Good afternoon, dear readers! This article is dedicated to business owners, regardless of its size and organizational form, and ordinary citizens of our country. It will be equally useful and interesting for both simple individual entrepreneurs and owners of large commercial enterprises. What do they have in common? The answer is simple - document flow and the need to interact with various government agencies! Therefore, let's talk about a tool that will greatly simplify the movement of documentation, both within the enterprise and beyond! Today we will consider in detail how to obtain an electronic signature (EDS)!

Let's start with the essence of the electronic signature and the mechanism of its functioning, then we will consider the scope and unconditional usefulness, after which we will discuss how to obtain it for individual entrepreneurs, individual entrepreneurs and legal entities, and also talk about the necessary documents. We have collected the most complete information on how to get an EDS! By the way, if necessary, with its help you can close the IP. The article describes how to do it!

What is an electronic digital signature: the simple essence of a complex concept!

Each document at the enterprise must be signed by an authorized person. The signature gives it legal force. Modern technologies have transferred the document flow to an electronic format. Which turned out to be extremely convenient! Firstly, electronic documents have simplified and accelerated the exchange of data in the enterprise (especially with international cooperation). Secondly, the expense associated with their turnover has been reduced. Thirdly, the security of commercial information has been significantly improved. Despite the electronic format, each document must be signed, so the EDS was developed.

What is an electronic digital signature? This is an analogue of traditional painting in digital format, which is used to give legal effect to documents on electronic media. The word "analogue" should be understood as a sequence of cryptographic symbols generated randomly using special software. It is stored electronically. Usually flash drives are used.

There are two important concepts associated with ES: a certificate and a key. A certificate is a document that certifies that an electronic signature belongs to a specific person. It comes in normal and enhanced. The latter is issued only by some accredited certification centers or directly by the FSB.

The electronic signature key is the same sequence of characters. The keys are used in pairs. The first is the signature, and the second is the verification key that certifies its authenticity. For each new signed document, a new unique key is generated. It is important to understand that the information received on a flash drive in a certification center is not an ES, it is just a means for creating it.

An electronic signature has the same legal weight and effect as a paper document. Of course, if there were no violations during the application of this parameter. If a discrepancy or any deviation from the norm is detected, the document will not become valid. The use of EDS is regulated by the state with the help of two laws FZ-No. 1 and FZ-No. 63. They affect all areas of application of the signature: in civil law relations, in interaction with municipal and state bodies.

How did the idea of ​​using the EPC come about: let's remember the past!

In 1976, two American cryptographers Diffie and Hellman suggested that electronic digital signatures could be created. It was just a theory, but it resonated with the public. As a result, already in 1977, the RSA cryptographic algorithm was released, which made it possible to create the first electronic signatures. Compared to the present, they were very primitive, but it was at this moment that the foundation was laid for the future rapid development of the industry and the ubiquity of electronic document management.

The millennium brought significant changes. In the United States, a law was passed according to which a signature on paper was equal in legal force to an electronic one. Thus, a new rapidly growing segment of the market appeared, the volume of which, according to the forecasts of American analysts, by 2020 will amount to $30 billion.

In Russia, the first EPs began to be used only in 1994. The first law that regulated their application was adopted in 2002. However, it was distinguished by extreme vagueness of wording and ambiguity in the interpretation of terms. The law did not give an unambiguous answer to the question of how to obtain an electronic signature and use it.

In 2010, a large-scale project was developed to create a virtual environment for the provision of public services in electronic format, which in August of the same year was submitted for consideration to the President of the Russian Federation. One of the key areas of the project is the possibility of using EDS. The regions were obliged to create conditions for free access of individuals and legal entities to the possibilities of electronic document management, so that everyone could receive an electronic signature. Since then, the “electronic state” has been actively developing in Russia.

In 2011, the President ordered the executive authorities to switch to electronic document management within the structures. By June of the same year, all officials were provided with EDS. The program was financed from the federal budget. In 2012, electronic document management began to work in all executive authorities of the Russian Federation without exception.

After these transformations, two questions were acute. First, EP was not universal. For each goal, a new signature had to be obtained. Secondly, some crypto providers were not compatible with others, which put their clients in a difficult position. Therefore, since 2012, a global process of unification in the field of electronic document management has begun. Thanks to this, we have modern universal signatures and software.

EDS Signature: 5 Benefits and 6 Uses!

Many entrepreneurs do not yet use the EPC in their business activities. In many ways, the reason for this is elementary ignorance of all its capabilities and advantages. Using an electronic format for signing documents, business entities (IE, LE) receive the following benefits:

1. Documents are maximally protected from falsification.

Since the computer is very difficult to deceive. In this case, the human factor is completely excluded. After all, you can simply not notice that the signature under the document is different from the original. An electronic signature cannot be forged. This requires very large computing power, which is almost impossible to implement at the current level of development of devices, and a lot of time.

1. Optimization, acceleration and simplification of workflow.

Complete exclusion of the possibility of data leakage or loss of important papers. Any copy certified with an electronic identifier is guaranteed to be received by the addressee in the sent form: no extraordinary circumstances can cause damage to it.

1. Reduction of costs due to refusal of paper carriers.

For small firms, keeping paper records was not burdensome, which is not the case for large enterprises. Many of them had to rent separate premises, warehouses for storing documents for 5 years. In addition to the cost of paper, printers, ink, stationery, rent was added! In addition, depending on the field of activity, some companies could reduce costs by reducing the number of employees who were involved in documents: receiving, processing, etc. The need to recycle paper has also disappeared: for certain types of organizations whose activities are related to confidential information, even this line of expenses turned out to be significant. The process of destroying documents under the EDS is a few clicks with a computer mouse.

1. The format of papers signed by ES fully complies with international requirements.
2. There is no need to obtain a separate signature to participate in bidding or submit reports to regulatory authorities.

You can get an ES, which will allow you to use it at all necessary sites.

Before proceeding to the consideration of the question of how to obtain an electronic signature, we list all the possible options for its use:

1. Internal document flow. It implies the transfer of commercial information, orders, instructions, etc. inside the company.
2. External document flow. We are talking about the exchange of documents between two organizations partners in the B2B system or between an enterprise and a B2C client.
3. Submission of reports to regulatory authorities:

• Federal Tax Service,
• Pension Fund,
• social insurance fund,
• customs service,
• Rosalkogolregulirovanie,
• Rosfinmonitoring and others.

1. To gain access to the "Client-Bank" system.
2. To participate in auctions and bidding.
3. For public services:

• Website of the State Service,
• RosPatent,
• Rosreestr.

How to get an electronic signature: step by step instructions!

Having appreciated all the advantages of using an electronic signature, you have decided to get it. And, of course, faced with a natural question: how to do it? We will answer this question with the help of detailed step-by-step instructions that will help you quickly and easily get an EDS signature!

There are 6 steps in total.

Step 1. Selecting the type of ES.

Step 2. Choosing a certification authority.

Step 3. Filling out the application.

Step 4. Payment of the invoice.

Step 5. Collecting a package of documents.

Step 6. Obtaining an EDS.

Now let's talk about each step in more detail!

Step 1. Choice of view: to each his own!

The first step to obtaining an electronic signature is choosing its type. According to federal laws, the following types of EDS are distinguished:

1. Simple. It encodes data about the owner of the signature, so that the recipient of the paper is convinced who the sender is. It does not protect against forgery.
2. Reinforced:

• unqualified - confirms not only the identity of the sender, but also the fact that no changes were made to the document after signing.
• qualified - the most secure signature, the legal force of which is 100% equivalent to that of an ordinary signature! It is issued only in those centers that are accredited by the FSB.

