esp allows. What is an electronic signature, why is it needed and what advantages does it give to a business. Are electronic documents recognized as equivalent to paper documents?
Digital signature(EDS)- this is an attribute of an electronic document designed to protect this electronic document from forgery, obtained as a result of cryptographic transformation of information using the private key of an electronic digital signature and allowing to identify the owner of the signature key certificate, as well as to establish the absence of information distortion in the electronic document.
An electronic digital signature is a software and cryptographic tool that provides:
checking the integrity of documents;
document confidentiality;
identification of the person who sent the document.
Benefits of using a digital signature
The use of digital signature allows:
significantly reduce the time spent on processing the transaction and the exchange of documentation;
to improve and reduce the cost of the procedure for the preparation, delivery, accounting and storage of documents;
ensure the accuracy of the documentation;
minimize the risk of financial losses by increasing the confidentiality of information exchange;
build a corporate document exchange system.
Types of digital signature
There are three types of electronic digital signature:
Simple digital signature
Through the use of codes, passwords or other means, a simple digital signature confirms the fact of the formation of an electronic signature by a certain person.
A simple digital signature has a low degree of protection. It only allows you to determine the author of the document.
A simple digital signature does not protect a document from forgery.
Enhanced unqualified digital signature
1) obtained as a result of cryptographic transformation of information using an electronic signature key;
2) allows you to identify the person who signed the electronic document;
3) allows you to detect the fact of making changes to the electronic document after the moment of its signing;
4) is created using electronic signature means.
An enhanced unqualified digital signature has an average degree of protection.
To use an unqualified electronic signature, you need a certificate of its verification key.
Enhanced Qualified Digital Signature
A qualified electronic signature is characterized by signs of an unqualified electronic signature.
An enhanced qualified digital signature corresponds to the following additional features of a signature:
1) the electronic signature verification key is specified in the qualified certificate;
2) to create and verify an electronic signature, electronic signature tools are used that have received confirmation of compliance with the requirements of the law.
Enhanced Qualified Digital Signature is the most versatile and standardized signature with a high degree of security.
A document endorsed with such a signature is similar to a paper version with a handwritten signature.
You can use such a signature without any additional agreements and regulations between the participants electronic document management.
If a document has a qualified signature, you can accurately determine which employee of the organization put it.
And also to establish whether the document was changed after it was signed.
When different types of signature are used
Simple digital signature
The application of applicants - legal entities for obtaining state and municipal services is carried out by signing the application by an authorized person using a simple electronic signature.
The use of a simple electronic signature to receive a state or municipal service is allowed, unless federal laws or other regulations establish a ban on applying for state or municipal services in electronic form, and the use of another type of electronic signature for these purposes is not established.
Enhanced unqualified digital signature
Cases in which information in electronic form, signed with an unqualified electronic signature, is recognized as an electronic document, equivalent to a paper document signed with a handwritten signature, in tax code not defined.
According to the Ministry of Finance, for the purposes tax accounting a document executed in electronic form and signed with an unqualified electronic signature cannot be a document equivalent to a paper document signed with a handwritten signature.
Therefore, although the economic parties, in the presence of a legally valid agreement, can organize electronic document management using an enhanced unqualified electronic signature, if there is a possibility of disputes with the regulatory authority, the meaning of such documents is lost.
Enhanced Qualified Digital Signature
For some types of reporting, the use of a qualified signature is directly defined by regulatory documents.
For example, this order is set for:
annual financial statements, which must be submitted to Rosstat;
forms RSV-1 PFR;
reporting to the tax office - declarations.
An electronic invoice should be signed only with an enhanced qualified electronic signature of the head or other persons authorized to do so by an order (other administrative document) or a power of attorney on behalf of the organization, individual entrepreneur.
An application for registration (deregistration) with the tax authority shall be certified only by an enhanced qualified signature.
Applications for the refund or offset of the amount of tax are also accepted only if they are endorsed with an enhanced qualified electronic signature.
Electronic digital signature (EDS): details for an accountant
- Is it possible to use an electronic digital signature and a facsimile signature when drawing up accounting documents?
By agreement of the parties. Electronic digital signature (EDS) Currently, relations in ... in detail about the procedure for using types of EDS when signing documents of accounting and ...
- Electronic interaction between the employee and the employer when registering labor relations
That an electronic digital signature (EDS) on personnel documents will be possible ... the list of documents signed with an EDS will be limited in order to protect the rights of ... significant investments. The high cost of issuing an EDS (taking into account the issuance of a qualified ... The complexity of "mass" obtaining an EDS The impossibility of signing documents retroactively ... switching to the use of new EDS standards and hashing functions. It was assumed ... switching to using new EDS standards and functions hashing". Notification...
- What risks the chief accountant: comparing the work of the Labor Code of the Russian Federation and the Civil Code of the Russian Federation
Remembers to whom the electronic digital signature was issued. The chief accountant explained that her...
