Qualified signature with mobile device. How to protect digital interaction of a person with business and government

Experts' publications

In the age of the digital economy, technology allows us to communicate, make financial transactions, and sign electronic documents without seeing each other. This is very convenient and saves a huge amount of time, however, it is necessary to ensure the security of individuals and organizations and reliably protect their transactions from computer fraudsters while maintaining the convenience of digital interaction between citizens and government/business. A solution to this problem could be a qualified cloud-based digital signature on a smartphone, a mobile device, which in recent years has become our faithful companion.

ACCESS TO THE CLOUD: WHICH OPTION TO CHOOSE?

For a long time, the stumbling block in the implementation of qualified cloud digital signatures has been maintaining the level of security during remote acceptance (confirmation) of the signature operation with the key stored, for example, in a Hardware Security Module (HSM).

Several options to access user keys stored in cloud have long been suggested: reusable or one-time password, including sending a code via SMS, and authentication with a dongle. At the same time, access to keys with a one-time and/or reusable password does not provide an acceptable level of security and, thus, fails to meet regulatory requirements. While the use of smart cards and tokens “kills” the very idea of the cloud signature. The digital signature on special SIM cards, which were actually supposed to store user keys and become the digital signature tool itself, still has not been widely accepted due to technological and logistical limitations. The cloud signature key owner authentication technology helped address these limitations thanks to the special smartphone application CryptoPro myDSS, a product of partnership between SafeTech and CryptoPro.

CRYPTOPRO MYDSS. QUALIFIED DIGITAL SIGNATURE WITH SMARTPHONE

The CryptoPro myDSS mobile application allows the user to authorize signing operations for any digital transaction with literally two touches of the smartphone’s screen generating a transaction authorization code based on four elements: time, content of the signed document, unique features of the smartphone, as well as a unique key that is stored in a protected area of the user’s smartphone. This scheme is significantly safer than with the use of one-time or reusable passwords as it ensures the immutability of the electronic document during the transfer to the signature server.

More recently, on February 14, 2018, the CryptoPro DSS cloud-based signature service with the myDSS authentication module received an approval from the Federal Security Bureau (FSB) of the Russian Federation with the corresponding certificate to be received in the near future.

So, the CryptoPro DSS integrated solution with the myDSS authentication module will allow you to simply and conveniently authorize any document or operation with a qualified digital signature using your smartphone, gaining access to electronic document management systems, government services, as well as remote banking systems anywhere and anytime without sacrificing convenience.