Electronic signature (EDS)
The electronic signature is intended for protection of the electronic document transferred by means of different environments or which is stored in a digital form against counterfeit and is attribute of the electronic document. It turns out as a result of cryptographic information transform using private key of the electronic digital signature and allows to identify the certificate holder of signing key, to set lack of distortion of information in the electronic document.
The Electronic Signature (ES) is a program and cryptographic means which provides:
- integrity checking of documents;
- confidentiality of documents;
- establishment of the person who sent the document
The electronic signature is used by physical persons and legal entities as an analog of the sign manual for giving to the electronic document of the legal force equal to legal force of the paper document signed with the sign manual of the competent person and under seal.
The electronic document is the any document created by means of computer technologies and which is stored on the information media processed by means of the computer equipment whether it be the letter, the contract or the finance document, the scheme, the drawing, the drawing or the photo.
Advantages of use of the EDS
Use of the EDS allows:
- it is considerable to reduce time spent for execution of the transaction and exchange of documentation;
- improve and reduce the price of the procedure of preparation, delivery, accounting and document storage;
- guarantee reliability of documentation;
- minimize risk of financial losses due to increase in confidentiality of information exchange;
- construct a corporate system of exchange of documents.
It is impossible to forge the EDS - it requires a huge number of calculations which cannot be implemented at the modern level of mathematics and ADP equipment for acceptable time, i.e. so far information which is contained in the signed document saves relevance. Additional protection against counterfeit is provided with certification of a public signature key by Certification center.
Using the EDS work on the scheme "project development in electronic form-creation of the paper copy for the signature-transfer of the paper copy with the signature-consideration of the paper copy-its transfer in electronic form on the computer" consigns to the past.
Three types of the electronic signature
Electronic signatures are separated by the law of 2011 into three views.
- Simple signatures are created using codes, passwords and other tools which allow to identify the author of the document, but do not allow to check it regarding existence of changes from the moment of signing.
- The strengthened unqualified signature is created using cryptographic means and allows to define not only the author of the document, but to check it for existence of changes. For creation of such signatures the certificate of not accredited center can be used, it is also possible to do in general without certificate if technical means allow to fulfill the requirements of the law.
- The strengthened kvalitsifirovanny signature is a version strengthened, it has the certificate from the accredited center and is created using the means confirmed to FSB.
Simple and unqualified signatures replace the signed paper document in the cases stipulated by the law or in the consent of the parties. For example, citizens for sending messages to authorities can use simple signatures. The strengthened signature can be also considered as an analog of the document under seal.
The qualified signatures replace paper documents in all cases, except for when the law requires existence only of the document on paper. For example, using such signatures citizens can receive state services in electronic form, and public authorities can send messages to citizens and interact with each other through information systems. Earlier issued certificates of the EDS and documents signed with their help are equated to the qualified signatures.
Foreign electronic signatures are equated in Russia to those types of signatures to which they correspond.
The simple electronic signature, unlike the former electronic digital signature, is not intended for protection of the document against counterfeit. She does not allow to detect a possible misrepresentation of the document. Its only function — confirmation of the fact of formation of the electronic signature (but not the document!) certain person.
To the purposes of determination of the person who signed the electronic document and also detection of the fact of making changes in the document after its signing the strengthened electronic signature serves. This signature (in two types — unqualified and qualified) is an analog of the former electronic digital signature.
As the simple electronic signature requires use of codes, passwords or other means, it will become clear that it is possible to consider the electronic signature and what is not present. It is obvious that in case of the e-mail the name of the sender manually delivered after the text as it does not depend in any way on the password, using which the sender cannot play a role of the electronic signature created and sent the letter. As information indicating the person on behalf of which the document was sent the message ID in combination with the IP address of the computer of the sender, demonstrating that the message was created as a result of the access to a mail system which was followed by password entry, belonging to a certain user can serve probably. The e-mail address of the sender and a name of the sender can be considered the signature only if the operator of an information system provides their reliability, the post office protocol allows to enter any name and any return address, and some mail systems do not impose any restrictions here.
Means of the EDS
Means of the EDS are the equipment rooms and (or) software tools providing implementation at least with one of the following functions:
- creation of the electronic digital signature in the electronic document using private key of the electronic digital signature,
- confirmation using public key of the electronic digital signature of authenticity of the electronic digital signature in the electronic document,
- creation of the closed and public keys of electronic digital signatures.
The cryptography of public key is the cornerstone of the electronic signature. With its help the special certificate of the user forms. It contains data on the user, public key and the electronic signature of the certificate, it can be checked using public key of certification center. The algorithm guarantees that only the certification center which has secret key of enciphering and trust to which is a basis for work of all EDS system can make generation of the signature.
The trust to certification centers is based on the hierarchical principle: the certificate of certification center of the bottom level is certified by the electronic signature of certification center of higher level. The highest level of certification centers is federal which is under control of state bodies. All system of trust constructed on certificates forms a so-called public key infrastructure (Public Key Infrastructure, PKI). At such infrastructure check not only legitimacies of a key of the certification center which issued the certificate but also all higher certification centers is required. In particular, when forming electronic transaction it is necessary to check not only mathematical correctness of the EDS, but also validity of all chain of the certificates involved at production of the certificate of the signer at the time of signing of the specific electronic document by it.
In Russia the PKI system which is available practically to everyone is now created. Initially it was created by Rosinformtekhnologiya's agency based on the All-Russian State Information Centre (ARSIC). However now the federal certification center is transferred to the jurisdiction of Rostelecom. This telecommunication operator actively suggests to develop different projects with use of PKI.
