Practical application of a universal electronic card (UEC) in the city and the Internet. Part 3

Hello again, Habrayuzer! This topic continues the previous 2 posts on the receipt and use of a universal electronic card (UEC) in Moscow.

Post 1: The experience of obtaining a universal electronic card. Pink theory versus harsh reality. Part 1
Post 2: How I got a universal electronic card after 3 months of waiting. Part 2
Post 3 The practical application of the universal electronic card (UEC) in the city and the Internet. Part 3
Post 4 Electronic signature on the UEC, what gives and if necessary? Part 4
')
Initially, I immediately realized that I wanted the UEC only so that I could talk more closely with the EDS (by the way, in the UEC she is qualified) and everything connected with it. Therefore, I designed myself UEC, bought a reader for 527 rubles, and decided to describe the ordeals with the installation and use of this reader, software from CryptoPro and the portal GosSlugi. At the end of the post added a small bonus, in the form of practical application of the UEC in the city.

In general, the whole point can be put in several points:

In the Internet:

1) Put the wood on the reader and UEC.
2) Install the software package from CryptoPro.
3) Install a certificate from the TC UEK and install a personal certificate from the card UEK.
4) Install the plugin to work with the site gosuslugi.ru.
5) If there is no account on public services - register on this site, using EDS.

IRL:

1) A description of how the card works in public transport.

But almost every point has its own pitfalls, so I had to go all this way myself ...

UPD 04/29/2013: I arrived at Soymonovsky Prospect, 5 - they said that on May 13, it would be possible to come and record EDS on UEC. When I called Sberbank at Bolshaya Gruzinskaya, they also said that they were not ready yet. But at Soymonovsky pr-d, 5 are very intelligent and polite employees, and not like more responsible ones.

And if there is no EDS, I ask you to forgive that I wrote a post in the form of what I have already received an EDS, because I don’t think that the theory in this case will diverge from practice.

PS I asked about the need for any additional documents for recording the EDS on the card - they said that only a passport, a card and one of the PIN codes, I suspect that the PIN is. CODE2. He asked 3 times about the TIN - no, he is not needed and there is no field where to drive him (in the Sberbank program). They had already recorded the EDS for someone and did not deposit the TIN.

So, in order to connect the card reader and the UEC to the computer, I had to pretty dance with a tambourine, and smoke manuals, and just have a fun evening, though this time UEC’s fault was not there. Maybe :)

Purchase of hardware and software setup

Buying a reader

According to the list of supported readers for working with UEC, I found only 2 readers on sale in Moscow in April, the price of which suited me, and even then not quite: ASEDrive Mini and ASEDrive IIIe . Bought ASEDrive IIIe, the truth is, it actually looks a bit different . Of course, it was possible to buy another reader, cheaper, but in Moscow, in April, probably not the season of cheap readers.

Reader installation

I came home, connected the reader to a laptop under Windows 7 Ultimate x64. The system itself is naturally factory, came with a laptop. No ZverCD never put. So, I inserted the card reader into the USB - the firewood was not installed. There is no firewood in the system. I look - the search for drivers on Windows Update is disabled. I turned on the option “Search only when drivers were not found on the local machine” (literally, I don’t remember, I’m writing from memory) and the driver downloaded from Windows Update quite quickly. The driver fell into the folder C: \ Windows \ System32 \ DriverStore \ FileRepository \ asedrv3.inf_amd64_neutral_00a0de4fd5c7d70c
I did not stop there, and decided to put it on a netbook, on which Windows 7 x32 and also stock. I plugged into USB - again he did not find the driver on the local machine and turned on the driver search option on Windows Update again, but a surprise was waiting for me - the drivers downloaded and dropped to the C: \ Windows \ System32 \ DriverStore \ FileRepository \ asedrv3.inf_x86_neutral_00a0de4fd5c7d70c folder, but During the installation, Windows wrote to me: "Failure." And so I tried to put them - nothing helps. As a result, I had to google, for the benefit of a short time, the official website, from which to download normal drivers. As a result, the solution was found , namely ASEDrive IIIe - Windows 32-bit. I downloaded 32-bit drivers and successfully installed them. We got up without any problems.

