Embedding secure digital signatures into CAD files
CADsign from Document Flow
Anyone involved in the production and management of issue controlled drawings will be able to associate with the top five problems identified through research conducted by CAD document management specialists Document Flow, namely: a long approval process time, confusion as to whether the digital or hard copy is the master, compromised quality system, archiving of hard copies and expensive downstream process such as microfilm or scanning.
The core problem is that anyone can add CAD text initials or ‘dumb’ bitmap signatures to approval boxes with the additional complication that a drawing can be modified while still appearing to be approved.
To address these needs for AutoCAD users, CADsign has been developed to embed secure digital signatures directly into drawing files.
A one off enrolment process is conducted to register users and appropriate approval rights into the system.
Although this software can be located on any CAD station, it is often in a secure location such as with corporate servers.
Authentication can be by password or preferably by biometric recognition of finger or thumb scans.
These are associated with signatures digitised on a tablet that is only needed at the time of enrolment.
These signatures subsequently appear on the drawing sheets as secure non-editable ARX objects, exactly replicating the appearance of a physically signed hard copy.
Authenticator software is installed on AutoCAD workstations of users authorised to approve and sign-off design drawings.
The password or a finger or thumb scanning mouse or keyboard is then used to validate a user, allowing them to digitally embed their signature within the AutoCAD 2000 and above drawing.
By typing in a user name a finger print simply needs to be validated rather than searched through the full user database making the process very rapid.
Any drawing user with the verifier software can subsequently validate these files.
Since the ability to distribute drawings electronically is an important benefit of CADsign, the verifier is available as a free reader that can be supplied to any drawing recipients.
This process offers every drawing user the assurance that they are working with the approved drawing since any changes to drawing entities automatically removes the approved by signatures from the drawing sheet.
Significantly support also extends to checking Xrefs for modifications and all signing or ‘un-signing’ events are logged in the signature history, creating a full audit trail with approvers able to add comments if required.
Originators signatures can be locked so that they remain on the drawing.
An alternative approach offered by Document Flow is the Secure Collaboration Tool that runs inside AutoCAD.
This allows specific areas of a drawing to be secured by password.
Other users can work from this data and add additional entities but without the SCT software and associated password and public key cannot edit the protected data.
For situations where non-AutoCAD data also needs to be secured, Filesign is available.
This enables a package of files to be created in much the same way as a Zip file, that can then be secured by password or biometrics like CADsign.
Similarly any tampering with the contents of the package instantly removes all signatures.
A version is also being developed specifically for Word.
Once a secure signature has been inserted a banner is placed across it instructing recipients to run the Wordsign verifier to ensure that no changes have occurred.
Document Flow offer a range of finger print scanning devices.
The Biolink mouse is a is a standard two-button computer mouse with a small fingerprint scanning device embedded while the Siemens ID Mouse combines an ergonomic scroll wheel with their capacitive as opposed to optical FingerTIP Sensor.
For users who do not want to change their input device, the Cherry keyboard offers an integrated fingerprint sensor and smartcard reader.
This allows users biometric data to be stored locally on the smartcard rather than in a database.
Most importantly, the fingerprint is never captured.
Instead, the BioLink technology creates a 500 byte mathematical algorithm of reference points that cannot be replicated into a user fingerprint.
In my limited trial period this worked rapidly and reliably.
The Document Flow Securesuite products address issues familiar to most users of electronic documents.
Full integration of CADsign within AutoCAD addresses the shortcomings of most current work rounds involving combinations of electronic and hard copy versions.
The extension of the range to Filesign and Wordsign provides a possible solution for users of other CAD systems and the prospect of package specific solutions in future.
The Enrolment package costs £840 including the Wacom digitiser for initial signature capture and can be used as the basis for all of the secure products.
The CADsign authenticator costs £195 with bulk discounts available and the verifier being free.
For biometric security the mouse costs £95 and the keyboard £155 with an additional digitiser at £70.
All in this represents a modest cost compared to the time that can be spent plotting, resigning, collating and posting traditional hard copies.
A fully functional non-biometric password version of CADsign is available from www.documentflow.co.uk complete with three example signatures.