Have questions about the electronic ID of a citizen of the RF?

Today, a press conference was held about universal e-cards with representatives of OJSC Universal Electronic Card, which makes them. It was a great opportunity to ask a couple of questions of interest to the community, which we used.

At first it was a topic for collecting questions and sending answers: I constantly updated comments and asked what I had time to do. Now, under the cut - a real-time conference log (squeezing interesting facts about the map), a few photos and a short story about the event in general.
')

Squeeze

Here is the map on the wiki, here's a picture of what's on it. UEC is an interface to a heap of databases of organizations, IDs, EDS, banking and the ability to install your own applications. There is a crypto module on the map, plus applets and keys are stored. It can be used offline (fare, key for store loyalty program), and online (apartment payment, etc.). You can write your software on it according to a rough analogy with the app. Good conditions for small business. Maps from April. Paper documents are not yet replaced, but serve as a means of identification. It is read by readers with a built-in key, it will also be in the form of sims and similar items. Analogs have already been introduced in Singapore and Estonia, for example. The main difficulties in implementation are the hard work of coordinating the interactions of different departments that process requests using the map.

Log

As the conference progresses, I will update the topic. Upd: technical issues are over, now in the case of journalists. The next opportunity to ask is already personally with the managers after the conference. Upd all over, update the topic later, there are a couple of interesting points. Upd : updated.

Upd: It is known that as with hardware: more than 72 kilobytes, at least 5 years, a special protected area, 100,000 rewriting cycles, i / o using a certified cryptographic core. An identification application, an EDS, banking software and something of a federal and regional level are installed. They gave a piece of paper with a bunch of guests about the map.

Upd: A. V. Ulyanov said that the card will automatically update the software and synchronize data when used in the terminal, for example, at an ATM. Applications for opsocks, commercial companies, etc. can be installed. The task is to collect services in one place. Can be used through a personal reader at home.

Upd : banking stuffing from Mastercard. They promise fast processing and a minimum commission, lower than usual on the cards. The main bank - Sberbank, you can link with others.

Upd : basic applications are hard-coded, others are installed, for example, the store loyalty program can be installed and remotely updated. Services can be expanded without application updates, on the server side. Now there are tests, at the beginning of the year 12, the release of cards will begin.

Upd : product price - 280 rubles, the issue of specialization centers of personalization, paid by the state, for a citizen for free. The cost will fall as the circulation increases. To obtain, you must submit an application and photo. You can apply and photo online.

Upd : there is a completely Russian prototype of the chip card.

Upd: In order for the card to work abroad as a means of payment, you need to put an application. Estimated - in a year and a half. The second option is through a banking application, linked to a separate account.

Asked about moderation and control applications. The moderation of applications is done: the administration looks, an examination is made on correctness and respect for the rights of citizens, moderation is carried out on the technical side. When an update - once again control on the legal topic and on the technical. When a regional-level application passes (transportation, loyalty, etc.), every citizen of the region sees it in the list of possible services.

The service is added easier, this is the way to commerce. Roughly speaking, there is one application where all services of loyal customers, identification, etc., are collected, that is, penetrations to the object and club cards are added this way. You have to pay for it.

There may be a magnetic strip on the card, and some applications work without a pincode, for example, a one-time transport.

Upd: if the terminal does not have a special application, the card will not give up the id.

Upd: payment goes in two stages: first, identification, then payment gateway. So you can connect a stick, vm, poison, and so on.

Upd: in 1-2 years you can leave the rights at home and ride with the map. Emphasis on the unwillingness of the legal framework at the moment. The police have readers who have their keys stitched, which can be revoked in case of theft.

Upd: for commercial applications, the publication of source codes is possible, for basic ones - no, it is possible that they are classified. There is even a reason for issuing in the questionnaire for issuing, connected with updating the applications of the federal level.

Upd: you can not remove the card: due to the banking application, legally equated to robbery or theft. You can quickly block. If a person is suspected of fraud, you can block some of the functionality (that is, the ATM can not keep it before the trial).

Upd: there will be a separate loyalty application. Only the identifier is stored in it, not the data itself. Approximately the same is stored in the transport software and so on. If you buy a travel card - it will be saved locally. If the data is needed offline - they are stored on the map. If online - on the side of the vendor.

Upd: Specifications for application development will be posted.

Upd: discs on the hump are excluded, if a key leaks, it is immediately blocked, the key issuer suffers a lot.

Upd: it is planned to make chips for phones on sd, sim cards and scotch tape under the battery. The smartphone can be used as a reader. There will be an online office where the service control center will be.

