Pilot of the Swani Project Administrative Network (PotsPan)

Project Pilot Case StudyPartner Institution: Swansea Metropolitan, University of Wales Trinity St David

Date: January 2013

Case Study Title: Electronic Signatures for Online Distance Learning Document Authentication

1. Summary

The contribution to be made by Swansea Metropolitan University as a partner in the JISC PotsPan project was to pilot the use of digital signatures with management and administrative documents in the context of its merger with University of Wales Trinity Saint David during the project period. The intention was to explore the benefits of electronic signatures on documents that needed to be shared on multiple sites, particularly with regard to the delivery of work-based learning.

The importance of this pilot exercise was that it was not constrained by the EU requirement for hand written signatures that led to the use of digital pens for the other pilot exercises. It was therefore an opportunity to explore the use and effectiveness of secure electronic signatures on documents and how they could be used to authenticate digitally communicated administrative paperwork.

The basic features of a secure electronic signature system are that it should be able to confirm ownership of the document, that the signatory was authorised to sign the document and that the document has not been changed since the signature was applied. Typically the system will also identify the computer used to create the document and will verify the date and time the signature was added.

A further element of security in the systems accepted by international finance and commerce is the use of a third party Certification Authority (CA) that generates encrypted public and private key certificates. The private key certificate is held on the owners’ computer and ensures that the encrypted data includes verification information that is recognised by the receiving computer(s) with the public key. If any aspect of the document and signature security is not verified, then a ‘not valid’ alert will be shown.

Both commercial and open source document creation applications are available that include the ability to add secure electronic signatures to documents and provide CA services. An objective in the PotsPan project was to identify the most cost effective solution for the institutions and this case study shows how open source solutions are both available and effective.

The pilot exercise created and tested a series of documents with secure electronic signatures. These documents were sent electronically as attachments and uploaded to institutional websites and were shown to retain the encrypted data confirming signature and document validity.

It was concluded that the work confirmed that electronic signatures that authenticated digitally transmitted administrative documents were achievable in a cost effective way and that met commercially accepted levels of verification and security.

2. The Work-Based Learning Context

Swansea Metropolitan based the electronic signature pilot exercise on plans for the online distance learning delivery of logistics and transport training for British Forces stationed in Germany and other operational areas. The courses, validated by the Chartered Institute of Logistics and Transport1, are currently delivered on-site by peripatetic tutors and are consequently expensive to deliver. Online 1 http://courses.independent.co.uk/training-provider/chartered-institute-of-logistics-transport-13079

1

delivery would be much more cost effective, but would require the authentication of work submitted online by the work based learners. This would normally be in the form of assignments uploaded to the Swansea Metropolitan Moodle site, accompanied by front sheets signed by an accredited local work-based mentor.

The planning for the online distance learning version of the CILT course was carried out in parallel with another project funded under the Embedding Benefits strand of the JISC e-Learning Programme. The Dewi project2, led by Cardiff Metropolitan University, had the objective of using the JISC WBL Maturity Toolkit3 to assist in the design of WBL programmes in the partner institutions. At Swansea Metropolitan the exercise centred on the CILT online delivery proposal4 and hence fitted in well with the PotsPan pilot. A third project at Swansea Metropolitan, again part of the the JISC Embedding Benefits programme, also contributed to the pilot exercise. The was the Smudie project5 which was using Enterprise Architecture and similar modelling techniques to plan improved student information management systems at the university and thus also aligned well with the pilot exercise objectives.

3. The Pilot Exercise

The pilot exercise was carried out in three phases. The first was an initial research phase which explored the methods used to securely authenticate digitised documents and the signatures that verified them in current global commerce and finance. This phase had the goal of identifying established trusted practice that could be replicated in an educational authentication and audit context.

Once established practice appropriate for educational use had been identified, the second phase objective was to design an implementation plan that satisfied the academic quality assurance requirements as well as optimising system cost effectiveness. This involved exploring and testing appropriate implementation options and arriving at a solution that met both conditions.

The final phase of the pilot exercise was to implement, test and evaluate the chosen option and to draw conclusions about future viability, sustainability and value in supporting future online distance learning for the institution. It was also hoped that the outcomes would be of value to others in the sector considering similar issues.

