Cloud electronic signature certificate. EDS transfer to the cloud
Electronic signature serves the same function as your regular sealed signature:
- Confirms the authenticity of the document: helps to make sure that the document has not been altered and that it reached the recipient in its original form.
- Allows you to identify the author of the document.
An electronic signature consists of public and private keys. Public key also called public, it is available to everyone and is used to check if the signature is valid, helps to determine the owner and to confirm the authenticity of the document that was signed. Private key - secret. With its help, a document is signed, it is available only to the holder of an electronic signature. Technically speaking, an electronic signature is a set of characters encoded by cryptographic means.
The signature also protects documents from unauthorized access through encryption... Document flow with regulatory authorities must be encrypted.
How does an electronic signature work?
Before you send reports to the tax office using a cryptographic tool and the recipient's public key, your report is signed, encrypted and transmitted over secure communication channels. Only the inspector, the recipient of the reports, can decrypt the document if he has his own secret private key. Then the inspector sends you response documents, they are encrypted already at the inspector's workplace using your public key and cryptographic means, and decrypted at your workplace using your private secret key.
During decryption, the correspondence of the public key, to which the document is encrypted, and the user's private key is checked.
An electronic signature is issued by a certification center - an organization that has the right and accreditation for this. After signing the contract and other documents, the CA issues a certificate for your company.
The electronic signature can be stored on a computer, flash drive or rutoken. Rutoken is a usb authentication tool with additional key access protection. Then, in order for the electronic signature to work, install cryptographic software on the computer.
Qualified electronic signature
On July 1, 2013, Federal Law No. 1-FZ "On Electronic Digital Signatures" dated 10.01.2002 became invalid. It was replaced by Law No. 63-FZ "On Electronic Signatures" dated 06.04.2011, which introduces the concept of a qualified electronic signature or CEP.
Due to changes in legislation, the electronic signature for submitting reports to KOs is valid until December 31, 2013, and from January 1, 2014 it must be replaced with a qualified one.
From July 1, 2013, all users of Kontur.Elba began to receive a qualified electronic signature. If you received an electronic digital signature before July 1, the service will offer to replace the EDS with a CEP. The procedure can be completed online, without a visit to the service center, if at the time of registration of the application your signature is valid and the details have not changed.
How does an electronic signature differ from a qualified electronic signature?
There are no fundamental differences between them. There are several legislative and technical points.
For example, according to law No. 63-FZ electronic document, signed by the CEP is equivalent to a paper document signed with a handwritten signature. In Law No. 1-FZ, signatures were recognized as equivalent.
Technical transformations of an electronic signature will not change your work. You will still be able to send reports from any device and from anywhere on the world map.
As you know, the task of an electronic signature is to simplify the workflow. According to the 2011 law "On Electronic Signatures", a digital document signed by an electronic signature is equivalent to a paper document with a hand-made autograph.
"A cloud-based electronic signature has all the properties of a regular signature, only it is stored not on a USB flash drive or computer, but on the Internet - on a special secure server," in the cloud, "says Igor Chepkasov, founder and president of the National Cryptocurrency Development Fund. The document is also signed and encrypted there, so such an ES does not require the installation of special software on the computer. The expert notes that one of the advantages of a "cloud" signature is the ability to sign documents (including reporting) and send them from anywhere in the world and from any device.
Anton Elikov (the Merkata project) notes that an electronic signature "in the cloud" is something that many of us use every day without even noticing. “The most striking example is the authorization mechanism in mobile and Internet banks, when after entering the password you will be sent a one-time PIN code via SMS. Such a two-level authorization, in essence, can already be an electronic signature, ”says the expert.
