JC-WebClient

JC-WebClient - a product is intended for the organization of safe user login in a personal account on a remote server.

2020

Release of version 4.3

On June 29, 2020 the Aladdin R.D. company announced release of the next version of the product JC-WebClient for work with USB tokens and smart cards of JaCarta in Web applications and cloud services.

JC-WebClient 4.3 allows to implement strict mutual two-factor authentication of the user and the Web server, formation and check strengthened or the strengthened qualified electronic signature (ES), data encryption, transferred between the client computer and the Web server and also safe confirmation of transactions using Trust Screen-устройства "Antifrod-terminal".

JC-WebClient 4.3 works with all popular browsers and operating systems. The JC-WebClient application is installed on the computer at the first visit of the protected Web resource then works in the background and does not demand any actions from the user.

JC-WebClient 4.3 supports work of USB tokens and the smart JaCarta-2 SE cards (JaCarta-2 SE/PKI/GOST), JaCarta-2 PKI/GOST, JaCarta-2 GOST in which the Russian cryptographic algorithms for work with the electronic signature and for data encryption are implemented. Devices are certified according to requirements of FSB of Russia.

In JC-WebClient 4.3 support of USB tokens and smart cards of JaCarta PRO and earlier being issued eToken PRO (Java) in which foreign cryptoalgorithms are implemented is also provided. It provides freedom of choice to developers if the work task from the strengthened qualified EDS which requires use of the certified CIPF and the accredited UTs is not necessary.

The opportunities which became available in JC-WebClient 4.3:

• scriptability of work in terminal sessions on terminal servers (RDS) is implemented;
• support of several signatures within one CMS envelope is added;
• the functionality of accession to the signature of system time is added.

JC-WebClient 4.3 also includes the built-in Web application for loading, removal and viewing certificates of UTs in storage on a token. The certificates of UTs loaded on the device are used by JC-WebClient for automatic creation of chains of trust at transactions of verification of the signature and encryption/deciphering of documents. It allows to refuse use of system storages of certificates Microsoft Windows, Apple macOS and Linux that gives to the user an opportunity to work with the Web application from different computers without need to perform settings of system storages on each of them.

JC-WebClient SDK developer kit, including detailed guide to embedding and a demonstration example with the source code is available to embedding of JC-WebClient in Web applications.

Support of JaCarta-2 GOST and JaCarta-2 SE for logging into the personal account of the taxpayer for SP

On June 25, 2020 announced Aladdin R.D. company that on the official site of FTS within updating of JC-WebClient to version 4.2 USB tokens and smart cards of the JaCarta family (JaCarta-2 GOST, JaCarta-2 SE, JaCarta-2 PKI/GOST and JaCarta-2 PRO/GOST) for work in a personal account of the taxpayer for individual entrepreneurs are completely integrated. Read more here.

2019: Release of version 4.2

On December 11, 2019 the Aladdin R.D. company announced release of the next version of the product JC-WebClient for work with USB tokens and smart cards of JaCarta in Web applications and cloud services.

According to the developer, JC-WebClient 4.2 allows to implement strict mutual two-factor authentication of the user and the Web server, formation and verification of the strengthened qualified electronic signature (ES), data encryption transferred between the client computer and the Web server and also safe confirmation of transactions using Trust Screen-устройства "Antifrod-terminal".

According to the statement of the developer, JC-WebClient 4.2 works with all popular browsers and operating systems. The JC-WebClient application is installed on the computer at the first visit of the protected Web resource then works in the background and does not demand any actions from the user.

JC-WebClient 4.2 supports work of USB tokens and the smart JaCarta-2 GOST cards in which cryptographic algorithms — GOST P 34.11 2012 and GOST P 34.10-2012 are implemented. These devices are certified on the updated requirements of FSB of Russia, emphasized in Aladdin R.D.

The provided version of JC-WebClient also supports work with USB tokens and smart cards of JaCarta PRO and eToken PRO (Java) in which foreign cryptoalgorithms are implemented (3DES, AES-128, SHA-1 and RSA-1024). It provides freedom of choice to developers if the work task from the strengthened qualified EDS which requires use of the certified CIPF and the accredited UTs is not necessary.

