RU2659730C1 - Method of sharing the protected data - Google Patents

Abstract

FIELD: data processing.

SUBSTANCE: invention relates to electronic systems for storing, transmitting and processing information. method of sending protected data in electronic form, where cryptographic means of the distribution center and information recipients use hardware cryptographic modules; all actions of the parties are made on the protected hardware and software complex of the distribution center, and the cryptographic modules of the recipients, ready for use, are delivered via the delivery channels to the recipients of the protected data; access to the memory of the cryptographic module is protected by an individual password or key set by the distribution center, and access to each public key of the distribution center to form a pair of data encryption key or a separate piece of data is protected by an additional password or access key, also established by the distribution center; at some point the sending center informs the recipient of the password or the access key to the memory of the cryptographic module, and then the recipient of the information can access the public key of the distribution center to generate a decryption key for a particular piece of data, generate this key and decrypt the data.

EFFECT: technical result consists in improvement of level of security data.

11 cl

Description

The invention relates to electronic systems for storing, transmitting and processing information.

In many cases, in information and telecommunication systems of government and administration, in military and technological control and monitoring systems, in financial systems, in business, medicine, education and other areas of human activity, it is necessary to use publicly available telecommunication channels for transmitting important or sensitive data.

When transferring data in electronic form from one user of such a system to the channels of a public telecommunication network, it is required to ensure reliable protection of the data being transferred both from viewing by outsiders or substitution during transmission via communication channels, and from their substitution or unauthorized modification by the recipient. It is also required to provide the possibility of protection against potential denial in the future by the recipient of the fact of receiving a particular piece of data (file, message, etc.).

In other words, in systems with electronic data exchange via open communication channels, it is necessary to ensure confidentiality and reliable confirmation of the authenticity of each transmitted data block (i.e. its source and data invariance during transmission).

As characteristic examples of analogues of this kind, the methods described in the following applications can be considered: US patents - US 2016/0218880 A1, US 2006/195907 A1, US 2010/063895 A1, US 2002/138433 A1, US 2011/09335 A1, Chinese patent application - CN 102411814 (A), international application - WO 2012/146987 A1.

An analogue to the proposed method can also be considered the “Method of using a mobile phone and memory card with an additional processor for authentication and transaction confirmation” according to application RU 2010/144825 A1, which provides for the use of a mobile phone and memory card with an additional processor that performs cryptographic conversions, to generate and store protected one-time passwords used to authenticate users or specific transactions.

However, an essential distinguishing feature of this analogue, which consists in the fact that it is one-time passwords that are used for authentication of users and not data signed with an electronic signature, makes it fundamentally different from the proposed method.

In addition, the operating systems of modern mobile phones are already complex enough for them to become infected with malware (viruses, trojans, worms, exploits, etc.). examples of which are becoming more and more, as well as the ability to remotely control devices over the network.

With the authentication method according to the application RU 2010/144825, there is no A1, and in principle it cannot be possible to fully legally hear possible disputes between the parties only on the basis of electronic documents, and there is no question of transferring encrypted data with regulation by the access center after the moment they are received by the user.

In the course of the proceedings of such disputes, one has to appeal to the obligation of the user previously stipulated in the service delivery documents to assume responsibility for all operations confirmed by his one-time passwords and to trust any statement of the service provider that such confirmation really took place. It is clear that such a scheme for resolving possible disputes initially implies that the parties are unequal.

With a well-constructed line of defense, an independent user in such a system has a real chance of refusing, in the course of a trial or consideration of a dispute in arbitration, actually conducted by him. but which became unacceptable to him according to the results, data operations.

Another analogue to the claimed method is the "Method of making a financial payment transaction (options)" according to the application EA 2006/00717 A1, the versions of which, in particular, provide for the authentication of electronic transactions using cell phones when exchanging data between remote users over a wireless network communication.

However, a significant difference of this analogue is that a payment document confirming an electronic financial transaction (paper or electronic) is issued only in the financial processing center, and all actions of users - the author of the payment order and the financial institution performing the transaction, are authorized only on the basis of the traditional password technology without electronic documentation.

In addition, this analogue does not at all mean the protection of data transmitted in electronic form from being viewed by outsiders during their transmission via communication channels, nor does it mean the possibility of regulating the moment of access to the transmitted protected data of their legal recipient after receiving it.

Thus, in this case, two essential features of the proposed method qualitatively distinguish it from the analogue and allow to provide a new level of protection of electronic data in the system.

This makes the proposed method significantly different from any of the listed analogues according to the two characteristics described, which provide two new important qualities of the proposed method.

Another analogue selected as a prototype (to remove) to the claimed method is the utility model “Automated system for electronic signing of documents” according to the application RU 142709 U1 dated 02.20.2014, in which versions, in particular, confirmation of the authenticity of electronic communications is provided.

This utility model essentially offers a method for processing legally significant electronic documents using an electronic signature, the creation and verification of which is carried out only on a special electronic signature server, which provides a secure operating environment. The utility model itself is described essentially in the form of a block diagram of a computer program algorithm with an indication of the names of its specific software components and with links to specific software products that implement individual program modules.

