IntelliSec – The 1st International Workshop on Intelligent Security Systems
11-24th November 2009, Bucharest, Romania
DOCUMENT MANAGEMENT SYSTEM
SLEVOACA Florin
Abstract: The document is an important communication tool
between the organization’s departments and for the
relationships with other companies. Document management
systems are used by organizations in all public and private
sectors in order to organize and structure electronic documents
as so to track their flow in company and its entry / exit points.
Key words: communication, organization, document, flow.
1. INTRODUCTION
This paper
proposes a brief presentation of a web-based document
management application that allows management and document
tracking as so archiving, ensuring a balance between security
and accessibility, protecting information and at the same time
offering a quick and easy access to help company staff to work
with maximum efficiency.
Security of a document is a very important issue. The
Document Management System can be very well described as
the memory of the organization, good control over different
security aspects is more than needed.
1.1 Purpose
Document management systems provide security based on a
number of factors, while allowing instant, anytime access from
any location.
In order to simplify the security aspects, it all begins with
the security of the document storage. Most document
management systems use an internal system architecture called
reference database. In those systems, there is usually a database
containing document meta information, such as a path to the
document file residing on a file server.
The purpose of this paper is about how to protect these files
on the server in a proper way, so that they are always secure
and inaccessible by any other means than via the DMS. If the
files can be accessed without the control of the DMS in any
situation at all, then the control and security is compromised.
1.2 History
Beginning in the 1980s, a
number of vendors began developing systems to manage paper-
based documents. These systems managed paper documents,
which included not only printed and published documents, but
also photos, prints, etc.
Later, a second system was developed,
to manage electronic documents, i.e., all those documents, or
files, created on computers, and often stored on local user file
systems. The earliest electronic document management (EDM)
systems were either developed to manage proprietary file types,
or a limited number of file formats. Many of these systems
were later referred to as document imaging systems, because
the main capabilities were capture, storage, indexing and
retrieval of image file formats. These systems enabled an
organization to capture faxes and forms, save copies of the
documents as images, and store the image files in the repository
for security and quick retrieval (retrieval was possible because
the system handled the extraction of the text from the document
as it was captured, and the text indexer provided text retrieval
capabilities).
In the broadest sense, document management systems can
range from a shoebox all the way to an enterprise content
management system. There are several common issues that are
involved in managing documents, whether the system is an
informal, ad-hoc, paper-based method for one person or if it is a
formal, structured, computer enhanced system for many people
across multiple offices.
EDM systems evolved to where the system was able to
manage any type of file format that could be stored on the
network. The applications grew to encompass electronic
documents, collaboration tools, security, and auditing
capabilities.
1.3 Document management system definition
A document management system (DMS) is a computer
system (or set of computer programs) used to track and store
electronic documents and/or images of paper documents.
A document management electronic system offers an
organization a standard modality to create, manage, control and
supply documents. This will allow the improvement of the
performances of the company through work realized faster,
with fewer people, with better accuracy and less paper.
A solution in managing documents does not refer to
documents; it is projected for users and for their objectives as
part of the organization. Studies show that 80% of “knowledge”
of a company is maintained as unstructured data. A
management solution of completed documents produces a
modality of structuring, organization and securing this in-
formation.
A performing system of document management presents the
following characteristics:
• implements rapidly flows of documents
• is flexible at every organization structure
• has a high degree of security
• can be adapted at any type of document
• can be connected to other applications
• presents facility in use
• can be situated on ulterior developments
The main functions of such a system are: indexing, security,
visual, archiving, searching, control of versions and control of
the access on documents. The processing and flux of documents
which completes the solution to manage documents is tightly
connected with these. Other functions that these systems might
have are:
• Allocation of an unique registration number to each document
• Establishing the place where each document is active
• Attending the entire life cycle of a document;
- personnel which is responsible with its reception
- the moment when it was received
- the person which responds with the notice/
response that is formulated
