试行 ) 的通知 ( 豫政 〔 2010 〕 74 号 ) Notice of the People's Government of Henan Province on Printing and Distributing the Administrative Measures for the Use of Digital Certificates in Henan Province (for Trial Implementation ) ( Yu Zheng [ 2010 ] No. 74 )
Provincial People's Governments, Provincial People's Government departments:
The "Administrative Measures on the Use of Digital Certificates in Henan Province (Trial)" is now issued to you. Please implement them carefully.
Henan Provincial People's Government
September 21, 2010
Administrative Measures for the Use of Digital Certificates in Henan Province (Trial)
Chapter I General Provisions
Article 1 In order to regulate the use of digital certificates in our province, strengthen the management of electronic certification service agencies, and promote the construction of our online trust system, in accordance with the Electronic Signature Law of the People's Republic of China and the Regulations on the Administration of Commercial Passwords (Order No. 273 of the State Council) No.), Henan Province's Informationization Regulations, Administrative Measures for Electronic Authentication Services (Order No. 1 of the Ministry of Industry and Information Technology), Administrative Measures for Passwords of Electronic Authentication Services (State Encryption Administration No. 17 Announcement), The "Measures on the Administration of E-Government Electronic Authentication Service" (Guo Secret Bureau issued  No. 17) and other relevant regulations formulated these measures.
Article 2 The digital certificate referred to in these measures refers to an electronic signature certification certificate issued by an electronic certification service agency established in accordance with the law and based on commercial password technology and capable of confirming the relevance of the electronic signer and the electronic signature production data.
Article 3 These measures apply to the application, issue, use, renewal, extension, restoration, revocation and related management activities of digital certificates in the administrative region of our province.
Article 4 The Provincial Department of Industry and Information Technology and the State Administration of Password, in accordance with their respective responsibilities, are responsible for the unified planning, use management, supervision and inspection of the application of digital certificates across the province, and guide the hierarchical construction of electronic certification service systems covering the province.
Article 5 Electronic certification services involving the use of digital certificates in e-government activities in our province shall be carried out on the basis of the electronic certification infrastructure approved by the State ’s password management department, and its system construction shall meet the construction requirements of our province's electronic certification service system.
The electronic certification services related to the use of digital certificates in social and public service activities shall be provided by an electronic certification service agency established in accordance with the law, and its system construction shall meet the requirements of the construction of our province's electronic certification service system.
Electronic certification services that involve the use of digital certificates in e-commerce activities shall be provided by electronic certification service agencies established in accordance with the law.
Chapter II Digital Certificate Use and Management
Article 6 In the following non-secret e-government activities that require identity authentication, authorization management, and responsibility determination, digital certificates must be used in accordance with relevant regulations of the state and our province: (1) Online office and administration using the e-government system Examination and approval, official document circulation, official document archiving, and transfer of archived official documents to the archives department; (2) online annual inspection, declaration, supervision, approval, filing, payment, qualification certification, statistics and other social management activities; (3) using electronic government procurement Systematic online government procurement, bidding and other activities; (4) activities that use the Internet to provide information disclosure services to the community; (5) other e-government activities that use the Internet.
The e-government construction projects of all units shall specify the relevant content and budget of the digital certificate function construction in the construction plan, and the Provincial Department of Industry and Information Technology shall review the relevant content.
Article 7 In the following social and public service activities, where identity authentication, authorization management, and responsibility determination are required, digital certificates shall be used in accordance with relevant regulations of the state and our province: (1) organizations authorized by laws and regulations with the function of managing public affairs Social and public service activities carried out using the Internet; (2) Financial service activities carried out by the banking, securities, insurance, futures and other industry institutions using the Internet; (3) Education, medical care, water supply, power supply, gas supply, heating, public transportation Social and public service activities carried out by enterprises and institutions in the fields of meteorology, environmental protection, etc. using the network; (4) Other social and public service activities carried out by using the network.
Article 8 In the following e-commerce activities, where identity authentication, authorization management, and responsibility determination are required, digital certificates are used in accordance with the law: (1) activities carried out based on various network transaction platforms, information service platforms, and entertainment platforms; (2) Use the network to sign electronic contracts, carry out electronic payments, and deliver digital products; (3) use mobile e-commerce service platforms, and use smart mobile terminals such as mobile phones, personal digital assistants, and handheld computers to target public utilities, transportation and tourism, employment and housekeeping, Activities that provide wireless payment services, convenience services, and business information services in areas such as entertainment and market conditions; (4) activities in which parties to the transaction consider digital certificates to be required in e-commerce activities; (5) other e-commerce activities using the Internet .
