EDS for individual entrepreneurs: advantages of electronic signature for legal entities. Electronic Document Management and Electronic Digital Signature: Application in Business

Electronic reporting in Russia appeared about 10 years ago. Over the past period, accountants have had many opportunities to evaluate its benefits. Every year, the number of companies reporting to in electronic format, increases in geometric progression. To date, electronic reporting is evidence effective work companies and an indicator of the level of qualification of an accountant. But if the assurance of reports with an electronic signature has become customary for Russian companies, then the use of the cloud electronic signature- relative rarity.

Let's compare the possibilities of using a "traditional" and cloud-based electronic signature in several ways: the need for software, the security of data transfer, and the cost.

A traditional electronic signature requires the installation of a special program. At the same time, it will be possible to certify reports with an electronic signature only on the computer where the necessary software is installed. In addition, in Russian reality, situations often arise when an electronic signature key conflicts with an Internet banking key. In such a situation, the company is forced to use a dedicated computer to send electronic reports. Traditional electronic signature software, like any software, requires periodic updates and maintenance costs.

The need to eliminate these shortcomings and opportunities high technology allowed to create a cloud-based electronic signature. Unlike traditional ES, cloud-based - does not require installation of software and cryptography on a computer. The certification center issues an electronic signature and places it in its certified secure cell (cloud). Access to this cell is available only to the owner of the signature using sms, which comes to the mobile phone. Since all information about access to a cloud electronic signature is stored on a cloud server in a certification center, an accountant can sign and send electronic reports from any computer, tablet, smartphone, or even mobile phone with internet access. The undoubted advantage of a cloud-based electronic signature is the absence of costs for the purchase of software, its support and updating. This technology is also used in many Internet banks.

Despite the fact that the cloud-based electronic signature is still a fairly new concept for Russian accounting, successful experience in implementing new technologies has already been accumulated. The first in the Russian market to introduce a cloud-based electronic signature using one-time passwords via sms was the online accounting department My Business, together with the certification center Kaluga Astral. To date, more than 100 thousand accounting reports have already been submitted using cloud-based ES.

“For two years of work, more than one thousand organizations have used the service, which have appreciated its convenience, accessibility and user-friendliness,” says Igor Chernin, Director of Kaluga Astral. “The service has increased the attractiveness of the electronic reporting method for small businesses and individual entrepreneurs. Technical solutions in the field of platform development and in the field of using the "cloud" ES, which were implemented as part of the service, formed the basis of many similar products currently on the market."

Other market participants also appreciated the benefits of clouds. For example, the company CRYPTO-PRO, which occupies a leading position in the distribution of cryptographic information protection and electronic digital signature, has created a new hardware and software cryptographic module "CryptoPro HSM". Although this service is not yet used for reporting, there is already a movement and there is hope that in a couple of years it will be possible to forget about the traditional electronic signature in those places where there is no absolute need for it.

Virtual reality is getting closer, and now the business community is starting to use new technologies for document management. IN Lately everyone has heard such a phrase as “digital electronic signature”. Let's figure out what kind of animal this is and what it is eaten with.

The signature may simply be electronic. This is the signature that we add to the document that will go to the Internet. It can be, for example, a .pdf file. Your signature on a plastic card is also considered an electronic signature. Remember, there is an empty field on which you should sign with a pen? Decorating reverse side"plastic" with your autograph, you confirm that you have made a deal with the bank.

Digital electronic signatures are much more complicated. They are used to identify the authorship of electronic documents. In order to, you need to contact a special certification center that has a certificate for such activities.

It is necessary to provide and verify a lot of documents in order to obtain a digital electronic signature. Many regulatory documents and templates are provided by . After submitting an application for obtaining an EDS, a representative of the organization receives two keys, he uses them for documents of various types.

Why is it convenient to use an electronic digital signature?

1) When using the EDS, it is easy to control the integrity of the document, if during the transfer the document did not reach the recipient completely, then the EDS will become invalid, since it was calculated only for the initial state of the document.

