Rutoken plugin. What is a root plugin

Rutoken plugin. What is a root plugin
Rutoken plugin. What is a root plugin
30.11.2019

Rutoken Plugin is a tool electronic signature, encryption, and two-factor authentication for Web and SaaS services. The product uses the hardware implementation of Russian cryptographic algorithms "on board" devices Rutoken EDS, Rutoken Web and Rutoken PINPad. Rutoken Plugin is compatible with the solutions of Russian CIPF manufacturers and can be used in information systems, which use digital certificates and PKI infrastructure.

What is Rutoken Plugin

In Rutoken Plugin as a means cryptographic protection and strict two-factor authentication is a USB token or other device in which Russian cryptographic algorithms are implemented in hardware. To work in the browser context, a cross-platform and multi-browser plug-in is used - a special functionality extension supported by all browsers. Rutoken Plugin implements the following information protection mechanisms:

  • two-factor authentication in the Web service using a USB token,
  • encryption of data exchange between the browser and the Web service in accordance with GOST 28147-89,
  • electronic signature of data according to GOST R 34.10-2001,
  • data integrity control by calculating the hash function according to GOST R 34.11-94,
  • differentiation of access to Web service resources based on digital certificates.

For integration with systems using digital certificates and PKI infrastructure, the product supports:

  • X.509 digital certificates,
  • PKCS#10 certificate requests,
  • signing and encrypting data in CMS format.

Rutoken Plugin uses only APIs built into the browser and does not require the installation of additional components, frameworks and platforms such as Java, Microsoft Silverlight and others.

Interaction with USB devices

Rutoken Plugin supports Rutoken EDS, Rutoken Web and Rutoken PINPad devices. The most common is to use the plugin along with USB tokens. At the same time, USB tokens work through a standard driver, which is available as part of modern operating systems. In order for the operating system to recognize the token, it is enough to connect it to the USB port of the computer.

Rutoken Plugin is a standard browser extension - Active X for IE and NPAPI plugin for other browsers. The plugin installer is implemented as
one-click-installer, that is, it does not require the user to select any options. Also, no rights are required to install the plugin. system administrator. When a user enters the site, the plugin is loaded onto a Web page, and after that, its functions can be called from page scripts.

For encryption, hashing and electronic signature, the plugin accesses the token directly, and all cryptographic operations occur at the hardware level. It should be noted that the plugin has the ability to programmatically encrypt and calculate a hash function to speed up operations. Since crypto operations are performed "on board" the device, the keys are non-retrievable (not loaded into RAM computer), and they cannot be stolen without physically seizing the token from the user. But even in this case, the attacker will be limited by the need to know the unique PIN.

In addition to working with USB tokens, Rutoken Plugin supports working with Rutoken PINPad, a TrustScreen class device for remote banking, which allows you to perform the most critical transactions with their visual control in a trusted environment. Since Rutoken PINPad also performs the functions of a cryptographic token, its interaction with Rutoken Plugin is similar to the interaction of a USB token and a plug-in.

Purpose

Security of remote banking systems

An important area of ​​application for Rutoken Plugin is the security of remote banking systems (RBS). The solution provides:

  • strong authentication of the client when accessing the personal account,
  • confirmation of payments and transactions using an electronic signature,
  • encryption of payment orders,
  • visual control of payment documents before signing in a trusted environment (when used with Rutoken PINPad),
  • secure storage of keys personal account user.

The flagship device for the banking sector is Rutoken PINPad, which allows you to successfully resist all known attacks on client sites of remote banking systems. Rutoken PINPad combines the functions of a cryptographic token and a TrustScreen device for viewing payments before signing them, as well as for securely entering a PIN code. Rutoken Plugin allows you to integrate Rutoken PINPad into remote banking systems with a Web interface.

Protection of personal information

When using Rutoken Plugin in conjunction with Rutoken EDS, a certified USB token acts as a means of cryptographic information protection (CIPF) and a means of protection against unauthorized access (UAS):

  • Rutoken EDS is certified by the FSTEC for NDV4, which allows it to be used to protect information from unauthorized access in ISPDN up to class 1 inclusive in accordance with the requirements of the FSTEC and FZ-152 norms, as well as in information systems up to security class 1G inclusive;
  • Rutoken EDS is certified by the FSB as CIPF according to class KS2, which allows it to be used as an encryption tool in accordance with PKZ2005 to protect confidential information and personal data;
  • Rutoken EDS is certified for compliance with 63-FZ and the requirements for electronic signature tools approved by Order of the Federal Security Service of Russia dated December 27, 2011 No. 796, which allows it to be used as a means of a qualified electronic signature when organizing legally significant electronic document management.

