Rostelecom CryptoSDK

Main article: Cryptography

2024: Positive conclusion of the FSB of Russia for compliance with the requirements for CIPF class KS1

Cryptographic module "CryptoSDK" with built-in domestic means of cryptographic protection (CIPF) received a positive conclusion of the FSB of Russia for compliance with the requirements for CIPF class KS1. This was announced on February 16, 2024 by representatives of Rostelecom.

As of February 2024, CryptoSDK meets all the regulator's requirements for safe work with biometrics in mobile applications. The software module developed by Rostelecom and CryptoPro provides seamless identification and authentication through the ESIA and the Unified Biometric System, does not require additional certification when embedded in mobile applications, and also reduces companies' information security costs when working with the Unified Biometric System. The use of the CryptoSDK module also allows you to build a secure communication channel to the information systems of organizations.

"We received a positive conclusion from the FSB of Russia, which confirms the compliance of the CryptoSDK with all the requirements of the regulator. The module is included in the line of domestic developments that ensure the protection of biometric data and their vectors during storage and transmission, "said Deputy General Director of CBTEvgeniy Semenov.

"CryptoSDK" uses certified CIPF "CryptoPro," which guarantees the security of data transmission and provides a secure communication channel between information systems.

"When developing the CryptoSDK module, Rostelecom specialists took into account the requirements of the regulator in the field of information security (IS). The main task was to simplify the user path for the client when working with biometrics and ensure absolute data security. The "CryptoSDK" module allows citizens to comfortably and safely interact with the ESIA and the Unified Biometric System directly in the bank's mobile application, providing a seamless process of remote identification and receipt of services. The inclusion of the module in the register of Russian software, and now the positive conclusion of the FSB, once again confirm full compliance with Russian legislation in the field of information security and provide an additional incentive in the development of cryptography in the country, "said Ivan Berov, vice president and director of digital identity at Rostelecom.

The solution allows organizations to identify and authenticate per biometrics in their own application, meeting all the requirements of. data protection At the same time, it is enough for the user to install only the organization's application - the application is not "Public services Biometrics" needed. For example, the installed CryptoSDK module in the bank's application allows users to remotely open an account or use another service. Thanks to CryptoSDK, in the future it will be possible to safely pay for purchases using biometrics in store applications, remotely take exams at universities, and board a train without presenting a passport.

"Obtaining an opinion of the FSB of Russia on a cryptographic module based on the means of'CryptoPro' is the most important milestone in the development of mass cryptography in Russia. Now organizations processing user biometric data will be able to protect this data using domestic cryptography without the need for influence assessment studies, which will significantly increase the pace of introduction of secure solutions in our country, "said Stanislav Smyshlyaev, Deputy General Director of CryptoPro, Doctor of Physics and Mathematics.

2023: Transfer of rights to CryptoSDK to CBT

Since 2023, the exclusive rights to CryptoSDK belong to the Center for Biometric Technologies (CBT).

2022: Inclusion in the Register of Domestic Software

A typical client cryptographic software module "CryptoSDK" for working with biometrics, developed by Rostelecom, is included in the Unified Register of Russian programs for electronic computers and databases. Rostelecom announced this on April 4, 2022. According to the classifier, approved by order of the Ministry of Digital Development of Russia dated 22.09.2020 No. 486, the Rostelecom module is classified as a means of protecting data transmission channels, including cryptographic methods.

"CryptoSDK" is developed for personal data protection both channels communications for remote customer service, as well as remote identifications authentications services and citizens using. Unified biometric system The installation of the module allows you to identify citizens by biometrics and provide them with services directly in or mobile application bank by the organization, simplifies their interaction with the Unified Biometric System and other state information systems.

The inclusion of the "CryptoSDK" module in the unified register of domestic software is an important stage for companies that work with our software and want to organize a secure remote identification service in their own application without the need to undergo a certification procedure. The development of Rostelecom allows organizations to apply Russian security certificates in their mobile applications and build a crypto-secure communication channel to the organization's infrastructure, "said Ivan Berov, director of digital identity at Rostelecom.

