RU2272320C1 - System for manufacturing, counting and verifying protective marks and protected documents - Google Patents

Abstract

FIELD: engineering of systems for marking and verifying objects, possible use for marking and identification of products, valuable papers and documents.

SUBSTANCE: system consists of verification center, data input stations, similar number of corporative databases of corporative control centers, n verification stations, system has blanks of protective marks with applied counting numbers, and cancelled marks, indexes show number of corporative control center acting as data provider. System provides for high protection of information applied onto protective mark.

EFFECT: possible marking of objects in several corporative subsystems and with reliable confirmation of authenticity of marked objects present in industrial circulation.

11 cl, 13 dwg

Description

The invention relates to systems for marking and identifying the authenticity of controlled objects and may find application in the marking and identification of products, securities and documents.

A well-known automated system for the manufacture and registration of driver’s documents (RF patent No. 2128856, class G 06 F 17/60, 1999), comprising a unit for generating an information insert for identification, a unit for receiving personal data, an operator console, a monitor, a printer.

The disadvantage of this system is the limited scope, the high technological complexity of obtaining the identification features of objects, as well as the low reliability of identification of the authenticity of documents in the process of their use.

Also known is an automated system for identifying an object and registering its state according to the patent of the Russian Federation No. 2107943, class. G 06 F 17/60, 17/40, 1998, comprising a computer of the main information base, N channels for input and processing of information, a communication and switching unit, two recording units.

The disadvantages of this device are the complexity in the formation and use of external information systems, as well as the high probability of errors in identification due to the presence of subjective factors in the formation of identification characteristics by the operator.

A similar system is known from the application WO No. 91, 10202, class. G 06 F 15/46, 1991, including the marking position on the product, the marking device in the database, marking reading devices at remote positions, the communication line between the database and marking reading devices, a device for comparing readable markings with those stored in the database and decision-making device for further product movement.

This system has disadvantages that are associated with a very limited scope of its application, which makes it impossible to use it for product identification due to the lack of technical means for identifying the authenticity of products during their illegal production and use.

The system is also known (EP, application No. 0112944, class G 07 F 7/10, 1984), including a central point with a main database, a network of remote terminals with its own databases, communication lines for connecting remote terminals with a central point, a set of credit cards and devices for their marking.

The disadvantages of this system include the low reliability of determining the legality of using a credit card if its illegitimate holder enters an identification number that matches the number stored in the database of the central point.

A known system for identifying registered products according to the patent of the Russian Federation No. 2106689, class. G 06 K 17/00, G 06 F 17/60, 1998, comprising a reference database, at least one working database, at least one database access device, communication lines connecting the reference database to at least one database access device, at least one comparison device connected to a corresponding database access device, at least one marking device, at least one data input device for inputting information about the manufactured product into the reference database data, at least one data entry point for entering information about the product entered into economic circulation, in at least one working database through a corresponding database access device, and at least one decision making device.

This system, in contrast to the previously considered analogues, allows marking and identification of registered products, however, it has a narrow scope and does not provide a centralized production and registration of protective marking marks. In addition, there is no possibility of marking and accounting for products manufactured outside this system.

Closest to the technical nature of the claimed is a system for marking and identification of products according to the Eurasian patent No. 002696, class. G 06 K 1/12, 9/00, 2002, which is selected for the prototype. The known system comprises a control and monitoring center, a central database, a data input device, k peripheral databases, k peripheral workstations for printing security signs and k data entry points, n work databases, n devices for accessing work databases, n devices identification and m marking devices, where k, n and m can be any non-negative integers.

The prototype system, in contrast to the previously considered analogues, allows marking products with protective signs and identifying them in economic circulation. However, the prototype system has disadvantages:

- narrow scope. In the prototype system, the protective signs of the marking produced within the framework of only one system are taken into account. There are no means for identifying security signs produced in other similar systems and in economic circulation;

- low security of information printed on the security sign due to the absence in the prototype system of mechanisms for centralized generation of signature keys that guarantee their reliability and delivery (delivery) to the verification devices of signature key certificates, as well as the timely replacement of compromised signature keys. The possibility of falsification (substitution) of information on a security sign and the formation of an electronic digital signature using a false private signature key when a corresponding public key is included in the bar code, the use of which during verification will confirm the authenticity of the electronic digital signature and, therefore, will not ensure detection of the fact of information substitution;

- the lack of the ability to reliably read and confirm the account number of the blank of the protective sign. In the prototype system, alphanumeric text and a bar code are applied to an unaccounted security sign form, and when verifying a security sign there is no possibility of reliable confirmation of the registration number of the form. The prototype system does not exclude subjective errors of the operator when entering the account number of the security sign form in the bar code.

The technical result of the claimed system is to expand the scope of its application and to increase the security of information on a security sign by centrally providing key elements of the system with key information and automating the input of the account number of a security sign form in a bar code that excludes subjective operator errors.

To achieve the above technical result in the well-known system of manufacturing, accounting and verification of security signs and security documents, including k data entry points, where k = 1, 2, ..., k corporate databases, k corporate control and monitoring centers, first exit each of k corporate control and control centers is connected to the input of the corresponding data entry point, the output of which is connected to the data record input of the corresponding corporate database. The third output and the third input of each of the k corporate control and control centers are connected respectively to the control input and the information output of the corresponding corporate database. The first input of each of the k corporate control and control centers is the corresponding input of the system. The fourth output of each of the k corporate control and monitoring centers is the corresponding output of the system. Additionally, a certification center and n verification points have been introduced, where n = 1, 2, .... The output of the certification center is connected to the second input of each corporate control and control center and to the second input of each verification point. The input of the certification center is connected to the second output of each corporate control and control center and to the second output of each verification point. The first input of each of the n verification points is the corresponding control input of the system. Forms of security signs with the registered numbers go to corporate control and control centers, and security signs go to the control inputs of the system.

The extinguished security signs enter the respective corporate control and control centers from verification points.

The corporate control and control center consists of a data exchange device, a control operator console, a corporate database access device, a monitor, a verification device, a statistical processing unit and a print unit, the first input of which is connected to the fifth output of the corporate database access device, the first output which is connected to the second input of the verification device, the first input of which is a barcode reader. The output of the verification device is connected to the first input of the device for accessing the corporate database, the second input of which is connected to the third output of the control panel, the second output of which is connected to the input of the monitor. The first input of the operator’s control panel is the first input of the corporate control and control center. The first output and the second input of the operator’s control panel are connected respectively to the second input and the first output of the data exchange device, the first input and third output of which are the second input and second output of the corporate control and monitoring center, respectively. The second output and third input of the corporate database access device are the third output and third input of the corporate control and control center, respectively. The third output of the corporate database access device is connected to the third input of the data exchange device, the second output of which is the first output of the corporate control and control center. The fourth output of the corporate database access device is connected to the input of the statistical processing unit, the output of which is the fourth output of the corporate control and control center. Security signs come from the output of the print unit. The fourth output of the data exchange device is connected to the third input of the verification device, and the blanks of security signs with registration numbers are sent to the second input of the print unit.