Why do you need electronic. Sergei Kazakov, an expert in the field of information security at SKB Kontur, recalls that with the help of electronic signature, companies submit reports to the tax and other regulatory authorities, conduct electronic document circulation. The digital signature is also widely used in the field of public procurement... “According to our estimates, the total number of electronic signature users in Russia exceeds two million,” the expert notes. “The cloud-based electronic signature technology, which appeared several years ago, makes this tool more accessible for business. This is confirmed by several tens of thousands of SKB Kontur clients who have made a choice in its favor, ”says Mr. Kazakov.
note
While experts are talking about the spread of "cloud" ES, there is one problem - the issues of its use are not spelled out in regulations.
As noted by Alexey Dashkov, the head of the information security department of the System Soft company, the electronic signature performs the same function as the signature, secured with a seal. “It ensures the authenticity of the document and consists of a private and public key. The document is signed using a private key, which is usually stored on a special medium - a token. The service can be purchased from a number of providers of such services, no special requirements, except for the presence of a standard set constituent documentsis not required, ”he says.
“Cloudy” electronic signature is an ordinary electronic signature, but with one difference: the private key is stored on the servers of the certification center, and documents are signed there. The signatory's identity is usually confirmed by sending an SMS with a code to mobile phone", - Mr. Dashkov explains.
Issue price
Igor Chepkasov said that the cost of the ES depends on its functionality and scope of application and ranges from 1,000 to 15,000 rubles. “At least, I met such prices personally, when I needed EDS for work. A “cloud” electronic signature in some companies I know costs 3000 rubles, ”the expert shares.
The cost of a "cloud" signature varies from operator to operator. You can find an offer for 900 rubles a year. However, you should not unconditionally trust the advertising promises. We advise you to familiarize yourself with the price list for a "cloud" signature and find out what is included in the price, and only then make a decision on its purchase.
“The cost of a“ cloud ”electronic signature, as a rule, is included in the tariff of the service that the client buys. The only SKB Kontur service that sells it separately is the Diadok electronic document management system. In it, it is 900 rubles. At the same time, an ordinary certificate on a carrier with a license for a cryptographic information protection tool (CIPF) will cost 3000 rubles, ”says Sergey Kazakov.
How does it work?
The technology is based on a specialized electronic signature server located "in the cloud". “If a user needs, for example, to send a report to the tax office, his accounting system interacts with the electronic signature server and sends him a document to be signed. The electronic signature server is obliged to request permission from the user - this can be done by sending a confirmation code of the operation to his mobile phone, as in the Internet bank, ”notes Sergey Kazakov. By entering the confirmation code in the accounting system, the user authorizes access to the ES key, and a signature is created for the document. “All electronic signature keys are stored encrypted on a specialized device that meets the most stringent security requirements. The operator of the electronic signature server must take all measures to minimize the risk of unauthorized access to the keys, ”says Mr. Kazakov.
In order to use the "classic" electronic signature, you need to purchase a token and specialized software - a crypto provider. “These are significant expenses, especially for start-up entrepreneurs. Then this software needs to be installed and configured, and if you are going to use the signature on several workplaces - for each place separately. A “cloud” electronic signature does not require the purchase of software and preliminary configuration, it cannot be lost or forgotten, ”notes Mr. Kazakov. Unlike traditional technologies, cloud signature is available to users on any operating system and platform, including mobile devices.
Alexey Dashkov notes that "cloud" e-signatures are popular with small companies or individual entrepreneurs, actively using services "such as online accounting and online document management." In large organizations that do not use the "cloud", the use of such a signature, according to him, can be more expensive and more difficult than the use of conventional electronic signature.
What are the prospects?
According to Anton Elikov, the entire transport industry in Russia is waiting for the spread of the use of "cloud" electronic signatures. “One has only to imagine a situation when a freight forwarder driver goes on a flight not with a bundle of papers, but with a tablet. And right at the place of shipment, he signs a consignment note with the client! But the “cloud” electronic signature could bring the main benefit in the case when the delivery document differs from the actually shipped volume of products (re-grading, battle in the process of transportation), ”he notes. According to Mr. Elikov, such cases in practice sometimes happen up to 40 percent. “And all these documents are now being sent to the long way of interaction between the accounting departments from the supplier and the buyer. Although the issue of discrepancies could be settled right at the place of shipment, and the fact of the change would be confirmed by a “cloud” signature, ”the expert concludes.
