Singapore company DigiSafe has developed a secure document management system which incorporates a digital watermark technology to ensure the authenticity of the electronic documents.
DigiVault, developed using a combination of technologies such as authentication, digital signatures, cryptography and digital marking, is designed for businesses that require a secure environment to create, share and store digital documents.
"DigiVault is an electronic equivalent of a locked document cabinet and file registry in the physical world where the access rights and policies to documents are enforced," said Andrew Chow, general manager of DigiSafe.
Developed by a team of five software engineers and architects within six months, DigiVault's differentiating feature is its digital watermark technology.
The watermarked documents can be verified in the digital or analogue domain since they can exist in either a digital or a printed format (analogue domain). To prove that an electronic document in the digital domain is authentic, the verifying software with the watermarking algorithm is provided to check the retrieved watermark.
"Electronic documents are first converted into a digital image, watermarked with another digital image or file and then converted back into an electronic document format such as a PDF (portable document format) file," Chow said.
Watermark documents would appear similar to the original electronic document but would contain an invisible hidden watermark.
Alternatively, to prove that an electronic document in the analogue domain is authentic, the printed document must be scanned into a digital format and checked by the verifying software.
"Watermarking and timestamping services provide the document origin and integrity services. The online documents are electronically watermarked after they have undergone format conversion. Watermarking is a security service that assists users in verifying if online documents come from a legitimate source. This ensures the authenticity of documents."
Time stamping is the process of adding a date and time to all online documents. In this case, the server will then digitally sign the result with its own private key issued by a certificate authority (CA).
Chow said that DigiVault addresses several issues faced by many current document management systems (DMS).
"One problem is the difficulty of proving the identity of users accessing a particular DMS," he said. "The DMS would be severely compromised if it incorrectly identifies unauthorized users as authorized users (as when the system is hacked). There is no secure mechanism to determine and monitor the identity of 'users' who may create, access and modify these documents.
"This makes it difficult for the DMS to securely assign different operational rights to individual users. In addition, it would also be difficult to track the status of the individual documents in circulation, such as knowing who created, modified or read a document and at what time."
Another problem could arise from the ease of accessing the content of a particular document especially if it exists in easily available or open format, he added.
In DigiVault, such issues are addressed by the Access Management Module (AMM). The system administrator who has the superuser rights first creates the users' accounts. These accounts will be centrally managed by the administrator who will dedicate the appropriate access rights to the users based on the roles performed by them and the access control policy.
Users are required to authenticate to the system by using their security tokens (for example, USB or universal serial bus security tokens, smart cards, calculator-type devices) issued to them. The security token contains the user credentials such as the user's private key, public key and certificate.
Based on this information, the system will allow the user to access the system resources based on his or her respective access rights. In future, the DMS will incorporate biometrics devices to provide more advanced user authentication.
An Auditing/Reporting Module generates audit trails, which keep track of use operations and activities. For example, too many failed login attempts may signal a possible intrusion. Proper access control protects the audit logs from modification while time stamping protects the integrity of the audit logs.