This patent document relates to versioning control in an electronic document file management system. More specifically, the present disclosure relates to a secure revisioning audit system for electronic document files.
Electronic document files, which may include documents, programming files and data records change over time. They go through revisions, additions and deletions. Tracking these changes, so any previous version of a document can be recreated, is called version control or source control, and it is well known in computer programming and document management systems. When a new version of any source is created, the difference (called a diff) between the new version and the old version is created. Any version can be recreated by combining all diffs up to that version, or subtracting diffs from the latest version. The repositories of these diffs are invaluable tools for programmers, however, they are not intended to be secure. Some version control systems make it fairly easy to edit entries in the revision system. This may not be of a concern for most documents because it is enough to be able to access the most recent version, whereas older versions are simply obsolete. However, for some high stakes electronic documents, such as electronic medical records (or electronic health records, sometimes referred to as EHRs), bank records or the documentation of a criminal investigation, it is important not only to have the most recent version but to be able to audit the changes made and who made them.
There can be many applications to drive the need for an audit trail. For example, medical records may be reviewed to determine how treatment mistakes are made, either for educational purposes or as part of a lawsuit. Financial records might be audited for compliance to laws and regulations or to discover embezzling or other misconduct. Criminal investigative records, including such disparate items as interview notes, crime scene photos and DNA test results, are so critical evidence in a court that any alternation can have significant consequences.
While creating an audit trail is relatively easy, protecting it from tampering or simple error is difficult. Those who would alter or destroy these records are normally highly motivated and may only need a little knowledge of database hacking or someone else's passwords to achieve their goal.
In a related field, Bitcoin technology, which is developed for electronic commerce, includes elements that can greatly improve the process of keeping records in an auditable and secure form. The heart of this technology is a data structure called the blockchain. In essence, a blockchain is a data structure that links successive transaction records with one-way cryptographic hashes. Coupled with a processor intensive process called “Proof of Work” and a distributed consensus system, data written to a blockchain is extremely resistant to changes of any kind.
While Bitcoin technology is developed for securing transactions for electronic commerce that involves money (digital or otherwise), it would not work for securing and auditing records with no money changing hands in a transaction. For example, the Bitcoin protocol uses randomly generated addresses to make transactions anonymous. This portion of the protocol is incompatible with the goals of verifiable auditing, as the identity of the sender (the person currently editing a document) is tied to the person responsible for making the change of the document and should not be anonymous. Further, the Bitcoin protocol specifies all details (except for 40 bytes of arbitrary data) of the data included in a transaction. It is not adaptable to the type of diff data in document versioning control. A way of keeping records that is reliable and resistant to tampering is therefore needed.
This document describes devices and methods that are intended to address issues discussed above and/or other issues.