Rootken plugin for mozilla. Rutoken plugin. Protection of personal information

A solution for authentication on web resources, which is used instead of the classic "login-password" pair. The delivery of the solution includes an electronic identifier Rutoken Web in a standard case, which is convenient to carry as a key fob on a bunch of keys.

Rutoken Web micro

Rutoken Web in a micro-case is designed for use with laptops and tablet computers... Like classic models, the micro-token is equipped with an LED to indicate operating modes. In terms of dimensions, it is comparable to a USB connector and, when connected, protrudes beyond the computer by only 5 mm.

Rutoken Web features

Using Trojans, phishing, or traffic interception, it is impossible to steal the hardware device itself, nor to forge or alter an electronic signature. The Rutoken Web solution is cross-platform and multi-browser, has a low cost of ownership and is easy to use.

The product is based on technology electronic signature and consists of three components:

1. USB token- an electronic key that has the ability to carry out an electronic signature. Works as a HID device, no drivers required.
2. Browser plugin- Carries out communication between the USB token and the browser. Doesn't require administrative rights to install. Uses only the built-in browser APIs and does not require installation additional components, frameworks and platforms like Java, Microsoft Silverlight other. Works with all known browsers on platforms Microsoft Windows, Apple macOS / OSX, GNU / Linux.
3. Server part- implementation of verification of electronic signature on the server. The mechanisms are implemented for different platforms and development tools, namely: PHP, ASP.NET, Netcat, WordPress, Joomla and Bitrix have.

If the user has lost the token, then he can access the site once without a USB token. For this purpose, a one-time access code is used, which is printed on a scratch card, which is included in the Rutoken Web package. This mechanism restoration of access ensures the continuity of use of the web resource.

Rutoken Web is an "iron password", its use solves the problem of cloning users of a web service, since it is impossible to use one token on several workstations at the same time. If Rutoken Web is used to access the corporate environment, then when an employee is fired, it is enough to simply take the device away from him.

Secure authentication mechanism

The solution is not susceptible to the vulnerabilities typical of authentication based on a “login-password” pair. For authentication, an electronic signature is used, generated inside the USB token. The secret key never leaves the device. The EDS algorithm meets the requirements of RFC 5832. As an authentication protocol, Rutoken Web uses an adapted two-pass one-way authentication protocol with a public key in accordance with ISO / IEC 9798-3.

The convenience of use

The user does not need to remember many logins and passwords to access different resources: you just need to have a token and know its PIN. The Rutoken Web USB dongle does not require drivers to be installed. Browser plugin Rutoken Web does not require permissions to install system administrator... The solution is compatible with most browsers and OS and does not require any special knowledge to work with it. If the token is lost, access to the web resource can be restored without specifying personal data during registration.

Technologies

The Rutoken Web USB token operates over the HID protocol, which is supported in most common operating systems. The browser plugin supports the NPAPI and Microsoft ActiveX specifications and therefore works in most browsers. Signature verification on the server is implemented both in the form of a php application, which is convenient for php sites, and in the form of binary modules for other linux and windows configurations.

Appointment

The Rutoken Web solution can be used in public Internet services, remote service systems, Intranet systems, distance learning, at remote workplaces, in corporate Internet services, in systems of interaction with partners and contractors.

Cryptographic capabilities

• Hardware generation of key pairs with quality control according to the GOST R 34.10-2001 algorithm.
• Hardware hashing according to GOST R 34.11-94.
• Hardware generation of an electronic signature according to the GOST R 34.10-2001 algorithm.

Owner authentication capabilities

• Two-factor authentication: upon presentation of the identifier itself and upon presentation of a unique PIN-code.
• The ability to restore access to your account upon presentation secret code from a scratch card printed under a secure layer.

Interfaces

• USB HID Profile: Rutoken Web works without installing drivers.

Supported OS

• Microsoft Windows.
• Apple macOS / OSX.
• Ubuntu / Debian / Fedora / RedHat / CentOS.

Supported browsers

• Internet Explorer.
• Mozilla Firefox.
• Google chrome.
• Opera.
• Safari.

General characteristics

• Modern rugged microcontroller.
• Dimensions 58x16x8mm (micro-token 17.8x15.4x5.8mm).
• Weight 6.3g (micro-token 1.6g).

