Golovna  /  Technologies  /  What is the name of the cryptographic information security system? What do you mean by: features, functions and decals?

What is the name of the cryptographic information security system? What do you mean by: features, functions and decals?

Technologies
21.11.2023

Cryptographic information protection features are designed to protect special and secret information that is transmitted via communication lines. To protect the confidentiality of data, it is recommended to undergo authorization, authentication of parties using additional protocols TLS, IPSec, ensure the security of electronic signature and channel communication.

The ISBC company promotes effective solutions under the brand to establish secure systems for important information, electronic signatures, and access security for vicarious control systems. The largest government organizations work with us, including the Federal Tax Service of Russia, wireline distributors of cryptographic information protection features, and software vendors that confirm the centers that operate in different regions of Russia.

SKZI: see, zastosuvannya

In case of vicinity of SCZI, the following methods should be used:

  1. Authorization of data, ensuring the cryptologist of its legal significance during the transfer process, saving. For this purpose, algorithms are developed for the formation of an electronic key, the verification of which is consistent with the prescribed regulations.
  2. Cryptographic protection of special and secret information, control over its integrity. Definition of asymmetric encryption, imitation protection (disabling the reliability of data replacement).
  3. Cryptographic protection of applied, system software security. Ensure control over unauthorized changes and incorrect work.
  4. Management of the main elements of the system is possible with the establishment of regulations.
  5. Authentication of the parties to exchange data.
  6. Cryptographic protection of transmission based on the established TLS protocol.
  7. The use of cryptographic protection for IP-connection using ESP, IKE, AH.

A complete description of the characteristics of cryptographic protection can be found in the profile documents.

Decision of SKZI

The process of ensuring information security of VCSI is based on the following methods:

  1. Authentication in programs is supported by the Blitz Identity Provider. The authentication server allows, using a single cloud record, to process connected resources of any type (Native, Web, Desktop add-ons), and ensures complete authentication of clients using an additional token or smart card.
  2. At the moment of establishing the connection, the recognized parties will be provided with an electronic signature. Inter-PRO provides HTTP traffic protection, editing capabilities, and online digital signature control.
  3. Costs for cryptographic protection, which ensure the confidentiality of digital document management, also include electronic signatures. To work with an electronic key in the web format, the Blitz Smart Card Plugin is installed.
  4. The implementation of cryptographic protection features allows you to disable unnecessary devices and useless software, system modification.

Classification of SKZI

Costs that are being developed for the cryptographic protection of confidential information in various systems, ensuring confidentiality at confidential measures, aimed at protecting the integrity of data. It is important that the use of such tools for preserving the state treasury is prohibited by law, but is not entirely suitable for preserving personal records.

The features that are used for cryptographic protection of information are classified according to the possible threat, assessing the possible way to an evil system. The smell lies in the presence of undocumented possibilities or inconsistency with the stated characteristics, which may lead to:

  1. systemic PZ;
  2. applied PZ;
  3. Other shortcomings of carrying information.

Software protection of representations by a complex of solutions used for encrypting information posted on different media. Such information carriers can be memory cards, flash drives or hard drives. The simplest of them can be found in open access. In addition to the software cryptosystem, it is possible to add virtual layers designed for exchanging information that operate “on top of the Internet”, for example, VPN, extensions that support the HTTP protocol, which support extensions for HTTPS, SSL encryption. Protocols that are used for data exchange are established for the creation of Internet add-ons, in IP telephony.

Software cryptoassist can be easily used on home computers, for surfing the Internet, in other areas where there is no high concern for the functionality and reliability of the system. Otherwise, since the Internet is constantly going down, it is necessary to create a large number of different thefts.


Crypto hardware systems

The features of hardware cryptographic protection are physical devices associated with the data transmission system that ensure encryption, recording, and transmission of records. Aparati can be used as personal devices or as follows:

  • USB encryptors, flash drives.