This utility model does not deal with the protection of information transmitted in electronic form from unauthorized access during transmission through communication channels, and also does not address the issue of regulating the recipient's access to information after it is transferred to the recipient. These two significant differences of the feature of the proposed method make it qualitatively new and superior to all of the above analogues.

In addition, in the last analogue, it is impossible to carry out documentary confirmation in electronic form of the facts of receipt of electronic data and their authenticity by the recipients, since such confirmation is possible only on a secure electronic signature server of the entire automated system, which provides another significant difference between the proposed method and this analogue.

The closest analogue of the proposed method, selected as a prototype, it is proposed to consider the "System and method for the safe transfer of electronic data" on the application for US patent US 2016/0218880 A1, publ. 07/28/2016 on 19 pages, cl. H04L 9/32 (hereinafter - D1).

The independent claim 11 of the prototype formula is as follows:

“A method comprising:

receiving on the computer device of the recipient an encrypted packet sent by the computer device of the sender; this encrypted packet is signed by the electronic signature of the sender's computer device and includes: the selected information encrypted at the first level of encryption, its unique representation (in modern terminology, the hash value), signed by the electronic signature of the sender's computer device;

the formation of the first receipt, which includes signing a unique presentation of information (hash values) from the encrypted packet by electronic signature of the recipient's computer device;

sending the first receipt containing the signed hash value of the selected information to the first server;

and receiving a second receipt from the first server, this second receipt is generated from the first receipt created by the recipient's computer device. "

Both from the wording of the independent claim 11 of the prototype formula, and from all the wording of the ten dependent paragraphs of the prototype formula following it, namely -

"12. The method of claim 11, further comprising sending a verification request from a recipient's computer device to a second server, a verification request including an electronic signature of the sender's computer device and requiring authentication of the electronic signature of the sender's computer device.

13. The method of claim 12, further comprising accepting the response of the second server, a response confirming the authenticity of the electronic signature of the sender's computer device.

14. The method of claim 13, wherein the recipient's computer device sends the first receipt in response to an authentication confirmation of the electronic signature of the sender's computer device.

15. The method of claim 11, wherein the encrypted packet is further encrypted also with second level encryption.

16. The method of claim 11, further comprising decrypting the first level encrypted information in the encrypted packet in response to receiving a second receipt from the first server.

17. The method of claim 15, further comprising decrypting the second level in response to receiving a second receipt of the first server.

18. A method comprising:

formation on the computer device of the sender of a set of information selected by the user of the computer device of the sender;

the formation of a unique representation (hash value) of the selected information;

encryption of the selected information at the first level of encryption;

creation of an encrypted package consisting of a unique representation of the selected information (hash value) and information encrypted at the first level;

Signing the encrypted packet by electronic signature of the sender's computer device;

sending a signed encrypted packet over the network to the recipient's computer device;

and receiving the second receipt over the network from the server, the second receipt is generated from the first receipt received by the server from the recipient's computer device, while the first receipt includes a copy of the unique representation of the selected information (hash value) signed by the electronic signature of the recipient's computer device.

19. The method of claim 18, further comprising encrypting the selected information at a second level of encryption.

20. The method of claim 18, further comprising decrypting the first level of information encryption in the encrypted packet in response to receiving a second receipt from the server.

21. The method of claim 19, further comprising decrypting the second level of information encryption in the encrypted packet in response to receiving the second receipt from the first server "-

it clearly follows from the text of all the paragraphs of the prototype formula that the task of regulating the recipient's access to the information transmitted to him by the sender after its delivery to the recipient is not only not solved, but not even posed.

Moreover, as follows from the description of all the various variants of the procedure for generating encryption keys by the parties in the prototype, the recipient in any variant of the method, upon request of the prototype, is able to decrypt the received encrypted data packet immediately after receiving it. That is, he already has all the necessary information for decryption (parameters of encryption algorithms and keys) at that moment. We illustrate this with specific formulations from the prototype description text.

D1, paragraph [0014]: “An embodiment of the invention provides a method for the safe electronic transmission of data from a sender to a recipient, including, firstly, the process of calculating a“ unique presentation ”of a piece of information to be transmitted (usually in specialized literature this is called calculating its hash value) encrypting information at a first level of encryption and generating an encrypted packet that includes a hash value and a portion of information encrypted at a first level.

The encrypted packet is transmitted over the network from the sender and is received by the recipient.

The authenticity of the encrypted packet is verified and a receipt is generated using the information included in the encrypted packet.

The receipt is transmitted to the electronic marking server, which verifies the authenticity of the receipt. A receipt certified by the electronic marking server is forwarded to the sender and / or recipient. ”

D1, paragraph [0034]: “The sender and the receiver, each of which can be a workstation or a personal computer, PDA or any other device connected to the network, exchange information over the network via TCP / IP, WiFi, Bluetooth, or any other network protocol.

