My business is Franchises. Ratings. Success stories. Ideas. Work and education
About the site Contacts
Menu
Contacts
Site search

home Calculators The electronic signature will be “hardwired” into the SIM card. SIM cards with electronic signature: new details

The electronic signature will be “hardwired” into the SIM card. SIM cards with electronic signature: new details

Technical Director of 1C-SP LLC Alexey Alexandrov in an interview with the website portal spoke about the new product in the world e-business. He also shared information about its advantages, operating technology, degrees of protection and the legal significance of documents signed using an electronic signature on a SIM card.

Alexey, what is an electronic signature on a SIM card?

At the production stage, a crypto applet is securely loaded onto a SIM card with a special chip (site note: A crypto applet is a java application that cellular operators write to a SIM card to expand its functionality; access is via the SIM menu. For example, for MTS it is “MTS-Info” and “Easy Payment”). Otherwise, this is an ordinary SIM card with which you can make calls, send SMS messages or access the Internet. The company 1C-SP LLC named this product 1C-SIM.

How would you in simple language described the mechanism of action of an electronic signature on a SIM card?

To put it quite simply, 1C-SIM for the user is a combined solution consisting of a token in the form of a SIM card and a device for visualizing the signed data - a mobile device. The difference from a USB token is that commands are sent to it not through the USB connector from the computer, but through special SMS messages sent by the 1C-SIM Platform server via the GSM channel.

This approach allows the user to see what they are signing.

The signature procedure is as follows:

To generate a signature, an accompanying message is sent to the 1C-SIM platform along with the document for signature, which contains significant information from the complete document, allowing one-to-one comparison of the document and the message. The message is displayed on the screen of the user's mobile device and he is asked to enter a PIN code as confirmation that he has previously read the full document and the accompanying message corresponds to the document. The SIM card generates an electronic signature and transmits it through the 1C-SIM platform to the information system from which the signature request originally came.

What does using an electronic signature on a SIM card look like in practice?

Photo of the phone at the time of confirmation of entry to the demo portal at www.1c-sp.ru/demo


Screenshot of the scenario “Signature of a payment order” on the demo portal www.1c-sp.ru/demo


Photo of the phone at the time of confirmation of the test signature Payment order to the demo portal at www.1c-sp.ru/demo


Tell me, how long ago did the idea of ​​introducing an electronic signature key on an operator’s SIM card appear?

The idea of ​​using SIM cards to generate an electronic signature has been around for quite some time. Currently, there are a number of countries where this technology is actively used in the G2C, G2B, B2B segments. These are Azerbaijan, Kazakhstan, Belarus, Turkey, the Baltic countries, Finland. In some of them, the initiative to create such systems came from the state, which provided budget funding for the projects. In Russia, the idea of ​​introducing digital signatures on SIM cards has existed for more than 5 years, but it has only now been possible to implement it.

What slowed down the implementation of this initiative?

The creation of a Mobile Authentication and Electronic Signature Platform is a major infrastructure project, which includes integration with many market players - telecom operators, certification centers, information systems. You need to come to an agreement with everyone, build relationships, agree on working conditions. This is a rather difficult task that cannot be solved quickly. But technical implementation is only one side of the problem. The second side is the availability of services that are ready to use such technologies and the maturity of their users. For example, just 5 years ago, having a token or smart card was enough for most. But the world around us is changing, new services are appearing, and with them new threats. Nowadays, a token alone is not enough to ensure convenient and safe work in information systems, especially for active mobile users.

Which operators will become project partners? Who produces digital signatures on SIM cards? Where can users get it?

Our goal is to involve all telecom operators in the project, and we are actively working in this direction. The first batch of fully functioning SIM cards was released jointly with the MTT operator, active negotiations are underway with Tele2, VimpelCom and other operators.

The 1C-SIM platform is ready to work with any Certification Authority, including “internal” CAs of large customers.

At the first stages, it is planned to organize issuance points in the offices of partner certification centers or where users come for services, for example, in bank branches. This will allow, in just one visit, to issue the user a SIM card, issue a signature certificate, and register it in the bank’s system, where the user will be able to take advantage of the 1C-SIM mobile signature.

What advantages of this type of electronic signature do you consider the most important in modern business realities?

Our solution allows us to make the formation of electronic signatures not only safe, but also convenient. First of all, active mobile users will appreciate this, since with 1C-SIM they will receive much more freedom and opportunities than when using “classic” electronic means.

The mobile phone is always at hand, and 1C-SIM users see on the screen what action they are confirming and what they are signing.

What parameters of this electronic signature are important for potential buyers to know?

