2014 IEEE 11th International Conference on e-Business Engineering
Digital Signature Modeling in e-Business
Goutam Saha1, Mina Desai2, Arghya Ghosh3, Niladri Saha4
1, 2, 3, 4
Centre for Development of Advanced Computing (C-DAC), Kolkata Plot
E-2/1, Block-GP, Sector - V, Saltlake, Kolkata, India
goutam.saha@cdac.in, mina.desai@cdac.in, arghya.ghosh@cdac.in, niladri.saha@cdac.in
Abstract – The aim of this paper is to solve
the problems related to integrity, security,
authenticity and non-repudiation of prevalent
ERP based e-business application solution in
Indian perspective. Traditional approaches and
methodologies for implementing e-business
solution have rarely achieved the requisite
solution to the above problems even with the
role based access control system. We have
explored a methodology which emphasizes
authentication in e-business with design of
intelligent system. It ambitiously replaces the
present day written signature authentication
process with digital signatures having full
compliance to integrity, security, authenticity
and non-repudiation. The design also models
in-depth functionalities, audit trail and keeps
track of evidences of document tampering from
any sources after the digital signature is placed
in the system. The model is implemented
successfully and is found to be at par with the
prevalent written signature authentication
system. We outline the plausible future work to
model it for e-Governance system in Indian
perspective.
Keywords: e-business; security; open-source;
e-commerce; digital signature; ERP
I. INTRODUCTION
The e-business concept in India is quite
recent and it is now gradually gaining the
momentum as well as the importance. The idea
is to carry out business processes via workflow-
based application having inbuilt digital
signature implementation. The whole process is
conceptually designed to be similar to the
manual procedures which eventually reduce the
overheads and increase transparency.
The implemented model uses workflow
management system typically made to improve
various business processes to make it full proof.
So the design and development of these
processes must ensure correct, effective and
efficient model to evolve with a better
performance oriented workflow management
system. Prerequisite for these activities is to
define the basic processes of a business and
model them into a workflow system. The
978-1-4799-6563-2/14 $31.00 © 2014 IEEE
DOI 10.1109/ICEBE.2014.67
solution has been developed in accordance with
business policies, rules and regulations, so the
requirement of Business Process Reengineering
(BPR) is negligible [1]. Concept mapping
technique has been used to enhance the design
aspect of workflow management system.
The implementation is a significant step
forward towards the development of a low-cost,
user friendly solution having the movement of
digital files duly signed electronically, using
Digital Signature based on PKCS #12
standards, in a hierarchical system.
II. OBJECTIVE
The prime objectives of the proposed model
was to develop e-business solution with the
following benefits:
To computerize each and every processes of the business.
To improve efficiency, consistency and effectiveness of
business processes.
To reduce turnaround time.
To provide effective resource management to improve the
quality of administration.
To reduce processing delays.
To establish transparency and accountability.
To improve operational efficiency and decision making by
the application of IT in all mainstream business processes.
III. TECHNOLOGIES USED
A. Digital Signature
The model has embedded digital signatures
by using asymmetric key cryptography concept.
Digital signature is analogous to the physical
signature which proves the ownership of the
document. It ensures the authenticity and
integrity of a digital document. A valid digital
signature also assures that the document has
been created by a valid sender and that it had
not been altered in transit. The key services
provided by the digital signature include
authentication, non-repudiation and integrity.
Authentication is provided by digital certificate
issued by a trusted third party. It provides the
350
identity of a person. Nonrepudiation makes the
signer unable to deny that he/she has sent the
message, signed the document or participated in
a transaction. Integrity ensures that the
document has not been tampered in transit [5-
6].
The application of digital signature
implemented two main process namely signing
and verification of digital signature.
1) Signing: A suitable
approved cryptographic hash
function is used to generate a hash
value from the data at the sender’s
end. It is then encrypted using
signer’s private key to generate
signature. Now, the certificate issued
by a third party along with the
signature is attached to the data to
produce digitally signed document.
2) Verification: This is used to
validate the signature. By applying
the hash function on the data at the
recipient end, hash value is
generated. The encrypted signature is
then decrypted using the signer’s
public key, from which we get
another hash value. If these two hash
values are equal then the signature is
valid.
B. Security
By implementing the signing and
verification process, recipients were assured of
integrity, authenticity and nonrepudiation.
1) Integrity: Algorithms and
procedures used to assure integrity
includes Parity bits or Cyclic
Redundancy Check (CRC) functions,
it checks unintentional modifications
during transmission; One-way hash
using SHA-1 creates hash value or
message digest for a message of any
length which helps the recipient to
determine if the message has been
altered; By the use of Message
Authentication Codes (MAC), it
prevents an attacker from obtaining
the original message, modifying it
and attaching a new hash.
2) Authenticity: Digital
signature provides document
authenticity by verifying a signer’s
digital identity by signing and
350
verification process as depicted in
Section A.