- date at which the response/ notice were finalized.
One of the greatest advantages of a management quality
system of documents is integrated in a more transparent
manner, as possible, with the infrastructure of the company.
The solutions of documents management are easily
implemented and integrated in the intranet of the company. The
role of data security in this case is decrypting documents,
allowing only users with correspondent rights to see or to
modify documents.
No matter if the information will be presented under the
format of a Microsoft Word document, an e-mail in Outlook, a
Power-Point presentation, an Adobe PDF folder or multimedia
information, the security method of the system of documents
management must face all these types of documents, separating
the writing of the content on the access list at this document.
This information is deposited on a server, the entire access
process to confidential documents passing through the security
system of the management system solution of documents.
Unlike manual systems, the automatic systems of
documents management present the following advantages:
• deposit the information connected to a document in a single
place
• allow the rapid access at the place where the document is in
the organization
• Inform regarding the notice stage (resolution) where the
document is situated
• Attend the necessary period for the finalization of a notice
(resolution) and the ones that exceeded this term
• Observe the number of documents that entered daily, each
weekend, each month.
An effective document management solution specifies:
• What types of documents and other content can be
created within an organization.
• What templates to use for each type of document.
• What metadata to provide for each type of document.
• Where to store documents at each stage of a
document's life cycle.
• How to control access to a document at each stage of
its life cycle.
• How to move documents within the organization as
team members contribute to the documents' creation,
review, approval, publication, and disposition.
• What policies to apply to documents so that
document-related actions are audited, documents are
retained or disposed of properly, and content
important to the organization is protected.
• How documents are converted as they transition from
one stage to another during their life cycles.
• How documents are treated as corporate records,
which must be retained according to legal
requirements and corporate guidelines.
2. COMPONENTS
Document management systems commonly provide storage,
versioning, metadata, security, as well as indexing and retrieval
capabilities.
Here is a description of these components:
Metadata
Metadata is typically stored for each document. Metadata
may, for example, include the date the document was stored
and the identity of the user storing it. The DMS may also
extract metadata from the document automatically or prompt
the user to add metadata. Some systems also use optical
character recognition on scanned images, or perform text
extraction on electronic documents. The resulting extracted text
can be used to assist users in locating documents by identifying
probable keywords or providing for full text search capability,
or can be used on its own. Extracted text can also be stored as a
component of metadata, stored with the image, or separately as
a source for searching document collections.
Integration
Many document management systems attempt to integrate
document management directly into other applications, so that
users may retrieve existing documents directly from the
document management system repository, make changes, and
save the changed document back to the repository as a new
version, all without leaving the application.
Indexing
Track electronic documents. Indexing may be as simple as
keeping track of unique document identifiers; but often it takes
a more complex form, providing classification through the
documents' metadata or even through word indexes extracted
from the documents' contents. Indexing exists mainly to support
retrieval.
Storage
Store electronic documents. Storage of the documents often
includes management of those same documents; where they are
stored, for how long, migration of the documents from one
storage media to and eventual document destruction.
Retrieval
Retrieve the electronic documents from the storage.
Although the notion of retrieving a particular document is
simple, retrieval in the electronic context can be quite complex
and powerful. Simple retrieval of individual documents can be
supported by allowing the user to specify the unique document
identifier, and having the system use the basic index (or a non-
indexed query on its data store) to retrieve the document. More
flexible retrieval allows the user to specify partial search terms
involving the document identifier and/or parts of the expected
metadata.
Security
Document security is vital in many document management
applications. Compliance requirements for certain documents
can be quite complex depending on the type of documents.
Some document management systems have a rights
management module that allows an administrator to give access
to documents based on type to only certain people or groups of
people.
Workflow
By planning workflows for your organization, you can
control and track how documents move from one team member
to another as each participant collaborates in a document's life used in the document management application, stressing the
cycle. essential implementation features.

