RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2024/08/29 17:46:19

Electronic signature (EDS)

The electronic signature is intended to protect the electronic document transmitted through various media or stored in digital form from counterfeiting and is an attribute of the electronic document. It is obtained as a result of cryptographic conversion of information using the private key of an electronic digital signature and allows you to identify the owner of the certificate of the signature key, to establish the absence of distortion of information in the electronic document.

Content

An electron signature (EA) is a software-cryptographic means that provides:

  • checking the integrity of documents;
  • confidentiality of documents;
  • identification of the person who sent the document

The electronic signature is used by individuals and legal entities as an analogue of the handwritten signature to give the electronic document legal force equal to the legal force of the document on paper, signed by the handwritten signature of the authorized person and sealed.

An electronic document is any document created using computer technology and stored on media processed using computer technology, whether it is a letter, contract or financial document, diagram, drawing, drawing or photograph.

Benefits of Using the Display

The use of EP allows you to:

  • significantly reduce the time required to complete the transaction and exchange documents;
  • improve and reduce the cost of the procedure for preparing, delivering, recording and storing documents;
  • guarantee the accuracy of the documentation;
  • minimize the risk of financial losses by increasing the confidentiality of information exchange;
  • build a corporate document exchange system.

It is impossible to fake EP - this requires a huge amount of calculations that cannot be implemented at the modern level of mathematics and computing in an acceptable time, that is, so long as the information contained in the signed document remains relevant. Additional protection against counterfeiting is provided by certification by the Signing Public Key Certification Center.

Using the EP, work on the scheme "developing a project in electronic form - creating a paper copy for signature - sending a paper copy with a signature - considering a paper copy - transferring it electronically to a computer" is a thing of the past.

Three types of electronic signature

Electronic signatures are divided into three types by the 2011 law.

  • Simple signatures are created using codes, passwords and other tools that allow you to identify the author of the document, but do not allow you to check it for changes since signing.
  • The enhanced unqualified signature was created using cryptographic means and allows you to determine not only the author of the document, but check it for changes. To create such signatures, a certificate of an unaccredited center can be used, you can also do without a certificate at all, if technical means allow you to fulfill the requirements of the law.
  • The enhanced qualified signature is a type of enhanced signature, it has a certificate from an accredited center and was created using means confirmed by the FSB.

Simple and unqualified signatures replace the signed paper document in cases stipulated by law or by agreement of the parties. For example, simple signatures can be used by citizens to send messages to authorities. A hardened signature can also be seen as analogous to a printed document.

Qualified signatures replace paper documents in all cases, except when the law requires the presence of only a document on paper. For example, with the help of such signatures, citizens can receive public services in electronic form, and state authorities can send messages to citizens and interact with each other through information systems. Previously issued EDS certificates and documents signed with their help are equated with qualified signatures.

Foreign electronic signatures are equated in Russia with the types of signatures to which they correspond.

A simple electronic signature, unlike the previous electronic digital signature, is not intended to protect a document from counterfeiting. It does not detect a possible distortion of the content of the document. Its only function is to confirm the fact of the formation of an electronic signature (and not the document itself!) By a certain person.

The purpose of determining the person who signed the electronic document, as well as detecting the fact of amendments to the document after its signing, is an enhanced electronic signature. It is this signature (in two forms - unqualified and qualified) that is an analogue of the previous electronic digital signature.

Since a simple electronic signature requires the use of codes, passwords or other means, it will become clear what can be considered an electronic signature and what cannot. Obviously, in the case of an email, the sender's name manually set after the text cannot play the role of an electronic signature, since it does not depend in any way on the password using which the sender generated and sent the letter. The information indicating the person on whose behalf the document was sent may probably be the message identifier in combination with the IP address of the sender's computer, indicating that the message was created by accessing the mail system, accompanied by entering a password belonging to a certain user. The sender's email address and sender's name can be considered a signature only if the information system operator ensures their reliability, because the postal protocol allows you to specify any name and any return address, and some postal systems do not impose any restrictions here.

EDS

EDS tools are hardware and (or) software tools that provide implementation of at least one of the following functions:

  • creating an electronic digital signature in the electronic document using the private key of the electronic digital signature;
  • confirmation using the public key of the electronic digital signature of the authenticity of the electronic digital signature in the electronic document,
  • creation of private and public keys of electronic digital signatures.

Cryptographic basis

The electronic signature is based on public key cryptography. With its help, a special user certificate is formed. It contains user information, a public key and an electronic signature of the certificate, it can be verified using the public key of the certification center. The algorithm ensures that only the certification center, which has a secret encryption key and trust in which is the basis for the operation of the entire EDS system, can generate a signature.

Trust in certification centers is based on the hierarchical principle: the certificate of the certification center of the lower level is certified by the electronic signature of the certification center of the higher level. The highest level of certification centers is federal, which is under the control of state bodies. The entire trust system built on certificates forms the so-called Public Key Infrastructure PKI (). With such an infrastructure, it is necessary to check not only the legitimacy of the key of the certification center that issued the certificate, but also of all higher certification centers. In particular, when forming an electronic transaction, it is necessary to check not only the mathematical correctness of the EDS, but also the validity of the entire chain of certificates involved in the manufacture of the signatory's certificate at the time of signing a specific electronic document.

In Russia, the PKI system is being created, which is available to almost everyone. Initially, it was created by the agency Rosinformtekhnologiya on the basis of the All-Russian State Information Center (OGIC). However, now the federal certification center has been transferred to Rostelecom. This telecommunications operator actively proposes to develop various projects using PKI.

Equivalent to handwritten signature

An electronic digital signature in an electronic document is equivalent to a handwritten signature in a hard copy document, while meeting the following conditions:

  • the signature key certificate relating to this electronic digital signature is not invalid (valid) at the time of verification or at the time of signing the electronic document if there is evidence determining the moment of signing;
  • the authenticity of the electronic digital signature in the electronic document is confirmed;
  • The digital signature is used according to the information specified in the signature key certificate.

The scope of the EDS is defined by an identifier called an OID. Each scope has its own OID. For example, the field of application, which allows signing documents for putting objects on the RCP, has OID 1.2.643.5.1.24.2.1.3.1 "Formation by the cadastral engineer of documents for receiving services from the applicant." An EDS with such an OID is issued only to cadastral engineers who present the Cadastral Engineer Certificate for receipt.

The scope of application, which allows the cadastral registration body to confirm documents - the results of cadastral registration has an OID - 1.2.643.5.1.24.2.1.2 "Formation of documents as a result of the provision of services by the cadastral registration bodies." We do not issue an EDS with such OIDs. And cannot be issued without special accreditation.

Certification centers

Main article: Certification centers

Certification Authority (CA) is an organization that issues certificates of electronic digital signature keys.

Electronic signature for public procurement

Main article: Electronic signature in procurement

An electronic signature is required to participate in procurement procedures. What types of EP are there, what affects the cost of the signature and what package of documents must be prepared to obtain it? Read more here.

Electronic signature for public services

Simplified digital signature in banks

Electronic signature in Ukraine

Main article: Electronic signature in Ukraine

Chronicle

2024

The chief accountant in Togliatti was sentenced to 7 years in prison for fraud using an electronic signature

On September 2, 2024, a verdict entered into force against Inna Klimashina, chief accountant and director of the Togliatti company Continent. She was found guilty of fraud using an electronic signature and sentenced to 7 years and 4 months in prison in a general regime colony. According to the case file, Klimashina carried out illegal financial transactions using trusting relationships with the heads of the companies she served, which caused such a verdict. Read more here

Companies in Russia can now receive an electronic enhanced electronic signature through Public services

From the end of August 2024, VTB from the large business segment can now receive a certificate of enhanced unqualified electronic signature through the Public services portal without visiting the bank's office. VTB was the first to implement this service on the market. Read more here.

Russia and Belarus agree on mutual recognition of digital signature

On August 29, 2024, the Ministry of Economic Development of the Russian Federation announced the completion of the ratification of the agreement between Russia and Belarus on the mutual recognition of the electronic signature. The document is expected to open up new opportunities for the development of the digital economy of the two countries.

We are talking about the formation of a cross-border space of trust between Russia and Belarus. It is assumed that the measures being implemented will greatly simplify the interaction of the companies of the two countries with government agencies and with each other. And this, in turn, will stimulate an increase in trade.

source = Federal Tax Service of Russia
The Ministry of Economic Development of the Russian Federation announced the completion of the ratification of the agreement between Russia and Belarus on the mutual recognition of the electronic signature

The agreement defines the principles, conditions and procedure for recognizing an electronic digital signature in a document during cross-border electronic interaction between companies and organizations from Russia and Belarus. As part of the implementation of the initiative, the Russian Federation will transfer to the Belarusian side the equipment necessary for technical interaction. Legal entities and individuals of the two countries will be provided with various services and services, including verification and confirmation of the reliability of electronic documents.

"The results of our work will become a convincing example of effective bilateral cooperation, and we can transfer such experience to the top five in the future," EEU says Dmitry Volvach, Deputy Minister of Economic Development of Russia.

The electronic signature used in cross-border electronic interactions must meet a number of conditions:

  • Created as a result of cryptographic conversion of information using an electronic signature key;
  • Allows you to identify the person who signed the electronic document;
  • The electronic signature verification key is specified in the certificate created by the certification center accredited in accordance with the legislation of the state of the relevant party;
  • Allows you to detect the fact of amendments to the electronic document after its signing;
  • Creation of an electronic signature by an electronic interaction participant is carried out using electronic signature means that have confirmation of compliance with the requirements established by the legislation of the relevant party.[1]

Employees' electronic signatures will become personal

Electronic signatures of employees will become lichnymi.​ This was announced on August 21, 2024 by SKB Kontur.

On September 1, 2024, changes in the legislation on electronic signature (Federal Law of 27.12.2019 N 476-FZ) will come into force. Employees will no longer be able to sign documents of the legal entity's CEP: for work tasks, they will have to use personal CEPs in which there is no company data, and to confirm the authority to attach machine-readable powers of attorney to them (Article 17.2 of the Federal Law of 06.04.2011 No. 63-FZ "On Electronic Signature").

If earlier the employer was partially responsible for the safety and use of electronic signatures of employees, now, together with the lack of details of the organization in the KEP certificate, it falls on the employee himself. And this entails some difficulties, both for the employee and the organization itself.

First, often to save time, employees hand over tokens with electronic signature keys to managers or other document managers, and thereby neglect the main rule of safe work with CEP. If the keys of an electronic signature fall into the hands of another person, then it is impossible to know for sure that he does not use it for selfish purposes.

Secondly, when the company independently issues certificates of electronic signatures for employees, it asks them for documents with personal information. This means that it must comply with the legislation on personal data when transferring and storing the information received.

Шаблон:Quote 'author = said Dmitry Pokryshkin, head of the Contour Certification Center.

Fraudsters in Russia began to steal electronic signatures

Fraudsters in Russia began to steal electronic signatures. This was announced in February 2024 by Ivan Dmitriyev, director of security at SberKorus. According to him, in order to protect against such fraud, you need to remember that banks, unlike hackers, do not ask to enter a pin code from an electronic signature or transfer a certified key carrier.

Ivan Dmitriyev says that you need to pay attention to the conversation of the employee who is talking with the person. Thus, markers of the fact that there is an attacker on the other end of the wire are asking for a pin code from an electronic signature key or transferring a token. You cannot perform both actions. If the employee at the other end of the tube assures the opposite, then it is worth immediately stopping the call, the expert said in a conversation with RIA Novosti.