Article 9. Government agencies, organizations authorized by laws and regulations that have functions to manage public affairs, various social organizations, enterprises and citizens shall apply for digital certificates to electronic certification service agencies that are qualified for electronic certification services.
To apply for a digital certificate in e-government activities, you must apply to an e-certification service agency that is qualified for e-government e-certification services.
Article 10 Units or individuals applying for the use of digital certificates shall provide authentic, complete, legal and effective certification materials to electronic certification service agencies and shall be responsible for their authenticity. If the conditions are met, the two parties sign a digital certificate use service agreement, and the electronic certification service agency issues the digital certificate and collects the related fees.
If digital certificates are required to carry out e-government activities or social public service activities, the units shall handle them centrally.
Article 11 Matters such as the renewal, loss reporting, and revocation of digital certificates and the rights and obligations of all parties shall be stipulated in the digital certificate service agreement.
The Provincial Department of Industry and Information Technology, in conjunction with the Provincial National Cryptographic Administration, will organize the formulation and publication of a model text of the digital certificate service agreement for reference by the parties to the agreement; the digital certificate use service agreement text provided by the electronic certification service agency shall be in the Provincial Department of Industry and Information Technology 2. For the record of the State Password Administration.
Article 12 The charging of digital certificates used by electronic certification service agencies for e-government activities shall be carried out in accordance with the digital certificate charging standards approved by the provincial price authority. The fees for digital certificates used for social public services and e-commerce activities are subject to the supervision of provincial price authorities.
Article 13 The digital certificate shall be stored in a carrier that complies with relevant regulations, shall be properly kept by the holder of the digital certificate, and shall be used by special persons only, and shall not be lent to others for use.
Units using digital certificates shall establish a system to clarify the actual custodians, use rights, uses, registration, and issuance of digital certificates.
Chapter III Management of Electronic Certification Service Organizations
Article 14 Electronic certification service agencies providing electronic certification services in our province shall file in advance with the Provincial Department of Industry and Information Technology and the Provincial State Administration of Cryptography for the record.
The electronic certification service agency provides electronic government service electronic certification service and construction registration review system in our province, which is approved by the Provincial National Password Administration.
Article 15 The key services required by electronic certification service agencies to provide electronic certification services shall be provided by the key management system planned by the Provincial National Password Administration.
Article 16 An electronic certification service agency shall establish a comprehensive confidentiality system in accordance with the relevant national laws and regulations, perform its obligation to keep information that is not appropriate to be disclosed in digital certificates, and accept supervision and inspection by relevant functional departments. The staff of the electronic certification service agency shall not disclose the identity information of the digital certificate holder and the digital certificate key that the digital certificate holder entrusts the certification authority to keep.
The key personnel of the electronic certification service agency shall be filed with the Provincial Department of Industry and Information Technology. Electronic certification service agencies, units and personal information holding digital certificates shall be filed with the Provincial Public Security Department. When national security organs perform national security tasks in accordance with the law, they shall have the right to check the relevant information of digital certificate holders after presenting the corresponding documents, and electronic certification service agencies shall cooperate. The professional and technical personnel, operation and maintenance personnel, security management personnel and service personnel of the e-government electronic certification service agency shall be filed with the provincial State Password Administration.
Article 17 The construction of an electronic authentication service system shall comply with the “Administrative Measures for Electronic Authentication Services”, “Passwords for Certificate Authentication Systems and Related Security Technical Specifications”, “Administrative Measures for Passwords for Electronic Authentication Services”, etc. Should comply with the provisions of the "Administrative Measures for E-Government Electronic Authentication Service", meet the requirements for the establishment of a unified electronic authentication service system, and pass the security review, interconnection and interoperability testing and acceptance by the national password management department.
Article 18 The e-authentication service organization providing e-government e-authentication service shall pass the evaluation of the e-government e-authentication service capability organized by the state password management department and be listed in the "E-government E-authentication Service Organization Directory".
Article 19 Relevant units directly under the provincial government will no longer construct electronic authentication infrastructure in principle, and if there is a special need, after providing relevant evidence that the electronic authentication infrastructure already built in our province cannot meet their electronic authentication requirements, they shall be managed by the provincial national password. After the approval of the Bureau, the corresponding electronic certification infrastructure can be constructed.
The electronic certification service system serving the business application of the unit is limited to internal use and shall not provide electronic certification services to external parties.
Article 20 In the process of using digital certificates, electronic certification service agencies or digital certificate holders who violate laws and regulations such as the "Electronic Signature Law of the People's Republic of China" and "Regulations on the Administration of Commercial Passwords" shall be punished according to law; constituting crime If it is, the judicial organ shall deal with it according to law.