Rutoken Plugin is a solution for electronic signature, encryption and two factor authentication for Web and SaaS services. The plugin uses the hardware implementation of Russian cryptographic algorithms for electronic identifiers and smart cards of the family Rutoken EDS 2.0, EDS PKI and Rutoken PINPad ... Rutoken Plugin is compatible with solutions Russian manufacturers CIPF and can be used in information systems that use digital certificates and PKI. FSTEC of Russia certified as part of PAK Rutoken.

Rutoken Plugin as a tool cryptographic protection and strong two-factor authentication uses a USB token or other device that implements Russian cryptographic algorithms in hardware. To work in the context of a browser, cross-platform and multi-browser technologies are used, which make it equally convenient to work with an electronic signature in a browser, regardless of the used operating system.

Rutoken Plugin allows you to implement the following information protection mechanisms:

• two-factor authentication in a Web service over hardware media;
• encryption of data exchange between the browser and the Web service in accordance with GOST 28147-89;
• electronic signature in accordance with GOST R 34.10-2001 and GOST R 34.10-2012 (256 and 512 bits) and RSA;
• calculation of the hash function according to GOST R 34.11-94 and GOST R 34.11-2012 (256 and 512 bits);
• differentiation of access to Web-service resources based on digital certificates.

For integration with systems using digital certificates and PKI infrastructure, the product supports:

• digital certificates of X.509 format,
• PKCS # 10 certificate requests,
• signature and encryption of data in CMS format, including for multiple addressees.

Rutoken Plugin is installed and works with user rights and uses only the capabilities and APIs built into the browser. Rutoken Plugin does not require installation of proxying tools and additional components, frameworks and platforms such as Java, Microsoft Silverlight, etc.

The Rutoken Plugin installer is implemented as a simple one-click-installer, that is, it does not require either administrator rights or user selection of any options. When a user visits a protected site, the Rutoken Plugin is automatically loaded onto a Web page, and after that its functions can be called from the page's scripts.

Interaction with USB devices

Rutoken Plugin works with hardware identifiers and smart cards of the Rutoken EDS 2.0 family, PKI EDS and Rutoken PINPad. All of these devices work through the standard drivers that are included with all modern operating systems. In order for the Rutoken Plugin to recognize the device, it is enough to connect it to the USB port of the computer or insert a smart card into the reader.

When hashing and electronic signatures, the Plugin refers directly to the token, and cryptographic operations take place at the hardware level. Also, the plugin has the ability to programmatically calculate the hash function to speed up the operation. Due to the fact that the electronic signature operation is performed "on board" devices, the private key is never loaded into RAM computer. This allows you to work with guaranteed non-retrievable and non-copyable private keys created inside devices.

Such keys cannot be stolen without the physical seizure of the token from the user, but even in this case, the attacker will be limited by the need to know the unique PIN-code of the device. An additional layer of security and protection against remote control provides the use of additional functionality of signature confirmation in Rutoken EDS 2.0 Touch.

And the interaction of the Rutoken Plugin with the Rutoken PINPad device allows, among other things, to enter a secret PIN code directly on the device (protection against keyloggers) and protect transactions from spoofing by displaying them on the screen of a trusted device.

RBS systems security

The security of remote banking systems (RBS) is the most important area of ​​application of the Rutoken Plugin. A bundle of Rutoken Plugin with Rutoken EDS 2.0 or Rutoken PINPad provides:

• strong client authentication when accessing a personal account,
• confirmation of payments and transactions using a qualified or enhanced electronic signature,
• encryption of payment orders,
• visual control of payment documents before signing in a trusted environment (when used with Rutoken PINPad).

The ideal scenario for using the Rutoken Plugin in the banking sector is the simultaneous introduction of electronic identifiers or smart cards Rutoken EDS 2.0 (Touch) for a mass user with significant payment restrictions and a small number of Rutoken PINPad for VIP users with a significantly increased payment limit or without him ..

Protection of personal information

Rutoken Plugin can be used to protect information in accordance with the requirements of regulators and legislation.

Common areas of application of the Rutoken Plugin are:

• protection of personal data of patients of medical institutions,
• protection of personal data of students of schools and universities,
• protection of information in systems for the provision of public services and municipal services in in electronic format,
• imparting legal significance and security to corporate electronic document management.

Access licensing

In some cases, Web services provide access to knowledge bases that contain a company's intellectual property. This intellectual property has a price, so access to it is limited and reimbursed. Often, companies are interested in the fact that one license issued can be physically used by only one licensee.

The use of two-factor authentication via a USB token or smart card in a Web service makes it much more difficult for several people to access one account, since for this they will need to constantly exchange the device itself. Unlike authentication using a "login-password" link, this can turn out to be an insurmountable obstacle, and the complexity of solving this problem will lead dishonest users to nothing else but to purchase additional accounts.