2) The company receives a guarantee of protection against forgery of documents.

3) The owner cannot refuse the EDS placed under the document, because to create a valid signature, you need a private key, which is available only to the owner of the signature. Also, therefore, it is easy to prove the authorship of the document.

All this makes the electronic digital signature a convenient tool for business, especially when communicating with out-of-town and foreign partners. Concerning legislative framework, which ensures the functioning of the EDS system in Russia, will give answers to all your questions.

And, finally, we will warn you about only one thing: keep the EDS key safe. EDS certification centers can order the service of time stamps left in documents. By these marks, you can determine when and who exactly stole the key from you. By the way, it is not always necessary to start an EDS. For many companies, an electronic signature is usually sufficient.

You can read about what an Electronic Signature (abbreviated as ES or EDS) is.

We explain. Here are the three main benefits of an electronic signature:

It's faster

An electronic signature saves time on working with documents.

And the point is not that inserting a flash drive and pressing a button is faster than signing a sheet, but rather that EP speeds up further process- document flow.

If you do not have an electronic signature, then you must first print the sheet, sign it, put it in an envelope, send the envelope, go to the post office (and here time is not saved at all) and only then solemnly return to work. If you have an electronic document management and have an electronic signature, then the whole process is significantly accelerated.

It's safer

Your ES is almost impossible to fake. This means that the signed document will definitely remain unchanged. If you have an electronic signature, it is very easy to prove the authorship of a document - this protects against forgery.

It's necessary

Well, the most obvious, but no less important point - it is simply necessary for some tasks: participation in tenders (for example, in), work on the website of public services, electronic document management. Every year, there are more and more sites where an electronic signature will be required. There is no point in ignoring progress - get an e-signature for your company today if you still don't have one.

The article provides answers to the questions: “What does an electronic signature look like”, “How does an EDS work”, its capabilities and main components are considered, and a visual step-by-step instruction the process of signing a file with an electronic signature.

What is an electronic signature?

An electronic signature is not an object that can be picked up, but a document requisite that allows you to confirm that the EDS belongs to its owner, as well as to record the state of information / data (presence or absence of changes) in an electronic document from the moment it was signed.

Reference:

The abbreviated name (according to federal law No. 63) is EP, but more often they use the outdated abbreviation EDS (electronic digital signature). This, for example, facilitates interaction with search engines on the Internet, since ES can also mean an electric stove, a passenger electric locomotive, etc.

According to the legislation of the Russian Federation, a qualified electronic signature is the equivalent of a handwritten signature with full legal force. In addition to the qualified in Russia, there are two more types of EDS:

- unqualified - ensures the legal significance of the document, but only after the conclusion of additional agreements between the signatories on the rules for the application and recognition of the EDS, allows you to confirm the authorship of the document and control its invariability after signing,

- simple - does not give the signed document legal significance until the conclusion of additional agreements between the signatories on the rules for the application and recognition of the EDS and without observing the legally fixed conditions for its use (a simple electronic signature must be contained in the document itself, its key must be applied in accordance with the requirements of the information system, where it is used, and so on in accordance with Federal Law-63, Article 9), does not guarantee its invariance from the moment of signing, allows you to confirm authorship. Its use is not allowed in cases related to state secrets.

Possibilities of electronic signature

EDS provides individuals with remote interaction with government, educational, medical and other information systems via the Internet.

For legal entities, an electronic signature gives access to participation in electronic trading, allows organizing legally significant electronic document management (EDM) and submitting electronic reports to regulatory authorities.

The opportunities provided by the EDS to users have made it an important component Everyday life both ordinary citizens and representatives of companies.

What does the phrase "the client has been issued an electronic signature" mean? What does an ECP look like?

The signature itself is not an object, but the result of cryptographic transformations of the signed document, and it cannot be “physically” issued on any medium (token, smart card, etc.). It also cannot be seen direct meaning this word; it does not look like a stroke of a pen or a figured print. About, What does an electronic signature look like? we will tell below.