3) Non-repudiation: It
prevents the signer from denying that
he or she has signed it. Public Key
Infrastructure (PKI) provides digital
certificates which help the recipient
to know whether the public key really
belongs to an individual. Digital
certificates bind an individual to a
public key. Time stamping is another
critical component of non-
repudiation that offers a time stamp
of digital signature.
C. Concept Mapping
The structure of a workflow process was
represented by the use of concept maps
containing the network of commitments where
the nodes represented the loops and the arcs
represented the dependence relationship
between the loops. This representation was
mandatory in anticipation of identifying
potential process “breakdowns” and
“bottlenecks”.
D. Platform used
The platform used in the development is
J2EE architecture along with struts framework,
which provided the MVC architecture.
Hibernate is used for object-relational mapping
(ORM). The solution is platform independent.
Linux, Apache and MySQL architecture is used
to make the solution low cost.
E. Model-View-Controller (MVC)
The main aim of the MVC architecture is to
separate the business logic and the application
data from the presentation layer of the user. The
main components of the MVC architecture are
Model, View and Controller. Fig 1 depicts the
MVC architecture.
1) Model: It handles the data
of an application. It also governs the
business logic but remains unaware
of the presentation layer.
2) View: It represents the
presentation of the application. It is
independent of the business logic and
remains unaffected if the model
changes.
3) Controller: Any request
sent by the user passes through the
controller. It is responsible for
handling the request coming from
 view and passes it to the model for
appropriate actions. After the action
has been taken the controller is
responsible for directing the
appropriate view to the user.
Fig. 1. MVC Architecture
IV. DESIGN ASPECTS OF THE PROPOSED
MODEL
The implementation methodology includes
primarily two processes namely, Workflow
Process Management and
Application of Digital Signatures.
A. Workflow Process Management
Workflow management systems are
typically used to improve various business
processes to automate them without any
lacunae. Prerequisite for this activity is to define
the basic processes of a business, analyse them
by workflow process analysis and select a
suitable model by the application of design
concept.
1) Workflow process analysis:
The analysis of workflow processes
is the most crucial step before
considering design aspect. It is
carried out through observations and
discussions with the actors involved
in the work process. The purpose of
this analysis is to identify the use
cases, actors their roles, their
interdependencies, the routes the
subtask follows in a process and the
rules governing the whole process.
Sometimes Business Process
Reengineering (BPR) is required to
remove unnecessary loops in the
process [1]. This is realized by
adding, removing or redefining
350
various subtasks constituting the
process. Workflow provides a
common representation of subtask’s
structure among the actors involved
in the process.
2) Workflow modeling and
design concept: After workflow
analysis has been done; the number
of tasks, subtasks, roles of actors and
their dependencies, rules governing
various processes and other requisite
parameters of the system are
available. Then one of the two
following models as depicted below,
is applied to design the workflow.
a) The functional model: In
this model a workflow can be seen as
a meta-concept defining the
reusability characteristics of the
modeling elements.
b) Control aspect model: It is
concerned with breaking a work
process into a number of tasks,
ordering them in a process model and
routing them along predefined
intended path.
The task is again divided into indispensable
subtasks [3]. The basic idea behind the division
into subtask is that each subtask within a given
task adds some value, i.e., status to the work
process. The design aspects of workflow are
fully different from the design aspects of
Management Information System (MIS). The
most effective workflow design consists of a
work process design model as well as business
hierarchical model. The work process design
model describes the behavioral aspects with
respect to the process, the initial status to the
intermediate status to its final status. The main
element of the process is the task which is the
elementary unit of work inside the workflow.
Tasks are further divided into subtasks with an
intermediate status and can join a different task
path also depending on the condition to be
satisfied and the relevant status achieved.
Subtask splitting allows the modularization of
the workflow process and can be designed and
developed as a self contained activity
fragments. This modular design of workflow
helps in producing reusable workflow
specifications as the soft specification, which is
framed as workflow process. Now the business
hierarchical model will set up a path for the task
and subtask from department to department to
achieve intended status.
There must be a task manager mechanism
which generates the tasks, splits them into
subtasks, assigns status to the tasks, subtask and
coordinates the sending and receiving of the
tasks from department to department and among
the users of the same department. This sending
and receiving of the task is associated with the
system generated pdf reports and approval note-
sheets to be digitally signed. This is the locus of
the entry of the application of digital signature
to digitally sign the system generated reports.
Such reports are digitally preserved in the
system for future use. The reports here imply
any kind of MIS model, documents, forms etc.
The top down approach is to be assumed
during the process modeling, a candidate work
flow task as resulted from analysis phase is now
decomposed into subtasks. A set of
decomposition criteria to be considered are:
Subtasks must add status and value to the process.
Subtask improves readability and
understanding the design documents.
Modularization of subtask with
development. Each subtask must not have 4-5
tasks.
Flexible.
High cohesion, low coupling.
Our solution uses control aspect model for
designing the workflow.
3) Implementation: Implementing a
workflow for a complex business system and
integrating it with an existing legacy
information system requires a specific approach
to have expected benefits and seamless
execution. The development of such a system
can be used for modeling any work process and
identify the critical issues which needs to be
addressed for improving the process [2-4]. The
work process is broken into subtasks with
corresponding identification code and status.