Vikorist devices can be ideally protected from computer networks.

The features of the crypto-hardware are easy to install and provide a high-speed output. The information necessary to ensure a high level of cryptographic security is located in the device’s memory. It can be read either contact or non-contact.

When choosing VKZI, which are released under the ESMART brand, you are using effective technologies that provide effective cryptographic protection in online or offline modes, authentication of the customer using additional tokens, smart cards ok or biometric data. The combination of hardware methods with software solutions allows you to obtain the greatest amount of protection with little investment of time and effort in the process of information exchange.


An important feature of the product line of ESMART® cryptographic protection features is the presence of a single product of its kind, based on the proprietary MIK 51 microcircuit from PAT "Mikron", for which additional information is possible effectively deal with a lot of problems associated with the security and protection of data. It is based on hardware support of Russian GOST cryptographic algorithms with foreign-made microcircuits.

SKZ ESMART® Token GOST is issued in the form of smart cards and tokens. The development of the ESMART company is certified by the FSB of Russia for classes KS1/KS2/KS3. Certificate No. SF/124-3668 confirms that the ESMART Token GOST cryptographic means supports the FSB of Russia up to encryption (cryptographic) capabilities of the KS1/KS2/KS3 class, up to electronic signature capabilities, for We firmly confirm the order of the FSB No. 796 and you can become a victor for cryptographers, but not to sweep away the records in order to create a sovereign prison. The notification of ABPN.1-2018 allows the use of GOST R 34.10-2001 from the SKZI ESMART Token GOST by extending the term of the certificate in connection with the transferred terms of the transition to GOST R 34.10-2012 to 1 sec chnya 2020 rock. Also, ESMART® Token GOST can be used for generating keys, forming and verifying electronic signatures, and providing multi-factor authentication of customers, etc.

The ESMART company offers additional daily SKZI at the lowest prices available from the manufacturer. Our engineering R&D center and production facilities are located in Zelenograd. The high-quality chips of Russian production allow us to obtain the most competitive prices for cryptographic information protection for government projects, enterprises and purchasing organizations.

The features of cryptographic protection of information, or shortly cryptographic protection, are developed to ensure the complete protection of data transmitted by communication lines. For this purpose, it is necessary to ensure authorization and protection of the electronic signature, authentication of receipt of parties using the TLS and IPSec protocols, as well as protection of the channel itself, if necessary.

Russia has a lot of cryptographic features, but most of them are classified, so there is little information available behind the scenes.

Methods to contact SKZI

  • Authorization of data and ensuring the preservation of their legal significance at the time of transfer and preservation. For this purpose, algorithms for creating electronic signatures and verifying them comply with the established regulations of RFC 4357 and obtain certificates based on the X.509 standard.
  • Protection of data confidentiality and control of its integrity. Vikorist uses asymmetric encryption and imitosis to prevent data spoofing. Complied with GOST R 34.12-2015.
  • Defender of system and application software. Prevention of unauthorized changes or improper operation.
  • Management of the most important elements of the system in accordance with the adopted regulations.
  • Authentication of parties that exchange data.
  • Protect the connection to the additional TLS protocol.
  • IP connection protection for additional protocols IKE, ESP, AH.

The methods are described in the following documents: RFC 4357, RFC 4490, RFC 4491.

CIPS mechanisms for information security

  1. To protect the confidentiality of information that is stored or transmitted, it is subject to encryption algorithms.
  2. Once the connection is established, identification will be secured by means of an electronic signature under the hour of authentication (following the X.509 recommendation).
  3. Digital document management is also protected by means of electronic signatures, without the protection of imposition or repetition, which provides control of the reliability of the keys that are used to verify electronic signatures .
  4. The integrity of the information is ensured by means of a digital signature.
  5. The use of the asymmetric encryption function allows data to be stolen. In addition, to verify the integrity of the data, you can use hashing functions or imitosis algorithms. However, these methods do not support the importance of authorship of the document.
  6. Repetition protection is provided by the cryptographic functions of the electronic signature for encryption and imitosis. In this case, a unique identifier is added to the skin session, wait a long time to turn off this error, and a reversal of the receiving side is implemented.
  7. Protection from binding, in order to penetrate the ligaments from the side, is ensured by the means of electronic signature.
  8. Other protection - against bookmarks, viruses, modification of the operating system, etc. - is ensured using various cryptographic features, security protocols, anti-virus programs and login management.