Rutoken Plugin is compatible with the solutions of Russian cryptographic protection tools and can be used in information systems that use digital certificates and PKI infrastructure.

Rutoken Plugin is an electronic signature, encryption and two-factor authentication tool for Web and SaaS services. The product uses hardware implementation of Russian cryptographic algorithms “on board” of Rutoken EDS, Rutoken Web and Rutoken PINPad devices. Rutoken Plugin is compatible with the solutions of Russian cryptographic protection tools and can be used in information systems that use digital certificates and PKI infrastructure.

What is Rutoken Plugin

In the Rutoken Plugin, a USB token or other device in which Russian cryptographic algorithms are implemented in hardware is used as a means of cryptographic protection and strong two-factor authentication. To work in the context of a browser, a cross-platform and multi-browser plug-in is used - a special extension of functionality supported by all browsers. Rutoken Plugin implements the following information protection mechanisms:

• two-factor authentication in a web service using a USB token,
• encryption of data exchange between the browser and the web service in accordance with GOST 28147-89,
• electronic signature of data in accordance with GOST R 34.10-2001,
• data integrity control by calculating the hash function in accordance with GOST R 34.11-94,
• differentiation of access to Web-service resources based on digital certificates.

For integration with systems using digital certificates and PKI infrastructure, the product supports:

• digital certificates of X.509 format,
• PKCS # 10 certificate requests,
• signing and encrypting data in CMS format.

Rutoken Plugin uses only the APIs built into the browser and does not require the installation of additional components, frameworks and platforms such as Java, Microsoft Silverlight and others.

Interaction with USB devices

Rutoken Plugin supports Rutoken EDS, Rutoken Web and Rutoken PINPad devices. The most common use of the plugin is in conjunction with USB tokens. At the same time, USB tokens work through a standard driver that is included in modern operating systems. In order for the operating system to recognize the token, it is enough to connect it to the USB port of the computer.

Rutoken Plugin is a standard browser extension - Active X for IE and NPAPI plugin for other browsers. The plugin installer is implemented as
one-click-installer, that is, it does not require the user to select any options. Also, system administrator rights are not required to install the plugin. When a user enters the site, the plugin is loaded onto the Web page, and after that its functions can be called from the page scripts.

When encrypting, hashing and electronic signatures, the plugin refers directly to the token, and all cryptographic operations take place at the hardware level. It should be noted that the plugin has the ability to programmatically encrypt and calculate a hash function to speed up operations. Since crypto operations are performed “on board” the device, the keys are non-retrievable (they are not loaded into the computer's RAM), and they cannot be stolen without the physical withdrawal of the token from the user. But even in this case, the attacker will be limited by the need to know the unique PIN-code.

In addition to working with USB tokens, the Rutoken Plugin supports the Rutoken PINPad, a TrustScreen class device for remote banking, which allows you to perform the most critical transactions with their visual control in a trusted environment. Since Rutoken PINPad also functions as a cryptographic token, its interaction with the Rutoken Plugin is similar to the interaction between a USB token and a plugin.

Appointment

RBS systems security

An important area of ​​application of the Rutoken Plugin is the security of remote banking systems (RBS). The solution provides:

• strong client authentication when accessing a personal account,
• confirmation of payments and transactions using an electronic signature,
• encryption of payment orders,
• visual control of payment documents before signing in a trusted environment (when used with Rutoken PINPad),
• secure storage of keys from personal account user.

The flagship device for the banking sector is the Rutoken PINPad, which allows you to successfully resist all known attacks on client sites of RBS systems. Rutoken PINPad combines the functions of a cryptographic token and a TrustScreen device for viewing payments before signing them, as well as for securely entering a PIN. Rutoken Plugin allows you to integrate Rutoken PINPad into RBS systems with a Web interface.

Protection of personal information

When using Rutoken Plugin together with Rutoken EDS, a certified USB token acts as a means of cryptographic information protection (CIP) and a means of protection against unauthorized access (NSD):

• Rutoken EDS has a FSTEC certificate in accordance with ndv4, which makes it possible to use it to protect information from NSD in ISPDN up to class 1 inclusive in accordance with the requirements of FSTEC and the norms of FZ-152, as well as in information systems up to security class 1G inclusive;
• Rutoken EDS is certified by the FSB as a cryptographic security facility according to the KS2 class, which allows it to be used as an encryption tool in accordance with PKZ2005 for protection confidential information and personal data;
• Rutoken EDS is certified for compliance with 63-FZ and the requirements for electronic signatures approved by order of the FSB of Russia dated December 27, 2011 No. 796, which allows it to be used as a qualified electronic signature when organizing legally significant electronic document flow.

