№2, 2015

SOME ASPECTS OF THE SECURITY OF ELECTRONIC DOCUMENT MANAGEMENT SYSTEMS
Makrufa Sh. Hajirahimova

One of the broadest application fields of information-communication technologies (ICT) is clerical work. Beginning in the 1990s, the application of computer systems in electronic document management allowed clerical work to be performed electronically with the application of information technologies (IT). This article describes the security issues of these systems, which have become an important factor in the solution of management issues. The main factors necessitating the security of electronic document flow systems are identified, the classification of threats is reviewed, and the main security issues are explored. Last, the technologies for security maintenance in those systems are analyzed (pp. 42-49).

Keywords:electronic document, electronic document management system, identification, autentification, electronic digital signature, secure document management system.
References
  • Sprague R.H. Electronic document management: challenges and opportunities for Information Systems Managers // MIS Quarterly, 1995, vol.19, no.1, pp.29–49.
  • Hajirahimova M.Sh. Actual problems of electronic document management systems in the framework of electronic government environment and their solution methods // Information society problems, Baku, 2010, №2, pp. 21-29.
  • Aliguliyev R.M., Imamverdiyev Y.N. Digital Signature Technology, Baku, “Elm”, 2003, 130 p.
  • Resolution on electronic signature and document of Republic of Azerbaijan, Azerbaycan newspaper, 10 March 2004.
  • Kolesov A. The state and EDFS: conclusions, problems, perspectives. 25 March 2011, Available at: http://ecm-journal.ru/post/
  • Malyuk A.A. Information security: conceptual and methodological foundations of information protection. Moscow, Hot Line Telecom, 2004, 280 p.
  • Lambrinoudakis C., Gritzalis S., Dridi F., Pernul G. Security Requirements for e-Government Services: A Methodological Approach for Developing a Common PKI-based Security Policy // Computer Communications, 2003, vol.26, no.16, pp.1873-1883.
  • Resolution on interdepartmental electronic document flow system, 4 September 2012, Available at: http://www.president.az.
  • Resolution of information, informatization and information security of Republic of Azerbaijan, 3 April 1998. Available at: http://www.president.az.
  • Buldakova T.I., Glazunov B.V., Lyapina N.S. Efficiency assessment of electronic document flow system security // TUSUR Proceedings, 2012, № 1 (25), part 2, pp. 52-56.
  • Dosmuhammedov B.R. The analysis information threats to electronic document flow system // Computer software and computer engineering, 2009, № 6, pp.140–143.
  • Imamverdiyev Y.N., Hajirahimova M.Sh. Infrastructure architecture of trust to electronic documents in electronic state environment // Telecommunications, 2011, № 11, pp.18–26.
  • Riverst R.L., Shamir A., Adleman L. A Metod for Obtaining Digital Signatures and Public-Key Criptosystems // Communications of the ACM.-1978.vol.21, no.2, pp.120-126.
  • Liu J.B., Hu X-Q., et.al. Design and Implementation of a PKI-Based Electronic Documents Protection Management System / Proceedings of International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Kaohsiung, Taiwan, 26–28 November, 2007, pp.87-92.
  • ITU-T X.842 Information Technology – Security Techniques – Guidelines for the Use and Management of Trusted Third Party Services, 2000, 50 p.
  • Housley R., Polk W., Ford W., Solo D. RFC 3280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, April 2002, 129 p.
  • Pinkas D., Pope N., Ross J. RFC 5126: CMS Advanced Electronic Signatures (CAdES). 2008, 141 p.
  • Myers M., Ankney R., Malpani A., Galperin S., Adams C., RFC 2560: X.509 Internet Public Key Infrastructure – Online Certificate Status Protocol – OCSP, June 1999, 51 p.
  • Cain A. C., Pinkas P. D., and Zuccherato R. RFC 3161: Internet X. 509 Public Key Infrastructure Time-Stamp Protocol (TSP), august 2001, 26 p.
  • Gatautis R., Mazeika A., Laud P., and Satkauskas R., Enhancing e-Government Services through Digital Time Stamping: Time Stamping System Specifications // Communications of the IBIMA, 2008, vol.5, no.24, pp.204-210.
  • Buldas A., Laur S. Knowledge-binding Commitments with Applications in Time-Stamping / International Conference on Theory and Practice of Public-Key Cryptography (PKC’07), 16-20 April 2007, Beijing, China, LNCS 4450, pp.150-165.
  • Freeman T., Housley R., Malpani A., Cooper D., Polk W. RFC 5055: Server-Based Certificate Validation Protocol (SCVP), December 2007, 88 p.
  • Farrell S., Housley R., Turner S. RFC 5755: An Internet Attribute Certificate Profile for Authorization. January 2010, 50 p.
  • Adams C., Sylvester P., Zolotarev M., and Zuccherato R., RFC 3029: Internet X.509 Public Key Infrastructure. Data Validation and Certification Server Protocols, February 2001, 51 p.
  • Liu N. Cloud technology in the security management of enterprise document / Proceedings of the second International Conference on Innovations in Bio-inspired Computing and Applications, 2011, 16–18 December, pp.267-269.
  • Corazon M.G., Sicat E., et.allSubioniPad: Integrated Paperless Document Checking and Template-based / Proceedings of the Second International Conference on Computer and Electrical Engineering, 2009, pp.189-193.
  • The Digital Universe Decade – Are You Ready?,http://www.emc.com/collateral/ analyst-reports