Igor Chepkasov says that currently there are already completely new developments using Blockchain technology, namely smart contracts. “Decentralization - the fundamental principle of the technology's operation - provides absolute protection against compromise and unauthorized access to any document and the signature itself, since each such block element (signature, document, archive, etc.) is located in a solid chain of numbered blocks protected by the most complex cryptographic code, ”he says. According to Mr. Chepkasov, it is impossible to amend the block already put into circulation; a smart contract is an electronic algorithm that describes a set of conditions, the fulfillment of which entails certain events. “His work is based on the creation and application of so-called low-trust protocols, where the protocol algorithm uses only software tools, and the human factor is excluded from the decision-making chain as much as possible - the person here acts exclusively in the ro-and one of the parties involved in the implementation of the contract. For example, when sending payments, the execution of a contract is impossible without receiving the number of electronic signatures specified in the contract, ”he notes.
Meanwhile, while experts talk about the spread of the practice of using "cloud" electronic signatures and talk about the possibilities of technology development, there is one problem. It is connected with the fact that today the issues of applying such an electronic signature are not properly spelled out in the regulations. But soon, namely, in the third quarter of 2016, Russians will have the legislative opportunity to use an electronic signature without a physical medium - a USB flash drive or a SIM card. Such a norm is contained in the "road maps" to the program for the development of the Internet in Russia, which the Institute for Internet Development prepared for the President of the Russian Federation. So we can expect that companies will soon cease to be afraid of "cloud" technologies and begin to more actively use such an electronic signature in their work.
July 22, 2014 08:50Cloud technology continues to transform industry after industry, appearing where it would seem least logical. The process is largely reminiscent of the birth and triumphant march of computers across the diverse landscape of human activity. Today, few people think about how computers have changed the production of newspapers and magazines, production, agriculture, and especially business in all its forms. Now everything around the clouds is changing in the same way, and some areas are already in the second circle. For example, accounting.
In 1994, the Main Security Department of FAPSI developed the first standard for electronic signature in Russia, but then the country was still in a very troubled time, so they really started talking about electronic signature only 8 years later, in 2002, when a new standard for cryptographic protection of electronic signature was approved , actually equalizing russian concept "Electronic signature" and international - " digital signature". So the history of this technology in our country, although it is already twenty years old, is actually used no more than ten.
And b aboutfor most of this decade, the technology worked like this. On the computers of the organization (as a rule, only in the accounting department), special software was installed for working with electronic signatures, and the USB-media contained personalized keys, which were stored in a single copy. I must say that security in this case was ensured almost complete. Without taking possession of the same "flash drive" with keys - a token - it was impossible to sign documents on behalf of the organization. But there were also disadvantages! The token can be stolen, lost, destroyed physically - and then you will have to go through the authorization procedure again at the certification center. And if you need to sign urgent documents? In a word, cloud technologies have already stood on the threshold to change another industry forever, and today the electronic document management sector can become the locomotive of their development.
We asked Anastasia Shchepina, an industry specialist, an analyst of the company, to tell us about the benefits of EDF implementation Synerdocs, which believes that the reluctance of business to switch from paper to electronic documents, from an electronic signature on a medium to a cloud-based electronic signature in most cases is associated with fears and habits:
“Fears need to be allayed, and established processes need to be replaced with new, more efficient ones, and new habits must be developed that will allow working and making a profit faster. Concerns are usually associated with distrust of the servers that store the private keys of electronic signatures. In fact, the servers that store the keys are well protected. I think it's even safer than carrying a token or flash card with you. Of course, this is a matter of trust, but now cloud technologies are just evolving, and CAs take this seriously.
