The mechanisms of authentication and payment confirmation by electronic signature are widely used in RBS systems. The evolution of technical means of electronic signature is clearly shown in the article Shield and Sword in RBS Systems . Briefly, the ruler can be represented in the form - tokens, tokens with on-board cryptography, trustscreen with on-board cryptography.

Typically, devices with on-board cryptography implement basic cryptographic algorithms — the ES, hash function, encryption. But in some cases, digital certificates are used in the RBS systems for authentication and electronic signature. To integrate the cryptographic capabilities of the devices and the PKI infrastructure, we released the Rutoken solution WEB PKI Edition , a multiplatform and multi-browser plug-in for systems with a web interface.


')
The new version of the plugin supports our trustscreen with on-board cryptography — the Rutoken PINPad device . Now you can check that the bill is actually signed, displayed in the browser.



Thus, we offer the RBS system developers a universal solution that, according to a number of security indicators, capabilities and usability, has no analogues.

The above picture shows the integrity of the solution — combining the capabilities of various devices, integrating with PKI — and it all works in a browser.

In terms of security, Ruken PINPad is:

• non-recoverable key support
• visual control of the authentication process on a web-resource
• visual inspection of the document being signed

Rutoken PINPad can also be used as a store of digital certificates. To get acquainted with the possibilities of the solution, we modified our Demo Bank . Now, through a single interface, users can work with Rutoken EDS or Rutoken WEB, as well as users with Rutoken PINPad. At the same time, the latter have the advantage of visual control of transactions in a trusted environment.

Let us consider the possibilities of Rutoken PINPad on the example of making a payment through a demo bank.

check in

In the Demo Bank, it is possible to register using the certificate already available on the device. This certificate may be obtained elsewhere.

My device already has a key and a certificate is stored. So, install the plugin, connect Rukoken PINPad to the computer. After that, the Demo Bank will automatically detect the connected device and list the certificates stored on it.



Choose a certificate by which we will register, enter the PIN-code. In this special way are formed
random data that is signed on the device in the CMS format, the certificate is added to the final CMS message. The registration request is displayed on the PINPad Rutoken screen.

Authorization

The authentication procedure on the site, which allows the user to get into his personal account, also occurs by signing random data on the device in the CMS format with the screen display of the authentication request on the device screen.

Signature Bills

The electronic signature procedure via Rutoken PINPad involves:

• Search for a non-recoverable key on the device that matches the certificate selected by the user
• formation of a payment order by means of a browser in a special format
• sending instructions to the device through the plugin
• display on the device, confirmation by the user
• hardware signature calculation in accordance with GOST R 34.10-2001 using the hash function in accordance with GOST R 34.11-94
• forming high-level CMS message in the plugin

The payment is displayed on the device screen in an easy-to-read form.



After viewing and confirming a signature was generated in the CMS format.



Our company is ready to provide any necessary assistance regarding the embedding of the solution in the application systems.