GB/T 39321-2020.Specification for electronic contract forensics process.
1Scope
GB/T 39321 specifies the principles, business processes and requirements for electronic contract forensics, including applications for electronic contract forensics, Accept, extract, verify and issue certificates.
GB/T 39321 is applicable to electronic contract evidence collection service agencies providing evidence collection services. Those who carry out electronic contract evidence collection business in other ways may also refer to this standard.
2 Normative references
The following documents are essential for the application of this document. For dated references, only the dated version applies to this document. For undated referenced documents, the latest version (including all amendments) applies to this document.
GB/T 35285 Information Security Technology Public Key Infrastructure Technical Requirements for Reliable Electronic Signature Generation and Verification Based on Digital Certificates
GB/T 35288 Information Security Technology Electronic Certification Service Organization Job Skills Specifications for Practitioners
| |tt||3 Terms and Definitions
The following terms and definitions apply to this document.
3.1
Electronic contract
Equal subjects of natural persons, legal persons, and other organizations use data messages as carriers and use electronic communication means to establish, change, and terminate civil rights and obligations. agreement.
[GB/T 36298-2018, definition 3.1]
3.2
the forensics of electronic contract
In order to verify the authenticity and integrity of the electronic contract , an activity in which service agencies with evidence collection capabilities and qualifications collect, verify and issue verification conclusions on electronic contracts and electronic data related to electronic contracts.
3.3
electronic contract forensics authority
Accepts the entrustment of the client, follows the prescribed methods, methods, steps and related rules and standards, and uses electronic contracts Institutions that use scientific verification technology or expertise to identify and judge and provide verification opinions.
3.4
?? Electronic signature
The data contained in the data message in electronic form and attached to identify the identity of the signer and indicate that the signer recognizes the content.
3.5
Digital certificate
A digital file signed by an electronic certification authority that contains public key owner information, public key, issuer information, validity period, and some extended information .
This standard specifies the principles, business processes and requirements for electronic contract evidence collection, including the application, acceptance, extraction, verification and issuance of electronic contract evidence collection. This standard applies to evidence collection services provided by electronic contract evidence collection service agencies. Those who carry out electronic contract evidence collection business in other ways may also refer to this standard.

ICS35.240.60
A10
GB
National Standard of the People's Republic of China
GB/T39321—2020
Electronic Contract Evidence Collection Process Specification
Specification for electronic contract forensics process2020-11-19 Released
State Administration for Market Regulation
National Standardization Administration Committee
Released
Implemented on 2021-06-01||tt ||Foreword
Scope
2
3
5
6
7
8
9
Normative reference documents
Terms and definitions
Principles
Electronic contract evidence collection process
Application
Acceptance
Extraction
Verification
10
Issue
Appendix A (Informative Appendix)
Appendix B (Normative Appendix)
Reference Literature
Verification Opinion Letter Framework
Item
Shenzi Contract Evidence Collection Application Form
Times
GB/T39321—2020
10| |tt||11
13
Foreword
This standard was drafted in accordance with the rules given in GB/T1.1-2009. This standard was drafted by the National Electronic Business Standardization Technical Committee (SAC/TC83 ) proposed and focused. GB/T39321—2020
This standard was drafted by: Beijing Tianwei Chengshenzi Business Service Co., Ltd., China Institute of Standardization, Shenzhen Fada Network Technology Co., Ltd., Hangzhou Tiangu Information Technology Co., Ltd., Biaoxin Technology ( Beijing) Co., Ltd., CICC Financial Certification Center Co., Ltd., Beijing Lisichen Technology Co., Ltd., Jiangsu Yunshui Co., Ltd., Dongguan Puda Financial Consulting Co., Ltd., Sichuan Deshui Technology Co., Ltd., Zhuhai Xiangzhou District Small and Medium Enterprises Development Promotion Association. The main drafters of this standard: Hao Ying, Lin Jianyuan, Sun Zhaoyang, Xu Yi, Fan Xiao, Liu Donghua, Lu Yapeng, Yang Xiangyu, Wang Xiangchun, Zhao Yanyan, Zhang Yin, Jiang Yan, Liu Junhui, Zhang Yuanwei
=||tt| |1 Scope
Electronic Contract Evidence Collection Process Specification
GB/T39321-2020
This standard specifies the principles, business processes and requirements for Shenzi contract evidence collection, including Shenzi contract evidence collection Application, acceptance, extraction, verification and issuance of certificates.