Versioning 3.2.1 Version control

Versioning is a process by which documents are
checked in or out of the document management system,
allowing users to retrieve previous versions and to continue
work from a selected point. Versioning is useful for documents
that change over time and require updating, but it may be
necessary to go back to a previous copy.
Searching
Finds documents and folders using template attributes or
full text search. Documents can be searched using various
attributes and document content.
At its simplest, version control simply tracks updates to a
given document, but doesn't impose any structure on the
process used to update it.
It is important not to have different versions of a document
having the same content. So, when we create a new version of a
document, we need to verify that is unique among the previous
older versions. This way we will optimize the storage area. In
order to verify the distinction between versions we shall use
hash functions.
Hash functions are mostly used to speed up table lookup or
data comparison tasks — such as finding items in a database,
detecting duplicated or similar records in a large file being very
advantageous in case of internet client-server applications.

3. INFORMATION PROTECTION 3.2.2 Access control

3.1 Overview Once we've introduced the notion of version control, a

The need for security must be weighed against the ability
for authorized personnel to have quick access to information.
Some document management systems take an “all or nothing”
approach, while others may weigh down the organization with
cumbersome procedures to address even simple security setting
needs.
With comprehensive document management security, you
can control not only who can access the application, but also
who can access individual folders and documents. This
approach enables all documents to be filed in one place,
providing a complete, unified view of records for authorized
personnel.
Document management systems provide security based on a
number of factors, while allowing instant, anytime access from
any location.
A complete document management solution should provide
the following:
check-out/check-in system can be used to impose a little
structure on the process of updating documents.
Access control involves the check-in/out functions, being
closely related with the version control. Checking a document
out changes its status so that others can't check it out, while
checking it in creates a new version. So, document check
in/check out functionality ensures that only one user can update
a document at a time, maintaining document version control
automatically, enhancing information management and
providing authorized users with an audited revision history and
rollback ability.
A representative example is shown in the bellow figure:

- A mechanism for classifying documents when they are

entered in the system.
- A mechanism for defining access classes or groups, so
employees have uniform access to the documents they are
authorized to use.
- Ability to apply retention policies that electronically preserve
documents.
- Security mechanisms that define access at every level of the
document system. (Folder- and document-level access are a
minimum requirement.)
- An audit trail that records which users have accessed which
documents, and what modifications, if any, they have made.
This is a requirement for HIPAA legislation.
- The ability to view documents from multiple office locations.
- Workflow to route files electronically to the appropriate
person or group based on standard rules and procedures.
- An efficient method for quick access to documents without
the need for labor-intensive searches.
- Management for both scanned images and electronic
documents.
- Integration with other business software and systems such as Fig.1 Check-in/out functions
word-processing, accounting, and email. This allows users to
file and access documents from applications they are already
3.2.3 Security
comfortable using.