Reference:

A cryptographic transformation is an encryption that is built on an algorithm that uses a secret key. The process of restoring the original data after cryptographic transformation without this key, according to experts, should take more time than the validity period of the retrieved information.

Flash media is a compact storage medium that includes flash memory and an adapter (usb flash drive).

A token is a device whose body is similar to that of a USB flash drive, but the memory card is password protected. The information for creating an EDS is recorded on the token. To work with it, you need to connect to the USB-connector of the computer and enter a password.

Smart card is a plastic card, allowing to carry out cryptographic operations due to the microcircuit built into it.

A SIM card with a chip is a card mobile operator, equipped with a special chip, on which a java application is safely installed at the production stage, expanding its functionality.

How should one understand the phrase “electronic signature issued”, which is firmly entrenched in colloquial speech market participants? What is an electronic signature?

The issued electronic signature consists of 3 elements:

1 - a means of electronic signature, that is, necessary for the implementation of a set of cryptographic algorithms and functions technical means. This can either be a cryptographic provider installed on the computer ( CryptoPro CSP, ViPNet CSP), or an independent token with a built-in crypto provider (Rutoken EDS, JaCarta GOST), or an "electronic cloud". You can read more about EDS technologies related to the use of the "electronic cloud" in the next article of the Single Electronic Signature Portal.

Reference:

A crypto provider is an independent module that acts as an “intermediary” between operating system, which, using a certain set of functions, controls it, and a program or hardware complex that performs cryptographic transformations.

Important: the token and the means of a qualified EDS on it must be certified by the Federal Security Service of the Russian Federation in accordance with the requirements of Federal Law No. 63.

2 - a key pair, which consists of two impersonal sets of bytes formed by an electronic signature tool. The first of them is the electronic signature key, which is called "closed". It is used to form the signature itself and must be kept secret. Placing a “private” key on a computer and a flash drive is extremely insecure, on a token it is somewhat unsafe, on a token/smart card/sim card in an unrecoverable form it is the most secure. The second is the electronic signature verification key, which is called "open". It is not kept secret, it is unambiguously tied to a "private" key and is necessary so that anyone can check the correctness of the electronic signature.

3 - EDS verification key certificate issued by a certification authority (CA). Its purpose is to associate an impersonal set of bytes of the “public” key with the identity of the owner of the electronic signature (person or organization). In practice it looks like in the following way: for example, Ivan Ivanovich Ivanov ( individual) comes to the certification center, presents a passport, and the CA issues him a certificate confirming that the declared "public" key belongs to Ivan Ivanovich Ivanov. This is necessary to prevent a fraudulent scheme, during the deployment of which an attacker, in the process of transmitting an "open" code, can intercept it and replace it with his own. Thus, the offender will be able to impersonate the signatory. In the future, by intercepting messages and making changes, he will be able to confirm them with his EDS. That is why the role of the certificate of the electronic signature verification key is extremely important, and the certification center bears financial and administrative responsibility for its correctness.

In accordance with the legislation of the Russian Federation, there are:

- "electronic signature verification key certificate" is generated for an unqualified digital signature and can be issued by a certification center;

— “qualified digital signature verification key certificate” is generated for a qualified digital signature and can only be issued by a CA accredited by the Ministry of Telecom and Mass Communications.

Conventionally, it can be indicated that the keys for verifying an electronic signature (sets of bytes) are technical concepts, and the “public” key certificate and the certification center are organizational concepts. After all, the CA is a structural unit that is responsible for matching "open" keys and their owners as part of their financial and economic activities.

Summarizing the above, the phrase “the client has been issued an electronic signature” consists of three terms:

The client purchased an electronic signature tool.
He received an "open" and "private" key, with the help of which an EDS is generated and verified.
The CA issued a certificate to the client confirming that the “public” key from the key pair belongs to this particular person.

