Jean-Yves Vion-Dury
Balisage : The Markup Conference, Montréal, Canada, August 2-5, 2011.
Externalizing document management is a problem when individual or corporate privacy is to be ensured.
Provided that the decryption key is not known from service side, pure storage/archiving of encrypted documents
is highly secure, but of poor interest as no operation can be performed on hosted data. Thus, current document
management systems offer restricted privacy mechanisms, roughly based on secured communication channels
and sometimes encrypted storage. However, many value-added processing operations require decrypting the
document, and no formal guaranty is granted regarding the safety of system behaviors. As an example of known
issue, there is the problem of data remanence (persisting information on disk after file system deletion), bugs or
viruses acting on various level of the software architecture. This paper describes a method to allow restricted
(but yet meaningful) ways of processing encrypted XML documents without needing decryption phase. The
encryption process we propose allows isomorphic encryption of data (XML document owned by customers) and
operator transformations (verification and transformation operated by the Service Provider) in such a way that
full secrecy is insured simply because the decoding key is not known by the Service Provider. Once transformed, operators can handle encrypted documents with equivalent results up to the decryption operation.
Report number: