Standard ICS number:Information technology, office machinery and equipment>>Information technology application>>35.240.60 Information technology in transportation and trade
Standard Classification Number:Comprehensive>>Economy, Culture>>A10 Business, Trade, Contract
associated standards
Publication information
publishing house:China Standard Press
Publication date:2020-11-01
other information
drafter:Hao Xuan, Lin Jianyuan, Sun Zhaoyang, Xu Yi, Fan Xiao, Liu Donghua, Lu Yapeng, Yang Xiangyu, Wang Xiangchun, Zhao Yanyan, Zhang Yin, Jiang Yan, Liu Junhui, Zhang Yuanwei
Drafting unit:Beijing Tianwei Integrity E-Commerce Service Co., Ltd., China National Institute of Standardization, Shenzhen Fada Network Technology Co., Ltd., Hangzhou Tiangu Information Technology Co., Ltd., Biaoxin Technology (Beijing) Co., Ltd., CICC Financial Certification Center Co., Ltd., Beijing Lisi Chen Technology Co., Ltd., Jiangsu Yunshui Co., Ltd., Dongguan Puda Financial Consulting Co., Ltd., Sichuan Zenghui Technology Co., Ltd., etc.
Focal point unit:Beijing Tianwei Integrity E-Commerce Service Co., Ltd., China National Institute of Standardization, Shenzhen Fada Network Technology Co., Ltd., Hangzhou Tiangu Information Technology Co., Ltd., Biaoxin Technology (Beijing) Co., Ltd., CICC Financial Certification Center Co., Ltd., Beijing Lisi Chen Technology Co., Ltd., Jiangsu Yunshui Co., Ltd., Dongguan Puda Financial Consulting Co., Ltd., Sichuan Zenghui Technology Co., Ltd., Zhu
Proposing unit:Beijing Tianwei Integrity E-Commerce Service Co., Ltd., China National Institute of Standardization, Shenzhen Fada Network Technology Co., Ltd., Hangzhou Tiangu Information Technology Co., Ltd., Biaoxin Technology (Beijing) Co., Ltd., CICC Financial Certification Center Co., Ltd., Beijing Lisi Chen Technology Co., Ltd., Jiangsu Yunshui Co., Ltd., Dongguan Puda Financial Consulting Co., Ltd., Sichuan Zenghui Technology Co., Ltd., Zhu
Publishing department:State Administration for Market Regulation National Standardization Administration
GB/T 39321-2020.Specification for electronic contract forensics process.
1Scope
GB/T 39321 specifies the principles, business processes and requirements for electronic contract forensics, including applications for electronic contract forensics, Accept, extract, verify and issue certificates.
GB/T 39321 is applicable to electronic contract evidence collection service agencies providing evidence collection services. Those who carry out electronic contract evidence collection business in other ways may also refer to this standard.
2 Normative references
The following documents are essential for the application of this document. For dated references, only the dated version applies to this document. For undated referenced documents, the latest version (including all amendments) applies to this document.
GB/T 35285 Information Security Technology Public Key Infrastructure Technical Requirements for Reliable Electronic Signature Generation and Verification Based on Digital Certificates
GB/T 35288 Information Security Technology Electronic Certification Service Organization Job Skills Specifications for Practitioners | |tt||3 Terms and Definitions
The following terms and definitions apply to this document.
3.1
Electronic contract
Equal subjects of natural persons, legal persons, and other organizations use data messages as carriers and use electronic communication means to establish, change, and terminate civil rights and obligations. agreement.
[GB/T 36298-2018, definition 3.1]
3.2
the forensics of electronic contract
In order to verify the authenticity and integrity of the electronic contract , an activity in which service agencies with evidence collection capabilities and qualifications collect, verify and issue verification conclusions on electronic contracts and electronic data related to electronic contracts.
3.3
electronic contract forensics authority
Accepts the entrustment of the client, follows the prescribed methods, methods, steps and related rules and standards, and uses electronic contracts Institutions that use scientific verification technology or expertise to identify and judge and provide verification opinions.
3.4 ??
Electronic signature
The data contained in the data message in electronic form and attached to identify the identity of the signer and indicate that the signer recognizes the content.
3.5
Digital certificate
A digital file signed by an electronic certification authority that contains public key owner information, public key, issuer information, validity period, and some extended information .
This standard specifies the principles, business processes and requirements for electronic contract evidence collection, including the application, acceptance, extraction, verification and issuance of electronic contract evidence collection.
This standard applies to evidence collection services provided by electronic contract evidence collection service agencies. Those who carry out electronic contract evidence collection business in other ways may also refer to this standard.
Some standard content:
ICS35.240.60 A10 GB National Standard of the People's Republic of China GB/T39321—2020 Electronic Contract Evidence Collection Process Specification Specification for electronic contract forensics process2020-11-19 Released State Administration for Market Regulation National Standardization Administration Committee Released Implemented on 2021-06-01||tt ||Foreword Scope 2 3 5 6 7 8 9 Normative reference documents Terms and definitions Principles Electronic contract evidence collection process Application Acceptance Extraction Verification 10 Issue Appendix A (Informative Appendix) Appendix B (Normative Appendix) Reference Literature Verification Opinion Letter Framework Item Shenzi Contract Evidence Collection Application Form Times GB/T39321—2020 10| |tt||11 13 Foreword This standard was drafted in accordance with the rules given in GB/T1.1-2009. This standard was drafted by the National Electronic Business Standardization Technical Committee (SAC/TC83 ) proposed and focused. GB/T39321—2020 This standard was drafted by: Beijing Tianwei Chengshenzi Business Service Co., Ltd., China Institute of Standardization, Shenzhen Fada Network Technology Co., Ltd., Hangzhou Tiangu Information Technology Co., Ltd., Biaoxin Technology ( Beijing) Co., Ltd., CICC Financial Certification Center Co., Ltd., Beijing Lisichen Technology Co., Ltd., Jiangsu Yunshui Co., Ltd., Dongguan Puda Financial Consulting Co., Ltd., Sichuan Deshui Technology Co., Ltd., Zhuhai Xiangzhou District Small and Medium Enterprises Development Promotion Association. The main drafters of this standard: Hao Ying, Lin Jianyuan, Sun Zhaoyang, Xu Yi, Fan Xiao, Liu Donghua, Lu Yapeng, Yang Xiangyu, Wang Xiangchun, Zhao Yanyan, Zhang Yin, Jiang Yan, Liu Junhui, Zhang Yuanwei =||tt| |1 Scope Electronic Contract Evidence Collection Process Specification GB/T39321-2020www.bzxz.net This standard specifies the principles, business processes and requirements for Shenzi contract evidence collection, including Shenzi contract evidence collection Application, acceptance, extraction, verification and issuance of certificates. This standard applies to Shenzi contract evidence collection service agencies providing evidence collection services. Those who carry out electronic contract evidence collection business in other ways may also refer to this standard. Normative references 2 The following documents are essential for the application of this document. For dated references, only the dated version applies to the original document. For undated referenced documents, the latest version (including all amendments) applies to this document. GB/T35285 Information Security Technology Public Key Infrastructure Technical Requirements for Reliable Shenzi Signature Generation and Verification Based on Digital Certificates GB/T35288 3 Terms and Definitions Shenzi Certification Service Agency Job Skills Specifications for Practitioners Information Security Technology The following terms and definitions apply to this document. || tt | relationship agreement. || tt | Activities to collect, verify and issue verification conclusions on Shenzi contracts and electronic data related to Shenzi contracts. 3.3 Electronic Contract Forensics Authority accepts the entrustment of the client, follows the prescribed methods, methods, steps and related rules and standards, uses scientific verification technology or professional knowledge to identify and judge electronic contracts and provides verification Opinion body, 3.4 Electronic signature electronicsignature Data included in the application in the form of a subscript and attached to identify the signer and indicate that the signer acknowledges its content . 3.5 Digital certificate A digital file signed by an electronic certification authority that contains public key owner information, public key, issuer information, validity period, and some extended information. 1 GB/T39321—2020 [GB/T35288—2017, definition 3.1] 3.6 certificationauthority Electronic certification Service Authority The organization responsible for creating, distributing certificates, and providing verification when necessary to verify a user's identity. [GB/T35288—2017, definition 3.5] 3.7 Electronic contract service platform service platform of electronic contract is an independent contracting party, with identity authentication, negotiation, electronic signature, contract storage and An information system that can realize the online conclusion and processing of Shenzi contracts through functions such as calling. Note: Rewrite GB/T36298-2018, define 3.84 principle Legal and valid 4.1 The contract evidence collection process of Shenzi should follow the provisions of relevant national laws and regulations, so as to Ensure the legal validity of evidence collection results. The entrusting party of Shenzi contract evidence collection should meet the requirements of civil rights capacity and civil conduct capacity stipulated in relevant national laws and regulations. 4.2 Objective and true The evidence collection process of electronic contracts should be objective, fair and true. 3 Complete 4.3 The nodes of Shenzi contract evidence collection process should be complete. The content extracted or verified by Shenzi contract evidence collection service agency should be complete. 