The 1C-SIM card can work in any phone released after 1995 and meeting the requirements of GSM 11.14.

In 1C-SIM, an electronic signature is generated in accordance with GOST R 34.10-2012. At the moment, in accordance with Federal Law-63, it is considered strengthened unskilled.

Since certification centers are responsible for identifying users and issuing certificates, the set of certificate fields and in which information systems they can be used depends on the CA.

Will the documents signed by this electronic signature legally significant? Have appropriate amendments been made to the legislation? If not, when will this be implemented?

After completion of work on certification of the solution through the FSB of Russia and subject to use qualified certificate signature issued by an accredited certification center, it will become enhanced qualified. Accordingly, the documents signed by her can become legally significant.

In other information systems, a mobile phone most often acts as the second stage of two-factor user identification, but here it comes to the fore. Have mechanisms for additional protection of the digital signature on the SIM card been thought out from compromise?

Using the 1C-SIM Platform as a strong authentication mechanism allows information systems to increase the level of security and protect themselves from a number of threats that are relevant when using “classical” electronic signature tools.

  • Firstly, the private signature key is stored inside the SIM card and is non-removable, which eliminates the possibility of its theft and further forgery of the user's signature.
  • Secondly, up to 10 keys can be stored on the 1C-SIM card at the same time and each of them has its own password (PIN). The need to enter a password on a mobile phone eliminates the possibility of generating an electronic signature without the user’s knowledge.
  • Thirdly, displaying information on the smartphone screen about which documents the owner signs, allows you to protect yourself from data substitution and phishing.
  • Fourthly, the presence of non-retrievable keys in the card completely eliminates an attack involving reassignment of the subscriber number to another SIM card in order to intercept the one-time password sent in SMS messages. Even if the number is assigned to another card, the user's private signature key will remain on his card in the phone.

Fifthly, the 1C-SIM SIM card provides a two-factor authentication mechanism: the first factor is the presence of a private signature key inside the SIM, and the second factor is knowledge of the access password to this key. Even if a mobile device with a 1C-SIM card is lost or stolen, it will not be possible to use it without knowing the password.


The mobile electronic signature technology implemented on the 1C-SIM Platform implies its safe and convenient use for signing electronic documents, transaction confirmation and strong authentication in information systems. This ensures the demand for the product, which appeared on the market in a timely manner during the preparation for the launch of the development program digital economy, which Vladimir Putin spoke about at the end of 2016.

The editors of the portal site thanks you for the interview technical director LLC "1C-SP" Alexey Alexandrov

The article was prepared by the Unified Electronic Signature Portal. When using the material in full or in part, an active hyperlink torequired.

» began to introduce electronic mobile signature technology in SIM cards in Russia. The project was launched in pilot mode with subsidiary company JSC Russian Railways - JSC NIIAS. The mobile signature in SIM is used to confirm the subscriber’s identity in the digital space, including for remote signing of electronic documents and protecting Internet payments.

Within joint project with OJSC "NIIAS" (Research and Design Institute of Information, Automation and Communications at railway transport") electronic mobile signature technology (electronic signature on a SIM card mobile phone) implemented in automated system preparation and execution of ETRAN transportation documents. Now shippers using the services of JSC Russian Railways can sign electronic transportation documents issued in this system using mobile devices equipped with MegaFon SIM cards. The pilot project has already started on the Oktyabrskaya Railway, and in the near future it will be extended to the Kuibyshev and Sverdlovsk Railways.

Shippers are showing great interest in implementing new technology and participation in the pilot project.

The technology includes several stages: generating an electronic message on a mobile device, requesting a subscriber’s electronic signature from the SIM card, authorizing it on a closed web resource using a digital certificate issued by a trusted certification center (in the project, this role is played by the Certification Center of JSC NIIAS "), the formation of a legally significant electronic signature under an electronic document after the subscriber confirms the correctness of the signed data. The technology makes it possible to confirm identity using a digital certificate when providing banking, financial and other services that require strict authentication. Also, an electronic signature generated on the SIM provides access to services or premises using NFC technology, allows you to use a subscription to resources with rights protection, and gain access to your medical or personal data. A subscriber who has the ability to create a signature on a MegaFon SIM card does not need to save numerous logins and passwords for various protected resources - the signature can act as a single key for all services.
At the same time, the SIM card provides even more high level security than, for example, credit cards: to access data without the owner’s knowledge, you will need not only the card number and password, but also a mobile device with a SIM card.