Rostelecom's solution was developed in accordance with the strict requirements of Russian regulators in the field of information security. As a cryptographic tool, a certified domestic solution "CryptoPro CSP" version 5.0 R2 KS1, developed by the company "CryptoPro," was used.

CryptoPro experts have repeatedly emphasized the relevance of the task of simplifying the embedding of support for Russian cryptography for developers of end mobile applications. The creation and development by Rostelecom of the CryptoSDK module, now included in the unified register of domestic software, is another important step in this direction, "said Stanislav Smyshlyaev, Deputy General Director of CryptoPro.

2021

Release of the CryptoSDK module for working with biometrics

On October 25, 2021, the company Rostelecom"" announced that it had completed testing and released sale domestic cryptographic it into the Crypto module, SDK developed for protection channels communications for remote customer service and remote identifications citizen services using. " Until the Unified biometric system " end of 2021, this Rostelecom solution can be built in for free. It allows you to carry out identification mobile application bank in a particular organization, fulfilling all the requirements of. information protection

Illustration: www.test.skif.donstu.ru

"CryptoSDK" is a domestic multifunctional solution that can be used to organize cryptographic information protection tools communication channels protected using (CIPF) for remote banking service or in other scenarios. Now, in order to receive a service using the Unified Biometric System, the client just needs to install the application of the organization that provides it - earlier, for identification, the user was redirected to "" mobile application Biometrics from Rostelecom. At the same time, the organization providing services by biometrics can independently decide what is more convenient for it: to embed the CryptoSDK module or conduct integration mobile applications and Biometrics applications.

CryptoSDK also allows you to establish a secure connection according to the GOST TLS protocol and connect mobile applications of both external and internal users of the organization with its corporate information systems via a communication channel protected by domestic CIPF.

Rostelecom's solution was developed in accordance with the strict requirements of Russian regulators in the field of information security, which makes it possible to organize a secure remote identification service in its own application without the need to undergo a certification procedure. As a cryptographic tool, a certified domestic solution "CryptoPro CSP" version 5.0 R2 KS1, developed by the company "CryptoPro," was used.

"We have done a great job and created a product that has no analogues. CryptoSDK solves the main problem - it provides an inextricable client path when interacting with the Unified Biometric System. Now any organization can conduct biometrics identification in its own application, fulfilling all the requirements of the regulator for data protection using the domestic cryptographic module. It is fully integrated into the application interface of not only banks, but also any organizations that plan to use domestic cryptography in their mobile software. Rostelecom's solution allows customers to receive services without interrupting the client path during the identification process. At the same time, using our solution, organizations do not need to conduct case studies and certify their application, "- said Director of Digital Identity of Rostelecom Ivan Berov.

"Based on our certified CryptoPro CSP 5.0 R2 solution, Rostelecom has created a universal software module that performs all stages of the remote identification protocol through the Unified Biometric System, as well as provides a high-level interface for providing secure TLS interaction with GOST. The use of this module in end mobile applications does not require developers to have special knowledge in the field of information security, which negates the previously existing difficulties in embedding cryptography in mobile applications to implement complex information protection protocols similar to those used in the "Unified Biometric System," - said Deputy General Director of CryptoPro Stanislav Smyshlyaev.

Earlier, the FSB of Russia agreed on the terms of reference of the "Rostelecom" for the development of the cryptographic module "CryptoSDK," in April 2021 its testing began, in which organizations of the technological sector, banks and large developers of automated banking systems - "Center for Financial Technologies (CFT)" and iDSystems took part. For October 2021, case studies are being held for compliance with the information security requirements of the FSTEC of Russia and the FSB of Russia.

According to the company, on January 1, 2022, all banks with a universal license that have applications for working with individuals must provide customers with the opportunity to remotely open an account, deposit or receive a loan using the ESIA and the Unified Biometric System.

