Patent Application
20090144552
The invention involves a remote electronic archiving process of at least a document or object (by digital object is understood an information object with intellectual content represented at the lowest level by a string of bits; it can also be represented by a coded and structured form).
At this time, there is no archiving process in existence performed in such a way that the authenticity and integrity of the archived documents or objects can be guaranteed.
The purpose of this invention is to remedy this lack or absence.
To reach this goal, the electronic archiving process according to the invention is distinctively defined in that it includes the operations for creating a digital document, the electronic signature of the documents, creation of a sealed envelope comprising at least an electronically signed documents, transfer of the sealed envelope to its storage location, with sealing key, from its original status defined by the author at the time of transmission, either as a result of a technical problem, or as a result of an encroachment of the original file by another one, for hostile purposes of opening the envelope with verification of the entire envelope and the document and of archiving the latter on a long-term use support, with document integrity elements of proof.
The invention will be better understood and other goals, features, details and advantage of the latter will appear more clearly in the explanation that will follow.
As an example of the implementation of the invention, hereinafter will be described in a detailed fashion, the various stages of the remote archiving process of a document by a person called creator, from the creation of this document until its archiving.
As such, a first step to be carried out by the creator who wishes to archive a document consists, after creating the digital version of the document to be archived, using a software of the type of Word, Excel, TXt, Image, Video, in writing a perennial format, namely a format independent of any technology change in time (material, software evolution), such as a format known by the name of PDF/A-1 and XML to guarantee the intelligibility of the digital archive in time (several tens or even hundreds of years).
The creator of the document enters it on his computer and assigns to the latter a descriptive comprising additional data called metadata that enable searching for it later on or qualifying it as such as well as contextual metadata that can bring the document back to its creation context, for instance, by specifying the legal qualification of the latter.
The format of these metadata could be a known format such as XML but could take on any other form, for instance, the one known by the names of CSV, TXT.
During the next step, the creator electronically signs the document as it has been established during step 1. The electronic signature permits to guarantee the identity and authorization or clearance of the creator, the integrity of the document, and via a Data and Time Third Party, the true date and hour of the signature. The validity of this signature is assured by the approved certification authority that had on a prior basis issued a signature right certificate to the creator. In other words, for that purpose, the creator must connect himself to the approved authority. If the certificate is considered valid, in other words not rejected in the usage context of the moment, the authority allows him to sign in, which excludes a subsequent invalidation of a validly given signature. The certification authority called Certifying Third Party as such checks for each signature, the creator right to use the signature. It must be pointed out that the Certifying Third Party is required to archive all of the usage events of a signature with its context specifying who has signed what and when, and which could subsequently constitute one of the elements of the probative value.
Please note that several operators can countersign the document of which one only is the creator, which will then be confirmed in the signature certificate. Several types of signature are supported whether they are internal or external to the document.
A third intermediary, as applicable, independent from the creator of the document and of the Certifying Third Party, in this case a Date and Time Third Party, is responsible for the evidence of the true date and time of the signature. During the signature process, the Certifying Third Party goes looking for a date and time token that confirms the true date and time for the document in question associated with its signature, with the Date and Time Third Party that must archive it.
To increase process security, the creator generates a seal that has the purpose of guaranteeing the integrity of the document contents, of the metadata and the signature. This content is called “data transfer”. Sealing of the data transfer is done by calculating a sealing key according to a hashing algorithm such as the algorithm known by the name of MD5, preferably different, for security reasons, of the one used at the time of the signature.
The next step is the creation of a secured envelope according to a program called “data transfer client agent.” This one processes the data transfer to generate this secured envelope.
This process consists of generating a file that will be added to the envelope and that describes its contents, in a detailed fashion. Then, the data transfer can be compressed to reduce the size of the envelope and make the content illegible to any person that does not have the proper algorithm.
Then the operator can proceed with the encryption of the file envelope with a special key, that is useful if the transfer line to the archiving location is not secured.