4.4 | tamper. S Electronic contract evidence collection process 5.1 Flowchart 5.1.1 Flowchart symbol description Used in the flowchart The graphical symbols, symbol names and descriptions are shown in Table 1. Table 1 Graphic symbols 2 Graphic symbols, symbol names and descriptions used in flowcharts Process Activities in business processes Description Graphic symbols Electronic contract evidence collection flow chart 5.1.2 Symbol name Process (optional)|| tt||Start End Judgment Conditions Document State Transfer The electronic contract evidence collection process is shown in Figure 1. Table 1 (continued) Optional activities in the business process The beginning of the business process The end of the business process The flow of the business process Judgment conditions Description Documents of interactions between roles in the business process State transfer between different activities in the business process GB/T39321—2020 3 GB/T39321 —2020 Electronic contract evidence collection flow chart Client Submit evidence collection application 1. Application form 2. Identity certification materials||tt| |3.Verification materials Notice of correction Notice of acceptance Notice of rejection Tips Receive verification conclusion 4||tt| |Certificate depositor 香 Yes (Extract and send verification materials) (Send extraction application Verifier Accept Review Application materials Are they complete Are they in compliance with Acceptance conditions Is it necessary Extract evidence Accept verification Materials Is it necessary Auxiliary verification Send auxiliary application Verification by verifier||Issuance of verification conclusion Verification opinion letter||tt ||Figure 1 Electronic contract evidence collection flow chart auxiliary verification party auxiliary verification issue auxiliary verification conclusion auxiliary verification conclusion 5.2 basic process| |tt||GB/T39321—2020 The Shenzi contract evidence collection process includes but is not limited to application, acceptance, extraction, verification and certification. The relevant business process description mainly reflects the following content: Application: The entrusting party submits an application for contract evidence collection. The entrusting party shall meet the application conditions and submit the required application materials a ; b) Acceptance: The verification party shall submit the entrustment Review the qualifications of the party and the submitted application materials, and determine whether to accept the evidence collection application; c) Extraction: The verification party extracts verification materials from the certificate depositor that stores the application contract and related electronic data; d) Verification: The verifier or auxiliary verifier conducts digital certificate verification, Shenzi signature verification and other auxiliary information verification on the verification materials; Certification: Based on the verification, the verifier should analyze and draw verification conclusions and issue " "Verification Opinion Letter", please refer to Appendix A for the content e) and format of the "Verification Opinion Letter". 5.3 Participants Participants in the Shenzi contract evidence collection process include but are not limited to the client and the Shenzi contract evidence collection service agency. Among them: a) Client: 1) In the process of Shenzi contract evidence collection, Shenzi contract contracting parties and interested parties, including natural persons and institutions, who apply for Shenzi contract evidence collection. Institutions include legal persons, other organizations and relevant state agencies. See 6.1. 2) The client should have the civil rights capacity and civil conduct capacity as stipulated in relevant national laws and regulations; for those who do not have full civil rights capacity and civil conduct capacity, a guardian or agent should apply on their behalf, b) Shenzi contract evidence collection Service organization: Shenzi contract evidence collection service organization includes the verifier, the certificate depositor and the auxiliary verifier. Among them: 1) Verifier: In the process of obtaining evidence on the Shenzi contract, the entity that extracts and verifies the Shenzi contract and related Shenzi data, including legal persons and other organizations. See 7.1. The first verifier should be an entity with professional knowledge and technical service capabilities that can verify the authenticity and integrity of the electronic contract. 2) Depositor: The entity responsible for storing the Shenzi contract and related Shenzi data, including legal persons and other organizations, as entrusted by the contracting parties or interested parties of the Shenzi contract. See 8.2. The depositor should be an entity with the ability to store sub-contracts and related electronic data. Auxiliary verifier: An entity with special expertise or experience in electronic data verification and related professional knowledge. Based on the entrustment of the verifier, the auxiliary verifier assists the verifier in conducting professional issues involved in the verification process. Entities that explain, express opinions or provide auxiliary verification conclusions, including legal persons and other organizations. See. 9.3. 6 Application 6.1 The entrusting party The entrusting party shall be one or more of the following situations: Contractor; a b ) The principal entrusted by the parties to the Shenzi contract; the interested parties of the Shenzi contract; c d) The institution that has the right to apply for evidence collection according to law. 5 GB/T39321—2020 2 Application materials 6.2 6.2.1 Basic requirements The client submits application materials The following requirements should be met: a) The client submits the application form, identity proof materials and verification materials to the verification party. Application materials can be submitted online or offline in paper form. The client shall bear corresponding legal responsibility for all consequences arising from the submission of false documents and certificates. b) 6.2.2 Electronic contract evidence collection application form The electronic contract evidence collection application form submitted by the entrusting party includes but is not limited to the following: a) Necessary information: 1) Entrustment Basic information of the party The client is an organization, which should include the name of the organization, address, unified social credit code or business license registration number, person in charge, contact number and other information: The client is a natural person , should include name, ID number, contact information, contact information, application email and other information. 