Criteria for choosing an electronic document management system. Development of the ESM concept

openness

All EDMS are built on a modular basis, and their APIs are open. This allows you to add new features to the EDMS or improve existing ones. Currently, the development of applications integrated with the EDMS has become a separate business in the software manufacturing industry, and many third-party companies are ready to offer their services in this market segment. The ability to relatively easily add to the EDMS many modules from third parties greatly expands their functionality. For example, modules for document input from a scanner, communication with e-mail, fax forwarding programs, etc. have been developed for the EDMS.

High degree of integration with application software

A key feature of EDMS is a high degree of integration with various software applications through the use of OLE Automation, DDE, ActiveX, ODMA, MAPI, etc. technologies. And directly when working with documents, there is no need to use EDMS utilities at all. Users deal only with ordinary application programs: at the time of installation of the client part of the EDMS, application programs are supplemented with new functions and menu items. For example, a user of the MS Word word processor, opening a file, immediately sees libraries and folders with EDMS documents (from where he selects the document he needs). When you save a document, it is automatically placed in the EDMS database. The same applies to other office and specialized programs.

It should also be noted that in most common EDMS, integration with the most famous ERP systems is implemented (in particular, with SAP R / 3, Oracle Applications, etc.).

It is the ability to integrate with various applications that is one of the characteristic properties of the EDMS. Thanks to him, EDMS can act as a link between various corporate applications, thus creating the basis for organizing office work in an enterprise.

Some industry analysts even believe that the EDMS may well become the basis of the corporate information system of an enterprise or organization (there are other opinions).

Features of document storage

EDMS work mainly on the basis of distributed architectures and use various combinations of technologies for collecting, indexing, storing, searching and viewing electronic documents. Most EDMS implement a hierarchical document storage system (according to the “cabinet/shelf/folder” principle). Each document is placed in a folder, which, in turn, is located on a shelf, etc. The number of nesting levels when storing documents is not limited. The same document can be included in several folders and shelves through the use of a link mechanism (in this case, the original document remains unchanged and is stored at the location specified by the EDMS administrator). A number of EDMS implement even more powerful storage capabilities by organizing links between documents (these links can be set and edited graphically).

Any document in the EDMS has a certain set of attributes (for example, its name, the author of the document, the time of its creation, etc.). The set of attributes can change from one type of document to another (it remains unchanged within one type of document). In EDMS, document attributes are stored in a relational database. For each type of document, a card template is created using visual tools, where the names of document attributes are presented in an understandable graphical form. When a document is entered into the EDMS, the required template is taken and the card is filled in (attribute values are entered). Once completed, the card is linked to the document itself.

In most cases, the server part of the EDMS consists of the following logical components (which can be located on one or several servers):

Stores of attributes of documents (cards);
Document storage;
Full text indexing services.

A document store is usually understood as a store of document content. The attribute store and the document store are often grouped together under the common name "document archive". To store attributes in most EDMS, Oracle, Sybase, MS SQL Server and Informix DBMS are used, which provide search for documents by attributes.

To store the actual content of documents in most EDMS, file servers MS Windows NT, Novell NetWare, UNIX, etc. are used. In this case, heterogeneous combinations of network environments can also be implemented. For example, a database with document attributes might be running UNIX on a TCP/IP network, while the documents themselves might be stored on Novell NetWare OS on an IPX/SPX network. It should be noted that the great advantages of EDMS are the storage of documents in their original format and the automatic recognition of many file formats.

Recently, storing documents together with attributes in a database has become increasingly popular. This approach has its advantages and disadvantages.

The advantage is a significant increase in the security of access to documents, and the main disadvantage is the low efficiency of working with documents with a large amount of stored information.

This approach also requires the use of powerful servers with large amounts of RAM and hard drives. In addition, in the event of a database failure, it will be very difficult to restore the documents stored in it. It is also necessary to be strictly attached to a specific DBMS.

Features of document routing

The EDMS modules responsible for the document flow are commonly called document routing modules. In the general case, the concepts of “free” and “hard” document routing are used.

At ”free” routing, any user participating in the workflow can, at his own discretion, change the existing route for passing documents (or set a new route). With “hard” routing, the routes for passing documents are strictly regulated, and users do not have the right to change them.

However, when ”hard” routing operations can be processed when the route changes when some predefined conditions are met (for example, sending a document to management when a specific user exceeds his official authority). In most EDMS, the routing module is included in the package, in some EDMS it must be purchased separately. Fully functional routing modules are developed and supplied by third parties.

Access control

The EDMS implements reliable means of delimitation of powers and control over access to documents. In most cases, with their help, the following types of access are defined (the set of assigned permissions depends on the specific EDMS):

Full control over the document;
The right to edit but not destroy the document;
The right to create new versions of the document, but not edit it;
The right to annotate the document, but not edit it or create new versions;
The right to read the document, but not edit it;
The right to access the card, but not the content of the document;
The complete absence of access rights to the document (while working with the EDMS, each user action is logged, and, thus, the entire history of his work with documents can be easily controlled).

Version and subversion tracking of documents

After a certain time, having read the comments and corrections, the first executor of the document decides to modify the original version and, on its basis, creates a subversion of the first version of the document. The advantage of EDMS is the ability to automatically track versions and sub-versions of documents (users can always determine which version / sub-version of a document is the most relevant in the order or time of their creation).

Utilities for viewing documents of different formats

Most EDMS include utilities for viewing documents (the so-called viewers? viewers), which understand many dozens of file formats. With their help, it is very convenient to work, in particular, with graphic files (for example, with drawing files in CAD systems). In addition to the basic set of viewing utilities (included in each EDMS), additional utilities can be purchased from third parties that integrate well with the EDMS.

Document annotation

In most EDMS, annotation is implemented by including an attribute for annotation in the document card and transferring rights to edit such a card field to users. But such a solution is not always acceptable (especially when annotating a graphic document).

In this regard, in some EDMS there is a so-called “red pencil” function, with which you can graphically indicate the flaws in the image itself. Software tools that implement the "red pencil" function are widely offered by third parties.

Support for various client programs

Most EDMS clients can be PCs running MS Windows, Windows NT. Some EDMS also use UNIX and Macintosh platforms.

In addition, all modern EDMS allow you to work with documents through standard Web-navigators. Since Web browsers can be hosted on a variety of client platforms, this makes it easier to solve the problem of supporting ERMS in heterogeneous network environments.

When using Internet technologies, the EDMS has another server component responsible for accessing documents through Web navigators.

- 80.61 Kb

Many government bodies are technically and organizationally ready to implement such systems or already have systems in which the integration of EDS tools can be implemented in the near future.

1.4 Basic concepts of electronic document management systems

Purpose of EDMS

Electronic document management includes: the creation of documents, their processing, transmission, storage, output of information circulating in an organization or enterprise, based on the use of computer networks.

Under the management of electronic document management, in the general case, it is customary to understand the organization of the movement of documents between departments of an enterprise or organization, groups of users or individual users. At the same time, the movement of documents does not mean their physical movement, but the transfer of rights to their use with the notification of specific users and control over their execution.

IDC defines the concept of EDMS as follows (meaning EDMS - Electronic Document Management Systems): “EDMS provide the process of creating, managing access and distributing large volumes of documents in computer networks, and also provide control over the flow of documents in an organization. Often these documents are stored in special repositories or in the file system hierarchy. File types commonly supported by ERMS include: text documents, images, spreadsheets, audio data, video data, and Web documents. Common EDMS capabilities include: document creation, access control, data conversion, and data security.”