The extinguished security signs are sent to the barcode reader of the verification device.

The verification item contains a verification device, a redemption device, a device for accessing a working database, a working database. The output of the verification device is connected to the third input of the device for accessing the working database. The third output of the working database access device is connected to the second input of the verification device, the third input of which is connected to the fourth output of the working database access device. The input of the offset device is connected to the first input of the verification device and is the first input of the verification item. The second output and second input of the device for accessing the working database are, respectively, the first output and second input of the verification point. The first output of the working database access device is connected to the control input of the working database, the information output of which is connected to the first input of the working database access device. The second output of the verification point is the output of the repayment device. The extinguished security signs come from the output of the redemption device.

The verification item contains a verification device, a device for accessing a working database and a working database. The output of the verification device is connected to the third input of the device for accessing the working database. The third output of the working database access device is connected to the second input of the verification device, the third input of which is connected to the fourth output of the working database access device. The first input of the verification device is the first input of the verification item. The second output and second input of the device for accessing the working database are the output and the second input of the verification point, respectively. The first output of the working database access device is connected to the control input of the working database, the information output of which is connected to the first input of the working database access device.

As security signs use documents.

The system contains m marking devices, where m is a non-negative integer (m≥k), and the protective signs come to the marking devices from corporate control and monitoring centers.

The verification device consists of a reader, a cryptographic unit, a comparison unit, a control operator panel and a monitor, the input of which is connected to the first output of the control operator panel, the input of which is connected to the output of the comparison unit, the first and second inputs of which are connected to the first and second outputs of the cryptographic unit, the first input of which is connected to the output of the reader. The second output of the control operator panel is the output of the verification device. The first and second inputs of the verification device are respectively the input of the reader and the third input of the comparison device. The second input of the cryptographic block is the third input of the verification device.

The print unit consists of a printer, a signature key carrier, a text shaper, a service information shaper, a control-account information shaper, a reader and an electronic digital signature shaper, the first input of which is connected to the output of the signature key carrier. The input of the shaper is the first input of the print block. The printer output is the output of the print unit. The output of the reader is connected to the second input of the overhead driver, the first input of which is connected to the input of the text driver. The output of the service information shaper is connected to the second input of the electronic digital signature shaper, the output of which is connected to the first input of the control and accounting information shaper, the second input of which is connected to the output of the text shaper. The output of the shaper control and accounting information is connected to the first input of the printer. The second input of the printer is connected to the input of the reader and is the second input of the print unit. Forms of security signs with printed account numbers are sent to the second input of the print unit. Security signs come from the printer.

The cryptographic unit contains an electronic digital signature extractor, an information extractor, a signature key certificate storage device and an electronic digital signature identifier, the second input of which is connected to the output of the electronic digital signature extractor, the input of which is connected to the input of the information extractor and is the first input of the cryptographic block. The output of the electronic digital signature identifier is the first output of the cryptographic block. The output of the information extractor is connected to the third input of the identifier of the electronic digital signature and is the second output of the cryptographic block. The output of the signature key certificate store is connected to the first input of the electronic digital signature identifier. The input of the signature key certificate store is the second input of the cryptographic block.

Thanks to the new set of essential features, the scope of the system is expanding and the security of information on the security mark is increased due to the centralized provision of key information with system elements. Bringing the signature key certificates of all corporate control and control centers to verification points allows reliable verification of the electronic digital signature and identification of any security sign made in any corporate control and control center, as well as the detection of falsified security signs with high reliability. The security of the information on the security mark is also enhanced by the introduction of the account number of the security sign form in the barcode. Automation of reading and entering the account number of the security sign blank eliminates the subjective errors of the operator.

The analysis of the prior art made it possible to establish that analogues that are characterized by a combination of features that are identical to all the features of the claimed technical solution are absent, which indicates compliance of the claimed device with the patentability condition “novelty”.

Search results for known solutions in this and related fields of technology in order to identify features that match the distinctive features of the claimed object from the prototype showed that they do not follow explicitly from the prior art. The prior art also did not reveal the popularity of the impact provided by the essential features of the claimed invention, the transformations on the achievement of the specified technical result. Therefore, the claimed invention meets the condition of patentability "inventive step".

The claimed system is illustrated by schemes:

figure 1 is a block diagram of the claimed system;

figure 2 is a block diagram of a corporate control and monitoring center (CMS);

figure 3 is a block diagram of a verification item (option 1);

figure 4 is a block diagram of a verification item (option 2);

5 is a block diagram of a verification device;

6 is a block diagram of a printing unit;

7 is a block diagram of a cryptographic block;

Fig. 8 is an external view of a fuel coupon (TT) form;

Fig.9 is an external view of a fuel coupon with control and accounting information;

figure 10 - appearance of a protected certificate of conformity of the drug;

11 is an external view of a regional special brand for marking alcohol products;

12 is an external view of a security sign form for marking audio and video products;

Fig - appearance of a protective sign for marking drugs.

The system of manufacturing, accounting and verification of security signs and security documents shown in Fig. 1 consists of a certification center 1, k data entry points 2 ₁ ... 2 _k , where k can be any non-negative integer, the same number of corporate bases data (DB) 3 ₁ ... 3 _k , corporate control and monitoring centers (CMS) 4 ₁ ... 4 _k , n verification points 5 ₁ ... 5 _n , where n can be any non-negative integer. In addition, the system contains blanks of security signs with registration numbers, security signs 8 ₁ ... 8 _k and canceled security signs 9 ₁ ... 9 _k , and the number of security signs and canceled security signs can be any integer, and indices 1 ... k indicate the number of the corporate MCC that produced these security signs.

A security sign means a control-registration mark, identification mark or document that has comprehensive protection against falsification and carries control-accounting information about the protected object. A security sign form is a strict reporting document with an account number and a field for applying control and accounting information, performed in a typographical way and having several degrees of protection.

The first output of each of k corporate CMS 4 ₁ ... 4 _{k is} connected to the input of the corresponding data entry point 2 ₁ ... 2 _k , the output of which is connected to the data record input of the corresponding corporate database 3 ₁ ... 3 _k . The third output and the third input of each of k corporate CMS 4 ₁ ... 4 _{k are} connected respectively to the control input and information output of the corresponding corporate database 3 ₁ ... 3 _k . The first input of each of k corporate CMS 4 ₁ ... 4 _k is the corresponding input of the system. The fourth output of each of k corporate CMS 4 ₁ ... 4 _k is the corresponding output of the system. The output of the certification center 1 is connected to the second input of each corporate CMS 4 ₁ ... 4 _k and to the second input of each item 5 ₁ ... 5 _n verification. The input of the certification center 1 is connected to the second output of each corporate CMS 4 ₁ ... 4 _k and to the second output of each item 5 ₁ ... 5 _n verification. The first input of each of n points 5 ₁ ... 5 _n verification is the corresponding control input of the system. Forms 7 ₁ ... 7 _{k of} security signs with the registered numbers are received in the corporate central control centers 4 ₁ ... 4 _k . The safety signs 8 ₁ ... 8 _k go to the control inputs of the system. The extinguished security signs 9 ₁ ... 9 _k go to the corresponding corporate control and control centers from the second outputs of points 5 ₁ ... 5 _{n of} verification.

In the case of protecting objects by marking them, the system may include m marking devices 6 ₁ ... 6 _m , where m is a non-negative integer (m≥k). Marking devices 6 ₁ ... 6 _m are intended for applying protective signs to protected (marked) objects, including documents, commodity packaging, bottles, CDs and audio and video cassettes, pharmaceutical packaging, etc. Safety signs 8 ₁ ... 8 _k are received on the marking devices 6 ₁ ... 6 _m from the corporate central control centers 4 ₁ ... 4 _k .

The system can produce, take into account and verify protected documents.

Corporate CMS 4 ₁ ... 4 _k are the main elements of the system and are intended for managing data entry into corporate databases 3 ₁ ... 3 _k , manufacturing (printing) and accounting for security signs, their verification and reception of canceled security signs. Corporate CCU 4 (figure 2) consists of a data exchange device 4.1, a control operator panel 4.2, a corporate database access device 4.3, a print unit 4.4, a monitor 4.5, a verification device 4.6 and a statistical processing unit 4.7. The first output and the first input of the enterprise database access device 4.3 are connected respectively to the second input and output of the verification device 4.6. The first input of the verification device 4.6 is a barcode reader input. The fourth and fifth outputs of the corporate database access device 4.3 are connected respectively to the input of the statistical processing unit 4.7 and to the first input of the printing unit 4.4. The third output of the enterprise database access device 4.3 is connected to the third input of the data exchange device 4.1. The second input of the device 4.3 access to the corporate database is connected to the third output of the remote control 4.2 operator control. The first output and the second input of the remote control 4.2 of the control operator are connected respectively to the second input and the first output of the device 4.1 data exchange. The second output of the remote control 4.2 operator control is connected to the input of the monitor 4.5. The first input of the control operator 4.2 remote control is the first input of the corporate central control unit 4 and at the same time the central input of the system. The second output of the data exchange device 4.1 is the first output of the corporate central control unit 4. The first input and the third output of the data exchange device 4.1 are the second input and the second output of the corporate central control unit 4. The second output and the third input of the corporate database access device 4.3 are the third and third outputs, respectively. the input of corporate CCM 4. The output of block 4.7 of statistical processing is the fourth output of corporate CCM 4 and at the same time the output of the system. The fourth output of the device 4.1 data exchange is connected to the third input of the device 4.6 verification. At the second input of the block 4.4 printing received forms of protective signs with printed account numbers. The security signs come from the output of the printing unit 4.4 to the first input of reading the barcode of the verification device 4.6 and to the output of the corporate CCU 4, as shown in FIG. 2 by a dashed line with an arrow, similarly to FIG. 2, it is shown that the canceled security signs also go to the first barcode reader input 4.6 of verification device from items 5 ₁ ... 5 _{n of} verification.

Certification Authority 1 is intended for storage of registration data of corporate CCM 4, generation and storage of their signature keys, public key certificates, revoked certificates, as well as for interaction with corporate CCM 4 ₁ ... 4 _k and verification items 5 ₁ ... 5 _n in order to provide them with key information.

Verification paragraph 5 is intended for reading service information in the form of a bar code, checking digital signatures and comparing read service information with information stored in the corporate database 3 ₁ ... 3 _k . The first version of verification paragraph 5 also provides for the cancellation of protective signs 8 ₁ ... 8 _k .

Paragraph 5 of the verification according to the first embodiment (Fig. 3) consists of a verification device 5.1, a device 5.2 for accessing a working database, a working database 5.3 and a payoff device 5.4. The output and the second input of the verification device 5.1 are connected respectively to the third input and the third output of the device 5.2 of accessing the working database. The third input of the verification device 5.1 is connected to the fourth output of the device 5.2 of access to the working database. The input of the cancellation device 5.4 is connected to the first input of the verification device 5.1 and is the first input of the verification item 5. The second output and the second input of the device 5.2 access to the working database are, respectively, the first output and second input of item 5 of verification. The first output of the device 5.2 accessing the working database is connected to the control input of the working database 5.3, the information output of which is connected to the first input of the device 5.2 accessing the working database. The second output of verification point 5 is the output of the redemption device 5.4, and the canceled security signs 9 ₁ ... 9 _k come from the output of the redemption device 5.4.

Paragraph 5 of the verification according to the second embodiment (Fig. 4) consists of a verification device 5.1, a device 5.2 for accessing a working database, and a working database 5.3. The output and the second input of the verification device 5.1 are connected respectively to the third input and the third output of the device 5.2 of accessing the working database. The third input of the verification device 5.1 is connected to the fourth output of the device 5.2 of access to the working database. The first input of the verification device 5.1 is the first input of the verification item 5. The second output and the second input of the device 5.2 access to the working database are respectively the output and the second input of item 5 of verification. The first output of the device 5.2 accessing the working database is connected to the control input of the working database 5.3, the information output of which is connected to the first input of the device 5.2 accessing the working database.

Verification device 4.6 is intended for reading service information in the form of a bar code, checking digital signatures, and comparing 1 service information read with information stored in the corporate database 3 ₁ ... 3 _k . Verification device 4.6 (FIG. 5) consists of a reader 4.6.1, a cryptographic unit 4.6.2, a comparison unit 4.6.3, a control operator panel 4.6.4 and a monitor 4.6.5. The output of the read block 4.6.1 is connected to the first input of the cryptographic block 4.6.2. The first and second outputs of the cryptographic block 4.6.2 are connected respectively with the first and second inputs of the comparison block 4.6.3. The output of the comparison block 4.6.3 is connected to the input of the control operator panel 4.6.4. The first output of the operator control panel 4.6.4 is connected to the monitor input 4.6.5. The second output of the operator control panel 4.6.4 is the output of the verification device 4.6. The input of the reader 4.6.1 is the barcode reader, the first input of the verification device 4.6. The third input of the comparison block 4.6.3 is the second input of the verification device 4.6. The second input of the cryptographic block 4.6.2 is simultaneously the third input of the verification device 4.6. The security signs are fed to the reader input of the verification device 4.6. The extinguished security signs 9 ₁ ... 9 _k go to the reader input of the verification device 4.6, as shown in FIG. 5 by a dashed line.