It also warned of the dangers of using electronic signatures such as phishing, account hacking and identity theft. Dmitriyev noted that hackers can gain access to an electronic signature by attacking devices or deceiving their owners. According to Dmitriyev, attacks can be carried out through vulnerabilities in the software, using programs for automatic password guessing.

File:Aquote1.png
Since 01.09.2023, employees of the company receive certificates as individuals, without linking it to the employer. If an employee quits, the company revokes the machine-readable power of attorney (MCD) and it becomes invalid. At the same time, the employee remains with the electronic signature certificate, and he can use it for personal purposes, and the new employer will be able to issue the MFD so that the employee can sign the company's documents using the existing certificate, - added the security director of SberKorus[2]
File:Aquote2.png

2023

Post-quantum algorithm of electronic signature "Rosehip" received an open implementation

Russian companies with expertise in cryptography and quantum technologies are joining forces to prevent threats to cryptographic systems from quantum computers.

Thus, the open implementation of the domestic post-quantum algorithm "company" DogroseKryptonite was "prepared by the company" "in QApp the course of its activities as part of the working group" Post-quantum cryptographic mechanisms "(TK Technical Committee 26 Rosstandart 26). The project is written in a language Xi optimized for SSE4.1, SSE2 and MMX command sets. Source code available on GitHub[3]library that can be embedded in industrial cryptographic devices and software products. This was announced on November 14, 2023 by representatives of the QApp company.

As reported, Rosehip is an electronic signature algorithm that is resistant to attacks using a quantum computer. It was developed by cryptographic experts of the Russian company Kryptonit, participating in the activities of the working group TK 26. More here.

In Russia, the level of fraud with fake electronic signatures is growing

The Russian crowdfunding industry has faced new types of fraud involving the use of fake electronic digital signatures (EDS). This is stated in a study by the Kommersant newspaper, the results of which were published on September 11, 2023.

Several cybercriminal schemes have been reported. One of them comes down to making real deals using an EDS issued by fraudsters. In addition, there is a risk of attempts by unscrupulous borrowers who fail to cope with obligations to recognize the real electronic signature as invalid. Moreover, in Russia, as of the beginning of September 2023, market participants are more often faced with the second option. Statistics on the total amount of damage as a result of such schemes are absent, but in some cases we can talk about millions of rubles.

Russian crowdfunding industry faces new types of fraud involving the use of fake electronic digital signatures (EDS)
File:Aquote1.png
There are cases of controversial situations worth tens of millions of rubles related to the falsification of EDS. In total, it is difficult to collect data, cryptography does not always appear in the plot of the case, says Evgeny Tsarev, manager of RTM Group.
File:Aquote2.png

The problem is that managing the risk of such fraud by warning is difficult, since there are no methods for verifying a digital signature for authenticity. Therefore, significant investment in new security tools is required. State microfinance organizations, as well as regional small business support funds, face the risk of EDS fraud.

File:Aquote1.png
Financial fraud using an electronic signature is common, in various fields and variations: an employee of the organization gains access to the key and makes a transaction that is not authorized, hackers gain access to the workplaces of employees signing documents certifying the issuance of key signature certificates based on forged documents and powers of attorney, says Dmitry Kuznetsov, director of methodology and standardization at Positive Technologies[4]
File:Aquote2.png

EAEU countries agree to mutually recognize electronic digital signatures

Countries Eurasian Economic Union () EEU have agreed to mutually recognize electronic digital signatures (). EDS The corresponding decision was made at a meeting of the board Eurasian Economic Commission (EEC) on August 22, 2023. More. here

2022

The Ministry of Digital Development of the Russian Federation agreed with the FSB on granting companies the right to use foreign EDS

In November 2022, the Ministry of Digital Development of Russia agreed with the FSB to amend the federal law on electronic signature (63-FZ) that participants in civil relations can agree among themselves on the use of a foreign electronic digital signature (EDS) as an unqualified EDS without concluding a corresponding international agreement with the Russian Federation.

DocuSign staff cut by 9% as US electronic signature demand collapses

On September 28, 2022, DocuSign announced that it would lay off 9% of its employees as part of a massive restructuring plan to be led by new CEO Allan Tigesen. Read more here.

The Russian government again postponed the transition of business to a new format of electronic signature

The Russian government has again postponed the transition of business to a new format of electronic signature - this time until September 1, 2023. This became known on August 26, 2022.

We are talking about the use of a qualified electronic signature without the use of machine-readable powers of attorney. The mandatory transition to the new format was supposed to begin on January 1, 2022, but the dates were postponed until January 1, 2023. It was assumed that from this date, ordinary employees of companies that sign documents, for example, accountants, will not be able to use the electronic signature of the organization, and will have to attach their electronic signature as an individual, as well as a machine-readable power of attorney. However, they decided to postpone this innovation.

The Russian government again postponed the transition to the electronic signature format

The new postponement was made in the "interests of business," said Deputy Prime Minister Dmitry Chernyshenko at a meeting of the interdepartmental working group on the development of electronic document management in economic activities. Russian enterprises are still not fully ready for the transition to electronic powers of attorney, the Cabinet of Ministers believes. In order not to stop business processes, enterprises will be given an additional eight months to prepare for new signatures.

The first postponement of the program was explained by the lack of business readiness for innovations. The transition period was introduced so that entrepreneurs could "modernize their business processes and software products to work with a new electronic power of attorney" and plan improvements to information systems and subsequent integrations, said then the representative of the apparatus Dmitry Chernyshenko.

At the end of August 2022, the Deputy Prime Minister noted that the development of electronic document management in Russia is at a high level. The demand for it from business has grown greatly - by 15-20%, he added.[5]

Ministry of Digital Development extended the experiment with enhanced electronic signatures for another 1.5 years

As it became known on June 23, 2022, the Ministry of Digital Development of the Russian Federation extended the experiment with enhanced electronic signatures for another 1.5 years. Initially, it was planned to be completed on July 31, 2022, but now the end date is December 31, 2023.

As Vedomosti writes with reference to the amendments to the Government decree of July 15, 2021, the clause on participation in the experiment of Rostelecom and VTB, which were supposed to develop a platform for issuing certificates of signing documents, is recognized as invalid.

Ministry of Digital Development extended the experiment with enhanced electronic signatures for another 1.5 years
File:Aquote1.png
The main goal - the creation of technology - has been achieved. Further work will be carried out as part of the development of e-government infrastructure, - a representative of the Ministry of Digital Development explained to the publication, adding that companies will continue to participate in the experiment.
File:Aquote2.png

An enhanced qualified signature has the maximum degree of legal significance, it allows businesses to submit reports to the tax office, connect to the State Public services portal, etc. An enhanced qualified signature is an analogue of a handwritten signature. It can be used everywhere, but to use it in working with a number of organizations, you need to add additional information to a qualified electronic signature certificate. To obtain an enhanced qualified electronic signature, you need:

  • identification document;
  • insurance certificate of compulsory pension insurance (SNILS);
  • individual taxpayer number (TIN);
  • the main state registration number of the record of the state registration of an individual as an individual entrepreneur (if necessary);
  • an additional set of documents confirming the authority to act on behalf of a legal entity (if necessary).[6]

EDO operators will help the Federal Tax Service in issuing qualified electronic signatures

EDO operators will help the Federal Tax Service in issuing qualified electronic signatures. This was announced on March 16, 2022 by SKB Kontur.

EDO operators - the companies SKB Kontur, Tensor, Taxcom, Kaluga Astral - and the certification center of the Federal Tax Service have created service integration for issuing qualified certificates of electronic signature of the Federal Tax Service. This will simplify the collection and verification of documents, which means that the general directors and individual entrepreneurs will be able to more comfortably obtain certificates according to the new requirements of the legislation.

SKB Kontur successfully tested the integration at the end of February - several dozen users were able to receive certificates from the Federal Tax Service with the support of the operator.

From January 1, 2022, the first persons of commercial organizations (indicated in the Unified State Register of Legal Entities) and individual entrepreneurs must receive certificates of electronic signature of the TC FTS. These changes are introduced by the law 63-FZ "On Electronic Signature."

EDO operators plan to simplify the process of obtaining a certificate at the TC FTS by integrating their systems with the FTS system:

  • The manager will be able to fill out an application for the issuance of a certificate from the Federal Tax Service in the service of the EDO operator. Including, indicate the data of the organization, attach scans of the necessary documents. If the user has already worked with this operator, then the process will be as familiar as possible for him.
  • Data and documents will be checked before the visit of the head to the Federal Tax Service. If they find typos, he can fix them. Correct data and an approved application will reduce the time for a visit to the tax office and the issuance of a certificate.
  • The head can choose a tax inspectorate convenient for him, where he will receive a certificate from the Federal Tax Service. Employees of the TC FTS when meeting with the head will already know that all documents and data for issuing a certificate are ready. They will confirm his identity and issue an electronic signature certificate according to the accelerated procedure.
  • EDO operators will help install programs for the FTS certificate on the computer so that immediately after receiving the manager can start working.

Thanks to this approach, the time for registration and receipt of a certificate of the Federal Tax Service will be reduced. Also, preliminary verification of documents reduces the likelihood that during a visit to the tax department, specialists from the Tax Center of the Federal Tax Service will reject the application due to errors and ask the head to re-visit the inspection.

If questions arise when using the FTS certificate, the manager will be able to turn to operators for help. For example, experts will tell you how to work with a certificate in different information systems or participate in tenders.


Шаблон:Quote 'author = said Sergei Kazakov, head of the Contour Certification Center.

2021

The global market for electronic signatures doubled - $4 billion

In 2021, global spending on software and services for working with electronic signatures amounted to $4 billion, which is almost twice as much as a year earlier ($2.17 billion). Such data at the end of December 2021 were released by analysts ResearchAndMarkets.

According to the study, the electronic signature market is the largest in the United States. The second place is occupied by Europe, but the volume of this market is much inferior to the American one. In addition, the European market is very fragmented due to the presence of a large number of niche manufacturers and startups. At the same time, several large American vendors, including Adobe and DocuSign, by 2021 began cooperation with European partners to work in the local market.

The following companies are named the leaders of the global market for software and services for working with electronic signatures (their shares are not indicated):

The global market for electronic signatures doubled in 2021 - $4 billion

Analysts also listed several startups operating in this market:

  • Secured Signing;
  • Symtrax;
  • Comsigntrust;
  • Multicert;
  • Alphatrust;
  • NotariUS;
  • Rntrust;
  • Bit4Id;
  • Lawtrust;
  • Pandadoc;
  • Signiflow;
  • Vintegris Tech;
  • Signicat;
  • Signority.

Companies that offer electronic signature solutions integrate them with blockchain to improve the security and reliability of the technology. Thus, DocuSign collaborated with Visa to create public prototypes of blockchain-based smart contracts. Such a system transforms the contracted contract into a computer program that monitors and initiates appropriate actions under the terms of the agreement

In 2021, applications offering the electronic signature function continued to develop and receive new features. The use of an electronic signature offers many benefits to the business. In Russia, an electronic signature allows you to receive a tax deduction, remotely register a car, conduct electronic document management, enroll a child in kindergarten, issue a loan, etc. The electronic signature has legal force equal to the handwritten signature.

