IMiS/ARChive Server enables the archiving of unlimited quantities of binary objects (scanned documents, files, emails). It is used spil an individual digital archive for storing objects from various applications. The security of archived objects is provided by state-of-the-art algorithms for encryption. Extra security mechanisms are an audit trail for determining the activities on archived objects and the setting up of a secondary location for ensuring high availability of the archive system.
It provides all modern technological security methods te order to avoid unauthorised accesses to the content. When the content is archived, a unique, encrypted identifier (ID) is created for the content. Traffic inbetween the client and server is encrypted using the advanced AES-256 algorithms and adequate mechanisms (TLS).
The IMiS/ARChive Server enables the hierarchy of entities (classes, folders and documents) ter the classification scheme. The amount of class and folder levels is practically unlimited and can vary ter the individual parts of the archive.
Each class, folder and document te the archive has its own classification code, which is unique for the entire archive. The code is assigned upon creation and cannot be altered, unless the entity has bot moved within the classification scheme (re-classification). According to the settings, the fully qualified classification code is automatically assigned by the server or the user can by hand come in a part of the code.
A user with suitable rights can assign a list of rights (Access Control Lists – ACL) to an user or user group, to access the content or metadata. When necessary, he can also determine roles, which are a group of rights for performing individual operations (AuditLogQuery, Transfer, Reports, etc.).
The Access Control List includes explicit permissions or prohibitions, which can also be time-limited. Together with inherited rights they determine effective rights.
The effective rights enable the user to create, edit and delete content, switch ACL, stir content te the classification scheme and manage security classes and status. The rights to access metadata enable the user to additionally manage the approvals and confinements for reading, writing, creating and deleting of non-public metadata.
To be able to see the content, the user security class level has to be at least the same spil the security class of the content (which has bot explicitly defined or inherited).
If that is not the case, the user cannot work with the content te any case and checking the rights for accessing the classes, folders and documents cannot be performed.
Authenticity of the content, subject to long-term archiving is secured using the standardised concept of the evidence record syntax (ERS te XML form according to RFC 6283) and recommendations of the LTANS (Long-Term Archive and Notary Services) for checking integrity.
The key processes for ensuring long-term authenticity of content are the processes of generating and renewing proofs (hash, electronic signature with digital certificate, timestamp).
The archival information package (AIP) is created by the IMiS/ARChive Server for all folders and documents, which are subject to authenticity proces. The AIP is a summary of the metadata and content of the entity ter XML form. Every AIP, archival server processes and calculates the hash. From calculated hashes of individual AIPs, a hash tree (Merkle tree) is created and a root hash is created and timestamped. The Merkle tree can be used to timestamp a package with a large number of content and therefore considerably rationalizes the proof generation process.
The proofs are automatically renewed before the digital certificate of the created timestamp expires or the deterioration of the degree of security of a hashing algorithm is foreseen.
When validity of certificate is limited, the Merkle tree is created. Through the hashing process, AIP hashes and timestamps that are about to expire are added. By timestamping the root hash of the Merkle tree, proof of existence of the AIP is created and validity of timestamps that are about to expire is renewed.
When security of the algorithm is limited, fresh hashes are calculated for each AIP and their proofs, for which the algorithm used wasgoed unreliable. Merged hashes are then added to the Merkle tree. The root hash is created from the hash tree and is timestamped. This process ensures reliability of the AIP and all the proofs associated.
The user can search the entities te the digital archive by metadata and the content by utter text (Utter text Index, FTS). The search can apply only to the selected classes or folders and its content (recursive).
One or more search queries that are separated with logical operators are used to conduct search by metadata. The search implement permits searching by initial string or an arbitrary substring of the searched value and is case insensitive. The user can also search by the title of content files. The utter text search is performed by the content te text format. Search results demonstrate content descriptions spil well. The user only sees content that meet the search criteria, security class of the content, user security class level and access rights (ACL). All other content remain hidden even if they meet search criteria.
The audit trail is a chronological record of accesses, events and switches made ter the IMiS/ARChive Server. The audit trail is downright immutable via its entire life cycle and it is protected against both authorized and unauthorized interventions.
Only users with suitable access rights can access the audit trail and it is clearly introduced. The user with adequate access rights can perform audit trail queries according to: event dates, IP-addresses, user names, pc names and list of encoded unique entity identifiers. The audit trail can be exported or it can be transferred to a different archival system together with the content.
Haul and Druppel is used for archiving emails. The user selects emails from the email client and transfers them to the suitable location ter the classification scheme ter the form of an EML opstopping. A fresh document ter the llamativo form with all metadata and attachments is created.
The archive server enables invoer, uitvoer and transfer of content te the form of a XML opstopping.
The user with adequate rights can uitvoer the entire classification scheme or only a certain part.
Together with the content, metadata are exported. The audit trail and extra metadata can be optionally exported spil well.
Mass capture (invoer) is most commonly used for adding large quantities of content to the digital archive. It is used when the content is scanned externally or ter case of migration of the content from other archive systems. Using adequate contraptions, the administrator classifies the content and metadata under the root class of the classification scheme or under the selected class or folder.
Transferring content includes: exporting content, importing of exported content to a different archive server, importing approval, saving report and deleting transferred content.
The invoer, uitvoer or transfer reports include information about their execution and potential errors. Reports of search results by audit trail and deleted content spil well spil the various statistics are also available. Only users with adequate user rights can view the reports.
Content can be printed using the default application. The classification scheme for the entire archive or only for the included classes or folders can be printed spil well. Additionally, printing of metadata, security settings and content features is available for the selected class, folder or document.
Integration of applications with the IMiS/ARChive Server is enabled through the IMiS/StorageConnector API.
When the IMIS/ARChive Server Version 9 is used, DMS, ERP, CRM, BPM or other application can perform the following operations: opening the archive, retrieval of public gegevens about the content, creating, opening, moving and deleting content, reading and switching content, archiving content, delivering information for the audit trail, searching the archive etc.
According to the integration areas required, the .Nipt and Java applications developers add methods to the adequate locations te the application.