Recently, more and more customers want to get an enhanced qualified signature, which is quite reasonable. Like any other “keys” that provide access to private information or financial transactions, fraudsters of various categories hunt for EDS. Analysts believe that over the next 10 years, the first two species will simply become obsolete. The choice depends on the use of the EDS. To make it easier to make a decision, we have compiled the data in a table, it will help you make a choice and stop at a specific necessary and sufficient form.

Scope of application	Simple	Unskilled	qualified
Internal document flow	+	+	+
External document flow	+	+	+
Court of Arbitration	+	+	+
Website of the State Services	+	-	+
Supervisory authorities	-	-	+
Electronic auctions	-	-	+

If you are going to get an EDS signature for the convenience of reporting, you will have to apply for a qualified one. If the goal is document flow at the enterprise, then it is enough to get a simple or unqualified signature.

Step 2. Certification Authority: TOP-7 largest and most reliable companies!

A certification authority is an organization whose purpose of functioning is to generate and issue electronic digital signatures. A CA is a legal entity whose charter specifies the relevant type of activity. Their functions include:

• issuance of EDS;
• providing a public key to everyone;
• blocking the electronic signature, in the event that there is a suspicion of its unreliability;
• confirmation of the authenticity of the signature;
• mediation in case of conflict situations;
• provision of all necessary software for clients;
• technical support.

At the moment, about a hundred such centers operate on the territory of the Russian Federation. But only seven are industry leaders:

1. EETP is the market leader in electronic trading in the Russian Federation. The company's activities are highly diversified, which does not prevent it from occupying leading positions in each segment. In addition to organizing and conducting auctions, he is engaged in the sale of property that is not selling well, teaches the features of participation in auctions, forms and sells EDS.
2. Electronic Express is the official operator of the electronic document management of the Federal Tax Service. It has a full set of licenses (including the FSB license).
3. Taxnet - develops software for electronic document management. Including is engaged in the creation and implementation of EDS.
4. Sertum-Pro Kontur - the company deals with certificates of electronic signatures. In addition, it offers many convenient additional services for its customers, which will significantly expand the possibilities of ES.
5. Taxcom - the company specializes in external and internal document management of companies and reporting to various regulatory authorities. For this, appropriate software is being developed and electronic signatures are being created. It is on the list of official data operators from cash registers.
6. Tenzor is a giant in the world of document management in telecommunications networks. It provides a full range of services: from the development of complexes for automating the workflow at enterprises to the creation and implementation of electronic signatures.
7. National certification center - develops and sells various EDS certificates, offers customers software for generating and submitting reports to all government agencies.

Choose a CA depending on your capabilities and location. It is important to check whether there is a point of issue of ready-made electronic signatures in your city. This is fairly easy to find out by visiting the official websites of the companies.

If for some reason you are not satisfied with the centers from our TOP-7 list, then you can use the services of other companies. A complete list of accredited CAs can be found on the website www.minsvyaz.ru in the "Important" section.

Step 3. How to get an electronic signature: fill out an application!

The choice is made, now you know exactly what you want, so it's time to apply to the certification center. This can be done in two ways: by visiting the company's office or by filling out an application on its website.

Sending an application remotely will save you from a personal visit. The application contains a minimum of information: full name, contact phone number and e-mail. Within an hour after sending, an employee of the CA will call you back and clarify the necessary data. In addition, he will answer all the questions that interest you and advise which type of EDS to choose for your case.

Step 4. Paying the bill: money in advance!

You will have to pay for the service before you receive it. That is, immediately after the application is accepted and the details are agreed with the client, an invoice will be issued in his name. The cost of an EDS varies depending on the company you applied to, the region of residence and the type of signature. It includes:

• generating a signature key certificate,
• software necessary for creating, signing and sending documents,
• customer technical support.

The minimum price is about 1500 rubles. The average is 5,000 - 7,000 rubles. The cost of one ES may be lower than 1,500 rubles, only if signatures are ordered for a large number of employees of one enterprise.

Step 5. Documents for obtaining an EDS: we form a package!

When forming a package of documents, it is essential which subject of civil law acts as a customer: an individual, a legal entity or an individual entrepreneur. Therefore, we will consider documents for obtaining an EDS separately for each category.

Individuals must provide:

• statement,
• passport plus copies
• individual taxpayer number,
• SNILS.
• Receipt of payment.

An authorized representative of the recipient of the electronic signature can submit documents to the CA. To do this, you need to issue a power of attorney.

To obtain an EDS, a legal entity will have to prepare:

1. Statement.
2. Two certificates of state registration: with OGRN and TIN.
3. Extract from the register of legal entities. Important! The extract must be "fresh". Each certification authority has its own requirements for this.
4. Passport plus a copy of the person who will use the ES.
5. SNILS of the employee who will use the EDS.
6. If the signature is issued for the director, then you need to attach an order of appointment.
7. For employees who are lower in the hierarchical ladder of the company, you will have to issue a power of attorney for the right to use the EPC.
8. Receipt of payment.

Documents for obtaining an EDS by individual entrepreneurs:

1. Statement.
2. Registration certificate with OGRNIP number.
3. Certificate with TIN.
4. Extract from the register of entrepreneurs, issued no earlier than 6 months ago, or a copy certified by a notary.
5. Passport.
6. SNILS.
7. Receipt of payment.

An authorized representative of an individual entrepreneur can pick up an electronic digital signature if he has a power of attorney and a passport. When submitting an application in electronic form, documents are sent to the CA by mail, and during a personal visit, they are submitted simultaneously with the application.

Step 6. Getting a digital signature: the finish line!

Documents can be obtained at numerous points of issue, which are located throughout the country. Information about them can be found on the official website of the UC. Usually, the term for obtaining a signature does not exceed two to three days.

Delay is possible only on the part of the customer, who did not pay for the services of the certification center on time or did not collect all the necessary documents. Please note that you need to get an extract from the unified state register of individual entrepreneurs or legal entities on time, since this process takes 5 working days! Some CAs provide the service of urgent issuance of EDS. Then the whole procedure takes about one hour. Now you know how to get an electronic signature.

Important! The EP is valid for one year from the date of its receipt. After this period, it will need to be renewed or a new one obtained.

Do-it-yourself digital signature: the impossible is possible!

In fact, creating an electronic signature on your own is quite realistic. If you have the appropriate education, you can thoroughly understand what an electronic digital signature is and stock up with invincible enthusiasm. True, we should not forget that we will not only have to generate a cryptographic sequence, we also need to develop and write the appropriate software. A natural question arises: why do this? Moreover, the market is replete with ready-made solutions! For large companies, it is also not profitable to “mess around” with the independent development of electronic signatures, since they will have to hire new staff in the IT department. And in the article

EDS for individualsappeared relatively recently and is not yet as popular as in the business sector. What is an EDS for individuals, what opportunities it gives, where to go to get it - all this will be discussed in this article.

Digital signature - what is it?

The procedure for using an EDS when signing documents is regulated by the Law "On Electronic Signature" No. 63-FZ of 04/06/2011. An electronic signature is an analogue of a natural person's signature, which has the following properties:

• is unique;
• copy protected;
• indicates the person who signed the document.

