2020: Submission of the protocol of safe exchange of personal data
NPK "Kriptonit" reported on June 29, 2020 to TAdviser that her scientists and specialists drafted the protocol of security "X".
This protocol of security will allow to transfer personal data from the user to service only in the form of the ciphered data packet — "blob" (from engl. Binary Large Object, BLOB is an array of binary data). Each blob can be checked and certified by the inspector of personal data who confirmed information on the user. The state body (for example, tax administration or the pension fund) or commercial structure can act as the inspector, for example, (for example, bank or insurance company).
 | For June, 2020 there is a number of protocols on ensuring safe data transmission on the Internet (TLS, IpSec) and also different authentication protocols (Kerberos, OAuth). They well cope with the tasks, but they are useless as soon as you transferred the data to someone. When using the IKS protocol the user is precisely sure that the transferred personal data will be used only there and only for that time for which he granted permission — Vasily Shishkin, the head of laboratory of cryptography of NPK "Kriptonit" comments. |  |
The packet of personal data (blob) contains in encrypted form all necessary information which is transferred by their owner to service (to bank, online store, insurance company, etc.), is created for one request and has temporary restriction on a personal data storage. After time the service will not be able to use the received data set. The blob is validated by the inspector only at successful check of correctness of the signature of the user under the created data packet. If the user did not provide data, then the signature under a blob cannot be created from his name by the malefactor. Service, having received the ciphered blob, cannot decrypt it, and can request check from the inspector only.
Use of mechanisms of homomorphic enciphering which in the future will allow to perform exchange of the ciphered data without the need for involvement of the third party will become development of this approach.
The IKS protocol can be implemented with any encryption algorithm, the digital signature and generation of a key which are resistant in our model of the opponent. At the same time developers of the protocol recommend to use the Russian cryptographic standards.
| | For the end of June, 2020 the IKS protocol is a reasonable concept of exchange of personal data which can become a basis for creation of other infrastructure of digital trust at the level of the state or even to all Internet. Full implementation of the protocol requires creation of separate elements of infrastructure, such as certification centers, applications for mobile phones, servers of the IKS protocol and some others. Also, simultaneous implementation of elements of the protocol from all participants of information exchange is required – users, services, providers and government institutions. Therefore to speak about specific estimates on the terms and resources necessary for implementation of the protocol early so far. But, it is possible to tell about creation of this approach to personal data protection which is extremely perspective with confidence — Vasily Shishkin, the head of laboratory of cryptography of NPK "Kriptonit" commented. | |
You See Also
- Internet Protocol Security (IPsec)
- Point-to-Point Tunneling Protocol (PPTP)
- Layer 2 Tunneling Protocol (L2TP)
- Secure Socket Tunneling Protocol (SSTP)
- VPN (world market)
- VPN (market of Russia)
- VPN solutions for corporate networks
- VPN routers for small and medium business (SMB)
- VPN and privacy (anonymity)
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |