IMiS/ARChive Server
IMiS/ARChive Server enables the archiving of unlimited quantities of the content (scanned documents, files, email attachments). It is used as an individual digital archive for storing content from various applications. The security of the content is provided by state-of-the-art algorithms for encryption. Additional security mechanisms are an audit trail for determining the activities on content and the setting up of a secondary location for ensuring high availability of the archive system.
SECURITY OF ARCHIVED ENTITIES AND CONTENT
It provides all modern technological security methods in order to avoid unauthorised accesses to the entities and content. When an entity is archived, a unique, encrypted entity identifier (ID) is created. Traffic between the client and server is encrypted using the advanced
AES-256 algorithms and appropriate mechanisms (TLS).
It provides all modern technological security methods in order to avoid unauthorised accesses to the entities and content. When an entity is archived, a unique, encrypted entity identifier (ID) is created. Traffic between the client and server is encrypted using the advanced
AES-256 algorithms and appropriate mechanisms (TLS).
THE RIGHTS TO ACCESS THE ENTITIES AND METADATA
A user with appropriate rights can assign a list of rights (Access Control Lists – ACL) to a user, user group or attribute of directory entity type, to access the content or metadata.
It thereby specifies the explicit permissions or prohibitions, which can also be time-limited. Together with inherited rights they determine effective rights.
The effective rights enable the user to open, edit and delete entities, create subentities, change permissions, move content in the classification scheme, change security class and status, change retention, create references and inherit rights to the contained records.
The rights to access metadata enable the user to additionally manage the approvals and restrictions for reading, writing, creating and deleting of non-public metadata.
To be able to see the content, the user security class level has to be at least the same as the security class of the content (which has been explicitly defined or inherited).
Access to records and performing actions via applications is also enabled for indirectly logged-on users (delegates). For performing certain actions, the user with permission can also define the roles (AuditLogQuery, ImportExport, Reports).
A user with appropriate rights can assign a list of rights (Access Control Lists – ACL) to a user, user group or attribute of directory entity type, to access the content or metadata.
It thereby specifies the explicit permissions or prohibitions, which can also be time-limited. Together with inherited rights they determine effective rights.
The effective rights enable the user to open, edit and delete entities, create subentities, change permissions, move content in the classification scheme, change security class and status, change retention, create references and inherit rights to the contained records.
The rights to access metadata enable the user to additionally manage the approvals and restrictions for reading, writing, creating and deleting of non-public metadata.
To be able to see the content, the user security class level has to be at least the same as the security class of the content (which has been explicitly defined or inherited).
Access to records and performing actions via applications is also enabled for indirectly logged-on users (delegates). For performing certain actions, the user with permission can also define the roles (AuditLogQuery, ImportExport, Reports).
HIERARCHY OF ENTITIES IN THE CLASSIFICATION SCHEME
The IMiS/ARChive Server enables the hierarchy of entities (classes, folders and documents) in the classification scheme. The amount of class and folder levels is practically unlimited and can vary in the individual parts of the archive.
Different entity types can be saved on the same level.
Each class, folder and document in the archive has its own classification code, which is unique for the whole archive. The code is assigned upon creation and cannot be altered, unless the entity has been moved within the classification scheme (re-classification). According to the settings, the fully qualified classification code is automatically assigned by the server or the user can manually enter a part of the code.
The IMiS/ARChive Server enables the hierarchy of entities (classes, folders and documents) in the classification scheme. The amount of class and folder levels is practically unlimited and can vary in the individual parts of the archive.
Different entity types can be saved on the same level.
Each class, folder and document in the archive has its own classification code, which is unique for the whole archive. The code is assigned upon creation and cannot be altered, unless the entity has been moved within the classification scheme (re-classification). According to the settings, the fully qualified classification code is automatically assigned by the server or the user can manually enter a part of the code.
VERSIONING
Versioning is enabled on documents that are based on templates with versionable attributes. During the versioning process new attribute values are created on the entity. The user can check out document drafts, review them, modify them, check them in or discard them.
When checking in a draft, the changes are saved and the versionable attributes are assigned a new sequence number which represents the version.
Versioning is enabled on documents that are based on templates with versionable attributes. During the versioning process new attribute values are created on the entity. The user can check out document drafts, review them, modify them, check them in or discard them.
When checking in a draft, the changes are saved and the versionable attributes are assigned a new sequence number which represents the version.
ENSURING AUTHENTICITY USING MERKLE TREES
Authenticity of the content, subject to long-term archiving is secured using the standardised concept of the evidence record syntax (ERS in XML form according to RFC 6283) and recommendations of the LTANS (Long-Term Archive and Notary Services) for checking integrity.
The key processes for ensuring long-term authenticity of content are the processes of generating and renewing proofs (hash, electronic signature with digital certificate, timestamp).
