Recent Updates Toggle Comment Threads | Keyboard Shortcuts

  • Igor Zboran 2:13 pm on March 26, 2013 Permalink | Reply
    Tags: cloud computing, data security, information privacy   

    Cloud Computing, Data Security and Information Privacy. 

    Do you remember software protection dongles or hardlocks? I do, in late 80’s and 90’s they helped to protect software vendors’ intellectual property from malicious customers. Later with widespread internet access, online license managers pushed out dongles. The situation is significantly changing in today’s Cloud Computing era. Vendors are happy with no dongles, no complicated license managers. There are new buzz words such as subscription or multitenant. But what about customers, are they happy and satisfied as well?

    Cloud computing represents one of the most significant shifts in information technology. Customers are both excited and nervous at the prospect of cloud computing. They are excited by the opportunities to reduce capital cost, divest infrastructure management and focus on core competencies. However customers also are very concerned about security and privacy risks of cloud computing.

    Cloud computing vendors claim that storing your data in the cloud is more secure than leaving it on your devices. It’s true in most cases. Your data are transmitted into cloud through secure channel, stored and archived on encrypted disk in guarded data centers. So, security is not the issue, unless you have a crappy cloud computing provider.

    Let’s take a close look at information privacy. When enterprises and individuals move their data to the Cloud, protection of their confidential information (e.g. financial data, company secrets, intellectual properties) and sensitive information (e.g. personal identifiable information, sensitive personal information) is critical. Inappropriate information disclosure could cost a data owner’s reputation, financial standing, and regulatory and legal compliances. Be aware of it, especially businesses could never turn a blind eye to it.

    Conclusion: Cloud computing and data security meet very well, but information privacy in cloud computing is a real issue.

  • Igor Zboran 11:01 am on February 20, 2012 Permalink | Reply
    Tags: BPM, Digital Signatures, Document Management, e-Business, e-Forms, e-Government, ECM, Workflow Automation   

    Getting Back to ECM. 

    One year has gone and many things have changed. Over the last few months I’ve restarted one of my previous ECM projects.

    Four years ago, I had the good fortune to participate in an e-Government project ePrague. My idea was to provide similar services to citizens as does e-Government in Australia with SmartForms solution based on Adobe LiveCycle technology. Our proposed solution was based on Sun Java System Portal Server, Adobe XFA Forms, Adobe LiveCycle ES and Documentum. Qualified digital signatures were chosen for signing electronic documents. But we ran in some problems – technical, legal, financial and finally I left development team to take some breathing space.

    Now I am here with new, fresh, open source ECM stack. I got rid of proprietary, expensive, and rather outdated ECM platforms and I make these replacements:

    1. Sun Java System Portal Server –> Liferay
    2. Adobe XFA Forms –> XHTML Forms
    3. Adobe LiveCycle ES –> WSO2 Suite
    4. Documentum –> Alfresco
    5. Qualified Digital Signatures –> BrowserID

    There is one novel idea of using Mozilla’s BrowserID web authentication system for electronic document signing. This concept still needs to do some research and development. If this idea does prove to be viable, the whole proposed ECM stack would be pure web-based solution that does not require installing any application or plugin on client side. Proposed architecture can fulfill actual m-Government and m-Business requirements.

    Take a look at my presentation “Web-based e-Forms Workflow Automation and Digital Signatures” with live example of digital signature at

  • Igor Zboran 12:31 pm on March 18, 2011 Permalink | Reply
    Tags: IBE, PKI   

    Cross-Platform Cryptography. 

    I first came across the PKI technology in March 2008 when I was working on a large Document Management project. We needed to create and manage digital certificates for thousands of users in municipal organizations. The budget requirements have risen so much that finally the project was stopped, revisited and finished without digital certificates. It was very difficult to build and manage PKI in one organization and practically impossible to build a multi-CA trust model PKI across many organizations.

    The last couple of years I have been thinking about how to make things better. One promising technology is Identity-based cryptography. I have left behind Document Management Systems and have been focusing on an email communication. Since 2009 I have designed and constructed a few prototypes of email encryption systems built on top of BF [1], DMCPK [2] and BLMQ [3] schemes.

    But in the new mobile era there is arising another problem – multiplatform. There are many variations of email clients running on many operating systems and it is not trivial to integrate Identity-Based Encryption in all these applications. If we embrace the idea of non-mandatory email encryption (not every email must be really secured) we can accept encryption in an external application.  After testing a few cross-platform application frameworks, I have realized that the whole user’s data encryption process must be done in a Web Application hosted in a browser.  The drawback of this approach is the lack of automation – the users are engaged in copying data between browser and email client. It may not be the best solution for every situation, but it certainly is universal.


    1. Boneh, Franklin encryption scheme
    2. Double-Matrix Combined Public Key scheme
    3. Barreto, Libert, McCullagh, Quisquater signcryption
Compose new post
Next post/Next comment
Previous post/Previous comment
Show/Hide comments
Go to top
Go to login
Show/Hide help
shift + esc