This standard applies to Shenzi contract evidence collection service agencies providing evidence collection services. Those who carry out electronic contract evidence collection business in other ways may also refer to this standard.
Normative references
2
The following documents are essential for the application of this document. For dated references, only the dated version applies to the original document. For undated referenced documents, the latest version (including all amendments) applies to this document. GB/T35285 Information Security Technology Public Key Infrastructure Technical Requirements for Reliable Shenzi Signature Generation and Verification Based on Digital Certificates
GB/T35288
3 Terms and Definitions
Shenzi Certification Service Agency Job Skills Specifications for Practitioners Information Security Technology
The following terms and definitions apply to this document. || tt | relationship agreement. || tt | Activities to collect, verify and issue verification conclusions on Shenzi contracts and electronic data related to Shenzi contracts. 3.3
Electronic Contract Forensics Authority accepts the entrustment of the client, follows the prescribed methods, methods, steps and related rules and standards, uses scientific verification technology or professional knowledge to identify and judge electronic contracts and provides verification Opinion body, 3.4
Electronic signature
electronicsignature
Data included in the application in the form of a subscript and attached to identify the signer and indicate that the signer acknowledges its content . 3.5
Digital certificate
A digital file signed by an electronic certification authority that contains public key owner information, public key, issuer information, validity period, and some extended information.
1
GB/T39321—2020
[GB/T35288—2017, definition 3.1]
3.6
certificationauthority
Electronic certification Service Authority
The organization responsible for creating, distributing certificates, and providing verification when necessary to verify a user's identity. [GB/T35288—2017, definition 3.5]
3.7
Electronic contract service platform
service platform of electronic contract is an independent contracting party, with identity authentication, negotiation, electronic signature, contract storage and An information system that can realize the online conclusion and processing of Shenzi contracts through functions such as calling.
Note: Rewrite GB/T36298-2018, define 3.84 principle
Legal and valid
4.1
The contract evidence collection process of Shenzi should follow the provisions of relevant national laws and regulations, so as to Ensure the legal validity of evidence collection results. The entrusting party of Shenzi contract evidence collection should meet the requirements of civil rights capacity and civil conduct capacity stipulated in relevant national laws and regulations. 4.2
Objective and true
The evidence collection process of electronic contracts should be objective, fair and true. 3 Complete
4.3
The nodes of Shenzi contract evidence collection process should be complete. The content extracted or verified by Shenzi contract evidence collection service agency should be complete. 4.4 | tamper. S
Electronic contract evidence collection process
5.1
Flowchart
5.1.1
Flowchart symbol description
Used in the flowchart The graphical symbols, symbol names and descriptions are shown in Table 1. Table 1
Graphic symbols
2
Graphic symbols, symbol names and descriptions used in flowcharts
Process
Activities in business processes
Description
Graphic symbols
Electronic contract evidence collection flow chart
5.1.2
Symbol name
Process (optional)|| tt||Start
End
Judgment Conditions
Document
State Transfer
The electronic contract evidence collection process is shown in Figure 1.