From a technical point of view, the digital signature is formed by encrypting the information contained in the document and is a unique sequence of characters. It is either in the body of the signed file or attached to it. That is, the external expression of an electronic signature has nothing to do with a handwritten signature. Despite the fact that the purpose of the signature of both types is the same - the authentication of the document.

The law names 3 types of electronic signature:

1. simple - serves to confirm that the document comes from a specific person;
2. reinforced unqualified - not only indicates the person who put it, but also confirms that after it was put down, no changes were made to the document;
3. enhanced qualified - has the characteristics of an unqualified EDS, but is issued only in specialized centers accredited by the Ministry of Communications.

We have selected excellent electronic reporting services for you!

It is a qualified signature, according to the law, that gives the document full legal force (that is, it fully replaces the handwritten signature, as well as the seal of the organization). It is mandatory, for example, when submitting electronic reports to the Federal Tax Service, the Pension Fund of the Russian Federation and other government agencies. Other types of EDS can be used in economic relations if the agreement between the parties provides for their use.

Why do individuals need an EDS?

Today, electronic digital signature is used to a greater extent in the work of legal entities. Its use is especially relevant for organizations that have a large number of divisions or enter into transactions with counterparties located at a considerable distance from them. However, with the transition of many types of activities to the virtual space, citizens often also need to obtain an EDS.

Don't know your rights?

Subscribe

We list the main areas in which the EDS is useful for individuals:

1. Obtaining public services via the Internet. Possession of an EDS will allow you to fully use the services of the state portal. services (for example, track traffic police sanctions, fill out a passport application form, send a declaration to the Federal Tax Service, etc.).
2. Applying for university admission. Every year more and more educational institutions introduce the practice of accepting applications from non-resident applicants, certified with an electronic signature.
3. In electronic form, you can submit an application to the tax authority, as well as documents for opening a legal entity. person or IP.
4. The use of EDS allows you to formalize documents (for example, a contract for the performance of work) for individuals working at home and receiving orders via the Internet.
5. When using an electronic signature, it will become possible to participate in electronic auctions (they often sell the property of enterprises declared bankrupt).
6. It is possible to file an application for a patent for an invention in electronic form.

How and where to get a digital signature?

In order to obtain an EDS, you need to contact an institution called a certification center. A list of accredited centers and their addresses can be found on the website of the Ministry of Communications. These institutions exist in almost all major cities.

Although speaking technically correctly, the center does not issue the signature itself, but software tools for creating it. With the help of these tools, the owner gets the opportunity to sign each electronic document with a unique digital signature (See . How to install an EDS on a computer and sign a document (Word, pdf)?).

To use the signature, 2 keys are issued: private (secret) and public. They represent encoded information of a certain volume. The private key is used to sign the document, and the public key is used to verify the signature (its owner provides this key to recipients of emails). The rights of the owner of the public key are confirmed by a certificate issued by a certification authority.

When applying for an EDS, a citizen will need a package of documents, the specific list of which may vary depending on the certification center. The following papers are most often required:

• an application for the issuance of an EDS;
• certificate of assignment of TIN;
• passport;
• pension certificate (SNILS);
• document on payment for services of the center.

Most centers can apply online. As a rule, the process of making an electronic signature takes no more than a few days.

An electronic signature is a mathematical scheme designed to display the authenticity of electronic messages or documents. A valid digital signature provides every reason for the recipient to believe that the message was created by a known sender, that it was actually sent (authentication and non-repudiation), and that the message was not altered in transit (integrity).

Answering the question: "EDS - what is it?" - it is worth noting that they are a standard element of most cryptographic protocol suites and are usually used for software distribution, financial transactions, and in many other cases when it is important to detect forgery or falsification.

Digital signatures are often used to implement electronic signatures. This is a broader term that refers to any type of electronic data. However, not every electronic signature is digital.

Digital signatures use asymmetric cryptography. In many cases, they provide a certain level of verification and security for messages that have been sent over an insecure channel. When properly implemented, a digital signature makes it possible to believe that a message was sent by the claimed sender. Digital seals and signatures are equivalent to handwritten signatures and real seals.

ECP - what is it?

Digital signatures are similar to traditional handwritten signatures in many ways, and are more difficult to forge than handwritten signatures. Digital signature schemes have cryptographic underpinnings and must be implemented properly to be effective. How to sign an EDS document? You need to use 2 paired crypto keys.

EDS can also implement the principle of non-repudiation. This means that the subscriber cannot successfully claim that he did not sign the message. In addition, some schemes offer a timestamp for the digital signature, and even if the private key is exposed, the signature remains valid. EDS can be represented as a bit string and can be used in e-mail, contracts or messages sent using some cryptographic protocol.

Public key cryptography or EDS structure

What it is? The digital signature scheme includes three algorithms simultaneously.

A key generation algorithm that selects a secret key uniformly and randomly from a set of possible private ones. He issues a secret key and an open one that goes with it.

The signature algorithm that, given the message and the private key, actually produces the signature.

A signature verification algorithm that takes into account the message, the public key, and the signature and accepts or rejects the sending of the letter, determining the authenticity.

How to install EDS?

In order to use a digital signature, it is necessary to endow it with two main properties. What should be considered before signing an EDS document?

First, the authenticity of a signature generated from a fixed message and a secret key can be verified using the corresponding public information.

Second, it must be computationally impossible to guess the correct signature without knowing the secret key. EDS is an authentication mechanism that allows the originator of a message to attach a code that acts as a signature.

Application of digital signatures

As modern organizations move away from paper documents with ink signatures, digital signatures can provide additional authentication and proof of document authorship, identity, and status. In addition, a digital signature can be a means of confirming the informed consent and approval of the signatory. Thus, EDS for individuals is a reality.

Authentication

While emails may include detailed information, it is not always possible to reliably identify the sender. Digital signatures can be used to authenticate the origin of messages. When the EDS secret key is tied to a specific user, this confirms that the message was sent by him. The value of being sure the sender is genuine is especially evident in the financial arena.

Integrity

In many scenarios, the sender and recipient of an email need to be sure that it has not been modified in transit. Although encryption hides the contents of the sent object, it is only possible to change the encrypted message without understanding its meaning. Some are able to prevent this, but not in all cases. In any case, checking the digital signature during decryption will detect a violation of the integrity of the letter.

However, if the message is signed with a digital signature, any change to it after signing disavows the signature. Also, there is no efficient method to change the message and produce a new one with a valid signature, because it is considered computationally impossible.

Non-repudiation

The non-repudiation or impossibility of denying the origin of the letter is an important aspect in the development of EDS. What it is? This means that the legal entity that sent some information cannot subsequently deny that it signed it. Similarly, access to the public key prevents attackers from forging a valid signature. The use of EDS for individuals has the same consequences.

At the same time, attention should be focused on the fact that all the properties of authenticity, reliability, etc. depend on a secret key that must not be revoked before it is used. Public keys must also be revoked when paired with private keys after use. Checking the EDS for "revocation" occurs on a specific request.

Entering a secret key on a smart card

All cryptosystems that operate on the principles of using a public / private key are completely dependent on the content of the data in secret. The EDS secret key can be stored on the user's computer and protected by a local password. However, this method has two disadvantages:

• the user can sign documents exclusively on this particular computer;
• the security of the private key depends entirely on the security of the computer.

A more secure alternative for storing the secret key is a smart card. Many smart cards are equipped with tamper protection.

