Error signing the document is not brought to wep. Features of archival storage of legally significant electronic documents
Ivan Agapov, business analyst at Synerdocs
Let's try to figure out what is happening in Russia today in the field of long-term storage electronic documents using electronic signature. What can business representatives expect in connection with the new standard, and is there a solid legislative basis on electronic archiving.
Today, more and more often there is a need to convert documents into electronic form, not only for temporary use, but also for a long or even permanent storage period. The fact is that electronic document management allows you to work with documents without duplicating them on paper. Therefore, the number of such electronic documents is constantly growing. It is especially important to keep the so-called legal significant documents- invoices, contracts, acts, waybills, etc.
When organizing the storage of legally significant electronic documents, a number of problems occur. First of all, the question arises about the physical location of the documents storage.. When choosing storage media (removable or local), it should be taken into account that their shelf life is limited. The operating conditions are also very important. For example, factors such as room temperature, humidity, UV rays, etc. And for organizing the storage of a large corporate amount of information, servers are required. It is logical that the requirements put forward to server rooms will be even more serious than to the ubiquitous local storage media. This is not only the lack of windows in the room and the presence of a raised floor, but also a number of other significant limitations. Based on this, the stored information must be periodically backed up, overwritten, replaced media, etc.
Specialized electronic archives can become a way out of this situation. For example, in March 2002, the federal target program "Electronic Russia (2002-2010)" was launched in the Russian Federation, within the framework of which the project "Electronic Archive of the President of the Russian Federation" was implemented. The total volume of the archive amounted to approximately 15 million documents. However, at the end of 2010, the effectiveness of the program was assessed as low: electronic document management between government agencies, as well as electronic communications between government agencies and citizens did not function. The effectiveness of public administration in Russia, according to the World Bank, has not changed much over the years. It is unfortunate that today this project has been suspended, and there is no need to talk about the widespread and wide distribution of such programs. In particular, this was facilitated by the lack of a regulatory framework in the Russian Federation that could regulate relations in the field of electronic archiving, but the start target program still gives hope for the development of this direction.
The second and, perhaps, the most important problem with long-term storage of electronic documents is ensuring their legal significance. The latter is achieved by using an electronic signature (ES). To date, relations in this area are regulated by: Federal Law of January 10, 2002 No. 1-FZ “On Electronic digital signature”and the Federal Law of 06.04.11 No. 63-FZ “On Electronic Signature”. According to Federal Law No. 63, two types of EP are distinguished: simple and reinforced.
All signatures differ from each other in their characteristic features, which are clearly reflected in the indicated federal laws. But, unfortunately, there are some limitations in the use of each of the types of signatures while providing legal significance. The fact is that the certificate of the electronic signature verification key, as a rule, is issued for one year, and the signed document, following the requirements of the law, must be stored for at least five years. The question arises, how in three years to prove the validity of the ES, which was confirmed by this certificate? This means that we are faced with the task of determining the validity of the electronic signature and certificate at the time of signing the document.
This issue is resolved by using advanced electronic signature (UEP). Signs of evidence of authenticity have been added to its format, such as a time stamp, certificate revocation data, etc.
UEP allows you to provide:
● evidentiary confirmation of the moment of creation of the signature;
● evidentiary confirmation of the validity of the electronic signature key certificate at the time of its creation;
● archival storage of legally significant electronic documents.
As you can see, modern developments and technologies make it possible to ensure the storage of legally significant electronic documents.
Another important aspect in the issue of archival storage of the SWED is the rapid development of equipment and technology. Rapid progress does not allow us to look into the future more than 10-15 years. To understand what we are talking about, let's go back a few years and what will we see? To store information, 3½-inch floppy disks are actively used. But already in March 2011, Sony put an end to the history of floppy disks by officially ceasing their production and sale. And now PCs simply do not assume the presence of a floppy drive. Modern manufacturers of optical discs guarantee the operation of drives for no more than 10 years. The service life of flash drives depends on the number of data overwriting processes. All this suggests that after some time we are simply forced to overwrite information on more and more modern drives. Thus, we must have guarantees that in 10-15 years we will be able to check the ES of stored documents without any problems, and, of course, “read” the format of the text editor in which the electronic document was created 10 years ago ( e.g. Lexicon format). To do this, we need a playback device, an operating system and tools for working with ES that will support the format of the stored electronic document.