Thus, the Rutoken Plugin can be used to protect information in accordance with the requirements of regulators and legislation. Its areas of application are:

• protection of personal data of patients of medical institutions,
• protection of personal data of students of schools and universities,
• protection of information in systems for the provision of public services and municipal services in electronic form,
• security and legal significance of corporate electronic document flow.

Access licensing

In some cases, Web services provide access to knowledge bases that contain a company's intellectual property. This intellectual property has a price, so access to it is limited and available for a fee. The company is interested in the fact that only one person can use one issued access license.

The use of two-factor authentication via a USB token in a Web service makes it much more difficult for several persons to access one account, since for this they will need to constantly exchange the device itself. In contrast to authentication using the "login-password" link, in some cases this can turn out to be an insurmountable obstacle, and the complexity of solving the problem will lead to the purchase of additional accounts.

Architecture

Specifications

Installation	Rutoken Plugin is distributed as an MSI package for Windows and PKG package for Mac OS X. For Linux OS the plugin is distributed as binary files. For successful work the user does not need to install any additional software, system administrator rights and workplace settings.
Supported platforms	Windows XP SP3 (x86 only), Windows Vista, Windows 7, Windows 8. Mac OS X 10.6, Mac OS X 10.7, Mac OS X 10.8. Ubuntu 10.04, Ubuntu 12.04, Alt Linux 6, Debian 6 Squeeze, Astra Linux, CentOS 6.2, can be used on other Linux distributions.
Supported browsers	Internet Explorer 7-10. Mozilla Firefox 3.6, 13 and older. Google Chrome 19 and older. Opera 11.64. Safari 5.1.2.
Supported Devices	Rutoken EDS. Rutoken Web. Rutoken PINPad.
Cryptographic algorithms and formats used	Encryption in accordance with GOST 28147-89. Calculation of the hash function according to GOST R 34.11-94. Electronic signature in accordance with GOST R 34.10-2001. Calculation of the agreement key according to the VKO GOST 34.10-2001 scheme. The digital certificate format is X.509. PKCS # 10 certificate request format. Format of signed and encrypted CMS messages.

Rutoken Plugin uses a USB token or other device with hardware implemented Russian cryptographic algorithms as a means of cryptographic protection and strong two-factor authentication. To work in the context of a browser, cross-platform and multi-browser technologies are used, which make it equally convenient to work with an electronic signature in a browser, regardless of the operating system used.

Rutoken Plugin allows you to implement the following information protection mechanisms:

• two-factor authentication in a Web service over hardware media;
• encryption of data exchange between the browser and the Web service in accordance with GOST 28147-89;
• electronic signature in accordance with GOST R 34.10-2001 and GOST R 34.10-2012 (256 and 512 bits) and RSA;
• calculation of the hash function according to GOST R 34.11-94 and GOST R 34.11-2012 (256 and 512 bits);
• differentiation of access to Web-service resources based on digital certificates.

For integration with systems using digital certificates and PKI infrastructure, the product supports:

• digital certificates of X.509 format;
• PKCS # 10 certificate requests;
• signature and encryption of data in CMS format, including for multiple addressees.

Rutoken Plugin is installed and works with user rights and uses only the capabilities and APIs built into the browser. Rutoken Plugin does not require installation of proxying tools and additional components, frameworks and platforms such as Java, Microsoft Silverlight, etc.

The Rutoken Plugin installer is implemented as a simple one-click-installer, that is, it does not require either administrator rights or user selection of any options. When a user visits a protected site, the Rutoken Plugin is automatically loaded onto a Web page, and after that its functions can be called from the page's scripts.

Interaction with USB devices

Rutoken Plugin works with hardware identifiers and smart cards of the Rutoken EDS 2.0 family, PKI EDS and Rutoken PINPad. All of these devices work through the standard drivers that are included with all modern operating systems. In order for the Rutoken Plugin to recognize the device, it is enough to connect it to the USB port of the computer or insert a smart card into the reader.

When hashing and electronic signatures, the Plugin refers directly to the token, and cryptographic operations take place at the hardware level. Also, the plugin has the ability to programmatically calculate the hash function to speed up the operation. Due to the fact that the electronic signature operation is performed "on board" devices, the private key is never loaded into the computer's RAM. This allows you to work with guaranteed non-retrievable and non-copyable private keys generated internally.