Companies offering e-signature solutions integrate them with blockchain to improve security

It is noted that 2020-2021. have become key periods for the development of the electronic signature market. Due to the reduction in face-to-face communication due to the COVID-19 coronavirus pandemic, the demand for electronic signature tools has sharply increased. Obviously, the growth in demand for electronic signatures occurs in parallel with a sharp increase in demand for automation of work processes, so more and more organizations - from small businesses to large enterprises - have implemented various solutions in the field of digital transformation.

According to analysts, the main catalysts for the growth of the global electronic signature market are:

  • a surge in investments by the public sector and private companies in electronic document management;
  • transition to a new comprehensive customer service;
  • increased security with a controlled and unhindered working process, which is ensured by electronic signature;
  • such an advantage of this technology as an increase in operational efficiency while reducing operating costs.

As for the barriers that hinder the development of the market, they are as follows:

  • ignorance of business and consumers about the legality of digital signatures;
  • differences in the rules and regulations on electronic signatures in different regions of the world;
  • heavily entrenched traditional business practices;
  • Costs when switching to an electronic signature
  • COVID-19 coronavirus pandemic.

According to the researchers, the adoption of electronic signature contributes to the growing adoption of cloud security services, new cooperation deals, mergers and acquisitions, as well as the increased use of artificial intelligence.[7]

The Government of the Russian Federation postponed the transition of business to a new format of electronic signature

In October 2021, it became known about the postponement of the last stage of electronic signature reform (EP). It was originally planned that the business from January 1, 2022 will switch to machine-readable powers of attorney - electronic documents confirming that the employee has the right to sign the document on behalf of the organization. They decided to postpone the mandatory transition to a new format for using EP until 2023.

This was announced by RBC with reference to several market participants. The representative of the office of Deputy Prime Minister Dmitry Chernyshenko confirmed to the publication that it was decided that during 2022 machine-readable powers of attorney would be used voluntarily, and accredited certification centers could, as before, issue electronic signatures to employees of companies tied to the organization.

File:Laptop-with-a-pen.jpg
The Government of the Russian Federation has postponed the transition of business to a new format of electronic signature

Although almost all the documents necessary to put machine-readable powers of attorney into circulation were adopted on time, "for a more organic transition of companies, a decision was made... mitigate this process, "allowing them to" modernize their business processes and software products to work with the new electronic power of attorney, "said the representative of the Chernyshenko apparatus.

According to Dmitry Ter-Stepanov, director of Regulatory Regulation at ANO Digital Economy (the company responsible for the implementation of the program of the same name), it will take from 6 to 12 months to adapt companies' information systems to new regulatory requirements, according to experts.

File:Aquote1.png
The transition period proposed by the government will allow the most comfortable and with minimal risks to ensure the introduction of machine-readable powers of attorney and the adaptation of users to new conditions, - said Ter-Stepanov.
File:Aquote2.png

Alexander Tupitsyn, technical director of Taxcom, said that by January 1, 2021, almost no one was ready to massively apply machine-readable powers of attorney and the absence of a transitional period would threaten massive problems in the functioning of information systems using certificates of electronic signatures, services through which electronic documents are exchanged.[8]

The Ministry of Digital Development began the transfer of Russians to an electronic signature sewn into SIM cards

In October 2021, it became known that the Ministry of Digital Development began transferring Russians to an electronic signature sewn into SIM cards. With it, for example, you can not visit the instances in person.

According to Vedomosti, the department has formed a working group to switch to the mass use of enhanced qualified electronic signature (UKEP) based on a SIM card. It will be as protected as possible and will become an analogue of its own signature.

The group included representatives of the FSB, telecom operators and scientific organizations. VTB also received an invitation to join the discussion of the issue.

The Ministry of Digital Development began the transfer of Russians to an electronic signature sewn into SIM cards

It is assumed that UKEP in the SIM card will greatly facilitate the life of users, as it will be easier for them to confirm their identity and draw up various contracts. The project will use Russian cryptographic algorithms based on domestic chips for SIM cards.

By October 2021, such Russian security software is installed on foreign chips for research and military purposes, and ordinary subscribers in mobile phones use a foreign encryption mechanism.

As Tele2 press secretary Daria Kolesnikova clarified to the publication, UKEP on a SIM card can be used in the provision of state and banking services, tax operations, electronic document management, participation in electronic tenders, conclusion of sales and purchase transactions and in other cases where a handwritten signature is required by law. At the same time, the introduction of such a technology will require investments from the operator, the volume of which will depend on the list of services and requirements and will become known after discussions in the working group.

General Director of the Institute of Precision Mechanics and Computer Engineering of the Russian Academy of Sciences. S. A. Lebedev Professor Alexander Knyazev told Vedomosti that the price of new SIM cards will be determined largely depending on the OS price, the price of software personalization, and the price of the chip itself. For operators, the price of a SIM card will increase, but not dramatically, traditionally these costs will be taken into account in services for cellular consumers, he said.[9]

For forging an electronic signature in Russia will face 3 years in prison

On May 18, 2021, it became known about the proposal of the Ministry of Internal Affairs (Ministry of Internal Affairs) to introduce criminal liability for forging electronic signatures. A working version of the corresponding bill has already been created.

As RBC writes with reference to this document, the following punishment may be provided for improper possession of an electronic signature key or certificate of an electronic signature verification key: from a fine of 100-300 thousand rubles to imprisonment for up to three years. At the same time, employees of certification centers who deliberately did not verify the authenticity of documents for issuing an enhanced electronic signature are entitled to a fine of up to 300 thousand rubles or imprisonment for a period of three to four years.

For fake EDS in Russia will face 3 years in prison

At the same time, the authors of the document clarify that the enhanced electronic signature is distinguished by good protection against falsifications. However, the criminal actions of swindlers in this regard are not excluded, they add.

According to the Ministry of Internal Affairs, in recent years there has been a noticeable increase in the number of criminal cases initiated under articles on the illegal formation of legal entities and the illegal use of documents for these purposes, committed using an electronic signature.

The Ministry of Internal Affairs noted that the keys and certificates of the keys for checking the enhanced electronic signature issued for another person are usually obtained by fraudsters by misleading an employee of the certification center or colluding with him. Attackers can also steal a medium with a signature key from its owner or purchase a key designed for a dummy person. Having seized an electronic signature, attackers, for example, can submit falsified decisions on changes to the constituent documents of the organization to the tax authority through the electronic document management system.[10] signature

FTS begins issuing free EDS

As it became known in January 2021, the Federal Tax Service (FTS) of Russia will issue free electronic digital signatures (EDS) to legal entities and individual entrepreneurs.

File:Aquote1.png
Due to the fact that the currently accredited certification centers need to undergo the re-accreditation procedure by July 1, 2021, and the term of the qualified electronic signature certificates issued by them is limited to January 1, 2022, The Federal Tax Service of Russia plans, along with the specified certification centers, to ensure the issuance of a qualified electronic signature for legal entities, individual entrepreneurs and notaries from July 1, 2021 in order to ensure a "seamless" transition from a commercial service for issuing an electronic signature to an appropriate gratuitous state service, the Federal Tax Service explained.
File:Aquote2.png

FTS begins issuing free electronic digital signatures

They also noted that all legal entities, individual entrepreneurs and notaries will be able to obtain a qualified electronic signature from the certification center of the Federal Tax Service of Russia, it will be applicable to receive all state and commercial services, as well as sign any electronic documents.

Many experts and market participants interviewed by Vedomosti positively assess such an expansion of the functions of the Federal Tax Service, since previously the exchange of electronic documents between companies was accompanied by an invariable headache. The main reason is the lack of a single format for such documents in Russia. In addition, in order to give each document legal force, it must be approved by the EDS - a special set of characters protected by cryptography that confirm the commission of each action by an authorized person, the publication says.

The fact that the Federal Tax Service will issue electronic digital signatures means additional control over the release of EDS by government agencies and gives confidence in the reliability of the digital signature, said Hilarion Lemetuinen, partner of KPMG in Russia and the CIS.[11]

Approval of rules for the use of electronic signatures for maintaining a unified register of population data

In January 2021, a government decree signed by Prime Minister Mikhail Mishustin "On approving the rules for using an enhanced qualified electronic signature when forming and maintaining a unified federal information register containing information about the population of the Russian Federation" was published on the official Internet portal of legal information. The document comes into force on January 1, 2022. Read more here.

2020

Increased issuance of enhanced electronic signature by 2 times, up to 8404 certificates

In 2020, specialists from the certification center of the Federal Cadastral Chamber of Rosreestr issued 8404 certificates of enhanced qualified electronic signature (UKEP), which is almost twice as much as a year earlier. This was reported by the press service of the department.

The growing popularity of electronic signature in Rosreestr was explained by the fact that in 2020, in the context of restrictive measures introduced to combat the COVID-19 coronavirus pandemic, Russian citizens needed to receive government services and make real estate transactions.

In addition, it is noted that the trend of a widespread transition to electronic document flow, which cannot be carried out without owning a UKEP certificate, continued to gain momentum in the country.

Issuance of enhanced electronic signature doubled in 2020

According to Elena Spiridonova, director of the cadastral chamber in Moscow, the issuance of electronic signatures by specialists of the Cadastral Chamber made it possible to increase the number of public services provided remotely.

With the help of the UKEP certificate, you can electronically receive state services of Rosreestr and other departments, submit reports to the tax authorities, the Pension Fund of the Russian Federation, the Social Insurance Fund and other regulatory authorities, participate in electronic tenders, as well as sign various documents in electronic form. To create a UKEP certificate, the applicant will need to provide the original documents: passport, SNILS, TIN.

The leader in the number of use of UKEP at the end of 2020 is Moscow, where about a thousand people received certificates of enhanced qualified electronic signature through the certification center of the Federal Cadastral Chamber of Rosreestr. Petersburg is in second place, Moscow region is in third place. Next are the Saratov, Omsk, Irkutsk, Tyumen, Murmansk regions, Krasnodar and Perm Territories.[12]

Introduction of fines for violation of the rules for issuing an electronic signature key

On December 16, 2020, the State Duma adopted in the third final reading a bill on large fines for violations of the rules for creating, replacing, using and issuing a simple electronic signature key. Responsibility will be borne by the bodies and organizations entitled to such actions.

The document provides for the introduction of fines for violation of key confidentiality on officials in the amount of 7-10 thousand rubles, on legal entities - 50-200 thousand rubles. The same fines are provided for failure to establish the applicant's identity when issuing a simple electronic signature key.

The introduction of deliberately false information into the Unified Identification and Authentication System (ESIA) will be punished with fines of up to 15 thousand rubles for officials and up to 200 thousand rubles for legal ones. A more severe punishment is proposed by the bill for charging fees for the creation, replacement and issuance of the key of a simple electronic signature of a legal entity can be fined 300 thousand rubles.

Fines of up to 300 thousand rubles are introduced in the Russian Federation for violation of the rules for issuing an electronic signature key

Violation by an official of a federal or regional executive body, a state extra-budgetary fund, a local government body, a state or municipal institution, a multifunctional center or other structure of rules for ensuring user access to information posted in the relevant state or municipal information system using a unified identification and authentication system will face a fine of 10 thousand to 30 thousand.

For the creation, replacement, issuance of the key by an unauthorized person, a fine is introduced for officials in the amount of 2 thousand rubles to 5 thousand rubles; for legal entities - from 20 thousand rubles to 50 thousand rubles.