As you can note, electronic signature algorithms are mainly a function of cryptographic protection of information. The stench will be seen lower.

Vimogi shodo vikoristannya SKZI

SKZI is aimed at protecting (by verifying the electronic signature) sensitive data from various information systems of the foreign currency and ensuring their confidentiality (by verifying the electronic signature, imitozahist, encryption, hash verification) at corporate borders.

The personal security of the cryptographic security guard is used to protect the personal data of the client. However, you should especially see the information from the state prison. Behind the law SKZI you can buti vikoristano to work with her.

Important: before installing the CPS, you must first check the CPS security package itself. Whole crock. As a rule, the integrity of the installation package is verified by verifying the control sums held by the manufacturer.

Once installed, the trace is determined by the level of the threat, which means you can identify the types of ACS required for installation: software, hardware, and hardware-software. It is also important to note that with the organization of various VCSs, it is necessary to ensure the placement of the system.

Klasi zakhistu

In accordance with the order of the FSB of Russia dated July 10, 2014 number 378, which regulates the establishment of cryptographic protection of information and personal data, six classes were designated: KS1, KS2, KS3, KV1, KV2 ,KA1. The class of defense of this system is determined by analyzing data about the attacker model, in order to assess the possible ways to attack the system. Protection will be based on software and hardware cryptographic protection of information.

AC (current threats), as can be seen from the table, there are 3 types:

  1. Threats of the first type are associated with undocumented capabilities of the system software that is being tested in the information system.
  2. Threats of another type are associated with undocumented capabilities of the application software that is developed in the information system.
  3. All others are called threats of the third type.

Undocumented capabilities - these are the functions and powers of the software that are not described in the official documentation or do not correspond to them. Their use may pose a risk of compromising confidentiality and the integrity of information.

For clarity, let's look at the attacker models, which require a different class of cryptographic protection features to cover the needs:

  • KS1 is a violator in the middle of the system, without any indicators in the middle of the system.
  • KS2 is an internal burglar, but does not allow access to the VCSI.
  • KS3 is an internal breaker, which is the core of the SKZI.
  • KV1 is an attacker that attracts third-party resources, for example, fahivts with SKZI.
  • KV2 is a destroyer, behind whose activities there is an institute or a laboratory that is working on the development and development of SCPD in Galuzia.
  • KA1 – special services of powers.

With this rank, KS1 can be called the basic class of zakhistu. Apparently, the higher the class of defense, there are fewer fahivts to protect it. For example, in Russia, according to data for 2013, there were only 6 organizations that issued a certificate from the FSB and provided security to the KA1 class.

Vikorist algorithms

Let's look at the main algorithms that are used for cryptographic information protection:

  • GOST R 34.10-2001 and updates to GOST R 34.10-2012 - algorithms for creating and verifying electronic signatures.
  • GOST R 34.11-94 and the remaining GOST R 34.11-2012 - algorithms for creating hash functions.
  • GOST 28147-89 and the new GOST R 34.12-2015 - implementation of algorithms for encryption and data security.
  • Additional cryptographic algorithms are in accordance with RFC 4357.

Electronic signature

The established method of cryptographic protection of information cannot be discovered without the use of electronic signature algorithms, which are gaining more and more popularity.

An electronic signature is a special part of a document created by cryptographic processes. Our main concerns are the detection of unauthorized changes and attribution of authorship.