The main purpose of the EDMS is to organize the storage of electronic documents, as well as work with them (in particular, their search both by attributes and by content). The EDMS should automatically track changes in documents, the deadlines for the execution of documents, the movement of documents, and also control all their versions and sub-versions. A comprehensive EDMS should cover the entire cycle of office work of an enterprise or organization - from setting a task to create a document to writing it off to the archive, provide centralized storage of documents in any format, including complex composite documents. EDMS should combine disparate flows of documents from geographically remote enterprises into a single system. They must provide flexible document management, both through the rigid definition of traffic routes, and through the free routing of documents. The EDMS must implement a strict delimitation of user access to various documents depending on their competence, position and the powers assigned to them. In addition, the EDMS must be tuned to the existing organizational structure and office work system of the enterprise, as well as integrated with existing corporate systems.

The main users of the EDMS are large government organizations, enterprises, banks, large industrial enterprises and all other structures whose activities are accompanied by a large volume of created, processed and stored documents.

1.5 Main features of the EDMS

openness

High degree of integration with application software

It should also be noted that in most common EDMS, integration with the most famous ERP systems is implemented (in particular, with SAP R / 3, Oracle Applications, etc.). It is the ability to integrate with various applications that is one of the characteristic properties of the EDMS. Thanks to him, EDMS can act as a link between various corporate applications, thus creating the basis for organizing office work in the enterprise. Some industry analysts even believe that the EDMS may well become the basis of the corporate information system of an enterprise or organization (there are other opinions).

Features of document storage

EDMS work mainly on the basis of distributed architectures and use various combinations of technologies for collecting, indexing, storing, searching and viewing electronic documents. Most EDMS implement a hierarchical document storage system (according to the “cabinet/shelf/folder” principle). Each document is placed in a folder, which, in turn, is on a shelf, and so on. The number of nesting levels when storing documents is not limited. The same document can be included in several folders and shelves through the use of a link mechanism (in this case, the original document remains unchanged and is stored at the location specified by the EDMS administrator). A number of EDMS implement even more powerful storage capabilities by organizing links between documents (these links can be set and edited graphically).

In most cases, the server part of the EDMS consists of the following logical components (which can be located on one or several servers):

storage of document attributes (cards);
document storage;
full-text indexing services.

Recently, storing documents together with attributes in a database has become increasingly popular. This approach has its advantages and disadvantages. The advantage is a significant increase in the security of access to documents, and the main disadvantage is the low efficiency of working with documents with a large amount of stored information. This approach also requires the use of powerful servers with large amounts of RAM and hard drives. In addition, in the event of a database failure, it will be very difficult to restore the documents stored in it. It is also necessary to be strictly attached to a specific DBMS.

Features of document routing

The EDMS modules responsible for the document flow are commonly called document routing modules. In the general case, the concepts of "free" and "hard" document routing are used. With "free" routing, any user participating in the workflow can, at his discretion, change the existing route for passing documents (or set a new route). With "hard" routing, the routes for passing documents are strictly regulated, and users do not have the right to change them. However, with "hard" routing, logical operations can be processed when the route changes when some predefined conditions are met (for example, sending a document to management when a specific user exceeds his official authority). In most EDMS, the routing module is included in the package, in some EDMS it must be purchased separately. Fully functional routing modules are developed and supplied by third parties.

Access control

full control over the document;
the right to edit but not destroy the document;
the right to create new versions of the document, but not to edit it;
the right to annotate the document, but not to edit it and not to create new versions;
the right to read the document, but not to edit it;
the right to access the card, but not the contents of the document;
the complete absence of access rights to the document (while working with the EDMS, each user action is logged, and thus the entire history of his work with documents can be easily controlled).

Version and subversion tracking of documents

When several users work with a document at once (especially when it needs to be coordinated in various instances), a very convenient function of the EDMS is the use of document versions and subversions. Let's assume that the performer created the first version of the document and passed it on to the next user for review. The second user modified the document and created a new version based on it. Then he passed his version of the document to the next instance to a third user who created the third version. After a certain time, having read the comments and corrections, the first executor of the document decides to modify the original version and, on its basis, creates a subversion of the first version of the document. The advantage of EDMS is the ability to automatically track versions and sub-versions of documents (users can always determine which version / sub-version of a document is the most relevant in the order or time of their creation).

Utilities for viewing documents of different formats

Most EDMS include utilities for viewing documents (the so-called viewers), which understand many dozens of file formats. With their help, it is very convenient to work, in particular, with graphic files (for example, with drawing files in CAD systems). In addition to the basic set of viewing utilities (included in each EDMS), additional utilities can be purchased from third parties that integrate well with the EDMS.

Document annotation

When organizing group work on documents, the ability to annotate them is usually very useful. Since in some cases users are deprived of the rights to make any changes to the document in the process of its approval, they can take advantage of the opportunity to annotate it. In most EDMS, annotation is implemented by including an attribute for annotation in the document card and transferring rights to edit such a card field to users. But such a solution is not always acceptable (especially when annotating a graphic document). In this regard, in some EDMS there is a so-called "red pencil" function, with which you can graphically indicate the flaws in the image itself. Software tools that implement the "red pencil" function are widely offered by third parties.

Support for various client programs

Short description

The development of human civilization is accompanied by an amazing increase in the volume of created, processed and stored information. For example, according to the ASAP magazine, about 6 billion new documents appear annually in the world. According to the Delphi Consulting Group, at present, more than 1 billion pages of documents are created daily in the United States alone, and more than 1.3 trillion are already stored in archives. various documents.

Content

Theoretical task. 3
1. Electronic document management systems. 3
1.1 Electronic and paper workflow 3
1.2 Digital signature 4
1.3 Organization of electronic document management systems 7
1.4 Basic concepts of electronic document management systems 8
1.5 Basic features of ERMS 9
1.6 General classification of ERMS 12
1.7 Examples of implementation of electronic document management systems 14
Practical tasks. 17
25.1. Issue an order. 17
25.2. Issue an extract from the order. 18

38. Fill out an act using the following data: 19
69. Compose a letter of request. 20
References 21

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Introduction

Man is a social being: interpersonal relationships make up almost all spheres of our life, and one of the most important results of these relationships is the exchange of information. Data turnover is an obligatory part of human activity: from private household life to the field of economy or business.

With the development of information technology, huge opportunities have opened up for the transmission of information. With the advent of the global Internet and its important attribute - e-mail, the problem of distance has ceased to be a problem. E-mail messages reach the recipient in a matter of minutes. But, with the elimination of one problem, another appeared - the protection of information contained in an electronic document.

Information resources (separate documents or arrays of documents belonging to an individual or legal entity, or the state), which are subject to mandatory accounting and protection, are called confidential.

Confidential information has the following features:

It is unknown to third parties;

Only the owner and persons authorized by him have free access;

Measures to ensure its confidentiality are taken by the owner of the information.

The problem of protecting information by transforming it, excluding its reading by an outsider, has been worrying the human mind since ancient times. With the widespread use of writing, cryptography began to form as an independent science. Why has the problem of using cryptographic methods in information systems become particularly relevant at the moment?