Such keys cannot be stolen without the physical seizure of the token from the user, but even in this case, the attacker will be limited by the need to know the unique PIN-code of the device. An additional level of security and protection from remote control is provided by the use of additional functionality of signature confirmation in Rutoken EDS 2.0 Touch.

And the interaction of the Rutoken Plugin with the Rutoken PINPad device allows, among other things, to enter a secret PIN code directly on the device (protection against keyloggers) and protect transactions from spoofing by displaying them on the screen of a trusted device.

Certification

Software Rutoken Plugin is certified by FSTEC of Russia as part of Rutoken PAK.

When using the Rutoken Plugin in conjunction with devices of the Rutoken EDS 2.0 family, EDS PKI and Rutoken PINPad, a hardware device acts as a means of cryptographic information protection (CIP) and a means of protection against unauthorized access (NSD):

• Rutoken EDS 2.0, EDS 2.0 Flash, EDS 2.0 Touch and Rutoken EDS PKI - devices have a FSTEC certificate according to NDV4, which allows them to be used to protect information from NSD in ISPDN up to class 1 inclusive in accordance with the requirements of FSTEK and the norms of FZ-152, and also in information systems up to security class 1G inclusive;
• Rutoken EDS 2.0, EDS 2.0 Flash, EDS 2.0 Touch and Rutoken PINPad are certified by the FSB as cryptographic information protection tools for the KS1 and KS2 classes, which allows them to be used as an encryption tool in accordance with PKZ2005 to protect confidential information and personal data;
• Rutoken EDS 2.0, EDS 2.0 Flash, EDS 2.0 Touch and Rutoken PINPad are certified in accordance with 63-FZ and the requirements for electronic signatures approved by order of the FSB of Russia dated December 27, 2011 No. 796, which allows them to be used as a means of qualified electronic signature when organizing legally significant electronic document flow.

RBS systems security

The security of remote banking systems (RBS) is the most important area of ​​application of the Rutoken Plugin. A bundle of Rutoken Plugin with Rutoken EDS 2.0 or Rutoken PINPad provides:

• strong client authentication when accessing a personal account;
• confirmation of payments and transactions using a qualified or enhanced electronic signature;
• encryption of payment orders;
• visual control of payment documents before signing in a trusted environment (when used with Rutoken PINPad).

The ideal scenario for using the Rutoken Plugin in the banking sector is the simultaneous introduction of electronic identifiers or smart cards Rutoken EDS 2.0 (Touch) for a mass user with significant payment restrictions and a small number of Rutoken PINPad for VIP users with a significantly increased payment limit or without him.

Protection of personal information

Rutoken Plugin can be used to protect information in accordance with the requirements of regulators and legislation.

Common areas of application of the Rutoken Plugin are:

• protection of personal data of patients of medical institutions;
• protection of personal data of students in schools and universities;
• protection of information in systems for the provision of public services and municipal services in electronic form;
• imparting legal significance and security to corporate electronic document management.

Access licensing

In some cases, Web services provide access to knowledge bases that contain a company's intellectual property. This intellectual property has a price, so access to it is limited and reimbursed. Often, companies are interested in the fact that one license issued can be physically used by only one licensee.

The use of two-factor authentication via a USB token or smart card in a Web service makes it much more difficult for several people to access one account, since for this they will need to constantly exchange the device itself. Unlike authentication using a "login-password" link, this can turn out to be an insurmountable obstacle, and the complexity of solving this problem will lead dishonest users to nothing else but to purchase additional accounts.

Installation

• MSI package for Windows.
• pkg package for Apple macOS.
• binaries for Linux OS.

Supported platforms

• Microsoft Windows 10 / 8.1 / 8/7 / Vista / XP / 2003.
• Apple macOS 10.13 / 10.12 / 10.11 / 10.10 / 10.9 / 10.8.
• Ubuntu, Mint, Debian, AltLinux, Astra Linux, Goslinux, ROSA, Fedora, CentOS and others.

Supported browsers

• Mozilla Firefox.
• Google chrome
• Internet Explorer (version 7 and higher).
• Apple Safari.
• Yandex, Sputnik and others based on Chromium.
• Opera Blink and Vivaldi.

Supported Devices

• Rutoken EDS 2.0 and EDS 2.0 Flash.
• Rutoken EDS 2.0 Touch and EDS 2.0 Flash Touch.
• Rutoken PINPad.
• Rutoken EPTs PKI (limited support).
• Rutoken Web (limited support).

