Information Technology Reference
In-Depth Information
usually a human but some steps maybe automated by software plug-ins, for example
these may read information from file headers or work out fixity information. After
each protocol instance is signed off as finalised, the results are compiled into the
Authenticity Protocol Execution Report which will be used to make the informed
judgment as to the authenticity of the digital asset. The report is exportable in a suit-
able digital format allowing it to be attached to an Archival Information Package
(AIP), thus allowing it to be stored directly or referenced by the asset itself. When
the AIP and the digital asset it preserves is moved, processed or transformed, the
Authenticity Report can be updated and maintained, keeping the provenance of the
digital information relevant throughout its lifecycle.
13.7.1 Digests
In order to verify that the collected evidence is itself trustworthy it is important to
detect any forgery and whether or not the evidence has been tampered with. In order
to allow this to be determined by a consumer, a digital digest can be used to digital
sign the evidence. To create a digest, a cryptographic hash function (commonly built
into many programming languages) is applied to the captured evidence, returning a
(cryptographic) hash value, such that an accidental or intentional change to the data
will change the hash value. To investigate if there has been some change, the hash
value can be recalculated and compared the original. The Hash value itself is known
simply as a digest and should have been created in such a way that it would be com-
putationally impracticable to find a message from a given digest, impracticable to
modify a message without changing its digest and impracticable to find two differ-
ent messages with the given digest. The tool creates a digest of every captured item
of information along with the timestamp of its capture, when the complete capture
is signed-off - with a digital signature, a new digest of the complete Authenticity
Protocol Execution Report is created and thus available for a fixity comparison.
13.7.2 The Authenticity Management Tool
As has been noted, the Authenticity Management Tool is based upon the
Authenticity Model, facilitating the capture of all relevant Preservation Description
Information (PDI) deemed necessary for the a member of the designated community
to make an informed judgment as to the trustworthiness of a preserved digital asset.
The tool may be used by data producers, administrators and analysts with respon-
sibility for creating and managing data as part of a project's preservation strategy.
The results of the tool, the Authenticity Execution Report will be used by those who
need to evaluate the authenticity of the digital information.
Such a tool could be used throughout the life of the digital asset, importing new
Protocols and Steps as use of the data changes and evolves or new events are deemed
to be important. For example in the creation of data by a scientific instrument, the
project scientist may define Authenticity Protocols to be followed on initial first
level data processing, then when the data is archived for the long term a new set
Search WWH ::




Custom Search