Possibilities of JC-WebClient 4.2 mentioned by the developer:

• the functionality "Data acquisition of the client PC" allowing to collect the following data from the user device is added: IP addresses, MAC addresses, hostname, list of active network connections, system date and time other;
• the functionality "by TLS in accordance with GOST", allowing to set to the Web application the protected TLS connection with the remote TLS server in accordance with GOST (is added when using USB tokens or smart cards of the JaCarta-2 GOST model). Provides strict two-factor mutual or one-sided user authentication and TLS servers and also data encryption of the Web application in a communication channel in accordance with GOST 28147-89;
• support of means of the entrusted display of the signed data when using an applet of Kriptotoken-2 of the EDS and SaveTouch PRO is added;
• support of "the entrusted websites" which are allowed to work with the connected tokens is added. Such additional functionality prevents attempts of phishing sites to interact with a token;
• support of operating systems Mac OS 10.15, Debian 9.5, Ubuntu 18.04 is added;
• the feature for adding polzovatelskiykh attributes in request for issue of the certificate is added.

As noted in Aladdin R.D., JC-WebClient 4.2 also includes the built-in Web application for loading, removal and viewing certificates of UTs in storage on a token. The certificates of UTs loaded on the device are used by JC-WebClient for automatic creation of chains of trust at transactions of verification of the signature and for enciphering/ decipherings of documents. It allows to refuse use of system storages of certificates Microsoft Windows, Apple macOS and Linux that gives to the user an opportunity to work with the Web application from different computers without need to do settings of system storages on each of them.

JC-WebClient SDK developer kit, including detailed guide to embedding and a demonstration example with the source code is available to embedding of JC-WebClient in Web applications.

2017: Release of version 4.0

On October 12, 2017 the Aladdin R.D. company announced release of version 4.0 of JC-WebClient technology. The product is focused on embedding of functions of work with USB tokens and smart cards of JaCarta in web applications and cloud services.

JC-WebClient 4.0 helps to implement mutual two-factor authentication of the user and the Web server, formation and check strengthened or the strengthened qualified electronic signature (ES), data encryption, transmitted between the client computer and the Web server, safe confirmation of transactions using Trust Screen-устройства "Antifrod-terminal".

JC-WebClient 4.0 works with all popular browsers and operating systems. The JC-WebClient application is installed on the computer at the first visit of the protected web resource then works in the background, without demanding actions from the user.

Feature of the version of JC-WebClient 4.0 - support of generation of USB tokens and smart cards of JaCarta-2 GOST in which cryptographic algorithms — GOST P 34.11 2012 and GOST P 34.10-2012 are implemented. Devices are certified according to requirements of FSB of Russia. For embedding of the cryptographic JaCarta-2 GOST functions in the application software JC-WebClient uses only the safe (certified) commands which are not allowing cryptographic dangerous effects at the wrong embedding and use checked and included in the permitted "white" list.

The added features

• High speed of signing — when forming the EDS hash value from the signed document is calculated using the certified program library now, at the same time the security level does not decrease thanks to the fact that the hash is transferred to a token via a secure channel.
• Enciphering of messages (documents) in accordance with GOST 28147-89 in the CMS format, according to the Recommendations of Technical committee 026 which is performed not on the token microcontroller, and on more PC productive processor that provides fast processing of big documents.
• Support of work with storage of the entrusted objects of JaCarta-2 GOST in which the Security administrator writes previously the entrusted public keys executing a role of public keys of the entrusted Certification centers.
• The built-in protection against substitution of the signed documents and interception of PIN-and PUK codes in the channel between the JC-WebClient application and a token of JaCarta-2 GOST due to automatic establishment of the protected connection between them.
• An opportunity to set a session of exclusive work between the JC-WebClient application and a token of JaCarta-2 GOST at which the device blocks attempts of any third-party applications to get access to its functions.
• An opportunity to establish an additional PIN code on formation of the EDS that increases security, reduces the probability of wrong actions of users, protects from the attacks connected with remote use of a status of "zaloginennost" of a token for the signature of forgery documents.
• Unblocking of the PIN code of the user by the PUK code, allowing to unblock the JaCarta-2 GOST device without the addresses to the Administrator.
• The version of JC-WebClient includes the built-in web application for loading, removal and viewing certificates of UTs in storage on a token. The certificates of UTs loaded on the device are used by JC-WebClient for automatic creation of chains of trust at transactions of verification of the signature and enciphering/ decoding of documents. It allows to refuse use of system storages of certificates Microsoft Windows, Apple macOS and Linux that gives to the user an opportunity to work with the web application from different computers without need to do settings of system storages on each of them.