Then the envelope is sealed by computing a sealing key for instance according to the MD5 algorithm to ensure integrity of the envelope. As has been indicated above, sealing is a mathematical operation that generates a unique number computed with the contents of the envelope so that any modification, no matter how small, results in modifying the seal.
Finally, the creator constitutes the data transfer slip which is a summary of the contents of the envelope—name of the creator, data transfer service, referral, etc.) and of the context. This data transfer slip as well as the seal are prepared for transmittal to the archiving location in an isolated fashion which will permit checking its integrity and contents upon receiving the envelope.
Please note that the envelope can contain several documents, each of which is sealed.
The next step is that of transferring the envelope, the data transfer slip and the envelope seal, separately to its place of archiving using a transfer program via secured networks (for instance networks known by the name of VPN, SSL . . . ) up to the storage location.
At this location, upon receiving the envelope that constitutes the next step, a program called “receiving agent” checks the envelope sealing, in other words, its integrity by comparing the sealing key accompanying the envelope with the key calculated on location by using the same mathematical algorithm as at the time of sealing the envelope.
Then, the receiving agent opens the envelope and extracts each of the documents and checks them for integrity, thanks to the seal, as this was explained for the envelope, in other words, checks that the contents of the document(s) has not been intentionally or accidentally altered during the transfer. A check is made by the receiving agent, using the data transfer slip, of the complete nature of the envelope, in other words, he checks whether all of the components to be received have indeed been received.
Then, to formalize the taking on of responsibility by the receiving agent, namely the true date and time, a data and time token is requested by the receiving agent from a Date and Time Third Party, that may be independent, dealing at least with the envelope seal.
The next step, involves the secured storage and archiving of the data transfer(s). Each envelope document is classified by the archiving entity using the metadata that have been added to the document at the time of its preparation, so that one can search, consult the document and establish the associated authorizations or clearances.
Then, archiving takes place on an appropriate support such as a so-called WORM disk, in other words, an electronic support that can be read many times, but only written once, for instance of the type known by the name of CENTERA, NETAPP, HP SNAPLOCK, IBM DR550 . . . with the associated metadata, the features of the file, the duration of retention or the duration of administrative use, the type, the size, the signature certificate of the sender, the date and time certificate and the original seal. The WORM support is recommended but does not exclude other supports.
To consult the archived document, the requesting party makes the hook up to the remote archiving site (which can be within the organization or outside) and gives his identity by presenting his certificate of authorization or clearance established by his certification authority. Using this certificate, an eligibility check is made with a Certifying Third Party.
After approval by the latter, on the basis of the authorizations or clearances of the requesting party, the archiving entity enables the latter to make a search on the server. In response, he receives a list of documents with their metadata enabling him to validate either reading, or transmittal by mail or fax, or request a copy.
To ensure the mandatory traceability of the process, all operations such as data transfer, search, consultation, transmittal by mail, shall be recorded with the formal identification of the requesting party, the date and time of the request and will be finally archived.
To improve security even further during consultation, for the purpose of avoiding a disclosure of the conventional documents, the documents could be provided, according to the degree of confidentiality, with the addition of a digital watermark comprising the identity of the requesting party and the date and time of the consultation, which will then appear on all supports such as the screen, printing, email, etc.
From the description of the above invention, it appears that the latter proposes a process that permits:
It appears from the description that the archiving process includes a plurality of cascading seals such as the sealing that can be contained in the electronic signature, the seal of the data transfer and the envelope seal, in other words, a combination of at least three levels of algorithms in cascade form. Please note that it is not the number of levels making up the cascade that is important but the principle itself of the sealing cascade that guarantees the security of the process thus ensuring the integrity of the documents, in a manner that can be legally proven.
Beneficially, the algorithms used during the sealing operations can be different, thereby increasing process security.
| Number | Date | Country | Kind |
|---|---|---|---|
| 06 50449 | Feb 2006 | FR | national |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/FR2007/000217 | 2/6/2007 | WO | 00 | 3/28/2008 |
