One of the key requirements of LiU E-Press is that it is not be possible for anyone to modify an article after its publication. It must also not be possible for an author to modify his or her work in order to improve the results retroactively. Furthermore, not only shall LiU E-Press be so organized in a way that articles cannot be changed; the procedures for guaranteeing the integrity of each published document must also be transparent and convincing to the rest of the world, and leave no doubt about the integrity assurance.
LiU E-Press uses a system which consists of a combination of administrative and technical measures. An electronically published document has at least one paper copy archived with the University archive. There are thus possibilities to go to the public archive in order to check a document’s authenticity by comparing the electronically published document with the copy in the archive.
Since this system is fairly inconvenient, it has been complemented with the use of encrypted checksums and PGP-keys.
When a document is published electronically a checksum is automatically generated by a system called MD5 (Message-Digest algorithm 5). The checksum is stored encrypted in a file and is made visible by a link from the web page, where the link to the electronic document is. If the document is changed. even the least change, the checksum is also changed. When the checksum is generated an e-mail is sent to the University registrar for register and archiving. It is archived as a paper copy in the Universities archive. A checksum may look like this:
Or like this with the path to the file:
When the checksum is generated as a file it is signed by a PGP (Pretty Good Privacy). PGP contains encrypted information stored in a file. See this example. Also the PGP sign is sent by e-mail to the University registrar and archived as a paper copy in the University archive.
All users have the possibility to check that his/her document has not been modified by following this procedure:
The described procedure relies, of course, on an assumption that the on-line posted checksum has not been modified. To verify this and obtain a paper copy of the archived checksum from the University archive, please fill in the form and send it to:
SE-581 83 Linköping
We are also studying other, complementary solutions regarding the archiving of checksums and keys.