- Formulas for determining the normative values of key indicators of the economic value of enterprises
Type: annual EDS indicators; indicators of period EDS; indicators of the general EDS. In its own ... three subspecies: indicators of pre-forecast EDS; expected indicators of forecast EDS; supposed (possible) ... subspecies) estimated normative indicators EDS. The accepted EDS meters are millions/thousands of monetary... economic units, and the actual EDS indicators are mandatory reporting indicators... . As noted above, EDS indicators characterize commodity productivity and / or service productivity ...
- Business registration
Must be purchased in advance. The cost of such an EDS varies approximately from ... to the founder, the benefit is significant. If, for example, an EDS is purchased for 1,000 rubles ... sent to you electronically, with an enhanced EDS of the tax authority. The public services website provides...
- To the question of definitions of the concepts of total, period and annual economic value of an enterprise
Ideas about economic value enterprises (EDS), then the definition of this concept, based on ... the cost of goods, is as follows: EDS IS THE ESTIMATED RATE OF NET INCOME ...
- Step-by-step instructions for obtaining a property deduction
OK? Then we enter the password from the EDS (electronic digital signature). If earlier... the password from the EDS was not received, then save... in the sixth step, enter the password from the EDS, which was invented when it was created...
- Electronic sick leave is a right, not a duty
The previously found hospital plug-in CryptoPro EDS browser plug-in does not see...
- Invoicing: first half of 2017
For these purposes, an enhanced qualified EDS is used (clause 6). In accordance with ... an electronic sample signed with an enhanced qualified EDS of the head of the company is illegal. All in all...
- The procedure for paying VAT when importing goods from the Republic of Belarus
What is the procedure for paying VAT when importing goods from the Republic of Belarus (including terms)? What reporting needs to be submitted to the tax authority and customs authority? What is the procedure for paying VAT when importing goods from the Republic of Belarus (including terms)? What reporting needs to be submitted to the tax authority and customs authority? Having considered the issue, we came to the following conclusion: When importing goods from the Republic of Belarus (hereinafter referred to as the Republic of Belarus), the organization must pay VAT no later than the 20th day of the month following ...
- Accounting registers in the form of electronic documents
If accounting registers (primary accounting documents) are generated electronically, what are the requirements for filling them out? If accounting registers (primary accounting documents) are generated electronically, what are the requirements for filling them out? According to paragraph 11 of Instruction No. 157n, accounting registers are compiled according to unified forms established within the framework of budget legislation. As a reminder, the currently required forms...
Only an application is filled out (which is certified by the digital signature of a credit institution), a photo is not required ...
- Changes to the Law on the Contract System: clarifications from the Ministry of Finance regarding the transition period
From 07/01/2018 come into force separate provisions Federal Law No. 504-FZ dated December 31, 2017 “On Amendments to the Federal Law “On the Contract System in the Sphere of Procurement of Goods, Works, Services for State and Municipal Needs” and No. 505-FZ dated December 31, 2017 “On Amendments to separate legislative acts Russian Federation". In Letter No. 24-06-08/43650 dated 06/25/2018, the Ministry of Finance reports the position regarding the transition period from 07/01/2018 to 01/01/01. ...
Topic "Electronic digital signature"
1. The concept of electronic digital signature and its technical support
2. Organizational and legal support electronic digital signature.
1. The concept of electronic digital signature and its technical
security
In the world of electronic documents, signing a file with graphic symbols makes no sense, since a graphic symbol can be faked and copied an infinite number of times. Electronic Digital Signature (EDS) is a complete electronic analogue of a regular signature on paper, but is not implemented using graphic images, but with the help of mathematical transformations over the contents of the document.
Features of the mathematical algorithm for creating and verifying an EDS guarantee the impossibility of forging such a signature by unauthorized persons,
EDS is an attribute of an electronic document designed to protect this document from a fake, obtained as a result of cryptographic transformation of information using a private EDS key and allowing to identify the owner of the key, and
also establish the absence of distortion of information in the electronic document.
EDS is a certain sequence of characters,
which is formed as a result of the transformation of the original document (or any other information) using special software. EDS is added to the original document when forwarded. EDS is unique for each document and cannot be transferred to another document. The impossibility of forging an EDS is ensured by a significant amount of mathematical calculations necessary for
her selection. Thus, upon receipt of a document signed with an EDS,
The use of EDS provides: simple resolution of disputes (registration of all actions of the system participant in time),
the impossibility of changing the participant's application before the end date of the purchase.
In addition, EDS contributes to: reducing the cost of sending documents, quick access to auctions taking place anywhere in Russia.
Using an electronic signature is quite simple. No special knowledge, skills and abilities are required for this. Each EDS user participating in the exchange of electronic documents,
generated unique public and private (secret)
cryptographic keys.
A private key is a closed unique set of information with a volume of 256 bits, stored in a place inaccessible to others on a diskette,
smart card, ru-token. The private key only works when paired with the public key.
Public key - used to verify the digital signature of received documents/files. Technically, this is a set of information of 1024 bits.
The public key is transmitted along with your letter, signed with an EDS.
A duplicate of the public key is sent to the Certification Center, where the library of EDS public keys has been created. The library of the Certification Authority provides registration and secure storage of public keys in order to avoid attempts of forgery or distortion.