An electronic signature certificate is a single document that certifies the validity and authenticity of an electronic signature to your owner using a private key. The type of certificate is confirmed by the centers for verification.

The owner of the electronic signature certificate is the person in whose name the certificate is registered. It is connected with two keys: open and close. The private key allows you to create an electronic signature. The private key is used to verify the authenticity of the signature due to the cryptographic link from the private key.

See your email signature

According to Federal Law No. 63, electronic signatures are divided into 3 types:

  • Primary electronic signature;
  • unqualified electronic signature;
  • qualifications electronic signature.

A simple EP is created for the storage of passwords, overlays on the appearance and review of data, and similar features that invariably confirm the authority.

Unqualified EP is created using additional cryptographic processes using a private key. In this case, you can confirm the person who signed the document, and establish the fact that unauthorized changes were made before these unauthorized changes.

Qualified and unqualified signatures are further differentiated by the fact that in the first instance, a certificate for a EP may be issued by a certified FSB-certified center.

Email signature area

The table below outlines the areas of EP stagnation.

The most active EP technologies involve the exchange of documents. In internal document management, the EP acts as a document certifier, as a special signature etc. In case of current documentation, the visibility of the EP is critical, as is the case with legal confirmations. It is also important to note that documents, EP signatures, documents are saved indefinitely and do not lose their legal significance through such officials as signatures that are zipped, zipped papers, etc. .

Liability to control authorities is another area in which electronic document management is growing. Many companies and organizations have already appreciated the ease of use of this format.

According to the law of the Russian Federation, citizens have the right to court the EP under the hour of vicarious government services (for example, signing an electronic application of government authorities).

Online trading is another important area in which electronic signatures are actively being promoted. This is confirmation of the fact that real people take part in trades and these propositions can be considered reliable. It is also important that any contract for the additional EP gains legal force.

Electronic signature algorithms

  • Full Domain Hash (FDH) and Public Key Cryptography Standards (PKCS). There remains a whole group of standard algorithms for various situations.
  • DSA and ECDSA are standards for electronic signatures in the USA.
  • GOST R 34.10-2012 – EP design standard in the Russian Federation. This standard replaced GOST R 34.10-2001, which was officially adopted after 31 January 2017.
  • The Eurasian Union has standards that are quite similar to the Russian ones.
  • STB 34.101.45-2013 – Belarusian standard for digital electronic signature.
  • DSTU 4145-2002 is a standard for creating electronic signatures in Ukraine and many others.

Varto also notes that the EP creation algorithms have different purposes:

  • Group email signature.
  • One-time digital signature.
  • Entrusted with EP.
  • Qualified and unqualified signatures.
Cryptography (from the ancient Greek κρυπτος - words and γραϕω - I write) is the science of methods for ensuring confidentiality and authenticity of information.

Cryptography is a set of methods for transforming data, aimed at making the data illegal for an attacker. Such transformations allow you to create two main points for information security:

  • privacy protection;
  • protection of integrity.

Confidentiality and information integrity issues are closely intertwined, which is why the best methods for one are often counterproductive to the other.

There are different approaches to the classification of methods for cryptographic transformation of information. Based on the output information, methods for cryptographic transformation of information can be divided into four groups:

The directory generates the text of the exit notification M, which may be transferred to the legal owner through an unprotected channel. Behind the channel, follow the method of crossing and reveal the message that is being transmitted. In order to prevent the spoiler from being aware of the information M, the director encrypts it with the help of reverse transformation Ek it removes the ciphertext (or cryptogram) C=Ek(M), which overpowers the possessor.

Legitimate possessor, having adopted the ciphertext Z deciphers it for the help of the gateway re-creation Dk(C) it removes the output from the appearance of the opened text M.

Re-creation Ek is selected from a family of cryptographic algorithms called cryptoalgorithms. The parameter that is chosen next to the transformation is called the cryptographic key Before.