Equivalence of the sign manual
The electronic digital signature in the electronic document is equivalent the sign manual in the paper document at simultaneous observance of the following conditions:
- the signature key certificate relating to this electronic digital signature did not become invalid (works) at the time of check or at the time of signing of the electronic document in the presence of the proofs defining the signing moment;
- the authenticity of the electronic digital signature in the electronic document is confirmed;
- the electronic digital signature is used according to the data specified in the signature key certificate.
The scope of the EDS is defined by the identifier called by OID. At each scope the OID. For example, the scope which allows to sign documents for setting of objects on GKN has OID 1.2.6188.8.131.52.184.108.40.206 "Formation by the cadastral engineer of documents for receiving services from the applicant". The EDS with such OID is issued only to cadastral engineers who for receiving show the Certificate of the cadastral engineer.
The scope which allows body of the cadastral registration to confirm documents – results of the cadastral registration has OID - 1.2.6220.127.116.11.2.1.2 "Formation of documents as result of rendering service from bodies of the cadastral registration". The EDS with such OID us is not issued. Also it cannot be issued without special accreditation.
The electronic signature for state procurements
Main article: The electronic signature in purchases
It is necessary to have the electronic signature for participation in procurement procedures. What types do EDS happen what influences the cost of the signature and what document package it is necessary to prepare for its receiving? Read more here.
Main article: Certification centers
Certification center (Certificate authority) (engl. Certification authority, CA) — the organization issuing certificates of keys of the electronic digital signature.
2019: Russia will impose criminal liability for the wrong issue of the electronic signature
On July 8, 2019 it became known that the Minister of Economic Development Maxim Oreshkin supported the fastest adoption of the bill toughening requirements to certification centers of the electronic signature. The minister made the corresponding statement during the parliamentary listenings in the State Duma devoted to questions of Digital economy.
Two bills with amendments in the Law "About the Electronic Signature" were introduced to the State Duma at once. The first of them is developed by senators Vladimir Kravchenko, Lyubov Glebova and Mikhail Ponomarev, the second - senator Lyudmila Bokova.
The law "About the Electronic Digital Signature" was adopted in Russia in 2003. To the document there was a set of complaints, and in 2011 it was replaced with the new Law – "About the Electronic Signature".
The electronic signature of three types is mentioned in the law: simple, strengthened and qualified. The strengthened electronic signature is issued by certification center, qualified – the certification center which underwent accreditation in the Ministry of Telecom and Mass Communications. The qualified electronic signature is recognized as an analog autographic. Among other it is necessary for participation in state procurements.
Initially the law required that for the accredited certification centers the minimum size of net assets should be 1 million rubles, and the minimum amount of financial provision for a covering of possible losses to the third parties of 1.5 million rubles.
In 2015 at the initiative of the Ministry of Telecom and Mass Communications legislators increased the minimum size of net assets to 7 million rubles, and the minimum amount of financial provision – up to 30 million rubles. But the authorities wanted to toughen requirements to certification centers further. So, in 2017 the Ministry of Telecom and Mass Communications drafted the bill of monopolization of issue of the qualified electronic signatures by the state, however this document was criticized by the industry and did not gain further development.
In the provided bills it is about further toughening of requirements to the accredited certification centers. According to both documents, the minimum size of net assets is offered to increase to 1 billion rubles, or if the certification center has branches in at least two thirds of Russian regions, up to 500 million rubles.
The minimum size of a financial guarantee is offered to increase to 200 million rubles. If the number of places of implementation of the licensed type of activity exceeds 10, then for each such place the additional financial guarantee in the amount of 500 thousand rubles, but no more than 300 million rubles in total is necessary.
The term of accreditation of certification centers is reduced from five to three years. The administrative responsibility is imposed for violations in work of certification centers of technical character.
For obviously deliberate actions of staff of certification centers in addition to administrative, also criminal liability is imposed.
Also requirements to a goodwill of heads of the certification centers and persons owning in them not less than 10% of the capital are introduced. If accreditation of certification center was withdrawn, then the center will be able to address for new accreditation not earlier than in three years. Besides, the accredited certification centers should own licenses for development of cryptographic tools and have the property rights to hardware of the electronic signature.
Other important requirement consists in use of electronic signatures by legal entities, and here approaches of both documents disperse. Kravchenko, Glebova and Ponomarev's bill assumes to oblige to use only the qualified electronic signatures issued by certification center of the Federal Tax Service (FTS). In addition at the conclusion of transactions the qualified electronic signatures of the individuals authorized to work on behalf of the relevant legal entities will be applied.
In cases with credit institutions, non-credit financial institutions and payment systems will apply the qualified electronic signatures issued by certification centers of the Central Bank. In cases with public authorities and local government and also their officials will apply the qualified electronic signatures issued by certification centers of Federal Treasury.
The bill Side is more liberal. It will allow legal to continue to use persons the qualified electronic signatures from any accredited certification centers. FTS will be able to withdraw certificates of electronic signatures of legal entities and individual entrepreneurs.
The same way, the Central Bank will be able to withdraw certificates of electronic signatures of credit institutions, non-credit financial institutions and payment systems. As well as in other bill, the bill Side also demands from public authorities and their officials to receive the qualified electronic signatures only in certification center of Federal Treasury.
In case of adoption of both bills they will become effective within 120 days from the moment of their signing. Certificates of the qualified electronic signatures and the accreditations of certification centers issued before publication of this law will be valid until the end of the term of their action, but no more than two years.