The archival information package (AIP) is created by the IMiS/ARChive Server for all folders and documents, which are subject to authenticity procedure. The AIP is a summary of the metadata and content of the entity in XML form. Every AIP, archival server processes and calculates the hash. From calculated hashes of individual AIPs, a hash tree (Merkle tree) is created and a root hash is created and timestamped. The Merkle tree can be used to timestamp a package with a large number of content and therefore considerably rationalizes the proof generation process.
The proofs are automatically renewed before the digital certificate of the created timestamp expires or the deterioration of the degree of security of a hashing algorithm is foreseen.
When validity of certificate is limited, the Merkle tree is created. Through the hashing process, AIP hashes and timestamps that are about to expire are added. By timestamping the root hash of the Merkle tree, proof of existence of the AIP is created and validity of timestamps that are about to expire is renewed.
When security of the algorithm is limited, new hashes are calculated for each AIP and their proofs, for which the algorithm used was unreliable. Merged hashes are then added to the Merkle tree. The root hash is created from the hash tree and is timestamped. This process ensures reliability of the AIP and all the proofs associated.
Authenticity of the content, subject to long-term archiving is secured using the standardised concept of the evidence record syntax (ERS in XML form according to RFC 6283) and recommendations of the LTANS (Long-Term Archive and Notary Services) for checking integrity.
The key processes for ensuring long-term authenticity of content are the processes of generating and renewing proofs (hash, electronic signature with digital certificate, timestamp).
The archival information package (AIP) is created by the IMiS/ARChive Server for all folders and documents, which are subject to authenticity procedure. The AIP is a summary of the metadata and content of the entity in XML form. Every AIP, archival server processes and calculates the hash. From calculated hashes of individual AIPs, a hash tree (Merkle tree) is created and a root hash is created and timestamped. The Merkle tree can be used to timestamp a package with a large number of content and therefore considerably rationalizes the proof generation process.
The proofs are automatically renewed before the digital certificate of the created timestamp expires or the deterioration of the degree of security of a hashing algorithm is foreseen.
When validity of certificate is limited, the Merkle tree is created. Through the hashing process, AIP hashes and timestamps that are about to expire are added. By timestamping the root hash of the Merkle tree, proof of existence of the AIP is created and validity of timestamps that are about to expire is renewed.
When security of the algorithm is limited, new hashes are calculated for each AIP and their proofs, for which the algorithm used was unreliable. Merged hashes are then added to the Merkle tree. The root hash is created from the hash tree and is timestamped. This process ensures reliability of the AIP and all the proofs associated.
SEARCH
The user can search the entities in the digital archive by metadata and the content by full text (Full text Index, FTS). The search can apply only to the selected classes or folders and its content (recursive).
One or more search queries that are separated with logical operators are used to conduct search by metadata. The search tool allows searching by initial string or an arbitrary substring of the searched value and is case insensitive. The user can also search by the title of content files. The full text search is performed by the content in text format. Search results show content descriptions as well. The user only sees content that meet the search criteria, security class of the content, user security class level and access rights (ACL). All other content remain hidden even if they meet search criteria.
The user can search the entities in the digital archive by metadata and the content by full text (Full text Index, FTS). The search can apply only to the selected classes or folders and its content (recursive).
One or more search queries that are separated with logical operators are used to conduct search by metadata. The search tool allows searching by initial string or an arbitrary substring of the searched value and is case insensitive. The user can also search by the title of content files. The full text search is performed by the content in text format. Search results show content descriptions as well. The user only sees content that meet the search criteria, security class of the content, user security class level and access rights (ACL). All other content remain hidden even if they meet search criteria.
IMMUTABLE AUDIT TRAIL
The audit trail is a chronological record of accesses, events and changes made in the IMiS/ARChive Server. The audit trail is completely immutable throughout its entire life cycle and it is protected against both authorized and unauthorized interventions.
Only users with appropriate access rights can access the audit trail and it is clearly presented. The user with appropriate access rights can perform audit trail queries according to: event dates, IP-addresses, user names, computer names and list of encoded unique entity identifiers. The audit trail can be exported or it can be transferred to a different archival system together with the content.
The audit trail is a chronological record of accesses, events and changes made in the IMiS/ARChive Server. The audit trail is completely immutable throughout its entire life cycle and it is protected against both authorized and unauthorized interventions.
Only users with appropriate access rights can access the audit trail and it is clearly presented. The user with appropriate access rights can perform audit trail queries according to: event dates, IP-addresses, user names, computer names and list of encoded unique entity identifiers. The audit trail can be exported or it can be transferred to a different archival system together with the content.
ARCHIVING EMAILS
Drag and Drop is used for archiving emails. The user selects emails from the email client and transfers them to the appropriate location in the classification scheme in the form of an EML file. A new document in the original form with all metadata and attachments is created.
Drag and Drop is used for archiving emails. The user selects emails from the email client and transfers them to the appropriate location in the classification scheme in the form of an EML file. A new document in the original form with all metadata and attachments is created.