The need to establish such administrative responsibility is due to a significant increase in violations in this area, regularly registered by the Ministry of Digital Development, is indicated in the explanatory note to the project.[13]

Mishustin allowed business to receive EDS and send electronic reporting through the MPSC

Prime Minister Mikhail Mishustin at an operational meeting with Deputy Prime Ministers on November 30, 2020 announced that the government is expanding the list of services that people and businesses will be able to receive in multifunctional centers (MPSC). Read more here.

Electronic signature authentication can now be done remotely through facial recognition

On September 18, 2020, Rostelecom announced the creation of a solution designed to connect accredited certification centers to the Unified Biometric System (EBS). As part of a joint project with CryptoPro, it was possible to issue a qualified certificate of electronic signature without personal presence of a person, using facial recognition. Read more here.

The Ministry of Telecom and Mass Communications has formed requirements for the submission of electronic power of attorney on behalf of the individual entrepreneur

In early September 2020, the Ministry of Telecom and Mass Communications prepared requirements for the submission of an electronic power of attorney on behalf of an individual entrepreneur (IP). The corresponding draft government decree was published on the federal portal of draft regulatory legal acts.

According to the document, the submission of a power of attorney in electronic form can be provided from the state IT system and from the federal information system, which uses authorized access to data stored in information systems (the procedure for presenting such access is established by the Government of the Russian Federation).

The Ministry of Telecom and Mass Communications has decided on the requirements for the submission of an electronic power of attorney on behalf of the individual entrepreneur

Electronic power of attorney will also be able to issue accredited certification centers or an accredited trusted third party, as well as electronic document management operators (a Russian organization that meets the requirements for the implementation of control functions in the field of taxes and fees) and directly the operator of the information system in which the electronic document is signed and sent.

The Ministry of Telecom and Mass Communications listed cases when the submission of a power of attorney when signing an electronic document is not required:

  • in the event that the interaction of the individual entrepreneur with each other and (or) legal entities in electronic form is carried out on the basis of the concluded agreement, and the transfer of the power of attorney in electronic form signed by an enhanced qualified electronic signature can be carried out once in the agreed information system for electronic interaction;

  • when IP interacts with federal executive authorities, when the transfer of a power of attorney in electronic form signed by an enhanced qualified electronic signature can be carried out once into the information system provided for by a regulatory legal act, in the event of an electronic interaction relationship.[14]

During the year, Roseltorg issued 13,235 cloud electronic signatures

In the first year of the project to introduce cloud electronic signatures in Moscow, more than 8 thousand entrepreneurs received them, which is over 60% of the total number of electronic signatures issued by the Roseltorg certification center. This was announced on August 12, 2020 by the Complex of Economic Policy and Property and Land Relations of Moscow.

The service became available in August 2019 after official certification of the technology by the FSB.

File:Aquote1.png
Over the year, Roseltorg issued 13,235 cloud electronic signatures, almost two-thirds of them in Moscow. Metropolitan entrepreneurs use this technology to participate in procurement procedures, including on the Supplier Portal, and perform other operations in various electronic systems. A cloud signature has an increased level of security and is more convenient than usual - it works through a mobile application with which you can confirm operations from any mobile device, "said Vladimir Efimov, Deputy Mayor of Moscow for Economic Policy and Property and Land Relations.
File:Aquote2.png

The deputy mayor noted that the service is also popular in St. Petersburg Novosibirsk,,,,. Khabarovsk Krasnodar Rostov-on-Don

Cloud signatures are most in demand among legal entities, added Ivan Shcherbakov, head of the Moscow City Department for Competitive Policy.

File:Aquote1.png
They account for about 80% of all issued cloud certificates, another 15% are individual entrepreneurs, and 5% are divided between individuals and self-employed citizens. Cloud electronic signatures are most often used by companies participating in government and corporate procurement, but it is available to all citizens to receive other electronic services and services without leaving their homes, "said the head of the department.
File:Aquote2.png

In the capital, entrepreneurs use electronic signatures to submit reports to the tax service, to issue real estate transactions and register real estate in Rosreestr, issue mortgage transactions and receive subsidies from the city.

The advantage of a cloud electronic signature is an increased level of its security, emphasizes Anton Emelyanov, General Director of EETP JSC.

File:Aquote1.png
Roseltorg is responsible for the safety of electronic signature keys in the cloud storage, which means that the client gets rid of the risks of losing the key or compromising it. All user keys are located on the server in a special secure hardware security module. The mobile application with which the client confirms cryptographic operations, and the technology of cloud storage of private keys of electronic signature are certified by the FSB of Russia, - he comments.
File:Aquote2.png

The Single electronic trading platform was the first federal electronic trading operator to develop and implement this cloud electronic signature technology.

You can now issue an enhanced electronic signature in Russia remotely

From July 1, 2020, the scheme for registering electronic signature certificates has changed after the entry into force of amendments to the laws "On electronic signature" and "On the protection of the rights of legal entities and individual entrepreneurs in the implementation of state control (supervision) and municipal control."

One of the innovations is that the creation and issuance of certificates of keys for verification of enhanced unqualified electronic signatures can be carried out without the personal presence of a citizen. In such cases, information will be taken from a single identification and authentication system, with which the certification center that issues electronic signature verification keys interacts. The decision on the accreditation of the center will be made by a special government commission.

Amendments of the Ministry of Telecom and Mass Communications of Russia to the legislation on electronic signature entered into force

It is assumed that such an innovation will significantly expand the circle of potential users of unqualified electronic signatures, the Ministry of Communications said in a statement (these amendments were taken care of).

In addition, amendments to the legislation on electronic signature provide for the postponement until April 1, 2021 of the entry into force of the norms detailing the methods of identifying applicants, including the above norm, when issuing a certificate of the verification key of an unqualified electronic signature. Thus, before the specified date, when using an unqualified electronic signature, the certification centers will continue to independently determine the methods of identifying the applicant, provided that their identity is unconditionally ensured through such independently defined methods.

These changes will allow certification centers providing unqualified electronic signature services to better prepare for the use of the ways of identifying customers specified in the law from April 1, 2021.[15]

Putin allowed to receive another type of electronic signature online

Russian President Vladimir Putin signed a federal law according to which the creation of certificates of keys for verification of enhanced unqualified electronic signatures (NEP) and their issuance can be carried out in absentia. The regulatory act was published on the Kremlin website on June 23, 2020 and comes into force on June 30, 2020.

In order to obtain a certificate of the verification key of an enhanced unqualified electronic signature in absentia, a person must apply online, resorting to a simple electronic signature, the key of which he received in person. At the same time, the certification center is obliged to interact with the Unified Identification and Authentication System, citizens and organizations using appropriate information protection tools.

Earlier, to obtain a certificate of the key for checking the enhanced unqualified electronic signature, the applicant had to come to the certification center once a year.

In order to obtain a certificate of the verification key of an enhanced unqualified electronic signature in absentia, a person must apply online, resorting to a simple electronic signature, the key of which he received in person. (photo - www.indiafilings.com)

The innovation of the law, "of course, will make it easier for users to obtain an unqualified electronic signature, but in one way or another it will reduce the general level of trust in electronic signature in general and its varieties in particular, said TAdviser Deputy General Director of Aladdin R.D. Alexeya Sabanova.

File:Aquote1.png
Most of those who stood at the origins of the birth of PKI (services for managing keys and digital certificates of users, programs and systems) in Russia look with sadness at its development. Instead of increasing the technical requirements for trusted services of certification centers, for example, signature services, validation, authentication, verification of authority, guaranteed delivery, and increasing confidence in digital transactions, we introduce only financial and legal requirements. And then we change horses at the crossing. In the face of ever-increasing cyber threats, such a strategy may or may not lead to the desired result. I want to believe in the best, - said Alexey Sabanov.
File:Aquote2.png

According to him, being convenient, the absentee receipt of an unqualified electronic signature makes it much easier for attackers to obtain it, and not for the applicant.

File:Aquote1.png
For some reason, we underestimate the primary identification process as the basis for trust in authentication in access control tasks. The possibility of extramural receipt of not the main, but quite electronic passport of a kind (which in the digital world is actually a signature verification key certificate) will provide attackers with many opportunities. Everything will depend on the range and quality of services that will have to appear in connection with the development of an unqualified electronic signature. Previously, most services developed only under a qualified electronic signature, - said Alexey Sabanov.
File:Aquote2.png

According to the commercial director of CryptoPro Yuri Maslov, the emergence of a new law "will not change anything globally - it will not simplify or complicate anything."

File:Aquote1.png
The issuance of unqualified certificates will be carried out in the manner determined by the organizer of the electronic document management system, in which the balance between convenience and security will be observed, - said TAdviser Yuri Maslov.
File:Aquote2.png

He also explained to the publication that the certification centers issuing certificates for checking the keys of enhanced unqualified electronic signatures themselves determine their own procedure and implement it themselves. This, he said, is due to a number of factors.

File:Aquote1.png
The 63rd Federal Law "On Electronic Signature" states that the use of an enhanced unqualified electronic signature does not require the mandatory use of a certificate of the electronic signature verification key. Also in Russian legislation there are no norms defining control over the activities of unaccredited certification centers that issue unqualified certificates. In addition, the responsibility of certification centers for their failure to comply with legal requirements is not spelled out, "Yuri Maslov told TAdviser.
File:Aquote2.png

In addition, he drew attention to the fact that the procedure for applying an enhanced unqualified electronic signature is determined by an agreement concluded between the participants in electronic electronic document management.

Speaking about the risks that the new law will entail, he noted that these will be risks associated with the use of a simple electronic signature.

File:Aquote1.png
Each certification center will use it to the best of its understanding and is not always safe. This is the main drawback of the scheme enshrined in the new law. Of course, I am glad that at the legal level they said that this is possible. But no one will explain how to implement this, that the risks of such a scheme for issuing unqualified certificates would be minimal for both users and certification centers, "Yuri Maslov told TAdviser.
File:Aquote2.png

The number of users of unqualified electronic signatures as a result of the new law, according to Yuri Maslov, will not increase.

File:Aquote1.png
For the number of users applying an unqualified electronic signature is determined by the potential number of users of the information systems in which it is used, and not by the ease of obtaining a certificate of verification of the key of the unqualified electronic signature. If the user needs information system services, he will come and receive an unqualified electronic signature in the order determined by the organizer and operator of the information system. And the services of the certification center are already secondary here. The procedure for providing this service will be one that is convenient from the point of view of the organizer of the information system, "Yuri Maslov told TAdviser.
File:Aquote2.png

Banks in Russia will switch to an analogue of a digital signature to protect transfers

On May 27, 2020, it became known that Banks in Russia began to use an analogue of an electronic signature to protect transfers. The new method should protect customers of credit institutions from password interception and reduce the risk of fraud using social engineering. Read more here.

2019

How the law on electronic signature has changed

The State Duma adopted in the third reading a bill amending the federal law on electronic signature. We talk about the main changes[16].

Procedure for issuing

Electronic digital signatures will be issued to legal entities by the certification centers of the Federal Tax Service, and credit institutions by the Central Bank of the Central Bank. Officials of government agencies and local governments and institutions subordinate to them, as well as notaries, will be able to get keys only in the certification centers of the Federal Treasury. Individuals will receive keys at accredited commercial certification centers.

Signature of legal entity

The following signatures will be used in legal relations of legal entities:

  • CEP of a legal entity issued only to a legal entity for use in the automatic signing or verification of a signature in an electronic document.
  • CEP of a legal entity issued to a manager.
  • CEP of an individual with the inclusion of a power of attorney of a legal entity in a package of electronic documents when signed by a company employee. The power of attorney is signed the CAP of the legal entity, the organization which is released on the head. Power of attorney must be included.