3.2 Functions of DMS The services offered by the systems of quality management
of documents must fulfill three aspects from the security point
In this paper I will focus on versioning, access control, of view:
security, workflow and document archiving aspects that are
1.Confidentiality. This aspect refers to all access restrictions to
information and re-sources. Controlling, promoting and
implementing security politics of the company will be reflected
in a direct modality on the management system of documents,
offering a prompt response to the question “who and when
accesses, what document and with whose approval?”
2.Integrity. Information has two characteristics: initiator and
content. The trust level granted to the initiator and non
alteration of the content represents the integrity of information.
Its violation can be prevented or detected by implementing
solutions of electronic signing, which authenticates the initiator
person as being or not a confidence source and ensures the
conformity of information with the initial one, preventing
changing information
3.Availability. The ability of accessing in-formation or a
resource is considered avail-ability. A management service of
documents can be blocked by persons who attack, by restricting
or denying availability at the level of security. If at the first
level of the management solution of documents, the system is
on dimensions regarding the number of users and entrances a
day, at the last level, the one of the interface with the user,
either is a portal or an executable program, the authentication
must be made with the most secured methods, using smart
cards and biometrical devices, as it is the main access in the
system.
A management system of documents, as any informational
system, needs classical security measures, such as firewall
protection, backup, antivirus protection, intrusion detection
systems, current sources, etc;
The multitude of functions that a management system of
documents brings induces specific needs of security, the most
important being the authentication and authorization. The
authentication represents the identification as an authorized
user in the system. The authorization defines the rights that this
user has in his system.
The authentication will be realized by the classical
combination username/ password or using biometrical systems,
smart cards. Not what we make the authentication with is the
most important aspect, but how it is made. In other words,
where are verified the authentication information received from
the user. Either the system has its own user basis, or will use
another authentication provider. The first mechanism is the
simplest that can be used, there will be defined the users on the
own basis of soft management of documents. But these
methods can be hardly used, when the user must use more and
more pairs of usernames and the password for all the systems
he uses. The alternative is using a mechanism of single sign –on
– an interface for the unique authentication at more systems, or
using a management system of documents which can be
integrated with mechanisms of management of already existing
identity in organization compatible LDAP, as might be
Microsoft Active Directory of IBM Directory Server.
Authorization. After a user is presented in the system, he
receives or not the right to access information. The
authorization will be realized using three important methods:
role based, rule based or content based. The role based
authorization implements a mechanism by which a user
possesses one or several roles in the system, as it might be
editor - each of these roles has diverse rights groups of access
to information. Using the rule based authorization, the level of
access of the user is determined after realizing a set of rules
introduced by the administrators- for example verifying some
conditions. The con-tent based authorization uses access lists,
discrete on every item of information or collection of
information than can be defined at their introduction in the
system. We can often find a combination of modalities of
access, as might be the combination of roles and content: for a
set of information will be given discrete rights to groups (roles)
and the users can belong to one or several groups.
It is obvious the fact that a management system of
documents brings advantages in an organization. The
implementation of such a system often leads to the functionality
and efficient archiving, but neglects the fact that at present new
risks may occur: the unauthorized access at information.
Further more, we need to secure the communication
between the DMS client application and DMS Server. DMS
Server uses internet protocols for communication with its
clients. In standard LAN installation, maybe the highest of
security is not needed, but using the standard HTTP protocol is
feasible. If the system is deployed so that the clients are
somewhere in the internet, the communication can be made
more secure by using HTTPS (SSL, Secure Sockets Layer) for
communication.
3.2.4 Workflow
The documents in an organization are not statistic. They are
created, modified, distributed on routes clearly defined. That is
why, management systems of documents contain workflows
which establish precisely where a document will be sent, if it
has reached its destination, when it was redirected and which is
its status at a certain moment.
Figure 2 illustrates the modality in which the processing of
fluxes of documents is made under the management of an
administrator of workflow.
Among flow applications we can mention:
• Information sent from / in the internal sys-tem for
information/ approval
• Activity Plans and Rapports
• Essays, Notes, Requests, Holiday Requests, Transport
Request, Acquisition request
• Generation and publication of politics to ensure quality,
human resources politics
• Transmission for approval of the documents required by the
procedures of the quality system, multiple approvals.
• Treating non – conformities
Figure 2. Processing workflows
3.2.5 Archiving
Documents must be archived in a long-term storage, where
an archived document and its metadata must be protected from
modification and deletion. The archived document can be
compressed (to save storage space) and if required encrypted.
The security classification of a document can not change
once it is archived but the access permissions to the document
can be changed. For example to be able to restrict access to
archived documents to a limited group of subjects. When an
archived document expires, the document and all copies of the
document is deleted from the archive. A document can only be
deleted by a subject with explicit permissions to do so.
4. CONCLUDING REMARKS
 The work reported in this paper has addressed the problem
of creating an information infrastructure and services for virtual
organizations.
As a result of what’s been said above , besides the basics of
a document management system, the presented application
implements the latest features, with more focus on the security
part, where it provides high quality and stable solutions solving
at the same time the problems of managing, finding, tracking
and securing documents in today's information-intensive
organizations.
Nevertheless, the application can extend its range of
functionality by adding optional features according to
company’s needs.

4.1 Future research

The document management application could provide a

future solution regarding its integration with the users operating
system, in order to speed up the workflow. This way, it could
offer a "virtual-local" drive that provides a single location from
and to which all files are accessed and stored. The virtual-local
drive bridges the gap between centralized data storage and local
compute resources, enabling users to work with all the
performance and reliability provided by their local computer
and hard drive, while a unique caching mechanism
transparently synchronizes with the central data vault. As a
result, the DMS application always delivers fast "local"
performance and reliability, even when the network or server is
slow or unavailable due to a crash, periods of high loads or
network traffic, or when traveling or working from home. As
soon as the connection is re-established, the application
automatically synchronizes with the server.