Is all this supposed to be possible?
Yes. To date, we have all the necessary tools for organizing the archival storage of the SWED. Using the advanced signature format ensures that your documents are legally valid. Organize workplace, allowing you to check the ES after 10-15 years, with the appropriate organization of processes, also does not cause serious difficulties. The creation of electronic archives will not keep you waiting with an increase in demand for them.
A little more difficult is the case with legislative framework RF in the field of electronic archiving, but maybe than faster business refuses paper, the sooner detailed information about electronic documents will appear in our country in the law "On Electronic Archives"? The appearance of the first precedents in an area so far little studied will simply force the state to come to grips with this issue.
Everything is interconnected and in most cases depends on us. Empty expectations will not lead to results - it's time to start acting!
To implement the revision into commercial operation, it is required to ensure the following organizational measures:
Setting up the directory "Workstation Offline distributions" of the software "ASFC (SUFD)" for routing documents of clients of the "Offline - client FK" workstation and data upload catalogs.
Activities to train new customers in the basic principles of working in the system.
Events to train OrFC employees on the principles of interaction with offline clients and control over document flow.
2.3.Changed documentation
Changes have been made to SUFD_RAS_System settings.doc - clause 7.1.4 has been updated, 7.1.11 has been added.2.4 Changes to the user interface
2.4.1 System constant GroupOutgoingPacket
The system constant GroupOutgoingPacket (Group of outgoing packets sent between AWS Offline and SUFD) has been developed (Fig. 1).The constant takes the value:
1 and any value other than 0 - group packets;
0 - do not group (default).
1. EF of the GroupOutgoingPacket system constant
2.5 Changes in directories
2.5.1. Directory of the "Reference book of bundles for OrFC"
In SUFD and Offline workstation, a new field "Offline organization code" has been added to the on-screen form of the record of the Directory of bundles for OrFC, which stores the code of the organization served on the Offline workstation (Fig. 2).
2. EF entries of the directory of links for ORFC
2.5.2. Handbook "Workstation Offline Distributions"
Designed new guide"Workstation Offline distributions" in the menu item "References - System - Settings of Workstation Offline" (Fig. 3, 4).
3. EF of the directory "Workstation Offline Distributions"
4. EF records of the directory "Workstation Offline Distributions"
3.SUFD-56709. Refinement of advanced electronic signature verification
3.1. Brief description of the revision
According to the letter Federal Treasury dated July 17, 2014 No. 42-11.0-13 / 226 in the PPO "ASFC (SUFD)":
The function of the Cryptoserver to strengthen the electronic signature has been improved in terms of adding the expiration date of the trusted time service certificate from an external timestamp.
The function of the Cryptoserver for checking an enhanced electronic signature has been improved in terms of improving the algorithm for checking timestamps.
The function of extracting the validity period of a trusted time service certificate from an external timestamp has been developed in the Cryptoserver.
The function "Bringing the electronic signature to the archive format" has been developed in the Cryptoserver.
A function for registering events to bring electronic signatures to an archive format has been developed
The function of generating a request to the trusted time service for generating an archive time stamp has been developed in the Cryptoserver.
The function of forming an archive timestamp has been developed in the Cryptoserver.
The function of adding an archive time stamp to an electronic signature has been developed in the Cryptoserver.
A function has been developed in the MQ server to obtain the expiration date of the trusted time service certificate, which was used to generate the last time stamp, from an electronic signature.
The function "Bringing an electronic signature to an archive format" has been developed in the MQ server.