In one implementation, the CA server (Certification Authority) and the electronic marking server (EPM) are also provided. The CA serves as an element of the system that is used to confirm the identity of the participants and can use, for example, digital certificates of the X.509 format ”

D1, paragraph [0035]: “A digital certificate is a data structure that is used to identify subjects or objects of a communication system. Usually it includes a key pair - public / private keys (this is an error, according to the definition of the international standard X.509, a digital certificate includes only the public key and the owner’s identifier, certified by the electronic signature of the CA) and the certificate number, which is a pointer to search for certificates issued by the CA.

The public key can be made publicly available (published), while the private key must be kept securely protected from unauthorized access by its owner.

The document is signed by electronic signature (ES) by adding to it as a data string some special function of its contents and the private key of the signer. An electronic signature is a function of a private key of a signing user. When a user accepts a signed electronic document, he uses the corresponding public key to verify the electronic signature to decrypt the electronic signature. ”

D1, paragraph [0037]: "... Any encryption method, for example, Triple DES, which is an industry accepted standard, can be used."

D1, paragraph [0040]: "... Decryption of the encrypted packet of the first level can be performed before or after receiving confirmation from the CA server."

D1, paragraph [0043]: "... Encryption of the first level is performed using the recipient's public key ....".

D1, paragraph [0045]: “... First level encryption is applied to the information. This level of encryption uses a combination of the sender’s private key and the recipient’s public key using standard encryption methods .... "

D1, paragraph [0046]: “... With a certified receipt from the EPM server, the recipient can decrypt the first level encryption with the confidence that the transaction was secure and the parties were confirmed .... Functionally, the recipient is not required to wait for the receipt to decrypt the encrypted packet of the first level. This step can be done immediately after sending the confirmation to the EPM server. ”

The technical result provided by the invention is to increase the overall level of data protection, including a new opportunity for the sender of information - to provide the recipient with access to certain sections of the transmitted information at exact times specified by the sender, even after receiving all the information by the recipient, as well as achieving any ( remove) the required level of information protection from unauthorized access to it during transmission through communication channels and storage by recipients up to the moment of opening access to her sender.

The specified technical result is ensured by the following set of essential features. A method for sending protected data in electronic form, which includes one or more distribution centers and a predetermined or variable set of senders and recipients of protected data, in which the information sent, processed and stored is presented in the form of sequences of electromagnetic pulses and processed on electronic devices of users with cryptographic means; the data sent is generated in the form of separate batches of electromagnetic pulses, signed by electronic signature and encrypted by the sender for a particular recipient on separate keys specific for a given pair of interacting parties; the following sequence of actions is performed to implement the proposed method:

1. the distribution center generates in the protected memory of its cryptographic tool the key pairs “private key - public key” for generating pair keys of symmetric data encryption between this distribution center and a specific recipient (the keys are generated using the Diffie-Hellman method);

2. the recipient generates key pairs “private key - public key” in the protected memory of his cryptographic tool to generate decryption keys for the data received by him from the distribution center;

3. public keys for generating encryption keys for information transmitted from the distribution center to the recipients are exported from the memory of the cryptographic means of the distribution center to the protected memory of the sender data processing means for further work with them;

4. The recipient exports the public keys for generating the decryption keys from the protected memory of his cryptographic means and transfers them to the distribution center, from which he will receive encrypted data;

5. the distribution center encrypts the data for a specific recipient on a pair of data encryption key developed by the Diffie-Hellman method between this distribution center and this recipient; for various separate parts of the transmitted data (files, blocks, individual messages), different keys can be generated by the sender and receiver;

6. Information encrypted for a particular recipient is transmitted from the distribution center to this recipient.

The claimed method differs from analogs and prototypes in that in order to ensure the ability to control from the data sender (distribution center) the moment the recipient accesses the data transmitted to him (to a specific part thereof) even after they are delivered to the recipient, the claimed method also provides for the following actions and their sequence:

7. public keys of the distribution center to generate encryption keys for information from the distribution center to specific recipients, after their generation, are stored in the protected memory of the electronic data processing device of the distribution center or transmitted to the recipients (together with the protected information or separately) in encrypted form on separate encryption keys keys;

8. hardware cryptographic modules (USB tokens, smart cards, HSM modules) are used as cryptographic tools of the distribution center and information recipients; all actions of the parties, performed sequentially at stages 1-5, are performed on the secure software and hardware complex of the distribution center, and the cryptographic modules of the recipients, ready for use, are delivered through the delivery channels to the recipients of the protected data; access to the memory of the cryptographic module is protected by an individual password (key) set by the distribution center, and access to each public key of the distribution center to generate a pair of data encryption keys (a specific part of the data) is protected by an additional password (access key) also set by the distribution center;

9. at some point, the distribution center informs the recipient of the password (key) for accessing the cryptographic module’s memory, as well as passwords (access keys) for accessing only those public keys for generating paired data encryption keys that allow generating data decryption keys and decrypting them only specific pieces of data defined by the distribution center; only after this, the recipient of information can access the public key of the distribution center to generate the decryption key for a specific part of the data, generate this key and decrypt the data.

