Secured Management of Online XML Document Services through Structure Preserving Asymmetric Encryption
Xerox Research Centre Europe
Externalizing document management is a problem when individual or corporate privacy is to be ensured. Provided that the decryption key is not known from service side, pure storage/archiving of encrypted documents is highly secure, but of poor interest as no operation can be performed on hosted data. Thus, current document management systems offer restricted privacy mechanisms, roughly based on secured communication channels and sometimes encrypted storage. However, many value-added processing operations require decrypting the document, and no formal guaranty is granted regarding the safety of system behaviors. As an example of known issue, there is the problem of data remanence (persisting information on disk after file system deletion), bugs or viruses acting on various level of the software architecture. This paper describes a method to allow restricted (but yet meaningful) ways of processing encrypted XML documents without needing decryption phase. The encryption process we propose allows isomorphic encryption of data (XML document owned by customers) and operator transformations (verification and transformation operated by the Service Provider) in such a way that full secrecy is ensured simply because the decoding key is not known by the Service Provider. Once transformed, operators can handle encrypted documents with equivalent results up to the decryption operation.