The cryptosystem has a variety of implementation options: a set of instructions, hardware features, a set of programs that allow you to encrypt clear text and decrypt the ciphertext in different ways, one of which is selected for each other. yu specific key Before.

Redesigned encryption can be done symmetricalі asymmetrical How to re-create decryption. This important power means two classes of cryptosystems:

  • symmetric (single-key) cryptosystems;
  • asymmetric (two-key) cryptosystems (with a private key).

Symmetric encryption

Symmetric encryption, which is often called encryption using secret keys, is important to use to ensure the confidentiality of data. In order to ensure the confidentiality of data, you must choose a single mathematical algorithm that is used for encrypting and decrypting data. In addition, they need to select a hidden (secret) key that matches the encryption/decryption algorithm they have adopted. The same key is used for both encryption and decryption (the word “symmetric” means the same for both sides).

The butt of symmetric encryption is shown in Fig. 2.2.

Today, encryption algorithms such as Data Encryption Standard (DES), 3DES (or “triple DES”) and International Data Encryption Algorithm (IDEA) are widely used. These algorithms encrypt messages in blocks of 64 bits. Since the information about it exceeds 64 bits (as it is said and done), it is necessary to divide it into blocks of 64 bits per skin, and then purchase them accordingly. Such integration is usually accomplished by one of the following four methods:

  • electronic code book (Electronic Code Book, ECB);
  • Cipher Block Changing (CBC);
  • x-bit encrypted feedback (Cipher FeedBack, CFB-x);
  • Output FeedBack (OFB).

Triple DES (3DES)- A symmetric block cipher, based on the DES algorithm, with the method of removing the main part of the remaining key (56 bits), which can be broken by brute force. The strength of 3DES is 3 times lower than that of DES, but the crypto strength is richer. The hour required to cryptanalyze 3DES may be much higher than the hour required to crack DES.

Algorithm AES(Advanced Encryption Standard), also known as Rijndael - a symmetric block encryption algorithm - encrypts messages in blocks of 128 bits, a vikory key of 128/192/256 bits.

Encryption using a secret key is often exploited to maintain data confidentiality and is even effectively implemented using the same firmware. This method can be used to authenticate and maintain data integrity.

The following problems are associated with the symmetric encryption method:

  • it is necessary to frequently change secret keys, otherwise there is a risk of an accidental breach (compromise);
  • It is easy to ensure the security of private keys when they are generated, distributed and saved.

Corporate encryption methods, which are promoted by AST, can support GOST encryption algorithms and secure the necessary classes for the cryptologist, depending on the required level of protection, the regulatory framework and the possible complexity with it. our own, among other things, external systems.

The features of cryptographic information protection (CIS) are an important warehouse when information security is ensured and allow us to guarantee a high level of data conservation, ensuring that encrypted electronic documents are never lost in the hands of third parties. Their characteristics, as well as in case of theft or loss of information about them. SKZI today may become involved in a skin company – often in line with the interaction with automated banking systems and government information systems; later – to save and exchange corporate data. Nowadays, the latest encryption technology allows you to protect your business from unsecured flows of critically valuable information with a guarantee of up to 99% of the security of a human official.

The functional need for stored VCS is also determined by the greater popularity of electronic document management, archiving and paperless interchange. The importance of the documents stored in such systems dictates the need to ensure high security of information, which cannot be accessed without securing encryption and electronic signature methods.

The implementation of SKZI in corporate practice involves the creation of a software and hardware complex, the architecture and storage of which is determined by the needs of a particular representative, due to legislation, the required methods and encryption algorithms. This may include software components for encryption (cryptoproviders), methods for organizing VPN, methods for authentication, methods for forming and verifying keys and digital signatures, which serve to organize legally significant document processing, hardware carriers, etc. formats.