Security issue

Required properties of signed documents:

integrity;
authenticity;
authenticity (authenticity; "non-repudiation" of the authorship of information).

They are provided by cryptographic algorithms and protocols, as well as software and hardware-software solutions based on them for the formation of an electronic signature.

With a certain degree of simplification, we can say that the security of an electronic signature and services provided on its basis is based on the fact that the "private" keys of an electronic signature are kept secret, in a protected form, and that each user keeps them responsibly and does not allow incidents.

Note: when purchasing a token, it is important to change the factory password, so that no one can access the EDS mechanism except for its owner.

How to sign a file with an electronic signature?

To sign a digital signature file, you need to perform several steps. As an example, consider how to put a qualified electronic signature on a certificate on trademark Single Portal of Electronic Signature in .pdf format. Necessary:

1. Click on the document with the right mouse button and select a cryptographic provider (in this case CryptoARM) and the “Sign” column.

2. Pass the path in the dialog boxes of the cryptographic provider:

At this step, if necessary, you can select another file for signing, or skip this step and go directly to the next dialog box.

The Encoding and Extension fields do not require editing. Below you can choose where the signed file will be saved. In the example, the document with digital signature will be placed on the desktop (Desktop).

In the "Signature properties" block, select "Signed", if necessary, you can add a comment. Other fields can be excluded/selected as desired.

From the certificate store, select the one you need.

After verifying that the "Certificate Owner" field is correct, click the "Next" button.

In this dialog box, the final verification of the data required to create an electronic signature is carried out, and then after clicking on the “Finish” button, the following message should pop up:

Successful completion of the operation means that the file has been cryptographically converted and contains a requisite that fixes the immutability of the document after it is signed and ensures its legal significance.

So, what does an electronic signature look like on a document?

For example, we take a file signed with an electronic signature (saved in the .sig format) and open it through a cryptographic provider.

Fragment of the desktop. On the left: a file signed with an ES, on the right: a cryptographic provider (for example, CryptoARM).

Visualization of the electronic signature in the document itself when it is opened is not provided due to the fact that it is a requisite. But there are exceptions, for example, the electronic signature of the Federal Tax Service upon receipt of an extract from the Unified State Register of Legal Entities / EGRIP through online service conditionally displayed on the document itself. Screenshot can be found at

But what about in the end "looks" EDS, or rather, how is the fact of signing indicated in the document?

By opening the “Signed Data Management” window through the crypto provider, you can see information about the file and the signature.

When you click on the "View" button, a window appears containing information about the signature and certificate.

The last screenshot clearly shows what does a digital signature look like on a document"from within".

You can purchase an electronic signature at .

Ask other questions on the topic of the article in the comments, the experts of the Unified Electronic Signature Portal will definitely answer you.

The article was prepared by the editors of the Single Portal of the Electronic Signature site using materials from SafeTech.

With full or partial use of the material, a hyperlink to www..

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Hosted at http://www.allbest.ru/

Ministry of Education and Science Russian Federation

federal state budgetary educational institution higher professional education

AMUR STATE UNIVERSITY

Faculty of Law

Specialty 030501. 65 - Jurisprudence

ESSAY

On the topic: Electronic digital signature

Blagoveshchensk 2014

Introduction

One of actual problems currently in the world is the problem of information security

This is due to the fact that information technology has radically changed our lives. The facts already show: most of circulation of information and documents is now carried out in electronic form. The technology of electronic signature is able to further expand the possibilities of electronic document management, secure it, and extend it to all areas. public life, promote the development of e-business opportunities accessible to all. In countries where the concept of an electronic signature is legally enshrined, it is possible to safely and reliably make any transactions without leaving your home or office; defend your rights in law enforcement agencies by e-mail correspondence; declare your income to the tax authorities.