Now about habits. Many articles have already been written about the advantages of electronic document management, there is no secret here. Cloud electronic signature adds advantages: it allows you to reduce the cost of acquiring electronic signatures, makes it possible to sign documents at any time and in any place where there is Internet. As a result, it turns out that competitors of a conservative company, which are open to new technologies, make their business more efficient and gain a competitive advantage. This can force the business to start moving first to electronic document management using electronic signatures on a medium, and later, possibly, to cloud-based electronic signatures. "
How does the usual ES technology look like in the cloud? The certification authority creates your electronic signature and places it in its own cloud. In this case, no tokens are needed: authorization takes place via SMS, via a linked mobile phone. The signature itself is located in the cloud, so you can sign invoices and other documents from any device with Internet access: from an office computer, from a personal laptop, from a tablet or even a smartphone. This approach has obvious advantages. According to Synerdocs analyst Anastasia Shchepina, there are two main advantages of a cloud-based electronic signature.
1. Its cost is lower. The purchase of a cloud-based e-signature is less expensive than a regular purchase. This is due to the fact that to work with this signature, you do not need to purchase a carrier and a means of cryptographic information protection (hereinafter - CIPF). In the case of a cloud-based electronic signature, the CIPF is located only on the server where the private key is stored. All this is formalized by the relevant agreements and powers of attorney.
2. Mobility. Now the Internet is almost everywhere, which means that you can sign documents with a cloud electronic signature from any tablet, smartphone, device that supports Internet access. Neither paper nor an electronic signature on the medium provides such an opportunity. Cryptographic information protection tools for mobile devices are, of course, being developed now, but generally without cryptographic data protection tools on your device, you must agree, it's easier to work. In addition, you do not have to install the private key of the cloud-based digital signature personally or pay to the CA employee who will configure everything. It will not be necessary to train users to work with cryptographic information protection tools and ES certificates
But, having a lot of positive qualities, the cloud signature also has negative aspects. Despite the fact that more than 100,000 cloud electronic signatures have already been issued through popular accounting services in 2013, the widespread use of signatures is still questionable. Anastasia Shchepina believes that the business has not yet fully decided on the technical component of using cloud-based digital signature:
If we talk about cloud-based electronic signature in document flow, then it is not yet clear how it will work with several EDF services. Most likely, with great difficulty. The private key is stored on the CA server, the EDM service needs to make a request there for the formation of an electronic signature. At the moment, not all services will be easily integrated with the CA software, you will have to take this into account when switching to cloud signature. You may have to buy a separate signature for each service.
The second minus is more likely from the conceptual area. The essence of an electronic signature implies the replacement of a handwritten one: that is, you personally, with my own hands sign the document with the confidential part of the key. You and only you should have it. In the cloud version, the private key is not in your hands - but somewhere there, on the CA server. That is, in fact, you do not sign with your own hands, but through an intermediary. Of course, all this will be documented, and the servers themselves are reliably protected, but not in all organizations the security service will approve of this. If it is important for you that the documents are signed by the owners of the private keys themselves, then the cloud electronic signature will not suit you.
In general, the prospects for cloud-based digital signature and electronic document management in our country are encouraging. The State Duma has already approved the development plan e-government until 2018, which also includes a number of measures to promote business. For example, "a decrease in the average number of appeals of representatives of the business community to a government authority to receive one government service." And even if the thesis does not sound very impressive, since the number of requests is planned to be reduced to only two, this is already a certain progress, leading us to the European scenario. That is, such a situation when opening a business, paying taxes and signing any documents will be possible on the Internet, and often from a smartphone.
June 19, 2014 09:21Recently, we often talk about electronic signature (ES) in the cloud. Basically, this topic is discussed by IT specialists. However, with the development of electronic document management (EDM) services, subject specialists - accountants, secretaries, auditors and others - began to be drawn into the topic of cloud-based electronic signature.
Let me explain that a cloud-based electronic signature implies that your private ES key is stored on the server of the certification center, and documents are signed there. This is accompanied by the conclusion of the relevant agreements and powers of attorney, and the actual confirmation of the signatory's identity occurs, as a rule, using authorization via SMS.
