Features of the complex CESARIS

Requirements compliance

Complex CESARIS meets the PKIX standards, in particular international standards ISO (International Organization for Standardization), RFC (Internet Engineering Task Force Request for Comments), and European standards: ETSI (European Telecommunications Standards Institute), CEN/ISSS (European Committee for Standardisation/Information Society Standardisation System), ECBS (European Committee for Banking Standards).

International cryptographic standards (DES, 3DES, SHA-1, MD5, RSA) and national cryptographic standards (GOST 28147-89, GOST 34.310-95, GOST 34.311-95, DSTU (National Standards of Ukraine) 4125-2002) are realized In CESARIS. The complex is ready for receiving the status of the accredited centre for key certification according to the requirements of Ukrainian legislation.

Characteristics of the complex

It is defined by Ukrainian legislation that DSTSZI of SBU forms the requirements in the field of digital signature for governmental institutions. Banks and commercial organizations within the closed system (that have contractual relations) can define the security system (and in particular, system of the digital signature) independently.

The complex ensures maintenance of digital certificates and signatures infrastructure in both ON-Line and OFF-Line modes (on the level of exchanging files when there is no direct access).

The complex allows working simultaneously with governmental institutions of Ukraine using international and national cryptographic standards (GOST 28147-89, GOST 34.310-95, GOST 34.311-95, DSTU 4145-2002), as well as with foreign partners using international cryptographic standards (DES, 3DES, SHA-1, MD5, RSA).

For banks it is possible to use features of the complex CESARIS in the tasks of internal payment systems that interact with NBU. The structure of the complex includes the Library of Functions, which are defined by the rules on applying cryptographic functions to processing e-payment documentation in the NBU format. The complex supports the same formats of using the cryptographic functions and e-signature. For banks the possibility to use Ukrainian cryptographic standard for digital signature DSTU 4145 is essential as it ensures much better crypto strength than the algorithm RSA with the same key length (512 bits). This key length is used nowadays by NBU in the tasks of Quick E-Transfer System or System of E-Payments ( but: RSA 512-bit key is not recommended by the algorithm RSA Labs owner for using in the supplements with the high level of risks (e.g. financial transactions). These keys are also not allowed for financial transactions by the European standards, in particular by the ECSB. NBU is planning to change into Ukrainian standard of the digital signature in the contemporary system of Quick E-Payments-2.

It is possible to use the intensified security modes such as 2-level protection . the first level is built on the National Standards of Ukraine, the second one - on the International/European standards. At such "echelon" protection, probability of its compromise approaches nothing.

In order to use the keys of the signature and encryption on the PC, the Complex includes cryptographic server provider Windows (CSP, Cryptographic Service Provider), signed by the digital signature Microsoft.

The protection functions (digital signature and encryption) are easily integrated into the existing and new applications as crypto provider of international and national cryptographic standards of the complex supports the standard interface Microsoft Cryptographic Application Programming Interface (Crypto API). It allows using standard ways of programming MSDN (msdn.microsoft.com), chapter [Security] (further information). Additionally, the crypto functions libraries in Java can be given for integration into the applications of Unix-like systems.

Universality and the minimum price of the solution

The proposed solution combines the following features: universality and minimum price. Security tasks can be solved by providing one hardware system, which will become the information security system kernel, and by using protection possibilities, which are built in the operating systems of the PCs and servers, database management systems, telecommunication equipment etc. Simplicity in using the security measures ensures the usual environment for a computer user work.