So far, every known form of commerce is potentially susceptible to fraud, from market gimmicks to false invoices and counterfeiting of banknotes. E-commerce schemes are no exception. Such forms of attack can only be prevented by strong cryptography. Electronic money without cryptography will not survive.

Another threat is privacy violations. Crimes against privacy in most cases are targeted (press representatives try to read the e-mail of a famous person, the company intercepts the mail of competitors, etc.). Other attacks include the free search for any useful information.

So, on the one hand, the use of computer networks has expanded, in particular, the global Internet, through which large amounts of confidential information are transmitted, which does not allow unauthorized persons to access it. On the other hand, the emergence of new powerful computers and network computing technologies made it possible to discredit cryptographic systems, which until recently were considered undiscoverable. All this constantly pushes researchers to create new cryptosystems and carefully analyze existing ones. The science of cryptology deals with the problem of protecting information by transforming it.

Cryptology is divided into two areas - cryptography and cryptanalysis. The goals of these two directions are directly opposite. Cryptography is engaged in the search and study of methods for transforming information in order to hide its content. The scope of cryptanalysis is the study of the possibility of decrypting information without knowing the keys.

Electronic document management system (EDMS)

Electronic document management includes: the creation of documents, their processing, access control, transmission, storage, output, as well as tracking changes based on the use of computers and computer networks.

File types typically supported by ERMS include text documents, images, spreadsheets, audio data, video data, and Web documents.

The main properties of the EDMS:

· openness.

All EDMS are built on a modular basis, and their APIs are open, which allows you to add new functions to the EDMS or improve existing ones.

· High degree of integration with application software.

· Features of document storage.

IN Most EDMS implement a hierarchical document storage system (according to the “cabinet/shelf/folder” principle). Each document is placed in a folder, which, in turn, is located on a shelf, etc. The number of nesting levels when storing documents is not limited.

The same document can be included in several folders and shelves through the use of the link mechanism.

In most cases, the server part of the EDMS consists of the following logical components:

o Stores of attributes of documents (cards).

For each type of document, a card template is created using visual tools, where the names of document attributes are presented in an understandable graphical form.

o Document storage.

o Full text indexing services

(links between documents).

· Document routing features.

IN In the general case, the concepts of “free” and “hard” routing of documents are used. With "free" routing, any user participating in the workflow can, at his discretion, change the existing route for passing documents (or set a new route). With "hard" routing, the routes for passing documents are strictly regulated, and users do not have the right to change them. However, with "hard" routing, logical operations can be processed when the route changes when some predefined conditions are met (for example, sending a document to management when a specific user exceeds his official authority).

· Availability of utilities for viewing documents of different formats.

Annotation of documents.

· Support for various client programs.

· Track versions and subversions of documents.

Opportunity automatic tracking of versions and sub-versions of documents when several users work with a document at once: it is easy to determine which version / sub-version of a document is the most up-to-date in the order or time of their creation.

· delimitation access

o Full control over the document;

o The right to edit but not destroy the document;

o The right to create new versions of the document, but not to edit;

o The right to annotate the document, but not edit it or create new versions;

o The right to access the card, but not the content of the document;

o Complete lack of access rights.

Benefits of using SED:

· Performance personnel labor increases by 20-25%.

· The cost of archival storage of electronic documents is 80% lower compared to the cost of storing paper archives.

The emergence of the possibility of collective work on documents.

· Significant acceleration of search and selection of documents.

· Increasing the security of information due to the fact that work in the EDMS from an unregistered workstation is impossible, and each user of the EDMS is assigned its own access rights to information.

· Increasing the safety of documents and the convenience of their storage, as they are stored electronically on the server.

· Improved control over the execution of documents.

What is cryptography

Cryptography is a complex science of ensuring confidentiality (the impossibility of reading information to outsiders) and authenticity (the integrity and authenticity of authorship, as well as the impossibility of refusing authorship) of information.

Cryptography is necessary in order to securely transmit information over open communication channels (for example, over the Internet) in such a way that it will not be available to anyone other than the person for whom it is intended. Strategically important information is confidential documents (contracts, agreements, bank account numbers, etc.), business and personal correspondence.

In modern cryptography, cryptographic systems are divided into two classes, depending on the number of keys used:

· symmetric cryptosystems (single-key);

asymmetric cryptosystems (two-key).

Symmetric cryptosystems - encryption - conversion of open (source) text into ciphertext (ciphertext) - and decryption are performed using the same secret key.

Asymmetric cryptosystems - encryption and / or electronic digital signature (EDS) systems that use a key pair - public and private keys, while the public key is transmitted over an open (unprotected) channel and is used to verify the EDS and to encrypt the message; a secret key is used to generate an EDS and to decrypt a message.

In addition to the above sections, modern cryptography includes hashing (converting an input data array of arbitrary length into an output bit string of a fixed length.), key management, obtaining hidden information, quantum cryptography, etc.

There are several important concepts associated with cryptography, among other things:

Cryptanalysis is a science that studies mathematical methods for violating the confidentiality and integrity of information.

Cryptographic attack - an attempt to cause deviations in the attacked secure information exchange system.

Cryptographic strength - the ability of a cryptographic algorithm to withstand cryptanalysis.

It should be noted that cryptography does not deal with: protection against fraud, bribery or blackmail of legitimate subscribers, theft of keys and other threats to information that occur in secure data transmission systems.

Asymmetric Algorithms

Asymmetric cryptography, also known as public key cryptography, uses a class of algorithms that use a pair of keys: a public key and a secret (private) key known only to its owner. Unlike a private key, which must be kept secret, a public key can be made public without compromising the security system. The public and private keys are generated at the same time, and data encrypted with one key can be decrypted with the other key. That is, the sender can encrypt the message using the recipient's public key, and only the recipient - the owner of the corresponding private key - can decrypt the message.

Asymmetric systems have a number of advantages over symmetrical systems. In asymmetric systems, the difficult problem of distributing keys between users is solved, since each user can generate his own key pair, and public keys are freely published and distributed. Due to the fact that in asymmetric systems the secret key is known only to its owner, the interaction of parties that do not know each other is possible. Among the asymmetric algorithms, the most famous are RSA (letter abbreviation of the names Rivest, Shamir and Adleman) and the ElGamal algorithm.

The following is a diagram of the transfer of information by person "A" to person "B", they can be both individuals and organizations, and so on. "E" - the role of an active eavesdropper that can take over the system (decrypt the message intended for person "B") without breaking the encryption system.

Hosted at http://www.allbest.ru/

1. "B" chooses a pair (e,d) and sends the encryption key e (public key) to person "A" over an open channel, and the decryption key d (private key) is protected and secret (it should not be transmitted over an open channel).

2. To send a message m to person "B", person "A" uses the encryption function defined by the public key e: Ee(m) = c, c is the received ciphertext.

3. "B" decrypts the ciphertext c, applying the inverse transformation Dd, uniquely determined by the value of d.

It would seem that a public key cryptosystem is an ideal system that does not require a secure channel for transmitting the encryption key. This would imply that two legitimate users could communicate over an open channel without having to meet to exchange keys. Unfortunately, it is not.

The following diagram illustrates how a person "E", acting as an active eavesdropper, can take over the system (decrypt a message intended for person "B") without breaking the encryption system.