You establish your electronic digital signature under the electronic document. At the same time, on the basis of the secret private key of the EDS and the contents of the document, a certain large number is generated by cryptographic transformation, which is the electronic
the digital signature of this user under this particular document. This number is added to the end of the electronic document or stored in a separate file.
The signature includes the following information: name
file of the public key of the signature, information about the person who formed the signature, the date the signature was generated.
The user who has received the signed document and has the sender's EDS public key performs an inverse cryptographic transformation based on the text of the document and the sender's public key, which ensures verification of the sender's electronic digital signature. If the EDS under the document is correct, it means that the document is indeed signed by the sender and no changes have been made to the text of the document. Otherwise, a message will be displayed that the sender's certificate is not valid.
Terms and Definitions: Electronic document- a document in
in which information is presented in electronic digital form.
Signing key certificate owner - individual, in whose name the certification center has issued a signature key certificate and who owns the corresponding private key of the electronic digital signature, which allows using electronic digital signature tools to create its own digital signature in electronic documents
(sign electronic documents).
Means of electronic digital signature - hardware and (or)
software tools that ensure the implementation of at least one of the following functions - creating an electronic digital signature in an electronic document using the private key of the electronic digital signature, confirming the authenticity of the electronic digital signature in an electronic document using the public key of the electronic digital signature, creating private and public keys of electronic digital signatures.
Certificate of means of electronic digital signature - a paper document issued in accordance with the rules of the certification system to confirm the compliance of electronic digital signature means with the established requirements.
Signing key certificate- a document on paper or an electronic document with an electronic digital signature of an authorized person of the certification center, which include the public key of the electronic digital signature and which are issued by the certification center to a participant in the information system to confirm the authenticity of the electronic digital signature and identify the owner of the signature key certificate.
Signing key certificate user - individual,
using information about the signature key certificate received in the certification center to verify that the electronic digital signature belongs to the owner of the signature key certificate.
Public information system - an information system that is open for use by all natural and legal persons and whose services cannot be denied to these persons.
Corporate information system - an information system, the participants of which may be a limited circle of persons,
determined by its owner or by agreement of the participants in this
information system.
Verification Center- entity which performs the following functions: production of signature key certificates, creation of electronic digital signature keys at the request of information system participants with a guarantee of keeping the secret key of the electronic digital signature, suspension and renewal of signature key certificates, as well as their cancellation,
maintaining the register of signature key certificates, ensuring its relevance and the possibility of free access to it by participants in information systems, checking the uniqueness of public keys of electronic digital signatures in the register of signature key certificates and the archive of the certification center, issuing signature key certificates in the form of documents on paper and (or) in the form of electronic
documents with information about their operation, implementation, at the request of users of certificates of signature keys, confirming the authenticity of an electronic digital signature in an electronic document in relation to the certificates of signature keys issued to them, providing participants in information systems with other services related to the use of electronic digital signatures.
At the same time, the certification center must have the necessary material and financial capabilities to allow it to bear civil liability to users of signature key certificates for losses that they may incur due to the inaccuracy of the information contained in signature key certificates.
2. Organizational and legal support of electronic
digital signature.
The legal support of an electronic digital signature should be understood not only as a set of legal acts,
providing the legal regime of EDS and EDS tools. This is a much broader concept. It only begins with the state law on electronic digital signature, but develops further and subsequently covers all theoretical and practical matters related to e-commerce in general.
The world's first electronic digital signature law was passed in March 1995 by the Utah State Legislature (USA) and approved by the State Governor.
The law is called the Utah Digital Signature Act. The closest followers of Utah were the states of California, Florida, Washington,
where the corresponding legislative acts were soon adopted.
The following were proclaimed as the main objectives of the first electronic signature law:
Minimization of damage from events of illegal use and forgery of electronic digital signature;
providing a legal basis for the activities of systems and bodies for certification and verification of documents of an electronic nature;
legal support for e-commerce ( commercial transactions committed with the use of computer technology);
giving legal character to some technical standards,
previously introduced by the International Telecommunication Union (ITU - International Telecommunication Union) and the US National Standards Institute (ANSI - American National Standards Institute), as well as the recommendations of the Internet Activity Board (IAB),
expressed in RFC 1421 - RFC 1424.
The law consists of five parts:
The first part introduces the basic concepts and definitions related to the use of EDS and the functioning of EDS tools. It also discusses the formal requirements for the content of an electronic certificate certifying that a public key belongs to a legal or natural person.
The second part of the law is devoted to licensing and legal regulation activities of certification centers.
First of all, it stipulates the conditions that individuals and legal entities must satisfy in order to obtain the appropriate license, the procedure for obtaining it, restrictions on the license and the conditions for its withdrawal. An important point of this section are the conditions for recognizing the validity of certificates issued by unlicensed authenticators, if the participants in the electronic transaction expressed their joint trust and reflected it in their contract. In fact, the legal regime of the network model of certification, which we discussed above, is fixed here.
The third part of the law defines the responsibilities of certificate authorities and key owners. In particular, the following are considered here:
procedure for issuing a certificate;
the procedure for presenting a certificate and a public key;
storage conditions for the private key;
actions of the certificate owner in case of compromise of a private
certificate revocation procedure;
validity period of the certificate;
conditions for the release of the certification center from liability for the misuse of the certificate and EDS tools;
the procedure for the creation and use of insurance funds,
intended to compensate for damage to third parties resulting from unauthorized EDS application.