Cloud signature

The accredited certification center will now be able to store the electronic signature key and use it on behalf of the certificate holder of this signature.

Accreditation of certification centers

  • To obtain accreditation of the CA, the amount of capital must be at least 1 billion rubles or 500 million if there are branches in at least three quarters of the constituent entities of the Russian Federation.
  • The CA must have at least 100 million rubles of insurance coverage.
  • Accreditation will be provided for 3 years.

Applicant identification

Established methods of identifying the applicant for obtaining a certificate have appeared, including by providing information from a single biometric system.

Trusted Third Party

A new concept will appear in the law - a trusted third party. It will check the validity of the EP, the compliance of certificates and the powers of participants in electronic interaction, as well as document the results of such verification.

The new law on electronic signature in Russia will increase the document flow of retailers by 3 times

In December 2019, the Association of Suppliers and Retailers ECR Russia, which, in particular, includes X5 Group, PepsiCo, Mon'delis Rus (Mondelēz (Mondelis Rus)) (brands Alpen Gold, Barney Bear, Yubileynoye, etc.) sent a letter to the Chairman of the State Duma Vyacheslav Volodin, in which she asked to revise the bill on electronic signature.

ECR Russia believes that the business document flow will grow 2-3 times if a change is introduced in which an employee acting by power of attorney (that is, not the general director) will have to sign documents with a qualified electronic signature (CEP) of an individual.

Association of Suppliers and Retailers ECR Russia, sent a letter to the Chairman of the State Duma Vyacheslav Volodin, in which she asked to revise the bill on electronic signature

According to retailers, the use of KEP by employees acting by proxy "blurs the boundaries between the use of signatures in official and personal needs," which requires absolute confidence of citizens in the security of organizations' information systems. It also increases the risks of fraud against citizens, for example, the transfer of pension savings from one pension fund to another, they write Sheets"" with reference to a copy of the letter.

Director of the Institute for Internet Research Karen Ghazaryan shares the concerns of retailers about amendments to the law on electronic signature.

In addition to retailers, the GPU of the president RUSSIAN FEDERATION also did not support the new version of the bill, follows from a letter from the head of the department Larisa Brycheva to the head of the government apparatus Konstantin Chuichenko dated November 29, 2019, writes "" Kommersant with reference to this document. It says that the GPU has already made comments on the bill twice, which have so far been "not taken into account almost completely."

The GPU believes that granting exclusive powers in terms of issuing a qualified certificate of electronic signature to the Federal Tax Service and the Central Bank "will disproportionately increase their ability to block the operating activities of economic entities, which will create unreasonable risks for stable entrepreneurial activity in the Russian Federation."[17].

Gref - Akimov: banks need to be allowed to issue electronic signatures to legal entities

In early December 2019, the head of Sberbank German Gref sent a letter to the deputy chairman of the government Maxim Akimov with a request to revise the bill on electronic signature. One of the proposals concerns the provision of the right to issue enhanced qualified electronic signatures (CEP) to legal entities through the largest banks.

In November 2019, the State Duma adopted in the first reading a bill giving the Federal Tax Service (FTS) the exclusive right to issue electronic signatures to legal entities.

File:Rian 5510669.hr.ru.jpg 1544533997 76687 vid451181e.jpg
The head of Sberbank German Gref sent a letter to the deputy chairman of the government Maxim Akimov with a request to revise the bill on electronic signature

By the beginning of December 2019, KEPs can be issued by certification centers accredited by the Ministry of Telecom and Mass Communications, including banks (Sberbank, VTB, Tinkoff Bank, etc.), insurance companies, exchanges, brokers and Russian Post, as well as private IT companies.

Sberbank proposes to give the Federal Tax Service the right to determine authorized organizations that will be able to perform the functions of creating, identifying and storing electronic signatures of legal entities. According to Herman Gref, authorized organizations must meet a number of criteria:

  • have more than 500 billion rubles of net assets;
  • have branches or representative offices in at least 87.5% of the regions of the Russian Federation;
  • be subject to anti-money laundering and terrorist financing legislation.

The head of Sberbank also considers it necessary to provide the opportunity for authorized organizations to identify applicants by providing information from their own identification and authentication system (thus, for example, Sberbank will be able to identify companies at the expense of its own database, and not only with the help of information from the Federal Tax Service).

The Moscow Credit Bank (MKB) supported the initiative to extend the right to issue signatures to legal entities to authorized organizations, but considered it necessary to revise the requirements for territorial parameters.[18]

Cadastral Chamber gave recommendations on protecting electronic signature from fraudsters

On November 28, 2019, the Federal Cadastral Chamber announced a list of recommendations for protecting electronic signatures from fraudsters.

According to experts, you can not take possession of the signature itself, but a tool for creating it on behalf of someone. It is served by the private key of the electronic signature - confidential information belonging to the owner of the signing certificate.

The Federal Cadastral Chamber has published a list of recommendations for protecting electronic signatures from fraudsters

An attacker can obtain an electronic signature key in two ways:

  • pick up the USB drive;
  • perform unauthorized actions or deception to obtain information from the certification center.

The Cadastral Chamber recommends not trusting centers that promise to issue a certificate remotely based on photographs or scanned copies of personal data.

If a fraudster has taken possession of a means to create an enhanced qualified electronic signature on behalf of another person, then in fact the range of his actions with this tool becomes unlimited, the ministry said.

Specialists of the chamber say that when receiving a qualified certificate of electronic signature, you need to establish a reliable PIN-code to the storage of key information and keep it secret. If you suspect that the privacy of key information has been violated, you should immediately contact the center that issued the signature certificate to suspend or terminate it.

The Cadastral Chamber warned that the procedure for identifying an individual before creating a qualified certificate of electronic signature should be carried out only with the personal presence of the applicant and the provision of original documents. In addition, citizens need to be vigilant about their personal data and assess what data is transmitted to whom.

According to the Cadastral Chamber, by the end of November 2019, about 500 certification centers issuing electronic signatures were operating in Russia.[19]

The State Duma introduces a state monopoly on the issuance of an electronic signature for legal entities

On November 8, 2019, it became known that the State Duma adopted in the first reading a bill amending the Law "On Electronic Signature." The document was developed by a number of senators and deputies and involves a serious reform of certification centers for electronic signatures.

The Law "On Electronic Signature" in force since 2011 introduces three types of signatures: simple, strengthened and qualified. A simple signature is any technology that the parties have agreed to use. The enhanced signature is the signature issued by the certification center.

A qualified signature is a signature issued by an accredited certification center. Accreditation is carried out by the Ministry of Communications. This kind of signature is recognized as an analogue of its own hand.

The bill adopted in the first reading increases the minimum amount of net assets of an accredited certification center from 7 million rubles. up to 1 billion rubles, and the minimum amount of financial support - from 30 million rubles. up to 200 million rubles. If the certification center has branches in at least two-thirds of Russian regions, then the minimum amount of net assets can be reduced to 500 million rubles.

The accreditation period of certification centers is reduced from five to three years. Administrative liability is introduced for violations in the work of technical certification centers. And for the deliberate actions of employees of certification centers, in addition to administrative, criminal liability is also introduced.

The requirements do not end there. Legal entities will be able to use only qualified electronic signatures issued by the certification center of the Federal Tax Service (FTS). In addition, when concluding transactions, qualified electronic signatures of individuals authorized to act on behalf of the relevant legal entities will be used.

In cases with credit institutions, non-bank financial institutions and payment systems, qualified electronic signatures issued by the certification center of the Central Bank will be used. In cases with state and local authorities, as well as their officials, qualified electronic signatures issued by the certification center of the Federal Treasury will be used.

That is, in fact, the state introduces a monopoly on the issuance of electronic signatures to legal entities. If the bill is approved, the norm on the mandatory receipt of signatures in the certification centers of the Federal Tax Service and the Central Bank will enter into force in two years.

Certificates of qualified electronic signatures and accreditation of certification centers issued before the publication of this law will be valid until the end of their validity, but not more than two years. The government supported the proposed bill.

At the same time, the bill adopted by the State Duma in the first reading provides the possibility of using a cloud electronic signature. To this end, certification centers will be able to store verification keys for electronic signatures and, on behalf of their owners, create electronic signatures with their help.

The concept of a trusted third party is also introduced. She will verify the authenticity of the electronic signature in electronic documents at a particular time and verify the authenticity of electronic signatures issued abroad. Trusted third parties will have to be accredited by the Ministry of Telecom and Mass Communications. It is expected that about 20 such persons will appear in Russia.

In this regard, another concept is introduced - the mark of trusted time. This is reliable information in electronic form about the date and time of signing an electronic document with an electronic signature, created and verified by a trusted third party, certification center or information system operator[20].

Russia will introduce criminal liability for incorrect issuance of an electronic signature

On July 8, 2019, it became known that the Minister of Economic Development Maxim Oreshkin advocated the early adoption of a bill tightening the requirements for electronic signature certification centers. The minister made the corresponding statement during the parliamentary hearings in the State Duma on issues of the digital economy.

Two bills were submitted to the State Duma at once with amendments to the Law "On Electronic Signature." The first of them was developed by Senators Vladimir Kravchenko, Liubov Glebova and Mikhail Ponomarev, the second by Senator Lyudmila Bokova.

State Duma of the Russian Federation

The Law "On Electronic Digital Signature" was adopted in Russia in 2003. There were many complaints about the document, and in 2011 it was replaced by a new Law - "On Electronic Signature."

The law mentions an electronic signature of three types: simple, reinforced and qualified. The enhanced electronic signature is issued by the certification center, qualified by the certification center, which has passed accreditation in the Ministry of Telecom and Mass Communications. A qualified electronic signature is recognized as an analogue by its own hand. Among other things, it is necessary to participate in public procurement.

Initially, the law required that for accredited certification centers the minimum amount of net assets should be 1 million rubles, and the minimum amount of financial support to cover possible losses to third parties should be 1.5 million rubles.

In 2015, at the initiative of the Ministry of Telecom and Mass Communications, legislators increased the minimum amount of net assets to 7 million rubles, and the minimum amount of financial support to 30 million rubles. But the authorities wanted to further tighten the requirements for certification centers. So, in 2017, the Ministry of Telecom and Mass Communications developed a bill on the monopolization of the issuance of qualified electronic signatures by the state, but this document was criticized by the industry and did not receive further development.

In the submitted bills, we are talking about further tightening the requirements for accredited certification centers. According to both documents, it is proposed to increase the minimum size of net assets to 1 billion rubles, or, if the certification center has branches in at least two-thirds of Russian regions, to 500 million rubles.

The minimum amount of the financial guarantee is proposed to be increased to 200 million rubles. If the number of places of the licensed type of activity exceeds 10, then for each such place an additional financial guarantee in the amount of 500 thousand rubles is required, but not more than 300 million rubles. in total.

The accreditation period of certification centers is reduced from five to three years. Administrative liability is introduced for violations in the work of technical certification centers.

For deliberately intentional actions of employees of certification centers, in addition to administrative, criminal liability is also introduced.

Photo: сервис-ккт.рф

Also, requirements are introduced for the business reputation of heads of certification centers and persons who own at least 10% of the capital in them. If the accreditation of the certification center has been revoked, the center will be able to apply for new accreditation no earlier than three years later. In addition, accredited certification centers must own licenses for the development of encryption tools and have ownership rights to electronic signature hardware.