Hosted at http://www.allbest.ru/

In this model, person "E" intercepts the public key e sent by person "B" to person "A". Then he creates a pair of keys e" and d", "masquerades" as "B", sending person "A" the public key e". "E" intercepts the encrypted messages from "A" to "B", decrypts them using the secret key d ", re-encrypts person "B" with the public key e and sends this message to him. Thus, none of the participants realizes that there is a third party who can either simply intercept the message m or replace it with a false message m". This emphasizes the need for public key authentication. Certificates (digital signature) are usually used for this.

Digital signature (EDS, signature key certificate) is a digital document confirming the correspondence between the public key and information identifying the owner of the key. Contains information about the owner of the key, information about the public key, its purpose and scope, the name of the certification authority, etc.

In the case of using an EDS, the secret key is used to sign the data, and the public key is used to verify them. The only known way to obtain a valid signature is to use a private key. In addition, a unique signature is generated for each message. In order to improve performance, not the entire message is signed, but its hash code. In general, the actual digital signature of a message is a hash code of the message encrypted with a secret key, it is sent along with a digital object and certifies the integrity of the object itself and the authenticity of its sender.

To generate a digital signature, the user generates a public and private key. Then the secret key and the digital object (document) are used as input to the digital signature generation function. After another user receives a digital object, he uses the object itself, the digital signature associated with it, and the public key to verify (verify) the signature. Verification of the digital signature of a message consists in calculating the hash code value of the received message and comparing it with the hash code value in the signature decrypted by the sender's public key. If the values of the hash code calculated by the recipient and stored in the signature match, then it is considered that the signature under the document is correct, and the document itself is authentic. The digital signature provides reliable protection of the document from forgery and accidental modifications and allows you to give legal force to electronic documents and messages.

Three main algorithms are used in digital signature schemes: RSA, digital signature algorithm DSA (Digital Signature Algorithm) and its variant using elliptic curves - ECDSA (Elliptic Curve Digital Signature Algorithm).

algorithm encryption hacking electronic document management

RSA algorithm: history of creation

The works of Euclid and Diophantus, Fermat and Euler, Gauss, Chebyshev and Hermite contain ingenious and very effective algorithms for solving equations, finding out the solvability of comparisons, constructing large prime numbers for those times, finding the best approximations, etc. In the last two decades, first of all, Thanks to the demands of cryptography and the widespread use of computers, research on algorithmic questions in number theory is undergoing a period of rapid and very fruitful development.

Computers and electronic means of communication have penetrated practically into all spheres of human activity. Modern cryptography is unthinkable without them. Encryption and decryption of texts can be represented as the processes of processing integers with the help of a computer, and the ways in which these operations are performed, as some functions defined on the set of integers. All this makes it natural for the number theory methods to appear in cryptography. In addition, the strength of a number of modern cryptosystems is justified only by the complexity of some number-theoretic problems.

But the possibilities of computers have certain limits. You have to break a long digital sequence into blocks of limited length and encrypt each such block separately.

We will further assume that all encoded integers are non-negative and less than some given (say, by technical limitations) number m. The same conditions will be satisfied by the numbers obtained in the encryption process. The simplest cipher of this kind is the substitution cipher, which corresponds to the mapping

where the number is an encrypted message for some fixed integer k. A similar cipher was used by Julius Caesar. Of course, not every display is suitable for the purposes of secure information hiding.

In 1978, the Americans R. Rivest, A. Shamir, and L. Adleman proposed an example of a function f that has a number of remarkable advantages. On its basis, a real-life encryption system was built, named after the first letters of the names of the authors - the RSA system.

The RSA system has the following important features:

1. there is a fairly fast algorithm for calculating the values of the function f(x), as well as the values of the inverse function f -1 (x);

2. the function f(x) has some "secret", the knowledge of which allows you to quickly calculate the values of f -1 (x); otherwise, the calculation of f -1 (x) becomes a computationally difficult task, requiring so much time for its solution that after it has passed, the encrypted information ceases to be of interest to persons using the mapping f as a cipher.

Even before the publication of the article, a copy of the report at the Massachusetts Institute of Technology on the RSA system was sent to the famous popularizer of mathematics M. Gardner, who in 1977 published an article on this encryption system in Scientific American. In the Russian translation, the title of Gardner's article reads: "A new kind of cipher that will take millions of years to decipher." It was this article that played the most important role in spreading information about RSA, attracted the attention of a wide range of non-specialists to cryptography, and actually contributed to the rapid progress in this area that occurred in the following 20 years.

Despite the big hype about the new algorithm, the National Security Agency (USA), fearing its use in non-state structures, for several years unsuccessfully demanded that the distribution of the system be stopped. However, the patent was nevertheless issued, although much later - in 1983.

One of the largest mass checks of the RSA cipher was carried out in 1977: the creators encrypted the phrase "The Magic Words are Squeamish Ossifrage". A $100 reward was offered for decryption. Over the course of six months, over 600 volunteers donated CPU time to 1,600 machines (two of which were fax machines). Coordination took place over the Internet, and this was one of the first such distributed computing projects. The winners donated the award they received to the Free Software Foundation.

RSA encryption algorithm

The function f, which implements the RSA scheme, is structured as follows

where and are natural numbers.

To decrypt the message, it is enough to solve the comparison

Under certain conditions on and this comparison has a unique solution.

In general, the RSA algorithm consists of the following points:

choice of prime numbers p and q (experts recommend using combinations with a length of at least 100 decimal digits);

calculation of their product n = p * q;

calculation of the product m = (p - 1) * (q - 1);

· choice of natural number e: 2 ? e< m и взаимно простое с m;

calculation of a natural number d< m такое, что e*d ? 1 (mod m), т.е. выражение e*d-1 должно нацело делится на m;

The pair (e,n) is the public key, it will be used to encrypt messages, and the pair (d,n) is the secret key, which must be kept secret and is needed to decode the data

The letters of the message are converted to numbers. The numerical representation of the message is divided into blocks - numbers from 0 to n - 1, each of which is some number b ? Z n . So, the plaintext is a finite sequence of numbers b 1 ,b 2 ,….b r . The numbers b i are sequentially encrypted independently of each other.

Encryption algorithm:

Each block of information is encoded by raising it to the power e and multiplying it by modulo n

Where c i ? Z n .

Decryption algorithm:

The ciphertext can only be converted back in one way. To do this, you need to raise the encrypted block to the power d and multiply by the modulus n

where b i ? Z n .

If a message needs to be digitally signed, back calculations are performed. That is, the second formula with a secret key is used to create it, and the first one with a public key is used for verification.

It should also be noted that the keys e and d are equal, i.e. a message can be encrypted with both key e and key d, while decryption must be done using a different key.

Finding prime numbers:

The first paragraph of the RSA algorithm says that you need to choose two primes p and q. How to do this if the numbers have a large bit depth? A simple way - dividing the supposed prime number by all numbers smaller than it does not work already with 32-bit numbers, because takes a very long time to complete.

In this case, to generate prime numbers, probabilistic methods are used, which, however, do not give a full guarantee that the number found is prime, but with a sufficiently small number of operations, they make it possible to obtain a very high probability of this.