Regulation of the bill of Kravchenko, Glebova and Ponomarev of use by legal entities of the qualified electronic signatures issued by FTS certification center and the Central Bank will become effective in two years after publication of the relevant laws. Regulation of the bill Side of a possibility of FTS and the Central Bank to withdraw certificates of the qualified electronic signatures will also become effective in two years after publication of the law.
At the same time there are also some eases. Certification centers will be able to attract the third parties to reception of applications on issue of certificates of electronic signatures and to delivery of these certificates.
Besides, certification centers will be able to store keys of verification of electronic signatures, and at the request of their owners, to create electronic signatures with their help. As Oreshkin explained, it is about a possibility of use of the cloud electronic signature.
The bill enters a concept of the party entrusted thirds. It will verify authenticity of the electronic signature in electronic documents at the specific moment and to verify authenticity of the electronic signatures issued abroad. The entrusted third parties will have to undergo accreditation in the Ministry of Telecom and Mass Communications. It is expected that in Russia about 20 such persons will appear.
With respect thereto one more concept – a tag of the entrusted time is entered. It is the reliable information electronically about date and time of signing of the electronic document the electronic signature created and checked by the entrusted third party, certifying the centers or operators of an information system.
Certification centers will have to issue certificates of electronic signatures at the price which is not exceeding the set Government value. To the persons who received certificates an opportunity to be registered To unified identification and authentication system century Besides, should be non-paid given to individuals technical means should be non-paid provided for enciphering biometric signatures.
Authors of bills claim that the documents offered by them will solve one more problem. For July, 2019 state departments require existence in certificates of the qualified electronic signatures of existence of these or those powers assigned to the user within a specific information system. As a result the certificates issued by the accredited certification centers cannot be used in some information systems, and certification centers are forced to offer the qualified electronic signatures for work in specific information systems.
Russia works on an EDS alternative for identification on the Internet
This fall in Russia plan development on implementation of "the cloud signature" as identification mechanism in Network can already begin. It was said on September 10, 2018 by the special representative of the President of Russia on digital development Dmitry Peskov in the run-up to East economic forum.
| ||Today there is an electronic signature. But it long, difficult, expensively, inconveniently. And we need the simple and clear cloud signature using which the person could register all the actions on the Internet, carry out transactions — Peskov told journalists.|| |
The idea, according to him, consists in that the user had an opportunity to sign any documents from the mobile device. Its digital signature will be not on the wearable drive ("flash card"), and on a remote "cloud" resource.
Thus, the user undergoes authorization in a cloud resource and further disposes of the electronic signature as he finds necessary.
But so far to it there is a number of obstacles. According to Peskov, a number of changes in the current legislation is required.
| ||... It is necessary to legalize finally electronic documents, electronic contracts. Here too a lot of work is conducted. Partially to us helps to solve this problem, including, already adopted bill on implementation of biometrics in banks — Peskov noted. — The next step is a legalization of smart contracts when you have no intermediaries when the signed contract is provided in the form of a program code.|| |
| ||At once there are two questions: first, as the cloud resource on which the digital signature, and, secondly, how safe will be the mechanism of the addressing the "cloud" EDS from the local mobile device is located will be protected — Dmitry Gvozdev, the CEO of Information Technologies of the Future company considers. — Possible leakage of a set of the EDS from one cloud resource will represent for end users where big threat, than leakage of any other personal data. As for mobile devices, the separate protected application isolated from any other and multi-factor authorization — as the safety lock from weak passwords will be required here.|| |
The bill of legalization of smart contracts and the document by the cloud signature will be considered in the State Duma in the fall of 2018.
The government permitted use of the simple EDS for receiving state services
The Government of the Russian Federation decided to allow citizens to use the simple electronic signature for work with the portal of state service. The relevant resolution (No. 996) is published on August 30, 2018 on the website of the cabinet.
Earlier an opportunity to send requests for receiving services in electronic form was given to users only in the presence at them to the so-called strengthened electronic signature which was issued on the USB carrier in certification centers. The service is paid, but the price is equal to flash drive cost.
Government decree No. 996 makes changes in a row of regulatory legal acts of the Government to provide a possibility of use of the simple electronic signature at the request electronically for receiving state services. The only condition — issue of a key idle time of the electronic signature is allowed only after the personal visit of the individual to certification center (for the identity certificate).
| ||The made changes will allow to cut down the expenses of applicants connected with release of the physical medium of the certificate of a key of the electronic signature, said in the publication on the website of the Government.|| |
According to the current legislation, electronic signatures in Russia are subdivided into three views: simple and two strengthened — qualified and unqualified.
The strengthened qualified electronic signature is confirmed by the certificate from the accredited certification center and in all cases is equated to the paper document with the manual signature.
The strengthened unqualified signature identifies the sender and also guarantees that from the moment of signing the document did not undergo any changes. The message with the simple or unqualified electronic signature can be equated to the paper document with the sign manual, but only according to the preliminary arrangement of the parties and in the cases which are specially provided by the law.
| ||The order of the Government of the Russian Federation lifts some limits on use of the EDS — Dmitry Gvozdev, the CEO of Information Technologies of the Future company noted. — Actually it means further expansion of scope of the electronic signature, and respectively, a step forward in the direction of digital document flow, in particular, and optimization of interaction of state institutions with citizens.|| |
The complete text of order of the Government of the Russian Federation No. 996 of August 27, 2018 is available here.