The purpose and composition of the verification device 5.1 is identical to the verification device 4.6.

Block 4.4 printing is designed to automatically read the account number from form 7 of a security sign, the formation of control and accounting information and its application to form 7 of a security sign. Control and accounting information is a combination of consumer and service information. Consumer information is applied to the protective sign 8 in alphanumeric text and contains information on the consumer properties of products (goods) and code-digital numbering of the manufacturer (supplier) and the protected copy of the product (product). The consumer properties of products (goods) include parameters that are controlled visually, by touch, by weight (volume), by color and smell. Code-digital numbering may contain the administrative code of the region, the code of the manufacturer (supplier), the number of the application for the manufacture of a batch of security signs, the number of the security sign in the party, etc.

Service information contains consumer information and a set of identifiers (codes) that determine the accounting of products in the corporate database 3. Service information is applied to the security sign in the form of a two-dimensional bar code.

The printing unit 4.4 (Fig.6) consists of a reading device 4.4.1, a text shaper 4.4.2, a service information shaper 4.4.3, a signature key medium 4.4.4, an electronic digital signature shaper 4.4.5, a shaper 4.4. 6 control and accounting information, printer 4.4.7. The first input of the overhead driver 4.4.3 is connected to the input of the text driver 4.4.2 and is the first input of the printing unit 4.4. The second input of the overhead driver 4.4.3 is connected to the output of the reader 4.4.1. The first and second inputs of the shaper 4.4.5 EDS are connected to the outputs of the shaper 4.4.3 service information and the carrier 4.4.4 of the signature key. The output of the shaper 4.4.5 EDS is connected to the first input of the shaper 4.4.6 control and accounting information. The output of the shaper 4.4.2 of the text is connected to the second input of the shaper 4.4.6 of the control and accounting information, the output of which is connected to the first input of the printer 4.4.7. The second input of the printer 4.4.7 is connected to the input of the reader 4.4.1 and is the second input of the printing unit 4.4. The forms 7 of the security signs with the registered numbers are supplied to the second input of the printing unit 4.4. The output of the printer 4.4.7 is the output of the printing unit 4.4, from which protective signs 8 come.

The cryptographic unit 4.6.2, intended for verifying the digital signature, consists (Fig. 7) of the store 4.6.2.1 of the signature key certificates, the digital signature allocator 4.6.2.2, the information highlighter 4.6.2.3 and the digital signature identifier 4.6.2.4. The inputs of the extractors 4.6.2.2 and 4.6.2.3 are combined and are the first input of the cryptographic block 5.6.2. The output of the isolator 4.6.2.2 EDS is connected to the second input of the identifier 4.6.2.4 EDS. The output of the information separator 4.6.2.3 is connected to the third input of the identifier 4.6.2.4 EDS and is the second output of the cryptographic block 4.6.2. The output of the identifier 4.6.2.4 EDS is the first output of the cryptographic block 5.6.2. The output of the drive 4.6.2.1 of the signature key certificates is connected to the first input of the digital signature identifier 4.6.2.4. The input of the drive 4.6.2.1 of the signature key certificates is the second input of the cryptographic block 4.6.2.

Certification Authority (UC) 1 can be implemented on the well-known architecture "CryptoPro UTs" (publ. "Certification Authority" CryptoProTsU ", Formulary, ZHTIAI.00009-01 90 03 CryptoProUTs. General description. Http://www.CryptoPro.ru. ») And includes a certification center, at least one registration center, at least one administrator workstation, user interaction tools with CAs and a software interface for interaction with CAs. CA elements are interconnected by a local area network. In addition, the CA can include modem equipment (modem pool) to ensure data exchange with users. The CryptoPro TLS network authentication support program module that implements the Transport Layer Security protocol (TLS v.1.0, RFC 2246) can be used in the CA. This protocol provides cryptographic means of authentication of the sender (client) and destination (server).

A similar certification center has been deployed in the branch of FSUE STC Atlas (St. Petersburg) and provides the operation of a system of mandatory certification of medicines and corporate systems for the manufacture, recording and control of fuel coupons.

The certification center and the registration center of the certification authority 1 can be implemented on computers (servers) and function in the Microsoft Windows 2000/2003 Server operating system. The registration center database can be built on the Microsoft SQL Server-2000 database.

The automated workstation of the administrator of the CA is designed to carry out organizational and technical activities related to the registration of corporate central control centers 4 ₁ ... 4 _k , the formation of signature keys and the corresponding certificates of signature keys, as well as to manage the registration center. It is implemented on a personal computer and can operate under the control of the Microsoft Windows 2000 Professional / XP operating system.

The interaction of CA 1 with corporate CMS 4 ₁ ... 4 _k and verification posts 5 ₁ ... 5 _n can be achieved through the SOAP interface (Simple Object Access Protocol) provided by the registration center to the user. The specified protocol can be implemented, for example, using Microsoft Internet Information Server 5.0 software.

Corporate databases 3 ₁ ... 3 _k are implemented on the hard drives of computers (servers) using the appropriate database management system software (DBMS), for example, SQL-server 7.0, developed by Microsoft, publ. in Shpenik M., Sledge O. "Guide for the database administrator", trans. from English., M., publishing house "Williams", 1999, or DBMS Oracle. The indicated DBMSs have software for differentiating user rights and allow administering corporate databases in accordance with the adopted security policy. For reliability and integrity of the databases, the hardware of the computer (server) can be a two or more processor platform with 256 MB or more RAM, with a set of hard drives and special RAID-type controllers that provide multiple duplication of the stored databases. A working database 5.3 can be implemented using a DBMS, for example, SQL-server 7.0 deskop edition, publ. ibid., p. 833-861.

Data exchange between corporate CMS 4 ₁ ... 4 _k and verification points 5 ₁ ... 5 _{n is} carried out through device 4.1 for data exchange via communication lines, for example, via specially allocated digital communication channels in dial-up mode or via public networks, e.g. INTERNET or INTRANET with support for TCP / IP communication protocols. As a device 4.1 data exchange can be used a modem connected to a computer via a network card. To protect the information transmitted through communication channels, a cryptographic information protection tool, for example, “CryptoPro CSP”, commercially available jointly by LLC “CRIPTO-PRO” and STC “Atlas” (Moscow), can be used in the data exchange device.