The function of strengthening the electronic signature in the MQ server has been improved in terms of adding the parameter expiration date of the trusted time service certificate from an external timestamp.
The function of storing an electronic signature has been improved in terms of adding a new field "Expiration date of the trusted time service certificate".
The function "Strengthening the electronic signature" has been improved in terms of saving information about the expiration date of the trusted time service certificate from an external timestamp.
The function of checking the electronic signature has been improved in terms of determining the sign of checking the electronic signature of the trusted time service certificate.
The function "Bringing electronic signatures to the archive format" has been developed for electronic signatures stored in the PPO "ASFC (SUFD)".
3.1.1.Development of the configuration parameter "Renewal period for the archive timestamp" (SUFDCORE-14146)
A new parameter "Archive timestamp update period" (sufd.crypto.dateForUpdateArchiveTimestamp) has been added to the sufd.properties configuration file.The parameter is intended for specifying the period in days, at the approach of which the archive time stamp of the signature is updated. Default value = 30 days.
3.1.2 Development of the program "Determining the validity period of a trusted time service certificate" (SUFDCORE-13990)
A program "Determining the validity period of a trusted time service certificate" has been developed for electronic signatures already stored in the PPO "ASFC (SUFD)".The algorithm of the program is as follows:
The field “Trusted time service certificate expiration date” is filled in for electronic signatures already stored in the ASFC (SUFD) software by extracting the expiration date of the trusted time service certificate from an external timestamp.
The program is executed once for each electronic signature that has an empty field "Trusted time service certificate expiration date".
3.1.3. Development of the function "Bringing electronic signatures to archive format" (SUFDCORE-13989)
The function "Bringing electronic signatures to archive format" has been developed.The algorithm of the function is as follows:
The input parameter is the overlap period between the current and new trusted time service certificates (SUFDCORE-14146 new configuration parameter).
Electronic signatures are selected for which the difference between the validity period of the trusted time service certificate from the last timestamp (external timestamp or the last time stamp in the chain of archive timestamps) and the current system date is less than the value of the program input parameter, but greater than zero. Each electronic signature is processed according to the following scenario:
if the program is launched on the AWP SUFD-Portal or AWP OrFK, then:
the electronic signature through the call to the function "Function of bringing the electronic signature to the archive format" of the Cryptoserver is brought to the archive format,
brought to the archive format, the electronic signature and the expiration date of the trusted time service certificate are stored in the database of the AWP SUFD-portal / AWP OrFC.
if the program is launched on the OFK-offline workstation, then:
on the basis of the electronic signature, through the call to the function "Function of creating a request to the trusted time service" of the Cryptoserver, a request is created to the trusted time service to form an archive timestamp;
to deliver the request to the trusted time service, a carrier service document is created, in which the request is added. The carrier document is sent to the SUFD logistics workstation;
when a carrier document is received in the SUFD-logistics workstation, a request is extracted from the document, on the basis of which, through calls to the function “The function of creating an archive label based on the transmitted request”, an archive timestamp is formed;
To deliver the generated timestamp, a carrier service document is created, to which an archive stamp is added. The carrier document is sent to the OFC-offline workstation, from which the service document came for the formation of an archive label;
when a carrier document is received at the OFC-offline workstation, an archive stamp is extracted from the document and, through a call to the “Function of adding an archive time stamp to the electronic signature” function of the Cryptoserver, is added to the electronic signature. Once added, the archive timestamp chain is checked; the electronic signature, brought to the archive format, and the expiration date of the trusted time service certificate from the archive label are stored in the OFC-offline AWP database.
Added a sign of the request: either the strengthening of the ES, or the formation of an archive label.
A field of type Date has been added that transports the expiration date of the TSP service certificate from the last timestamp.