The Ministry of Telecom and Mass Communications suggested to enter the uniform certificate of check of keys for the EDS
At the beginning of April, 2018 information that powers of users of electronic digital signatures can be enshrined in the uniform certificate of check of a key of the strengthened qualified EDS. appeared Ministry of Telecom and Mass Communications Russia published the relevant bill on the portal of drafts of legal acts.
In an explanation to the bill it is specified that according to the current situation users of the EDS — physical persons and legal entities, state bodies and officials — cannot get access to information systems of different departments as they demand existence in the qualified certificate of object identifiers (OID).
At the same time, the certificates issued by the certification centers accredited the Ministry of Telecom and Mass Communications of the Russian Federation as authors of the bill note cannot be used for verification of the electronic signature in information systems of such separate departments.
OID are absent in uniform certificates so the set of the companies selling the qualified certificates of check of a key intended for work with the only department works at the market and, respectively, not allowing to work with others.
| ||In fact, it "kills" sense in the EDS: the key idea of the electronic signature — in universality of its use — Oleg Galushkin, the information security expert of SEC Consult Services company is convinced. — Standardization of the procedure of verification of the EDS was about to happen long ago, but now there is a question, than certification centers will be engaged and whether they should curtail activity, for the right to conduct which they paid essential money.|| |
Now the Ministry of Telecom and Mass Communications suggests to enter the concept "authorized certificate" which will contain both OID of the user, and data on its powers. Thereby the problem of a set of certificates — in case of adoption of the bill — will be removed.
The link can study the text of the bill of the Ministry of Telecom and Mass Communications of the Russian Federation of "About Introduction of Amendments to the Federal Law "About the Electronic Signature", the Federal Law "About Protection of the Rights of Legal Entities and Individual Entrepreneurs at Implementation of the State Control (Supervision) and Municipal Control" and the Federal Law "About Accreditation in a National Accreditation System"" on#npa=79636.
2013: The government simplifies use of the simple EDS when rendering state services
The head of the Russian Government Dmitry Medvedev signed at the beginning of 2013 resolution No. 33 describing use order of "the simple electronic signature" when rendering the public and municipal services in addition to with already used strengthened EDS.
Though the term "simple electronic signature" was for the first time applied in the law "About the Electronic Signature" adopted in 2001, its description for the first time was published in resolution No. 33. According to the text of the document, its key will be the combination of the identifier and password, and the insurance number of the personal account of the individual or head of the legal entity will become the identifier.
Unlike the simple electronic signature entered by the resolution, already acting "the strengthened electronic signatures" are created using cryptographic tools and include the certificate of the accredited certification center which gives it force of the traditional paper document with the sign manual.
The simple EDS, on the contrary, does not require the certificate during the creation, thus, excluding from process of the creation a chain of both final certification centers, and root UTs of Rostelecom.
At the same time the citizens who received the simple signature will be saved from need to use at the addressing the Portal of state services electronic key on a flash drive which is necessary when using of the strengthened signature.
Resolution No. 33 describes requirements to the password of the simple EDS which should consist not less than of eight characters, including letters and digits, and does not may contain the signs "*" or "#". It is interesting that users of the signature have the right to change independently a key, having used a personal account on the Uniform portal of state services.
Waiting of distribution of the SIM card with the EDS
According to the research published in September, 2012 by TechNavio analytical company, the market of two-factor means of authentication will annually grow for 20.8% a year in 2011-2015. Two-factor authentication means that for an information access to the user it is necessary not only to enter the password, but also to have a certain device or the program using which confirmation of right of access is carried out. A classical example is online banking where for confirmation of transaction it is necessary not only to enter the password, but also to type the single code sent by the SMS or generated by the special program on the computer.
According to analysts, the next stage of development of these technologies will become authentication using mobile phones when in "sim card" of the device the electronic digital signature using which the user can perform legally significant actions "is sewn up". For example, such mechanism is already implemented in Estonia. Other option of development of technologies is a creation of smart cards which represent electronic identity certificates.
Distribution of technology will be promoted by implementation in phones of wireless communication of a short range of NFC. Thus, the mobile phone can be used instead of the bank card at payment of goods in shop or on a checkpoint to the territory with limited access. However market development will be slowed down by security reasons and operations of regulators which impose certain requirements to transfer and confidential data protection.
Among developers of the second echelon it is possible to note ActivIdentity, CryptoCard, Deepnet security, Equifax, PhoneFactor, SecureAuth, SecurEnvoy and SafeNet Inc.
In Russia developments in the field are also conducted. For example, the Aladdin company developed own smart card with the built-in microprocessor for authentication of users and storage of digital signatures, and the state operator "Rostelecom" implements the program for equipment of SIM cards the electronic digital signature. The partner in execution of a technical part of works selected MegaFon company. It is expected that the prototype of the device will be shown in December, 2012, and the first devices will appear in the market in 2013. At the moment it is possible to receive the EDS on "USB stick", for this purpose it is necessary to address to office of Rostelecom
Permission to state agencies to enter documents to the government in electronic form by means of the EDS
The Government of the Russian Federation approved on August 30, 2012 the changes in Regulations about electronic document management in public authorities directed to improvement is information - technological support of activity of the Government of the Russian Federation and federal executive authorities, the Minister of Telecom and Mass Communications Nikolai Nikiforov reported in the microblog.
According to its message, the Government approved the project of the changes made by the Ministry of Telecom and Mass Communications. Thus, documentation between bodies of the state and executive power and also government office will be entered in electronic form using the electronic digital signature.
The CEO of the analytical agency Telecom Daily Denis Kuskov in a conversation in the correspondent of TAdviser reported that creation of internal secure system of electronic document management would be facilitated strongly by life to departments and the ministries.