The fourth part of the law is devoted directly to the digital signature.
Its main provision is that a document signed with a digital signature has the same validity as a regular document,
signed with a handwritten signature.
AT The fifth part of the law deals with the issues of interaction of certification centers with administrative authorities, as well as the procedure for the functioning of the so-called repositories - electronic databases that store information about issued and revoked certificates.
AT In general, the EDS law of the state of Utah differs from other similar legal acts in high detail.
The German Electronic Signature Act (Signaturgesetz) was introduced in 1997 and was the first European piece of legislation of its kind. The aim of the law is to create general conditions for such an application of an electronic signature, in which its forgery or falsification of signed data can be reliably established.
The Law has the following main directions:
establishing clear concepts and definitions;
detailed regulation of the procedure for licensing certification bodies and the procedure for certification of public keys of users of EDS tools (legal status, procedure for the functioning of centers
certification, their interaction with government agencies and other certification authorities, requirements for a public key certificate of an electronic signature);
Consideration of security issues of digital signature and data,
signed with her help, from falsification;
The procedure for recognizing the validity of public key certificates.
The spirit of the German Electronic Signature Act is regulatory.
Unlike the German equivalent law, the US Federal Electronic Signature Act is the coordinating legal act. This is because, by the time it was enacted, relevant regulatory legislation had already been in place in most individual states.
As can be seen from the name of the Law (Electronic Signatures in Global and National Commerce Act), its main purpose is to ensure the legal regime of digital electronic signature in electronic commerce. The signing of the Law by the President of the United States took place on the day of the national holiday - July 4, 2000 (Independence Day), which should give this legislative act a special significance. According to observers, the adoption of this law symbolizes the entry of mankind into a new era - the era of electronic commerce.
responsible for the operation of its infrastructure. Without focusing on the specific rights and obligations of certificate authorities, which are given special attention in the laws of other countries, the US Federal Law refers them to the concept of an EDS infrastructure and, in the most general terms, stipulates the interaction of elements of this structure with government bodies.
In Russia, with the main provisions of the Federal Law on
electronic signature can be found on the example of the project. According to the draft, the Law consists of five chapters and contains more than twenty articles.
The first chapter discusses general provisions pertaining to the Law.
Like similar laws in other states, the Russian bill relies on asymmetric cryptography. The main purpose of the Law is proclaimed to provide legal conditions for the use of EDS in electronic document management and the implementation of services for certifying the EDS of participants in contractual relations.
The second chapter discusses the principles and conditions for using an electronic signature. Here, firstly, the possibility is expressed, and secondly,
the conditions for the equivalence of a handwritten and electronic signature are given.
In addition, special attention is paid to the characteristic advantages of EDS:
a person can have an unlimited number of EDS private keys, that is, create different electronic signatures for himself and use them in different conditions;
All copies of the document signed with EDS have the force of the original.
The draft Russian Law provides for the possibility of limiting the scope of the EDS. These restrictions may be imposed by federal laws, as well as introduced by the participants in electronic transactions themselves and reflected in the agreements between them.
The provision of the article on EDS means is interesting, in which the assertion is fixed that “the EDS means do not belong to the means
ensuring the confidentiality of information." In fact this is not true. By their nature, EDS tools based on asymmetric cryptography mechanisms, of course, can be used to protect information. Perhaps this provision is included in order to avoid conflicts with other regulations that restrict the use of cryptographic tools in society.
An important difference from similar laws of other states is
the provision of the Russian draft law that the owner of the private key is liable to the user of the corresponding public key for losses arising from improperly organized protection of the private key.
One more hallmark Russian bill is a list of requirements for the format of an electronic certificate. Along with the generally accepted fields discussed above, the Russian legislator requires the mandatory inclusion in the certificate of the name of the EDS tools with which this public key can be used, the number of the certificate for this tool and its validity period,
the name and legal address of the certification center that issued this certificate, the license number of this center and the date of its issue. AT
foreign legislation and international standards, we do not find such requirements detailed description EDS software tool, with
which generated the public key. Apparently, this requirement of the Russian bill is dictated by the interests of the country's security.
The mass use of software, the source code of which is not published and therefore cannot be investigated by specialists, poses a public threat. This applies not only to the EDS software, but also to any software in general, starting from operating systems and ending with applications.
The third chapter considers the legal status of certification centers (in
terminology of the bill - certifying centers of public keys with the signature electroth). In Russia, the provision of electronic signature certification services is a licensed activity that can only be carried out by legal entities. Certification of the electronic signature of state institutions can only be carried out by state certification centers.
By its nature, the structure of certification bodies is
Lecture 7
Electronic signature
Introduction
Study questions:
4. Electronic data interchange.
Conclusion
Introduction
Electronic digital signature
electronic signature "(abbreviation -" EP»).