JC-WebClient 4.0 supports work with USB tokens and smart cards of JaCarta PRO and eToken PRO (Java) in which foreign cryptoalgorithms are implemented (3DES, AES-128, SHA-1 and RSA-1024). It provides freedom of choice to developers if the work task from the strengthened qualified EDS which requires use of the certified CIPF and the accredited UTs is not necessary.

JC-WebClient SDK developer kit is available to embedding of JC-WebClient in web applications.

2016

Release of version 3.0

On July 6, 2016 the Aladdin R.D. company announced release of the version of JC-WebClient 3.0 for support of a CIPF in web applications.

Solution:

• allows to solve problems of security for web applications;
• supports all popular browsers;
• works at the uniform stable technology which is not depending on "zoo" of technologies of the plug-ins and expansions inherent to different browsers;
• it is backward-compatible with the previous generation of JC-WebClient 2.x using technology of plug-ins.

Possibilities of JC-WebClient

JC-WebClient helps to build in web applications of function:

• two-factor mutual authentication of the user and Web server;
• formations and verifications of the electronic signature in accordance with GOST P 34.10-2001;
• data encryptions, transferred between the client PC and the Web server, in accordance with GOST 28147-89.

It is necessary to verify authenticity, both the user, and the server. Implement a possibility of safe formation and verification of the electronic signature for ensuring the legal importance of electronic interaction. Such need can arise at:

• to sending payment orders to bank;
• remote signing of the contracts, agreements;
• participation in electronic biddings;
• signing of documents for execution in electronic document management systems;
• the direction of legally significant copies of documents for receiving state. services;
• etc.
• Provide confidentiality of the data transferred on a communication channel.

The listed problems are solved with use of the means of cryptographic information protection (further - a CIPF) executed in the form of the tokens connected to USB port of the computer.

However the browsers "in pure form" do not provide to the code of web pages access to the devices connected to USB port. Implementation of such access requires development of special expansions / plug-ins for browsers or use of other technologies. As a rule, NPAPI technologies (for Google Chrome Mozilla Firefox Apple Safari Yandex.Browser Opera) were used and ActiveX Microsoft Internet Explorer (for).

However in connection with vulnerabilities of technology NPAPI, Google in 2015 turned off support of NPAPI in Chrome. Yandex.Browser turned off support of NPAPI by default. The Opera browser working on the same engine, as Google Chrome retained time support of NPAPI for a transient period and also is going to disconnect in the future.

Google offered in exchange alternative technology – Native Messaging. However it is not backward-compatible with NPAPI (there is no support of synchronous methods).

Mozilla Firefox is also going to turn off support of NPAPI until the end of 2016 and suggests to use own WebExtensions technology.

The Apple Safari browser began to demand confirmation of trust to NPAPI plug-in from the user, having complicated that his use. Therefore there are bases to believe that Apple will offer own technology of expansions, having also refused support of NPAPI.

The browser Edge in Microsoft Windows 10 still does not provide API for development of plug-ins and expansions at all. Apparently, Microsoft for this browser will offer the new technology, excellent from ActiveX.

Before developers of web applications there was a need to adapt web applications for each type of the browser and to support "zoo" of the different technologies inherent to different browsers. Such approach complicated a problem of support of a CIPF for implementation of safety features, created a large number of potential points of failure and also became an origin of problems with backward compatibility.

Scheme of interaction JC-WebClient, (2015)

As a part of JC-WebClient as of July, 2016: The JC-WebClient application – implements technology of the local Web server

• Provides to web pages JavaScript API for access to functions of a token
• Works in the background, without providing any controls to the user

Service of monitoring – starts the JC-WebClient application when loading the operating system

• Controls integrity of the application and at emergence of emergency situations in the operating room

to a system restarts it

• Provides reliability and fault tolerance of the solution

Token – USB - token/smart - the card JaCarta of GOST or eToken GOST

• Is personal means of authentication and strengthened qualified electronic

signatures with not taken key also implements the Russian cryptoalgorithms

"Antifraud terminal" is Trust Screen-устройство (option JC-WebClient)

• Provides the strengthened protection against the attacks on the electronic signature during the work of the user in not entrusted environment. Supports operation modes with a smart card and with an USB token