Thus, Rutoken Plugin can be used to protect information in accordance with the requirements of regulators and legislation. Its areas of application are:

  • protection of personal data of patients of medical institutions,
  • protection of personal data of students of schools and universities,
  • protection of information in systems for the provision of public services and municipal services in electronic form,
  • security and giving legal significance to corporate electronic document management.

Access Licensing

In some cases, Web services provide access to knowledge bases that contain a company's intellectual property. This intellectual property has a price, so access to it is limited and provided for a fee. The Company is interested in ensuring that only one person can use one issued access license.

The use of two-factor authentication in a Web service using a USB token makes it much more difficult for several people to access one account, since for this they will need to constantly exchange the device itself. Unlike authentication using a login-password link, in some cases this can be an insurmountable obstacle, and the complexity of solving the problem will lead to the purchase of additional accounts.

Architecture

Characteristics

installation
  • Rutoken Plugin is distributed as an MSI package for Windows and
    PKG package for Mac OS X. For Linux OS, the plugin is distributed as binary files. For successful work, the user does not need to install any additional software, system administrator rights, or set up a workplace.
Supported Platforms
  • Windows XP SP3 (x86 only), Windows Vista, Windows 7, Windows 8.
  • Mac OS X 10.6, Mac OS X 10.7, Mac OS X 10.8.
  • Ubuntu 10.04, Ubuntu 12.04, Alt Linux 6, Debian 6 Squeeze, Astra Linux, CentOS 6.2, can be used on other Linux distributions.
Supported Browsers
Supported Devices
  • Rutoken EDS.
  • Rutoken Web.
  • Rutoken PINPad.
Used cryptographic algorithms and formats
  • Encryption according to GOST 28147-89.
  • Calculation of the hash function according to GOST R 34.11-94.
  • Electronic signature according to GOST R 34.10-2001.
  • Calculation of the agreement key according to the scheme VKO GOST 34.10-2001.
  • X.509 digital certificate format.
  • The certificate request format is PKCS#10.
  • Format of signed and encrypted CMS messages.

Rutoken Plugin is a solution for electronic signature, encryption and two-factor authentication for Web and SaaS services. The plugin uses the hardware implementation of Russian cryptographic algorithms for electronic identifiers and smart cards of the family Rutoken EDS 2.0, EDS PKI and Rutoken PINPad . Rutoken Plugin is compatible with the solutions of Russian CIPF manufacturers and can be used in information systems that use digital certificates and PKI infrastructure. Certified by FSTEC of Russia as part of PAK Rutoken.

Rutoken Plugin uses a USB token or other device in which Russian cryptographic algorithms are implemented in hardware as a means of cryptographic protection and strong two-factor authentication. To work in the context of a browser, cross-platform and multi-browser technologies are used, which make it equally convenient to work with an electronic signature in a browser, regardless of the one used. operating system.

Rutoken Plugin allows you to implement the following information protection mechanisms:

  • two-factor authentication in a Web service on a hardware carrier;
  • encryption of data exchange between the browser and the Web service according to GOST 28147-89;
  • electronic signature according to GOST R 34.10-2001 and GOST R 34.10-2012 (256 and 512 bits) and RSA;
  • calculation of the hash function according to GOST R 34.11-94 and GOST R 34.11-2012 (256 and 512 bits);
  • differentiation of access to Web service resources based on digital certificates.

For integration with systems using digital certificates and PKI infrastructure, the product supports:

  • X.509 digital certificates,
  • PKCS#10 certificate requests,
  • signing and encrypting data in CMS format, including for multiple recipients.

Rutoken Plugin is installed and works with user rights and uses only the features and API built into the browser. Rutoken Plugin does not require the installation of proxy tools and additional components, frameworks and platforms such as Java, Microsoft Silverlight, etc.

The Rutoken Plugin installer is implemented as a simple one-click-installer, that is, it does not require administrator rights or user selection of any options. When a user visits a secure site, the Rutoken Plugin is automatically loaded onto a Web page, and after that its functions can be called from page scripts.

Interaction with USB devices

Rutoken Plugin works with hardware identifiers and smart cards of the Rutoken EDS 2.0 family, PKI EDS and Rutoken PINPad. All these devices work through standard drivers that are included with all modern operating systems. In order for the Rutoken Plugin to recognize the device, just connect it to the computer's USB port or insert a smart card into the reader.