The digital signature is formed according to the standard cryptographic algorithm, for example, according to the Russian standard GOST R 34.10-2001, which allows both software and hardware implementation. In the case of software implementation, the shaper 4.4.5 EDS can be implemented using well-known software tools for cryptographic protection of information, for example, Crypto Pro, Verba-O (development of the Penza Research Institute) or CryptonArcMail (ANKAD, Moscow).

Shaper 4.4.2 text and shaper 4.4.3 service information are implemented programmatically by processing the relevant information in digital form, followed by combining the control and accounting information in a shaper 4.4.6 into a single image. Shaper 4.4.6 control and accounting information is also implemented programmatically, for example, using the software module Anex Tools for PDF 417 ("Anx 417") version 1.61, developed by Anex Technologies Inc., Canada.

As the carrier 4.4.4 of the signature key, smart cards or USB-flash media can be used. The required amount of allocated memory for storing the signature key is at least two kilobytes.

As a printer 4.4.7, you can use industrial thermal transfer barcode printers such as Datamax I-4208, Datamax W-6208 (DataMax Inc. USA), or Zebra-105, -104, which allow you to print a two-dimensional bar code and alphanumeric text on blanks 7 ₁ ... 7 _k security signs, completed in tape rolls.

A printer such as SOLD80e, commercially available from MICROPLEX and supplied by POS Group Distributor of Japan CBM Co., can also be used as a printer 4.4.7. (Moscow). The laser printer provides high quality prints and fast prints on continuously fed paper.

For applying a two-dimensional bar code and alphanumeric text on A4 or A5 documents, a commercially available HEWLETT PACKARD laser printer (HP LaserJet 1100, -1300, -2100, -2200) or a similar printer from CANON can be used. Use of an inkjet printer is allowed.

As readers 4.6.1, 4.4.1, a specialized reader can be used, for example, Symbol or WelchAllyn scanners, which can read a bar code and convert it to digital form. When reading and recognizing account numbers printed in alphanumeric form, the OCR-Optical Character Recognition device supplied by the Russian company ABBYY can be used as a reader.

The marking device 6, as in the prototype, can be of any design that provides reliable application (fixing) of a protective sign on each product (document) during its manufacture or upon completion of manufacture. In particular, the marking device may consist of an automatic applicator of one of the types LA 3115 CE, LA 2015 RH ST, LA 1015 CE, and the like. (manufacturer - LABEL-AIRE Corporation).

The functions of the device 5.2 access to the working database and device 4.3 access to the corporate database are implemented in the computer using a software interface, for example ADO (ActiveXData Objects), developed by Microsoft, publ. Microsoft SQL Server Building Applications, ed. Microsoft Corporation, 1998, c. 379-419.

In the claimed system, the number of verification points 5 ₁ ... 5 _{n is} not less than the number of corporate CMS 4 ₁ ... 4 _k (n≥k) and depends on the development of client networks of corporate systems, the number of issued security signs, and also on their required completeness verification (control) in the process of economic turnover.

Verification point 5 can also have a portable (mobile) version and can be implemented on the basis of a personal computer, for example, a Roverbook-type notebook equipped with an integrated network card and internal modem for communication with the UTs 1 and corporate TsUK 4, and also include a reader ( scanner) a two-dimensional bar code and a device for extinguishing security signs. A mobile point can be an instrument of control of an authorized official - an inspector or delivered to interested organizations (individuals). In the event that the security signs have topographic security elements with hidden images, microtexts, special marks applied using a substance with a high-resolution anti-stokes compound (ASWR), and visible under IR irradiation, the mobile station can additionally be equipped with combined optical controls , for example, with an Atlas 3/1 laser-infrared visualizer (manufactured by FSUE STC Atlas, Moscow) and / or a microtext reader, for example, a 30-edge contact microscope tn production company Mikko.

The statistical processing unit 4.7 is intended for generating reports, inquiries and is implemented in a computer programmatically, for example, using the OLAP server and Microsoft Offic-2000 application programs developed by Microsoft and published in the Microsoft SQL Server Building Applications, ed. Microsoft Corporation, 1998, c. 883-1292. To display and output the results of statistical processing, data output devices, for example, a printer and a monitor, which are part of the corporate CMS 4, can be used.

Remote control 4.2 operator control and remote control 4.6.4 control operator can be implemented on the basis of a computer operator’s workstation or have a standard keyboard for a set of control and data input signals and / or a panel of a set of formalized commands, as well as switching equipment for connecting to appropriate blocks (devices).

Selectors 4.6.2.2, 4.6.2.3 and the identifier 4.6.2.4 EDS are implemented programmatically on the basis of well-known cryptographic information protection tools, for example CryptoPro, CryptonArcMail or Verba-O.

The drive 4.6.2.1 of the signature key certificates can be implemented on the hard disk of the computer with the allocation of the necessary memory resource, designed in the form of a separate directory (folder). The amount of allocated memory depends on the number of stored certificates and can be determined from the calculation of 0.9 ... 1.2 kBit per one signature key certificate.

The claimed system operates as follows.

The aim of the invention is the creation of a single system that allows marking objects in several corporate subsystems and with high reliability confirm the authenticity of marked objects in economic circulation.

The creation of a system for manufacturing, accounting and verification of security signs is based on the integrated use of bar coding, cryptographic and information security technologies, as well as objective and automated accounting and control of the authenticity of security signs throughout the entire life cycle (economic turnover) of protection objects. The essence of the claimed system is to create an ordered set of technical and information technologies that use computer and communication tools and implement information support for the manufacturing, accounting and verification of security signs, as well as control over their movement and use in economic circulation.

The system is applicable for the manufacture, accounting and control of fuel coupons, certificates of conformity for medicines, protection of excisable products (alcohol and tobacco), audio and video products and other products (goods) and securities.

We illustrate the operation of the system by the example of manufacturing, accounting and control (verification) of fuel coupons (TT), which in the claimed system perform the functions of security signs.

In each of k corporate fuel companies, where k can be any integer, a corporate CMS 4, a corporate database 3, and a data input device 2 are deployed. Fuel companies have a network of n gas stations (NPPs), where n≥k and can be any integer. At each gas station, item 5 of verification is equipped.

Fuel companies receive semi-finished products in the form of TT forms from manufacturers (printers, factories) (Fig. 7), apply control and accounting information to them (print), take into account in corporate DB 3 the quantity and assortment of manufactured TT 8, which they sell to consumers, for example, motor vehicles to enterprises. The latter use TT in calculations at gas stations for fuels and lubricants (fuels and lubricants), including gasoline, diesel fuel, motor oil, etc.