"If to speak about the project from the point of view of IT, then development, implementation, setup of a system of similar scale and complexity and also with similar security requirements can cost not one hundred millions rubles. It including the EDS keys", - Kuskov told. "Now in the market of the similar systems quite high competition therefore the state can cut down expenses on the project quite seriously".
According to Kuskov, a priotsutstviya of any obstacles, development, implementation and debugging of EDMS and keys can take about a year.
Pieces it is sure that on each department or organization at most 20 EDS keys will be necessary. The cabinet consists of 21 members.
The Federation Council urges to approve the uniform EDS
In July, 2012 it became known that in the fall the Federation Council intends to carry out an inspection of preparation of the regulations concerning creation of the unified electronic digital signature (EDS). As found out media if senators will not be satisfied with check results, they will take the legislative initiative about introduction of the uniform EDS. (Earlier the Government of the Russian Federation prolonged operation of the law "About the Electronic Digital Signature" for a year). Experts are not sure that the idea will be implemented: it is about huge business which will cover not profitable to neither certification centers, nor officials.
For the first time the question that the current law about the EDS needs to be supplemented with the amendments allowing officials to use one signature for all information systems rose senators in April, 2011. The Federation Council as a result approved the proposal of senators, and the government in turn promised, "that in regulations about an order of application of the electronic signature this short story will be implemented", the member of the committee of the Federation Council on economic policy Yury Roslyak told journalists. However almost in one and a half years regulations were not issued.
"For today regulations even in development therefore till fall we will check in what type all this is implemented. If this principle is not performed, then we will leave with the legislative initiative about legislative motivation of the government, including Ministry of Telecom and Mass Communications, about use of this technology – Yu. Roslyak adds.
According to senators, the current law about the EDS is extremely inconvenient: each information system requires the individual digital signature therefore government employees and businessmen should use several EDS at once.
The commercial director B2B-Centerandrey Boyko doubts that the initiative of the Federation Council will be implemented. So, the cost of one EDS varies from 4.5 thousand to 7 thousand rubles, in addition about 50% of this amount need to be paid for annual renewal of the certificate of the EDS.
"It is huge business. First of all introduction of the uniform EDS is unprofitable for certification centers, regulatory authorities, state platforms. At the same time to us suppliers come with a linking of the EDS – on 5-6 pieces. If enter the unified electronic signature, it will lead to reduction of turnover of business by 4-5 times. Idea in itself good. If it earns, then it will influence also the competition of the managing centers, and on the cost of services and their quality", – Yu. Boyko notes.
According to the head of group on legal protection of information of Pepelyaev Group company Andrey Slepov, in some cases the EDS requires the high level of security.
"In that case it can be hardly suitable for some simpler purposes", – A. Slepov notes. At the same time the problem of "confidentiality of information" can be solved by introduction of "uniform technologies", the president of Internet and Right company Anton Sergo considers.
"A large number of EDS networks originally it was strategically important, but further caused only inconveniences. So initiative very correct", – A. Sergo adds.
The Ministry of Telecom and Mass Communications explained that according to the existing regulations if the qualified certificate issued to the legal person does not contain restrictions for its application, then such certificate can be used in any kind of legal relationship if it is directly not forbidden by the legislation. "It completely personifies the concept of the uniform signature of the legal entity", – says a source in department of information and public relations of department.
Only in a government procurement system for July, 2012 about 1 million EDSs, on delivery of reportings in tax authorities – more than 1.5 million EDSs were issued, still approximately on 500 thousand it was issued to legal persons for participation in commercial biddings and for reportings in the pension funds.
Order of FSB on requirements to digital signature facilities and UTs
On February 17, 2012, the order of FSB of the Russian Federation of December 27, 2011 No. 796 "About the approval of requirements to digital signature facilities and requirements to means of certification center" was published. Earlier there was an order of December 27, 2011 No. 795 "About the approval of requirements to a form of the qualified certificate of a key of verification of the electronic signature".
According to new regulations, means of the signature when signing the document should show the electronic document to the person which signs it, to wait for confirmation from this person, and after signing - to show it that the signature is created. At verification of the signature means should show the electronic document and also information on making changes in the signed document and to point to the person who signed it.
The format of the qualified certificate significantly differs from a format of certificates of the EDS which are issued at this time (according to federal law No. FZ-1). For example, it is necessary to include in the qualified certificate the name of the digital signature facilities and means of certification center used for generation of the signing key and a key of check (closed and the opened keys respectively) and also for creation of the certificate.
In comparison with certificates of the EDS the method of representation of powers of the certificate holder changed. The certificate of the EDS according to the statement of the owner could join any data confirmed by the relevant documents, and in the qualified certificate non-standard details (for example, registration number of the insurer) can join only if requirements to their appointment and arrangement in the certificate are defined in the documents provided for confirmation of conformity of means of certification center to requirements of FSB.
During all the time in Russia 5-7 million certificates of the EDS keys are issued
For all the time of operation of the law of 2002 on the EDS in Russia 5-7 million certificates of keys of the electronic signature were issued, bring the Ministry of Telecom and Mass Communications of assessment of experts. They will act till July 1, 2012, then they should be changed for new.
In 2011 in Russia the market of services in issue of carriers of the electronic signature to citizens begins to form. They are not more expensive than 500 rub, but it was difficult to estimate demand at this time: it was not solved yet for what documents what signature suits.