With hashing and electronic signature, the Plugin refers directly to the token, and cryptographic operations occur at the hardware level. The plugin also has the ability to programmatically calculate a hash function to speed up the operation. Due to the fact that the electronic signature operation is performed "on board" devices, the private key is never loaded into the computer's RAM. This allows you to work with guaranteed non-removable and non-copyable private keys created inside devices.

Such keys cannot be stolen without physically seizing the token from the user, but even in this case, the attacker will be limited by the need to know the unique PIN code of the device. An additional level of security and protection against remote control provides the use of additional functionality of signature confirmation in Rutoken EDS 2.0 Touch.

And the interaction of the Rutoken Plugin with the Rutoken PINPad device allows, among other things, to enter a secret PIN code directly on the device (protection against keyloggers) and protect transactions from spoofing by displaying them on the screen of a trusted device.

Security of remote banking systems

The security of remote banking systems (RBS) is the most important area of ​​application of the Rutoken Plugin. A bundle of Rutoken Plugin with Rutoken EDS 2.0 or Rutoken PINPad provides:

  • strong authentication of the client when accessing the personal account,
  • confirmation of payments and transactions using a qualified or enhanced electronic signature,
  • encryption of payment orders,
  • visual control of payment documents before signing in a trusted environment (when used with Rutoken PINPad).

The ideal scenario for using the Rutoken Plugin in the banking sector is the simultaneous introduction of electronic identifiers or smart cards Rutoken EDS 2.0 (Touch) for a mass user with significant restrictions on payments and a small number of Rutoken PINPad for VIP users with a significantly increased payment limit or none at all him..

Protection of personal information

Rutoken Plugin can be used to protect information in accordance with the requirements of regulators and legislation.

Common areas of application of the Rutoken Plugin are:

  • protection of personal data of patients of medical institutions,
  • protection of personal data of students of schools and universities,
  • protection of information in systems for the provision of public services and municipal services in electronic form,
  • giving legal significance and security of corporate electronic document management.

Access Licensing

In some cases, Web services provide access to knowledge bases that contain a company's intellectual property. This intellectual property has a certain price, so access to it is limited and provided for a fee. Often, companies are interested in the fact that only one licensee can physically use one issued license.

The use of two-factor authentication in a Web service using a USB token or smart card makes it much more difficult for several people to access one account, since for this they will need to constantly exchange the device itself. Unlike login-password authentication, this can be an insurmountable obstacle, and the complexity of solving this problem will lead dishonest users to do nothing but buy additional accounts.

Rutoken Plugin is compatible with the solutions of Russian CIPF manufacturers and can be used in information systems that use digital certificates and PKI infrastructure.

Authentication solution for web resources, which is used instead of the classic "login-password" pair. The delivery of the solution includes an electronic identifier Rutoken Web in a standard case, which is convenient to carry as a key fob on a keychain.

Rutoken Web micro

Rutoken Web in a micro-case is designed for use when working with laptops and tablet computers. Like classic models, the micro-token is equipped with an LED to indicate operating modes. In terms of dimensions, it is comparable to a USB connector and, when connected, protrudes beyond the computer by only 5 mm.

Features Rutoken Web

With help Trojans, phishing or traffic interception, it is impossible to steal either the hardware device itself or to forge or replace the electronic signature. The Rutoken Web solution is cross-platform and multi-browser, has a low cost of ownership and is easy to use.

The product is based on electronic signature technology and consists of three components:

  1. USB token - electronic key capable of electronic signature. Works as a HID device, no driver installation required.
  2. Browser plugin- communicates between the USB token and the browser. Does not require administrative rights to install. It uses only APIs built into the browser and does not require the installation of additional components, frameworks and platforms such as Java, Microsoft Silverlight and others. Works with all known browsers on platforms Microsoft Windows, Apple macOS/OSX, GNU/Linux.
  3. Server part- implementation of electronic signature verification on the server. The mechanisms are implemented for different platforms and development tools, namely: PHP, ASP.NET, Netcat, WordPress, Joomla and Bitrix have.

If the user has lost the token, then he can access the site once without a USB token. For this purpose, a one-time access code is used, printed on a scratch card, which is included in the Rutoken Web delivery package. This access recovery mechanism ensures the continuity of the use of the web resource.

Rutoken Web is an "iron password", its use solves the problem of cloning web service users, since it is impossible to use one token on several workplaces at the same time. If Rutoken Web is used to access a corporate environment, then when an employee leaves, it is enough to simply take the device from him.