2) The purpose of entrusting evidence collection includes but is not limited to litigation, arbitration, auditing, etc.: The entrusting party should make it clear whether it agrees to invite other verification agencies to provide auxiliary verification. b) Optional information: 1) Contents of entrusted evidence collection: including but not limited to the validity of the digital certificate attached to the Shenzi contract, the digital signature, and other information related to the electronic contract. 2) Basic information of verification materials: The quantity, name, and extraction method of verification materials should be included. Among them: the extraction method should include the client's own extraction, the verification party's extraction, or the client's authorized verification direction to extract the certificate depositor; if the client authorizes the verification party to extract the certificate depositor, the certificate depositor's information and authorization letter should be provided. The Shenzi contract evidence collection application form is shown in Appendix B. 6.2.3 Identity Proof Materials The client should submit different identity proof materials according to the type. If the entrusting party is an institution, it should submit at least one of the following certificates: a) 1) Business license; 2) Unified Social Credit Code Certificate; 3) Other relevant Evidence. b) If the entrusting party is a natural person, any one of the following identity documents should be submitted: 1) ID card; 2) Passport; 3) Residence permit for Hong Kong, Macao and Taiwan residents; 4) Military officer certificate, etc. 6.2.4 Verification materials If the client stores and manages the Shenzi contract and related electronic data by itself, it shall submit the following verification materials by itself: a) Shenzi contract; 6 1. 2) The client should have the capacity for civil rights and civil conduct as stipulated in relevant national laws and regulations; for those who do not have full capacity for civil rights and civil conduct, a guardian or agent should apply on their behalf, b) Shenzi Contract Evidence Collection Service Organization: Shenzi contract evidence collection service organization includes verifier, certificate depositor and auxiliary verifier. Among them: 1) Verifier: In the process of obtaining evidence on the Shenzi contract, the entity that extracts and verifies the Shenzi contract and related Shenzi data, including legal persons and other organizations. See 7.1. The first verifier should be an entity with professional knowledge and technical service capabilities that can verify the authenticity and integrity of the electronic contract. 2) Depositor: The entity responsible for storing the Shenzi contract and related Shenzi data, including legal persons and other organizations, as entrusted by the contracting parties or interested parties of the Shenzi contract. See 8.2. The depositor should be an entity with the ability to store sub-contracts and related electronic data. Auxiliary verifier: An entity with special expertise or experience in electronic data verification and related professional knowledge. Based on the entrustment of the verifier, the auxiliary verifier assists the verifier in conducting professional issues involved in the verification process. Entities that explain, express opinions or provide auxiliary verification conclusions, including legal persons and other organizations. See. 9.3. 6 Application 6.1 The entrusting party The entrusting party shall be one or more of the following situations: Contractor; a b ) The principal entrusted by the parties to the Shenzi contract; the interested parties of the Shenzi contract; c d) The institution that has the right to apply for evidence collection according to law. 5 GB/T39321—2020 2 Application materials 6.2 6.2.1 Basic requirements The client submits application materials The following requirements should be met: a) The client submits the application form, identity proof materials and verification materials to the verification party. Application materials can be submitted online or offline in paper form. The client shall bear corresponding legal responsibility for all consequences arising from the submission of false documents and certificates. b) 6.2.2 Electronic contract evidence collection application form The electronic contract evidence collection application form submitted by the entrusting party includes but is not limited to the following: a) Necessary information: 1) Entrustment Basic information of the party The client is an organization, which should include the name of the organization, address, unified social credit code or business license registration number, person in charge, contact number and other information: The client is a natural person , should include name, ID number, contact information, contact information, application email and other information. 2) The purpose of entrusting evidence collection includes but is not limited to litigation, arbitration, auditing, etc.: The entrusting party should make it clear whether it agrees to invite other verification agencies to provide auxiliary verification. b) Optional information: 1) Contents of entrusted evidence collection: including but not limited to the validity of the digital certificate attached to the Shenzi contract, the digital signature, and other information related to the electronic contract. 