The signature of the highest level protected from counterfeit — so-called strengthened qualified. Means using which documents are certified by such signature issue the special certification centers which underwent certification in FSB. According to the Ministry of Telecom and Mass Communications, the Unified state registry of signature key certificates supports 284 such centers.
Means for execution of simpler signatures — strengthened unqualified and simple — can be purchased in the market, it is not necessary to address to certification center for this purpose.
In 2011 certification centers which rates were studied by the correspondent of Vedomosti take for issue of the EDS 2000-10 000 rub (depending on the number of the accompanying services — for example, for 10,000 rub it is possible also to participate in a seminar on use of such signature). But the price should fall considerably, the press secretary of the Minister of Communications Elena Lashkina promised, in fact, it will come down to carrier cost. It will be necessary to pay 500-600 rub for the carrier of the strengthened EDS certified by FSB, and in the long term — 300 rub. For the unqualified strengthened EDS it is possible to purchase any USB USB stick (from 100 rub).
The president Medvedev signed the law "About the Electronic Signature"
On April 6, 2011 the President of Russia Dmitry Medvedev signed the law "About the Electronic Signature" (EDS) approved by the State Duma and the Federation Council in March. The document will succeed the law "About the Electronic Digital Signature" (EDS) adopted in 2001 which contained too serious requirements to the EDS and strongly limited opportunities for application of electronic documents. In it use of the only technology — asymmetric electronic keys, demanding obligatory existence of the certificate from certification center was allowed.
Need of the new law was caused by the fact that regulations of the current law on the electronic signature (FZ-1) did not correspond to the modern principles of regulation of electronic signatures which work in the European states.
Three types of the electronic signature - the simple electronic signature, the unqualified electronic signature and the qualified electronic signature are selected.
The qualified electronic signature is the electronic signature which:
- it is received as a result of cryptographic information transform using signing key;
- allows to define the person who signed the document;
- allows to detect the fact of making changes in the document after its signing;
- it is created using digital signature facilities.
Besides, the key of verification of such signature is specified in the qualified certificate, and for creation and verification of the electronic signature the means which received confirmation of conformity to the requirements established according to federal by the law are used.
Before use of the EDS the center had to transfer in a paper and electronic form of the copy of the certificate to authorized body. Certification centers were subject to obligatory licensing and had to be built in a uniform hierarchical structure. Though the law became effective at the beginning of 2002, the authorized state agency (then it was the Federal agency on information technologies) appeared only in 2004, and root certification center without which it is impossible works of all others — in 2005. Licensing of certification centers did not earn because of contradictions with the law "About a Ltsiyenzirovaniye of Separate Types of Activity" adopted later at all.
As a result, as noted in the explanatory note to the law "About the EDS", in Russia EDSs use only practical legal entities, and the number of the issued certificates makes no more than 0.2% of the total number of the population. In the law adopted now from certification centers licensing is not required - they can undergo accreditation and that only on a voluntary basis. The authorized body appointed by the government will be engaged in accreditation, it will organize work of the root center.
For accreditation the Russian or foreign legal person is obliged to have net assets a minimum of 1 million rubles and financial guarantees for payments of compensations to injured clients in the amount of 1.5 million rubles, to have not less than two IT specialists with higher education and to undergo the procedure of confirmation in FSB. The centers are obliged to provide free access to any person to registers of the existing and cancelled certificates, obligatory transfer of the register of certificates in the root center will happen only in case of the termination of accreditation of the center. The certification center can also organize around itself the system of the centers in relation to which it will be root.
The plan of preparation of legal acts for the purpose of implementation of the federal laws "About the Electronic Signature" and "About making changes in separate legal acts of the Russian Federation in connection with adoption of the Federal law "About the Electronic Signature" is approved by the order of the Government of the Russian Federation of July 12, 2011 No. 1214-r. The plan sets terms of development of legal acts of the Government of the Russian Federation and legal acts of the federal executive authorities connected with use of the electronic signature. The Ministry of Telecom and Mass Communications of the Russian Federation is one of executives in charge of development of legal acts, the majority of whom will be developed together with FSB of Russia, the Ministry of Economic Development of the Russian Federation and also the interested federal executive authorities.
According to the plan, till July 30, 2011 the federal executive authority authorized in the field of use of the electronic signature will be appointed, till August 31 – requirements to a form of the qualified certificate of a key of verification of the electronic signature, the requirement to digital signature facilities, requirements to means of certification center and an order of accreditation of certification centers are claimed. Till October 31 government decrees about types of the electronic signature which state agencies use at the organization of electronic interaction among themselves, about types of the electronic signature which are used at the request for state services, and about an order of use of the simple electronic signature when rendering the public and municipal services should be accepted. Till November 30 the order of use of the electronic signature at the request for receiving the public and municipal services should be approved. The last planned document will be signed in March, 2012.
In the law of 2011 it is a possible to sign the electronic signature documents which appeal is not regulated by laws of direct action, marks out the deputy administrator Rosreestr Sergey Sapelnikov. The few documents fall under a regulation: statements from the inventory of the real estate and the Unified state registry of the rights, invoices, etc. The new law will allow to assure of the theory at notaries in electronic form and the statement from the marriage certficate, to the power of attorney, etc. However, is not clear yet what signatures from three formats will accept state structures and what specifically documents can be signed with them. The law did not set what type of the signature can use this or that department in what format the CEO of the company in what — the chief accountant and in what — the citizen should subscribe, Sapelnikov says. For authorities types of the EDS will be defined by the government, and for business and household communication citizens and legal entities have the right to select a type of the signature, the employee says Ministry of Telecom and Mass Communications.