Fuel and lubricants are dispensed to the gas station after verification of TT 8 and in accordance with the quantity and type of fuel and lubricants indicated on the TT as part of the control and accounting information. The verified (verified) and accepted TT 8 is taken into account in paragraph 5 of the verification of the NPP in the operational database 5.3, is repaid using the redemption device 5.4 and returned (sent) to the fuel companies for subsequent accounting writing off of the sold fuel, processing and disposal (archiving).

The work of each of the corporate central control centers 4 ₁ ... 4 _{k is} carried out independently of the others and we begin after receiving 1 application on its input in the form of a formalized list of data from consumers for the supply of the appropriate quantity of TT (for the range of fuels and lubricants). Hereinafter, an application means data containing information about the consumer (name, code, legal and actual address, TIN, etc.), assortment (brands) of fuel and the number of requested batches of TT.

Production of TT in the corporate central control unit 4 can also be carried out on credit applications from the fuel company’s own sales units in order to accumulate a minimum supply of TT and increase the efficiency of customer service.

In corporate CCU 4, an administrative decision is made on the manufacture of the requested batch of TT. If the decision is positive, the application is assigned the current number (batch number of the TT) and the range of unique (individual) numbers of the TT (batch volume) is determined. Then, the data on the application is entered into the system from the remote control 4.2 of the control operator of the corporate CCM 4 (figure 2). The processing and data entry is displayed on the monitor 4.5. From this moment, the application receives the status of "approved". From the output 1 of the console 4.2 of the control operator, the approved application arrives at input 2 of the device 4.1 for data exchange, in which it is converted into a form convenient for writing to the corporate database 3. From output 2 of the device 4.1 data exchange, the application is recorded at the input of the data record in the corporate database 3 through point 2 of data entry. Access to the corporate database 3 is allowed with a password for a strictly limited circle of people and is provided by a two-level access control system that restricts access to both a computer and corporate database 3.

The printing (applying) of control and accounting information on TTs is carried out in the corporate CMS 4 only if there is an “approved” application in the corporate database 3. The number of printed TTs corresponds to that indicated in the approved application. The control and accounting information on the fuel coupon contains the type of fuel, refueling capacity in liters, date of issue of the coupon, name of the fuel company that issued the coupon, expiration date of the coupon, TT account number.

Printing starts with a control signal coming from the output 3 of the remote control 4.2 of the control operator (figure 2) to the input 2 of the device 4.3 access to the database. According to the signal from the output 2 of the device 4.3 access to the corporate database, which is input to the control of the corporate database 3, the information is digitally read out on the information output from the corporate database 3 and fed from the output 5 of the device 4.3 access to the corporate database 3 to the input 1 of block 4.4 printing . At the second input of the block 4.4 printing received forms 7 TT with the account numbers. Forms 7 can be completed in rolls of 2000 pieces each. The account number on the form of the TT (Fig. 8) is duplicated in a linear bar code, which is applied to the form of the TT when it is manufactured in the printing house. A linear bar code simplifies the automatic reading of the TT account number by scanning, reduces labor costs and eliminates the subjective errors of the operator when reading and entering the account number.

Forms 7 ₁ ... 7 _k TT for protection against counterfeiting and copying can be performed on special paper using typographic methods of protection, such as watermarks, microtexts, etc. A holographic security element and hidden tags protect the fuel ticket from copying and tampering.

Consider the operation of block 4.4 printing. From the next form 7 of the fuel ticket, a linear bar code with an account number is read by the reading device 4.4.1, converted into digital form and fed to the second input of the service information generator 4.4.3 (Fig. 6) and together with the data from the corporate database coming to the first shaper input 4.4.3, is included in the service information. Then, the service information is signed by the EDS in the shaper 4.4.5 EDS using the signature key entered from the carrier 4.4.4 of the signature key.

The introduction of the account number of the TT form into the service information (bar code) increases the security of the TT and prevents the use of unaccounted (falsified) forms.

The cryptographic strength of the EDS is guaranteed by the well-known algorithm for its formation and the signature key length, which can be different and, for example, be 512 or 1024 bits.

Service information in digital form, signed by an electronic digital signature, from the output of the electronic signature generator 4.4.5 (Fig. 6) is fed to the input 1 of the electronic signal generator 4.4.6, which is converted into a two-dimensional barcode type PDF417 and combined with alphanumeric text received at input 2 from the output of the shaper 4.4.2 text in a single image, which is applied by thermal transfer printer 4.4.7 on the form of the TT. The appearance of the thus-protected fuel coupon is shown in Fig.9.

The fuel company sells fuel coupons to auto companies and other consumers. The corresponding amount of fuel for this coupon is dispensed to the gas station after confirming its authenticity in paragraph 5 of the verification. Distortion or falsification of any, at least one character of the protected information or barcode on the fuel coupon will be guaranteed to be detected after reading the two-dimensional barcode and checking the digital signature.

The alphanumeric text allows the consumer to read the necessary information from the CT without the use of special technical means and to control the authenticity of the CT. The information in the alphanumeric text is duplicated in a two-dimensional bar code protected by an electronic digital signature, thereby ensuring its security. Any distortion, including an attempt to falsify the alphanumeric text, will also be revealed in paragraph 5 of the verification after reading the two-dimensional bar code, checking the digital signature and comparing the read information with the alphanumeric text on the fuel ticket.

The quality of applying to the CT two-dimensional bar code is checked in the device 4.6 verification (figure 5). TT verification consists in instrumental checking the reading of a two-dimensional bar code and the correctness of the formation of the digital signature. A positive verification result guarantees the correct application (printing) of a two-dimensional bar code and excludes the release of TT with poorly applied control and accounting information. A two-dimensional bar code is read by the reader 4.6.1, converted to digital form and supplied to the cryptographic unit 4.6.2 (Fig. 7), in which the digital signature, control and accounting information are highlighted and the digital signature is verified using the signature key certificate. For this, the cryptographic block 4.6.2 includes a storage device 4.6.2.1 of signature key certificates, a separator 4.6.2.2 EDS, a separator 4.6.2.3 of control and accounting information, and an identifier 4.6.2.4 EDS. In the latter, using the signature key certificate and control and accounting information in digital form, the digital signature is verified using a well-known verification algorithm, for example, according to the standard GOST R 34.10-2001. The result of checking the digital signature and the correct application of the bar code is displayed on the monitor of the control operator. The verification device is controlled from the remote control 4.6.4 of the control operator.