The need for an accountant to use cloud-based digital signature depends on the mode in which he works. If you are often out of the office or, for example, work in a company that provides accounting services (accounting outsourcing), then the cloud-based electronic signature will help you sign documents from anywhere. In this case, you do not need to install any additional software... However, despite the ease of use, not all companies are ready to take advantage of this opportunity.
So that you can choose for yourself whether you need a cloud electronic signature or not, consider all the pros and cons of using it. We will also think about who might really need such a signature. By the way, in this article we will only talk about an enhanced qualified electronic signature (hereinafter - UKEP).
Behind
Cloud e-signature is cheaper than usual... This is mainly due to the fact that you do not need to purchase a cryptographic information protection tool (CIPF) and a token (a flash drive with a certificate). As a rule, taking into account their purchase, the price of a certificate soars 2-2.5 times.
Convenience and ease of use... To work with a cloud-based electronic signature, you do not need to install both the electronic signature certificate itself and special tools for working with it. This means that you won't waste time figuring out how it all works.
Mobility... At the moment, there are no common and free solutions for using a non-cloud electronic signature on mobile devices. In this regard, a huge advantage of a cloud-based electronic signature is that you can work with it from any computer, tablet, smartphone with Internet access.
Vs
Physically, you are not signing the document... You need to understand that in the case of a cloud-based electronic signature, the private part of the key, which is confidential and should only belong to you, will be located on the server of the certification authority. Of course, this will be documented, and the servers themselves are well protected. But here everything depends on the company's security requirements and on the policy related to the signing of documents. If it is important for you that the documents are signed by the owners of the private keys themselves, then a cloud electronic signature will not suit you. In this situation, it is up to you to decide how much you trust the CA and the servers on which the private keys are stored.
You can use the cloud-based digital signature only in those services with which the certification authority software is integrated. This is also due to the fact that in the case of a cloud-based digital signature, the private key is stored on the CA server. In order for the service you need to be able to use such a private ES key for signing, it needs to be able to send a request to generate an electronic signature to the CA server. It is clear that at the moment there are many services, and all of them will not be able to provide for integration with the CA software. It turns out that you will have to use a cloud-based digital signature only with certain services. To work with other services, you will have to buy another ES certificate, and there is no guarantee that these services will support any cloud electronic signature.
And what?
Cloud e-signature is a convenient, mobile and simple tool, but not the most flexible. And in terms of reliability, it might be better to store the private key on a secure server than on a token in a desk drawer.
Who really needs an electronic signature? First of all, for those who often work outside their office in the office. For example, lawyers and auditors who often visit clients. Or executives and directors who need to sign documents anywhere. For them, a cloud-based electronic signature will become an irreplaceable assistant in their work.
Also, a lot depends on the policy of the company. If an organization is moving towards cloud technologies, for example, in terms of storing documents, using services for internal and external document flow, then electronic signatures will most likely also be cloudy. Otherwise, accountants, clerks and other employees, who usually do not leave their office during work, do not need a cloud-based electronic signature. They can purchase a private ES key and ES certificate in the usual way, on a medium that can be used in most services for exchange with counterparties and government agencies.
(4.33 - rated by 9 people)
Similar posts
Well, not true. For example, for iOS there is Crypto-Pro for a long time. EDMS solution providers use it. For the same DIRECTUM there is also an EDS based on Crypto-Pro for Android.
Physically, any electronic document is not signed by you. The software does it.
More precisely, not on the CA server, but in a specialized hardware server for storing keys of an electronic signature service interacting with the information system (electronic document management).
In this case, indeed, the user does not need to install anything at home, but the entire security of using the key does not depend on the user, but on the reliability of the authentication of the key owner by the electronic signature service and the information system.
