Issue No.05 - Sept.-Oct. (2012 vol.9)
Hoon Wei Lim , Nanyang Technological University, Singapore
Florian Kerschbaum , SAP Research, Karlsruhe
Huaxiong Wang , Nanyang Technological University, Singapore
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.38
Interorganizational workflow systems play a fundamental role in business partnerships. We introduce and investigate the concept of workflow signatures. Not only can these signatures be used to ensure authenticity and protect integrity of workflow data, but also to prove the sequence and logical relationships, such as AND-join and AND-split, of a workflow. Hence, workflow signatures can be electronic evidence useful for auditing, that is proving compliance of business processes against some regulatory requirements. Furthermore, signing keys can be used to grant permissions to perform tasks. Since the signing keys are issued on-the-fly, authorization to execute a task within a workflow can be controlled and granted dynamically at runtime. In this paper, we propose a concrete workflow signature scheme, which is based on hierarchical identity-based cryptography, to meet security properties required by interorganizational workflows.
Business, Engines, Public key, Digital signatures, Electronic mail, security compliance., Digital signatures, applied cryptography, business processes
Hoon Wei Lim, Florian Kerschbaum, Huaxiong Wang, "Workflow Signatures for Business Process Compliance", IEEE Transactions on Dependable and Secure Computing, vol.9, no. 5, pp. 756-769, Sept.-Oct. 2012, doi:10.1109/TDSC.2012.38