Another important requirement is that legal entities use electronic signatures, and here the approaches of both documents differ. The bill of Kravchenko, Glebova and Ponomarev assumes to oblige to use only qualified electronic signatures issued by the certification center of the Federal Tax Service (FTS). In addition, when concluding transactions, qualified electronic signatures of individuals authorized to act on behalf of the relevant legal entities will be used.

In cases with credit institutions, non-bank financial institutions and payment systems, qualified electronic signatures issued by the certification centers of the Central Bank will be used. In cases with state and local authorities, as well as their officials, qualified electronic signatures issued by the certification centers of the Federal Treasury will be used.

Lateral's bill is more liberal. It will allow legal entities to continue to use qualified electronic signatures from any accredited certification centers. The Federal Tax Service will be able to revoke certificates of electronic signatures of legal entities and individual entrepreneurs.

Similarly, the Central Bank will be able to revoke certificates of electronic signatures of credit institutions, non-bank financial institutions and payment systems. As in another bill, the Bokova bill also requires state authorities and their officials to receive qualified electronic signatures only at the certification center of the Federal Treasury.

If both bills are passed, they will take effect within 120 days of their signing. Certificates of qualified electronic signatures and accreditation of certification centers issued before the publication of this law will be valid until the end of their validity period, but not more than two years.

The norm of the bill Kravchenko, Glebova and Ponomarev on the use by legal entities of qualified electronic signatures issued by the certification center of the Federal Tax Service and the Central Bank will enter into force two years after the publication of the relevant laws. The norm of the Bokova bill on the possibility of the Federal Tax Service and the Central Bank to revoke certificates of qualified electronic signatures will also come into force two years after the publication of the law.

At the same time, there are some indulgences. Certification centers will be able to attract third parties to accept applications for the issuance of certificates of electronic signatures and the delivery of these certificates.

In addition, certification centers will be able to store verification keys for electronic signatures, and on behalf of their owners, create electronic signatures with their help. As Oreshkin explained, we are talking about the possibility of using a cloud electronic signature.

The bill introduces the concept of a trusted third party. She will verify the authenticity of the electronic signature in electronic documents at a particular time and verify the authenticity of electronic signatures issued abroad. Trusted third parties will have to be accredited by the Ministry of Telecom and Mass Communications. It is expected that about 20 such persons will appear in Russia.

In this regard, another concept is introduced - the mark of trusted time. This is reliable information in electronic form about the date and time of signing an electronic document with an electronic signature, created and verified by a trusted third party certifying the centers or operators of the information system.

Photo: nazrangrad.ru

Certification centers will have to issue certificates of electronic signatures at a price not exceeding the established Government value. Individuals who have received certificates should be given the opportunity to register in free of charge. Unified Identification and Authentication System In addition, individuals should be provided with technical means for enciphering biometric signatures free of charge.

The authors of the bills claim that the documents they proposed will solve another problem. As of July 2019, state departments require that certificates have qualified electronic signatures have certain powers assigned to the user within the framework of a specific information system. As a result, certificates issued by accredited certification centers cannot be used in some information systems, and certification centers are forced to offer qualified electronic signatures for work in specific information systems.[21]

2018

Russia is working on an alternative to EP for identification on the Internet

This fall Russia , the development of a plan for the implementation of a "cloud signature" as a mechanism identifications on the Web may begin. This was announced on September 10, 2018 by the Special Representative of the President of Russia for Digital Development Dmitry Peskov on the eve of the Eastern Economic Forum.

Dmitry Peskov. Photo: Agency for Strategic Initiatives
File:Aquote1.png
Today there is an electronic signature. But it's long, difficult, expensive, uncomfortable. And we need a simple and understandable cloud signature with which a person could register all his actions on the Internet, conduct transactions, "Peskov told reporters.
File:Aquote2.png

The idea, he said, is for the user to be able to sign any documents from their mobile device. Its digital signature will not be on a wearable drive ("flash drive"), but on a remote "cloud" resource.

Thus, the user is authorized in the cloud resource and then disposes of his electronic signature as he sees fit.

But so far there are a number of obstacles to this. According to Peskov, a number of changes to the current legislation are required.

File:Aquote1.png
... It is necessary to finally legalize electronic documents, electronic contracts. A lot of work is also being done here. Partially this task helps us to solve, including the already adopted bill on the introduction of biometrics in banks, - said Peskov. - The next step is to legalize smart contracts when you do not have intermediaries, when the concluded contract is provided in the form of program code[22]
File:Aquote2.png

File:Aquote1.png
Two questions immediately arise: firstly, how the cloud resource on which the digital signature is located will be protected, and, secondly, how safe the mechanism for accessing the "cloud" EDS from a local mobile device will be, - said Dmitry Gvozdev, General Director of Information Technologies of the Future. - A possible leak of many EDSs from one cloud resource will pose a much greater threat to end users than the leakage of any other personal data. As for mobile devices, it will require a separate secure application, isolated from any others, and two-factor authorization as a protector against weak passwords.
File:Aquote2.png

The bill on the legalization of smart contracts and the document on cloud signature will be considered in the State Duma in the fall of 2018.

The government allowed the use of a simple EDS to obtain public services

The Russian government decided to allow citizens to use a simple electronic signature to work with the public service portal. The corresponding resolution (No. 996) on August 30, 2018 was published on the website of the Cabinet of Ministers.

Previously, the ability to send applications for services in electronic form was provided to users only if they had a so-called enhanced electronic signature, which was issued on a USB drive in certification centers. The service is paid, but the price is equal to the cost of the flash media.

Government Decree No. 996 amends a number of regulatory legal acts of the Government in order to provide for the possibility of using a simple electronic signature when applying electronically for obtaining public services. The only condition is that the issuance of a simple electronic signature key is allowed only after a personal visit of an individual to the certification center (for identification).

File:Aquote1.png
The changes made will reduce the applicants' costs associated with the release of the physical carrier of the electronic signature key certificate, the publication on the Government's website says.
File:Aquote2.png

In accordance with the current legislation, electronic signatures in Russia are divided into three types: simple and two reinforced - qualified and unqualified.

An enhanced qualified electronic signature is confirmed by a certificate from an accredited certification center and in all cases is equal to a paper document with a manual signature.

An enhanced unqualified signature identifies the sender, and also ensures that the document has not undergone any changes since signing. A message with a simple or unqualified electronic signature may be equated to a paper document with a handwritten signature, but only by prior agreement of the parties and in cases specifically provided for by law.

File:Aquote1.png
The decree of the Government of the Russian Federation removes some restrictions on the use of EDS, - said Dmitry Gvozdev, General Director of Information Technologies of the Future. - In fact, this means further expansion of the scope of application of electronic signature, and accordingly, a step forward in the direction of digital document management, in particular, and optimization of interaction of state institutions with citizens.
File:Aquote2.png

The full text of the Decree of the Government of the Russian Federation No. 996 of August 27, 2018 is available here.

The Ministry of Telecom and Mass Communications proposed to introduce a single key verification certificate for the EDS

In early April 2018, information appeared that the powers of users of electronic digital signatures can be enshrined in a single key verification certificate of an enhanced qualified EDS. Ministry of Digital Development, Communications and Mass Media Russia published a corresponding bill on the portal of draft legal acts.

The explanation to the draft law states that according to the current state of affairs, EDS users - individuals and legal entities, state bodies and officials - cannot access the information systems of various departments, since they require object identifiers (OID) in a qualified certificate.

At the same time, certificates issued by certification centers accredited by the Ministry of Communications of Russia, as noted by the authors of the bill, cannot be used to verify electronic signatures in the information systems of such individual departments.

OIDs are not in the same certificates, so there are many companies on the market selling qualified key verification certificates designed to work with a single department and, accordingly, not allowing you to work with others.

File:Aquote1.png
In fact, this "kills" the meaning in EDS: the key idea of ​ ​ an electronic signature is the versatility of its use, says Oleg Galushkin, an information security expert at SEQ (formerly SEC Consult Services). - Unification of the EDS verification procedure is long overdue, but now the question arises of what the certification centers will do, and whether they will have to curtail the activities for the right to conduct which they paid substantial money.
File:Aquote2.png

Now the Ministry of Telecom and Mass Communications proposes to introduce the concept of "authorized certificate," which will contain both the user's OID and information about his powers. Thus, the problem of many certificates - if the bill is passed - will be removed.[23]

You can get acquainted with the text of the draft law of the Ministry of Telecom and Mass Communications of Russia "On Amendments to the Federal Law" On Electronic Signature, "the Federal Law" On Protection of the Rights of Legal Entities and Individual Entrepreneurs in the Implementation of State Control (Supervision) and Municipal Control "and the Federal Law" On Accreditation in the National Accreditation System "" at# npa = 79636 link.

2012

Waiting for distribution of SIM card with EDS

According to a study published in September 2012 by the analytical company TechNavio, the market for two-factor authentication tools will grow annually by 20.8% per year in 2011-2015. Two-factor authentication implies that in order to access information, the user not only needs to enter a password, but also have a certain device or program with which confirmation of access is carried out. A classic example is online banking, where to confirm a transaction, you need not only to enter a password, but also to type a one-time code sent by sms or generated by a special program on the computer.

According to analysts, the next stage in the development of these technologies will be authentication using mobile phones, when an electronic-digital signature is "sewn" into the SIM card of the device, with the help of which the user can carry out legally significant actions. For example, such a mechanism has already been implemented in Estonia. Another technology development option is the creation of smart cards, which are electronic identity cards.

The technology will be spread by the introduction of short-range NFC into wireless phones. Thus, a mobile phone can be used instead of a bank card when paying for goods in a store or on the aisle to a territory with limited access. However, the development of the market will be hindered by security considerations and the actions of regulators, which impose certain requirements for the transfer and protection of confidential data.

Among the leading manufacturers of two-factor authentication solutions, TechNavio researchers name Entrust, Gemalto, RSA Security and VASCO Data Security.

Second tier developers include ActivIdentity, CryptoCard, Deepnet security, Equifax, PhoneFactor, SecureAuth, SecurEnvoy and SafeNet Inc.

In Russia, developments are also underway in this area. For example, Aladdin has developed its own smart card with a built-in microprocessor for user authentication and storing digital signatures, and the state operator Rostelecom is implementing a program to equip sim-cards with an electronic digital signature. MegaFon was selected as the technical partner. It is expected that the prototype of the device will be demonstrated in December 2012, and the first devices will appear on the market in 2013. At the moment, you can get an EDS on a flash drive, for this you need to contact the Rostelecom office. [24]

Permission of government agencies to submit documents to the government in electronic form using the EDS

On August 30, 2012, the Russian government approved amendments to the Regulations on electronic document management in state authorities aimed at improving information and technological support for the activities of the Government of the Russian Federation and federal executive bodies, Minister of Communications and Mass Media Nikolai Nikiforov said in his microblog.

According to him, the Government approved the draft changes made by the Ministry of Communications and Mass Media. Thus, documentation between state and executive authorities, as well as the government apparatus, will be entered in electronic form using an electronic digital signature.

Denis Kuskov, General Director of the analytical agency Telecom Daily, in an interview with TAdviser, said that the creation of an internal secure electronic document management system would greatly facilitate the life of departments and ministries.

"If we talk about the project from the point of view of IT, then the development, implementation, configuration of a system of a similar scale and complexity, as well as with similar security requirements, can cost more than one hundred million rubles. These include the EDS keys, "Kuskov said. "Now there is quite high competition in the market for such systems, so the state can reduce project costs quite seriously."

