Certification centers

Electronic signature

Main article: Electronic signature

Services UC

The Authentication Center is the global directory service component responsible for managing the cryptographic keys of users. Public keys and other user information are stored as digital certificates by authentication centers. TC functions include:

• issuance of electronic signatures;
• providing public keys (certificates) of the EDS to any interested persons;
• Suspension of EDS, if compromised;
• Authenticating the signature of electronic documents;
• analysis of conflict situations.

To obtain an EDS, you must contact the Certification Center or its representative office.

Certification centers in Russia

• "National Certification Center"
• Electronic Express CT (GUARANTOR CT)
• MTS (certification center)
• US "Tensor"
• "Crypto Standard"
• InfoTEKS Internet Trust
• Certification center of SCS Circuit
• UC of the Supreme Court
• UC State Dumas
• UC State Offices of Public Prosecutor
• CC of the Investigative Committee
• FAU "Russian Maritime Register of Shipping (RMRS)"
• Electronic Moscow Certification Center
• National Certification Centre (NSC)
• LISSI-Soft
• ANC Certification Center
• E-Note Certification Center
• IT & Com (Certification Center)
• TechnoCode-Certification Center

Chronicle

2021: E-signature companies searched

In mid-April 2021, it became known about the searches that took place in Russian companies issuing electronic signatures. In particular, the operatives became interested in Moscow LLC MTSSP-Group and Yekaterinburg LLC Solar, which, according to Kommersant, have recently accounted for the most new signatures. More details here.

2020: New requirements for certification centers

On May 21, 2020, it became known about the draft government decree prepared by the Ministry of Finance of the Russian Federation, which contains additional requirements for certification centers (CA) issuing a qualified electronic signature.

This document was sent by the First Deputy Minister of Finance Tatyana Nesterenko to the Ministry of Communications, the Federal Tax Service, the FSB and the ANO Digital Economy. Vedomosti got acquainted with a copy of the letter. 

Only the largest Russian banks will be able to issue a qualified electronic signature

It follows from the decree of the Ministry of Finance that organizations with a bank license and branches, representative offices or structural divisions in at least 60% of the regions will be able to issue electronic signatures to legal entities and individual entrepreneurs. Russia And meet this requirement Sberbank. and VTB Alfa-Bank Bank mail also have a developed branch network, but so far they do not have their own UCs.

Tinkoff Bank considers these requirements redundant, because they do not allow certifying centers to serve customers remotely, and also conflict with the provisions of the law "On Electronic Signature."

The president of the Association of Developers and Operators of Electronic Services Systems Yuri Malinin adheres to the same opinion. According to him, in this scenario, a maximum of two state banks will be able to issue CEP.

There will be no competition, which will negatively affect the development of the IT industry, "he concludes.

In addition, according to the project of the Ministry of Finance, the CC  should not be  in the process of reorganization or  liquidation. Also , he  should not have arrears in  paying taxes, fees, fines , etc. The decree should enter  into force on July 1, 2020.

By May 21, 2020, about 500 certification centers accredited by the Ministry of Communications and Communications have the right to issue a qualified electronic signature. Most (95%) of such signatures are issued to legal entities, the rest to individuals.^[1]

2019

How amendments to the law on electronic signature changed the CC system

The State Duma adopted in the third reading a bill amending the federal law on electronic signature. We talk about the main changes^[2].

Delivery order

Electronic digital signatures will be issued to legal entities by the certification centers of the Federal Tax Service, and credit organizations - the Central Bank HC. Officials of state bodies and local governments and institutions subordinate to them, as well as notaries, will be able to get keys only in the certification centers of the Federal Treasury. Individuals will receive keys at accredited commercial certification centers.

Signature of legal entity

The following signatures will be used in legal relations of legal entities:

• CEP of a legal entity issued only to a legal entity for use in automatic signature signing or verification of a signature in an electronic document.
• CEP of a legal entity issued to the manager.
• CEP of an individual with the inclusion of power of attorney of a legal entity in the package of electronic documents when signed by an employee of the company. The power of attorney is signed the CAP of the legal entity, the organization which is released on the head. The power of attorney must be enabled.

Cloud-based signature

The accredited certification center will now be able to store the electronic signature key and use it on behalf of the holder of the certificate of this signature.

Accreditation of certification centres

• To obtain accreditation of CS, the amount of capital should be at least 1 billion rubles or 500 million if there are branches in at least three quarters of the constituent entities of the Russian Federation.
• TC should have at least 100 million rubles of insurance security.
• Accreditation will be provided for 3 years.

Identification of the applicant

There were established ways to identify the applicant for a certificate, including by providing information from a single biometric system.