Private essential features are:

- all actions of the parties, performed sequentially at stages 1-5, are performed directly on the protected software and hardware complex of the distribution center and the cryptographic tools of the user with keys stored in their memory, ready for use, are delivered through the delivery channels to the protected data recipients.

- at step 4, in addition to the public key for verifying the electronic signature of the distribution center, the public keys of the distribution center are also written in the memory of the user’s cryptographic tools to generate paired encryption keys for the data sent to the user, and access to the individual public encryption keys for the data in the distribution center in the memory of the user’s cryptographic means is protected by passwords that are reported to the user only at moments determined by the distribution center.

- cryptographic tools are made in the form of hardware USB tokens that can create and verify electronic signatures, perform data encryption and generate keys for these cryptographic transformations.

- hardware cryptographic USB tokens are used as cryptographic tools of the distribution center and the user of information, all actions of the parties, performed sequentially in steps 1-5, are performed on the protected software and hardware complex of the distribution center, and user USB tokens, ready for use, are delivered via reliable delivery channels to protected data recipients; access to the token memory is protected by the recipient’s individual password, and access to each public key to generate a pair of data encryption keys is protected by an additional password; at a certain moment, the distribution center informs the recipient of the access password for the token memory, as well as access passwords for only those public keys for generating pair data encryption keys that allow generating pair encryption keys and decrypt only specific blocks of data opened to the recipient.

- as a software-hardware or hardware cryptographic means of the distribution center, hardware security modules - “HSM-modules” are used that implement all cryptographic functions at the hardware level in their own securely protected operating environment.

- the direct public key of the verification of the distribution center ES generated in stage 1 is recorded in the protected memory of the user's cryptographic tool without the possibility of exporting it.

- the cryptographic conversions implemented by the recipients during access and data processing are performed by the software module directly in the control unit of the electronic data processing device, and the cryptographic facility in the form of a personal USB token serves only to generate and store keys for these transformations,

- in addition to confirming the fact of receipt and authenticity of a particular piece of data from the distribution center, the user at step 9 can also generate other electronic documents, for example, by scanning paper documents on his electronic data processing device, sign them with his electronic signature, and protect them with encryption using his USB-tokens and transfer them to the center via publicly available open telecommunication channels,

- at step 5, each individual concrete piece of data is encrypted by the distribution center on a separate key, which is closed by a password or access key to this key and placed by the center in the protected memory of the user token; the token with the public key of checking the distribution center ES and protected passwords with encryption keys is transmitted to the user; Information signed and encrypted for this recipient is delivered to him from the center; the password for accessing the encryption key of a particular piece of data is communicated to the user.

- at stages 1-9, the parties use isolated computers without connecting to local networks and without access to the global Internet; protected (signed by the center’s EP and encrypted) information and keys for access to it are recorded by the distribution center directly in the memory of the recipient's hardware cryptographic module (USB token), tokens are physically delivered to the recipient and connected directly to his data processing device (computer, printer, scanner, tablet), and passwords or keys for accessing the token memory and for individual keys for generating encryption / decryption keys are communicated to the user by the center in a distribution center defined oment.

- the public key of the verification of the electronic signature of the distribution center is generated and written directly to the protected memory of the recipient's cryptographic means, and the public key of the verification of the electronic signature of the recipients and public encryption keys of the data to these recipients are generated and written to the protected memory of the cryptographic means of the distribution center on the protected software and hardware complex of the distribution center and ready-to-use cryptographic means of the recipients are delivered through the delivery channels to the recipients of the protected data; the information signed and encrypted for the given recipient at stage 6 is delivered to him from the distribution center; public keys for access to it are transferred to the recipient through open channels at a time determined by the distribution center.

- there are certification centers in the system (CA, see [2, 3]), the function of which is to certify with an electronic signature that the public keys of the distribution center and the public keys of the recipients are authentic; the actions in steps 1-5 are performed on the secure software and hardware complex of the CA and the cryptographic tools of the distribution center and recipients ready for use are delivered via delivery channels to information distribution centers and protected data recipients,

- there are certification centers (CAs) in the system whose function is to certify by electronic signature that the public keys of the distribution center and the public keys of the recipients are authentic; the actions of the parties at stages 1-6 are as follows: the distribution center generates a key pair (“private key - public key”) in the protected memory of its cryptographic tool to create and verify its electronic signature and key pairs to generate data encryption keys between the distribution center and by each specific recipient, the distribution center draws up applications to the CA for issuing certificates of the public keys created by it and transmits a certificate of verification of its electronic signature to all recipients, and certificates of its public encryption keys stores in protected memory; the recipient generates a key pair (“private key - public key”) in the protected memory of his cryptographic tool to create and verify its electronic signature and key pairs to generate data encryption keys when exchanging information with the distribution center; the recipient forms an application in the CA for issuing certificates of his public keys, receives certificates from the CA, and transmits these certificates to the distribution center; the mailing center verifies the authenticity of the recipient’s public key certificates, saves the recipient’s ES verification certificates at home, generates pair information encryption keys for each recipient based on the recipient’s public keys and their private keys, encrypts the transmitted information on them and sends it to the recipients; the recipient upon gaining access to the certificates of the public encryption keys of the data of the distribution center generates the keys to decrypt the data and decrypts them, confirms the fact of receiving information by a message to the distribution center with his electronic signature and sends it to the distribution center; however, this message serves as a documentary confirmation of the fact of receiving information in case of possible disputes.