“MegaFon technology makes it possible to create new service for shippers of JSC Russian Railways, providing them with a mobile and secure tool for working with electronic signature technology, while ensuring ease of connection and use of the services of the JSC NIIAS training center,” says Andrey Galdin, head Scientific and technical complex technologies information society JSC "NIIAS" — This service is of great interest to clients of Russian Railways, and in our opinion, its implementation will radically change the current ideas about ensuring the legal significance of electronic documents, increasing the speed of registration of railway transportation.”

“Today, more and more services for individuals and organizations need a simple and secure tool for paperless remote interaction,” says Vlad Volfson, director of corporate business development at MegaFon. “An electronic signature on a SIM card allows us to make the technology as simple and accessible as possible for all categories clients and at the same time guarantees an unprecedented level of security. By launching this project, MegaFon once again acted as a leader in the implementation of breakthrough technology. Today there are no alternatives Russian market does not exist, and in fact our product creates new market, in which confirmation of the subscriber’s identity is an independent service in the digital space,” summed up Vlad Volfson.”

1C-SP considers companies interested in providing secure access to personal accounts users or the ability to sign any documents in in electronic format using EP. For example, the service may arouse interest among banks whose clients use remote service systems, Khimanych believes. In addition, the service may be of interest to insurance companies, retailers, transport companies etc., he is sure.

MTT is the first operator with which 1C-SP cooperates, but the company is interested in expanding their circle, Khimanych notes. For example, 1C-SP successfully tested electronic signatures on VimpelCom SIM cards, he says. In Russia, the use of electronic signatures on SIM cards has not yet gone beyond tests - but there is experience in its use, for example, in Finland, Estonia, Turkey, Azerbaijan, and Kazakhstan, he lists.

Now in Russia there are about 3.5 million owners of digital signatures, of which only 5% are individuals, Mikhail Dobrovolsky, deputy head of the certification center SKB Kontur, told Vedomosti. Every year the number of digital signature users grows by 30% on average, he calculated. According to him, there are electronic signatures that are used in reporting services and electronic document management. Here, the electronic signature is issued to the user as part of the service and there is no separate market there, explains Dobrovolsky. The second group is electronic devices used in various other application systems ( electronic trading, EGAIS, state portals, etc.) - this market can be estimated at approximately 7 billion rubles. per year, he believes. So far, there are no certified solutions that allow the implementation of digital signatures on SIM cards, and the 1C-SP solution should become such, Dobrovolsky hopes. If it is possible to carry out “seamless” integration of signature services on SIM cards for all operators, the demand for such digital signatures in the presence of certification will be very high, he predicts.

As a virtual operator

For the project with 1C-SP, the Mobile Virtual Network Enabler (MVNE) platform was used, which is used to create and support virtual operators on MTT resources, says Boyko. The platform was launched in the fall of 2016, and now the IT company LPTracker, operators Top Connect and GlobalLine Telecom are already working on it. MTT is negotiating with about a dozen companies interested in creating an MVNO, Boyko claims, but does not disclose their names.

MTS announced plans to provide private and corporate users with digital signatures on SIM cards in 2013. According to its representatives, its support was to become one of the functions of the company’s electronic document management system, in which it planned to invest 700 million rubles over three and a half years. A representative of MTS then said that the company plans to earn about 2 billion rubles from services related to electronic document management by the end of 2016. At that time, Megafon also had plans to develop an electronic digital business, its employee said at the time.

Its representative Dmitry Solodovnikov does not say how much MTS earns from electronic communications now. He points out that in March 2016, MTS received the status of a trusted operator of electronic document management of the Federal tax service, expanding the range of services in this area. In April 2017, MTS and the Russian Railways subsidiary NIIAS began providing the “Electronic Signature” service on MTS SIM cards to freight carriers on railways Russia, says Solodovnikov. The operator is also developing its own electronic signature service on SIM cards for the mass consumer and will begin providing it in the second half of 2017, he says.

VimpelCom is also testing a number of own projects via mobile electronic signature and is negotiating with a number of partners, says its representative Anna Aibasheva. She did not elaborate on the details.

Megafon plans to launch a mobile electronic signature in the summer of 2017 - the project is entering the final stage, says the operator’s representative Yulia Dorokhina. The signature will be qualified - today only Megafon has all the necessary certificates and permits, she claims. According to her, the operator is not negotiating with 1C.

Let us recall that, according to Vladimir Zavitkov, general director of the Identification Center, the technology is already being tested on the equipment of one of the telecom operators; it will allow for budget-friendly mass identification of citizens.

In this regard, we asked for comment this information some industry experts.