The functions for the centralized generation of signature keys and their corresponding signature key certificates are performed in certification center 1. In certification center 1, operating according to well-known algorithms, registration of corporate CMS 4 ₁ ... 4 _k , generation of signature keys A and distribution of registered signature certificate certificates are ensured. corporate CMS 4 ₁ ... 4 _k at the request of items 5 ₁ ... 5 _n verification. Registration of corporate CCU 4 ₁ ... 4 _{k is} carried out by transmitting data from their second outputs using devices 4.1 data exchange. In this case, both modem communication and data transmission over the public Internet can be provided. Centralized provision of the system with key information allows you to expand the scope of the system and eliminates the falsification of control and accounting information by using the false pair "signature key - certificate of signature key". At any nuclear power plant, fuel coupons made at any of k fuel companies (corporate CMSs) can be verified.

When confirming the digital signature from the output 1 of the cryptographic block 4.6.2 to the input 1 of the block 4.6.3 comparison (figure 5), the corresponding signal. Simultaneously with the output 2 of the cryptographic block 4.6.2, the control and accounting information in digital form is fed to the input 2 of the comparison block 4.6.3. If there is a confirmation signal of the digital signature at the input 1 of the comparison block 4.6.3, it compares the information read from the bar code and received at the input 2 with the information at the input 3 coming from the corporate database 3. The signal on the comparison results from the output of the block 4.6. 3 comparisons are sent to the operator control panel 4.6.4 and displayed on the monitor 4.6.5. If the comparison result is positive, the coupon is considered to be printed correctly and from the output 2 of the console 4.6.4 of the control operator through the device 4.3 access to the database (figure 2), the device 4.1 data exchange and device 2 data input into the corporate database 3, a mark is made on the coupon that is an enable signal to print (verify) the next coupon.

In the absence of a signal confirming the digital signature at the output 1 of the cryptographic block 4.6.2, or if there is a signal confirming the digital signature, but if the information received at input 2 does not match the information read from the central database 1 and received at the input 3 of block 4.6.3 comparison, the input of the remote control 4.6.4 of the control operator receives a signal about the authenticity of the control and accounting information on the ticket. At this signal, the printed ticket is rejected. On the signal from the output 2 of the console 4.6.4 control operator through the device 4.3 access to the database (figure 2), the device 4.1 data exchange and device 2 data input into the corporate database 3 is entered a mark on the number of the rejected form and re-printing the ticket. Data on the number and numbers of rejected forms is stored in the corporate database 3 and is used by personnel in the future, for example, when processing documents for the destruction of rejected forms.

Information about the end of printing of the consignment of TTs for the approved application is also recorded in the corporate database 3 and, in particular, may contain information about the number of the approved application, the place and date of printing, as well as the number of printed coupons indicating the account numbers of the forms. From this moment, the application stored in the corporate database 3 changes its status and is considered “executed”.

Upon receipt of the TT at the gas station, it is checked in paragraph 5 of the verification and written to the working database 5.3 read control and accounting information. In paragraph 5 of verification (Fig. 3), operations are carried out to read a two-dimensional bar code, extract control and accounting information and EDS, as well as verify it using a cryptographic algorithm. The operation of the verification device 5.1 is similar to the operation of the device 4.6 of the corporate central control unit 4. At the gas station in paragraph 5 of the verification, the authenticity of any fuel ticket 8 ₁ ... 8 _k issued by any of k corporate central control centers 4 ₁ ... 4 _{k is} verified. Identification of the authenticity of coupons 8 ₁ ... 8 _k can be carried out over the entire set of protective elements (topographic, printing and physical and chemical) using appropriate devices, such as Atlas 3/1, microscopes, etc.

After the fuels and lubricants are dispensed, the fuel coupon is subject to cancellation in the redemption device 5.4 by mechanically cutting the coupon in a fixed place. The redemption device 5.4 may be implemented as an automatic or manual composter. The mark (notch, composter) should not violate the integrity of the barcode on the TT and make it difficult to read it later.

Redeemed coupons 9 ₁ ... 9 _k from the outputs of paragraphs 5 ₁ ... 5 _{n of} verification go to the corporate central control centers 4 ₁ ... 4 _k and after reading the bar code and writing data to the corresponding corporate database 3 ₁ ... 3 _k disposed of (archived). This closes the cycle from the manufacture of a fuel coupon to its redemption and cancellation.

The system allows performing statistical processing and synthesis of data that can be presented in the form of reporting documents, look-up tables, etc. According to the control signal from the output 3 of the console 4.2 of the control operator (Fig. 2), information from the information output of the corporate database 3 is read and from the output 4 of the device 4.3 access to the corporate database is fed to the input of block 4.7 of statistical processing, where it is generalized and converted to a form convenient for analysis, and goes to the output of the system in the form of reporting documents, lookup tables, histograms, etc. The composition of reporting documents and certificates may be different and is determined by the operator of management, based on administrative requirements. The fuel company receives all statistical information on issued, redeemed coupons and on the number and type of fuel and lubricants sold for any time interval (week, month, quarter, etc.). Using block 4.7 of statistical processing at the system output, you can get all the necessary forms of reports on TT turnover and on the sale of fuel and lubricants both at each nuclear power plant and in the fuel company as a whole. Comprehensive operational information on the implementation of fuels and lubricants can be used by fuel management and marketing services to improve the efficiency of business process management.

A similar technical solution was tested at a fuel company in St. Petersburg and proved to be effective.

Features of the system in the manufacture, accounting and verification of certificates of compliance of medicines are as follows. Certificates of conformity are executed on A4 paper (Fig. 10). Certificate forms are executed in a printing way using the appropriate degrees of protection and have account numbers. The variable part of the certificate information is protected, which is converted to digital form, signed with an electronic digital signature and converted into a two-dimensional bar code. On the certificate form, a two-dimensional barcode is printed by the printer 4.4.7 simultaneously with the variable information. In this case, a laser printer, for example, from HEWLETT PACKARD, can be used as a printer 4.4.7. Verification points 5 ₁ ... 5 _n , performed according to option 2, can be deployed at wholesale and retail sales of medicines or in a mobile version used by employees of inspections or other interested organizations.

Protection of excisable goods (alcohol, tobacco), audio and video products, medicines is carried out by marking products with appropriate protective signs (11-13). Protective signs are applied by marking devices 6 ₁ ... 6 _m . At the same time, the protective signs 8 ₁ ... 8 _k from the corporate central control centers 4 ₁ ... 4 _k are transferred (delivered, delivered) to the marking devices 6 ₁ ... 6 _m , which are placed at manufacturing plants or at authorized suppliers' bases. The number m of marking devices is not less than k and depends on the needs of production (supply). In the marking device 8, security signs are applied (fixed) to the products as indicated in the prototype, while the main requirements are the reliability of the application (fixing) of security signs and the possibility of instrumental reading of the bar code. The reliability of the application (fixing) of the protective sign on the product must be such as to preclude the removal of the protective sign without damaging it. The presence of an alphanumeric text on a security mark allows personnel to visually control the conformity of the type of marked products with the information reflected in the alphanumeric text. The number and type of marked products (volume of the produced batch) corresponds to the number of protective signs received by marking devices 6 ₁ ... 6 _m . Products marked with protective signs enter the wholesale (retail) distribution network and are sold to consumers. The system allows, by accounting for issued protective signs, to keep records of marked products entering the market (for economic use).