Supported cryptographic algorithms and formats

• Electronic signature in accordance with GOST R 34.10-2001, GOST R 34.10-2012 (256 and 512 bits) and RSA.
• Calculation of the hash function according to GOST R 34.11-94 and GOST R 34.11-2012 (256 and 512 bits).
• Calculation of the negotiation key according to the VKO GOST scheme 34.10-2001 and 34.10-2012 (256 and 512 bits).
• Encryption in accordance with GOST 28147-89.
• The digital certificate format is X.509.
• PKCS # 10 certificate request format.
• Format of signed and encrypted CMS and PKCS # 7 messages, including for multiple recipients.

Russia for the Rutoken version 4 hardware and software complex for authentication and information storage, including the Rutoken Plugin. More details.

2017

Rutoken Plugin 4.0

Using Rutoken Plugin 4.0 does not require modification of the existing information system and will allow you to quickly and painlessly switch to using the new GOSTs.

Rutoken Plugin is a convenient tool for embedding Rutoken EDS 2.0 tokens and Rutoken PINPad trustscreen devices. The combined use of these products makes it possible to implement all the necessary scenarios for working with an electronic signature in remote maintenance systems (RBS). The updated product retains the familiar interface and is fully backward compatible with previous versions Plugin 1.x and 2.x.

The Rutoken Plugin developers are closely monitoring the changes in major browsers and release the necessary updates in advance. The plugin works in popular browsers (Internet Explorer, Chrome, Firefox, Opera, Safari on macOS and Firefox ESR on Linux) and operating systems. To install it on the system, no administrative rights are required, and it does not conflict with other applications and security systems, the developers assured.

The old electronic signature standards are valid until January 1, 2019. It is important for us as developers to update products in advance and inform our partners about it. Prompt transfer of end users to Rutoken products with the support of new GOSTs guarantees banks savings when replacing outdated cryptographic information protection tools. And all financial transactions in remote service channels will be protected by the triad Rutoken Plugin, Rutoken EDS 2.0 and Rutoken PINPad, - said Kirill Meshcheryakov, director of the Rutoken product line of the Aktiv company.

Rutoken Plugin 2.8.9

The Aktiv company has released a version of the Rutoken Plugin and an extension for the Firefox browser for the Windows operating system, which allows you to work without NPAPI through Native Messaging. Mozilla previously announced that it was phasing out NPAPI technology in Firefox browser starting with version 52. As of mid-April 2017, plugins that use NPAPI are no longer supported in Firefox.

Rutoken Plugin version 2.8.9 supports work through NPAPI and Native Messaging. This version adds support for the RSA algorithm, fixes some bugs.

2015: Rutoken Plugin

Rutoken Plugin- a technological solution for organizing electronic signatures, encryption and two-factor authentication for web and SaaS services.

The product uses hardware implementation of Russian cryptographic algorithms “on board” of Rutoken EDS, Rutoken Web and Rutoken PINPad devices.

Rutoken Plugin is compatible with the technologies of Russian cryptographic protection tools manufacturers and can be used in information systems where digital certificates and PKI infrastructure are used.

Technological protection tools (2014)

As a means of cryptographic protection and two-factor authentication, there is a USB token or another device in which Russian cryptographic algorithms are implemented in hardware. To work in the context of a browser, a cross-platform and multi-browser plug-in is used - a special extension of functionality supported by all browsers.

Rutoken Plugin performs information protection functions:

• two-factor authentication in a web service using a USB token,
• encryption of data exchange between the browser and the web service in accordance with GOST 28147-89,
• electronic signature of data in accordance with GOST R 34.10-2001,
• data integrity control by calculating the hash function in accordance with GOST R 34.11-94,
• differentiation of access to web service resources based on digital certificates.

For integration with systems using digital certificates and PKI infrastructure, the product supports:

• digital certificates of X.509 format,
• PKCS # 10 certificate requests,
• signing and encrypting data in CMS format.

Rutoken Plugin uses only the APIs built into the browser and does not require the installation of additional components, frameworks and platforms.

Appointment

The scope of the Rutoken Plugin is the security of remote banking systems (RBS).

The product provides:

• strong client authentication when accessing a personal account,
• confirmation of payments and transactions using an electronic signature,
• encryption of payment orders,
• visual control of payment documents before signing in a trusted environment (when used with Rutoken PINPad),
• secure storage of keys from the user's personal account.