History of occurrence
Russia
AND " digital signature" are synonyms.
electronic signature,
electronic signature key
Storing the private key
The private key is the most vulnerable component of the entire digital signature cryptosystem. An attacker who steals a user's private key can create a valid digital signature for any electronic document on behalf of that user. Therefore, special attention should be paid to the way the private key is stored. The user can store the private key on his personal computer, protecting it with a password. However, this method of storage has a number of disadvantages, in particular, the security of the key depends entirely on the security of the computer, and the user can sign documents only on this computer.
The following private key storage devices currently exist:
· Diskettes.
· Smart cards.
USB key fobs.
· Tablets Touch-Memory.
The theft or loss of one of these storage devices can be easily noticed by the user, after which the corresponding certificate can be immediately revoked.
The most secure way to store a private key is to store it on a smart card. In order to use a smart card, the user must not only have it, but also enter a PIN code, that is, two-factor authentication is obtained. After that, the signed document or its hash is transferred to the card, its processor signs the hash and sends the signature back. In the process of generating a signature in this way, there is no copying of the private key, so only a single copy of the key exists at all time. In addition, copying information from a smart card is more difficult than from other storage devices.
In accordance with the law "On Electronic Signature", the owner is responsible for storing the private key.
EP formation technology
Known since ancient times cryptographic method , later called encryption by using symmetric key , which is used for encryption and decryption one and the same key (cipher, method).
The main problem with symmetric encryption is the confidentiality of the transfer of the key from the sender to the recipient.
Revealing the key during transmission is tantamount to disclosing the document and allowing an attacker to forge it.
In the 70s. algorithm was invented asymmetric encryption .
A document is encrypted with one key, and decrypted with another, and it is almost impossible to calculate the second from the first of them, and vice versa.
Therefore, if the sender encrypts the document secret key , a public (open) If the key is provided to the recipients, then they will be able to decrypt the document encrypted by the sender, and only by him.
If the recipient was able to decrypt the hash value using the sender's public key, then it was the sender who encrypted the value (authentication).
If the computed and decrypted hash values match, then the document has not been modified (identification).
Any tampering (intentional or unintentional) of the document during transmission will give a new value to the hash function calculated by the recipient, and the signature verification program will report that the signature under the document is incorrect.
Digital signature represents a relatively small amount of additional digital information transmitted along with the signed text.
The ES system includes two procedures: 1) signature procedure; 2) signature verification procedure. In procedure signing used The secret key the sender of the message, in the procedure signature verification - public key sender.
When generating an ES, the sender first of all calculates hash function h(M) of the signed text M. The calculated value of the hash function h(M) is one short block of information m characterizing the entire text M as a whole. Then the number m is encrypted with the sender's secret key. The resulting pair of numbers is the EP for the given text M.
When checking the ES, the recipient of the message again calculates the hash function m = h(M) of the text M received over the channel, after which, using the sender's public key, he checks whether the received signature corresponds to the calculated value m of the hash function.
The fundamental point in the ES system is the impossibility of falsifying the user's ES without knowing his secret signing key.
Schematically, the signature and verification procedures can be represented as follows:
|
Any file can be used as a signed document. A signed file is created from an unsigned file by adding one or more electronic signatures to it.
Each signature contains the following information:
date of signature;
the expiration date of the key of this signature;
information about the person who signed the file (full name, position, short name of the company);
signer identifier (public key name);
actual digital signature.
Electronic data interchange
EDI (Electronic Data Interchange) is a technology for automated exchange of electronic messages in standardized formats between business partners.
At the same time, documents that have a convenient and specific form for each company in their original (“human”) form are transparently transferred between various partners in a standard “electronic” format (using a converter (at the input) and a deconverter (at the output, respectively)). The technology guarantees both the correctness of data conversion, as well as the delivery of messages to recipients and the sequence of message delivery. At the same time, the reliability and confidentiality of the transmitted information are ensured.
In its classical form, EDI involves fully automated interaction between information systems of partners, excluding human participation. Each party can act as both a sender and a recipient of messages. This integration option gives the maximum effect when implementing this technology.
At the present stage of development, EDI technologies allow not only saving money, but also simplifying and optimizing management and decision-making processes, and in general optimizing and increasing business efficiency.
The practice of e-commerce based on EDI systems dates back more than 30 years and is summarized in the standards for the execution of trade transactions and the presentation of structured business documents.
When developing standards for electronic document management, the use of these "paper" documents used in economic activity was analyzed.
It was proposed to highlight the most repetitive data, and highlight the corresponding data fields in them. Subsequently, to fill them in, a system of tables was developed - global data directories and technology for their synchronization.
EDI standards
EDI is based on the following core standards:
UN/EDIFACT– United Nations Electronic Data Interchange for Administration, Commerce and Transport - "UN Rules for Electronic Document Interchange for Government, Commerce and Transport" - a fundamental global redundant standard containing the most common references of international codes and message formats, expanded to satisfy all possible requests users.
(UN/CEFACT)– adapted by the UN Center for Facilitation of International Trade and Electronic Business (CEFACT) UN/EDIFACT standard
GS1 EANCOM- a subset of EDIFACT for retail - developed by the international association GS1 and supplemented by the use of key identifiers of the GS1 system,
GS1 XML is a modern message format used in the exchange of data in supply chains in the GS1 system.