Secure authentication mechanism

The solution is not subject to vulnerabilities typical for authentication based on a login-password pair. Authentication uses an electronic signature generated inside the USB token. The secret key never leaves the device. The EDS algorithm complies with the requirements of RFC 5832. As an authentication protocol, Rutoken Web uses an adapted two-pass one-way authentication protocol with public key in accordance with ISO/IEC 9798-3.

Ease of use

The user does not need to remember a lot of logins and passwords to access different resources: you just need to have a token and know its PIN code. The Rutoken Web USB key does not require driver installation to work. The Rutoken Web browser plugin does not require system administrator rights to be installed. The solution is compatible with most browsers and operating systems and does not require special knowledge to work with him. If the token is lost, access to the web resource can be restored without specifying personal data during registration.

Technologies

The Rutoken Web USB token works using the HID protocol, which is supported by most common operating systems. The browser plugin supports the NPAPI and Microsoft ActiveX specifications and therefore works in most browsers. Signature verification on the server is implemented both as a php application, which is convenient for php sites, and as binary modules for other linux and windows configurations.

Purpose

The Rutoken Web solution can be used in public Internet services, remote service systems, Intranet systems, distance learning, remote workplaces, corporate Internet services, systems of interaction with partners and contractors.

Cryptographic Capabilities

  • Hardware generation of key pairs with quality control according to the algorithm GOST R 34.10-2001.
  • Hardware hashing according to GOST R 34.11-94.
  • Hardware generation of an electronic signature according to the algorithm GOST R 34.10-2001.
Owner Authentication Options
  • Two-factor authentication: upon presentation of the identifier itself and upon presentation of a unique PIN code.
  • Ability to restore access to the account upon presentation secret code from a scratch card printed under a secure layer.
Interfaces
  • USB HID Profile: Rutoken Web works without installing drivers.
Supported OS
  • Microsoft Windows.
  • Apple macOS/OSX.
  • Ubuntu/Debian/Fedora/RedHat/CentOS.
Supported Browsers
  • Internet Explorer.
  • Mozilla Firefox.
  • Google Chrome.
  • Opera.
  • safari.
General characteristics
  • Modern secure microcontroller.
  • Dimensions 58x16x8mm (micro-token 17.8x15.4x5.8mm).
  • Weight 6.3g (micro-token 1.6g).

Rutoken Plugin uses a USB token or other device in which Russian cryptographic algorithms are implemented in hardware as a means of cryptographic protection and strong two-factor authentication. To work in the context of a browser, cross-platform and multi-browser technologies are used, which make it equally convenient to work with an electronic signature in a browser, regardless of the operating system used.

Rutoken Plugin allows you to implement the following information protection mechanisms:

  • two-factor authentication in a Web service on a hardware carrier;
  • encryption of data exchange between the browser and the Web service according to GOST 28147-89;
  • electronic signature according to GOST R 34.10-2001 and GOST R 34.10-2012 (256 and 512 bits) and RSA;
  • calculation of the hash function according to GOST R 34.11-94 and GOST R 34.11-2012 (256 and 512 bits);
  • differentiation of access to Web service resources based on digital certificates.

For integration with systems using digital certificates and PKI infrastructure, the product supports:

  • X.509 digital certificates;
  • PKCS#10 certificate requests;
  • signing and encrypting data in CMS format, including for multiple recipients.

Rutoken Plugin is installed and works with user rights and uses only the features and API built into the browser. Rutoken Plugin does not require the installation of proxy tools and additional components, frameworks and platforms such as Java, Microsoft Silverlight, etc.

The Rutoken Plugin installer is implemented as a simple one-click-installer, that is, it does not require administrator rights or user selection of any options. When a user visits a secure site, the Rutoken Plugin is automatically loaded onto a Web page, and after that its functions can be called from page scripts.

Interaction with USB devices

Rutoken Plugin works with hardware identifiers and smart cards of the Rutoken EDS 2.0 family, PKI EDS and Rutoken PINPad. All these devices work through standard drivers that are included with all modern operating systems. In order for the Rutoken Plugin to recognize the device, just connect it to the computer's USB port or insert a smart card into the reader.

With hashing and electronic signature, the Plugin refers directly to the token, and cryptographic operations occur at the hardware level. The plugin also has the ability to programmatically calculate a hash function to speed up the operation. Due to the fact that the electronic signature operation is performed "on board" devices, the private key is never loaded into the computer's RAM. This allows you to work with guaranteed non-retrievable and non-copyable private keys created inside the devices.