Algorithm for finding prime numbers:

1. N is an odd number. Find s and t such that N - 1 = 2 S * t;

2. Randomly choose a number a, 1< a < N;

3. If N is divisible by a, go to step 6;

4. If the condition a t = 1 (mod N) is satisfied, go to step 2;

5. If there is such k, 0 ? k< s, что, то перейти к пункту 2;

6. The number N is composite: choose another odd number N, go to step 1.

If for any number N, m numbers a are checked, then the mathematically proven probability that the number is composite and will be equal to 4-m. Based on this, it is necessary for the number N, consisting of p bits, to check p different values of a. If during this it is not found that N is a composite number, then it is likely that the number N is prime.

It is worth noting that the number s cannot be more than the number of bits in the number. The numbers s and t are found using a binary shift of the number N - 1 until the least significant bit becomes 1. As a result, s is the number of shifts, t is the number N 1 after the shift.

Finding relatively prime numbers:

At step 4 of the RSA algorithm, it is necessary to find a number e coprime to m, i.e. having no common divisors with it, except for one. The number e must be less than m, i.e. the capacity of the number e is equal to the sum of the bits in the numbers p and q. To find relatively prime numbers, the Euclid algorithm is used, which finds the greatest common divisor of two numbers. If the found divisor is greater than one, then you need to choose another number d and repeat the check.

Euclid's algorithm:

1. a and b are the original numbers.

2. Calculate r - the remainder of dividing a by b: a = b * q + r.

3. If r = 0, then b is the desired number (greatest common divisor), if not, then replace the pair of numbers couple , go to step 2.

When calculating the greatest common divisor using the Euclidean algorithm, no more than 5 * p division operations with a remainder will be performed, where p is the number of digits in the decimal notation of the smaller of the numbers a and b. In practice, the algorithm is very fast.

Equation solution:

In the 5th paragraph of the RSA algorithm, it is supposed to find a number e such that e * d = 1 (mod m).

To do this, you need to use a modified Euclid's algorithm, which only works if the numbers d and m are coprime. Calculating the number e is reduced to solving the equation m * x + d * e = 1 in natural numbers. The number x is not essential.

1. You need to define a matrix

2. Calculate r - the remainder of dividing a by b a = b * q + r

3. If r = 0, then the second column of the matrix gives the solution: if not, go to step 4;

4. Replace a couple of numbers , couple , go to step 2;

In this algorithm, all calculations can be performed modulo the greater of the numbers a and b. The negative number -q is replaced by a positive number obtained by subtracting the number q from the number taken as the modulus.

For example, if the largest of the numbers a and b is the number b, then all calculations can be done modulo the number b, while -q will be represented as b - q.

Large numbers and working with them:

At this point in time, it is recommended to take numbers as e and d numbers with a length of at least 768 bits. It would take $1,000,000 and about a year to find a key of this length. A 1024 bit key is strong enough for normal encryption purposes. For increased security, it is recommended to take 2048-bit keys, i.e. the numbers p and q should be half as wide as the numbers e, d, m, and n (p and q are about the same order, but not too close to each other).

Storing large numbers, algebraic addition, multiplication:

Large numbers are best stored in an array of 2-byte variables. You can forget about negative numbers: they will not be used, because they can always be replaced by their modulo inverses. Variables of 2 bytes are convenient for multiplication: the result will be 4 bytes and then it can be divided into two parts for further processing.

Multiplication is most often done using the usual school multiplication algorithm "in a column". Addition and subtraction are also performed "in a column".

Fast exponentiation algorithm:

The RSA algorithm has a lot of exponentiations modulo a natural number, and there is no need to perform trillions of multiplications, and then take the remainder of the division of the number from billions of digits: the remainder of the division is taken after each multiplication. Thus, when multiplying two k-bit numbers, you need a 2 * k-bit number, which is then divided by the modulus and you get a remainder, again consisting of k bits. The complexity of this algorithm can be estimated as O(ln m), where m is the modulus over which the multiplication is performed. The notation O (ln m) means that the implementation of the algorithm will require about ln m operations. For example, if a number has a capacity of 1024 bits (while the length m is at least 1024 bits), then modulo multiplication will need to be done on the order of ln m = ln 21024 = 710 times, which is relatively small.

Algorithm for calculating a d (mod m):

1. Present the number d in binary number system:

d = d 0 * 2 r + ... + d r - 1 * 2 + d r , where d i are digits in binary representation equal to 0 or 1, d 0 = 1;

2. Put a 0 = a, then for i = 1, ... , r calculate

3. a r - desired number a d (mod m).

Ways to crack the RSA algorithm

To date, there are no really effective and universal ways to crack the RSA algorithm. However, there are assumptions.

The most obvious method of hacking at first glance is the recovery of a secret key based on a public one. To do this, it is enough to decompose the number n into factors p and q, while knowing the latter and the public key (that is, the number e), you can easily calculate the value of d. However, there are currently no efficient ways to factorize n. Of course, with the growth of computing power, this procedure can be carried out by simple enumeration, but nothing prevents you from starting to use numbers of greater length. So, for example, at the present stage, it is enough to take p and q with a capacity of 100 characters, but then what kind of computer will you need if you increase their length to 150 or 200 digits?

Another way to break RSA is to find a method for calculating the root of e from the modulo n. If an attacker calculates this value, then he will be able to read the encrypted data and forge electronic signatures without even knowing the secret key, however, it must be admitted that there are currently no known methods to crack RSA in this way. The only possibility for an attacker is the case when quite a lot of related messages are encrypted based on the same indicator of a relatively small value. This gives him some chance of a successful hack.

For example, a user sends the same message to three correspondents at once, each of which uses a common indicator e=3. By intercepting these messages, the attacker gets a real chance to decrypt them. However, there are very simple and effective ways to protect against such attacks, which are present in all modern software and hardware implementations (for example, adding several randomly selected bits to the original message before each encryption). Therefore, they pose absolutely no danger to users.

So, despite its venerable age, RSA is still one of the most reliable and most common among public key algorithms. Many other technologies are based on it. And therefore, the discovery of a serious vulnerability in RSA (if, of course, this is possible) can lead to a chain reaction and the “collapse” of a whole family of different encryption algorithms used almost everywhere, including in banking systems and e-commerce.

Optimizing the RSA Algorithm in Encryption Applications

Building reliable protection includes an assessment of the information circulating in a computer system in order to clarify the degree of its confidentiality, analyze potential threats to its security, and establish the necessary mode of its protection.

Taking into account all the requirements, the developed program should be an application capable of encrypting files uploaded by the user by generating public and secret keys based on random numbers, decrypting previously encrypted files, and also be able to work with EDS (check it for authenticity).

The input data for encrypting files is two random numbers, as well as a file that must first be opened (or text entered in the text field provided for this). Based on the numbers entered by the user, the two nearest prime numbers are determined. The number n - the result of their multiplication - will be included in pairs that are public and private keys. In this case, the pair of numbers "e and n" is the public key, and "d and n" is the secret.

The procedure for decrypting files previously encrypted with a public key includes specifying in the corresponding text fields the numbers included in the pair that makes up the secret key.

So, the required software product should consist of three components.

The first component is a key generation program. It prints out all the prime numbers in the given range, from which the numbers p and q are then selected. There are also public and private keys that are stored on disk.

The second component is the main program that closes the information using the RSA algorithm, after which the encrypted document can be transmitted over the network and not be afraid that the information will fall into other hands.

The third component is a certification authority required to work with a digital signature (electronic certificate): respectively, issuance and authentication.

