Smart paper

Abstract

The computerisation of civil service processes is a very complex and multifactorial project that not only needs actions concerning technology and adaptation of IT infrastructure, but also a change in the way these processes are being run. To achieve this there is a need for a change in the administrative proceedings, and in creating and storage of electronic documents in particular. Goal of this document is to propose a model in which computerisation of public service administrative proceedings will be supported by solutions that enable citizens to use paper and electronic documents interchangeably.

Introduction

A paper document is present in public administration from its beginning, and always the administrative proceedings were based upon it. This analysis and proposals are influencing the following facts:


• The computerisation of single public entities endeavours to the complete elimination of paper documents while administrative procedures between different public entities are still based upon them.
•Very often the need of sharing a paper document is the need of the citizens, who know how to store paper documents, and for whom electronic documents is a source of uncertainty.[1]
• Setting a goal to complete elimination of paper in administrative proceedings causes, that for many entities it is impossible due to law regulations and technical problems. It prevents the public entities from using a ‘small steps’ approach, where for some time the paper procedures will coexist with the electronic procedures.
• Occurrence of an administrative process with a paper document in its chain of settling an issue by a citizen causes that other processes using this document also become paper-based or they require personal appearance. In such processes citizens often use the paper-based procedures because processing the issue partly by electronic means complicates the process instead of simplifying it[2].
• An electronic document signed with an electronic signature verified with a qualified certificate is valid only if there is evidence that confirms validity of the signature in the time it has been made. It lays additional obligations on a person for which having evidence in an electronic form is a source of uncertainty.

It’s essential to provide a solution, that will aid the development of electronic public administration and it will allow filling a gap, between a complete computerisation of public administration processes and the occurrence of paper documents. The needed solution has to provide citizens and businesses process security in respect of recognition of submitted documents, their case validity and the possibility of long-term processing as evidence.

Solution

The basis for this solution is to place electronic documents in repositories and securing them with an electronic seal. An electronic seal does not require a cryptographic form and it should be realized by giving unique identifiers to the uploaded documents and by assurance, that for every identifier holder the uploaded documents are available on-line. Repository mechanisms are sharing documents in a virtualised form with the information about verification and an identifier in a way, that enables its printout. A holder of a printed document is able to receive its electronic form and to confirm the authenticity and integrity based on an identifier of the printed document.
For the purposes of this study all documents realizing its postulates will be called “smart paper” (sPaper).
A required regulation change is to oblige every public office to share documents in the form of sPaper as a form equivalent to the paper form and an indication, that transfer of any identifier form (paper or electronic) ensures fulfilment of requirements for electronic document transfer.
sPaper proposition


1. Only documents which visualization is unequivocal[3] documents can be placed in sPaper form, ensuring that no part of the print was missed.
2. To convert an electronic document to an sPaper form you have to place it on an on-line repository.
3. The repository has to ensure long-term storage of sPaper and documents upon which the sPaper document was created. In particular, sPaper has to be stored and available during its validity time, plus the time in which the document can be used as a evidence in a court case. After this period you should assume archiving the document in an national archive.
4. sPaper enables access to the source document from which it has been created and to metadata of this document, in particular to the information when the sPaper was created, its source (organisation), electronic signatures and their validation data, if such information is generated.
5. Every sPaper has an unique identifier, that allows direct access to the repository. SPaper visualises the identifier in a way, that allows an easy input into a IT system.
6. The identifier holder is able to acquire sPaper from the repository only on its basis without the need of giving any other identifiers[4].
7. The solution should prevent guessing the identifiers available in the repository, therefore the confidentiality of uploaded documents must be provided[5].
8. Authenticity of the identifier should be verified outside the repository – e.g. based upon publicly available algorithms and keys[6].
9. The repository shares paper in a virtualised form or in a format specified in national regulations.
10. Electronic signatures of the document placed on sPaper are verified, and a visualisation of this verification is also placed on the sPaper.
11. If sPaper has to be transferred only in IT systems, one can use only its identifier – this action should be equivalent to transferring an electronic document.
12. If a document available on sPaper is handed to an official to verify it, the official shouldn’t require its paper form[7].
13. The integrity of a document placed on sPaper can be secured with a system signature (electronic seal) verified with a certificate assigned to the repository.
14. The integrity of a printed document placed on sPaper is verified by comparing the print with its source form shared in the repository.
15. The repository assures integrity and authenticity of documents placed on sPaper and they are an evidence of electronic signatures validity[8].
16. The repository uses an information security systems management, it protects event logs and the stored documents for availability, integrity and confidentiality.

Other implementations

sPaper mechanism can be implemented in different ways and do not require a single (centralised) system. sPaper can be realized by the same public offices that issue documents or by public institutions offering services to other public entities. Furthermore, sPaper can be used as a commercial service in combination with notarisation services for electronic signatures. The necessary condition is to fulfil repository security requirements in all aspects of assuring availability, integrity and confidentiality of the stored documents and sPaper.
I. A public entity has its own sPaper repository and it shares the sPaper to service recipients.
II. A public entity transfers its documents to an external sPaper repository and the recipients receive an identifier.
III. A private entity uploads a document to the repository [9]and it receives an sPaper identifier.

Michał Tabor

Follow author of this article on Twitter: http://twitter.com/Michal_TaborOpis: http://blog.qr4.nl/temp/QR_CODE_TWITTER_634902184432631442.png

This study provides a summary of the Electronic Paper concept developed by Trusted Information Consulting Sp. z o.o.








[1] Often, citizens print the confirmation of receipt from public administration computer systems, even if it’s available online at all times.

[2] If in the realization of an administrative process there is a need for personal appearance it is often easier to use a paper document than to deliver an electronic document.

[3] E-paper has to enable printing documents for their later verification.

[4] A situation in which an additional authentication is needed is unacceptable due to a fact that in this case not everyone will be able to verify the e-paper document.

[5] Privacy of stored documents should be provided. Unique identifiers that cannot be guessed by an unauthorized person provide that only the person that has the identifier can access the source document stored in the repository.

[6] The goal of this solution is that an identifier can be validated even if there’s no document linked to it in the repository. Identifiers which verification is possible outside the repository is a non-repudiation mechanism.

[7]It should be allowed to display e-paper or the e-paper identifier alone in a way that it can be uploaded to the system to verify its authenticity.

[8] In particular, the repository should provide technical and organizational mechanisms that provide the necessary security to the processed documents. There should be cryptographic mechanism provided.

[9] It can be a paid service.