- each participant in the system has cryptographic tools that allow him to perform all the actions in steps 1-5, regardless of the actions of the distribution center and the actions of other users, and the transfer between users of public keys for mutual verification of electronic signature and public keys to generate encryption keys for information is encrypted a cryptographic means manufacturer is using a single key encryption key for all participants in the system, which is generated and written to the protected memory of devices It is essential in their production.

The method represents an unambiguous sequence of actions on sets of electrical signals, the most significant part of which is the implementation of electronic signatures (ES) and encryption of individual pieces of data (files, e-mail messages, etc.).

An electronic signature of any user under any data block (file, e-mail, bit string, etc.) is uniquely determined by the content of the data being signed and a unique personal set of user data, with the help of which any electronic signature is generated (this data is called “closed” the key to creating ES ”).

The sequence of actions on the sets of electrical signals for creating and checking the electronic components under a specific data block is described in the form of the following steps:

- stage of special compression (hashing) of data;

- the stage of creating a unique set of electrical signals, called the ES of this user under a specific data block;

- procedures for unambiguously verifying that a particular user’s ES was really created using his personal information to create an ES (private key to create an ES of this user) and the specific data block to which it relates.

The procedures for converting electrical signal sequences corresponding to hashing of the signed data, creation and verification of electronic signatures of the parties can be performed in accordance with the current official state standards of the Russian Federation or similar international standards, as well as in accordance with other methods agreed upon by the parties.

At the same time, to create private keys for creating an electronic signature and corresponding public keys for checking electronic signature, individual elements or the entire method called “Method and device for obtaining and storing a personal digital certificate and a method for secure exchange of digital information” according to Eurasian patent EA 200501605 can be used.

If necessary, prepare electronic documents that comply with the laws of the Russian Federation, any other methods of obtaining and storing key information that ensure compliance with all requirements of the federal law of the Russian Federation “On electronic signatures” - FZ-63 of 04/06/2011 can be used for these purposes [2 ], and other regulatory documents accompanying it.

The procedures for converting sequences of electrical signals corresponding to encryption / decryption of protected data can be performed in accordance with the current official state standards of the Russian Federation or similar international standards, as well as in accordance with other agreed parties with reliable encryption methods.

The hardware external means of electronic signature and data encryption make it possible to more reliably protect oneself from malware or external attacks than any solutions that implement these procedures in the form of computer programs. This is true both for application programs and for system libraries of almost all modern operating systems (OS), which are an integral part of these OSs. Therefore, all computer software solutions with the implementation of ES technology and data encryption are subject to numerous well-known attacks.

A separate external personal device for generating and storing ES keys, as well as for creating and verifying ES and data encryption, is usually usually issued in the form of a smart card or USB token. Smart cards are plastic cards with an integrated chip. In most cases, smart cards contain a microprocessor and an operating system that controls the device and access to objects in its memory. In addition, modern smart cards, as a rule, have the ability to effectively perform many cryptographic transformations of information at the hardware level.

The purpose of smart cards is user authentication when accessing the card processor and data stored in its memory, generating and storing in a secure form key information for cryptographic procedures, and performing cryptographic transformations directly inside the processor in a trusted environment.

The USB token functionally represents the same internal “stuffing” of the smart card and the USB reader combined in one housing.

The distribution center (s) has encryption (cryptographic) tools that can create and verify electronic signatures, encrypt / decrypt data and generate keys for these cryptographic transformations.

The center (centers) provides a trusted environment for processing information in which data is formed in the form of separate portions (files, data blocks, messages, bit strings), signed by the electronic signature and encrypted in accordance with accepted methods.

Recipients of the distributed data have personal hardware encryption (cryptographic) means made in the form of smart cards or USB hardware tokens that can create and verify electronic signatures, encrypt / decrypt data and generate all the keys necessary for these cryptographic transformations.

Recipients also have automated information processing devices (printers, scanners, MFPs) that allow you to connect hardware encryption (cryptographic) tools directly through the device’s USB port or reader and manage their functions through commands from the control module of the information processing device.

The sequence of actions of the parties in the course of protecting individual pieces of data and sending secure data is as follows.

The distribution center generates a key pair (“private key - public key”) for creating and verifying its electronic signature (ES) (for example, according to the standard [5]) and key pairs for generating encryption / decryption keys for data for each specific recipient, for example, Diffie-Hellman protocol [1] or RSA method [4], or any other known method of generating a pair encryption key (these can be different key pairs for encrypting / decrypting different individual files or data blocks for one recipient) [6].

Each recipient generates a key pair (“private key - public key”) in the protected memory of his smart card or USB token to create and verify its electronic signature and key pairs for generating pair encryption / decryption keys for data using the Diffie-Hellman protocol [1] , or by the RSA method [4], or by any other method known in modern cryptography [6].