Installation UEK

Yes, it turns out under the UEC, which is seen separately from the reader, also need drivers. After I inserted the UEC into the reader, the drivers were not found at all and by the way, our card is named in the device manager as “Smart card”. With her, everything turned out to be very difficult. I couldn’t download anything suitable from either Windows Update or Google. All the “drivers” that I downloaded (they were all * .exe by the way) I ran on a virtual machine and these were either programs for detecting all computer devices and updating firewood for them, or simply dubious software. As a result, there was a solution to a seasoned comrade. In particular, in order to install a smart card driver, I had to go to “Start” → “Control Panel” → “Device Manager” → “Other Devices” → “Smart Card” → Double Click → “Update Driver” → “Run Search Drivers on this computer ”→“ Select a driver from the list of already installed drivers ”→“ Smart Cards ”→ a double-click to select any of the identification devices (“ NIST SP800-73 [PIV] ”or“ Microsoft Universal Profile ”) → * I chose" Microsoft Universal Profile.
Hurray, UEC installed!

Installing CryptoPro and browser plugin

I don’t find the right page on the CryptoPro website, I don’t remember where I got it from for the first time, but here it is, there’s another page where the same package comes from. I downloaded “CryptoPro CEC CSP 3.6 (CryptoPro CSP 3.6.1 v.8 with Browser plug-in). Version 1.5.1306 ”, for CryptoPro CSP itself and a browser plugin are included there. By the way, the previous instruction is short and it describes the whole process on the part of the client. But this instruction describes the entire process by the administrator.

The plugin supports the following browsers:

• Internet Explorer
• Mozilla firefox
• Opera
• Chrome
• Safari

True, registration is required for downloading, but this site solves such questions.

After downloading, I installed CryptoPro (in fact, not only CryptoPro CSP is installed, but also the browser plug-in). In addition to it, you also need to install a certificate from the TC UEC. The certificate can be downloaded here (cauec.p7b). The process of installing certificates (from the UEC and your personal, from the UEC card) is perfectly described in this manual.

Installing the plugin to work with the site gosuslugi.ru

To work with the state. services need to put some of their plug. It swings from their own site.

Registration on gosuslugi.ru

1) Go to public services and in the upper right corner choose “Registration”
2) Press the “Next” button, accept the agreement and again “Next”, and then select the lowest item, namely “Confirm Identity with an Electronic Signature”, and in the drop-down menu select “Means of electronic signature with a software crypto-provider (CryptoPro CSP, LISSI-CSP, ViPNet CSP, Magister CSP). ”And click next. A window appears, prompting you to select the desired certificate. Choose your certificate and click "OK".
3) After an anxious wait, a window appears asking you to enter a password. We take out the envelope that came with the UEC and enter “ID.PIN2”. There is an important point: if you make a mistake three times with entering a password, you will have to go to unblock the EDS where you received it, you will need an 8-digit "ID.CRP" from UEC to unlock.

And now, as promised, the real situations where I applied this card:

1) Since the card issuer is Sberbank, then it works in all ATMs of this bank. On it you can both put money and withdraw. No commission, no ... In general, as usual Visa / MC, only with the proviso that it is neither Visa nor MC, but domestic PRO100 (based on the last service from Sberbank - Sbercard). This card also has its own number (bank card number) by which individuals can send money. And for legal entities, of course for this card is the account number. Profit in this card, paradoxically, I see that now it does not pay much, because PRO100 payment system is implemented in a very and very small number of outlets in Russia. Therefore, it can be used as a Passbook, but more flexible. That would not once again spend money in a cafe / shop, but if necessary, go to the ATM and withdraw money.