The concept of electronic digital signature

Electronic digital signature (Further -EDS)-- requisite of the electronic document, which allows to establish the absence of distortion of information in the electronic document from the moment of formation of the EDS and to verify that the signature belongs to the owner of the EDS key certificate. The attribute value is obtained as a result of cryptographic transformation of information using the EDS private key.

History of developmentand distributionelectronic digital signature

Abroad:

1976 American mathematicians W. Diffie and M.E. Hellman published a paper called "New Directions in Cryptography", which significantly influenced further development cryptography and, in particular, led to the emergence of such a thing as a "digital signature".

1977 The first cryptographic algorithm, RSA, was developed.

1981 The DSA algorithm was developed in 1981 and has been used as the US standard for digital signature ever since.

1984 Developed a cryptosystem - the El-Gamal Scheme, which underlies the standards of electronic digital signature in the USA and Russia.

1984 S. Goldwasser, S. Micali and R. Rivest were the first to strictly define security requirements for digital signature algorithms. They described models of attacks on EDS algorithms, and also proposed a GMR scheme that meets the described requirements.

1991 The US National Institute of Standards and Technology (NIST) published the digital signature standard DSS (Digital Signature Standard).

1993 The RSA method was published and accepted as a standard. RSA can be used for both encryption/decryption and generation/verification of a digital signature.

1997 The Electronic Digital Signature Act was passed in Germany.

2003 The Verkhovna Rada of Ukraine adopted the laws “On Electronic Documents and Electronic Document Management” and “On Electronic Digital Signature”.

In Russia:

1993 Development of the domestic law on electronic digital signature (EDS).

1994 The first domestic standard in the field of EDS was adopted - GOST R34.10 - 94 “Information technology. Cryptographic protection of information. Procedures for generating and verifying an electronic digital signature based on an asymmetric cryptographic algorithm.

1999 The Ministry of the Russian Federation for Communications and Informatization organized the development of a draft federal law "On Electronic Digital Signature", which creates legal framework formation of a reliable infrastructure, including certification centers.

2001 The Government approved the bill "On Electronic Digital Signature".

2002 Adopted a new standard for EDS: GOST R 34.10-2001 “Cryptographic protection of information. Processes of formation and verification of electronic digital signature.

2002 The Federal Law "On Electronic Digital Signature" was adopted, which created the basis for the use of an electronic document and an electronic digital signature.

On April 6, 2011, Russian President Dmitry Medvedev signed the law "On Electronic Signature" (ES), approved by the State Duma and the Federation Council in March.

Chapter Russian government Dmitry Medvedev signed Decree No. 33 at the beginning of 2013, which describes the procedure for using a “simple electronic signature” when providing state and municipal services in addition to the already used reinforced EP.

Legal framework governing the use of electronic digital signature in Russia.

electronic digital signature legal

Civil Code of the Russian Federation (parts one, two, three and four)

Federal Law of July 27, 2006 No. 149-FZ "b information, information technology and information protection"

Order of the Federal Security Service of the Russian Federation of December 27, 2011 No. 796 “On Approval of the Requirements for Electronic Signature Tools and the Requirements for Certification Center Tools”

Order of the Federal Security Service of the Russian Federation of December 27, 2011 No. 795 "On Approval of the Requirements for the Form of a Qualified Certificate of the Electronic Signature Verification Key"

Types of electronic digital signature

There are 3 types of EDS:

1. Attached electronic digital signature. In the case of creating an attached signature, a new EDS file is created, in which the data of the signed file is placed.

Advantages of the attached signature: ease of further manipulation with the signed data, because all of them, together with signatures, are contained in one file, the file can be copied, sent, etc.

Disadvantage: without the use of CIPF tools (means of cryptographic information protection), it is no longer possible to read and use the contents of the file.

2. Disconnected electronic digital signature. When you create a detached signature, the signature file is created separately from the signed file, and the signed file itself is not modified in any way.

Disadvantage of a detached signature: the need to store the signed information in multiple files.