At first glance, it may seem that the EDS is an extra attribute of the document, however, using the EDS, it is possible to ensure the immutability of the document after the conciliatory signature of each participant is affixed. In addition, at enterprises that have remote divisions and branches, where e-mail is used to transfer documents, the use of digital signature eliminates the need to print and scan documents.

Conclusion

Electronic information exchange technologies are closely related to data encryption, which ensures its safety and excludes ways of leaking confidential data.

Based on the analysis of modern methods and means of protecting information in networks and the prospects for the development of information technologies, we can identify the main factors that make it difficult to solve the problem of protecting information in computers and their networks:

mass application;

· constantly growing complexity of functioning;

· Variety of personal computer software and architectural solutions.

One of the main means of protecting information in computers and their networks are cryptographic tools. They have as their task the protection of information during transmission over communication lines, storage on media. A digital electronic signature, as an integral part of cryptography, tracks authorship, preventing the substitution of information, i.e. making unauthorized changes.

The practical implementation of cryptographic protection tools can be software, i.e. encryption is implemented by a special program, and technical, with the help of special technical means that implement the encryption algorithm.

Cryptographic programs are applications capable of encrypting files downloaded by the user for transmission over communication channels and / or subsequent storage. The public and private keys are generated based on random number generation. Encryptors also allow you to decrypt previously encrypted files using a secret key.

Such a software module can be used by any organization whose information confidentiality is of great strategic importance. In addition, it can be used as part of other software systems, for example, to encrypt passwords in order to restrict access to resources and/or to restrict employees' access rights to various documents. In addition, such systems should be easily integrated with existing corporate systems.

However, do not forget that today there is no one absolutely reliable method of protection. The most complete security can only be ensured with an integrated approach to this issue. It is necessary to constantly monitor new solutions in this area, and, if possible, update software and hardware.

Hosted on Allbest.ru

Similar Documents

History of cryptography. Comparison of encryption algorithms, application in the operating system. Analysis of products in the field of custom encryption. Enable or disable encryption on elliptic curves. Using the hash function. Electronic signature.

term paper, added 09/18/2016

Translation of the original text and the first subkey into a binary sequence. Logical addition with exception. Public and private keys in the RSA encryption algorithm. Encryption and decryption. Electronic digital signature. Applying the hash function.

test, added 03/28/2012

Symmetric cryptosystems as a method of encryption in which the same cryptographic key is used for encryption and decryption. Parsing and implementation of encryption algorithm: simple and double permutation, "magic square" permutation.

term paper, added 03/11/2013

Performance comparison of software implementations of encryption algorithms with optimizations for C and Java languages. History of development, essence, principles of encryption and success in cryptanalysis of such encryption algorithms as AES, RC4, RC5, RC6, Twofish and Mars.

abstract, added 11/13/2009

Electronic digital signature. Asymmetric encryption algorithms. Public key distribution scenario, certificate exchange. Choice of software. Mathematical model. ElGamal speeds for various module lengths. Software implementation.

thesis, added 09/22/2011

Symmetric cryptosystems; data encryption and decryption algorithms, their application in computer technology in systems for protecting confidential and commercial information. The main modes of operation of the DES algorithm, the development of a software implementation of the key.

term paper, added 02/17/2011

Symmetric encryption is an encryption method that uses the same cryptographic key. Functions of the standard dialog box for opening and saving a file. A typical scheme of actions when generating a signature. The digital signature of the file.

term paper, added 06/14/2011

Implementation of the DES algorithm and encryption modes for any message length and any key length. Encryption of messages of various lengths and keys with measurement of time and encryption speed. Implementation of the RSA algorithm. Saving the encrypted file to disk.

term paper, added 01/26/2010

The history of the emergence of symmetric encryption algorithms. The role of the symmetric key in ensuring the degree of secrecy of the message. Diffusion and confusion as ways to transform data bits. DES and IDEA encryption algorithms, their main advantages and disadvantages.

laboratory work, added 03/18/2013

The history of the emergence of the symmetric encryption algorithm, the conditions and features of its application at the present stage. Principles and functions of the researched technology. Analysis of the main advantages and disadvantages of using the algorithm, assessment of its vulnerability.

1 ELECTRONIC DOCUMENT MANAGEMENT SYSTEM AS AN ENTERPRISE MANAGEMENT ELEMENT Belousova I.D. Magnitogorsk State University im.g.i.nosova Russia ELECTRONIC DOCUMENT MANAGEMENT SYSTEMS AS A CONTROL NOW Belousov ID Magnitogorsk State University im.g.i.nosova Russia electronic document management (EDMS). With the help of an electronic document management system, it is possible to implement such operational management functions as the transfer of information through all management channels, the transfer of documents and all necessary information in the course of core activities, the transfer of information about the results to analytical systems. The document becomes the basis for building an electronic document management system - a system that organizes the full life cycle of a document, from registration to decommissioning to the archive. Search, approval and approval are becoming quite complex and burdensome procedures, which cannot be excluded. The only effective approach in such a situation is the use of modern technologies and maximum automation of all stages of work with documents. In addition, the emergence in recent years of a sufficient amount of available computing power and high-quality software for them makes such a solution easy to implement and economical. Automation of workflow allows you to more productively organize the work of the enterprise. Rapid receipt of paper and electronic document samples through the use of document scanning, recognition and printing technologies makes it easy to switch from paper to electronic and vice versa. Thus, a way is opened for the painless transfer of documents from paper to electronic representation, while it becomes possible to use the advantages of computers. The market for document management systems in our country is represented by software solutions, both Russian developers based on applications of foreign companies and on

2 based on our own developments, as well as several foreign brands. Domestic software better takes into account the specifics of the Russian workflow than the software of foreign manufacturers, and the point here is somewhat different principles for building Western workflow. Let's consider what opportunities exist for resolving problems related to the enterprise's workflow, which open up after the implementation and subsequent operation of such a system. Automation of the document flow of the enterprise allows to increase the executive discipline, which is carried out by improving the control over the execution of instructions on documents. An effective system of notifications and reminders warns all officials in advance of the approaching deadlines for the execution of orders. With the help of the formation of summary reports and journals, it is easy to get a complete picture of the work of both individual employees and the enterprise as a whole. It is possible to save time at all stages of employees' activities through the use of intelligent technologies for working with documents. Automatic number generation, current date substitution, use of directories and dictionaries allows reducing registration time and avoiding errors associated with filling in document details. By means of the system, an instant search for documents is carried out, along with all attachments and bundles, and instructions for their content and any combination of details, with a list or range of values, logical conditions. It is possible to form individual routes for the passage of documents. Storing documents of any format, remote access to the system from a computer connected to the Internet and archival storage of documents allows you to organize a single information space of the enterprise. Therefore, users of the system receive the most complete information on all the requested data. Ensuring information security is achieved by delimitation of rights and protection against unauthorized access, as well as protection against failures and the possibility of data recovery. In the database, each document is assigned a user or group of users who have either full or partial access to it. Sometimes a user who is not granted access to a document is not even aware of its very existence. The differentiation of user rights together with the use of EDS provides comprehensive control of document security. Moreover, if in the case of a paper document containing more than one page, the signature is put only on the last sheet, then in the case of the electronic version, the signature is put simultaneously for all pages, as well as related documents.