Typically, the user must activate their smart card by entering a personal identification number or PIN (thus ensuring that it can be arranged that the private key never leaves the smart card, although this is not always implemented in cryptopro EDS.

If the smart card is stolen, the attacker will still need a PIN to create a digital signature. This slightly reduces the security of this scheme. A mitigating factor is that generated keys, if stored on smart cards, tend to be difficult to copy and are assumed to exist in only one instance. Thus, when the loss of a smart card is discovered by the owner, the corresponding certificate can be immediately revoked. Private keys protected only by software are easier to copy and such leaks are much harder to detect. Therefore, the use of EDS without additional protection is unsafe.

Topic "Electronic digital signature"

1. The concept of electronic digital signature and its technical support

2. Organizational and legal support of electronic digital signature.

1. The concept of electronic digital signature and its technical

security

In the world of electronic documents, signing a file with graphic symbols makes no sense, since a graphic symbol can be faked and copied an infinite number of times. Electronic Digital Signature (EDS) is a complete electronic analogue of a regular signature on paper, but is implemented not with the help of graphic images, but with the help of mathematical transformations over the contents of the document.

Features of the mathematical algorithm for creating and verifying an EDS guarantee the impossibility of forging such a signature by unauthorized persons,

EDS - an attribute of an electronic document designed to protect this document from forgery, obtained as a result of cryptographic transformation of information using the EDS private key and allowing to identify the owner of the key, and

also establish the absence of distortion of information in the electronic document.

EDS is a certain sequence of characters,

which is formed as a result of the transformation of the original document (or any other information) using special software. EDS is added to the original document when forwarded. EDS is unique for each document and cannot be transferred to another document. The impossibility of forging an EDS is ensured by a significant amount of mathematical calculations necessary for

her selection. Thus, upon receipt of a document signed with an EDS,

The use of EDS provides: simple resolution of disputes (registration of all actions of the system participant in time),

the impossibility of changing the participant's application before the end date of the purchase.

In addition, EDS contributes to: reducing the cost of sending documents, quick access to auctions taking place anywhere in Russia.

Using an electronic signature is quite simple. No special knowledge, skills and abilities are required for this. Each EDS user participating in the exchange of electronic documents,

generated unique public and private (secret)

cryptographic keys.

A private key is a closed unique set of information with a volume of 256 bits, stored in a place inaccessible to others on a diskette,

smart card, ru-token. The private key only works when paired with the public key.

Public key - used to verify the digital signature of received documents/files. Technically, this is a set of information of 1024 bits.

The public key is transmitted along with your letter, signed with an EDS.

A duplicate of the public key is sent to the Certification Center, where the library of EDS public keys has been created. The library of the Certification Authority provides registration and secure storage of public keys in order to avoid attempts of forgery or distortion.

You establish your electronic digital signature under the electronic document. At the same time, on the basis of the secret private key of the EDS and the contents of the document, a certain large number is generated by cryptographic transformation, which is the electronic

the digital signature of this user under this particular document. This number is added to the end of the electronic document or stored in a separate file.

The signature includes the following information: name

file of the public key of the signature, information about the person who formed the signature, the date the signature was generated.

The user who has received the signed document and has the sender's EDS public key performs an inverse cryptographic transformation based on the text of the document and the sender's public key, which ensures verification of the sender's digital signature. If the EDS under the document is correct, it means that the document is indeed signed by the sender and no changes have been made to the text of the document. Otherwise, a message will be displayed that the sender's certificate is not valid.

Terms and Definitions: Electronic document- a document in

in which information is presented in electronic digital form.

Signing key certificate owner - an individual in whose name the certification center has issued a signature key certificate and who owns the corresponding private key of the electronic digital signature, which allows using electronic digital signature tools to create their own electronic digital signature in electronic documents

(sign electronic documents).

Means of electronic digital signature - hardware and (or)

software tools that ensure the implementation of at least one of the following functions - creating an electronic digital signature in an electronic document using the private key of an electronic digital signature, confirming the authenticity of an electronic digital signature in an electronic document using a public key of an electronic digital signature, creating private and public keys of electronic digital signatures.

Certificate of means of electronic digital signature - a paper document issued in accordance with the rules of the certification system to confirm the compliance of electronic digital signature means with the established requirements.

Signing key certificate- a document on paper or an electronic document with an electronic digital signature of an authorized person of the certification center, which include the public key of the electronic digital signature and which are issued by the certification center to a participant in the information system to confirm the authenticity of the electronic digital signature and identify the owner of the signature key certificate.

Signing key certificate user - individual,

using information about the signature key certificate received in the certification center to verify that the electronic digital signature belongs to the owner of the signature key certificate.

Public information system - an information system that is open for use by all natural and legal persons and whose services cannot be denied to these persons.

Corporate information system - an information system, the participants of which may be a limited circle of persons,

determined by its owner or by agreement of the participants in this

information system.

Verification Center- a legal entity that performs the following functions: production of signature key certificates, creation of electronic digital signature keys at the request of information system participants with a guarantee of keeping the secret key of the electronic digital signature, suspension and renewal of signature key certificates, as well as their cancellation,

maintaining the register of signature key certificates, ensuring its relevance and the possibility of free access to it by participants in information systems, checking the uniqueness of public keys of electronic digital signatures in the register of signature key certificates and the archive of the certification center, issuing signature key certificates in the form of documents on paper and (or) in the form of electronic

documents with information about their operation, implementation, at the request of users of signature key certificates, confirming the authenticity of an electronic digital signature in an electronic document in relation to the signature key certificates issued to them, providing information system participants with other services related to the use of electronic digital signatures.

At the same time, the certification center must have the necessary material and financial capabilities to allow it to bear civil liability to users of signature key certificates for losses that they may incur due to the inaccuracy of the information contained in signature key certificates.

2. Organizational and legal support of electronic

digital signature.

The legal support of an electronic digital signature should be understood not only as a set of legal acts,

providing the legal regime of EDS and EDS tools. This is a much broader concept. It only begins with the state law on electronic digital signature, but develops further and subsequently covers all theoretical and practical issues related to electronic commerce in general.

The world's first electronic digital signature law was passed in March 1995 by the Utah State Legislature (USA) and approved by the State Governor.

The law is called the Utah Digital Signature Act. The closest followers of Utah were the states of California, Florida, Washington,

where the corresponding legislative acts were soon adopted.

The following were proclaimed as the main objectives of the first electronic signature law:

Minimization of damage from events of illegal use and forgery of electronic digital signature;

providing a legal basis for the activities of systems and bodies for certification and verification of documents of an electronic nature;

legal support of electronic commerce (commercial transactions performed using computer technology);

giving legal character to some technical standards,

previously introduced by the International Telecommunication Union (ITU - International Telecommunication Union) and the US National Standards Institute (ANSI - American National Standards Institute), as well as the recommendations of the Internet Activity Board (IAB),

expressed in RFC 1421 - RFC 1424.

The law consists of five parts:

The first part introduces the basic concepts and definitions related to the use of EDS and the functioning of EDS tools. It also discusses the formal requirements for the content of an electronic certificate certifying that a public key belongs to a legal or natural person.

The second part of the law is devoted to licensing and legal regulation of certification centers.

First of all, it stipulates the conditions that individuals and legal entities must satisfy in order to obtain the appropriate license, the procedure for obtaining it, restrictions on the license and the conditions for its withdrawal. An important point of this section is the conditions for recognizing the validity of certificates issued by unlicensed certifiers, if the participants in the electronic transaction expressed their joint trust and reflected it in their agreement. In fact, the legal regime of the network model of certification, which we discussed above, is fixed here.