The Federation Council is going to enter the uniform EDS
On March 30, 2011 at a meeting of the Federation Council it was decided to make amendments to the law on the electronic digital signature (EDS), without suspending the law in the current version. Now the rule that the particular person should have an EDS one as well as his graphic personal signature is not stated in the document. Because of it officials and businessmen are forced in different information systems to use different signatures.
"Each information system requires from us that the official made out the individual digital signature for each specific system. We consider it categorically inadmissible: first, it is an additional bureaucratic barrier, secondly, it is big dead time and money", – one of initiators of amendments, the member of the committee of the Federation Council on economic policy Yury Roslyak noted.
According to him, now the official working in the system of treasury has seven different EDSs. "Can reach to the point of absurdity when the person can have 10–12 EDSs not to limit the capacity to act", – he added. According to him, the unified digital signature should be made out in the system of certification centers. She should act in all public information systems which exist in Russia. It is so obvious that this thesis has nothing in common with identification in the closed information systems.
"Work on construction approval is now conducted: in what chapter to include this amendment. I think that within a month we will finish this work and we will begin conciliation procedures at least at the beginning of June", – Yu. Roslyak explains.
The State Duma approved the bill "About the Electronic Signature"
In March, 2011 the State Duma of the Russian Federation approved in the last reading the federal law draft "About the Electronic Signature" which is designed to replace No. 1-FZ existing since 2002 "About the electronic digital signature". The law is designed "govern the relations on use of electronic signatures at commission of civil transactions, rendering the public and municipal services, execution of the state and municipal functions and also at commission of other legally significant actions".
According to Article 5 of the bill three new types of the electronic signature are defined: the simple, unqualified and qualified (most protected). The certificates of the EDS keys which are used at the moment are equated to the qualified digital signature certificates.
The law regulates issue and use of signature key certificates, authentication of signatures, accreditation and rendering services of certification centers which will perform issue of certificates of keys of the electronic signature. Till July 1, 2012 such centers will continue to work as before, however will have to undergo obligatory accreditation in authorized body. Since summer of 2012 the right of issue of the qualified signatures is granted to exclusively accredited certification centers.
The situation with the EDS in the Russian Federation is in such a way that to any user for work with the information systems requiring application of the electronic digital signature it is necessary to create practically for each of them the separate EDS. For permission of this situation the Federation Council of the Russian Federation prepares the amendment for the law "About the Electronic Digital Signature" which is designed to facilitate life to users of the EDS. As a result it should become uniform for all information systems and not limit capacity to act of their holders.
The V. Putin's order about transition of state agencies by 2012 on paperless document flow
In February, 2011 the Russian Prime Minister Vladimir Putin signed order No. 176-r "About the approval of the actions plan on transition of federal executive authorities to paperless document flow at the organization of internal activity". This document approved the actions plan on transition of federal authorities to paperless document flow and established that implementation of transition to paperless document flow is enabled "at the expense of the means provided in the federal budget".
By June, 2011 it is going to provide "officials of federal executive authorities with means of the electronic digital signature for the purpose of use in electronic document management", to create or upgrade EDMS of the ministries and departments. Since January 1, 2012, according to the plan, paperless document flow should earn in all federal authorities.
2010: The report of Ministry of Economics to the Russian President about need of the EDS for electronic state services
In August, 2010 the Ministry of Economic Development prepared the report to the president about priorities of implementation of state services in electronic form. One of priorities — the electronic digital signatures (EDS) for citizens and the organizations. In the West the technology allowing to certify the author of electronic documents and to provide their invariance (at any change of the document EDS it will become invalid) did not get great popularity: it is too difficult. Russian does not believe the Ministry of Telecom and Mass Communications in mass character of the EDS too — it department announced competition on development of alternatives. But, despite this, universal distribution of electronic signatures in our country nevertheless will take place.
The draft of the report of the Ministry of Economic Development was submitted to the President of Russia about priorities of providing state services in electronic form to the government on August 2, 2010. One of the priorities mentioned in it — use of "the electronic digital signature available to most of citizens and the organizations at receiving services". Territorial subjects of the federation should create conditions for universal use of the EDS. And all this is at the expense of own means, "within the current financing".
For the person well familiar with the computer, use of the electronic digital signature will not make a big problem. But hardly all Russians will be able to master this technology, the Minister of Telecom and Mass Communications Igor Shchyogolev told at the Tver economic forum. As an alternative its department decided to create the special protected e-mail for communication of the state with citizens. Selected 10 million rubles for these purposes. The right to develop the project was won by St. Petersburg State University of Telecommunications of Bonch-Bruyevich.
"In the West the EDS did not find broad application, said in the request of one of contestants, the company "Ashmanov and partners'. — It was inconvenient... The average citizen after some fluctuations preferred to go "in the old manner' to offices personally, than to get the software, the certificate, to study features of the EDS, etc. Neither the western state institutes, nor commercial enterprises of mass service began to use the EDS in essential scales because of an unacceptance the citizen/client".
In Russia, apparently, in parallel will develop several duplicative systems of access to the electronic government. The copy of the report of the Ministry of Economic Development was directed in the Ministry of Telecom and Mass Communications, but the position of this department "is not expressed so far", the acting as the Minister of Economic Development Andrey Klepach notes in the cover letter to the draft of the report.
