Digisafe manages to lock documents away

Singapore-based company DigiSafe has developed a secure document management system that incorporates digital watermark technology...

Singapore-based company DigiSafe has developed a secure document management system that incorporates digital watermark technology to ensure the authenticity of electronic documents.

DigiVault, developed using a combination of technologies such as authentication, digital signatures, cryptography and digital marking, is designed for businesses that require a secure environment to create, share and store digital documents.

"DigiVault is an electronic equivalent of a locked document cabinet and file registry in the physical world where the access rights and policies to documents are enforced," said Andrew Chow, general manager of DigiSafe.

Developed by a team of five software engineers and architects within six months, DigiVault's differentiating feature is its digital watermark technology.

The watermarked documents can be verified in the digital or analogue domain since they can exist in either a digital or a printed format (analogue domain). To prove that an electronic document in the digital domain is authentic, the verifying software with the watermarking algorithm is provided to check the retrieved watermark.

"Electronic documents are first converted into a digital image, watermarked with another digital image or file and then converted back into an electronic document format such as a PDF file," Chow said.

Watermarked documents would look the same as the original electronic document but would contain an invisible hidden watermark.

Alternatively, to prove that an electronic document in the analogue domain is authentic, the printed document must be scanned into a digital format and checked by the verifying software.

"Watermarking and time-stamping services provide the document origin and integrity services. The online documents are electronically watermarked after they have undergone format conversion. Watermarking is a security service that assists users in verifying if online documents come from a legitimate source. This ensures the authenticity of documents."

Time-stamping is the process of adding a date and time to all online documents. In this case, the server will then digitally sign the result with its own private key issued by a certificate authority.

Chow said that DigiVault addresses several issues faced by many current document management systems (DMS).

"One problem is the difficulty of proving the identity of users accessing a particular DMS," he said. "The DMS would be severely compromised if it incorrectly identifies unauthorised users as authorised users (such as when the system is hacked). There is no secure mechanism to determine and monitor the identity of 'users' who may create, access and modify these documents.

"This makes it difficult for the DMS to securely assign different operational rights to individual users. In addition, it would also be difficult to track the status of the individual documents in circulation, such as knowing who created, modified or read a document and at what time."

Another problem could arise from the ease of accessing the content of a particular document, especially if it exists in easily available or open format, he added.

In DigiVault these issues are addressed by the Access Management Module (AMM). The system administrator who has "superuser" rights first creates the users' accounts. These accounts will be centrally managed by the administrator who will dedicate the appropriate access rights to the users based on the roles performed by them and the access control policy. Users are given permission to access the system by using their security tokens (for example, USB security tokens, smart cards, calculator-type devices) issued to them. The security token contains the user's credentials such as the user's private key, public key and certificate. Based on this information, the system will allow the user to access the system resources based on his or her respective access rights. In future, the DMS will incorporate biometrics devices to provide more advanced user authentication.

An Auditing/Reporting Module generates audit trails, which keep track of operation usage and activities. For example, too many failed login attempts may signal a possible intrusion. Proper access control protects the audit logs from modification while time stamping protects the integrity of the audit logs.

Read more on IT risk management