Digital Signatures Workflows in Alfresco

摘要

There are some obstacles, towards a paperless office. One of them is the collection of signatures, since nearly half of all documents are printed for the sole purpose of collecting them. Digital signatures can have the same legal evidential validity as handwritten signatures, provided they are based on certificates issued by accredited certification authorities and the associated private keys are stored on tamper proof token security devices like smart cards. In this article, we propose a platform for secure digital signature workflow management that integrates secure token based digital signatures with the Enterprise Content Management Alfresco, where each user can associate a set of smart cards to his account. The documents can then be signed with the citizen card or other smart card that has digital signatures capabilities. We have implemented an Alfresco module that allows us to explore several workflow techniques to implement real task secure digital signatures workflows, as people for example do when they pass a paper document between various departments to be signed. Since all users can see the current state of the documents being signed during the entire signage process, important security properties like system trust are preserved. We also describe an external validation web service, that provides a way for users to validate signed documents. The validation service then shows to the user important document security properties like timestamps, certificates attributes and highlights the document integrity in face of the digital signatures that have been collected in the workflows defined by our module in Alfresco.