PDF/A Competence Center Newsletter: Issue 11

Topics include the DMS Expo, long-term retention of evidence using PDF/A and ArchiSafe's BSI Protection Profile.

Table of Contents

  • Current News:
    • PDF/A Competence Center enriches the DMS EXPO with a comprehensive lecture program and its own stand
  • Main Articles:
    • Long-term retention of evidence using PDF/A
    • ArchiSafe now has a BSI Protection Profile
  • PDF/A Competence Center Members Introduce Themselves:
    • OpenLimit SignCubes AG
  • New Members

 

 

 

 

Marc Gurov

Dear readers,

PDF/A and long-term archiving – they belong together like HTML and browsers. Just two years ago, in virtually every project that dealt with a sound and legally binding repository, we had to cope with different document formats. From TIFF, JPEG and .doc files, whose advocators insisted on retaining the original formats, through to special formats: everything was present. Today it looks different. The ISO standardization seems to exert a positive impression on businesses and public authorities. I am extremely pleased that the PDF/A standard has managed to assert itself – and that worldwide! Just recently I read that the Norwegian government is archiving their own publications increasingly in PDF/A format. And Italy’s Board of Trade does not want to receive any more paper copies. They require businesses to submit all documents in PDF/A format.

Businesses and government agencies worldwide are gaining more and more confidence in the ISO standard PDF/A. Just recently we noticed this in a large project for an internationally active provider of pallet and container services, Chep, where we implemented a business process for signing invoices combined with a subsequent archiving of the files. The invoices are created as PDF/A files, are electronically signed, and are finally stored using our archiving middleware solution OpenLimit MigSafe, which was developed along the ArchiSafe principle.

Those who adhere to the PDF/A standard when archiving electronic documents avoid the risk of important information not being accessible in a few years. In order that an electronic document can be presented before a court, should the need arise, it must be electronically signed. A qualified electronic signature (QES) ensures the admissibility of an electronic document as evidence in a court of law in all European countries. The combination of PDF/A and QES therefore stands for legally binding and evidential long-term archiving. In order that this status remains valid for an “infinite” period of time, the signature should be renewed on a regular basis. Incidentally, we have developed an efficient solution for this purpose: OpenLimit OverSign.

Die DMS Expo in Köln, Europas größte Fachmesse für elektronisches Informations- und Dokumentenmanagement steht bevor und Sie können sich sicher sein: das Thema Langzeitarchivierung wird weiter in den Mittelpunkt rücken. OpenLimit zeigt unter anderem seine Lösungen für die beweiswerterhaltende Datenspeicherung für eine Dauer von 100 Jahren und mehr.

The DMS Expo in Cologne, Europe’s largest trade fair for electronic information and document management, will be held shortly and you can be certain that the subject of long-term archiving will again be one of the main themes. OpenLimit will be presenting, amongst other things, our solution for the legally binding retention of data for periods of 100 years and more.

Marc Gurov,
CEO OpenLimit SignCubes AG

CURRENT NEWS

PDF/A Competence Center enriches the DMS EXPO with a comprehensive lecture program and its own stand

Again this year, making it the third year in a row, the PDF/A Competence Center will be present at the DMS EXPO with its lecture program and trade show stand. From September 15 to 17, eight members – Adobe Systems, callas software, Cartago, Compart AG, Crawford Technologies, LuraTech Europe, PDF Tools and SEAL Systems – will present their products and services for PDF/A at Stand G059 in Hall 7. On September 14, a day prior to the start of the DMS EXPO, the PDF/A Competence Center will also offer a half-day seminar in Cologne. Here participants will receive detailed information on the ISO standard for long-term archiving and will learn about the benefits of PDF/A and the areas in which it can be applied. More information can be found at DMS Expo in Cologne.

MAIN ARTICLES

Long-term retention of evidence using PDF/A

In order that a PDF/A file can be presented as evidence in a court of law, it muss be legally signed. This is due to the fact that, with his signature, the signer confirms his intention respectively his agreement to the content of the contained declarations. An electronic signature fulfills these conditions if it has been attached in accordance with valid legal requirements. In Germany, for instance, these include SigG, SigV, BGB §§125ff and others.