Well, the key can be used only in those information systems that are "connected" to the electronic signature service that stores and uses the owner's key. Those. the key will be "incomplete" (for example, it cannot use cryptography to protect the connection to servers, the operating system, email and files, to provide authorization to GOSUSLUGITOCHKARA and many other places), but only for a specific task in a specific system. It's like comparing a bus and a tram, there is a +/- everywhere.
There are solutions, but they are not common due to their relative insecurity. Free ones are unknown. And will they appear ...
I have a slightly different point of view: if it is not the cloud certificate that is considered primary, but the cloud service. Yes, not all services can use a single cloud certificate. But the value, in my opinion, is not in the certificate, but in the services. And there is nothing wrong with the fact that each service uses its own cloud key. Unlike "on premise" certificates (on tokens, smart cards or in the registry of your personal device), you do not have to carry beads from tokens or copy certificates to registries on all devices. They will simply receive sms from different numbers. Moreover, a cloud certificate, as a rule, is cheaper on premise, and no software (crypto provider) purchase is required. Well, from a security point of view, such a scheme looks a priori more reliable, since if one key is compromised, others may remain working (uncompromised).
There is nothing wrong with it, but the cost is more than using one full-featured key (not beads) on many systems. The threat model of the use of a "cloud ES key" adds the risk of a security breach in the authentication channel. In addition, it is not safe to use OTPviaSMS everywhere. And psychologically, most people feel more confident when storing their key in their safe than with a virtual key in a virtual storage with a conditionally secure channel for managing its use.
Of course, this is so as long as the signing is initiated by one device, and the SMS with the signing confirmation code comes to the other device. And as soon as the mobile client is left alone, such a scheme is no longer a priori more reliable. All that remains is user friendliness, not reliability.
The user can win, gain some advantage over competitors using paper with ink or physical tokens with hardware support for OneTimePassword, due to faster response, more mobility. But it will also take big risks. Risk of service unavailability. Risk of compromise mobile device... The risks are justified when it comes to small amounts of money. I would entrust the deal for a million to the good old paper, signed in silence, without prying eyes, without intermediaries and without haste.
If you need to sign a package of 30 documents. And the service doesn't support batch signing. You will have to receive 30 SMS (or one with 30 confirmation codes) and enter confirmation codes 30 times. This is the time, and the reaction is no faster.
But if each service has its own service for setting the electronic signature, then the integration of services should be very tight. And batch signing will be included there. For example, one logical SMS will come: "Code 0xs3cr3t for operation # 22_1806. Dear Konstantin Vasilyevich. To confirm receipt of incoming documents for the period 06/01/2014-18.06.2014 (20 invoices, 7 acts of work performed and 3 consignment notes ), namely - signing of 30 official documents confirming receipt, enter the specified code ".
There are solutions. But, as far as I know, CryptoPro for iOS and Android is not distributed free of charge.
Agree. In general, this is what I mean. In this regard, using a cloud certificate is not very convenient.
In general, if you need to work with several services, then buying several cloud digital signatures can be even more costly than buying one qualified certificate, cryptographic information protection tool and token.
As for reliability, here is the question of trust in the security of the place where the keys will be stored, in the technologies with the help of which the signing will be carried out. I think so far the technology is not very well tested, and there will not be much trust. But, you see, using a cloud signature is still quite convenient in some cases. To understand which signature is suitable in a particular case, you need to look at the processes, study the needs, evaluate the pros and cons of both options, and then make a decision. Therefore, we are trying to show both sides of the same coin of cloudy ED.
What platforms is CryptoPro free for?
I think the technology does not solve much - the only question is trust in the solution provider to whom you will entrust your certificate.
Therefore, when they talk about such technologies in the context of internal corporate use, I still understand that it can "take off". As soon as we talk about trusting a certificate to a third party, I see no chance.
As far as I remember, Crypto Pro for iOS and Android is not sold to end users. Therefore, everything is at the discretion of the application software vendor. If he wants to give you for free, he will. If he does not want, he will not give. Or it can add to the functionality for which you bought the solution.