Trusted Third Party

A new concept will appear in the law - a trusted third party. It will verify the validity of the EP, the compliance of certificates and the authority of participants in electronic interaction, as well as document the results of such verification.

The State Duma introduces a state monopoly on the issuance of an electronic signature for legal entities

On November 8, 2019, it became known that the State Duma adopted in the first reading a bill amending the Law "On Electronic Signature." The document was developed by a number of senators and deputies and involves a serious reform of certification centers for electronic signature.

The Law "On Electronic Signature" in force since 2011 introduces three types of signatures: simple, reinforced and qualified. A simple signature is any technology that the parties have agreed to use. The enhanced signature is the signature issued by the certification center.

A qualified signature is a signature issued by an accredited certification centre. Accreditation is carried out by the Ministry of Communications. This kind of signature is recognized as an analogue of your own.

The bill adopted in the first reading increases the minimum net assets of the accredited certification center from 7 million rubles. up to 1 billion rubles, and the minimum amount of financial security - from 30 million rubles. up to 200 million rubles. If the certification center has branches in at least two-thirds of the Russian regions, then the minimum amount of net assets can be reduced to 500 million rubles.

The period of accreditation of certification centers is reduced from five to three years. For violations in the work of certification centers of a technical nature, administrative responsibility is introduced. And for intentional actions of employees of certification centers, in addition to administrative, criminal liability is also introduced.

This does not end the requirements. Legal entities will be able to use only qualified electronic signatures issued by the certification center of the Federal Tax Service (FTS). In addition, qualified electronic signatures of individuals authorized to act on behalf of the relevant legal entities will be used when concluding transactions.

In cases with credit organizations, non-credit financial organizations and payment systems, qualified electronic signatures issued by the certification center of the Central Bank will be used. In cases with state and local government bodies, as well as their officials, qualified electronic signatures issued by the certification center of the Federal Treasury will be used.

That is, in fact, the state introduces a monopoly on the issuance of electronic signatures to legal entities. If the bill is approved, the norm on the mandatory receipt of signatures in the certification centers of the Federal Tax Service and the Central Bank will enter into force in two years.

Certificates of qualified electronic signatures and accreditation of certification centers issued before the publication of this law will be valid until the end of their validity, but not more than two years. The Government supported the proposed bill.

At the same time, the bill adopted by the State Duma in the first reading provides the possibility of using a cloud electronic signature. To this end, certification centers will be able to store electronic signature verification keys and, on behalf of their owners, create electronic signatures using them.

The concept of a trusted third party is also introduced. It will verify the authenticity of electronic signatures in electronic documents at a specific time and verify the authenticity of electronic signatures issued abroad. Trusted third parties will have to undergo accreditation with the Ministry of Communications. It is expected that about 20 such persons will appear in Russia.

In this regard, another concept is introduced - the trusted time stamp. This is reliable information in electronic form on the date and time of signing of an electronic document by an electronic signature, created and verified by a trusted third party, certifying center or operator of the information system^[3].

2017

The Ministry of Communications introduced to the Government a bill on the credentials of a person using an electronic signature

On September 12, 2017, Roman Kuznetsov, Director of the Legal Department of the Ministry of Communications and Mass Communications of the Russian Federation, spoke about the activities of the Ministry to create a single electronic signature trust space and plans to regulate this area.

There are more than 400 large and small certification centers in Russia, of which more than 200 are commercial organizations. According to Roman Kuznetsov, the market is competitive: prices for services are determined by the balance of supply and demand and are not yet regulated by anyone.

The Ministry of Communications of Russia has developed and submitted to the Government of the Russian Federation a draft federal law that contains provisions aimed at regulating the procedures for establishing and verifying the powers of a person using an electronic signature in various information systems, as well as at ensuring the reliability of person identification using services that ensure electronic interaction.

The mechanisms for confirming the powers of persons applying to state information systems proposed by the bill correspond to modern business processes. The adoption and implementation of the bill will allow departments to refuse to use additional powers in qualified certificates.

It is possible to create a single space of trust and in another way, which provides for the complete centralization of procedures and mechanisms for the creation and issuance of keys and certificates of an enhanced qualified electronic signature, the use of up to five trusted state certification centers, as well as the transfer of procedures for the creation and issuance of a qualified certificate to the category of public services. This will lead to increased public confidence in electronic document flow, which will be ensured by guarantees from the state. The procedure for creating and issuing an electronic signature will be unified, and the fee for the service will become unified as a state duty. At the same time, the possibility of committing a very popular type of fraud - fraudulent actions in order to transfer pension savings of these persons to non-state pension funds will be excluded.