The operation of the system is based on system-wide principles of logical and physical implementation of hardware and software, protocols and interfaces, as well as the construction of local and geographically distributed information systems.

Claims (11)

1. A system for the manufacture, accounting and verification of security markings, including k data entry points, k corporate databases, k corporate control and monitoring centers designed to control the entry of data into corporate databases, production and printing through the printing block of security markings, the first output of each of k corporate control and monitoring centers is connected to the input of the corresponding data entry point, the output of which is connected to the input of the data record of the corresponding corporate base data, the third output and the third input of each of k corporate control and control centers are connected respectively to the control input and information output of the corresponding corporate database, characterized in that a certification center is introduced into the system for storing registration data of corporate control and control centers, formation and storage of signature keys, public key certificates, revoked certificates and for interaction with corporate control and control centers and point and verification, and n verification points designed to perform the operation of reading a two-dimensional bar code, highlighting control and accounting information, identifying the authenticity of coupons by security elements on them, redeeming used coupons, transferring data about them to corporate control and control centers, issuing a certification a center designed to provide key information is connected to one of the entrances of each corporate control and control center and each verification point, the input is the believing center is connected to the second output of each corporate control and control center, designed to transmit data for registration at the certification center and to the output of each verification point, designed to request generation of signature keys and distribution of signature key certificates of registered corporate control and control centers, one of the inputs of each of the n verification points is the control input of the system, intended for receipt of security signs on them, and the corporation print unit ivnyh command and control centers for Incoming protective marks on it forms a deposited account number. 2. The system according to claim 1, characterized in that the extinguished security signs enter the corresponding corporate control and control centers from verification points. 3. The system according to claim 1, characterized in that the corporate control and monitoring center consists of a data exchange device, a control operator console, a device for accessing a corporate database, a monitor, a verification device, a statistical processing unit and a print unit, the first input of which connected to the fifth output of the corporate database access device, the first output of which is connected to the second input of the verification device, the first input of which is the barcode reader input, the output of the verification device and connected to the first input of the corporate database access device, the second input of which is connected to the third output of the control panel, the second output of which is connected to the monitor input, the first input of the control panel is the first input of the corporate control and monitoring center, the first output and second input operator control panels are connected respectively to the second input and the first output of the data exchange device, the first input and third output of which are respectively the second input and the second the output of the corporate control and control center, the second output and the third input of the corporate database access device are the third output and third input of the corporate management and control center, the third output of the corporate database access device is connected to the third input of the data exchange device, the second output of which it is the first output of the corporate control and control center, the fourth output of the device for accessing the corporate database is connected to the input of the statistical unit tion processing, the output of which is the fourth output of the corporate center control and monitoring safety signs output from the printer unit, the fourth output data exchange device is connected to a third input of the verification device, and forms a protective signs deposited account numbers supplied to the second input of the print unit. 4. The system according to claim 3, characterized in that the canceled security signs are fed to the input of reading the barcode of the verification device. 5. The system according to claim 1, characterized in that the verification item comprises a verification device, a redemption device, a device for accessing a working database, a working database, an output of a verification device connected to a third input of a device for accessing a working database, a third output for a device to the working database is connected to the second input of the verification device, the third input of which is connected to the fourth output of the device for accessing the working database, the input of the offset device is connected to the first input of the device verification is the first input of the verification point, the second output and second input of the access device to the working database are respectively the first output and second input of the verification point, the first output of the access device to the working database is connected to the control input of the working database, the information output of which is connected to the first input of the device for accessing the working database, the second output of the verification point is the output of the redemption device, and the canceled security signs come from the output of the device sheniya. 6. The system according to claim 1, characterized in that the verification item comprises a verification device, a device for accessing the working database, a working database, the output of the verification device is connected to the third input of the device for accessing the working database, third output of the device for accessing the working database data is connected to the second input of the verification device, the third input of which is connected to the fourth output of the device for accessing the working database, the first input of the verification device is the first input of the verification point, the second the output and the second input of the working database access device are the output and the second input of the verification point, the first output of the working database access device is connected to the control input of the working database, the information output of which is connected to the first input of the working database access device. 7. The system according to claim 1, characterized in that the documents are used as security signs. 8. The system according to claim 1, characterized in that m marking devices are additionally introduced, where m is a non-negative integer (m≥k), and security signs are received on the marking devices from corporate control and monitoring centers. 9. The system according to one of claims 2, 5 or 6, characterized in that the verification device consists of a reader, a cryptographic unit, a comparison unit, a control operator panel and a monitor, the input of which is connected to the first output of the control operator panel, the input of which connected to the output of the comparison unit, the first and second inputs of which are connected respectively to the first and second outputs of the cryptographic unit, the input of which is connected to the output of the reading unit, the second output of the control operator panel is the output of the device verification, and the first and second inputs of the verification device are respectively the input of the reading unit and the third input of the comparison unit, the third input of the verification device is simultaneously the second input of the cryptographic unit. 10. The system according to claim 3, characterized in that the print unit consists of a printer, a signature key carrier, a text shaper, a service information shaper, a control-account information shaper, a reader and an electronic digital signature shaper, the first input of which is connected to the output of the medium signature key, the input of the shaper is the first input of the print unit, the output of the printer is the output of the print unit, the output of the reader is connected to the second input of the shaper of service information, the first the course of which is connected to the input of the shaper of text, the output of the shaper of service information is connected to the second input of the shaper of electronic digital signature, the output of which is connected to the first input of the shaper of control and accounting information, the second input of which is connected to the output of the shaper of text, the output of the shaper of control and accounting information is connected to the first input of the printer, the second input of the printer is connected to the input of the reader and is the second input of the print unit, and letterhead security The account numbers are sent to the second input of the print unit, and the security signs come from the printer. 11. The system according to claim 9, characterized in that the cryptographic unit comprises an electronic digital signature extractor, an information extractor, a signature key certificate store and an electronic digital signature identifier, the second input of which is connected to the output of the electronic digital signature extractor, the input of which is connected to the input of the isolator information and is the first input of the cryptographic unit, the output of the identifier of the electronic digital signature is the first output of the cryptographic unit, and the output of the highlighting device it is connected to the third input of the electronic digital signature identifier and is the second output of the cryptographic block, the output of the signature key certificate store is connected to the first input of the electronic digital signature identifier, and the input of the signature key certificate store is the second input of the cryptographic unit.

Images