GS1 system is an international global multi-industry system of standards covering more than 100 countries. The GS1 system is the most widely used international system supply chain standards. Currently, over a million companies in the world use GS1 standards. GS1 National Associations provide system support in their countries and national language support in the GS1 system.
The architecture of the GS1 system is based on key identifiers , the main ones being:
GTIN (Global Trade Item Number) - the global number of the trade item (trade item) - the unique identification number of the trade item in the GS1 system. This identifier is represented as a barcode symbol on the product packaging.
GLN(Global Location Number) - a global location number - a unique number in the GS1 system to identify participants in the supply chain and their material, functional or legal objects (subdivisions) (branches / offices / warehouses / ramps, etc.). Mainly used in EDI to effectively identify all objects related to deliveries.
SSCC (Serial Shiping Container Code) is a serial shipping package code (SKTU) - a unique identifier of a logistics (transport) unit. SSCC is very useful for labeling cargoes to be transported.
The key GS1 System Identifiers are:
unique - the way numbers are formed ensures the uniqueness of each number;
international - these numbers are unique all over the world;
diversified - the non-significant nature of the numbers allows you to consistently identify any object, regardless of the type of business activity;
The simple structure of the numbers allows you to automate the processing and transmission of data.
GLN number is a globally unique digital code that identifies a participant in the supply chain (a counterparty or its structural subdivision or facility).
The assignment of GLN identification numbers is governed by the GS1 system standards in order to guarantee the uniqueness of each individual number throughout the world. To obtain a GLN number, an enterprise must become a member of the national GS1 association (in the Russian Federation, such an organization is GS1 Russia - GS1 RUS.).
GLN identification numbers are widely used daily by more than 200,000 companies involved in various types entrepreneurial activity
To switch to the use of EDI technology, it is necessary to connect partners to a specialized platform for exchanging commercial messages (electronic commerce platform), use the means of converting messages to a standard format and transmitting "standardized" messages to the addressee. This interaction scheme allows you to connect to EDI once and exchange messages uniformly with all partners, rather than creating and configuring a way to exchange documents with each counterparty.
Systems integration, transformation and transmission of messages between partners are carried out by specialized companies - authorized EDI providers. The provider provides its customers with a reliable messaging channel for all counterparties (access to its commercial messaging platform) and maintains the agreed level of service. The participation of an authorized provider is important, because this guarantees both the high technical level of the services provided and the level of service, as well as the compliance of services with GS1 standards, which in turn makes it possible to roam with other providers (including international ones).
To start exchanging documents via EDI, you need to:
get a GLN number;
select the connection option (full integration or Web-EDI),
make a connection,
· start working.
Popular Applications:
distribution,
Retail,
Warehouse management,
· Transport,
· Banking and cash flow management
Conclusion
Unlike a handwritten signature, an electronic digital signature is not physical, but logical in nature - it is simply a sequence of characters that allows you to unambiguously link the person who signed the document, the content of the document and the owner of the ES. The logical nature of the electronic signature makes it independent of the material nature of the document. With its help, you can sign documents that are of an electronic nature (executed on magnetic, optical, crystalline and other media, distributed in computer networks, etc.).
According to the Law, ES should solve the following tasks: protecting an electronic document from forgery, establishing the absence of information distortions in an electronic document, identifying the owner of the signature key certificate (Article 3).
Thus, the ES must provide identification (the document is signed by a certain person) and authentication (the content has not changed since the moment of its signing) of the electronic document.
In this lecture, only the basic concepts, principles of formation, giving legal competence to an electronic signature are considered. In more detail about the electronic signature, cadets will learn as part of the study of the discipline "Fundamentals of Information Security in the Department of Internal Affairs."
test questions
1. The concept of an electronic signature (ES).
2. The history of the concept of EP.
3. Normative documents regulating ES.
4. Types of EP.
5. Functions of the Certification Authority.
6. ES verification key certificate.
7. Technology of EP formation.
8. The concept of a hash function.
9. Electronic data interchange
Literature:
a) basic literature:
1. A. S. Davydov, T. V. Maslova. Information technology in the activities of internal affairs bodies: a textbook. - M .: TsOKR of the Ministry of Internal Affairs of Russia, 2009.
2. Informatics and mathematics for lawyers: a textbook for university students studying in legal specialties / edited by S. Ya. Kazantsev, N. M. Dubinina. - 2nd ed., revised. and additional – M.: UNITI-DANA, 2009.
3. Information technologies in legal activity: a textbook for bachelors / under the general editorship of P. U. Kuznetsov. - M .: Yurayt Publishing House, 2012.
4. Simonovich S. V. Informatics. Basic course. - St. Petersburg, Peter, 2011.
b) additional literature:
1. Gornets N. N., Roshchin A. G., Solomentsev V. V. Organization of computers and systems. Tutorial. - M., Academy, 2008.
2. Orlov S. A., Tsilker B. Ya. Organization of computers and systems. Textbook for high schools. - St. Petersburg, Peter, 2011.
3. V. L. Broido and O. P. Ilyina, Computing systems, networks and telecommunications. Textbook for high schools. - St. Petersburg, Peter, 2011.