The third part of the law defines the responsibilities of certificate authorities and key owners. In particular, the following are considered here:

procedure for issuing a certificate;

the procedure for presenting a certificate and a public key;

storage conditions for the private key;

actions of the certificate owner in case of compromise of a private

certificate revocation procedure;

validity period of the certificate;

conditions for the release of the certification center from liability for the misuse of the certificate and EDS tools;

the procedure for the creation and use of insurance funds,

intended to compensate for damage to third parties resulting from the unauthorized use of the EDS.

The fourth part of the law is devoted directly to the digital signature.

Its main provision is that a document signed with a digital signature has the same validity as a regular document,

signed with a handwritten signature.

AT The fifth part of the law deals with the issues of interaction of certification centers with administrative authorities, as well as the procedure for the functioning of the so-called repositories - electronic databases that store information about issued and revoked certificates.

AT In general, the EDS law of the state of Utah differs from other similar legal acts in high detail.

The German Electronic Signature Act (Signaturgesetz) was introduced in 1997 and was the first European piece of legislation of its kind. The aim of the law is to create general conditions for such an application of an electronic signature, in which its forgery or falsification of signed data can be reliably established.

The Law has the following main directions:

establishing clear concepts and definitions;

detailed regulation of the procedure for licensing certification bodies and the procedure for certification of public keys of users of EDS tools (legal status, procedure for the functioning of centers

certification, their interaction with government agencies and other certification authorities, requirements for a public key certificate of an electronic signature);

Consideration of security issues of digital signature and data,

signed with her help, from falsification;

The procedure for recognizing the validity of public key certificates.

The spirit of the German Electronic Signature Act is regulatory.

Unlike the similar law in Germany, the US Federal Electronic Signature Act is a coordinating legal act. This is because, by the time it was enacted, relevant regulatory legislation had already been in place in most individual states.

As can be seen from the name of the Law (Electronic Signatures in Global and National Commerce Act), its main purpose is to ensure the legal regime of digital electronic signature in electronic commerce. The signing of the Law by the President of the United States took place on the day of the national holiday - July 4, 2000 (Independence Day), which should give this legislative act a special significance. According to observers, the adoption of this law symbolizes the entry of mankind into a new era - the era of electronic commerce.

responsible for the operation of its infrastructure. Without focusing on the specific rights and obligations of certificate authorities, which are given special attention in the laws of other countries, the US Federal Law refers them to the concept of digital signature infrastructure and, in the most general terms, stipulates the interaction of elements of this structure with government agencies.

In Russia, with the main provisions of the Federal Law on

electronic signature can be found on the example of the project. According to the draft, the Law consists of five chapters and contains more than twenty articles.

The first chapter deals with general provisions related to the Law.

Like similar laws in other states, the Russian bill relies on asymmetric cryptography. The main purpose of the Law is to provide legal conditions for the use of EDS in electronic document management and the implementation of services for the certification of EDS of participants in contractual relations.

The second chapter discusses the principles and conditions for using an electronic signature. Here, firstly, the possibility is expressed, and secondly,

the conditions for the equivalence of a handwritten and electronic signature are given.

In addition, special attention is paid to the characteristic advantages of EDS:

a person can have an unlimited number of EDS private keys, that is, create different electronic signatures for himself and use them in different conditions;

All copies of the document signed with EDS have the force of the original.

The draft Russian Law provides for the possibility of limiting the scope of the EDS. These restrictions may be imposed by federal laws, as well as introduced by the participants in electronic transactions themselves and reflected in the agreements between them.

The provision of the article on EDS means is interesting, in which the assertion is fixed that “the EDS means do not belong to the means

ensuring the confidentiality of information." Actually this is not true. By their nature, EDS tools based on asymmetric cryptography mechanisms, of course, can be used to protect information. Perhaps this provision is included in order to avoid conflicts with other regulations that restrict the use of cryptographic tools in society.

An important difference from similar laws of other states is

the provision of the Russian draft law that the owner of the private key is liable to the user of the corresponding public key for losses arising from improperly organized protection of the private key.

Another distinguishing feature of the Russian draft law is the list of requirements for the electronic certificate format. Along with the generally accepted fields discussed above, the Russian legislator requires the mandatory inclusion in the certificate of the name of the EDS tools with which this public key can be used, the number of the certificate for this tool and its validity period,

the name and legal address of the certification center that issued this certificate, the license number of this center and the date of its issue. AT

foreign legislation and international standards, we do not find the requirements for such a detailed description of the EDS software tool, with

which generated the public key. Apparently, this requirement of the Russian bill is dictated by the interests of the country's security.

The mass use of software, the source code of which is not published and therefore cannot be investigated by specialists, poses a public threat. This applies not only to EDS software, but to any software in general, from operating systems to application programs.

The third chapter considers the legal status of certification centers (in

terminology of the bill - certifying centers of public keys with the signature electroth). In Russia, the provision of electronic signature certification services is a licensed activity that can only be carried out by legal entities. Certification of the electronic signature of state institutions can only be carried out by state certification centers.

By its nature, the structure of certification bodies is

Electronic signature (ES) is a software-cryptographic tool that provides:

• checking the integrity of documents;
• document confidentiality;
• identification of the person who sent the document

An electronic signature is used by individuals and legal entities as an analogue of a handwritten signature to give an electronic document legal force equal to the legal force of a paper document signed with the handwritten signature of an authorized person and sealed.

Electronic document is any document created using computer technology and stored on information media processed using computer technology, whether it is a letter, contract or financial document, diagram, drawing, drawing or photograph.

Benefits of using EP

The use of EP allows you to:

• significantly reduce the time spent on processing the transaction and the exchange of documentation;
• to improve and reduce the cost of the procedure for the preparation, delivery, accounting and storage of documents;
• ensure the accuracy of the documentation;
• minimize the risk of financial losses by increasing the confidentiality of information exchange;
• build a corporate document exchange system.

It is impossible to fake an electronic signature - it requires a huge amount of calculations that cannot be implemented at the current level of mathematics and computer technology in an acceptable time, that is, while the information contained in the signed document remains relevant. Additional protection against forgery is provided by certification of the public key of the signature by the Certification Authority.

With the use of ES, work according to the scheme "project development in electronic form - creation of a paper copy for signature - sending a paper copy with a signature - consideration of a paper copy - transferring it electronically to a computer" is becoming a thing of the past.

Three types of electronic signature

Electronic signatures are divided by the 2011 law into three types.

• Simple signatures are created using codes, passwords and other tools that allow you to identify the author of the document, but do not allow you to check it for changes since it was signed.
• Reinforced unqualified signature created using cryptographic tools and allows you to determine not only the author of the document, but check it for changes. To create such signatures, a certificate from an unaccredited center can be used, or you can do without a certificate at all if the technical means allow you to comply with the requirements of the law.
• Enhanced Qualified Signature is a type of reinforced, it has a certificate from an accredited center and was created with the help of funds confirmed by the FSB.

Simple and unqualified signatures replace the signed paper document in cases specified by law or by agreement of the parties. For example, simple signatures can be used by citizens to send messages to authorities. An enhanced signature can also be considered as an analogue of a document with a seal.

Qualified signatures replace paper documents in all cases, except when the law requires only a document on paper. For example, with the help of such signatures, citizens can receive public services electronically, and public authorities can send messages to citizens and interact with each other through information systems. Previously issued EDS certificates and documents signed with their help are equated to qualified signatures.