The parties exchange public cryptographic keys. This can be either a process of direct exchange of public keys, or mediated by the issuance of certificates for public keys in a CA agreed by the parties [2, 3].

The center sends the user only a certificate of its public key (public key) for verifying the ES, and the recipient sends to the center, in addition to the certificate of its public key for verifying the ES (the public key for verifying the ES), also a public key certificate (the public encryption key, OKS) to generate the encryption data.

The certificate of the public key (public encryption key, OKSh) of the center for generating a pair data encryption key will be transmitted to the recipient later, at the moment determined by the center.

The public keys (public key certificates) of the parties can be transmitted through any available channels, for example, via the Internet, by mail, or even dictated by voice over the telephone or radio, if they can be entered into the cryptographic module in any way. Since they do not contain confidential information, it is only important that they are transmitted to the other party reliably and in a timely manner.

The further sequence of actions of the parties is as follows.

The distribution center signs the data (file, a specific data block, message) for a specific recipient with its electronic signature and encrypts it on a pair of data encryption keys generated by the Diffie-Hellman protocol between the distribution center and this recipient.

Signed and encrypted information for this recipient is delivered to him from the distribution center by any available delivery method.

At the specified time, the distribution center sends to the recipient (or makes available on the distribution center website) a certificate containing a public key for generating a pair of data encryption keys from the center to this recipient.

Or, public key certificates (or these public keys themselves) are written to the recipient’s token memory to generate paired data encryption keys for token holders and access to individual keys (or key certificates) in the token memory is protected by passwords (PIN codes) that are sent to the recipient only at moments determined by the distribution center.

It is also possible that all encryption keys are generated and written to recipient tokens in the center, locked (encrypted) on keys received from passwords, and the recipient is informed of the password (passwords) for access to specific encryption keys only at time points determined by the distribution center.

Another example of the actions of the parties.

The recipient checks the validity of the received certificate of the center encryption public key, if the certificate is valid, it extracts this public key from the certificate, generates a pair key for decrypting the data received from the distribution center using the Diffie-Hellman protocol, and decrypts the data. Validation of the certificate of the center encryption public key certificate is carried out by checking the certification authority's ES under this certificate.

This check can be done in another way. For example, generate a decryption key from the center to a specific recipient and verify its correctness by decrypting some test message.

Then, the recipient checks the validity of the certificate with the public key of checking the distribution center’s ES, the certificate validates the distribution center’s ES under decrypted data, if it is correct, forms a confirmation of the fact that the data has been received and its authenticity in the form of an electronic message stipulated by the parties, signs a confirmation of their ES and sends it to distribution center;

The parties shall keep, as electronic documents, together with the electronic document that issued each of these electronic documents, the parties, copies of specific portions of electronic data (files, messages) received from the partner.

In addition, if necessary, the parties also keep copies of confirmations of the facts of receipt by the opposite party of specific pieces of data and their authenticity in advance at a predetermined time and use these electronic documents in accordance with the procedures agreed upon by the parties and the arbitrator as evidence when considering disputes.

The format of electronic documents in this distribution method is not important. It can be installed in accordance with external requirements (standards or regulations) or by agreement of the parties.

In the proposed method, a full change of all keys is possible any number of times during the period of use of the smart card or token by the recipient, and even in one session of transferring protected data for different files, various encryption and electronic signature keys can be used. The claimed method does not have technical limitations for this.

In practice, the frequency of changing the keys of electronic signatures of users and distribution centers, as a rule, is not large. The validity period of ES keys and the corresponding public key certificate in existing systems is usually set from one to three years. This is considered quite sufficient to ensure the security of ES technology and quite convenient and economically justified for systems with a large number of users.

They endeavor to make the data encryption keys as short as possible, since this means that the amount of data transmitted encrypted on the same key is also reduced.

The last parameter is considered one of the most important in assessing the strength of any encryption system. Therefore, from the point of view of assessing the reliability of protection of transmitted encrypted data from unauthorized access in the channel or during storage until it is decrypted by the recipient, the lifetime of each encryption key should be made as short as possible. Variants of the proposed method make it possible to achieve, at any desired frequency, the change of encryption keys without significantly increasing the cost of this.

Variants of the proposed method in which certification centers are used allow achieving a higher degree of non-repudiation of the parties from electronic documents signed by the electronic signatures of the parties, since in this case the CA acts not only as a provider of public key certificates for verification of electronic signatures, but also as a provider of list maintenance services revoked certificates, and may also act as an independent third party in resolving disputes between parties on electronic documents.

List of used literature:

[1] W. Diffie, M. Hellman. New Directions in Cryptography, IEEE Transactions on Information Theory, 22, 5 (1976), p. 644-654.

[2] Federal Law “On Electronic Signatures”, April 6, 2011, FZ-63.

[3] Order of the Federal Security Service of Russia dated December 27, 2011 No. 796 “On the Approval of Requirements for Electronic Signature Means and Requirements for Certification Authority Facilities”.