Lecture 7
Electronic signature
Introduction
Study questions:
1. Appointment and application of an electronic signature.
2. Types of electronic signature, its legal validity.
3. Technology of electronic signature formation.
4. Electronic data interchange.
Conclusion
Introduction
When exchanging electronic documents over a communication network, the costs of processing and storing documents are significantly reduced, and their search is accelerated. But this raises the problem of authenticating the author of the document and the document itself, i.e. establishing the identity of the author and the absence of changes in the received document. In ordinary (paper) computer science, these problems are solved due to the fact that the information in the document and the author's handwritten signature are rigidly associated with the physical medium (paper). There is no such connection in electronic documents on machine media.
When processing documents in electronic form, traditional methods of authentication by handwritten signature and seal on a paper document are completely unsuitable. A fundamentally new solution is electronic digital signature (EDS).
Appointment and application of the electronic signature.
Electronic digital signature- details of the electronic document, which allows to establish the absence of distortion of information in the electronic document from the moment the ES was formed and to verify that the signature belongs to the owner of the ES key certificate. The attribute value is obtained as a result of cryptographic transformation of information using the private key of the ES.
In Russia, Federal Law No. 63-FZ of April 6, 2011 replaced the name "electronic digital signature" with the words " electronic signature"(abbreviation -" EP»).
An electronic signature is intended to identify the person who signed the electronic document. In addition, the use of an electronic signature allows you to:
Integrity control of the transferred document: in case of any accidental or intentional change of the document, the signature will become invalid, because it is calculated based on the initial state of the document and corresponds only to it;
Protection against changes (forgery) of the document: the guarantee of forgery detection during integrity control makes forgery impractical in most cases;
Proof of authorship of a document: Since it is possible to create a correct signature only if the private key is known, and it should be known only to the owner, the owner of the key pair can prove his authorship of the signature under the document. Depending on the details of the document definition, fields such as “author”, “changes made”, “timestamp”, etc. can be signed.
All these properties of EP allow it to be used for the following purposes:
· Declaration of goods and services (customs declarations).
· Registration of real estate transactions.
· Use in banking systems.
· E-commerce and government orders.
· Control of execution of the state budget.
· In systems of appeal to authorities.
· For mandatory reporting to government agencies.
· Organization of legally significant electronic document management.
· In settlement and trading systems.
History of occurrence
In 1976, Whitfield Diffie and Martin Hellman first proposed the concept of "electronic digital signature", although they only assumed that digital signature schemes could exist.
In 1977, Ronald Rivest, Adi Shamir, and Leonard Adleman developed the RSA cryptographic algorithm, which can be used without further modification to create primitive digital signatures.
Shortly after RSA, other digital signatures were developed, such as Rabin and Merkle digital signature algorithms.
In 1984, Shafi Goldwasser, Silvio Micali, and Ronald Rivest were the first to rigorously define the security requirements for digital signature algorithms. They described models of attacks on EDS algorithms, and also proposed a GMR scheme that meets the described requirements.
Russia
In 1994, the Main Communications Security Directorate of the Federal Agency for Government Communications and Information under the President of the Russian Federation developed the first Russian EDS standard - GOST R 34.10-94 “Information Technology. Cryptographic protection of information. Procedures for the development and verification of an electronic digital signature based on an asymmetric cryptographic algorithm.
In 2002, to ensure greater cryptographic strength of the algorithm, instead of GOST R 34.10-94, a standard of the same name GOST R 34.10-2001 was introduced, based on calculations in a group of points of an elliptic curve. According to this standard, the terms "electronic digital signature" and " digital signature" are synonyms.
January 1, 2013 GOST R 34.10-2001 of the same name was replaced by GOST R 34.10-2012 “Information technology. Cryptographic protection of information. Processes of formation and verification of electronic digital signature.
Federal Law "On Electronic Signature" No. 63-FZ dated April 6, 2011 regulates relations in the field of:
use of electronic signatures in civil law transactions;
provision of state and municipal services;
performance of state and municipal functions;
when performing other legally significant actions.
The federal law defines the concept of an electronic signature:
1. Its types, requirements for electronic signature means are established, with the help of which the following are created and verified:
electronic signature,
electronic signature key
and an electronic signature verification key
2. Requirements for certification centers that perform the functions of creating and issuing certificates of keys for verifying electronic signatures
In the explanatory note to the draft law on electronic signature, disappointing statistics were cited, indicating the low prevalence of EDS in Russian business turnover.
As of February 2007, about 200,000 EDS key certificates were issued in Russia, which is only 0.2% of the country's population.
At the same time, it is noted that in Europe for the same period of time from the entry into force of the EU Directive of December 13, 1999 N 1999/93 / EC “On general principles electronic signatures” strengthened electronic signatures were used by about 70% of the population.
The new Federal Law "On Electronic Signature" (ES) is designed to mitigate too serious requirements for EDS, regulated by the Federal Law of January 10, 2002 "On Electronic Digital Signature" (EDS).
In particular, it was allowed to use only one identification technology (asymmetric electronic signature keys), which also required the mandatory presence of a certificate from a certification authority.