Corporate encryption methods, which are promoted by AST, can support GOST encryption algorithms and secure the necessary classes for the cryptologist, depending on the required level of protection, the regulatory framework and the possible complexity with it. our own, among other things, external systems. This type of encryption will ensure the protection of many information components - files, directories with files and archives, physical and virtual storage media, entire servers and SRS.

The solution can ensure the entire complex of approaches to the reliable protection of information when storing, transmitting, vicorising, as well as managing the VCSs themselves, including:

  • Securing confidential information
  • Ensuring the integrity of information
  • Guarantee of information reliability
  • Complete protection of information, including:
    - Encryption and decryption
    - Creation and revision of the EDS
  • Hnučkisti našestuvannya, keruvannya i vikoristannya SKZI
  • SKZI protection, including monitoring and detection of cases of loss of efficiency, attempts of unauthorized access, cases of key compromise.

Implemented projects

Related services:

  • Monitoring and management of IB incidents

    The most important factor in ensuring information security (IS) is the availability of complete and reliable information about the data,

    [...]
  • Border security and perimeter protection

    The network infrastructure is technologically the basis of all corporate IT systems and is a transport artery for information,

    [...]
  • Protection against direct attacks

    One of the most serious and most dangerous threats to business in terms of information security (IS) for direct purposes

    [...]
  • Automated process control system manager

    Automated process control system (APCS) for production and basic solutions,

    [...]
  • Spill analysis and control systems

    Just as there are no absolutely healthy people, there are no absolutely stolen information systems. IT infrastructure components

    [...]
  • Protection against the flow of information (DLP system)

    Any organization maintains documents with shared access that contain other confidential information. I'm not getting lost in strangers

The term “cryptography” is similar to the ancient Greek words “wanting” and “writing”. The phrase expresses the main purpose of cryptography – it is the protection and preservation of the confidentiality of transmitted information. Information security can be obtained in different ways. For example, there is a way of limiting physical access to data, connecting to a transmission channel, creating physical difficulties in connecting to a line connection, etc.

The purpose of cryptography

Instead of traditional methods of secret writing, cryptography provides greater accessibility to the transmission channel for malicious actors and ensures confidentiality and reliability of information using encryption algorithms, such as and make information inaccessible to third parties. The current system of cryptographic information protection (CIP) is a software and hardware computer complex that ensures the protection of information behind such basic parameters.

  • Confidentiality- The impossibility of reading information by persons who do not have appropriate access rights. The main component of ensuring confidentiality in SKZI is the key, which is a unique alphanumeric combination for the client’s access to the last block of SKZI.
  • Solidity- impossibility of unauthorized changes, such as editing and additional information. For this purpose, the output information is given the extra-ordinary nature of the verification combination, which is calculated by the cryptographic algorithm and lies in the key. In this way, without knowing the key, adding or changing information becomes impossible.
  • Authentication- confirming the correctness of the information and the parties that are being sent and maintained. Information transmitted through communication channels must be uniquely authenticated by the place, the time of creation and transmission, the source and the owner. It should be remembered that the threat may come not only from the malicious person, but from the parties who take part in the exchange of information due to a lack of mutual trust. To avoid such situations, the VCR system uses a time stamp system to make it impossible to re-upload or reverse the information and change the order and forwarding.

  • Authorship- confirmation and impossibility of taking actions based on the information. The most extensive way to confirm validity is the EDS system and two algorithms: prior to signature and verification. For intensive work with the ECC, it is recommended to use software centers for creating and managing signatures. Such centers can be implemented as a completely independent form of the internal structure of the SCZI. What does this mean for the organization? This means that all transactions are certified by independent certification organizations and that detailed attribution is practically impossible.

Encryption algorithms

Currently, open-source encryption algorithms with a variety of symmetric and asymmetric keys with sufficient strength to ensure the required cryptographic complexity are preferred. The most advanced algorithms:

  • symmetrical keys – Russian R-28147.89, AES, DES, RC4;
  • asymmetric keys – RSA;
  • with vicoristan hash functions – R-34.11.94, MD4/5/6, SHA-1/2.