A representative of MTS confirmed that testing of the technology mentioned in the news took place on MTS equipment. “The company has successfully tested the technical implementation of the service; the implementation of services using an electronic digital signature for our clients will not require significant time,” said a company representative. “We are currently considering the possibility of providing certification center services with the issuance of SIM cards with a built-in electronic digital signature for subscribers of all segments,” said MTS press secretary Irina Agarkova.

Ekaterina Lebedeva, head of the brand communications service at VimpelCom, noted that electronic digital signature is already quite widespread in the segment corporate clients, where the need for such functionality is obvious. “As for the mass market and the distribution of electronic signatures among the entire population, our company views this area as potentially promising. If we talk about a solution in which the private key is on the SIM card, then investments are required related to the purchase of SIM cards, identification technology, as well as support for this technology from the acceptor companies,” emphasized Ekaterina Lebedeva.

Igor Goldovsky, CEO Payment Technologies company reported that a similar idea is already being implemented at UEC OJSC, but not on a telephone, but on a personal computer. According to the expert, neither a computer nor a telephone represents a trusted application execution environment, however, for a computer there are a large number of cheap PC/SC readers through which a UEC card holder can work, while the telephone is an alternative channel for checking the document being signed. “During the loading of a document into the browser of the user’s network device or after loading, the document can be modified. To protect against fraud, the telephone is used as an alternative channel of communication with the client, who is always at hand. Moreover, the telephone number, which is used to alternatively present the document to the user, is also read from the UEC card, which increases the security of the check,” the expert noted.

He also emphasized that UEC OJSC developed an original algorithm for cardholder verification using a one-time password. According to Igor Goldovsky, the process of certification of a SIM/UICC card by our competent authorities to verify the implementation of Russian cryptographic algorithms and the vulnerability of the card’s execution environment is not transparent. According to the expert, there were no such people among the main suppliers of SIM/UICC cards until recently. “The idea of ​​the announced project is not new, and its first implementation, as far as I know, will appear in a few months at UEC OJSC, which is correct. UEC OJSC is an organization authorized by the Russian Government that develops means of identification/authentication of citizens of our country,” noted Igor Goldovsky.

Based on materials from PLUS

Jan. 10, 2018

To be honest, I have almost nothing left in my head from the school history of the Middle Ages. But now I know how the schism in the church occurred in the 17th century, who Patriarch Nikon is and why the authority of the church in our wonderful society has been fading for the fourth century in a row (although, in one century, it was the church that saved all of this Rus', since others there are no value guidelines left).

I learned about how a series of very, very mediocre rulers, with their blatant disregard for their duties (as God’s anointed) to take care of their homeland (oh, for the first time in ten years I wanted to write this word with a capital letter!) led to the development of Europe , but we are not. And then I had to cut a “window” into this very Europe with the hands of Peter I using such methods that it is better to remain silent about them...

And I also learned about the closest relatives of Peter I, who managed to rule Russia before him, and what came of it (everything was pretty gloomy). The book ends at the moment when Peter I had practically become the “acting tsar,” but the author left this story for the next volume of “History of the Russian State.” We listened to the book in audio version while driving around New Zealand during the New Year holidays ;-)

By the way, right after the book we watched the Soviet nine-episode “series” - “Mikhailo Lomonosov” (). "It went" very well! In "Lomonosov" the events begin immediately after the death of Peter I, but many of the characters mentioned are from Akunin's last book. The narrative of the book seems to “jump” through the era of Peter and continues further - very interesting. Everyone should listen to the book, read it electronically or on paper. Optional;-) Happy reading.

Aug. 17, 2016

It was good for Comrade Gandhi. Or, there, Nelson Mandela. He took a principled position and went to prison for it. And every day of imprisonment worked for Gandhi, because the world community understood everything and put pressure on the one who took you into custody. Well, the prisoner had his own consciousness, which was not as “ghoulish” as it is now. The world is more complex now. Dictators like Putin or Erdogan can simply ignore such methods of fighting against them. They have so many political prisoners. And nothing.

So I understand the military from Turkey. They have done this several times already and are something of a fuse in the Turkish social system. If someone (the authorities) “goes too far”, then the fuse may work. It’s interesting how Erdogan allowed this to happen. I would like to know more about this. And also why so many supporters of Erdogan took to the streets. Turkey is a very difficult place. More difficult than today's Russia.

Feb. 01, 2016

Jan. 30, 2016

These days, our beloved state is diligently expelling back to the DPRK a person who managed to escape from there twice and is now asking for asylum in Russia. An absolutely shameful, cannibalistic story. Very symptomatic and similar to the human destinies from the book. Once again I recommend it to you. This will definitely expand the understanding of the real measure and show how far state madness can go. Enjoy reading.

