SharePoint Data Integrity Via Seals and Hash Chaining
This SharePoint solution vouches for your data's integrity.
August 24, 2012
Keeping data confidential in SharePoint is one thing. But proving its integrity—that it hasn't been tampered with--is another. "If you need to keep the confidentiality of data, you'll use encryption. But our customers are trying to prove the integrity of their data to someone else. Encryption doesn't solve that," said Surety's CEO Jim O'Connor. The answer, he said, is digital timestamping.
Surety recently announced AbsoluteProof for Microsoft SharePoint. It offers cryptographic time stamping that provides proof of data integrity and creates a tamper-proof seal of your electronic data that lets you know if documents were altered. Areas where data integrity is necessary include intellectual property protection, evidence protection, protection of medical records, and data in the cloud.
"The system is built on secure hash functions—mathematical operations that let you have a unique digital fingerprint," O'Connor said. "If you have a document and you change even a period, you'll get a completely different fingerprint. What a seal is, it's a fingerprint of content bound to a trusted time value in a verifiable way."
"Say I have content in SharePoint. When sealed internally, the fingerprint is calculated. The fingerprint goes to Surety--the content never goes to Surety. Surety then gets the trusted time value from NIST [the National Institutes of Standards and Technology], which traces up the UTC [Coordinated Universal Time]. It takes the hash and binds them together, then returns the seal. The seal is stored alongside the data as a piece of metadata. When you want to validate, the fingerprint you want to validate is rehashed. It compares the new hash to the old hash. If they match, a seal is sent back to Surety, and Surety validates it."
What separates Surety from its competitors, O'Connor said, is that it can provide long-term protection of content that lasts the life time of the record. Seals placed are independently verifiable—you don't need Surety to check that a document is sealed.
"When we create the seal, we use hash chain linking. Every seal that comes in, we keep a running check value. Every fingerprint we chain together, so we have an auditable chain of events in our server. Weekly, we publish one of these integrity check values in the New York Times. You can take Surety out of the equation, do the math, and validate a document against the published value. The security of the system is mathematically auditable, independently, against this value that's published. It's easy to use and you can prove the integrity of the data."
The company has modules for SharePoint, Exchange, OpenText, as well as works with partners in the area of electronic lab notebooks (ELNs), such as Agilent OpenLAB ELN and KineMatik ELN. The company also has SDKS for custom app creation.
The SharePoint solution can be installed at the site level, and sealing can be done at the site level or library level. You can look at document properties and see when the document was sealed, and you can specify controls to keep people from changing a document. You can also use SharePoint's Records Center with sealing. When something's dropped in, it can be automatically sealed, or you can enable manual sealing. It works with SharePoint versioning, so you can have a seal associated with each version, providing a trusted history of a document. Sealing is done in the background and has no effect on user experience, O'Connor says.
The solution works with SharePoint 2010 and SharePoint 2007. Pricing is transactional—a transaction is counted as a seal. Users sign up for the service, which is offered in tiers. To learn more about the sealing process and the hash chain process, see Surety's web page explaining it. To learn more about AbsoluteProof, visit the Surety website.
About the Author
You May Also Like