3 In addition to various technical criteria, an important aspect is the economic feasibility of the innovation. The introduction of an electronic document management system according to the criterion of efficiency is also beneficial. The proof of this is in the numbers. With paper document management, the price of one document, according to various estimates, varies from 10 to 100 rubles. Practice shows that if, as a result of business growth and an increase in staff by 20%, it was decided to introduce an electronic document management system, then the savings, relative to even the initial cost figure, before staff growth, is 30%. With a massive transition to electronic document management, the price of one document is further reduced by reducing the cost of issuing documents, speeding up their processing, and reducing storage volumes. According to industry analysts, electronic document management includes: the creation of documents, their processing, transmission, storage, output of information circulating in an organization or enterprise, based on the use of computer networks. Under the management of electronic document management, in the general case, it is customary to understand the organization of the movement of documents between departments of an enterprise or organization, groups of users or individual users. At the same time, the movement of documents does not mean their physical movement, but the transfer of rights to their use with the notification of specific users and control over their execution. IDC defines the concept of EDMS as follows (referring to EDMS Electronic Document Management Systems): repositories or in the file system hierarchy.File types typically supported by an ERMS include: text documents, images, spreadsheets, audio data, video data, and Web documents.General ERMS capabilities include: document creation, access control, data conversion and data security." The main purpose of the EDMS is to organize the storage of electronic documents, as well as work with them (in particular, their search both by attributes and by content). The EDMS should automatically track changes in documents, the deadlines for the execution of documents, the movement of documents, and also control all their versions and sub-versions. A comprehensive EDMS should cover the entire cycle of office work of an enterprise or organization from setting the task of creating a document to writing it off to the archive, provide centralized storage of documents in any format, including complex composite documents. EDMS should combine disparate flows of documents of geographically remote

4 enterprises into a single system. They must provide flexible document management, both through the rigid definition of traffic routes, and through the free routing of documents. The EDMS must implement a strict delimitation of user access to various documents depending on their competence, position and the powers assigned to them. In addition, the EDMS must be tuned to the existing organizational structure and office work system of the enterprise, as well as integrated with existing corporate systems. The main users of the EDMS are large government organizations, enterprises, banks, large industrial enterprises and all other structures whose activities are accompanied by a large volume of created, processed and stored documents. EDMS properties: Openness - all EDMS are built on a modular basis, and their APIs are open. This allows you to add new features to the EDMS or improve existing ones. Currently, the development of applications integrated with the EDMS has become a separate business in the software manufacturing industry, and many third-party companies are ready to offer their services in this market segment. The ability to relatively easily add to the EDMS many modules from third parties greatly expands their functionality. For example, modules for document input from a scanner, communication with e-mail, fax programs, etc. have been developed for the EDMS. , ActiveX, ODMA, MAPI, etc. And directly when working with documents, there is no need to use EDMS utilities at all. Users deal only with ordinary application programs: at the time of installation of the client part of the EDMS, application programs are supplemented with new functions and menu items. For example, a user of the MS Word word processor, opening a file, immediately sees libraries and folders with EDMS documents (from where he selects the document he needs). When you save a document, it is automatically placed in the EDMS database. The same applies to other office and specialized programs. Features of document storage - EDMS work mainly on the basis of distributed architectures and use a variety of combinations of technologies for collecting, indexing, storing, searching and viewing electronic documents. Most EDMS implement a hierarchical document storage system (according to the "cabinet/shelf/folder" principle). Each document is placed in a folder, which, in turn, is located on a shelf, etc.

5 The number of nesting levels when storing documents is not limited. The same document can be included in several folders and shelves through the use of a link mechanism (in this case, the original document remains unchanged and is stored at the location specified by the EDMS administrator). A number of EDMS implement even more powerful storage capabilities by organizing links between documents (these links can be set and edited graphically). Any document in the EDMS has a certain set of attributes (for example, its name, the author of the document, the time of its creation, etc.). The set of attributes can change from one type of document to another (it remains unchanged within one type of document). In EDMS, document attributes are stored in a relational database. For each type of document, a card template is created using visual tools, where the names of document attributes are presented in an understandable graphical form. When a document is entered into the EDMS, the required template is taken and the card is filled in (attribute values are entered). Once completed, the card is linked to the document itself. In most cases, the server part of the EDMS consists of the following logical components (which can be located on one or several servers): Storage of document attributes (cards); Document storage; Full text indexing services. A document store is usually understood as a store of document content. The attribute store and the document store are often combined under the general name "document archive". To store attributes in most EDMS, Oracle, Sybase, MS SQL Server and Informix DBMS are used, which provide search for documents by attributes. To store the actual content of documents in most EDMS, file servers MS Windows NT, Novell NetWare, UNIX, etc. are used. In this case, heterogeneous combinations of network environments can also be implemented. For example, a database with document attributes might be running UNIX on a TCP/IP network, while the documents themselves might be stored on Novell NetWare OS on an IPX/SPX network. It should be noted that the great advantages of EDMS are the storage of documents in their original format and the automatic recognition of many file formats. Recently, storing documents together with attributes in a database has become increasingly popular. This approach has its advantages and disadvantages. The advantage is a significant increase in the security of access to documents, and the main disadvantage is the low efficiency of working with documents with a large amount of stored information. This approach also requires the use of powerful servers

6 with large amounts of RAM and hard drives. In addition, in the event of a database failure, it will be very difficult to restore the documents stored in it. It is also necessary to be strictly attached to a specific DBMS. Features of document routing - EDMS modules responsible for document flow are usually called document routing modules. In the general case, the concepts of "free" and "hard" document routing are used. With "free" routing, any user participating in the workflow can, at his own discretion, change the existing route for passing documents (or set a new route). With "hard" routing, the routes for passing documents are strictly regulated, and users do not have the right to change them. However, with "hard" routing, logical operations can be processed when the route changes when some predefined conditions are met (for example, sending a document to management when a specific user exceeds his official authority). In most EDMS, the routing module is included in the package, in some EDMS it must be purchased separately. Fully functional routing modules are developed and supplied by third parties. Access control - EDMS implements reliable means of differentiation of powers and control over access to documents. In most cases, with their help, the following types of access are defined (the set of assigned permissions depends on the specific EDMS): Full control over the document; The right to edit but not destroy the document; The right to create new versions of the document, but not edit it; The right to annotate the document, but not edit it or create new versions; The right to read the document, but not edit it; The right to access the card, but not the content of the document; The complete absence of access rights to the document (while working with the EDMS, each user action is logged, and, thus, the entire history of his work with documents can be easily controlled). Tracking versions and subversions of documents - when several users work with a document at once (especially when it needs to be coordinated in different instances), a very convenient function of the EDMS is the use of versions and subversions of a document. Let's assume that the performer created the first version of the document and passed it on to the next user for review. The second user modified the document and created a new version based on it. He then passed his version of the document to the next

