IMiS/ARChive Server

IMiS/ARChive Server enables the archiving of unlimited quantities of binary objects (scanned documents, files, emails). It is used as an individual digital archive for storing objects from various applications. The security of archived objects is provided by state-of-the-art algorithms for encryption. Additional security mechanisms are an audit trail for determining the activities on archived objects and the setting up of a secondary location for ensuring high availability of the archive system.

SECURITY OF ELECTRONICALLY ARCHIVED CONTENT
It provides all modern technological security methods in order to avoid unauthorised accesses to the content. When the content is archived, a unique, encrypted identifier (ID) is created for the content. Traffic between the client and server is encrypted using the advanced AES-256 algorithms and appropriate mechanisms (TLS).

CLASSES, FOLDERS AND DOCUMENTS IN THE CLASSIFICATION SCHEME
The IMiS/ARChive Server enables the hierarchy of entities (classes, folders and documents) in the classification scheme. The amount of class and folder levels is practically unlimited and can vary in the individual parts of the archive.
Each class, folder and document in the archive has its own classification code, which is unique for the whole archive. The code is assigned upon creation and cannot be altered, unless the entity has been moved within the classification scheme (re-classification). According to the settings, the fully qualified classification code is automatically assigned by the server or the user can manually enter a part of the code.

SECURITY CLASSES AND ACCESS RIGHTS
A user with appropriate rights can assign a list of rights (Access Control Lists – ACL) to an user or user group, to access the content or metadata. When necessary, he can also determine roles, which are a group of rights for performing individual operations (AuditLogQuery, Transfer, Reports, etc.).
The Access Control List includes explicit permissions or prohibitions, which can also be time-limited. Together with inherited rights they determine effective rights.
The effective rights enable the user to create, edit and delete content, change ACL, move content in the classification scheme and manage security classes and status. The rights to access metadata enable the user to additionally manage the approvals and restrictions for reading, writing, creating and deleting of non-public metadata.
To be able to see the content, the user security class level has to be at least the same as the security class of the content (which has been explicitly defined or inherited).
If that is not the case, the user cannot work with the content in any case and checking the rights for accessing the classes, folders and documents cannot be performed.

ENSURING AUTHENTICITY USING MERKLE TREES
Authenticity of the content, subject to long-term archiving is secured using the standardised concept of the evidence record syntax (ERS in XML form according to RFC 6283) and recommendations of the LTANS (Long-Term Archive and Notary Services) for checking integrity.
The key processes for ensuring long-term authenticity of content are the processes of generating and renewing proofs (hash, electronic signature with digital certificate, timestamp).
The archival information package (AIP) is created by the IMiS/ARChive Server for all folders and documents, which are subject to authenticity procedure. The AIP is a summary of the metadata and content of the entity in XML form. Every AIP, archival server processes and calculates the hash. From calculated hashes of individual AIPs, a hash tree (Merkle tree) is created and a root hash is created and timestamped. The Merkle tree can be used to timestamp a package with a large number of content and therefore considerably rationalizes the proof generation process.
The proofs are automatically renewed before the digital certificate of the created timestamp expires or the deterioration of the degree of security of a hashing algorithm is foreseen.
When validity of certificate is limited, the Merkle tree is created. Through the hashing process, AIP hashes and timestamps that are about to expire are added. By timestamping the root hash of the Merkle tree, proof of existence of the AIP is created and validity of timestamps that are about to expire is renewed.
When security of the algorithm is limited, new hashes are calculated for each AIP and their proofs, for which the algorithm used was unreliable. Merged hashes are then added to the Merkle tree. The root hash is created from the hash tree and is timestamped. This process ensures reliability of the AIP and all the proofs associated.

SEARCH
The user can search the entities in the digital archive by metadata and the content by full text (Full text Index, FTS). The search can apply only to the selected classes or folders and its content (recursive).
One or more search queries that are separated with logical operators are used to conduct search by metadata. The search tool allows searching by initial string or an arbitrary substring of the searched value and is case insensitive. The user can also search by the title of content files. The full text search is performed by the content in text format. Search results show content descriptions as well. The user only sees content that meet the search criteria, security class of the content, user security class level and access rights (ACL). All other content remain hidden even if they meet search criteria.

IMMUTABLE AUDIT TRAIL
The audit trail is a chronological record of accesses, events and changes made in the IMiS/ARChive Server. The audit trail is completely immutable throughout its entire life cycle and it is protected against both authorized and unauthorized interventions.
Only users with appropriate access rights can access the audit trail and it is clearly presented. The user with appropriate access rights can perform audit trail queries according to: event dates, IP-addresses, user names, computer names and list of encoded unique entity identifiers. The audit trail can be exported or it can be transferred to a different archival system together with the content.

ARCHIVING EMAILS
Drag and Drop is used for archiving emails. The user selects emails from the email client and transfers them to the appropriate location in the classification scheme in the form of an EML file. A new document in the original form with all metadata and attachments is created.

IMPORT, EXPORT AND TRANSFER OF CONTENT
The archive server enables import, export and transfer of content in the form of a XML file.
The user with appropriate rights can export the entire classification scheme or only a certain part.
Together with the content, metadata are exported. The audit trail and additional metadata can be optionally exported as well.
Mass capture (import) is most commonly used for adding large quantities of content to the digital archive. It is used when the content is scanned externally or in case of migration of the content from other archive systems. Using appropriate tools, the administrator classifies the content and metadata under the root class of the classification scheme or under the selected class or folder.
Transferring content includes: exporting content, importing of exported content to a different archive server, importing approval, saving report and deleting transferred content.

REPORTS AND PRINTING
The import, export or transfer reports include information about their execution and potential errors. Reports of search results by audit trail and deleted content as well as the various statistics are also available. Only users with appropriate user rights can view the reports.
Content can be printed using the default application. The classification scheme for the whole archive or only for the included classes or folders can be printed as well. Additionally, printing of metadata, security settings and content features is available for the selected class, folder or document.

INTEGRATION WITH APPLICATIONS
Integration of applications with the IMiS/ARChive Server is enabled through the IMiS/StorageConnector API.
When the IMIS/ARChive Server Version 9 is used, DMS, ERP, CRM, BPM or other application can perform the following operations: opening the archive, retrieval of public data about the content, creating, opening, moving and deleting content, reading and changing content, archiving content, delivering information for the audit trail, searching the archive etc.
According to the integration areas required, the .NET and Java applications developers add methods to the appropriate locations in the application.