[4] R.L. Rivest, A. Shamir, L. Adleman. On Digital Signatures and Public Key Cryptosystems, Technical Memo 82, Laboratory for Computer Science, Massachusetts Institute of Technology, April 1977.

[5] GOST P 34.10 - 2012, Information technology. Cryptographic information security. The processes of formation and verification of electronic digital signatures. Moscow, Standartinform, 2012.

[6] A. Menezes, P. van Oorschot, S. Vanstone. Handbook of Applied Cryptography, CRC Press, NY, 1996.

Claims (28)

1. A method of sending protected data in electronic form, providing for one or more distribution centers and a predetermined or variable set of senders and recipients of protected data, in which the information sent, processed and stored is presented in the form of sequences of electromagnetic pulses and processed on electronic devices of the recipients and Cryptographic distribution centers the data sent is formed in the form of separate batches of electromagnetic pulses and is encrypted with a symmetric data encryption algorithm, for which the distribution centers and recipients perform the following actions when generating keys and encrypting / decrypting data: 1.1 the distribution center generates in the protected memory of its cryptographic means the key pairs “private key - public key” for generating pair keys of symmetric data encryption between this distribution center and a specific recipient; 1.2 the recipient generates in the protected memory of his cryptographic tool the key pairs “private key - public key” to generate decryption keys for the data that he receives from the distribution center; 1.3 public keys for generating encryption keys for information transmitted from the distribution center to the recipients are exported from the cryptographic means of the distribution center; 1.4 the public keys for generating the decryption keys for the data the recipient exports from the protected memory of his cryptographic means and transfers to the distribution center, from which he will receive encrypted data; 1.5 the distribution center encrypts the data for a specific recipient on a pair of data encryption key developed by the Diffie-Hellman method between this distribution center and this recipient; for different parts of the transmitted data, different keys may be generated; 1.6 information encrypted for a particular recipient is transmitted from the distribution center to this recipient; characterized in that in order to ensure that it is possible for the sender to control the moment of the recipient’s access to the data transmitted to him or to a specific part of them even after they are delivered to the recipient, the inventive method also provides for the following elements and sequence of actions: 1.7 public keys for generating encryption keys for information from the distribution center to specific recipients, after their generation, are stored in the protected memory of the electronic processing device of the data of the distribution center or transmitted to the recipients, together with the protected information or separately from it, in encrypted form on separate keys of the encryption keys; 1.8 as cryptographic tools of the distribution center and recipients of information, hardware cryptographic modules are used; all actions of the parties, performed sequentially in steps 1.1-1.5, are performed on the secure software and hardware complex of the distribution center, and the cryptographic modules of the recipients, ready for use, are delivered through the delivery channels to the recipients of the protected data; access to the memory of the cryptographic module is protected by an individual password or key set by the distribution center, and access to each public key of the distribution center to generate a pair of data encryption keys or a separate part of the data is protected by an additional password or access key also set by the distribution center; 1.9 at some point, the distribution center informs the recipient of the password or access key to the memory of the cryptographic module, as well as passwords or access keys to provide access to only those public keys for generating paired data encryption keys that allow generating data decryption keys and decrypting only specific ones pieces of data defined by the distribution center; only after this, the recipient of information can access the public key of the distribution center to generate the decryption key for a specific part of the data, generate this key and decrypt the data. 2. The method according to p. 1, in which each participant in the secure data distribution system has cryptographic tools that allow him to perform all the steps in steps 1.1-1.5, regardless of the actions of the distribution center and the actions of other users, and transferring public keys between users to generate keys encryption / decryption of information is carried out in encrypted form on a single key encryption key for all participants in the system; the key encryption key is generated and written into the protected memory of the devices by the manufacturer of these cryptographic tools directly during their production. 3. The method according to claim 1, characterized in that the hardware-based security modules - “HSM-modules” that implement all the cryptographic functions in their own securely protected operating environment at the hardware level are used as software-hardware or hardware cryptographic tools of the distribution center. 4. The method according to claim 1, characterized in that the public keys of the distribution center for generating data encryption keys generated in step 1.1 are written directly to the protected memory of the recipient’s cryptographic hardware without the possibility of exporting them and are protected by passwords or access keys that are transmitted to the recipient separately at a certain moment in time for the recipient to open access to encrypted data. 5. The method according to p. 1, characterized in that all cryptographic conversions implemented by the recipients during access and data processing are performed by the software module directly in the control unit of the electronic data processing device, and the cryptographic tool is in the form of a personal USB token or smart card serves to generate and store keys of these transformations. 