Is this an assumption (as in the original article) or can you confirm this with real numbers?
And also Microsoft, Facebook, Twitter and hundreds of other federated authentication providers, and each resource chooses to integrate with which of the providers. Do you propose to do the same with the storage of certificates?
And I understand correctly that you are equating federated authentication, in which no user data, except for a very limited set transmitted with the authentication token, leaves the service perimeter and the EDS service, through which all your signed data will have to pass?
It may not be. A cloud key does not require a token or software. The service can, for example, include the costs of issuing a cloud token in subscription fee and provide cloud certificates "free". In any case, this is a marketing issue, not a technique.
You can also sign a package of 30 documents. This is how the service itself is configured, whether it supports batch signing. And where the key comes from (from the cloud or from the registry / token) is already an orthogonal question. Slava, you further developed this idea in the commentary. This often happens "on paper". The big boss can only sign the register of payments with his own hand, and the payment orders are then signed by the proxies.
Glory to the point! :) So far, cloud signature is used in cloud accounting and reporting.
Misha, already working :)
Eugene, I applaud your comment while standing :)
Misha, we will wait for Eugene's answer, but I understood that as an example. A new, more convenient and, possibly, less secure solution, due to its convenience, is eventually adopted by consumers, since the received comfort outweighed possible risks... Perhaps before the first trouble. It is possible that consumers will continue to use this solution after a negative event.
Cloud signature seems to be more convenient now, but a priori less secure. But some users will be seduced by the convenience and will assess the security risks as acceptable. And it will use a cloud signature.
Cloud signature already works in the "low-cost" segment. It would be interesting to try it in the "enterprise" segment. Perhaps the business will be reassured by the words "CryptoPro HSM" or something else. One has to think, suggest and try.
So remove the "mobility" argument from the "pros" section in the article.
Why is she there ?!
Do I understand correctly that cloud accounting is understood as a service on which accounting is maintained and from which reports are then sent? Why is it not enough in this case to simply authorize the user on the service? Why else is a digital signature - to comply with the requirements of the regulator?
Where exactly? Within one service or services from one provider? Ok, accepted.
Only now do I need to get a certificate from each supplier? So?
What exactly is it convenient for?
I see only one plus - if you use a web service, then organizing a signature from a local client can be problematic.
In my opinion, at the mention of CryptoPro (as well as everything connected with our strange "Russian qualified signature"), normal business is already starting to get idiosyncratic.
Yes, that's right, but it could be different services... Not everyone needs accounting and reporting. Many people prefer to conduct accounting on premise, and then submit reports through the service. CEP is needed to comply with legal requirements.
Yes, it works inside the services of one provider. In theory, you can learn how to provide a cloud certificate to other vendors, if that makes economic sense. But the value, in my opinion, is provided by the services and environments where electronic signature can be used; the simple possession of a cloud or ordinary certificate does not make economic sense.
In the case of a cloud certificate, the user does not need to install software on his device and think about copying certificates to each device or always carry a key medium with him. Owning a cloud certificate is less of a hassle, so I wouldn't be so scared of getting a bunch of certificates from different providers. And the cost of the necessary software and key media (in the case of on premise certificates) will be noticeably less subscription fees, so the use of one universal certificate is a matter of convenience rather than economic benefit.
Read about HSM - an interesting thing. Foreign competitors have similar solutions for a long time. So here CryptoPro uses universal world experience.
I am glad that this topic is of interest. I will try to develop the above concept of a cloud service, taking into account the comments. 1. Cloud service as the development of information systems is already a fait accompli, which implies that software manufacturers are pulling up to this standard. In terms of cost reduction - previously you had to buy 2-3 software productproviding your needs, now it is 1, and 30-40% lower in total cost.
2. What is a digital signature and for whom is it primarily needed? The CPU is your identifier in IT systems, allowing you to say "I am I" to make decisions at any level of financial responsibility with a guaranteed level of protection against hacking or misuse... In any case, the emergence of the CPU is the evolution of the "living" signature in order to accelerate the implementation of the company's business processes. Those. If previously a paper document was processed slowly, now one click is enough to make decisions.