Upd: words about innovation began to sound. Techies do not know the budget, but already more than a billion has gone to the technical part. They say that return on investment is possible at the expense of the commissions of various commercial services.

Upd: there will be offices for the issuance of non-residents in Moscow, will earn from March. If you are from the region - you can get there. Migrants are planning a separate paid card with limited functionality.

Upd: now the call center is working, but there is only the first line, the normal second will be in a few months.

Upd: and they will also change their site :-) They say it will be usable and ergonomic.

Upd: Stillavin asked about naming. It is approved, but replacement is possible. Dr. Lisa asks about medicine: they say there will be terminals everywhere in hospitals, plus the pension code is marked with numbers on the card.

Upd: the basic card reader with a key will cost 50 bucks, it can be used everywhere where there is an uplink. In Germany, 12 million cards have already been bought for 12 million cards.

Upd: this company works as a coordinator, it works with expert advice a la techno-elite. Plus close cooperation with the largest integrators. There are 150 people in the company itself, there will be 200 in a year. The average employee iq is 120. They say that guys from Switzerland came, compared to their level of security, we look better.

Upd: they say that making a duplicate map is so difficult that it can only be an organization the size of an intelligence from another state. Related issues: perhaps the wireless connection of the reader to the network, the card works only at a distance of a couple of centimeters. In any operation, all data on the card parameters, including data on the crystal and the composition of the applications, are transmitted. When a card is reissued, it is visually similar, but has a different number and key.

Upd: stimulate the introduction of services from small businesses. They say very soft moderation. Services are connected with the mandatory consent of the end user.

Upd: the chip must be certified to work in the international banking system plus have the approval of our regulator. There are 2 big companies that can do this with us. Journalists ask if they are shareholders - the answer is no. They say the products of these companies are on missiles and tanks.

Upd: now everything is in beta, the first maps to people from the street - in April (most likely).

Upd: an interesting topic - you can do banking locally in fast mode at a certain limit. For example, when buying a ticket, a network request is not made, the person immediately passes, and then receives an invoice. Not completely understood, but somehow.

Upd: they say, the main difficulties are working with the interaction of departments with each other on the requests of the card. Much work is going on in establishing protocols and processes.

Upd: now work is underway with 6 banks, by the end of the year there will be 20, by the end of the 12th - up to 60.

Upd: applications - java-applets.

Upd: there will be some kind of appstore analogue where you can trade your application.

Upd: there is already a prototype card for 144 kilobytes. They say inside mostly keys and small applets.

Upd: There are 4 types of loyalty programs: for small businesses with a light entry threshold, then Raspberries type, the next level is an aggregator of discounts like coupon services plus its own application that transfers keys. It should be ready in April, we have found possible contractors, now the competition is starting.

Upd: After the conference, Kaganov asked whether such a scenario is possible: there is a terminal at the entrance to the rocking chair, which offline checks the id according to the loyalty program. Can a card write a log of calls and then dump it on online synchronization? Question to the community: how much can such a log weigh?

Upd: actions from the card are accepted, that is, for example, you cannot forcibly take money from the debtor through this interface (but you can directly through the bank).

Photo

They answered our questions:


Terminal and card:


On the other hand:


Above:


The terminal comes to life only when installing the card:


Leonid Kaganov carefully removes the device:


Dr. Lisa asks about the timing of implementation, she is interested in hospitals:


Speck times:


And two:

What was it?

It was a press conference about universal electronic cards. The most famous bloggers were called there (there were Elizaveta Glinka, Sergey Stillavin, Rustem Adagamov, Oleg Gribanov, Leonid Kaganov, Niyaz Aksanov, Dmitry Chernyshev - I knew only Leonid Kaganov and Dr. Liza before the conference). It so happened that in addition to the traditional LJ-sphere they began to call people from the technical community - that is, from Habr. Actually, I tried to provide a direct channel to us in the topic and asked questions.

As a brief, they gave a bunch of paper and a ready-to-use FAQ. In principle, the highlights on the map were already highlighted in advance, but at this conference technical details and incomprehensibles in general were revealed.

The most important personal experience:

• It was at times more interesting than it could be: representatives of the OJSC clearly knew what they were talking about and answered specifically to the main things.
• It was expected many questions related to the lack of understanding of encryption, reading "through the wall" and so on.
• Did not respond to legal and organizational issues.

The most important thing for the community - people from Habr started calling for such events, where usually only journalists are invited. This means that in principle they are ready to be open and really want it.

The topic may contain inaccuracies, so I threw the link AA Nesterova from OJSC Universal Electronic Card and asked for fact-checking.