3. Electronic digital signature within the data (Most common). The use of digital signatures of this type essentially depends on the application that uses them.

Disadvantage: outside the application that created the EDS, without knowing the structure of its data, it is difficult to verify the authenticity of data parts signed by the EDS.

Purpose and advantages of electronic digital signature

The digital signature is designed to authenticate the person who signed the electronic document. In addition, the use of a digital signature allows you to:

Integrity control of the transferred document: in case of any accidental or intentional change of the document, the signature will become invalid, because it is calculated based on the initial state of the document and corresponds only to it.

Protection against changes (forgery) of the document: the guarantee of detection of a forgery during integrity control makes forgery impractical in most cases.

Evidence of authorship of the document. Since it is possible to create a correct signature only if the private key is known, and it should be known only to the owner, the owner of the key pair can prove his authorship of the signature under the document. Depending on the details of the document definition, fields such as “author”, “changes made”, “timestamp”, etc. can be signed.

A significant reduction in the time spent on processing the transaction and the exchange of documentation;

Improving and reducing the cost of the procedure for preparing, delivering, accounting and storing documents;

Construction of a corporate document exchange system;

Selection of the most advantageous price offer for goods and services at electronic auctions, auctions and tenders;

Relations with the population, organizations and authorities on modern basis, more efficiently, at the lowest cost;

Expanding the geography of business, making remote economic transactions with partners from any regions of Russia.

The principle of operation of an electronic digital signature

1. For each user participating in the exchange of electronic documents, unique secret and public cryptographic keys are generated. A secret (private) key is an element that is used to encrypt documents and form a digital signature. The secret key is the property of the user and is kept secret from other users. The public key is used to verify the digital signature of received document-files. The owner must ensure that his public key everyone with whom he is going to exchange signed documents. In addition, a duplicate of the public key is sent to the Certification Center, where a library of public EDS keys has been created. The Center's library provides registration and safe storage of open books.

2. The user generates an electronic digital signature for the document. At the same time, on the basis of the secret key of the EDS and the content of the document, a certain character sequence is generated by cryptographic transformation, which is the digital signature of the given user for a particular document. This character sequence is stored in a separate file. The following is recorded in the signature: the date the signature was formed; information about the person who formed the signature; the name of the signature public key file.

3. The user who has received the signed document and has the sender's EDS public key performs an inverse cryptographic transformation based on the text of the document and the sender's public key, which ensures verification of the sender's electronic digital signature. If the EDS under the document is correct, it means that the document is indeed signed by the sender and no changes have been made to the text of the document.

Conclusion

From the foregoing, we can conclude that an electronic digital signature is effective solution for everyone who does not want to wait for the arrival of courier mail many hundreds of kilometers away in order to verify the authenticity of the information received or confirm the conclusion of the transaction. Documents can be digitally signed and transferred to their destination within seconds. All participants in the electronic document exchange receive equal opportunities, regardless of their distance from each other. It is impossible to fake an EDS - it requires a huge amount of calculations that cannot be implemented with modern level mathematics and computer science within a reasonable time, that is, while the information contained in the signed document remains relevant. Additional protection against forgery is provided by certification of the public key of the signature by the Certification Authority. With the use of EDS, work according to the scheme "development of a project in electronic form - creation of a paper copy for signature - forwarding a paper copy with a signature - examination of a paper copy - transferring it electronically to a computer" is becoming a thing of the past. This means that the use of an electronic digital signature is useful, convenient and safe.

List of sources used

http://www.mtron.ru

http://www.ucnbs.ru/about/

http://www.documoborot.ru

http://www.digitalsign.ru

http://www.ekey.ru/

http://www.garant.ru/

Hosted on Allbest.ru

EDS for individual entrepreneurs: advantages of electronic signature for legal entities. Electronic Document Management and Electronic Digital Signature: Application in Business

It's faster

It's safer

It's necessary

Send your good work in the knowledge base is simple. Use the form below

Similar Documents