2) Authorization on the website gosuslugi.ru. In theory, there it is possible to pay fines and other services, but so far I have not had the opportunity to use it, so for me personally this item is not relevant. However, I assume that in the future the list of services that will be provided in electronic form will grow, and perhaps this is a good reserve for the future. Since Already, water and electricity can be paid using online banking, in a beautiful and convenient personal account, and not in incomprehensible (because new) public services. Probably, one of these days, I'll go to the clinic and try to insert the UEC into the terminal through which people sign up for a doctor. See if it works.

3) The most interesting thing is right now , and I’m not only a witness, but also a participant, you can put money on the UEC, and use it as a travel ticket for the subway and for ground transportation. Just a couple of days ago, I put 30 rubles on the UEC and calmly went with it on the subway, and today I put another 30 rubles on ground transportation and just calmly went to the bus with it.

Just interesting, and maybe for some useful links:

Description CryptoPro EDS Browser plug-in
Verification of EDS on the CryptoPro website
Setting CryptoPro to work with the UEC. True, nothing needs to be set up, everything is set up out of the box. True, the default port is 443, but port 1234 also works.
The lion's part of this post copied from here
From here, too, took a lot
Application form for issuing a universal electronic card

PS Because Habr is more technical than a humanitarian resource, and I, because of the lack of necessary technical information, cannot say anything new, then allow a little copy-paste from this resource, as well as a little copy-paste from my previous posts.

Concern Sitronics reported that the federal authorized organization for the universal electronic card project (UEC) of the same name issued to Micron, the head company of Sitronics for microelectronics, a positive conclusion about the use of its card platform in the project.

As specified in the company, the platform includes a chip produced by the 180-nm technology, and the operating system, which is pre-installed identification and payment applications. The chip's OS allows UEC to be used as an identifier of a person, a transport card, a card for receiving preferential services, commercial services and interaction with the “Electronic Government” system, Sitronics says.

About the advantages of the domestic chip:

“The advantages of using domestic chips in cards storing personal data of citizens of the Russian Federation are, firstly, that the chips that are manufactured in Russia fully comply with Russian safety requirements, and the customer knows who to ask for any problems,” insists Karina Abagyan. - The second advantage is that we, as a domestic company, can disclose all documentation, including design documentation (microchip schematics and topology) to inspection bodies. I don’t know if a foreign manufacturer will go for it. ”

Such news can not but rejoice:

On June 17, 2011, UEC management signed an agreement with MasterCard, which received the status of a partner in project implementation.

In the envelope coming with the UEC, there are 4 PIN-codes:

ID PIN1: 1234 - used to identify an individual when receiving services
ID PIN2: 123456 - used to digitally sign documents
ID : 12345678 - is used in case of need to change PIN1 or PIN2, and also to unlock them
Bank. PIN: 1234 - used in banking application

UEC specifications from the Ministry of Communications of the Russian Federation. True to 2011.

Decree of the Government of the Russian Federation dated March 24, 2011 N 208 “On technical requirements for a universal electronic card and federal electronic applications”

Until 01/01/2014 in the UEC it will be possible to use an integrated circuit of foreign production. We read this resolution. Part III, paragraph 10. There it is just written in blue that this paragraph is not obligatory for implementation. The same is written in Part IV, paragraph 17, sub-clause d.

PS I tried to publish the post during the day, but something did not work for Habrastorage, so I hid it, and now you can see the reader and the UEC in it.

PPS Thanks to mona_sax and the unknown hero for giving the opportunity to publish this post =)

UPD 1: Updated the points where you can apply for the UEC. For example, in URALSIB you can apply. I called them (URALSIB) and asked about EDS, and received an affirmative answer, that yes, they write EDS. So far, only in one department, and far enough away from me, and on holidays they do not work, so I will wait for the start of the working week and try again to go to Kropotkinskaya.

UPD 2: If there are errors in the EDS that will be recorded on the UEC, then it will be unqualified and unsuitable for use. Proof

UPD 3: Administrator instructions , as well as other instructions, memos and manuals for UEC.