Table 1 (continued)
Optional activities in the business process
The beginning of the business process
The end of the business process
The flow of the business process Judgment conditions
Description
Documents of interactions between roles in the business process State transfer between different activities in the business process GB/T39321—2020
3
GB/T39321 —2020
Electronic contract evidence collection flow chart
Client
Submit evidence collection application
1. Application form
2. Identity certification materials||tt| |3.Verification materials
Notice of correction
Notice of acceptance
Notice of rejection
Tips
Receive verification conclusion
4||tt| |Certificate depositor
香
Yes
(Extract and send verification materials)
(Send extraction application
Verifier
Accept Review
Application materials
Are they complete
Are they in compliance with
Acceptance conditions
Is it necessary
Extract evidence
Accept verification Materials
Is it necessary
Auxiliary verification
Send auxiliary application
Verification by verifier||Issuance of verification conclusion
Verification opinion letter||tt ||Figure 1 Electronic contract evidence collection flow chart
auxiliary verification party
auxiliary verification
issue auxiliary verification conclusion
auxiliary verification conclusion
5.2 basic process| |tt||GB/T39321—2020
The Shenzi contract evidence collection process includes but is not limited to application, acceptance, extraction, verification and certification. The relevant business process description mainly reflects the following content:
Application: The entrusting party submits an application for contract evidence collection. The entrusting party shall meet the application conditions and submit the required application materials a
;
b)
Acceptance: The verification party shall submit the entrustment Review the qualifications of the party and the submitted application materials, and determine whether to accept the evidence collection application; c) Extraction: The verification party extracts verification materials from the certificate depositor that stores the application contract and related electronic data; d)
Verification: The verifier or auxiliary verifier conducts digital certificate verification, Shenzi signature verification and other auxiliary information verification on the verification materials;
Certification: Based on the verification, the verifier should analyze and draw verification conclusions and issue " "Verification Opinion Letter", please refer to Appendix A for the content e)
and format of the "Verification Opinion Letter".
5.3 Participants
Participants in the Shenzi contract evidence collection process include but are not limited to the client and the Shenzi contract evidence collection service agency. Among them: a) Client:
1) In the process of Shenzi contract evidence collection, Shenzi contract contracting parties and interested parties, including natural persons and institutions, who apply for Shenzi contract evidence collection. Institutions include legal persons, other organizations and relevant state agencies. See 6.1. 2) The client should have the civil rights capacity and civil conduct capacity as stipulated in relevant national laws and regulations; for those who do not have full civil rights capacity and civil conduct capacity, a guardian or agent should apply on their behalf, b) Shenzi contract evidence collection Service organization:
Shenzi contract evidence collection service organization includes the verifier, the certificate depositor and the auxiliary verifier. Among them: 1) Verifier:
In the process of obtaining evidence on the Shenzi contract, the entity that extracts and verifies the Shenzi contract and related Shenzi data, including legal persons and other organizations. See 7.1.
The first verifier should be an entity with professional knowledge and technical service capabilities that can verify the authenticity and integrity of the electronic contract.
2) Depositor:
The entity responsible for storing the Shenzi contract and related Shenzi data, including legal persons and other organizations, as entrusted by the contracting parties or interested parties of the Shenzi contract. See 8.2. The depositor should be an entity with the ability to store sub-contracts and related electronic data. Auxiliary verifier: An entity with special expertise or experience in electronic data verification and related professional knowledge. Based on the entrustment of the verifier, the auxiliary verifier assists the verifier in conducting professional issues involved in the verification process. Entities that explain, express opinions or provide auxiliary verification conclusions, including legal persons and other organizations. See. 9.3. 6 Application
6.1 The entrusting party
The entrusting party shall be one or more of the following situations: Contractor;
a
b ) The principal entrusted by the parties to the Shenzi contract; the interested parties of the Shenzi contract;
c
d) The institution that has the right to apply for evidence collection according to law.
5
GB/T39321—2020
2 Application materials
6.2
6.2.1 Basic requirements
The client submits application materials The following requirements should be met: a) The client submits the application form, identity proof materials and verification materials to the verification party. Application materials can be submitted online or offline in paper form.
The client shall bear corresponding legal responsibility for all consequences arising from the submission of false documents and certificates. b)bzxZ.net
6.2.2 Electronic contract evidence collection application form
The electronic contract evidence collection application form submitted by the entrusting party includes but is not limited to the following: a) Necessary information:
1) Entrustment Basic information of the party
The client is an organization, which should include the name of the organization, address, unified social credit code or business license registration number, person in charge, contact number and other information:
The client is a natural person , should include name, ID number, contact information, contact information, application email and other information.
2) The purpose of entrusting evidence collection
includes but is not limited to litigation, arbitration, auditing, etc.: The entrusting party should make it clear whether it agrees to invite other verification agencies to provide auxiliary verification. b) Optional information:
1) Contents of entrusted evidence collection: including but not limited to the validity of the digital certificate attached to the Shenzi contract, the digital signature, and other information related to the electronic contract.