According to Kuskov, the absence of any obstacles, then the development, implementation and debugging of EDMS and keys can take about a year.

Kuskov is confident that a maximum of 20 EDS keys will be needed for each department or institution. The Cabinet consists of 21 members.

The Federation Council calls for the approval of a single EDS

In July 2012, it became known that in the fall the Federation Council intends to check the preparation of regulations regarding the creation of a unified electronic digital signature (EDS). As the media found out, if the senators are not satisfied with the results of the audit, they will come up with a legislative initiative to introduce a single EDS. (Earlier, the Government of the Russian Federation extended the law "On Electronic Digital Signature" for another year). Experts are not sure that the idea will be implemented: we are talking about a huge business, which will not be beneficial for either certification centers or officials, the[25]

For the first time, the question that the current EDS law must be supplemented with amendments, allowing officials to use one signature for all information systems, was raised by senators back in April 2011. The Federation Council eventually approved the senators' proposal, and the government, in turn, promised that "in the regulations on the procedure for applying an electronic signature, this novella will be implemented," Yuri Roslyak, a member of the Federation Council Committee on Economic Policy, told reporters. However, in almost a year and a half, the regulations did not see the light of day.

"Today, regulations are still in development, so in the fall we will check in what form all this is implemented. If this principle is not fulfilled, then we will come out with a legislative initiative on the legislative incentive of the government, including the Ministry of Telecom and Mass Communications, on the use of this technology - adds Yu. Roslyak.

According to senators, the current law on EDS is extremely inconvenient: each information system requires an individual digital signature, so civil servants and businessmen have to use several EDS at once.

B2B-Center Andrei Boyko The commercial director doubts that the initiative of the Federation Council will be implemented. Thus, the cost of one EDS varies from 4.5 thousand to 7 thousand rubles, in addition, approximately 50% of this amount must be paid for the annual reissue of the EDS certificate.

'It's
a huge business. First of all, the introduction of a single EDS is unprofitable for certification centers, regulatory bodies, state sites. At the same time, suppliers come to us with a bunch of EDS - 5-6 pieces each. If a unified electronic signature is introduced, this will lead to a decrease in business turnover by 4-5 times. The idea itself is a good one. If it works, it will affect the competition of management centers, and the cost of services and their quality, "said Yu. Boyko
.

According to Andrei Slepov, head of the Pepeliaev Group legal information protection group, in some cases EDS requires a high level of security.

"In this case, it can hardly be suitable for any simpler goals," A. Slepov notes. At the same time, the problem of "information privacy" can be solved by introducing "uniform technologies," said Anton Sergo, president of Internet and Law.

"A large number of EDS networks were initially strategically important, but in the future only created inconvenience. So the initiative is very correct, "adds A. Sergo
.

The Ministry of Telecom and Mass Communications explained that according to the current regulatory acts, if a qualified certificate issued to a legal entity does not contain restrictions on its application, then such a certificate can be used in any form of legal relations, if this is not directly prohibited by law. "This fully embodies the concept of a single signature of a legal entity," says a source in the department of information and public relations of the department.

Only in the system of state orders for July 2012, about 1 million EDS were issued, for submitting reports to the tax authorities - more than 1.5 million EDS, about 500 thousand more were issued to legal entities to participate in commercial auctions and for reporting to pension funds[26].

FSB Order on Requirements for Electronic Signature and TC

On February 17, 2012, an order of the FSB of the Russian Federation of December 27, 2011 No. 796 "On Approval of Requirements for Electronic Signatures and Requirements for Means of the Certification Center" was published. Earlier, an order dated December 27, 2011 No. 795 "On Approval of Requirements for the Form of a Qualified Certificate of the Electronic Signature Verification Key" appeared.

In accordance with the new norms, when signing a document, the signing means must show the electronic document to the person who signs it, wait for confirmation from this person, and after signing it, show him that the signature has been created. When verifying the signature, the tool must show an electronic document, as well as information on amending the signed document and indicate the person who signed it.

The format of a qualified certificate differs significantly from the format of EDS certificates that are issued at that time (in accordance with federal law No. FZ-1). For example, a qualified certificate must include the name of the electronic signature and certification center tools used to generate the signature key and verification key (private and public keys, respectively), as well as to create the certificate itself.

Compared to EDS certificates, the method of representing the authority of the certificate holder has changed. At the request of the owner, any information confirmed by the relevant documents could be included in the EDS certificate, and non-standard details (for example, the insured's registration number) can be included in the qualified certificate only if the requirements for their purpose and location in the certificate are defined in the documents provided to confirm the compliance of the means of the certification center with the requirements of the FSB.

2011

For all the time in Russia issued 5-7 million certificates of EP keys

For the entire period of the 2002 law on EP in Russia, 5-7 million certificates of electronic signature keys were issued, the Ministry of Telecom and Mass Communications cites expert assessments. They will be valid until July 1, 2012, then they will have to be changed to new ones.

In 2011, the market for services for issuing electronic signatures to citizens began to form in Russia. They cost no more than 500 rubles, but it was difficult to assess the demand at this time: it had not yet been decided for which documents which signature was suitable.

The highest level signature, protected from counterfeiting, is the so-called enhanced qualified. The funds with which the documents are certified by such a signature are issued by special certification centers that have been certified by the FSB. According to the Ministry of Telecom and Mass Communications, the Unified State Register of Signature Key Certificates contains 284 such centers.

Funds for issuing simpler signatures - enhanced unqualified and simple - can be purchased on the market, you will not have to contact the certification center for this.

In 2011, certification centers, the tariffs of which were studied by the Vedomosti correspondent, are charged for issuing EP 2000-10,000 rubles. (depending on the number of related services - for example, for 10,000 rubles. you can also participate in a seminar on the use of such a signature). But the price should radically decrease, promised the press secretary of the Minister of Communications Elena Lashkina, in fact, it will be reduced to the cost of the carrier. For the carrier of an enhanced EP certified by the FSB, you will need to pay 500-600 rubles, and in the future - 300 rubles. For unqualified enhanced EP, you can buy any USB flash drive (from 100 rubles).

President Medvedev signed the law "On Electronic Signature"

On April 6, 2011, Russian President Dmitry Medvedev signed the law "On Electronic Signature" (EP), approved by the State Duma and the Federation Council in March. The document will replace the law "On Electronic Digital Signature" (EDS) adopted in 2001, which contained too serious requirements for EDS and greatly limited the ability to use electronic documents. It allowed the use of the only technology - asymmetric electronic keys, requiring the mandatory presence of a certificate from the certification center.[27]

The need for a new law was due to the fact that the provisions of the current law on electronic signature (FZ-1) did not comply with the modern principles for regulating electronic signatures, which are valid in European states.

Three types of electronic signature stand out - simple electronic signature, unqualified electronic signature and qualified electronic signature.

A qualified electronic signature is an electronic signature that:

  • obtained by cryptographic conversion of information using a signature key;
  • Allows you to identify the person who signed the document.
  • allows you to detect the fact of amendments to the document after its signing;
  • is created using electronic signature tools.

In addition, the verification key of such a signature is indicated in a qualified certificate, and means that have received confirmation of compliance with the requirements established in accordance with federal law are used to create and verify an electronic signature.

Before using the EDS, the center had to transfer copies of the certificate in paper and electronic form to the authorized body. The certification centers themselves were subject to mandatory licensing and had to be built into a single hierarchical structure. Although the law came into force in early 2002, the authorized government agency (then it was the Federal Agency for Information Technology) appeared only in 2004, and the root certification center, without which the work of everyone else is impossible - in 2005. Licensing of certification centers did not work at all due to contradictions with the law "On licensing of certain types of activities" adopted later.

As a result, as noted in the explanatory note to the law "On EP," practically only legal entities use EDS in Russia, and the number of certificates issued is no more than 0.2% of the total population. In the law adopted now, licensing is not required from certification centers - they can be accredited and then only on a voluntary basis. Accreditation will be handled by the authorized body appointed by the government, it will also organize the work of the root center.

For accreditation, a Russian or foreign legal entity is obliged to have net assets in the amount of at least 1 million rubles. and financial guarantees for paying compensation to affected customers in the amount of 1.5 million rubles, have at least two IT specialists with higher professional education and undergo a confirmation procedure with the FSB. The centers are obliged to ensure free access to any person to the registers of valid and canceled certificates, the mandatory transfer of the register of certificates to the root center will occur only if the accreditation of the center ceases. The certification center can also organize a system of centers around it, in relation to which it will be the root.

The plan for preparing legal acts in order to implement the federal laws "On Electronic Signature" and "On Amending Certain Legislative Acts of the Russian Federation in Connection with the Adoption of the Federal Law" On Electronic Signature "was approved by Order of the Government of the Russian Federation of July 12, 2011 No. 1214-r. The plan sets the deadlines for the development of legal acts of the Government of the Russian Federation and legal acts of federal executive bodies related to the use of an electronic signature. The Ministry of Communications of Russia is one of the responsible executors of the development of legal acts, most of which will be developed jointly with the FSB of Russia, the Ministry of Economic Development of Russia, as well as interested federal executive bodies.

According to the plan, by July 30, 2011, a federal executive body authorized in the field of using an electronic signature will be appointed, by August 31, requirements for the form of a qualified certificate of the electronic signature verification key, requirements for electronic signature means, requirements for the means of the certification center and the procedure for accreditation of certification centers will be approved. By October 31, government resolutions on the types of electronic signature that government agencies use when organizing electronic interaction with each other, on the types of electronic signature that are used when applying for public services, and on the procedure for using a simple electronic signature when providing state and municipal services should be adopted. By November 30, the procedure for using an electronic signature when applying for state and municipal services must be approved. The last planned document will be signed in March 2012.

In the law of 2011, it became possible to sign documents with electronic signature, the circulation of which is not regulated by the laws of direct action, notes the deputy head of Rosreestr Sergey Sapelnikov. Few documents fall under the regulation: extracts from the real estate cadastre and the Unified State Register of Rights, invoices, etc. In theory, the new law will allow notaries to certify in electronic form extracts from the marriage certificate, power of attorney, etc. True, it is not yet clear which of the three formats the government agencies will accept and which specific documents can be signed by them. The law did not establish what type of signature a particular department can use, in what format the general director of the company should sign, in which - the chief accountant, and in which - a citizen, says Sapelnikov. For the authorities, the types of EP will be determined by the government, and for business and household communication, citizens and legal entities have the right to choose the type of signature themselves, says an employee of the Ministry of Telecom and Mass Communications.

The Federation Council plans to introduce a single EP

On March 30, 2011, at a meeting of the Federation Council, it was decided to amend the law on electronic digital signature (EDS) without suspending the law as amended. Now the document does not spell out the rule that a specific person should have one EDS, as well as his graphic personal signature. Because of this, officials and businessmen are forced to use different signatures in different information systems.

"We have every information system that requires an official to issue an individual digital signature for each specific system. We consider this categorically unacceptable: firstly, this is an additional bureaucratic barrier, and secondly, it is a big loss of time and money, "said Yuri Roslyak, one of the initiators of the amendments, a member of the Federation Council Committee on Economic Policy
.

According to him, now an official working in the treasury system has seven different EDS. "It can get to the point of absurdity when a person can have 10-12 EDS in order not to limit their capacity," he added. According to him, a unified digital signature should be issued in the system of certification centers. It should act in all public information systems that exist in Russia. It is equally obvious that this thesis has nothing to do with identification in closed information systems.