7th instance to a third user who has already created the third version. After a certain time, having read the comments and corrections, the first executor of the document decides to modify the original version and, on its basis, creates a subversion of the first version of the document. The advantage of EDMS is the ability to automatically track versions and sub-versions of documents (users can always determine which version / sub-version of a document is the most relevant in the order or time of their creation). The presence of utilities for viewing documents of different formats - most EDMS include utilities for viewing documents (the so-called viewers), which understand many dozens of file formats. With their help, it is very convenient to work, in particular, with graphic files (for example, with drawing files in CAD systems). In addition to the basic set of viewing utilities (included in each EDMS), additional utilities can be purchased from third parties that integrate well with the EDMS. Document annotation - when organizing group work on documents, the ability to annotate them is usually very useful. Since in some cases users are deprived of the rights to make any changes to the document in the process of its approval, they can take advantage of the opportunity to annotate it. In most EDMS, annotation is implemented by including an attribute for annotation in the document card and transferring rights to edit such a card field to users. But such a solution is not always acceptable (especially when annotating a graphic document). In this regard, in some EDMS there is a so-called "red pencil" function, with which you can graphically indicate the flaws in the image itself. Software tools that implement the "red pencil" function are widely available from third parties. Support for various client programs - most EDMS clients can be PCs running MS Windows, Windows NT. Some EDMS also use UNIX and Macintosh platforms. In addition, all modern EDMS allow you to work with documents through standard Web-navigators. Since Web browsers can be hosted on a variety of client platforms, this makes it easier to solve the problem of supporting ERMS in heterogeneous network environments. When using Internet technologies, the EDMS has one more server component responsible for accessing documents through Web navigators. The lack of staff qualifications and the peculiarities of the national mentality inexorably leave their mark on the overall efficiency of the organization of the work process. Computers for the most part continue to be used as advanced

8 typewriters, and authoritative experts have repeatedly noted that the introduction of computing tools without a serious study of the information structure of the enterprise only increases confusion. The conservative style of handling documents in paper form against the background of the exponentially growing total amount of information in the world only increases the cost of paper and consumables, office space is forcedly irrationally spent on storing archival files, filings of printed publications, and printed electronic correspondence. In one way or another, 30% of employees' movements around the office are related to the task of finding the necessary documents, in total this process takes them about one month a year, and 15% of paper documents are irretrievably lost. Approval of documents takes 60-70% of the working time. In the light of the above, 20-30% of the tasks set are not solved at all. All these problems are designed to be solved by the competent organization of paperless management technologies. Recently, "boxed" solutions for electronic document management systems have begun to appear, aimed at small and medium-sized businesses, which have the capabilities inherent in corporate systems, such as, for example, a graphic route designer, a designer of registration cards and report templates, or the ability for users to write additional software modules. . It should be noted that the supply of computer equipment and the installation of standard Microsoft programs on it does not allow solving all problems. The use of programs such as Outlook, Word, Excel, Access, of course, helps to partially automate some stages of working with documents, but they are not suitable for solving the problems of complex automation of electronic document management. Of course, it is possible to organize the workflow in the following way: send instructions and orders related to documents by e-mail, then, filtering them in a certain way, receive statistics on the document, the execution of the task, or the execution of the order by certain persons, but, as a rule, it is enough it is difficult to effectively monitor the execution of work on a document, organize automatic distribution of notifications and reminders when working with a document, it is impossible to quickly and easily get a ready report. As the actions of copying and transferring information between applications, a lot of intermediate data appears, in which it is easy to get confused, and at the same time, such a process requires maximum attention from the user. And if the user is a manager, and he has a staff of five or more people subordinate to him? Then such a process becomes even more complicated due to the presence of a large number of monotonous actions.

9 At the same time, the use of additional programs that are not designed for an integrated approach to solving the problems of electronic document management makes these tasks only more complex and confusing. "A minimum of actions - a maximum of convenience" - this should be an automated document management system. List of used sources 1. Glinskikh A., World market of electronic document management systems. - Access mode: 2. Electronic document management is a new business standard. - Access mode: 3. Electronic document management is a new business standard. - Access mode.

Documents are the main information resources of any organization, working with them requires proper formulation. Documents provide informational support for making managerial decisions at all levels and accompany all business processes.

Document management is a continuous process of movement of documents from the moment they are created or received until the completion of execution or dispatch, objectively reflecting the activities of the organization and allowing it to be managed promptly. Efficient document management is a mandatory component of effective management. Document flow is extremely important for the proper organization of financial and management accounting.

Electronic document management is a documentation management system in which the entire array of created, transmitted and stored documents is supported using information and communication technologies on computers united in a network structure that provides for the possibility of forming and maintaining a distributed database. At the same time, the use of paper documents is not denied, but an electronic document created, corrected and stored in a computer is recognized as a priority.

Electronic document management systems form a new generation of enterprise automation systems. The main objects of automation in such systems are documents (in their broadest sense, from ordinary paper to electronic ones of any format and structure) and business processes that represent both the movement of documents and their processing. This approach to enterprise automation is both constructive and universal, providing automation of workflow and all business processes of an enterprise within a single concept and a single software toolkit.

The global EDMS market is over 20 years old (the Russian EDMS market began to take shape in the mid-1990s). Hundreds of companies around the world are developing applications in the field of electronic document management. EDMS was originally created to help enterprises structure and improve their work with documents. But a clear focus on working with business processes as ordered flows of documents and EDMS tasks has been shown only recently.

The toolkit included in the EDMS allows you to implement electronic document management technologies in any company, regardless of its size and form of ownership. Among the final applications of workflow automation are registration of correspondence (incoming, outgoing), electronic archive of documents, coordination and approval of operational documentation, control over the execution of documents and instructions, automation of the contractual process, book management, a library of management procedures regulations, travel arrangements, organization of an internal information portal of the enterprise and its divisions, a system for monitoring the implementation of job descriptions.

In most cases, the server part of the EDMS consists of the following logical components (which can be located on one or several servers): document attribute storage (cards), document storage, full-text indexing services. The attribute store and the document store are often grouped together under the common name "document archive". To store attributes in most EDMS, Oracle, Sybase, MS SQL Server and Informix DBMS are used, which provide search for documents by attributes. To store the actual content of documents in most EDMS, file servers MS Windows NT, Novell NetWare, UNIX, etc. are used. In this case, heterogeneous combinations of network environments can also be implemented. For example, a database with document attributes might be running UNIX on a TCP/IP network, while the documents themselves might be stored on Novell NetWare OS on an IPX/SPX network.

Access to the database is carried out through a browser (as a rule, browser support is determined by the developer of the created interface). Access is possible both via the local network (internal) and via the Internet (external). Documents are saved or uploaded to specific dedicated organization folders. Folders are distributed according to the hierarchical structure of the organizational unit.

All EDMS are built on a modular basis, and their APIs are open. This allows you to add new features to the EDMS or improve existing ones. A key feature of the EDMS is a high degree of integration with various software applications through the use of OLE Automation, DDE, ActiveX, ODMA, MAPI, etc. technologies. , Oracle Applications, etc.).

The issue of EDMS classification is quite complicated due to the rapid development of the market for these systems. Since 2001, the concept of "corporate content management" (Enterprise Content Management - ECM), which involves the management of any content, and not just the content of documents, has become increasingly popular. Today, the concept of workflow is associated, for example, with office work systems, business process management (Business Process Management, BPM), content management systems (Content Management System, CMS), product lifecycle management systems (Product Lifecycle Management, PLM), as well as systems document management, which are engaged in the preservation and archiving of materials generated by the enterprise in the process of work. In the West, the concept of Enterprise 2.0 has been formed for internal document management systems, according to which the tools of social networks, blogs, instant messages and open encyclopedias are adapted for corporate needs. In Russia, the development of interdepartmental electronic document exchange seems to be especially important now.

Sources: Yandex.Dictionaries, DOC-Online.ru, Wikipedia, Computerworld Russia, ITeam, IT-Consultant