Parallel to the continual improvement of information technology and mathematical procedures, the security of signature algorithms, and with it the legal authenticity of electronically signed documents, is decreasing. For this reason, the Federal Office for Information Security in Germany regularly publishes new requirements for electronic signatures. The legal force of a document signed with an older algorithm can therefore no longer be guaranteed, even if the selected algorithm was deemed secure at the time the document was signed.

Numerous businesses and public authorities are obligated by law to retain documents and keep them readily available for decades. In particular, they carry the responsibility for ensuring that the legal force of the documents is timely established and retained

Basically there are two possibilities for renewing an electronic signature. Either every document will be signed individually with a new electronic signature that encompasses the document as well as the previous signature, or a batch of documents will be grouped together and “re-signed” with a single new signature.

Renewing the signature on each and every document is a tedious and time-consuming process. For this reason the legislators have allowed for the verification of multiple documents in one process. Only one signature is necessary, resulting in the effort for resigning the documents being independent from the number of documents that are processed. This saves, time, costs and computing capacity without endangering the legal force of the archived documents.

ArchiSafe now has a BSI Protection Profile

Scholars, economists and politicians have long pondered over a solution for creating a secure digital archiving system that guarantees the retention of documents for eternity. The system must be legally binding and in particular so reliable, that millions of dust-covered dossier can be digitalized and archived without risk of manipulation. The ArchiSafe concept, which was developed primarily by the Physikalisch-Technisch Bundesanstalt (Federal Physical and Technical Agency) in Germany, was certified in accordance with Common Criteria by the Federal Office for Information Security (BSI) in November 2008 and is now available to software developers as a specification catalog.

The ArchiSafe Protection Profile describes the security requirements for an archiving middleware that serves as an archiving gateway. This approach uncouples the specialized administrative procedure for archiving from the actual storage media. As a result, the operator can change applications and storage systems without having to worry about auditing requirements when transferring archived documents. In addition, he becomes less dependent on his archiving system supplier.

The technological approach of the ArchiSafe concept consists of documents and their related metadata, if applicable, being stored in an XML container. The XML container is a data stream that can be interpreted by simple means. Every application (e.g. a DMS) can use its own XML scheme and with this fulfill the requirements for additional metadata. The middleware validates the XML scheme that it receives from the administrative procedure. Additionally, it generates a so-called “coat-check” ticket. This is a unique identification that is used as a reference for finding and retrieving the archived document. Based on this ID number, the archived data can at any time during the process be identified and can be retrieved as required for further processing (e.g. viewing or deleting). The functionality for deletion may be required, for example, if data must be destroyed because the legal retention period for a document has expired. The middleware is the intermediary that must provide the storage system with a secure mechanism for deleting the documents. In addition, document signatures can be verified and test reports entered into the XML container.

ArchiSafe recommends using PDF/A format for the long-term storage of documents. The ISO standard PDF/A builds a foundation for the long-term retention of digitally signed documents. Through the combination of PDF/A documents, electronic signatures and XML-based technology, a modern approach to long-term archiving has been made available.

You can read more about storage-media independent archiving at:

BSI Protection Profile for an ArchiSafe Compliant Middleware
ArchiSafe Project Website
ArchiSafe-accommodating Middleware OpenLimit MigSafe

PDF/A COMPETENCE CENTER MEMBERS PRESENT THEMSELVES

OpenLimit SignCubes AG

OpenLimit SignCubes AG is a leading international supplier of certified software for electronic signatures and identities. Easily integrated program components make full electronic invoicing, continual media workflows and verifiable proof for long-term archiving possible. The software solutions we offer are characterized by maximum security and legal force. The certification is guaranteed in accordance with the highest of international security standards for software products, Common Criteria EAL4+.

More information can be found at: www.openlimit.com.

NEW MEMBERS IN THE PDF/A COMPETENCE CENTER

We welcome the following companies as members in the PDF/A Competence Center:

About PDF/A Competence Center

The first of the PDF Association's Competence Centers.

Leave a Reply