Foreign electronic signatures are equated in Russia with the types of signatures to which they correspond.

A simple electronic signature, unlike the former digital signature, is not designed to protect a document from forgery. It does not allow to detect possible distortion of the content of the document. Its only function is to confirm the fact of the formation of an electronic signature (and not the document itself!) by a certain person.

The purpose of determining the person who signed the electronic document, as well as detecting the fact of making changes to the document after signing it, is an enhanced electronic signature. It is this signature (in two forms - unqualified and qualified) that is an analogue of the former electronic digital signature.

Since a simple electronic signature requires the use of codes, passwords or other means, it will become clear what can and cannot be considered an electronic signature. Obviously, in the case of an e-mail, the role of an electronic signature cannot be played by the sender's name, manually put after the text, since it does not depend in any way on the password, using which the sender generated and sent the letter. Information indicating the person on whose behalf the document was sent may be the message identifier in combination with the IP address of the sender's computer, indicating that the message was created as a result of accessing the mail system, accompanied by entering a password belonging to a particular user. The sender's email address and the sender's name can only be considered a signature if the information system operator ensures their authenticity, because the postal protocol allows you to specify any name and any return address, and some postal systems do not impose any restrictions here.

EDS funds

EDS means are hardware and (or) software tools that ensure the implementation of at least one of the following functions:

• creation of an electronic digital signature in an electronic document using the private key of an electronic digital signature,
• confirmation using the public key of the electronic digital signature of the authenticity of the electronic digital signature in the electronic document,
• creation of private and public keys of electronic digital signatures.

Cryptographic basis

The electronic signature is based on public key cryptography. With its help, a special user certificate is generated. It contains user data, a public key and an electronic signature of the certificate, which can be verified using the public key of the certification authority. The algorithm guarantees that only a certification authority that has a secret encryption key and trust in which is the basis for the operation of the entire EDS system can generate a signature.

Trust in certification centers is based on a hierarchical principle: the certificate of a lower-level certification center is certified by an electronic signature of a higher-level certification center. The highest level of certification centers is federal, which is under the control of state bodies. The entire system of trust built on certificates forms the so-called public key infrastructure (Public Key Infrastructure, PKI). With such an infrastructure, it is required to verify not only the legitimacy of the key of the certification authority that issued the certificate, but also all higher certification authorities. In particular, when forming an electronic transaction, it is necessary to check not only the mathematical correctness of the EDS, but also the validity of the entire chain of certificates involved in the manufacture of the signer's certificate at the time of signing a particular electronic document.

An electronic signature is required to participate in procurement procedures. What types of ES are there, what affects the cost of a signature, and what package of documents needs to be prepared to receive it? Read more.

CAs

Certification Authority (Certificate Authority)(Eng. Certification authority, CA) - an organization that issues certificates for electronic digital signature keys.

Chronicle

2018

In Russia, they are working on an alternative to ES for identification on the Internet

The Ministry of Telecom and Mass Communications proposed to introduce a single key verification certificate for EDS

At the beginning of April 2018, information appeared that the powers of users of electronic digital signatures can be enshrined in a single certificate for verifying the key of an enhanced qualified EDS. The Ministry of Telecom and Mass Communications of Russia published the corresponding draft law on the portal of draft legal acts.

The clarification to the draft law states that, according to the current state of affairs, EDS users - individuals and legal entities, state bodies and officials - cannot access the information systems of various departments, since they require the presence of object identifiers (OID) in a qualified certificate.

At the same time, certificates issued by those accredited by the Ministry of Telecom and Mass Communications of Russia, as the authors of the bill note, cannot be used to verify the electronic signature in the information systems of such individual departments.

OIDs are not in single certificates, so there are many companies in the market selling qualified key verification certificates that are designed to work with a single agency and, therefore, do not allow you to work with others.

In fact, this “kills” the meaning in the EDS: the key idea of ​​​​an electronic signature is the universality of its use, Oleg Galushkin, an information security expert at SEC Consult Services, is convinced. - The unification of the EDS verification procedure is long overdue, but now the question arises of what certification centers will do, and whether they will have to curtail activities for which they paid substantial money for the right to conduct.

Now the Ministry of Telecom and Mass Communications proposes to introduce the concept of "authoritative certificate", which will contain both the user's OID and information about his powers. Thus, the problem of multiple certificates - if the bill is passed - will be removed.

Read the text of the bill of the Ministry of Communications of Russia "On Amendments to the Federal Law "On Electronic Signature", the Federal Law "On the Protection of the Rights of Legal Entities and Individual Entrepreneurs in the Implementation of State Control (Supervision) and Municipal Control" and the Federal Law "On Accreditation in the National System accreditation" you can follow the link.

2013: The government simplifies use of simple ES when rendering state services

The head of the Russian government, Dmitry Medvedev, signed Decree No. 33 in early 2013, which describes the procedure for using a “simple electronic signature” in the provision of state and municipal services in addition to the enhanced ES already in use.

Although the term "simple electronic signature" was first used in the law "On Electronic Signature" adopted in 2001, its description first appeared in Decree No. 33. According to the text of the document, its key will be a combination of an identifier and a password, and the insurance number of the personal account of an individual or the head of a legal entity will become an identifier.

Unlike the simple electronic signature introduced by the regulation, the current “enhanced electronic signatures” are created using cryptographic tools and include an accredited certification authority certificate that gives it the strength of a traditional paper document with a handwritten signature.

A simple ES, on the contrary, does not require a certificate when it is created, thus excluding from the process of its creation the chain of both final certification centers and the root CA of Rostelecom.

At the same time, citizens who have received a simple signature will be relieved of the need to use an electronic key on a flash drive when applying to the Public Services Portal, which is necessary when using an enhanced signature.

Decree No. 33 describes the requirements for a simple ES password, which must consist of at least eight characters, including letters and numbers, and cannot contain "*" or "#" characters. Interestingly, signature users have the right to independently change the key using their personal account on the Unified Public Services Portal.

2012

Waiting for the distribution of a SIM card with an EDS

According to a study published in September 2012 by analytics firm TechNavio, the two-factor authentication market will grow at 20.8% annually in 2011-2015. Two-factor authentication implies that in order to access information, the user needs not only to enter a password, but also to have some device or program that confirms the access right. A classic example is online banking, where to confirm the operation, you must not only enter a password, but also dial a one-time code sent via sms or generated by a special program on a computer.

According to analysts, the next stage in the development of these technologies will be authentication using mobile phones, when a digital signature is "sewn" into the SIM card of the device, with which the user can perform legally significant actions. For example, such a mechanism has already been implemented in Estonia. Another option for the development of technology is the creation of smart cards, which are electronic identity cards.

The spread of technology will be facilitated by the introduction of short-range wireless phones NFC. Thus, a mobile phone can be used instead of a bank card when paying for goods in a store or at the checkpoint to a restricted area. However, the development of the market will be hampered by security considerations and the actions of regulators that impose certain requirements on the transfer and protection of confidential data.

Among the leading manufacturers of two-factor authentication solutions, TechNavio researchers name Entrust, Gemalto, RSA Security and VASCO Data Security.

Second-tier developers include ActivIdentity, CryptoCard, Deepnet security, Equifax, PhoneFactor, SecureAuth, SecurEnvoy, and SafeNet Inc.