Such keys cannot be stolen without physically seizing the token from the user, but even in this case, the attacker will be limited by the need to know the unique PIN code of the device. An additional level of security and protection against remote control is provided by the use of additional signature confirmation functionality in Rutoken EDS 2.0 Touch.

And the interaction of the Rutoken Plugin with the Rutoken PINPad device allows, among other things, to enter a secret PIN code directly on the device (protection from keyloggers) and protect transactions from spoofing, thanks to their display on the screen of a trusted device.

Certification

Software Rutoken Plugin is certified by the FSTEC of Russia as part of PAK Rutoken.

When using the Rutoken Plugin in conjunction with devices of the Rutoken EDS 2.0 family, EDS PKI and Rutoken PINPad, a hardware device acts as a means of cryptographic information protection (CIPF) and a means of protection against unauthorized access (NSD):

  • Rutoken EDS 2.0, EDS 2.0 Flash, EDS 2.0 Touch and Rutoken EDS PKI - the devices are certified by the FSTEC according to NDV4, which allows them to be used to protect information from UA in ISDN up to class 1 inclusive in accordance with the requirements of the FSTEC and the norms of FZ-152, and also in information systems up to security class 1G inclusive;
  • Rutoken EDS 2.0, EDS 2.0 Flash, EDS 2.0 Touch and Rutoken PINPad are certified by the FSB as CIPF according to classes KS1 and KS2, which allows them to be used as an encryption tool in accordance with PKZ2005 to protect confidential information and personal data;
  • Rutoken EDS 2.0, EDS 2.0 Flash, EDS 2.0 Touch and Rutoken PINPad are certified in accordance with 63-FZ and the requirements for electronic signature tools approved by Order of the Federal Security Service of Russia dated December 27, 2011 No. 796, which allows them to be used as a means of a qualified electronic signature when organizing legally significant electronic document management.

Security of remote banking systems

The security of remote banking systems (RBS) is the most important area of ​​application of the Rutoken Plugin. A bundle of Rutoken Plugin with Rutoken EDS 2.0 or Rutoken PINPad provides:

  • strong authentication of the client when accessing the personal account;
  • confirmation of payments and transactions using a qualified or enhanced electronic signature;
  • encryption of payment orders;
  • visual control of payment documents before signing in a trusted environment (when used with Rutoken PINPad).

The ideal scenario for using the Rutoken Plugin in the banking sector is the simultaneous introduction of electronic identifiers or smart cards Rutoken EDS 2.0 (Touch) for a mass user with significant restrictions on payments and a small number of Rutoken PINPad for VIP users with a significantly increased payment limit or none at all him.

Protection of personal information

Rutoken Plugin can be used to protect information in accordance with the requirements of regulators and legislation.

Common areas of application of the Rutoken Plugin are:

  • protection of personal data of patients of medical institutions;
  • protection of personal data of students of schools and universities;
  • protection of information in systems for the provision of public services and municipal services in electronic form;
  • giving legal significance and security of corporate electronic document management.

Access Licensing

In some cases, Web services provide access to knowledge bases that contain a company's intellectual property. This intellectual property has a certain price, so access to it is limited and provided for a fee. Often, companies are interested in the fact that only one licensee can physically use one issued license.

The use of two-factor authentication in a Web service using a USB token or smart card makes it much more difficult for several people to access one account, since for this they will need to constantly exchange the device itself. Unlike login-password authentication, this can be an insurmountable obstacle, and the complexity of solving this problem will lead dishonest users to do nothing but buy additional accounts.

