A PDF based digital signed document format for interoperable institutional structured data integrity

Detalhes bibliográficos
Autor(a) principal: Luís A. Maia
Data de Publicação: 2013
Outros Autores: Luís M. Valente, Manuel E. Correia, Lígia M. Ribeiro, Luís Antunes
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: https://hdl.handle.net/10216/66968
Resumo: It is widely recognized that information systems constitute a key tool for the overall performance improvement of administrative tasks in academic institutions. However at their genesis lies a latent promise of a paper-less environment that stays most of the time unfulfilled due to the lack of appropriate digital document integrity and accountability mechanisms. Academic institutions are thus most of the time still relying on traditional security trust methods based on paper documents for signing and archiving critical documents. While this method delivers an inefficient, inconvenient and costly workflow, it is still a common method to provide some sort of workable verifiable integrity and accountability that is still considered to be appropriate for the digital data that is being managed by the institutional information systems. Paper based documents have been relying on physical signatures and stamping policies and the physical properties of paper and ink for their integrity and authenticity for a long time. However, the evaluation of a paper document signature or stamp is not a straight forward process. It requires the recipient to have a notarized copy of the signer's signature or stamp for comparison and requires handwritten signature evaluation training that is often beyond the scope of many office employee training. This can lead to situations where the level of credibility and integrity of paper based document is not adequate and makes the verification process entirely dependent on the administrative staff capacity of recognizing hand written signatures and puts too much trust on physical stamps, some of which are non-locally issued and thus very difficult to authenticate. In critical contexts this clearly is not enough to provide appropriate levels of non-repudiation and integrity for critical documents issued by institutions. Digitally signed structured XML documents provide an interesting solution to this problem. Not only can the validation of the document be fully automatized and its integrity verifiable in real time by the information system, but it can also be implemented in such way that the information contained in such structured documents can be safely and more easily integrated into different information systems without human intervention, thus allowing for substantial cost reduction and leading to faster process work-flows with increased security and data quality. In this paper we propose a PDF based document framework where any signed XML (PDF) document, produced by the institution can be at a later stage directly dematerialized and integrated into any compliant information system in a secure way while maintaining the information integrity and the ability to be self-verifiable. This framework involves the embedding of an encapsulated XAdES signed XML document with the information used on its production as an attachment to a PDF document with an institutional rendering visualization of the signed XML data. The attached XML document and the PDF are both time stamped by an external entity and signed by employees and the issuing institution.
id RCAP_b40ab6447c866c155f8d50fd842c4821
oai_identifier_str oai:repositorio-aberto.up.pt:10216/66968
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling A PDF based digital signed document format for interoperable institutional structured data integrityTecnologia da informação, Outras ciências da engenharia e tecnologiasInformation technology, Other engineering and technologiesIt is widely recognized that information systems constitute a key tool for the overall performance improvement of administrative tasks in academic institutions. However at their genesis lies a latent promise of a paper-less environment that stays most of the time unfulfilled due to the lack of appropriate digital document integrity and accountability mechanisms. Academic institutions are thus most of the time still relying on traditional security trust methods based on paper documents for signing and archiving critical documents. While this method delivers an inefficient, inconvenient and costly workflow, it is still a common method to provide some sort of workable verifiable integrity and accountability that is still considered to be appropriate for the digital data that is being managed by the institutional information systems. Paper based documents have been relying on physical signatures and stamping policies and the physical properties of paper and ink for their integrity and authenticity for a long time. However, the evaluation of a paper document signature or stamp is not a straight forward process. It requires the recipient to have a notarized copy of the signer's signature or stamp for comparison and requires handwritten signature evaluation training that is often beyond the scope of many office employee training. This can lead to situations where the level of credibility and integrity of paper based document is not adequate and makes the verification process entirely dependent on the administrative staff capacity of recognizing hand written signatures and puts too much trust on physical stamps, some of which are non-locally issued and thus very difficult to authenticate. In critical contexts this clearly is not enough to provide appropriate levels of non-repudiation and integrity for critical documents issued by institutions. Digitally signed structured XML documents provide an interesting solution to this problem. Not only can the validation of the document be fully automatized and its integrity verifiable in real time by the information system, but it can also be implemented in such way that the information contained in such structured documents can be safely and more easily integrated into different information systems without human intervention, thus allowing for substantial cost reduction and leading to faster process work-flows with increased security and data