金币
UID255515
帖子
主题
积分1697
注册时间2016-5-30
最后登录1970-1-1
听众
性别保密
|
发表于 2023-6-6 08:46:05
|
显示全部楼层
没法上传附件,只好复制粘贴,
摘自Part 11
(a) Signed electronic records shall contain information associated with the signing that clearly
indicates all of the following:
签署电子记录应包含能清晰显示如下所有与签名相关的信息:
(1) The printed name of the signer;
用印刷体书写出签名者的名字
(2) The date and time when the signature was executed; and
签名生效的日期和时间;和
(3) The meaning (such as review, approval, responsibility, or authorship) associated with the
signature.
和签名相关的含意(例如回顾、批准、职责、或原创作者)
(b) The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to the
same controls as for electronic records and shall be included as part of any human readable form of
the electronic record (such as electronic display or printout).
该条款已识别出在这一部分 (a)(1)、(a)(2)和(a)(3)节应服从于和电子记录同样的控制并且应该被
包括人们易读的电子记录的形式(例如电子显示或打印输出)
Sec. 11.70 Signature/record linking.
11.70 签名/记录连接
Electronic signatures and handwritten signatures executed to electronic records shall be linked to
their respective electronic records to ensure that the signatures cannot be excised, copied, or
otherwise transferred to falsify an electronic record by ordinary means.
在电子记录上签署的电子签名和手签名应该链接到它们各自的电子记录以保证电子签名不能
够被删去、拷贝或者其他方面的转移以至于使用普通手段伪造一个电子记录。
Sec. 11.200 Electronic signature components and controls.
11.200 电子签名的成分及管理
(a) Electronic signatures that are not based upon biometrics shall:
不依据生物测定学的电子签名应:
(1) Employ at least two distinct identification components such as an identification code and
password.
使用至少二种截然不同的证明成分,例如识别码和密码。
(i) When an individual executes a series of signings during a single, continuous period of controlled
system access, the first signing shall be executed using all electronic signature components;
subsequent signings shall be executed using at least one electronic signature component that is only
executable by, and designed to be used only by, the individual.
当一个人在一个独立的持续受控的系统登录期间内签署了一系列的签名, 签署的第一个签名将
使用所有的电子签名成分。 后续签署的签名应使用至少一种的电子签名的成分。 该成分只能由
个人签署,并且设计只能由个人来使用。
(ii) When an individual executes one or more signings not performed during a single, continuous
period of controlled system access, each signing shall be executed using all of the electronic
signature components.
当一个人不在一个独立的持续受控的系统登录期间内签署一个或多个签名时, 每一个被签署的
签名应使用所有的电子签名成分。
(2) Be used only by their genuine owners; and
仅被他们真正的所有者使用;和
(3) Be administered and executed to ensure that attempted use of an individual's electronic signature
by anyone other than its genuine owner requires collaboration of two or more individuals.
管理和签署以确保任何除其真正所有者外的其他人尝试使用该电子签名时需要二个或更多的
人的协作
(b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used
by anyone other than their genuine owners.
依据生物测定学的电子签名应被设计成能确保他们不能被真正所有者之外的其他人使用
Sec. 11.300 Controls for identification codes/passwords.
11.300 识别代码和密码的管理
Persons who use electronic signatures based upon use of identification codes in combination with
passwords shall employ controls to ensure their security and integrity. Such controls shall include:
人们使用基于利用识别码和密码混合的电子签名应使用管理以保证他们的安全和完整, 这种管
理应包括:
(a) Maintaining the uniqueness of each combined identification code and password, such that no two
individuals have the same combination of identification code and password.
保持每一的识别码和密码结合的唯一性,也就是不会有二个人有相同的识别码和密码。
(b) Ensuring that identification code and password issuances are periodically checked, recalled, or
revised (e.g., to cover such events as password aging).
保证识别码和密码发布能定期被检查、 收回或是修订(举例来说,覆盖象密码老化这样的事件)
(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or
otherwise potentially compromised tokens, cards, and other devices that bear or generate
identification code or password information, and to issue temporary or permanent replacements
using suitable, rigorous controls.
按照损失管理过程对丢失、被盗、找不到或有损伤可能的记号、卡片及其他装置(生成或创建
识别码或口令信息的装置) 进行电子失效,并应用适当、严格的控制发行临时或永久的代用品。
(d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification
codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized
use to the system security unit, and, as appropriate, to organizational management.
处理安全装置的使用以防止未被授权的密码或识别码的使用, 采取立即和紧急的措施检测并报
告任何试图未授权使用系统的安全单位,和适当的,组织管理。
(e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification
code or password information to ensure that they function properly and have not been altered in an
unauthorized manner.
最初的和定期的设备测试, 例如记号或卡片, 包含或产生识别代码或密码信息, 以保证他们行
使适当的职责和用一种未被授权的行为被改变。
Authority: 21 U.S.C. 321-393; 42 U.S.C. 262.
Source: 62 FR 13464, Mar. 20, 1997, unless otherwise noted
以下摘自中国电子签名法
第三章 电子签名与认证
第十三条 电子签名同时符合下列条件的,视为可靠的电子签名:
(一)电子签名制作数据用于电子签名时,属于电子签名人专有;
(二)签署时电子签名制作数据仅由电子签名人控制;
(三)签署后对电子签名的任何改动能够被发现;
(四)签署后对数据电文内容和形式的任何改动能够被发现。
当事人也可以选择使用符合其约定的可靠条件的电子签名。
第十六条 电子签名需要第三方认证的,由依法设立的电子认证服务提供者提供认证服务。
第三十四条 本法中下列用语的含义:
(一)电子签名人,是指持有电子签名制作数据并以本人身份或者以其所代表的人的名义实施电子签名的人;
(二)电子签名依赖方,是指基于对电子签名认证证书或者电子签名的信赖从事有关活动的人;
(三)电子签名认证证书,是指可证实电子签名人与电子签名制作数据有联系的数据电文或者其他电子记录;
(四)电子签名制作数据,是指在电子签名过程中使用的,将电子签名与电子签名人可靠地联系起来的字符、编码等数据;
(五)电子签名验证数据,是指用于验证电子签名的数据,包括代码、口令、算法或者公钥等。 |
|