2) Basic information of verification materials: The quantity, name, and extraction method of verification materials should be included. Among them: the extraction method should include the client's own extraction, the verification party's extraction, or the client's authorized verification direction to extract the certificate depositor; if the client authorizes the verification party to extract the certificate depositor, the certificate depositor's information and authorization letter should be provided. Please see Appendix B for Shenzi Contract Evidence Collection Application Form. 6.2.3 Identity Proof Materials The client should submit different identity proof materials according to the type. If the entrusting party is an institution, it should submit at least one of the following certificates: a) 1) Business license; 2) Unified Social Credit Code Certificate; 3) Other relevant Evidence. b) If the entrusting party is a natural person, any one of the following identity documents should be submitted: 1) ID card; 2) Passport; 3) Residence permit for Hong Kong, Macao and Taiwan residents; 4) Military officer certificate, etc. 6.2.4 Verification materials If the client stores and manages the Shenzi contract and related electronic data by itself, it shall submit the following verification materials by itself: a) Shenzi contract; 6 1. 2) The client should have the capacity for civil rights and civil conduct as stipulated in relevant national laws and regulations; for those who do not have full capacity for civil rights and civil conduct, a guardian or agent should apply on their behalf, b) Shenzi Contract Evidence Collection Service Organization: Shenzi contract evidence collection service organization includes verifier, certificate depositor and auxiliary verifier. Among them: 1) Verifier: In the process of obtaining evidence on the Shenzi contract, the entity that extracts and verifies the Shenzi contract and related Shenzi data, including legal persons and other organizations. See 7.1. The first verifier should be an entity with professional knowledge and technical service capabilities that can verify the authenticity and integrity of the electronic contract. 2) Depositor: The entity responsible for storing the Shenzi contract and related Shenzi data, including legal persons and other organizations, as entrusted by the contracting parties or interested parties of the Shenzi contract. See 8.2. The depositor should be an entity with the ability to store sub-contracts and related electronic data. Auxiliary verifier: An entity with special expertise or experience in electronic data verification and related professional knowledge. Based on the entrustment of the verifier, the auxiliary verifier assists the verifier in conducting professional issues involved in the verification process. Entities that explain, express opinions or provide auxiliary verification conclusions, including legal persons and other organizations. See. 9.3. 6 Application 6.1 The entrusting party The entrusting party shall be one or more of the following situations: Contractor; a b ) The principal entrusted by the parties to the Shenzi contract; the interested parties of the Shenzi contract; c d) The institution that has the right to apply for evidence collection according to law. 5 GB/T39321—2020 2 Application materials 6.2 6.2.1 Basic requirements The client submits application materials The following requirements should be met: a) The client submits the application form, identity proof materials and verification materials to the verification party. Application materials can be submitted online or offline in paper form. The client shall bear corresponding legal responsibility for all consequences arising from the submission of false documents and certificates. b) 6.2.2 Electronic contract evidence collection application form The electronic contract evidence collection application form submitted by the entrusting party includes but is not limited to the following: a) Necessary information: 1) Entrustment Basic information of the party The client is an organization, which should include the name of the organization, address, unified social credit code or business license registration number, person in charge, contact number and other information: The client is a natural person , should include name, ID number, contact information, contact information, application email and other information. 2) The purpose of entrusting evidence collection includes but is not limited to litigation, arbitration, auditing, etc.: The entrusting party should make it clear whether it agrees to invite other verification agencies to provide auxiliary verification. b) Optional information: 1) Contents of entrusted evidence collection: including but not limited to the validity of the digital certificate attached to the Shenzi contract, the digital signature, and other information related to the electronic contract. 2) Basic information of verification materials: The quantity, name, and extraction method of verification materials should be included. Among them: the extraction method should include the client's own extraction, the verification party's extraction, or the client's authorized verification direction to extract the certificate depositor; if the client authorizes the verification party to extract the certificate depositor, the certificate depositor's information and authorization letter should be provided. Please see Appendix B for Shenzi Contract Evidence Collection Application Form. 6.2.3 Identity Proof Materials The client should submit different identity proof materials according to the type. If the entrusting party is an institution, it should submit at least one of the following certificates: a) 1) Business license; 2) Unified Social Credit Code Certificate; 3) Other relevant Evidence. b) If the entrusting party is a natural person, any one of the following identity documents should be submitted: 1) ID card; 2) Passport; 3) Residence permit for Hong Kong, Macao and Taiwan residents; 4) Military officer certificate, etc. 6.2.4 Verification materials If the client stores and manages the Shenzi contract and related electronic data by itself, it shall submit the following verification materials by itself: a) Shenzi contract; 6 Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.