home › Decor › MegaFon SIM cards now have an electronic signature. SIM card and electronic digital signature - what do they have in common?

MegaFon SIM cards now have an electronic signature. SIM card and electronic digital signature - what do they have in common?

The MegaFon company has begun to introduce electronic mobile signature technology in SIM cards in Russia. The project was launched in pilot mode with a subsidiary of JSC Russian Railways - JSC NIIAS. Mobile signature in SIM is used to confirm the subscriber’s identity in the digital space, including for remote signing electronic documents and protection of online payments.

As part of a joint project with OJSC NIIAS (Research and Design Institute of Informatization, Automation and Communications at railway transport") electronic mobile signature technology ( electronic signature on SIM card mobile phone) implemented in automated system preparation and execution of ETRAN transportation documents. Now shippers using the services of JSC Russian Railways can sign electronic transportation documents issued in this system using mobile devices equipped with MegaFon SIM cards. The pilot project has already started on Oktyabrskaya railway, in the near future it will be extended to the Kuibyshev and Sverdlovsk railways.

Shippers are showing great interest in implementing new technology and participation in the pilot project.

The technology includes several stages: generating an electronic message on a mobile device, requesting a subscriber’s electronic signature from the SIM card, authorizing it on a closed web resource using a digital certificate issued by a trusted certification center (in the project, this role is played by the Certification Center of JSC NIIAS "), the formation of a legally significant electronic signature under an electronic document after the subscriber confirms the correctness of the signed data. The technology makes it possible to confirm identity using a digital certificate when providing banking, financial and other services that require strict authentication. Also, an electronic signature generated on the SIM provides access to services or premises using NFC technology, allows you to use a subscription to resources with rights protection, and gain access to your medical or personal data. A subscriber who has the ability to create a signature on a MegaFon SIM card does not need to save numerous logins and passwords for various protected resources - the signature can act as a single key for all services.

At the same time, a SIM card provides an even higher level of security than, for example, credit cards: to gain access to data without the owner’s knowledge, you will need not only the card number and password, but also mobile device with SIM card.

“MegaFon’s technology makes it possible to create new service for shippers of JSC Russian Railways, providing them with a mobile and secure tool for working with electronic signature technology, while ensuring ease of connection and use of the services of the training center of JSC NIIAS,” commented Andrey Galdin, head of the Scientific and Technical Complex of Information Society Technologies of JSC NIIAS “. “This service is of great interest to clients of JSC Russian Railways and, in our opinion, its implementation will radically change the current ideas about ensuring the legal significance of electronic documents, increasing the speed of registration of railway transportation.”

"Today everything more services For individuals and organizations need a simple and secure tool for paperless remote interaction,” noted Vlad Volfson, development director corporate business"Megaphone". - An electronic signature on a SIM card allows you to make the technology as simple and accessible as possible for all categories of clients and at the same time guarantees an unprecedented level of security. By launching this project, MegaFon once again became a leader in the implementation of breakthrough technology. Today there are no alternatives Russian market does not exist, and in fact our product creates new market, in which confirmation of the subscriber’s identity is an independent service in the digital space.”

Today, for many, an electronic digital signature is an abstract concept. In Russia, they set out to place an electronic digital signature on a regular SIM card, that is, perhaps soon almost everyone who has a mobile phone will have an electronic digital signature. In practice, this will be an alternative to universal electronic card, only without payment functions.

However, information security experts consider such an idea to be outright nonsense. Because today there are a lot of mobile phones malware, which can intercept SMS messages and disguise themselves as applications mobile banking with all the ensuing consequences. Information Security possible only in a trusted environment, and experts do not consider a mobile phone a trusted zone. After all, the user himself installs applications, uses the Internet, and opens sent SMS. However, there is still a trusted zone inside the phone - this is a SIM card.

After all, a SIM card is essentially a miniature computer with its own memory, operating system and special applications(applets). This prevents third-party applications from interfering with the operation of applets on the SIM card. The owner himself can access some applets through a special menu, but can only request a balance or find out the payment history, nothing more.

The SIM card does not have great performance, but it has a cryptographic coprocessor that significantly speeds up the encryption and electronic signature generation procedures. This means that every mobile phone owner has a trusted cryptographic protection tool (CIPF). Therefore, it can be used for a wide variety of tasks.