6. The method according to p. 1, characterized in that in addition to confirming the fact of receiving the data and decrypting it, the recipient also confirms the authenticity of a specific portion of the data received from the distribution center, for which, during the implementation of the proposed method, the following sequence of actions is additionally performed by the parties: at step 1.1, the distribution center generates a key pair “private key - public key” in the protected memory of its cryptographic tool to create and verify its electronic signature; at step 1.2, the recipient generates a key pair “private key - public key” in the protected memory of his cryptographic tool to create and verify his electronic signature; at step 1.3, the public key of the electronic signature verification of the distribution center is exported from the memory of the cryptographic means of the distribution center and transmitted to the recipients to whom the secure electronic data will be sent; at step 1.4, each recipient exports the public key of the verification of his electronic signature from the protected memory of his cryptographic facility and transfers it to the distribution center; at step 1.5, the distribution center signs electronic data or portions thereof with its electronic signature; at step 1.6, the information signed by the electronic signature of the distribution center and encrypted for a particular recipient is transmitted from the distribution center to this recipient; at step 1.9, the recipient generates electronic confirmation of the receipt and authenticity of the transmitted data, and can also generate other electronic documents, for example, by scanning paper documents on his electronic data processing device, sign them with his electronic signature, protect them with encryption using his hardware cryptographic module on the generated pair key of data encryption and transmit them to the center through publicly available open telecommunication channels. 7. The method according to p. 6, characterized in that at step 1.5 each selected specific piece of data is encrypted by the distribution center on a separate key, the public key of the center for generating this encryption key is closed with a password or access key and placed by the center in the protected memory of the hardware cryptographic module ( token, smart card) of the recipient; a token or smart card with a public key for verifying the electronic signature of the distribution center and secure passwords or access keys, public keys of the center to generate data encryption keys, is transmitted to the recipient; Information signed and encrypted for a given recipient is delivered to him from the center via any available delivery channel; passwords for access to the center’s public keys for generating encryption keys for specific pieces of data are communicated to the user by the center separately through any available channels at precisely defined times by the center. 8. The method according to p. 6, characterized in that in steps 1.1-1.9 the parties use isolated computers or other data processing devices without connecting to local networks and without accessing the global Internet, but allowing physical connection of hardware cryptographic modules; protected information signed by the electronic signature of the center and encrypted for a specific recipient, and keys for access to it are recorded by the distribution center directly in the memory of the hardware cryptographic modules of the recipients, the hardware cryptographic modules are delivered to the recipients by the delivery service and physically connected to the recipient's data processing devices, isolated computers, printers , tablets, and passwords or keys for access to hardware cryptographic modules and passwords or keys for access The individual public keys of the center for generating encryption keys for the data are communicated to the recipients by the distribution center at time-points determined by the center. 9. The method according to claim 6, characterized in that the public key of the electronic signature verification of the distribution center is generated and written directly into the protected memory of the cryptographic means of the recipients, and the public keys of the recipients to verify their electronic signatures and to generate encryption keys for these recipients are generated and written into the protected memory of the cryptographic means of the distribution center on the protected software and hardware complex of the distribution center and ready-to-use cryptographic tools receive Atels with electronic signature of the distribution center recorded in their memory and encrypted data are delivered via physical delivery channels to the recipients in step 1.6; public keys of the distribution center for the generation of paired keys for data encryption are transmitted to the recipient through any available communication channels at time points determined by the distribution center. 10. The method according to p. 1, characterized in that the secure data distribution system contains specially designated certification authorities (CAs) whose function is to generate key pairs for creating and verifying electronic signatures, key pairs for generating data encryption keys, and also an electronic signature that the public keys for verifying electronic signatures of distribution centers and the public keys of distribution centers for generating encryption keys and the public keys of recipients are authentic; CA actions at stages 1.1-1.5 are performed on the secure software and hardware complex of the CA and ready-to-use cryptographic tools of the distribution centers and data recipients are delivered via delivery channels to information distribution centers and protected data recipients. 11. The method according to p. 1, characterized in that the system contains certification authorities, the function of which is to certify by electronic signature that the public keys of the distribution centers and the public keys of the recipients are authentic; the actions of the parties in steps 1.1-1.5 are as follows: the distribution center generates in the protected memory of its cryptographic means a key pair “private key - public key” for creating and verifying its electronic signature and key pairs for generating encryption keys for data between the distribution center and each specific the recipient; the mailing center draws up applications to the CA for the issuance of digital certificates of the public keys created by it and transmits a certificate of verification of its electronic signature to all recipients, and stores the certificates of its public keys for generating data encryption keys in the protected memory of its software and hardware data processing complex; the recipient generates in the protected memory of his cryptographic tool a key pair “private key - public key” for creating and verifying his electronic signature and key pairs for generating keys for decrypting data; the recipient forms an application in the CA for issuing certificates of their public keys, receives their certificates from the CA, and transfers these certificates to the distribution center; the mailing center verifies the authenticity of the recipient’s public key certificates, verifying the authenticity of the ES of the certification center, saves the recipient’s ES verification certificates at home, generates pair data encryption keys for each recipient based on the public keys of the recipients for generating data encryption keys and its private keys for generating data encryption keys encrypts the transmitted information on them and sends it to the recipients; the recipient upon gaining access to the center’s public key certificates for generating data encryption keys generates keys for decrypting the data and decrypts them, confirms the fact of receiving the information and its authenticity with a message to the distribution center with its electronic signature and sends it to the distribution center; This message serves as a documented legally recognized confirmation of the fact of gaining access to information and its authenticity in case of possible disputes.