B. Application of Digital Signature
All official documents, note-sheets, reports
bearing digital signatures are to be circulated in
PDF format in the web based integrated
workflow.
It is a general perception that in the
traditional manual signature system, a signed
document possesses not only integrity of the
contents of that document but that the document
signature itself also possesses the element of
integrity. The current commercial
implementations of digital signature and
350
electronic signature technologies do not address
the integrity of the digital signature itself. Our
model addresses to this problem by encrypting
the digital signature itself by password
protected private key of the signer. When the
document is received by the intended recipient
it decrypts the digital signature by using public
key of the sender. Thus the sender of the
document is bound to the contents of the
document. This addresses the authenticity of the
signer. The user enters the system with his/her
password and then only he is able to download
the document to be digitally signed with time-
stamping. After he/she puts his/her digital
signature on the document, he/she forwards it to
the next level of hierarchy. During forwarding,
the system validates if the UID of the digital
signature is bound to the user which, in turn,
gives solution to the problem of nonrepudiation.
The signing and verification process is as
described in Section III (A) that keeps the
integrity and security of the document intact.
C. Key Management
The digital signature solution imbibed in the
system uses Public Key Infrastructure (PKI)
concept for the management of complete
simpler of digital signature. The key
ecosystem
management system has a software module
which functions as Certificate Authority (CA)
that issues and verifies the digital certificates.
There is a Registration Authority (RA) which
verifies the identity of the individual and
ensures that the public key is bound to the
individual to which CA has issued digital
certificate. Fig. 2 depicts the process.
A secured central repository is maintained in
the system which is used for validating the key-
user binding. The system has a digital certificate
policy defined by the competent authority
legally vetted by Legal Advisor. The policy
defines issuance, distribution, validity, number
of bits key, signature algorithm used, storage,
certificate reissuance and revocation rules.
Fig. 2. Key Management
V. SYSTEM ARCHITECTURE
The system architecture of the proposed
model is given in Fig. 3. The diagrammatic
representation of the workflow model is Fig. 3. System architecture of the proposed model
provided in Fig. 4.

Fig. 4. Proposed Workflow model

VI.ADVANTAGES AND
DISADVANTAGES
The following are some of the advantages
and disadvantages of the model:
A. Advantages
Conceptually similar to the existing
manual workflow process.
Improves efficiency, consistency and
effectiveness of business processes.
Reduce turnaround time and processing
delays.

350
 Provides high security and effective
resource management to improve the
quality of business administration.
Establish transparency and accountability.
High cohesion and low coupling model.
Helps in modular development,
deployment and implementation.
Reduces the extent of Business Process
Reengineering (BPR).
Less paper office.
Inbuilt digital preservation of digitally
signed official records.
Easy search and retrieval of the official
documents.
B. Disadvantages Lack of flexibility to handle
exceptional situations out of the normal
workflow.
VII. CONCLUSION
The design, development and
implementation of the above described model
has encompassed efficiency, consistency,
accountability and transparency in the business
processes. As the modules are highly cohesive
with low coupling nature, incremental
development and deployment of the modules
can be carried out easily. The application of
digital signature has made the solution secure,
authentic and accountable. It is advisable to
have detailed study of the existing workflow
model before the designing phase. This reduces
the need of Business Process Reengineering
[3] S. Jablonski and C. Bussler, Workflow Management: Modeling
International Thomson Computer Press, 1996.
350
(BPR). Similar approach can be extended for
eGovernance system in Indian perspective for
government offices wherein signed approvals
from the competent authority is a mandatory
process.
ACKNOWLEDGMENT
We would like to express the deepest
gratitude to our Executive Director Col. (Retd.)
A. K. Nath who has the attitude and the
substance of a genius for extending his
technical guidance and persistent help to design,
develop and implement the module, without
which this execution would not have been
possible. In addition, we thank all the team
mates who made full effort to develop and
implement the model successfully.
REFERENCES
[1] A.I. Anton, W.M. McCracken and C. Potts, “Goal
decomposition and scenario analysis in business
process reengineering”, in Proceedings of the 6th
International Conference on Advanced Information
Systems Engineering, CAiSE’94, Utrecht, The
Netherlands, June 6-10, 1994..
[2] Medina-Mora, T. Winigrad, R. Flores and F. Flores,
“The Action Workflow Approach to Workflow
Management Technology”, In Proceedings of the
1992 ACM conference on Computer-supported
cooperative work, CSCW ’92, Toronto, Canada,
ISBN 0-89791-542-9, pp 281-288.
[4] Wil M.P. van der Aalst, Mathias Weske and Guido
Wirtz, “Advanced Topics in Workflow
Management: Issues, Requirements, and Solutions”,
Journal of Integrated Design and & Process Science,
Vol. 7, Issue 3, pp 4977, August 2003.
[5] Adobe Systems, PDF-Reference 1.7,2006.
[6] Adobe Systems, PDF 320001:2008.
Concepts, Architecture and Implementation,