Jan. 22, 2016

Everyone immediately attacked Nikita about the expected loan rate - about 45% per annum. He replied that the risks were great and that this rate should be compared not with the bank interest rate, but rather with the real possibilities for borrowing in the “here and now” scenario. True, the story “give me a small amount right here, quickly, quickly” is usually more expensive. I suggest how, for example, rates in similar services differ in the USA for the scenario “I can’t wait” (there could easily be 60-90-100%+ ready) and for the case “I’ll wait for a cheaper offer” (well, up to 25-30% per annum).

The question is also asked why banks do not give such clients “regular” loans. They do. You can come and ask - no one forbids you. Now the small business lending market has dropped significantly - few people give loans at all. However, the loan portfolio of the same Sberbank, if my memory serves me right, at the end of the last quarter amounted to more than 1.3 trillion rubles and seems to be growing. There are fewer banks specializing in issuing loans to SMEs - the future is increasingly less predictable. MFOs (microfinance organizations) are appearing to finance businesses and other similar forms of lending, like these crowd-lending startups of various stripes. Here is how former deputy chairman of the Central Bank Oleg Vyugin comments on this in an interview with RBC:

Alfa Bank operates in the modern trend: in the USA and other developed countries, large investments have long been made in the creation of such intermediaries, but not at the bank level, says Oleg Vyugin, Chairman of the Board of Directors of MDM Bank. “However, our companies have high risks due to the unpredictable macroeconomic situation. If the price of oil goes down, bankruptcies will begin,” he notes.

In general, as Nikita said, this is an interesting experiment, an attempt to experiment with a business model. Perhaps there really are no clients on the market who can borrow and, most importantly, repay at such rates. Everyone does unsuccessful projects from time to time. It will probably be more interesting for the average person to see what comes out of this in practice, rather than grudge about the specific amount of the bet. After all, it’s really unclear what will happen. Learn from other people's mistakes.

Who are the operators? They simply take what is on the market, set it up on their network, and offer some kind of service. In a sense, they are system administrators, not developers - “customers” of other people’s ready-made solutions, not “creators”. There were no normal solutions for FMC - the operator service did not work out, despite all the hype.

Today another news arrived: “MTS will launch an alternative to Skype.” Called “MTS Connect”. A week later. I'm not kidding. And indeed, this is an alternative to Skype when you go roaming and find wifi there. In this case, your phone will connect to MTS via wifi, and not a roaming cellular network, and you will be able to talk at the call price in home network. I went to Uruguay, found wifi and decided to call my mother on a Moscow mobile phone - I called at the price of an on-net call without roaming.

Well, well, that's a good thing. All this is built on the basis of the RCS program from the GSMA cellular operators association. That is, operators and equipment manufacturers even managed to create a standard out of this. And even a worker. In just ten years, right? Moreover, you read the descriptions and know that in reality they are still trying to invade the clearing of instant messengers and file sharing. In most countries, corresponding services on operator networks are launched under the joyn brand.

But I could be wrong - I’m a layman and talk all sorts of nonsense. Every time I see that operators have come up with some kind of gigantic program where greedy telecom equipment manufacturers are involved, then it turns out that nothing worked out for them. Usually because it took more than ten years to develop this understandable thing. Ten years, Karl! Do you remember, yes, that three years ago there was no Telegram messenger at all? Remember the growth charts of WhatsApp, Viber, Chinese crafts?

Do you understand that in a year or two everything can change upside down and efforts lasting 10 years, which lead to minimal results like “you can call almost free from Uruguay to Moscow,” strategically cost nothing and will not bring any benefit? Operators remain system administrators without a drop of technological creativity; they cannot create anything unique. Those who create unique technologies and do it quickly will forever defeat operators, completely oblivious to their “coverage”, “scope”, “ client base” and other “innovation”.

By analogy, it makes me very sad to look at the absolute majority financial institutions. Where they don’t experiment, where they don’t have their own technology policy based on creating their own and not on customizing someone else’s, where they just steal obvious features from each other, there is no bright, breakthrough future, significantly different from the dull past. It’s great when shareholders understand this point and slap the hands of people who build their careers solely on “implementing” “best practices” from “leading vendors.” You fucking have to create, and not customize other people’s crafts. Everyone can do the latter. Sorry

avtovsamare.ru - My business - Franchises. Ratings. Success stories. Ideas. Work and education

Certificate of registration of mass media EL No. FS 77 - 57771 dated 04/18/2014.
Copyright © 2006-2017. All materials are protected by copyright
The media outlet "BusinessGarant" is registered by the Federal Service for Supervision of Communications, Information Technologies and Mass Communications