3. Nobody says there are ideal solutions and remedies. Indeed, CryptoPro has set the teeth on edge when using it. Recently I reinstalled the system for accountants using 1C, VLSI and 2 bank accounts via a web interface (using CryptoPro) - I cursed everything until I added all the necessary certificates and key support.
Michael, not exactly an equal sign. Rather, the sign is identity, because FA allows to implement a single window mechanism for users of different domains, i.e. acts as an identification guarantor for the authorization participant. The EDS service itself has the means of authorization and solves its specific tasks. In this case, a clear example is the site of public services and satellite services (for example, ROI). The public services website is a FA, which guarantees the identification of users for other services.
Sergei, I absolutely agree with you. Cloud signature can and should act as a unified identification service accepted by other participants in business processes. Now, this is all too fragmented and there are many intermediaries in the path of documents movement.
Where does this conclusion come from?
Maybe you don't know how to use it? Installing certificates is a very trivial task and does not raise questions for anyone. Moreover, technologically, it is no different from installing certificates on other encryption providers.
Use CONVENIENT applied tools that work with CIPF and you will be happy.
Now what is sold under the name "cloud signature" can in no way function as an identification service, since itself is entirely dependent on authentication. A cloud signature has no identification task, it is required to transfer the signature generation process from the workplace to the cloud, but only for the reason that workplace the user is not so secure to work with the cryptographic information system.
What's fragmented? What are the intermediaries? If about the CA, then it is needed for the production of qualified certificates. If about an operator, how do you imagine it without him? Need electricity operator, network access operator, cloud signature service operator, operator information system etc. This is a specialized activity. We do not have a subsistence economy.
As if I did not say this :) I fully admit the use of cloud signatures for individual services, okay, let the services from one operator. But I would be ashamed to use it as a single identification service.
Yeah, lately we often hear how EDF operators are compared to air sellers. Probably, I'll write a great article on what the operator does, in addition to ensuring legal significance, for now I will limit myself to the following:
1. Creation of ED. In the service interface, as a rule, you can create the most common ED (ESF, TORG-12, acts, etc.).
2. Storage of ED. I will not say for all the services, but Diadoc keeps your documents until you delete them yourself. Even if you no longer pay the monthly fee.
3. Unified legal space. Try to conclude contracts with all your counterparties, if you are, say, a telecom operator or an energy sales company!
4. Transport. Ok, will you yourself be able to organize the transportation of ED through communication channels and control signing for all your 10 thousand counterparties? Oh well...
5. Integration. I'll tell you a little story. One transnational corporation I decided to send it through the operator ESF and TORG-12. But the trouble is that ERP could download only PDF and then a special perverted format. IT corporation was somewhere in Latin America and took orders for development for next year... This is not counting the red tape with the formulation of TK and coordination on several continents. Who was able to quickly establish integration? That's right, operator.
Sergey, i.e. can you summarize the insolvency of the IT infrastructure to ensure the required ED quality within the existing ERP? Based on what you said above, ED is still in its infancy and cannot fully satisfy the needs of end users in full.
Then it turns out that papermakers sell processed pulp .. :) The EDF operator provides services that are in demand on the market (although some manage to sell canned air of the Alps)
Why so? Electronic document management - not an end in itself, it is a tool. It develops and the requirements grow the same. Somewhere the requirements are higher, somewhere ED itself forms the needs. In general, I believe that the state of EDM in Russia is more or less adequate to the market requirements.
Sergey, making this conclusion, I am based on what you wrote above. After all, you are raising the issue of the effectiveness of IT tools for the implementation of ED. In addition, the cloud service, as a service sector, is developing quite dynamically and the chances of an electronic signature appearing are a matter of time.
Daily subscription. Other types of subscriptions are available upon registration.