3.1.4. Refinement of storage, WF of ES data (SUFDCORE-13988)
The ES data storage structure has been improved: an additional field "Expiration date of the trusted time service certificate" has been added to the table (next to the "Last verified" field).3.1.5. Refinement of the Cryptoserver/MQ server (SUFDCORE-13980)
Improved Cryptoserver/MQ server in terms of:
Improvement in terms of archive signature support (for example, CAdES-A using the archive-time-stamp attribute, which is an archive time stamp).
The signature is:
Formation:
the cryptoserver, based on the hash of the signature of the second timestamp, generates a request in the SDV;
SDV signs with its key;
Subsequent imposition of archival marks:
the cryptoserver, based on the signature hash of the last archived timestamp, generates a request in SDV;
ADD pulls out the hash and applies the exact time;
SDV signs with its key;
the received response is returned to the cryptoserver.
Examination:
If the check was successful, then the chain of the previous label is checked in the same way (and so on up to the very first one) - the certificate is checked for validity at the time specified in the next label.
Explanation of the current implementation:
document (first 20 kb);
signature on the document;
1st label (internal) is overlaid on the signature hash;
OCSP response;
The 2nd label (outer) is superimposed on the hash (first label signature + OCSP response signature).
The following object identifier (OID) defines the archive-time-stamp attribute: 1.2.840.113549.1.9.16.2.48.
Refinement of the function "Bringing to UEP" in terms of an additional return parameter - "Expiry date of the last timestamp".
Implementation of the function "Get by ES the expiration date of the certificate of the last timestamp".
3.1.6. Refinement of interaction with the Cryptoserver "Strengthening the electronic signature" (SUFDCORE-13975)
A new type of interaction with the Cryptoserver has been implemented - "Electronic Signature Strengthening":
EP is given as an input.
The output is UES with an additional timestamp (archive-time-stamp), and separately the expiration date of the certificate and the additional stamp (last timestamp).
Saving the returned parameter "Expiration date of the last timestamp" (when "bringing to UES" or "Improving the ES to the archival storage format") in the corresponding field of the ES storage table (SUFDCORE-13988 - the field "Expiration date of the trusted time service certificate" .
3.1.7 Improvement of the signature verification function (SUFDCORE-13969)
The function of checking the enhanced electronic signature (SES) has been improved in terms of refining the algorithm for checking timestamps.The algorithm for checking timestamps is as follows:
In the parameters of the "Enhanced Electronic Signature Verification" function, the sign of verification according to the current algorithm is specified. In this case, the external timestamp is checked for the date of its creation, the internal timestamp is checked for the date the external timestamp was created.
In the parameters of the function "Verification of enhanced electronic signature" there is a sign of verification according to the new algorithm, then in this case:
The electronic signature contains a chain of archival marks, in which case the Nth timestamp in the chain is checked for the current system date, the (N-1)th timestamp is checked for the date the Nth timestamp was generated. The external timestamp is checked for the date of formation of the 1st archive timestamp;
the electronic signature does not contain a chain of archival timestamps, in this case the external timestamp is checked against the current system date, the internal timestamp is checked against the date the external timestamp was created.
UEP claimed to solve two thousand crimes
The Moscow Prosecutor's Office has completed an audit of the work of the Department for Economic Crimes of the Moscow Central Internal Affairs Directorate. It was revealed that the policemen are engaged in postscripts and distort reporting, while no one is looking for many dangerous criminals at all. UEP itself categorically disagrees with this. Its management accuses the inspectors of unprofessionalism and unwillingness to thoroughly study the situation. Kommersant correspondent VLADIMIR Kommersant-SYUN tried to do this.
From the very beginning of the audit, it became clear to prosecutors that instead of real work UEP strenuously creates its visibility. And in order not to lose face in front of the Ministry of Internal Affairs, the capital's policemen have learned to deal with postscripts no worse than the people with whom they must fight on duty. According to Igor Bobrovsky, head of the prosecutor's office for supervision over the execution of laws in the internal affairs bodies, "hundreds of so-called continuing crimes are registered in the UEP." “Take, for example, illegal entrepreneurship,” Bobrovsky is indignant. If someone illegally imported 100 tires, then the crimes of smuggling are not one, but one hundred.” As a result, the city prosecutor's office deregistered only for last year more than a thousand facts of fraud, more than a hundred of smuggling and 113 episodes of bribery. And in total - more than two thousand crimes, the disclosure of which the UEP attributed to itself.
