ELECTRONIC SIGNATURE: THE ADVANTAGES AND DISADVANTAGES OF
The use of an electronic signature greatly simplifies the process of signing documents and concluding contracts, since it does not require the personal presence of persons concluding various acts. However, despite all the advantages of this technology, there are disadvantages of using an electronic signature.
The relevance of the topic is justified by the widespread introduction of new electronic technologies in everyday life, including the introduction of EDS technology is actively in various government agencies.
Goals, objectives and research methods are to study the technology and identify strengths and weaknesses.
Scientific novelty consists in the approach to the study of the problem from the point of view of technical, legal and organizational security of technology at the current level of development of science and law.
An electronic signature is information in digital form that can be used to identify a natural or legal person without his or her personal presence.
In 2001, the draft law “On electronic digital signature” was approved by the Government of the Russian Federation, which was to become a legal basis for ensuring secure electronic document circulation on the Internet.
Purpose of electronic signature
EP is most actively used in the following areas:
office management system in electronic format;
The purpose of EP:
allows you to monitor the integrity of the document in electronic form;
provides data protection against tampering and modification;
provides the ability to confirm the authorship of the owner of the EP.
The process of creating the EP includes 2 processes: formation (in this case, the private key is used) and verification of the EP (the public key is used).
Article 5 of the Federal law No. 63-FZ of 06.04.2011 (as amended in 2017) “On electronic signatures” defines the following types of electronic signatures: simple and enhanced electronic signatures. In turn, an enhanced electronic signature is divided into an enhanced unqualified electronic signature (referred to as an unqualified electronic signature) and an enhanced qualified electronic signature (referred to as a qualified electronic signature).
A simple electronic signature (PEP)
It is an electronic signature which, by means of codes, passwords or other means, confirms the formation of an electronic signature by a certain person.
PEP is primarily intended for Internet users. Login and password from e-mail or other resource are the data of the probe.
Enhanced unqualified electronic signature (UNEP)
This is an electronic signature, which is a set of encoded characters, which is an analogue of a person’s handwritten signature and is the identifier of his signature.
UNEP used in the document as external (incoming to be returned and outgoing documents) and internal (documentation for the turnover inside the enterprise, as well as incoming documents not returnable).
Enhanced qualified electronic signature (UCE))
This is the most secure type of EP; it is the EP, which is created using cryptographic means, confirmed by the competent authorities, that is, the Federal security service of the Russian Federation. A special certificate issued by an accredited certification center serves as a guarantor of the authenticity of the UECP.
For OKAP is characterized by a wide range of applications. In addition to the possibility of using when working with the document flow, UECP allows you to work with the portal of public Services, provide reports to the tax authorities, send Bank and similar documents via the Internet, provide reports to extra-budgetary funds, and, in addition, participate in the auction.
There are special cryptogramma to work with EP:
The EP scheme provides for the following processes:
generation of ES keys and keys of check EP;
formation of EP;
The mechanism of EP is determined by the implementation of two important processes:
formation of EP;
The use of EP allows to perform the following functions in transmission in the system signed with digital signature of the message:
the implementation of integrity control of the transmitted signed with digital signature of the message;
evidentiary identification of the person who signed the communication with the help of EP;
protection of the message against possible forgery.
Hacking EP in practice is a hacking encryption algorithm. To fully protect their data is insufficient protection of the RSA algorithm and the use of mathematical security measures, in other words, the use of a key of sufficient length, because in practice the best result are those attacks that are made on the unprotected stages of key management system RSA.
On the basis of an early study of the creation and verification of EP, types of EP, as well as methods of hacking, we can draw the following conclusion about the pros and cons of the use of EP in electronic document management: despite the shortcomings of the EP, we can conclude about the overwhelming number of advantages of its use. Based on this, it can be argued that the use of EP is an effective way of signing documents with the introduction of many areas of electronic document management.