2) Basic information of verification materials: The quantity, name, and extraction method of verification materials should be included. Among them: the extraction method should include the client's own extraction, the verification party's extraction, or the client's authorized verification direction to extract the certificate depositor; if the client authorizes the verification party to extract the certificate depositor, the certificate depositor's information and authorization letter should be provided. The Shenzi contract evidence collection application form is shown in Appendix B.
6.2.3 Identity Proof Materials
The client should submit different identity proof materials according to the type. If the entrusting party is an institution, it should submit at least one of the following certificates: a)
1) Business license;
2) Unified Social Credit Code Certificate;
3) Other relevant Evidence.
b) If the entrusting party is a natural person, any one of the following identity documents should be submitted: 1) ID card;
2) Passport;
3)
Residence permit for Hong Kong, Macao and Taiwan residents;
4)
Military officer certificate, etc.
6.2.4 Verification materials
If the client stores and manages the Shenzi contract and related electronic data by itself, it shall submit the following verification materials by itself: a) Shenzi contract;
6
1. 2) The client should have the capacity for civil rights and civil conduct as stipulated in relevant national laws and regulations; for those who do not have full capacity for civil rights and civil conduct, a guardian or agent should apply on their behalf, b) Shenzi Contract Evidence Collection Service Organization:
Shenzi contract evidence collection service organization includes verifier, certificate depositor and auxiliary verifier. Among them: 1) Verifier:
In the process of obtaining evidence on the Shenzi contract, the entity that extracts and verifies the Shenzi contract and related Shenzi data, including legal persons and other organizations. See 7.1.
The first verifier should be an entity with professional knowledge and technical service capabilities that can verify the authenticity and integrity of the electronic contract.
2) Depositor:
The entity responsible for storing the Shenzi contract and related Shenzi data, including legal persons and other organizations, as entrusted by the contracting parties or interested parties of the Shenzi contract. See 8.2. The depositor should be an entity with the ability to store sub-contracts and related electronic data. Auxiliary verifier: An entity with special expertise or experience in electronic data verification and related professional knowledge. Based on the entrustment of the verifier, the auxiliary verifier assists the verifier in conducting professional issues involved in the verification process. Entities that explain, express opinions or provide auxiliary verification conclusions, including legal persons and other organizations. See. 9.3. 6 Application
6.1 The entrusting party
The entrusting party shall be one or more of the following situations: Contractor;
a
b ) The principal entrusted by the parties to the Shenzi contract; the interested parties of the Shenzi contract;
c
d) The institution that has the right to apply for evidence collection according to law.
5
GB/T39321—2020
2 Application materials
6.2
6.2.1 Basic requirements
The client submits application materials The following requirements should be met: a) The client submits the application form, identity proof materials and verification materials to the verification party. Application materials can be submitted online or offline in paper form.
The client shall bear corresponding legal responsibility for all consequences arising from the submission of false documents and certificates. b)
6.2.2 Electronic contract evidence collection application form
The electronic contract evidence collection application form submitted by the entrusting party includes but is not limited to the following: a) Necessary information:
1) Entrustment Basic information of the party
The client is an organization, which should include the name of the organization, address, unified social credit code or business license registration number, person in charge, contact number and other information:
The client is a natural person , should include name, ID number, contact information, contact information, application email and other information.
2) The purpose of entrusting evidence collection
includes but is not limited to litigation, arbitration, auditing, etc.: The entrusting party should make it clear whether it agrees to invite other verification agencies to provide auxiliary verification. b) Optional information:
1) Contents of entrusted evidence collection: including but not limited to the validity of the digital certificate attached to the Shenzi contract, the digital signature, and other information related to the electronic contract.
2) Basic information of verification materials: The quantity, name, and extraction method of verification materials should be included. Among them: the extraction method should include the client's own extraction, the verification party's extraction, or the client's authorized verification direction to extract the certificate depositor; if the client authorizes the verification party to extract the certificate depositor, the certificate depositor's information and authorization letter should be provided. Please see Appendix B for Shenzi Contract Evidence Collection Application Form.