In addition, according to the prosecutor's office, the Uepovites deceived the ministry, claiming that there was practically no red tape in their department and that cases were considered literally in a matter of days. For example, 147 crimes were solved in three days. During the same period, 173 cases were refused.
However, the prosecutors found that only two out of 147 cases were considered within three days, 13 within 10 days, decisions were made in 58 cases for more than three months, and 26 cases were considered for more than six months. In many cases, all records were broken in general (about two years). But, as a rule, during lengthy investigations, evidence loses its validity, documents disappear, material values and the criminals manage to escape.
For example, in 1996, the UEP received a complaint about the fraudulent activities of Mysyagin, General Director of CJSC "Third Rome". He was supposed to embezzle 90 million rubles. The fact check was carried out for more than a year and a half. Then the ninth department of the UEP issued a decision to refuse to initiate a criminal case. The prosecutor's office, in turn, considered this decision unreasonable and resumed the investigation.
The same thing happened with the materials of the Federal Compulsory Medical Insurance Fund. Information about financial fraud in this structure was received in January 1997, and the police began to check it only a month later. And six months later, the UEP sent the materials to the GUEP of the Ministry of Internal Affairs. From there, at the end of 1997, they were again sent to the city police, who eventually refused to open a criminal case. It took prosecutors less than a month to sort out the situation and open a case.
In total, out of 190 materials studied by the city prosecutor's office on the refusal to initiate criminal cases, 38 decisions were canceled. According to 15 materials, the prosecutor's office itself initiated criminal cases, and according to 23 UEP it was proposed to investigate more carefully.
Such carelessness has led to the fact that since 1994, in many cases, fraudsters are not searched at all. Even the so-called operational-search cases have not been opened against them.
The fact that the UEP often neglects its obligation to share information about commercial structures with tax authorities. In this regard, prosecutors say that the system for recording crimes from the Ministry of Internal Affairs should be transferred to independent structures. For example, the Ministry of Justice, which is not a crime-fighting body and is not interested in postscripts. Apparently, Boris Yeltsin, who recently signed a decree "On Ensuring Interaction government agencies in the fight against offenses in the sphere of the economy." By this document, he ordered the government to develop within three months single system accounting for detected crimes in the economic sphere.
The opinion of the management of the UEP about the results prosecutor's check quite the opposite. The head of the department, Colonel Anatoly Filatov, believes that registrations in his department are basically impossible: “Prosecutors confuse crime from the times of stagnation and today. Now criminal cases are of a multi-episode nature. And we investigate each episode separately. What is it to them, they do not delve into the matter, they take materials from the zonal information center, they see that there are many episodes in the case - here are the postscripts for you.
Filatov also doubts that the prosecutor's office will be able to bring criminal cases closed by UEP to court. "In my 20 years of service, I don't remember that the prosecutors have ever imprisoned someone on the basis of abandoned materials. Then they close them themselves, not finding corpus delicti," the colonel asserts.
It should be noted that such conflicts are typical for law enforcement. Attributions of disclosures, and with them the concealment of real crimes, are revealed by the prosecutor's office in all police units that are checked. Since the stagnant times, they have been given rather tough plans to combat crime from above. Now the Ministry of Internal Affairs claims that there are no such plans. But there are indicators of the fight against crime, and they are the main criterion for the distribution of bonuses, awarding titles and appointment to a new position. The same system operates in the prosecutor's office: the more its employees find violations in the work of the police, the more they will receive encouragement from their leadership. In a word, it turns out a vicious circle - it is beneficial for everyone to deal with postscripts.