installation

  • MSI package for Windows.
  • pkg package for Apple macOS.
  • binary files for Linux OS.
Supported Platforms
  • Microsoft Windows 10/8.1/8/7/Vista/XP/2003.
  • Apple macOS 10.13/10.12/10.11/10.10/10.9/10.8.
  • Ubuntu, Mint, Debian, AltLinux, Astra Linux, Goslinux, ROSA, Fedora, CentOS and more.
Supported Browsers
  • Mozilla Firefox.
  • Google Chrome
  • Internet Explorer (version 7 and above).
  • Apple Safari.
  • Yandex, Sputnik and others based on Chromium.
  • Opera Blink and Vivaldi.
Supported Devices
  • Rutoken EDS 2.0 and EDS 2.0 Flash.
  • Rutoken EDS 2.0 Touch and EDS 2.0 Flash Touch.
  • Rutoken PINPad.
  • Rutoken EPC PKI (limited support).
  • Rutoken Web (limited support).
Supported cryptographic algorithms and formats
  • Electronic signature according to GOST R 34.10-2001, GOST R 34.10-2012 (256 and 512 bits) and RSA.
  • Calculation of the hash function according to GOST R 34.11-94 and GOST R 34.11-2012 (256 and 512 bits).
  • Calculation of the agreement key according to the scheme VKO GOST 34.10-2001 and 34.10-2012 (256 and 512 bits).
  • Encryption according to GOST 28147-89.
  • X.509 digital certificate format.
  • The certificate request format is PKCS#10.
  • Format of signed and encrypted CMS and PKCS#7 messages, including for multiple recipients.
Russia on the software and hardware complex for authentication and information storage "Rutoken" version 4, including Rutoken Plugin. Read more.

2017

Rutoken Plugin 4.0

Using Rutoken Plugin 4.0 does not require modification of the existing information system and will allow you to quickly and painlessly switch to the use of new GOSTs.

Rutoken Plugin is handy tool for embedding tokens of the Rutoken EDS 2.0 family and the Rutoken PINPad trustscreen device. Sharing of these products allows you to implement all the necessary scenarios for working with an electronic signature in remote service systems (RBS). The updated product has retained the familiar interface and has full backward compatibility with previous versions Plugins 1.x and 2.x.

Rutoken Plugin developers closely monitor changes in major browsers and release the necessary updates in advance. The plugin works in popular browsers (Internet Explorer, Chrome, Firefox, Opera, Safari on macOS and Firefox ESR on Linux) and operating systems. Its installation into the system does not require administrative rights, and it does not conflict with other applications and security systems, the developers assured.

The old electronic signature standards are valid until January 1, 2019. As developers, it is important for us to update products in advance and inform our partners about it. The prompt transfer of end users to Rutoken products with the support of new GOSTs guarantees banks cost savings when replacing obsolete cryptographic information protection tools. And all financial transactions in remote service channels will be protected by the Rutoken Plugin, Rutoken EDS 2.0 and Rutoken PINPad triad, - emphasized Kirill Meshcheryakov, director of the Rutoken product line of Aktiv.

Rutoken Plugin 2.8.9

The Aktiv company has released a version of the Rutoken Plugin and an extension for the Firefox browser for the Windows operating system, which allows you to work without NPAPI through Native Messaging. Earlier, Mozilla announced that it was deprecating NPAPI technology in Firefox browser, as of version 52. As of mid-April 2017, plugins using NPAPI are no longer supported in Firefox.

Rutoken Plugin version 2.8.9 supports NPAPI and Native Messaging. This version adds support for the RSA algorithm and fixes some bugs.

2015: Rutoken Plugin

Rutoken Plugin- a technological solution for organizing electronic signature, encryption and two-factor authentication for web and SaaS services.

The product uses the hardware implementation of Russian cryptographic algorithms "on board" devices Rutoken EDS, Rutoken Web and Rutoken PINPad.

Rutoken Plugin is compatible with the technologies of Russian CIPF manufacturers and can be used in information systems that use digital certificates and PKI infrastructure.

Technological Protection Tools (2014)

As a means of cryptographic protection and two-factor authentication, a USB token or other device in which Russian cryptographic algorithms are implemented in hardware is used. To work in the browser context, a cross-platform and multi-browser plug-in is used - a special functionality extension supported by all browsers.

Rutoken Plugin performs information security functions:

  • two-factor authentication in a web service using a USB token,
  • encryption of data exchange between the browser and the web service in accordance with GOST 28147-89,
  • electronic signature of data according to GOST R 34.10-2001,
  • data integrity control by calculating the hash function according to GOST R 34.11-94,
  • differentiation of access to web service resources based on digital certificates.

For integration with systems using digital certificates and PKI infrastructure, the product supports:

  • X.509 digital certificates,
  • PKCS#10 certificate requests,
  • signing and encrypting data in CMS format.

Rutoken Plugin uses only APIs built into the browser and does not require the installation of additional components, frameworks and platforms.

Purpose

The scope of Rutoken Plugin is the security of remote banking systems (RBS).

The product provides:

  • strong authentication of the client when accessing the personal account,
  • confirmation of payments and transactions using an electronic signature,
  • encryption of payment orders,
  • visual control of payment documents before signing in a trusted environment (when used with Rutoken PINPad),
  • secure storage of keys from the user's personal account.