"We plan to amend the legislation governing electronic signature relations in terms of grounds for refusing accreditation of the certification center, whose accreditation was previously terminated ahead of schedule due to non-compliance with the requirements of the legislation, within a certain period of time. The period of 3-5 years is considered. The reason for the refusal may also be a similar, without accreditation, head of the certification center, or similar employees authorized in the accredited certification center to carry out the functions of creating and issuing qualified certificates. This will allow cleaning the market of accredited certification centers from unscrupulous participants, "said Roman Kuznetsov

The bills are at various stages of readiness, some of them have already been submitted to the Government of the Russian Federation.

Central Bank and Ministry of Economic Development against state monopoly for the issuance of UKEP

The Ministry of Economic Development prepared in July, 2017 the negative conclusion on the amendments to the law "About the Electronic Signature" drafted by the Ministry of Digital Development, Communications and Mass Media which suppose to transfer functions of issue of the strengthened qualified electronic signature (SQES) from the private companies to the state, follows from the data placed on the federal portal of projects standard legal ^[4].

"The Ministry of Economic Development of Russia notes the impracticality of adopting the proposed regulation due to the significant amount of budget expenditures, the presence of administrative and other risks that could negatively affect the development of the market for the creation and issuance of qualified certificates, electronic signature verification keys, as well as related sectors of the economy," the conclusion, signed by Deputy Minister of Economic Development Savva Shipov.

The document also noted that the regulation proposed by the Ministry of Communications and Communications could lead to the liquidation of the market for services for issuing UKEP as such, together with the loss of all the infrastructure created, the closure of relevant organizations, and the dismissal of qualified employees of certification centers. "The centralization of the mechanism for issuing UKEP, the transfer of the issuance of UKEP to the category of public services, the increased size of the state duty for issuing UKEP will prevent the widespread dissemination of modern electronic document management technologies among citizens and legal entities, which does not meet the goals of informatization of the economy, will lead to a complication of the order of interaction between business entities and the state," the document says.

Experts oppose state monopoly on the issuance of a qualified electronic signature

The Ministry of Communications is going to limit the number of certification centers that have the right to issue a qualified electronic signature to two state structures. The corresponding bill was introduced at the beginning of 2017 by the department. The explanation to it says that accredited certification centers commit numerous violations, which causes distrust of users. The initiative of the Ministry of Communications is designed to establish uniform standards for the provision of services^[5].

In Russia, more than 440 certification centers (UCs) and 5,000 electronic signature outlets have been opened, in which at least 15 thousand highly qualified specialists work. Existing TCs annually bring at least ₽6,5 billion in taxes to the budget. The cost of a qualified electronic signature (CEP) for individuals starts from ₽1400. In addition to its issuance, TCs offer a number of services, for example, software that allows you to sign electronic documents and send them to departments.

According to the participants of the round table "Sphere of electronic services of the Russian Federation. Ways of development and threat, "conducted by CNews together with the ROSOU association on April 20, 2017, the new initiative of the Ministry of Communications undermines confidence in the regulator, helps reduce competition and, as a result, worsens the quality of services of certification centers. Already 2 years after the entry into force of the amendments proposed by the Ministry of Communications, 15 thousand people will be thrown into the labor market. The state's costs for creating a new infrastructure will amount to at least ₽5 billion. In addition, the explanatory note to the bill says that the cost of CEP will increase to ₽2500.

To solve existing problems on the market, by-laws are necessary that determine the procedure for the work of the Cs, control over their activities and liability for violation of the law. Regulations on the use of authorized certificates and electronic signatures should also be developed. In addition, experts expressed their wish to optimize the legislation governing the use of CEP as a cryptographic tool and simplify the process of using CSI in the mass segment. The certificate registry itself should be available to verify the legitimacy of the data presented. Also, CTs should gain access to SMEV to check information when issuing CEP.

2016: The Ministry of Communications received the authority to establish requirements for the work of accredited certification centers

On July 8, 2016, the provision of the law "On Electronic Signature" entered into force, which provided Ministry of Digital Development, Communications and Mass Media Russia the authority to establish requirements for the work of accredited certification centers. The ministry approved the requirements for the centers. In 2016, the Ministry of Communications of Russia also had the opportunity to check accredited certification centers both as planned and as an unscheduled procedure for citizens' appeals. As part of this work, several certification centres were denied accreditation for violations committed by them.