Permission for government agencies to submit documents to the government electronically using EDS

According to his message, the Government approved the draft amendments made by the Ministry of Telecom and Mass Communications. Thus, documentation between state and executive authorities, as well as the government apparatus will be entered electronically using an electronic digital signature.

Denis Kuskov, CEO of the Telecom Daily analytical agency, in an interview with TAdviser, said that the creation of an internal secure electronic document management system would greatly facilitate the life of departments and ministries.

"If we talk about the project from the point of view of IT, then the development, implementation, configuration of a system of this scale and complexity, as well as with similar security requirements, can cost more than one hundred million rubles. This includes EDS keys," Kuskov said. "Now the market for such systems is quite competitive, so the state can cut the cost of the project quite seriously."

According to Kuskov, in the absence of any obstacles, the development, implementation and debugging of the EDMS and keys can take about a year.

Kuskov is sure that each department or institution will need a maximum of 20 EDS keys. The Cabinet of Ministers consists of 21 members.

In July 2012, it became known that in autumn the Federation Council intends to check the preparation of regulations relating to the creation of a unified electronic digital signature (EDS). As the media found out, if the senators are not satisfied with the results of the check, they will come up with a legislative initiative to introduce a single EDS. (Earlier, the Government of the Russian Federation extended the law "On Electronic Digital Signature" for another year). Experts are not sure that the idea will be implemented: we are talking about a huge business, covering up which will not be profitable for either certification centers or officials.

For the first time, the issue that the current law on EDS should be supplemented with amendments that allow officials to use one signature for all information systems was raised by senators back in April 2011. The Federation Council eventually approved the proposal of the senators, and the government, in turn, promised, “that this novelty will be implemented in the regulations on the procedure for applying an electronic signature,” Yury Roslyak, a member of the Federation Council Committee on Economic Policy, told reporters. However, for almost a year and a half, the normative acts did not see the light of day.

“Today, the regulations are still in development, so in the fall we will check the form in which all this has been implemented. If this principle is not fulfilled, then we will come up with a legislative initiative on the legislative motivation of the government, including the Ministry of Telecom and Mass Communications, on the use of this technology - Yu. Roslyak adds.

According to the senators, the current law on EDS is extremely inconvenient: each information system requires an individual digital signature, so civil servants and businessmen have to use several EDS at once.

Order of the FSB on the requirements for electronic signatures and CAs

On February 17, 2012, the order of the Federal Security Service of the Russian Federation dated December 27, 2011 No. 796 "On approval of requirements for electronic signature tools and requirements for certification center tools" was published. Earlier, there was an order dated December 27, 2011 No. 795 “On approval of the requirements for the form of a qualified certificate of the electronic signature verification key”.

In accordance with the new rules, when signing a document, the signature tool must show the electronic document to the person who signs it, wait for confirmation from this person, and after signing, show him that the signature has been created. When verifying a signature, the tool should show the electronic document, as well as information about making changes to the signed document, and indicate the person who signed it.

The format of a qualified certificate differs significantly from the format of EDS certificates that are issued at this time (in accordance with federal law No. FZ-1). For example, a qualified certificate must include the name of the electronic signature tools and certification authority tools used to generate the signature key and verification key (private and public keys, respectively), as well as to create the certificate itself.

Compared to EDS certificates, the way in which the powers of the certificate holder are represented has changed. At the request of the owner, the EDS certificate could include any information supported by the relevant documents, and non-standard details (for example, the registration number of the insured) could be included in the qualified certificate only if the requirements for their purpose and location in the certificate are specified in the documents provided for confirmation of the compliance of the means of the certification center with the requirements of the FSB.

2011

For all the time in Russia, 5-7 million ES key certificates have been issued

For the entire period of the law of 2002 on ES in Russia, 5-7 million certificates of electronic signature keys were issued, experts estimate the Ministry of Telecom and Mass Communications. They will be valid until July 1, 2012, after which they will have to be replaced with new ones.

In 2011, a market for services for issuing electronic signature carriers to citizens begins to form in Russia. They cost no more than 500 rubles, but it was difficult to estimate the demand at that time: it had not yet been decided which signature was suitable for which documents.

The signature of the highest level, protected from forgery, is the so-called enhanced qualified signature. The means by which documents are certified with such a signature are issued by special certification centers that have been certified by the FSB. According to the Ministry of Communications, the Unified State Register of Signature Key Certificates contains 284 such centers.

Means for issuing simpler signatures - reinforced unqualified and simple - can be purchased on the market, you do not have to contact a certification center for this.

In 2011, certification centers, whose tariffs were studied by a Vedomosti correspondent, charge 2,000-10,000 rubles for issuing an electronic signature. (depending on the number of related services - for example, for 10,000 rubles, you can also participate in a seminar on using such a signature). But the price should be radically reduced, Elena Lashkina, press secretary of the Minister of Communications, promised, in fact, it will come down to the cost of the carrier. For a carrier of a reinforced electronic signature certified by the FSB, you will need to pay 500-600 rubles, and in the future - 300 rubles. For an unqualified reinforced EP, you can buy any USB flash drive (from 100 rubles).

President Medvedev signed the law "On Electronic Signature"

The need for a new law was due to the fact that the provisions of the current law on electronic signature (FZ-1) did not correspond to the modern principles of regulation of electronic signatures that are in force in European countries.

There are three types of electronic signature - a simple electronic signature, an unqualified electronic signature and a qualified electronic signature.

A qualified electronic signature is an electronic signature that:

• obtained as a result of cryptographic transformation of information using the signature key;
• allows you to identify the person who signed the document;
• allows you to detect the fact of making changes to the document after signing it;
• created using electronic signature tools.

In addition, the key for verifying such a signature is specified in a qualified certificate, and to create and verify an electronic signature, tools are used that have received confirmation of compliance with the requirements established in accordance with federal law.

Before using the EDS, the center had to transfer copies of the certificate in paper and electronic form to the authorized body. Certification centers themselves were subject to compulsory licensing and had to be built into a single hierarchical structure. Although the law came into force at the beginning of 2002, the authorized state body (then it was the Federal Agency for Information Technologies) appeared only in 2004, and the root certification center, without which all the others are impossible, appeared in 2005. Licensing of certification centers is generally not earned due to contradictions with the later adopted law "On the licensing of certain types of activities."

As a result, as noted in the explanatory note to the law "On EDS", in Russia EDS is used practically only by legal entities, and the number of certificates issued is no more than 0.2% of the total population. In the law adopted now, certification centers are not required to be licensed - they can be accredited, and then only on a voluntary basis. Accreditation will be carried out by the authorized body appointed by the government, which will also organize the work of the root center.

To be accredited, a Russian or foreign legal entity must have net assets worth at least RUB 1 million. and financial guarantees for payment of compensations to affected clients in the amount of 1.5 million rubles, have at least two IT specialists with higher professional education and go through the confirmation procedure with the FSB. The centers are obliged to provide free access to any person to the registers of valid and revoked certificates, the mandatory transfer of the register of certificates to the root center will occur only in the event of termination of the center's accreditation. A certification authority can also organize a system of centers around itself, in relation to which it will be the root.