IMPORT, EXPORT AND TRANSFER OF CONTENT
The archive server enables import, export and transfer of content in the form of a XML file.
The user with appropriate rights can export the entire classification scheme or only a certain part.
Together with the content, metadata are exported. The audit trail and additional metadata can be optionally exported as well.
Mass capture (import) is most commonly used for adding large quantities of content to the digital archive. It is used when the content is scanned externally or in case of migration of the content from other archive systems. Using appropriate tools, the administrator classifies the content and metadata under the root class of the classification scheme or under the selected class or folder.
Transferring content includes: exporting content, importing of exported content to a different archive server, importing approval, saving report and deleting transferred content.
The archive server enables import, export and transfer of content in the form of a XML file.
The user with appropriate rights can export the entire classification scheme or only a certain part.
Together with the content, metadata are exported. The audit trail and additional metadata can be optionally exported as well.
Mass capture (import) is most commonly used for adding large quantities of content to the digital archive. It is used when the content is scanned externally or in case of migration of the content from other archive systems. Using appropriate tools, the administrator classifies the content and metadata under the root class of the classification scheme or under the selected class or folder.
Transferring content includes: exporting content, importing of exported content to a different archive server, importing approval, saving report and deleting transferred content.
REPORTS AND PRINTING
The import, export or transfer reports include information about their execution and potential errors. Reports of search results by audit trail and deleted content as well as the various statistics are also available. Only users with appropriate user rights can view the reports.
Content can be printed using the default application. The classification scheme for the whole archive or only for the included classes or folders can be printed as well. Additionally, printing of metadata, security settings and content features is available for the selected class, folder or document.
The import, export or transfer reports include information about their execution and potential errors. Reports of search results by audit trail and deleted content as well as the various statistics are also available. Only users with appropriate user rights can view the reports.
Content can be printed using the default application. The classification scheme for the whole archive or only for the included classes or folders can be printed as well. Additionally, printing of metadata, security settings and content features is available for the selected class, folder or document.
ADMINISTRATION WEB INTERFACE
For easier administration, the user with permission can use the administration web interface. It enables the setting of specific server functionalities that are logically sorted into configuration folders: archive, access control, audit log, authentication, attributes, codelists, content, counters, directory, legacy archival, LTANS, retention, security, storage and templates.
For easier administration, the user with permission can use the administration web interface. It enables the setting of specific server functionalities that are logically sorted into configuration folders: archive, access control, audit log, authentication, attributes, codelists, content, counters, directory, legacy archival, LTANS, retention, security, storage and templates.
INTEGRATION WITH APPLICATIONS
Integration of DMS, ERP, CRM, BPM and other applications with the archive server IMiS/ARChive Server is enabled through the IMiS/StorageConnector API and its service layer IMiS/Storage Connector Services.
The IMiS/Storage Connector API enables the implementation of a wide range of operations on the archive server: opening the archive, creating and opening entities, determining registered archive users, retrieval of public data about the content, review of effective access permissions, reading, opening, creating, changing, saving, moving and deleting content, searching the archive, retrieval of the audit log, creating, reading and modifying retention policies and disposition holds, reading and editing reviews in the review process, etc.
The IMiS/Storage Connector Services API is intended for executing the following operations: create (POST), retrieve/read (GET), update (PUT) and delete (DELETE). These operations are executed on the application server as REST, SOAP or CMIS interfaces and accessed via HTTP/HTTPS protocol. SOAP API provides access to objects on the archive server via a web server as a web service. RESTfull API web services lets you integrate archive server with your application using simple HTTP methods in in JSON format. CMIS API provide access to CMIS-compatible content and metadata warehouses from various ECM systems, accessible via CMIS clients.
Integration of DMS, ERP, CRM, BPM and other applications with the archive server IMiS/ARChive Server is enabled through the IMiS/StorageConnector API and its service layer IMiS/Storage Connector Services.
The IMiS/Storage Connector API enables the implementation of a wide range of operations on the archive server: opening the archive, creating and opening entities, determining registered archive users, retrieval of public data about the content, review of effective access permissions, reading, opening, creating, changing, saving, moving and deleting content, searching the archive, retrieval of the audit log, creating, reading and modifying retention policies and disposition holds, reading and editing reviews in the review process, etc.
The IMiS/Storage Connector Services API is intended for executing the following operations: create (POST), retrieve/read (GET), update (PUT) and delete (DELETE). These operations are executed on the application server as REST, SOAP or CMIS interfaces and accessed via HTTP/HTTPS protocol. SOAP API provides access to objects on the archive server via a web server as a web service. RESTfull API web services lets you integrate archive server with your application using simple HTTP methods in in JSON format. CMIS API provide access to CMIS-compatible content and metadata warehouses from various ECM systems, accessible via CMIS clients.