2013: CT connection plan to SMEV

The Sub-Commission on the use of IT in the provision of public services, which will be held at the White House on November 28, 2013, plans to approve the connection of information systems of a number of certification centers (CS) to the infrastructure. electronic government This is stated in the agenda of the subcommission, which I got acquainted with. CNews

It is planned to connect the CC Tensor"," Cryptostandard"," "Infotecs Internet Trust," Special design bureau Contour"," the CC of the Supreme Court,,, State Dumas, State Offices of Public Prosecutor Investigative Committee as well as FAU "[Russian Maritime Register of Shipping]]."

"UCs were on the list because they applied to join the infrastructure. Based on order 1382, they have such a right, "the Ministry of Communications told CNews.

The purpose of the connection is to check the information submitted by the applicant when issuing an electronic signature certificate (EP), the ministry added.

Certifying centers that are on the list for approval will be able to use the infrastructure of the interagency electronic interaction system (SMEV) to receive information from government agencies, said CNews Nikita Baranov, project manager of the Certification Center Services project of SKB Kontur.

According to him, this decision will very significantly affect the practice of the CC.

At this time, in order to issue a certificate, the CC, according to the law, is obliged to receive a number of documents from the applicant.

"For example, an individual must be provided with at least a passport, SNILS and a TIN certificate, and for a legal entity the list is supplemented by a USRUL statement, OGRN certificate and constituent documents," Baranov explains. - Further legal status of all documents signed by EP depends on correctness of CS actions, and these can be contracts for very large amounts. Therefore, CT must ensure that all documents provided are originals, create copies of all documents provided and organize their storage. "

For the user, this creates problems with the collection of documents, for the Cs - with their verification and storage, adds Baranov: "All this taking into account the great territorial distribution."

"The connection to SMEV will help, firstly, that we will be able to collect part of the documents electronically directly from the relevant department. Secondly, we will be able to online check the validity of data with confirmation of government agencies. And, thirdly, we will not have to make and store copies of documents, "he says

All this, according to the representative of SKB Loop, "will lead to a significant acceleration and hanging of the reliability of the release procedure and, at the same time, to an increase in user convenience."

The process of connecting the CT to SMEV, according to Nikita Baranov, may take about six months: "Technical implementation is necessary - the creation, testing and commissioning of modules that send requests and receive answers (for example, checking a passport in the FMS)"^[6].

2012: FSB Order on Requirements for Electronic Signature Facilities and CS

February 17, 2012, Order of the FSB of the Russian Federation dated December 27, 2011 No. 796 "On Approval of Requirements for Electronic Signature Facilities and Requirements for Certification Center Facilities" was published. Earlier, order dated December 27, 2011 No. 795 "On approval of requirements for the form of a qualified certificate of the electronic signature verification key" appeared.

In accordance with the new rules, the means of signature when signing the document must show the electronic document to the person who signs it, wait for confirmation from this person, and after signing - show him that the signature was created. When verifying a signature, the tool must show the electronic document, as well as information about amending the signed document and indicate the person who signed it.

The format of the qualified certificate differs significantly from the format of the EDS certificates that are issued at that time (in accordance with federal law No. FZ-1). For example, a qualified certificate should include the name of the electronic signature and certification center tools used to generate the signature key and verification key (private and public keys, respectively), as well as to create the certificate itself.

Compared to EDS certificates, the way the authority of the certificate holder is presented has changed. At the request of the owner, any information confirmed by the relevant documents could be included in the EDS certificate, and non-standard details (for example, the registration number of the insured) could be included in the qualified certificate only if the requirements for their purpose and location in the certificate are determined in the documents provided to confirm the compliance of the means of the certification center with the requirements of the FSB.

2011

Rostelecom has begun to create a network of certification centers

Rostelecom began in April 2011 to create a network of certification centers that form a "single space of trust," in which every resident of Russia will be able to receive his electronic digital signature. By the end of 2011, the company plans to open 80 such centers, which will be created on the basis of sales and customer service centers in various regions of Russia.

The first UCs to receive EP by citizens opened in Moscow

The first certification centers in which citizens can receive an electronic signature opened in Moscow in April 2011. This will require a personal presence and a citizen's passport. The signature, which is encrypted information in the form of a file, in the presence of the applicant will be recorded on a certified electronic medium (electronic card or flash drive). The signature itself is free, but the cost of the medium will have to be paid. The Ministry of Communications suggests that receiving a qualified electronic signature will cost a citizen about 300 rubles. As the director of the legal department of the ministry, Andrei Tikhomirov, emphasized, receiving an electronic signature is a purely voluntary matter. He also added that a citizen is responsible for the safety of an electronic signature, recalling that in the event of loss or theft, the signature can be blocked and then restored through the same certification centers.^[7]

Notes