Russian company "Aladdin R.D." has developed three special applets for a new generation SIM card. These applets communicate with each other, with the radio modem, the display, the telephone keypad, and with the cryptographic processor. This technology can work on any modern phone (manufactured after 1995). And it doesn’t matter what manufacturer, model or operating system the phone has.

As a result, a trusted environment is formed on the mobile phone, and this is what makes it possible to legally recognize an action performed from a SIM card as the action of its owner.

How will it work?

The developers have developed quite simple diagram. To receive a SIM card with the ability to carry out transactions when using, a special document is filled out in a communication shop or organization that has the right to do so, and an employee assures that he issued this SIM card to you, and another employee confirms this. Moreover, it will not cost the user anything - he only needs to show his passport and sign an agreement. Then the owner of such a SIM card uses it as usual, until he needs to perform any legally significant action, for example, on the government services portal or in personal account jar.

Then he will need to link the SIM card to the mobile electronic signature platform, which will ensure that the SIM card is linked to account service integrated with the platform. The first time you connect via a SIM card after authentication, the system will prompt you to create a PIN code, then the SIM card will generate a key pair, request a certificate from the certification authority, and upon receiving it, ask the user to enter a PIN code. And only after all these actions, the system, confident that Petrov is Petrov, will allow him to perform certain actions on the service.

Company "Aladdin R.D." developed encryption of SMS messages, which made it possible to ensure network connections over another network. This means that if attackers replace the operator’s base station, they will not be able to interfere with the data exchange process. Now you can, for example, create a payment order in your online bank and send it for signature. No one will be able to replace the payment - the system will display the received data from the payment on the phone screen and request a PIN code.

This system can be used to notify a bank client about transactions with his account. With such a protection system, banking secrecy will be preserved, and it will be impossible to replace messages. But there is one thing - owners who have written down the PIN code in their phone and lost it risk a lot. An attacker can find this PIN code and use it, for example, by purchasing an expensive item on credit, and assign it to the owner of the SIM card. But this can be avoided - if the phone is lost or stolen, the owner can call and block the phone, and the electronic signature certificate will be automatically revoked. In addition, you can limit the volume and content of transactions - everything is done at the request of the owner. At the same time, a mobile electronic digital signature will become a more secure tool than a credit card.

There is a project, but no service

The project is certainly excellent, but there is one thing - there are no services that would support this mobile electronic signature. Consequently, no one will purchase such SIM cards for now. To begin with, such SIM cards need to be distributed free of charge; besides, the use of such a service can simplify and speed up a lot in civil and administrative transactions in Russia. The creators of the project decided to ask for state support, and in 2013, the project concept tested on the Megafon network was presented at the Presidential Council for Economic Modernization and innovative development Russia.

Unfortunately, among telecom operators there were opponents to the introduction of such technology; they actively put a spoke in the wheels. As a result, the project did not receive support, but the creators did not abandon this idea - too much was invested in it. Today, the company, together with Megafon and its subsidiary MegaLabs, is developing this idea and creating services with a view to further interaction with other operators. Some banks and Insurance companies– they benefit from this service. For example, insurance companies can sell their policies remotely.

If the product is implemented, a lot will change in better side. It will be possible to sign any document remotely, and it will be impossible to forge a signature, and it will also not be possible to receive a loan using fake passports. Overall, the remote services industry will change for the better. No one knows how long we have to wait for this happy time. But the work is going on, which means that “tomorrow” will certainly come someday.

Rishat Mukhametshin January 24, 2013 3:23 pm

A couple of days ago, news appeared on the Izvestia website that Muscovites were lucky: they would be able to install a digital signature on electronic documents using a mobile phone. The essence of the innovation is that now the software that ensures the installation of electronic signatures is sewn directly into the SIM card, and using the SIM card service (like those that operators cellular communication added to their SIM cards to provide, for example, subscriptions to services or receipt of balance information), it will be possible to install an electronic signature on your own behalf - on behalf of the SIM card holder.

What does this approach guarantee? The news provides two positive arguments. Firstly, the electronic signature can now be installed using a regular cell phone (not a smartphone), and secondly, the opportunity promises to be free for the client of the cellular operator - the digital signature will not add cost to the SIM card (in fact, it will add, but for the telecom operator, rather than the end consumer).