"Now work is underway to agree on the design: in which chapter to include this amendment. I think that within a month we will finish this work and conciliation procedures will begin at least in early June, "explains Yu. Roslyak
.

The State Duma approved the bill "On electronic signature"

In March 2011, the State Duma of the Russian Federation approved in the last reading the draft Federal Law "On Electronic Signature," which is intended to replace the existing since 2002 No. 1-FZ "On Electronic Digital Signature." The law is designed to "regulate relations on the use of electronic signatures when making civil transactions, providing state and municipal services, performing state and municipal functions, as well as when performing other legally significant actions."

In accordance with Art. 5 of the bill, three new types of electronic signature are defined: simple, unqualified and qualified (the most protected). The currently used EDS key certificates are equated with qualified electronic signature certificates.

The law regulates the issuance and use of signature key certificates, authentication of signatures, accreditation and provision of services of certification centers that will issue certificates of electronic signature keys. Until July 1, 2012, such centers will continue to operate as before, but will have to undergo mandatory accreditation with the authorized body. Starting from the summer of 2012, the right to issue qualified signatures is granted exclusively to accredited certification centers.

The situation with EDS in the Russian Federation is such that any user has to create a separate EDS for almost each of them to work with information systems requiring the use of an electronic digital signature. To resolve this situation, the Federation Council of the Russian Federation is preparing an amendment to the law "On Electronic Digital Signature," which is designed to make life easier for EDS users. As a result, it should become unified for all information systems and not limit the capacity of their holders.

Order of V. Putin on the transition of government agencies by 2012 to paperless document management

In February 2011, Russian Prime Minister Vladimir Putin signed Decree No. 176-r "On Approval of the Action Plan for the Transition of Federal Executive Bodies to Paperless Document Management when Organizing Internal Activities." This document approved the action plan for the transition of federal authorities to paperless document management and established that the implementation of measures for the transition to paperless document management is carried out "at the expense of funds provided for in the federal budget."

By June 2011, it is planned to provide "officials of federal executive bodies with electronic digital signature means for use in electronic document management," to create or modernize EDMS ministries and departments. From January 1, 2012, according to the plan, paperless document management should work in all federal authorities.

2010: Report of the Ministry of Economic Development to the President of the Russian Federation on the need for EDS for electronic public services

In August 2010, the Ministry of Economic Development prepared a report to the President on the priorities of introducing public services in electronic form. One of the priorities is electronic digital signatures (EDS) for citizens and organizations. In the West, the technology that allows you to certify the author of electronic documents and ensure their invariability (with any change in the document, the EDS will become invalid) has not gained much popularity: it is too difficult. The Russian Ministry of Telecom and Mass Communications also does not believe in the mass nature of the EDS - this department announced a competition for the development of alternatives. But despite this, the ubiquity of electronic signatures in our country will still take place.

The draft report of the Ministry of Economic Development to the President of Russia on the priorities of providing public services in electronic form was submitted to the government on August 2, 2010. One of the priorities noted in it is the use of "an electronic digital signature available to most citizens and organizations when receiving services." The subjects of the federation must create conditions for the widespread use of EDS. And all this is at the expense of its own funds, "within the framework of current financing."

For a person familiar with the computer, using an electronic digital signature will not be a big problem. But it is unlikely that all Russians will be able to master this technology, Minister of Communications and Mass Media Igor Shchegolev said at the Tver Economic Forum. As an alternative, his department decided to create a special secure email to communicate the state with citizens. 10 million rubles were allocated for these purposes. The right to develop the project was won by the St. Petersburg State University of Telecommunications named after Bonch-Bruevich.

"In the West, the EDS has not found widespread use," says the application of one of the contestants, Ashmanov & Partners. "She was uncomfortable... After some hesitation, the average citizen preferred "in the old fashioned way" to go to public places in person than to acquire software, a certificate, study the features of the EDS, etc. Neither Western state institutions nor commercial mass service enterprises began to use EDS on a significant scale precisely because of rejection by the citizen/client. "

In Russia, apparently, several duplicate access systems to electronic government will be developed in parallel. A copy of the report of the Ministry of Economic Development was sent to the Ministry of Communications, but the position of this department "has not yet been expressed," said Acting Minister of Economic Development Andrei Klepach in a cover letter to the draft report.

Electronic digital signature is most actively used in the field of finance - this is facilitated by the increase in the penetration of Internet banking systems, and the initiative of the Federal Tax Service, whose divisions accept reports in electronic form. In addition, Russian President Dmitry Medvedev recently signed Federal Law of 27.07.2010 No. 229-FZ, which provides for amendments to the first and second parts of the Tax Code of the Russian Federation. Among them - the possibility of issuing invoices in electronic form by mutual agreement of the parties to the transaction and if the parties have compatible technical means and opportunities for receiving and processing invoices. One of the prerequisites for such a process is the signing of invoices using the EDS.

According to market experts, the creation of any financial documentation and reporting is one of the simplest examples of an industry where the use of EDS can bring profit. Now organizations often have to rent warehouses to store financial statements - the shelf life of documents can be 5 years or even more. Quite significant funds are spent on this. In addition, each ordinary private person of the house also has a kind of warehouse in which documents are stored. If all these documents are transferred to electronic form, this will significantly facilitate the life of a person or company and will ensure greater preservation of documents - after all, paper documents cannot be copied as easily as electronic ones.

The use of EDS in the provision of public services can save not only time to citizens, but also state funds - by reducing the number of employees who receive documents, minimizing errors and losses during processing, and so on.

It is worth noting that for document-intensive information systems, security tools seem to be an additional burden, since additional computing power is required for both authentication and data decryption. However, in some cases, they, on the contrary, can save resources by blocking access to processes for those users who may abuse them. If the system processes information for a limited range of applications, then the introduction of encryption systems and reliable authentication is quite justified.

In addition, at the level of legislation, the protection of document management systems is required in the event of personal data processing or transactions of international payment systems. All technological components of such protection have already been implemented and are being implemented, it is important during their use to comply with the requirements for maintaining the legal significance of electronic documents when processed in document-intensive information systems.

In the new version of the law, according to market experts, some restrictions imposed by the first law have been removed - for example, the use of a certified crypto tool becomes optional. This makes life easier for many organizations and individuals in the regions. The fact is that a certified crypto device must be transmitted either over a secure channel or on an immutable medium - for example, on disk. Meanwhile, the protected channel itself must be protected by a certified crypto device, so that a stalemate occurs. And these are far from all the nuances that should be taken into account in the new version of the law on EDS.

In the Russian market (2010), there are several crypto providers that are not compatible with each other. Thus, a situation arises where each user, in order to send a letter with an EDS to another user, must first make sure that the destination can check the EDS. Although, it would seem, actually the same algorithm is used, and the use of EDS regulates the same law, the implementation of companies operating in this market is different.

2002: Russia adopted the first law "On electronic digital signature"

The first law regulating the rules for using an electronic digital signature in Russia was the Law of the Russian Federation of January 10, 2002 No. 1-FZ "On Electronic Digital Signature." The main claim to 1-FZ was its ambiguity, vagueness. In particular, even the definitions of the EDS and the electronic document as a whole provide opportunities for ambiguous interpretation. Leaves opportunities for discrepancies and such a concept as evidence that determines the moment of signing - they can be considered both the time stamp included in the signature and the time put in the document itself. It also raises questions about how to determine the certificate that was not invalid at the time of verification. Now companies and organizations interacting with each other using EDS solve all these problems by signing additional regulations, otherwise - accession agreements, but this seriously complicates the process of exchanging electronic documents.

2000: U.S. EDS Act

In the summer of 2000, the US national law on electronic signature came into force - from that day on, blurring on paper and in a digital document is equivalent. At least under federal law. The law did not turn the technological reality, but created a separate market segment - digital transaction management (DTM). This rapidly growing segment will reach an impressive $30bn by 2020, according to research by Aragon Research.

In the US, UETA and the national EP law give electronic documents the same weight as traditional paper obligations signed by hand.

These statutes define the EP as "an electronic sound, symbol or process attached to or logically related to a contract or other record, attached to it by a person with the intention of signing the record." Thus, any business transaction can be executed electronically.

"In the US, people use electronic signatures in every aspect of their daily lives. You can electronically take out a mortgage or insurance as part of a car loan, "says Stephen Bisbee, president of Baltimore-based eOriginal, which owns a patent for the process of creating, signing and transferring documents electronically.

The most progressive enterprises no longer wonder whether to use an electronic signature - they are focused on best integrating its application into their own business processes.

The next step is to manage any "digital" business online. "This is moving forward - from simple signatures to complex financial transactions in electronic form," Bisbee believes and predicts that a turning point in this area will occur over the next four years.

1994: The EDS standard is adopted in Russia - GOST R 34.10-94

The electronic digital signature came to Russia in 1994, when the first Russian standard EDS was adopted - GOST R 34.10-94, which in 2002 was replaced by GOST R 34.10-2001.

1976: Electronic Signature Development in the United States

The United States can be considered the birthplace of EP: in 1976, American cryptographers Whitfield Diffie and Martin Hellman first proposed the concept of "electronic digital signature," although they only assumed that EDS schemes could exist. But already in 1977, the RSA cryptographic algorithm was developed, which, without additional modifications, can be used to create primitive electronic signatures for[28].

See also

Notes

  1. Russia and Belarus create a cross-border space of trust
  2. Russians told how hackers gain access to electronic signatures
  3. the Open implementation of the Rosehip algorithm on GitHub. It compiles into a
  4. Electronic Signature in Question
  5. Pro-business government extends transition period to machine-readable powers of attorney
  6. Experiment with enhanced electronic signatures will be extended until the end of 2023
  7. Global Digital Signature Market Report 2021-2026 - Enhancement in the Acceptance of Cloud-Based Security Solutions & Growing Number of Partnerships and Acquisitions
  8. The authorities will postpone the transition of business to a new format of electronic signature Without a delay, companies could face the problem of exchanging electronic documents
  9. The Ministry of Digital Development began the transfer of Russians to an electronic signature sewn into SIM cards
  10. xtor = AL-% 5Binternal_traffic% 5D--% 5Brss.rbc.ru% 5D-% 5Btop_stories_brief_news% 5D MIA proposed imprisonment for forging an electronic
  11. The tax service will issue electronic digital signatures
  12. Cadastral Chamber: demand for electronic signatures has grown in Russia
  13. The State Duma introduced fines for violation of the rules for issuing an electronic signature key
  14. Draft requirements for submission of electronic power of attorney on behalf of IP have been developed
  15. Amendments of the Ministry of Telecom and Mass Communications of Russia to the legislation on electronic signature entered into force
  16. How the law on electronic signature has changed
  17. Retailers saw new risks in the bill on electronic signature
  18. Gref asked to give the largest banks the right to issue electronic signatures
  19. THE FEDERAL CADASTRAL CHAMBER TOLD HOW TO PROTECT YOUR ELECTRONIC SIGNATURE FROM FRAUDSTERS
  20. Deputies introduce a state monopoly on issuing an electronic signature
  21. Russia will introduce criminal liability for incorrect issuance of an electronic signature
  22. Russia is working on a new mechanism for identification on the Internet
  23. The powers of EDS users can be assigned in a single certificate
  24. The first SIM cards with EDS will appear in Russia in 2013.
  25. Federation Council proposes to unify the EDS.
  26. , the Federation Council proposes to unify the EDS
  27. [1]
  28. 15 years of electronic signature in the United States. Anniversary with reservations