Many countries are developing their own national standards. In the United States, modifications are being made to the AES algorithm with a key of 128-256 bits, and in the Russian Federation, the electronic signature algorithm R-34.10.2001 and the block cryptographic algorithm R-28147.89 256-bit key. All elements of national cryptographic security systems are subject to licensing for export abroad.

Crypto hardware systems

Hardware VCSs are physical devices used by security software to encrypt, record and transmit information. Encryption devices can be installed in personal devices, such as ruToken USB encryptors and IronKey flash drives, expansion cards for personal computers, specialized switches and routers, based on what may be needed everywhere theft of computers.

Hardware SKZs are quickly installed and operate with high speed. The shortcomings are high, equalized with software and hardware-software SKZI, flexibility and the possibility of modernization.

Also, it is possible to add SKZI blocks to the hardware, installed in various devices for recording and transmitting data, where encryption and access to information is required. Before such devices there are automobile tachometers, which record the parameters of vehicles, types of medical equipment, etc. For full-fledged operation of such systems, it is necessary to activate the VCS module by postal specialists.

Crypto software systems

SKZIS programs - special programs for ciphery dannies on the natives of izhormasi (Zhorstki that flash -disk, cards of PAM'yati, CD/DVD) TA PID Hour of Transmission (Elektronni Leaf, Files by Labs, Chati Toscho). There are a lot of programs to choose from, including the cost-free ones, for example, DiskCryptor. Before software VCS, it is possible to add a secure virtual network for exchanging information that operates “on top of the Internet” (VPN), an extension of the Internet to the HTTP protocol with the support of encryption HTTPS and SSL - a cryptographic transmission protocol and information that is widely used in IP telephony systems and Internet applications.

Software SKZI are mainly used on the Internet, on home computers and in other areas where the functionality and stability of the system is not very high. Because you have a problem with the Internet when you have to create a lot of different thefts all at once.

Hardware-software cryptohist

It combines the most beautiful components of hardware and software systems of the CPS. This is the most reliable and functional method of preventing theft of systems and data transfer. All options for identifying users are supported, both hardware (USB storage or smart card) and “traditional” - login and password. Software and hardware VCSs support modern encryption algorithms, provide a wide range of functions for creating protected documents based on the EDS, all with the necessary government certificates. Installation of the SKZD is carried out by qualified personnel of the distributor.

Company "CRYPTO-PRO"

One of the leaders of the Russian cryptographic market. The company develops a full range of programs for protecting information from digital digital signatures based on international and Russian cryptographic algorithms.

The company's programs are used in the electronic document management of commercial and government organizations, for filing accounting and filing reports, in various municipal and budgetary programs, etc. “Crypto-PRO” provides vendors with interfaces for inserting elements of cryptographic security and provides a full range of consulting services for the creation of VCS.

Crypto provider CryptoPro

During the development of CryptoPro CSP, the cryptographic architecture of Cryptographic Service Providers was incorporated into the Windows operating system. The architecture allows you to connect additional independent modules to implement the necessary encryption algorithms. With the help of additional modules that operate through the CryptoAPI functions, cryptographic protection can be operated by both programs and hardware.

Key noses

How special keys can be differentiated is as follows:

  • smart cards and readers;
  • electronic locks and readers that work with Touch Memory devices;
  • various USB keys and replaceable USB storage devices;
  • Windows, Solaris, Linux registry files.

Functions of a crypto provider

SKZI CryptoPro CSP is fully certified by FAPSI and can be approved for:

2. Complete confidentiality, authenticity and integrity of data with additional encryption and imitative protection conforming to Russian encryption standards and the TLS protocol.

3. Checking and monitoring the integrity of the program code to prevent unauthorized changes and access.

4. Creation of regulations for the protection of the system.