liability by carrying out liability insurance system, can it effectively disperse the risks of law. a) To establish the system of reserve fund for electronic authentification as caution money of enterprises (or companies) to compensate consumers. b) It is urgent to perfect the laws and regulations, which stipulate the joint liability system of electronic authentification institutions and network operators, to clarify the relations of both parties on liabilities, rights and interests, and strengthen their mutual supervision and restriction as well as senses of responsibility on each other. c) For using of electronic certificates, it mostly concerns the problems which have small objects to claim but cost much to safeguard the right. It is necessary to establish the maximum guarantee system for rights and interests of consumers, to protect their rights and interests of real meaning but not a judicial one. All loss that users of electronic certificates have suffered and other reasonable expenses they have paid in safeguarding their rights shall all be compensated by electronic authentification institutions. That is to say, no matter how much the consumers lose, as long as the loss really exists, the electronic authentification institutions shall compensate consumers'all reasonable expenses, in addition to the loss of claimed objects suffered by tort, such as litigation fees, agent fees, traffic fees, delay compensation, telephone fees, boarding fees and mailing fees, etc. Only in this way, can the interests of consumers be protected maximally.Of course, as the electronic authentification service industry, which is in dynamic development, advances with time and keeps changing, so shall the researches of government strategies on it be enriched and improved continually, and the government policies be adjusted with different times and situations as well. Only in this way, can the electronic authentification service industry develops rapidly and sound, and guarantees the rapid development of informatization, electronic government and e-commerce.