According to the provisions of the new law, certification centers are not required to be licensed - they can be accredited, and then only on a voluntary basis. Accreditation will be carried out by the authorized body appointed by the government, which will also organize the work of the root center
For accreditation, a Russian or foreign legal entity must have net assets of at least 1 million rubles. and financial guarantees for paying compensations to affected clients in the amount of 1.5 million rubles, have at least two IT specialists with higher professional education and go through the confirmation procedure with the FSB.
Like all people, subscribers data networks may not trust each other or behave dishonestly. They can forge other people's messages, deny their authorship or impersonate another person. These problems become especially urgent in connection with the development of electronic commerce and the possibility of paying for services via the Internet. Therefore, in many communication systems, the recipient of the correspondence must be able to verify the authenticity of the document, and the creator of the electronic message must be able to prove its authorship to the recipient or a third party. Therefore, electronic documents must have an analogue of a conventional physical signature. The signature must have the following properties:
- the signature is reproduced by only one person, and its authenticity can be certified by many;
- the signature is inextricably linked with this message and cannot be transferred to another document;
- once the document is signed, it cannot be changed;
- it is impossible to refuse the signature, that is, the person who signed the document will not be able to claim later that he did not sign.
Asymmetric Algorithms encryption can be used to form digital (electronic) signature( digital signature ) - a unique numerical addition to the transmitted information, which allows you to verify its authorship. Electronic digital signature(EDS) is a fixed-length bit sequence, which is calculated in a certain way using the content of the signed information and the secret key.
When generating a digital signature, either the entire message is encrypted in a special way, or the result of calculating the hash function from the message. The latter method is usually preferable, since the signed message can have a different size, sometimes quite large, and the hash code always has a constant, not very large length. Let us consider in more detail both options for the formation of EDS.
The simplest method is based, as with open encryption, on the use of a pair of interconnected keys (public and private). However, the roles of the private and public keys change - the signing key becomes secret, and the verification key becomes public. If at the same time the property is preserved that it is practically impossible to find the private key from the public key, then the message itself, encrypted with the secret key, can act as a signature. Thus, only the owner of the private key can sign a message, but anyone who has his public key can verify the signature.
Let, for example, user A wants to send a signed message to user B. The procedure for creating and verifying a signature consists of the following steps:
- User A encrypts message M with his private key R and receives encrypted message C.
- The encrypted message is sent to user B.
- User B decrypts the received message C using user A's public key. If the message is decrypted, then it is signed by user A.
rice. 9.2.
Rice. 9.2.
As long as user A keeps his private key securely, his signatures are valid. In addition, it is impossible to change the message without having access to the private key of subscriber A; thereby ensuring the authenticity and integrity of the data.
The physical representation of a key pair depends on the specific system that supports the use of EDS. Most often, the key is written to a file, which, in addition to the key itself, may contain, for example, information about the user - the owner of the key, the expiration date of the key, as well as a certain set of data necessary for the operation of a particular system (for more details, see " Electronic digital signature"). Data about the owner of the key makes it possible to implement another important function of the EDS - the establishment of authorship, since when the signature is verified, it immediately becomes clear who signed this or that message. Typically, software products that perform digital signature verification are configured so that the result of execution appears on the screen in a form that is easy to read, indicating the user who signed, for example, like this:
"The signature of the order.doc file is correct (
On fig. 9.2 shows a diagram of the formation of the so-called digital signature with document recovery. Digital signatures with document recovery, as it were, contain the document being signed: in the process of verifying the signature, the body of the document is also automatically calculated. If the message was restored correctly during decryption, then the signature was correct. Digital signature with document recovery can be implemented, for example, using one of the most popular digital signature generation algorithms - RSA.
In the case of using a digital signature with document recovery, the entire message is signed, that is, encrypted. At present, this is not usually done in practice. Encryption algorithms with a public key are quite slow, in addition, a lot of memory is required to confirm the integrity of the message. In addition, almost all used algorithms for calculating the EDS are used to calculate a message of a predetermined standard length. For example, in the Russian digital signature generation algorithm GOST R34.10-94, this size is defined as 32 bytes. Therefore, to save time and computational resources, as well as for convenience, an asymmetric algorithm is usually used together with some kind of one-way hash function. In this case, first, using a hash function, a hash code of the required size is calculated from a message of arbitrary length, and then, to calculate the digital signature, the hash code obtained from the message is encrypted at the previous stage.
EDS, calculated from the hash code of the document, is called attachable digital signatures. Such digital signatures are some kind of numeric code that must be attached to the document being signed. The message itself is not encrypted and is transmitted in clear text along with the sender's digital signature.
If user A wants to send user B a message M , complete with an attached digital signature, then the procedure for creating and verifying a signature should consist of the following steps:
- User A sends user B his public key U via any communication channel, for example, by e-mail.
- User A, using some reliable hash function H, calculates the hash code of his message h = H(M) .
- User A then encrypts the hash of the message h with his private key R and obtains a digital signature C.
- The original message M, together with the digital signature C, is sent to user B.
- User B calculates the hash code h of the received message M and then verifies C's digital signature using user A's public key.
This protocol can be represented as a diagram, as in