The plan for the preparation of legal acts in order to implement the federal laws "On Electronic Signature" and "On Amending Certain Legislative Acts of the Russian Federation in Connection with the Adoption of the Federal Law "On Electronic Signature" was approved by the Decree of the Government of the Russian Federation dated July 12, 2011 No. 1214- R. The plan establishes the terms for the development of legal acts of the Government of the Russian Federation and legal acts of federal executive authorities related to the use of an electronic signature. The Ministry of Telecom and Mass Communications of Russia is one of the responsible executors of the development of legal acts, most of which will be developed jointly with the Federal Security Service of Russia, the Ministry of Economic Development of Russia, as well as interested federal executive authorities.

According to the plan, before July 30, 2011, a federal executive body authorized in the field of using electronic signatures will be appointed, before August 31, the requirements for the form of a qualified certificate of the electronic signature verification key, requirements for electronic signature tools, requirements for certification center tools and the procedure for accreditation of certification centers. Until October 31, Government resolutions must be adopted on the types of electronic signatures that government agencies use when organizing electronic interaction with each other, on the types of electronic signatures that are used when applying for public services, and on the procedure for using a simple electronic signature when providing state and municipal services. Until November 30, the procedure for using an electronic signature when applying for state and municipal services must be approved. The last planned document will be signed in March 2012.

In the 2011 law, it became possible to sign documents with an electronic signature, the circulation of which is not regulated by direct action laws, notes Sergey Sapelnikov, deputy head of Rosreestr. Few documents fall under the regulation: extracts from the real estate cadastre and the Unified State Register of Rights, invoices, etc. The new law, in theory, will allow notaries to certify electronically and extracts from a marriage certificate, power of attorney, etc. True, not yet it is clear which of the three formats will be accepted by government agencies and which specific documents can be signed with them. The law did not establish what type of signature a particular department can use, in what format the company's general director should sign, in which one - the chief accountant, and in which one - a citizen, says Sapelnikov. For authorities, the types of electronic signature will be determined by the government, and for business and domestic communication, citizens and legal entities have the right to choose the type of signature themselves, says an employee of the Ministry of Communications.

On March 30, 2011, at a meeting of the Federation Council, it was decided to amend the law on electronic digital signature (EDS) without suspending the law in its current version. Now the document does not spell out the rule that a particular person must have one EDS, as well as his graphic personal signature. Because of this, officials and businessmen are forced to use different signatures in different information systems.

“Each information system in our country requires an official to draw up an individual digital signature for each specific system. We consider this categorically unacceptable: firstly, this is an additional bureaucratic barrier, and secondly, this is a big waste of time and money, ”said Yury Roslyak, one of the initiators of the amendments, a member of the Federation Council Committee on Economic Policy.

According to him, now an official working in the treasury system has seven different digital signatures. “It can reach the point of absurdity when a person can have 10-12 digital signatures in order not to limit his legal capacity,” he added. According to him, a unified digital signature should be issued in the system of certification centers. It should operate in all public information systems that exist in Russia. It is equally obvious that this thesis has nothing to do with identification in closed information systems.

“Now work is underway to agree on the design: in which chapter to include this amendment. I think that within a month we will finish this work and we will start conciliation procedures at least in early June,” Yu. Roslyak explains.

The State Duma approved the draft law "On electronic signature"

In March 2011, the State Duma of the Russian Federation approved in the last reading the draft Federal Law "On Electronic Signature", which is intended to replace the existing since 2002 No. 1-FZ "On Electronic Digital Signature". The law is intended to "regulate relations on the use of electronic signatures in civil law transactions, the provision of state and municipal services, the performance of state and municipal functions, as well as in the performance of other legally significant actions."

In accordance with Art. 5 of the bill defines three new types of electronic signature: simple, unqualified and qualified (the most secure). The currently used EDS key certificates are equated to qualified electronic signature certificates.

The law regulates the issuance and use of signature key certificates, signature authentication, accreditation and provision of services of certification centers that will issue electronic signature key certificates. Until July 1, 2012, such centers will continue to operate as before, however, they will have to undergo mandatory accreditation by the authorized body. Starting from the summer of 2012, the right to issue qualified signatures is granted exclusively to accredited certification centers.

The situation with EDS in the Russian Federation is such that any user to work with information systems that require the use of an electronic digital signature has to create a separate EDS for almost each of them. To resolve this situation, the Federation Council of the Russian Federation is preparing an amendment to the law "On Electronic Digital Signature", which is designed to make life easier for EDS users. As a result, it should become uniform for all information systems and not limit the capacity of their holders.

Decree of V. Putin on the transition of government agencies to paperless workflow by 2012

In February 2011, Russian Prime Minister Vladimir Putin signed Decree No. 176-r "On approval of the action plan for the transition of federal executive bodies to paperless document management when organizing internal activities." This document approved the action plan for the transition of federal authorities to paperless document management and established that the implementation of measures for the transition to paperless document management is carried out "at the expense of funds provided for in the federal budget."

By June 2011, it is planned to provide "officials of federal executive bodies with electronic digital signatures for use in electronic document management", to create or upgrade the EDMS of ministries and departments. From January 1, 2012, according to the plan, paperless workflow should work in all federal authorities.

2010: Report of the Ministry of Economics to the President of the Russian Federation on the need for an EDS for electronic public services

The electronic digital signature is most actively used in the field of finance - this is facilitated by the growing penetration of Internet banking systems, and the initiative of the Federal Tax Service, whose divisions accept reports in electronic form. In addition, Russian President Dmitry Medvedev recently signed Federal Law No. 229-FZ of July 27, 2010, which provides for amendments to the first and second parts of the Tax Code of the Russian Federation. Among them is the possibility of issuing invoices in electronic form by mutual agreement of the parties to the transaction and if the parties have compatible technical means and capabilities for receiving and processing invoices. One of the prerequisites for such a process is the signing of invoices using EDS.

According to market experts, the creation of any financial documentation and reporting is one of the simplest examples of the industry where the use of EDS can bring profit. Now organizations often have to rent warehouses to store financial statements - the period of storage of documents can be 5 years or even more. Quite significant funds are spent on this. In addition, every ordinary private person at home also has a kind of warehouse in which documents are stored. If all these documents are transferred to electronic form, this will greatly facilitate the life of a person or company and ensure greater safety of documents - after all, paper documents cannot be copied as easily as electronic ones.

In the US, UETA and the national electronic signature law give electronic documents the same weight as traditional handwritten paper commitments.

These statutes define ES as "an electronic sound, symbol, or process attached to or logically associated with a contract or other recording, attached to it by a person with the intention of signing the recording." Thus, any business transaction can be carried out electronically.

“In the US, people use digital signatures in all aspects of their daily lives. You can electronically arrange a mortgage or insurance as part of a car loan,” says Stephen Bisbee, president of Baltimore-based eOriginal, which owns the patent for the process of creating, signing, and transmitting documents electronically.

The most progressive enterprises no longer wonder whether to use an electronic signature - they are focused on how to best integrate its use into their own business processes.

The next step will be to manage any "digital" business online. "This is a move from simple signatures to complex electronic financial transactions," says Bisby, and predicts that the turning point in this area will occur within the next four years.

1994: EDS standard adopted in Russia - GOST R 34.10-94

The digital signature came to Russia in 1994, when the first Russian EDS standard, GOST R 34.10-94, was adopted, which in 2002 was replaced by GOST R 34.10-2001.

1976: Development of the electronic signature in the USA

It can be considered the birthplace of digital signature: in 1976, American cryptographers Whitfield Diffie and Martin Hellman first proposed the concept of "electronic digital signature", although they only assumed that digital signature schemes could exist. But already in 1977, the RSA cryptographic algorithm was developed.