The electronic digital signature is most actively used in the field of finance – it is promoted by both growth of penetration of the systems of Internet banking, and initiative of the Federal Tax Service which divisions accept the reporting in electronic form. Besides, the Russian President Dmitry Medvedev signed recently the Federal law of 7/27/2010 No. 229-FZ which provides making changes in the first and second part of the Tax Code of the Russian Federation. Among them – a possibility of drawing of invoices in electronic form by mutual consent of the parties of the transaction and in the presence at the parties of compatible technical means and opportunities for acceptance and processing of invoices. One of compulsory provisions of such process is signing of invoices using the EDS.
According to experts of the market, creation of any financial documentation and accounting is one of the simplest examples of the industry where use of the EDS can make profit. Now the organizations for storage of financial statements often should rent warehouses – storage life of documents can make 5 years and even more. Rather essential means are spent for it. Besides, each normal individual of the house has too a peculiar warehouse in which documents are stored. If to transfer all these documents to an electronic form, it will significantly facilitate human life or the companies and will ensure big safety of documents – it is as simple not to copy paper documents as electronic.
Use of the EDS when rendering state services can save not only time to citizens, but also means of the state – due to reduction of the staff of the employees performing documents acceptance, minimization of errors and losses when processing and so on.
It is worth noticing that for documentoyemky information systems of means of protecting seem additional loading as additional computing powers are required both on authentication, and on decoding of data. Nevertheless, in certain cases, they, on the contrary, can save resources, blocking access to processes to those users who can abuse them. If in a system information for a limited circle of application is processed, then implementation of encryption systems and reliable authentication is quite justified.
Besides, at the level of the legislation protection of workflow systems in case of personal data processing or transactions of international payment systems is required. All technology components of similar protection are already implemented and are implemented, it is important to observe during their use requirements for preserving of the legal importance of electronic documents when processing in documentoyemky information systems.
In the new version of the law, according to experts of the market, some limits imposed by the first law are lifted – for example, optional is use of the certified cryptomeans. It facilitates life to many organizations and individuals in regions. The matter is that the certified cryptomeans should be transferred or via a secure channel, or on the unchangeable carrier – for example, on a disk. Meanwhile, the secure channel itself should be protected by the certified cryptomeans so there is a stalemate. And it is not all nuances which should be considered in the new version of the law on the EDS.
In the Russian market (2010) there are several cryptoproviders who are with each other not compatible. Thus, there is a situation when to each user to send the letter with the EDS to other user, it is necessary to make sure that the addressee will be able to check the EDS at first. Though, apparently, actually same algorithm is used, and application of the EDS is regulated by the same law, implementation at the companies working at this market different.
2002: In Russia the first law "About the Electronic Digital Signature" is adopted
The Act of the Russian Federation of January 10, 2002 No. 1-FZ "About the electronic digital signature" was the first law regulating instructions for use of the electronic digital signature in Russia. The main claim to 1-FZ was its ambiguity, vagueness. In particular, even determinations of the EDS and the electronic document in general give opportunities for ambiguous treatment. Leaves opportunities for discrepancies and such concept as the proofs defining the signing moment – they can be considered also the stamp of time entering the signature, and time which is put down in the document. Also how to define the certificate which did not become invalid at the time of check raises questions. Now the companies interacting with each other using the EDS and the organization solve all these problems with the help of signing of additional regulations, differently – agreements on accession, however it seriously complicates process of exchange of electronic documents.
2000: The law on the EDS in the USA
In the summer of 2000 became effective the national law of the USA on the electronic signature — from this day a stroke on paper and in the digital document are equivalent. At least, under the federal law. The law did not invert technology reality, but created a separate segment of the market — management of digital transactions (digital transaction management, DTM). According to the research Aragon Research, this quickly growing segment by 2020 will reach impressive volume in 30 billion dollars.
In the USA UETA and the national law on the EDS give to electronic documents the same weight that have the traditional paper obligations signed by hand.
These legal acts define the EDS as "the electronic sound, the character or process enclosed or which is logically connected with the contract or other record, attached to it by the person with intention to sign this record". Thus, any business transaction can be executed by an electronic method.
"In the USA people use electronic signatures in all aspects concerning their everyday life. You can issue a mortgage in electronic form or an insurance as a part of a car loan" — Stephen Bisbee, the president of the Baltimore company eOriginal who owns the patent for process of creation, the signature and document transfer by an electronic method says.
The most progressive enterprises do not ask a question any more whether to use the electronic signature — they are concentrated on in the best way to build in its application own business processes.
Management of any "digital" business online will become the next step. "This advance — from simple signatures to difficult financial transactions electronically" — considers Bisbi and foretells that the change in this area will occur within the next four years.
1994: In Russia the EDS standard – GOST P 34.10-94 is adopted
1976: Development of the electronic signature in the USA
The USA can consider the homeland of the EDS: in 1976 the American cryptographers Whitfield Diffie and Martin Hellman the concept "electronic digital signature" was for the first time offered though they only assumed that schemes EDSs can exist. But in 1977 the cryptographic algorithm RSA which without additional modifications can be used for creation of primitive electronic signatures was developed.
- ↑ Russia will impose criminal liability for the wrong issue of the electronic signature
- ↑ Russia works on the new mechanism of identification on the Internet
- ↑ Powers of users of the EDS can enshrine in the uniform certificate
- ↑ the First SIM cards with the EDS will appear in Russia in 2013.
- ↑ the Federation Council suggests to unify the EDS
- ↑ the Federation Council suggests to unify the EDS
- ↑ 
- ↑ [http://www.intertrust.ru/press_center/articles/view/2104-15-let-elektronnoi-podpisi-v-ssha-yubilei-s-ogovor.htm of 15 years of the electronic signature in the USA
- ↑ . Anniversary with clauses]