quality. In this paper we propose a PDF based document framework where any signed XML (PDF) document, produced by the institution can be at a later stage directly dematerialized and integrated into any compliant information system in a secure way while maintaining the information integrity and the ability to be self-verifiable. This framework involves the embedding of an encapsulated XAdES signed XML document with the information used on its production as an attachment to a PDF document with an institutional rendering visualization of the signed XML data. The attached XML document and the PDF are both time stamped by an external entity and signed by employees and the issuing institution.20132013-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttps://hdl.handle.net/10216/66968eng1407-735310.7250/eunis.2013.040Luís A. MaiaLuís M. ValenteManuel E. CorreiaLígia M. RibeiroLuís Antunesinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-29T15:25:32Zoai:repositorio-aberto.up.pt:10216/66968Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T00:23:20.865589Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv A PDF based digital signed document format for interoperable institutional structured data integrity
title A PDF based digital signed document format for interoperable institutional structured data integrity
spellingShingle A PDF based digital signed document format for interoperable institutional structured data integrity
Luís A. Maia
Tecnologia da informação, Outras ciências da engenharia e tecnologias
Information technology, Other engineering and technologies
title_short A PDF based digital signed document format for interoperable institutional structured data integrity
title_full A PDF based digital signed document format for interoperable institutional structured data integrity
title_fullStr A PDF based digital signed document format for interoperable institutional structured data integrity
title_full_unstemmed A PDF based digital signed document format for interoperable institutional structured data integrity
title_sort A PDF based digital signed document format for interoperable institutional structured data integrity
author Luís A. Maia
author_facet Luís A. Maia
Luís M. Valente
Manuel E. Correia
Lígia M. Ribeiro
Luís Antunes
author_role author
author2 Luís M. Valente
Manuel E. Correia
Lígia M. Ribeiro
Luís Antunes
author2_role author
author
author
author
dc.contributor.author.fl_str_mv Luís A. Maia
Luís M. Valente
Manuel E. Correia
Lígia M. Ribeiro
Luís Antunes
dc.subject.por.fl_str_mv Tecnologia da informação, Outras ciências da engenharia e tecnologias
Information technology, Other engineering and technologies
topic Tecnologia da informação, Outras ciências da engenharia e tecnologias
Information technology, Other engineering and technologies
description It is widely recognized that information systems constitute a key tool for the overall performance improvement of administrative tasks in academic institutions. However at their genesis lies a latent promise of a paper-less environment that stays most of the time unfulfilled due to the lack of appropriate digital document integrity and accountability mechanisms. Academic institutions are thus most of the time still relying on traditional security trust methods based on paper documents for signing and archiving critical documents. While this method delivers an inefficient, inconvenient and costly workflow, it is still a common method to provide some sort of workable verifiable integrity and accountability that is still considered to be appropriate for the digital data that is being managed by the institutional information systems. Paper based documents have been relying on physical signatures and stamping policies and the physical properties of paper and ink for their integrity and authenticity for a long time. However, the evaluation of a paper document signature or stamp is not a straight forward process. It requires the recipient to have a notarized copy of the signer's signature or stamp for comparison and requires handwritten signature evaluation training that is often beyond the scope of many office employee training. This can lead to situations where the level of credibility and integrity of paper based document is not adequate and makes the verification process entirely dependent on the administrative staff capacity of recognizing hand written signatures and puts too much trust on physical stamps, some of which are non-locally issued and thus very difficult to authenticate. In critical contexts this clearly is not enough to provide appropriate levels of non-repudiation and integrity for critical documents issued by institutions. Digitally signed structured XML documents provide an interesting solution to this problem. Not only can the validation of the document be fully automatized and its integrity verifiable in real time by the information system, but it can also be implemented in such way that the information contained in such structured documents can be safely and more easily integrated into different information systems without human intervention, thus allowing for substantial cost reduction and leading to faster process work-flows with increased security and data quality. In this paper we propose a PDF based document framework where any signed XML (PDF) document, produced by the institution can be at a later stage directly dematerialized and integrated into any compliant information system in a secure way while maintaining the information integrity and the ability to be self-verifiable. This framework involves the embedding of an encapsulated XAdES signed XML document with the information used on its production as an attachment to a PDF document with an institutional rendering visualization of the signed XML data. The attached XML document and the PDF are both time stamped by an external entity and signed by employees and the issuing institution.
publishDate 2013
dc.date.none.fl_str_mv 2013
2013-01-01T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://hdl.handle.net/10216/66968
url https://hdl.handle.net/10216/66968
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 1407-7353
10.7250/eunis.2013.040
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799136149688549377

Registros relacionados