LLC DKT

Requirements and Specifications

This client maintains one of the largest banking depositories in Russia. The system of electronic document management demanded a solution that would comply with a number of specific requirements, such as:

• High degree of security both of data store and of data exchange and transmission;
• Use of cryptography that complies with federal encryption standards and certification levels;
• The offered solution must be well-tuned to the specifics of the company business, i.e. servicing of both physical persons and business entities;
• The solution must allow work with arbitrary document types, e.g. structured or unstructured documents;
• The solution must integrate with already existing IT subsystems of the company document depository, and be ready for integration with other depositories of DKT clients.

Detailed analysis of requirements and research demonstrated that no software product in the field of document processing matches our client's specifications fully and an attempt to utilize an existing product would entail re-writing and adjustment costs comparable to the total cost of development of a similar system. As a result we decided on re-designing our solution from scratch.

Ivelum solution

Ivelum engineers offered a solution based on the following functional model:

To provide for high degree of security and to split load between different components of the system, we based it on two subnetworks with the main document store "one-way isolated" on the internal company subnet.

Thus we have the system subdivided into two blocks isolated from each other both logically and physically:

Application Server: is located in a separate subnet of the company network, which is isolated both from the Internet and from the internal network with firewalls. The application server is responsible for correct work of the user interface of the whole system. Our design ensures that, under no circumstances, the application server would keep unencrypted copies of the documents open or circulate them in the system. All documents passing through this server are encrypted and the server possesses no means of decrypting them.

Encryption Server: this is the main document store and it hosts a database containing open (i.e. decrypted) documents. Encryption server keeps all necessary software and keys for document decryption or their encryption for certain addressees.

Encryption server contains also a module for integration with internal subsystems of the depository.

Specific Features of Our Solution:

• Use of certified cryptographic tools. This system uses CryptoPRO CSP 3.0 as its main tool for the protection of documents, which is certified by FSS (Federal Security Service of Russian Federation).
• High reliability of data storage and transmission. System architecture ensures document protection: even in case of physical access to the main server of the system it will not yield document content.
• Use of recommended standards. Main document types in the system are kept in an XML format which uses document structure specified by PARTAD professional association PARTAD.
• Ability to work with arbitrary document types. The system contains all tools necessary to manage structured document types and also allows work with arbitrarily formatted documents.
• Ability to serve as a transport for document mass-delivery. The system contains means for mass loading and unloading of structured and unstructured documents, for both clients and depository operators. Flexible configuration and tuning will establish various processing rules for the incoming documents.
• Scalability and ability to maintain high loads. Used technologies and solutions are ready for scaling and are optimized for maximum speed. If needed, the system can be scaled to work over multiple server configurations to increase reliability or throughput.