To be honest, I have big doubts about the viability of this idea. The growth in the number of smartphones in the hands of citizens throughout Russia (and not just in the western part, as was the case before) suggests that while cellular operators update their software, purchase and distribute new crypto-SIM cards, the latter may end up outdated. And this is compounded by the need for certification Russian standards FSB, and this is Extra time expectations.

Nowadays, the signature medium can be recorded on any storage medium; The news mentions MicroSD, so there are no obstacles to installing this media directly into the smartphone’s memory. From a security point of view, these two options are almost equivalent.

Hardware keys are considered truly secure if access to the memory by any means other than from the software of the key itself is prohibited. These keys are considered resistant to hacking because they have many degrees of protection - both software-cryptographic and hardware. In addition, such a key is not always physically accessible from the outside, but only during certain (potentially short-term) periods when it is connected to the device. The SIM card is always on, even when the device is offline.

Attention is drawn to the statement that the cost of a new SIM card compared to that of the old model will increase by $10, but operators will not include this in the price, and instead there will be some kind of lock-in on the operator (the procedure for obtaining a SIM card for due to the presence of a digital signature carrier on it) - to one of the three. It is unclear how the end consumers of this product will react to this.

The words “to sign a document, you need to enter a personal PIN code” are a little scary. It is customary to call a PIN code a combination of four digits. This is not a crypto-resistant combination, and it’s only a matter of time before it gets busted. In addition, it is absolutely unclear how the request for this PIN code will be implemented on devices running different operating systems, and how often the software will be updated. By the way, in my opinion, it is obvious that middleware will be required to deliver the signature, and this provides great opportunities for scammers (remember with the fake Sberbank application on Google Play).

The conceptual problem of the proposed approach also makes us think. For example, the news talks about the fact that the decision to sew an electronic signature into a SIM card will allow you to sign documents using devices to which you cannot connect a MicroSD or USB drive. But in fact, the contents of such media can be easily transferred to the memory of the device itself. Why, in this case, generate extra work for suppliers and add unnecessary cost and complexity for consumers? Unclear.

It is also not completely clear whether the electronic signature “sewn into” a SIM card can be used for personal purposes (for example, in property transactions), or whether it is intended and suitable only for relations with government agencies. However, the latter is not so bad.

» began to introduce electronic mobile signature technology in SIM cards in Russia. The project was launched in pilot mode with a subsidiary of JSC Russian Railways, JSC NIIAS. The mobile signature in SIM is used to confirm the subscriber’s identity in the digital space, including for remote signing of electronic documents and protecting Internet payments.

As part of a joint project with JSC NIIAS (Research and Design Institute of Informatization, Automation and Communication in Railway Transport), electronic mobile signature technology (electronic signature on the SIM card of a mobile phone) has been introduced into an automated system for preparation and registration transportation documents ETRAN. Now shippers using the services of JSC Russian Railways can sign electronic transportation documents issued in this system using mobile devices equipped with MegaFon SIM cards. The pilot project has already started on the Oktyabrskaya Railway, and in the near future it will be extended to the Kuibyshev and Sverdlovsk Railways.

Shippers are showing great interest in implementing the new technology and participating in the pilot project.

“MegaFon’s technology makes it possible to create a new service for shippers of JSC Russian Railways, providing them with a mobile and secure tool for working with electronic signature technology, while ensuring ease of connection and use of the services of the JSC NIIAS training center,” says Andrey Galdin, head of the Scientific technical complex of information society technologies of JSC NIIAS - This service is of great interest to clients of JSC Russian Railways and, in our opinion, its implementation will radically change the current ideas about ensuring the legal significance of electronic documents, increasing the speed of registration of railway transportation."

“Today, more and more services for individuals and organizations need a simple and secure tool for paperless remote interaction,” says Vlad Volfson, director of corporate business development at MegaFon. “An electronic signature on a SIM card allows us to make the technology as simple and accessible as possible for all categories clients and at the same time guarantees an unprecedented level of security. By launching this project, MegaFon once again acted as a leader in the implementation of breakthrough technology. Today there are no alternatives on the Russian market, and in fact our product creates a new market in which confirmation of a subscriber’s identity is an independent service in the digital space,” concluded Vlad Volfson.”

Popular in the category: