Security Considerations

PlanetPress Capture introduces new and efficient methods for digitally capturing the contents of ink laded out on physical paper. However, because of its nature, some end users may voice concerns about security and privacy. Are signatures secure? Could their transmission be intercepted? How can the contents of the Anoto digital pen be protected from malicious users?

Before addressing these concerns, it must be pointed out that these security issues are not introduced by this new technology. In fact, they are essentially the same concerns that arise with plain pen and paper: if the signed document can be scanned, then any markings on the page can be extracted and reused by anyone with even limited technical skills. In addition, the signed document has, by definition, a longer life span than the temporary storage location of the digital pen. Consequently, it is still the most vulnerable piece of the workflow and as such, it should be the first objective of any security effort.

In other words, as long as the physical piece of paper bearing markings is accessible to malicious users, no amount of security protocols can protect the signed contents. It is only after the paper trail has been secured that the security and privacy issues specific to PlanetPress Capture should be addressed.

Because PlanetPress Capture relies on external data and communication and because it may be used to process sensitive and legal information, it is important to understand the security implications of any PlanetPress Capture implementation. Most of the security concerns regarding Capture are external to it. This means the security that is implemented both on your network and physical premises are critical to the security of your PReS Workflow implementation.

Here are a few notable points with the security of PlanetPress Capture on a network:

  • PGC Files, while not written in plain text, are not encrypted and are readable through either PReS Workflow (even a server that did not generate the document associated with it), or through third-party applications using the Anoto SDK. This means if someone gains access to your PGC storage folder, they may be able to read the signatures, checkmarks and other information contained in it and reproduce them on a document of their choice. It is always better to secure this folder properly. You could also use third-party encryption software to secure the files, and decrypt them as necessary for reprocessing.
  • The transfer between the Anoto penDirector and PReS Workflow is not encrypted due to a limitation of penDirector which does not support SSL connections. This means someone located anywhere between penDirector and PReS Workflow could use software such as a packet sniffer to retrieve its parts and recreate the PGC files. This may be resolvable by create a secure VPN tunnel for each location where penDirector is installed instead of going through regular remote HTTP server.
  • The PlanetPress Capture database, since it can be external to PReS Workflow such as on a MySQL server, will be dependent on your own database security.
  • The Anoto Digital Pens, since they may contain critical information, are just like physical sheets of signed paper and must be kept secured. This is best done through training employees handling the pens to be aware of its value and contents and act accordingly. This means that the security of the pen is just as important as the security of any existing physical documents you may handle at the moment.
  • The same rules apply to PDF files as with PGC files, especially when they contain a signature from the pen. If you are already securing digital scanned copies of signed documents, the PDFs should be secured in similar ways.

However, remember that as with most security concerns, in order to be a “threat”, someone would have to have a high level or working knowledge of either the Anoto SDK (which is not easily obtainable) or PReS Workflow and PlanetPress Capture. In some situations this may be enough (security through obscurity) but we always recommend having the same level of security for Capture files and documents as you would the rest of your sensitive information. In most cases, the procedures in place are enough for this purpose.