6.2.3 Identity Proof Materials
The client should submit different identity proof materials according to the type. If the entrusting party is an institution, it should submit at least one of the following certificates: a)
1) Business license;
2) Unified Social Credit Code Certificate;
3) Other relevant Evidence.
b) If the entrusting party is a natural person, any one of the following identity documents should be submitted: 1) ID card;
2) Passport;
3)
Residence permit for Hong Kong, Macao and Taiwan residents;
4)
Military officer certificate, etc.
6.2.4 Verification materials
If the client stores and manages the Shenzi contract and related electronic data by itself, it shall submit the following verification materials by itself: a) Shenzi contract;
6
1. 2) The client should have the capacity for civil rights and civil conduct as stipulated in relevant national laws and regulations; for those who do not have full capacity for civil rights and civil conduct, a guardian or agent should apply on their behalf, b) Shenzi Contract Evidence Collection Service Organization:
Shenzi contract evidence collection service organization includes verifier, certificate depositor and auxiliary verifier. Among them: 1) Verifier:
In the process of obtaining evidence on the Shenzi contract, the entity that extracts and verifies the Shenzi contract and related Shenzi data, including legal persons and other organizations. See 7.1.
The first verifier should be an entity with professional knowledge and technical service capabilities that can verify the authenticity and integrity of the electronic contract.
2) Depositor:
The entity responsible for storing the Shenzi contract and related Shenzi data, including legal persons and other organizations, as entrusted by the contracting parties or interested parties of the Shenzi contract. See 8.2. The depositor should be an entity with the ability to store sub-contracts and related electronic data. Auxiliary verifier: An entity with special expertise or experience in electronic data verification and related professional knowledge. Based on the entrustment of the verifier, the auxiliary verifier assists the verifier in conducting professional issues involved in the verification process. Entities that explain, express opinions or provide auxiliary verification conclusions, including legal persons and other organizations. See. 9.3. 6 Application
6.1 The entrusting party
The entrusting party shall be one or more of the following situations: Contractor;
a
b ) The principal entrusted by the parties to the Shenzi contract; the interested parties of the Shenzi contract;
c
d) The institution that has the right to apply for evidence collection according to law.
5
GB/T39321—2020
2 Application materials
6.2
6.2.1 Basic requirements
The client submits application materials The following requirements should be met: a) The client submits the application form, identity proof materials and verification materials to the verification party. Application materials can be submitted online or offline in paper form.
The client shall bear corresponding legal responsibility for all consequences arising from the submission of false documents and certificates. b)
6.2.2 Electronic contract evidence collection application form
The electronic contract evidence collection application form submitted by the entrusting party includes but is not limited to the following: a) Necessary information:
1) Entrustment Basic information of the party
The client is an organization, which should include the name of the organization, address, unified social credit code or business license registration number, person in charge, contact number and other information:
The client is a natural person , should include name, ID number, contact information, contact information, application email and other information.
2) The purpose of entrusting evidence collection
includes but is not limited to litigation, arbitration, auditing, etc.: The entrusting party should make it clear whether it agrees to invite other verification agencies to provide auxiliary verification. b) Optional information:
1) Contents of entrusted evidence collection: including but not limited to the validity of the digital certificate attached to the Shenzi contract, the digital signature, and other information related to the electronic contract.
2) Basic information of verification materials: The quantity, name, and extraction method of verification materials should be included. Among them: the extraction method should include the client's own extraction, the verification party's extraction, or the client's authorized verification direction to extract the certificate depositor; if the client authorizes the verification party to extract the certificate depositor, the certificate depositor's information and authorization letter should be provided. Please see Appendix B for Shenzi Contract Evidence Collection Application Form.
6.2.3 Identity Proof Materials
The client should submit different identity proof materials according to the type. If the entrusting party is an institution, it should submit at least one of the following certificates: a)
1) Business license;
2) Unified Social Credit Code Certificate;
3) Other relevant Evidence.
b) If the entrusting party is a natural person, any one of the following identity documents should be submitted: 1) ID card;
2) Passport;
3)
Residence permit for Hong Kong, Macao and Taiwan residents;
4)
Military officer certificate, etc.
6.2.4 Verification materials
If the client stores and manages the Shenzi contract and related electronic data by itself, it shall submit the following verification materials by itself: a) Shenzi contract;
6
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.