Approval of the terms of reference for the development of the cryptographic module "CryptoSDK" of the FSB of Russia

FSB of Russia agreed on the terms of Rostelecom reference "" for the development cryptographic of the CryptoSDK module. It will make it easier to meet the requirements information security for implementation identifications authentications and through Unified biometric system. business processes banks The solution is developed in accordance with the strict requirements of regulators in the field. As information security a cryptographic tool, the module uses a certified domestic solution "" CryptoPro CSP version 5.0 R2, developed by the company "."Crypto-Pro

The module will allow banks to perform identification and authentication in biometrics their own - application without breaking the user path and redirecting the client for identification mobile application in "." Biometrics"Crypto" is SDK a multifunctional solution that can also be used to organize channels protected with the help of domestic cryptographic means for communications or remote banking service in other scenarios not related to biometrics.

If you are using the module, you will not need to further verify that the embedding is correct for end-customer applications. This approach will greatly simplify the use of domestic cryptographic tools.

When working with biometrics, it is important for us not only to ensure a high level of information security, but also to make the solution convenient to use both for organizations and for end users - citizens of the Russian Federation. This cryptographic module 'CryptoSDK' meets the strictest requirements of information security regulations. It simplifies the user path for customers and reduces the cost of organizing a secure communication channel for organizations. In the future, Rostelecom will conduct case studies, after which the decision will receive an appropriate conclusion, and then - coordination of operational documentation with the regulator in the field of information security, - said Ivan Berov, director of digital identity at Rostelecom.

Test Run

On April 2, 2021, Rostelecom"" announced the start of testing cryptographic the CryptoSDK module, developed to simplify the implementation of measures data protection for implementation in biometric identifications. business processes banks The installation of the module will allow identifying citizens by biometrics and providing them with services directly mobile application to the bank, as well as simplify their interaction with. Unified biometric system

At the beginning of April 2021, in order to provide services using the Unified Biometric System, the protected Biometrics mobile application from Rostelecom must be integrated into the bank's service, or financial organizations independently develop and certify a solution to ensure the security of biometric data. When using Biometrics, the user is redirected to the application for secure identity confirmation, and then returns to receiving the service in the bank service.

Thanks to this decision of Rostelecom, banks will be able to conduct biometrics identification in their own application, fulfilling all data protection requirements. At the same time, it will be enough for the client to install only the bank's application - the Biometrics program will not be needed. At the same time, the financial institution will be able to independently decide which way to go: to build the CryptoSDK module, which will go on sale at the end of 2021, or to integrate the bank's mobile applications and Biometrics available since 2018.

Rostelecom plans to certify the CryptoSDK module for compliance with the requirements of Russian regulators in the field of information security, which will give banks the opportunity not to certify their own application to implement a secure remote identification service in it.

The readiness to take part in testing the CryptoSDK module was confirmed by a number of banks and developers of automated banking systems - the Financial Technology Center (CFT) and iDSystems.

Our mobile application "Biometrics," which was published in the AppStore and Google Play back in 2018, is being integrated into the service of banks that have launched remote identification. It is protected in accordance with the requirements of information security regulations, uses Russian cryptographic protection tools and has passed case studies and specialized checks in a laboratory certified by the FSB. With the advent of the CryptoSDK, biometric data protection functions will be performed in the bank's application itself. Launching the Biometrics program in 2018, neither we nor our partners could implement such a service, but now we have made a breakthrough and are ready to offer a certified crypto module, using which banks do not need to certify their application, - said Ivan Berov, director of digital identity at Rostelecom.

In the financial sector, biometric technologies have long-term development prospects: they simplify the processes of communication and customer service. As the scope of biometrics expands, the population will use this mechanism of remote interaction with organizations more massively. The regulator contributes to accelerating the process of filling the base of the Unified Biometric System. From 2022, banks will be required to provide new customers with the ability to undergo biometrics identification through their standard mobile applications. The task of technology companies is to provide banks and their clients with a convenient and safe solution in a timely manner, "said Elena Smyshlyaeva, Deputy Director of Digital Technologies Business at CFT Group.