Phase 1: initial research

Secure electronic signatures are accepted for financial and business transactions globally6 and virtually any level of security can be included in document management workflows. Adobe summarise the capability well in their introduction to the use of electronic signatures7 using their Acrobat PDF authoring application:

Digital signature capabilities allow authors to set up a secure signing environment and create simple documents and complex forms with one or more fields. Document authors can design documents with multiple signature fields each with unique behavioural characteristics and appearances.

A signed field can lock other fields so that signed data can’t be changed, and authors can force certain signature fields to be a required part of a workflow. Attention to signature field design and configuration can help make the document “do the right thing” when someone receives it as well as control what that person can and cannot do with it.

2 http://www.jisc.ac.uk/whatwedo/programmes/elearning/embeddingbenefits2012/dewi.aspx 3 http://wbltoolkit.pbworks.com/w/page/35396849/Home%20page%20-%20WBL%20Maturity%20Toolkit 4 http://swanseametwbl.pbworks.com/w/page/61324658/JISC%20Dewi%20Project%20Information%20and%20Documents 5 http://smudieprojectblog.blogspot.co.uk/ 6 Toole, A. M. (2012) Making Your Mark – Digital Signatures. JISC Innovating e-Learning Online Conference. November 2012.7 Adobe Systems Inc. (2011) Digital Signatures Enterprise User Guide. [online]. Available at:

http://www.adobe.com/devnet-docs/acrobatetk/tools/DigSig/Acrobat_DigSig_WorkflowGuide.pdf

2

Similarly, the Open Office suite of open source office applications includes the ability to add digital signatures (and encrypt entire documents) in a secure way. They provide a number of application scenarios8 including one that is entirely relevant to this case study:

Scenario: Education: Signing and encrypting documents in the education area is interesting, because it can replace the paper process of correcting dissertations, etc. Students would send theirsigned dissertations to professors, who would make annotation, sign these annotation and send thesigned document back to the student.

Product Requirement 1: Sign Complete Open Office Documents;Product Requirement 2: Encrypt complete documents;Product Requirement 3: Protect content via password and allow to add annotations (comments) ortracked changes only;Product Requirement 4: Sign tracked changes or annotations.

Both Adobe and Open Office enable degrees of security to be applied to their documents and electronic signature systems that meet the authentication needs of the project. The difference between them is that Adobe is a commercial product and Open Office is an open source software application and free to use.

Secure and trusted electronic signature systems typically involve the use of third party Certification Authority (CA) providers who ensure the validity of the digital certificates they issue for confirming author identity, ensuring document integrity and providing encryption keys for secure document distribution. The CA providers would carry out a series of verification tests to prove identity, including those typically used by banks in providing financial services. In the most secure systems, the CAs would themselves be legally liable for any fraud carried out through the use of their digital certificates. Again, both commercial and free to use service provision is available.

Central to both the Adobe and Open Office ability to add electronic signatures to their documents is the fact that they are in PDF format. PDF documents not only contain the document content, they also include any meta-data relating to that content, including electronic signature data, added when the document was created and saved. When opened in a PDF document reader, the meta-data will be read and, where it relates to a digital signature, will be able to verify the status of the document, including the validity of the CA digital certificate.

Phase 2: the implementation plan

PDF file format is commonly used for the transmission of digital documents as it is an independent format able to be opened by any PDF reader. It is commonly used in education as a trusted format and would typically be requested for any document upload or email attachment. It is entirely appropriate for the purpose of assignment submission by online distance work-based learners.

Online submission would be through the Swansea Metropolitan Moodle site. Each submission would be a PDF file containing the assessment document prepared by the learner, together with a top-sheet containing the electronic signatures of the learner and the WBL mentor responsible for confirming authenticity. The validity of electronic signatures would be assured by registering all the users with the CA provider.

Both Adobe Acrobat and Open Office Writer were tested as PDF authoring applications and were both found to be perfectly adequate. Open Office Writer9 was chosen as the preferred option as it was open source and could be freely used by the institution, the WBL employer and the learners.

8 Loehmann, F. (2004) Electronic Signatures and Encryption GUI. [online]. Available at: http://bcn.boulder.co.us/~neal/i2/OpenOffice_Electronic_Signatures_and_Security.pdf 9 http://www.openoffice.org/product/writer.html

3

The CA organisation selected for trialling in the pilot exercise was CAcert10 who provide a free to use digital certificate service.

Phase 3: testing and evaluation

To use Open Office Writer, it needs to be downloaded and installed on each computer to be used11. Each user then needs to register with CAcert, the sequence being:

Registration as a user and create an account on the CAcert website12. This involves entering a user name and password, along with other unique security data;

When registered and logged in, the process is to select ‘new client certificate’ and then ‘create certificate’;

A security strength level is selected for the encryption key at this stage. For the exercise, ‘Microsoft enhanced cryptographic provider v1.0’ was chosen;

When the certificate is created it opens in a new window with an invitation and link to import into the browser. An email is also sent confirming the creation of the certificate, providing a link to it in the user account, and also a reminder that the CAcert root certificate also needs to be imported before certificates can be used. A link to this process is also provided.

The installation process begins with the Root Certificate and this is accessed on the CAcert Root Certificate website13. There are links on the page to initiate the Root Certificate download. Once this has been done, the download is imported in the Internet Options>Content>Personal>Certificates> of the browser using the ‘Trusted Root Certification Authorities’ tab. The digital certificate can then be imported by clicking on the link in the certificate page on the CAcert website. The certificate is now ready for use.

With the digital certificate imported, it can be used to add electronic signatures to Open Office documents. For the purpose of Pilot Exercise 1 a test document was created in Open Office Writer and the electronic signature process tested.

Once the document had been created the File>Digital Signatures option was selected and the newly imported digital certificate option appeared in a new window and was activated by clicking on the Sign Document button. Once signed and saved, whenever the file is opened it will have the small icon next to the ‘The signatures in this document are valid’ line in the image above showing in the document toolbar confirming that it is a valid signed document:

When the document is opened and the icon is double clicked, the documentation verification will be confirmed and the security information can be viewed:

10 https://wiki.cacert.org/FAQ/AboutUs 11 http://www.openoffice.org/download/ 12 https://www.cacert.org/index.php?id=1 13 http://www.cacert.org/index.php?id=3

4

If, at any time, the signed document is edited or changed in any way, the electronic signature will be invalidated and the icon in the document toolbar will disappear. The edited document can, of course, be re-signed by an authorised signatory.

The system was tested and evaluated using a series of test documents. The test document above was sent by email as an attachment and when opened in Open Office Writer, it included the digital signature that confirmed validity and that the document had not been altered since the signature had been applied.

When opened, the document was in read-only format which further avoids the possibility of invalidating the signature. The attached file was saved locally and, when opened as a local file, still retained the digital signature verification. However, it was now in edit mode and, if editing did take place, then the digital signature was invalidated.

4. The Pilot Outcomes

Having established the viability of combining the open source document creation and editing application Open Office with the freely available Certification Authority services provided by CAcert, the next phase of the pilot exercise was to trial the system with University assessment documents.

The standard assessment front-sheet used by the Faculty of Applied Design and Engineering at Swansea Met was chosen. It was imported into Open Office Writer and, after some appropriate formatting changes suitable for export as an OpenDocument Text file, the document was digitally signed using the authentication certificate set up during the first pilot exercise. After confirming the validity of the signature, the file was then sent as an email attachment and, on receipt, the file was saved and opened using Open Office.

5

The received document can be seen below, along with images demonstrating that the digital signature was valid and verifiable on receipt.

The outcomes of the pilot exercises can therefore be reported to have met all expectations and demonstrate that the use of electronic signatures can be reliably applied to remotely submitted assessment documents. It can be further reported that the outcome is achievable using open source tools and freely available services, thus making the process highly cost effective and accessible.

5. Conclusions and Recommendations

The overall conclusions that can be drawn from the outcomes of this pilot exercise are that they confirmed that electronic signatures that authenticated digitally transmitted administrative documents were achievable in a cost effective way and that they met commercially acceptable levels of verification and security.

In the context of the plans for the delivery of work-based learning by online distance learning, it demonstrated that the system would facilitate the authentication of remotely submitted assessment materials. Clearly academic quality approval processes would need to be satisfied for accreditation, but it is felt that a level of quality assurance equivalent to that of campus based courses could be demonstrated with this system.

It is recommended that the electronic signature system be further tested and that this should include exploring alternative applications and services to ensure the most robust and cost effective combination is adopted. It is suggested that this be included in the preliminary trials of online distance learning WBL delivery at the university.

This case study is submitted as one of the planned deliverables of the JISC PotsPan project managed by Coleg Sir Gâr.

Tony TooleJanuary 2013

6