SOFTWARE REQUIREMENTS SPECIFICATION (SRS)

Online Secure Document Sharing and Management System Team 41

Team Members
Emre Genco YAKAR mit Caferi Elif Serim Hilmi Emre LKER

Acquirer: Dr. zlem Albayrak Consultant: Hamdi Murat YILDIRIM

i

Change History Table

Project Name Online Secure Document Sharing and Management System

Version 1.0

Person Responsible Emre Genco YAKAR mit CAFER Elif SERM Hilmi Emre LKER

Date 20.03.2011

Changes Team 41 SRS.doc was created

ii

Table of Contents
Table of Contents...................................................................................................iii List of Figures........................................................................................................iv List of Tables..........................................................................................................v Introduction............................................................................................................1 1.1 Purpose ........................................................................................................ 1 1.2 Scope ...........................................................................................................1 1.3 References.................................................................................................... 2 1.4 Definitions and Acronyms..............................................................................2 Overall Description.................................................................................................2 1.5 Objectives of the Project...............................................................................3 1.6 Functional Requirements of the Product.......................................................3 1.6.1 Use Case Model/Context Diagram...........................................................3 1.6.2 System Feature.......................................................................................4 1.6.3 Use Cases Specifications.........................................................................5 1.7 Non-Functional Requirements and Constraints of the Product ...................16 1.7.1 Usability................................................................................................16 1.7.2 Performance..........................................................................................16 1.7.3 Supportability........................................................................................16 1.7.4 Implementation.....................................................................................16 1.7.5 Security.................................................................................................16 1.7.6 Reliability..............................................................................................16 1.7.7 Availability............................................................................................17 1.7.8 Maintainability.......................................................................................17 System Models of the Product..............................................................................17 1.8 Activity Diagrams for the main scenario of the use case............................17 1.9 System Sequence Diagrams for the main scenario of the use cases ........22 1.10 Graphical User Interface mock-up screen.................................................30

iii

List of Figures
Figure 1 Use Case Diagram of Manage Document Operations...............................3 Figure 2 Use Case Diagram for member and admin operations.............................4 Figure 3 Activity Diagram for Registration...........................................................18 Figure 4 Activity Diagram for Manage Documents...............................................19 Figure 5 Activity Diagram for Send E-Mail............................................................20 Figure 6 Activity Diagram for Verify Registration.................................................21 Figure 7 System Sequence Diagram for Delete Document...................................22 Figure 8 System Sequence Diagram for Download Document.............................23 Figure 9 System Sequence Diagram for Manage Document................................24 Figure 10 System Sequence Diagram for Register...............................................25 Figure 11 System Sequence Diagram for Send E-Mail..........................................26 Figure 12 System Sequence Diagram for Share Document..................................27 Figure 13 System Sequence Diagram for Upload Document................................28 Figure 14 System Sequence Diagram for Verify Registration...............................29 Figure 15 Mock-up Screen Login Screen............................................................30 Figure 16 Mock-up Screen Main Screen.............................................................31 Figure 17 Mock-up Screen Document Sharing Screen.......................................32 Figure 18 Mock-up Screen Admin Login Screen.................................................33 Figure 19 Mock-up Screen E-mail Sending Screen.............................................34

iv

List of Tables
Table 1 UCS Manage Document...........................................................................6 Table 2 UCS Upload Document............................................................................7 Table 3 USC Delete Document.............................................................................8 Table 4 USC Share Document............................................................................10 Table 5 USC Download Document.....................................................................12 Table 6 USC Send E-Mail....................................................................................13 Table 7 USC - Register..........................................................................................14 Table 8 USC - Verify Registration..........................................................................16

vi

Introduction
This part of SRS contains the Purpose, Scope, References and Definitions and Acronyms of Online Secure Document Sharing and Management System.

1.1 Purpose
The purpose of this project is to develop an online and secure document sharing and management system which allows secure and efficient document distribution and sharing between all users. It provides storage, sharing and security capabilities such as message privacy, integrity and authenticity with the help of cryptographic algorithms and related protocols. Only authorized users can access specific documents and produce digital signatures for them and also can share with other users.

SRS is prepared to:

Describe the requirements for the customer, Provide an agreement between customer and project group, Help for implementation of the system for software developers, Show the relation between system users (admin, customer) with use case diagrams.

1.2 Scope
In this project we are planning to have file upload-download, encryption, decryption, creating digital signature and certificate such as x509 in a single web site. It will be a web-based project which enables user to share documents with each other. It will be an in-line system which means that each operation will be done in server-side. Nobody will be able to deny what he/she sends or receives by the help of digital signature. The site will do key management with the use of protocols and algorithms. It will also keep the log records. There will be two user types; admin and members. Admin will give members some rights to access specific documents. Admin will be able to add, remove the documents and members can only share and access specific documents.

1.3 References

IEEE Std 830-1998 <IEEE_Std_830_1998_IEEE_recommended_practice_for_software_req.pdf> Team-41 Initial Plan CTIS359 Lecture Notes Software Requirements Specification. Albayrak, Dr. zlem, < http://www.bilkent.edu.tr/~ozlemal/> http://en.wikipedia.org/wiki/software_requirements_specification UML Sequence Diagrams, <http://www.agilemodeling.com/artifacts/sequenceDiagram.htm> Use-case, < http://www.usecase.org/> UML 2 Activity Diagram, <http://www.agilemodeling.com/artifacts/activityDiagram.htm>

1.4 Definitions and Acronyms

OSDSMS: Online Secure Document Sharing and Management System GUI : Graphical User Interface. SRS: Software Requirements Specification. Mock-Up Screen: Tentative screen shots from system. It will help the managers and the developers to visualize the system. CTIS: Computer Technology and Information System. DB : Database. SW: Software. UML: Unified Modeling Language.

Overall Description
This part of the document describes the objective of the project, functional, non-functional requirements and constraints of the product.

1.5 Objectives of the Project

Objectives of the project are as follows:

Document sharing with versioning, tasks and discussions. End-to-end security and rights protection give you complete control over confidential document access, printing, saving and forwarding. Our secure online document management system lets you store and organize documents online and access them. User can share documents online and collaborate on them with colleagues, customers and partners.

1.6 Functional Requirements of the Product

In this part, functional requirements of the project will be highlighted by the help of use case model and its specifications, features of the system.

1.6.1 Use Case Model/Context Diagram

3
Figure 1 Use Case Diagram of Manage Document Operations

Figure 2 Use Case Diagram for member and admin operations

1.6.2 System Feature

1. System shall be accessed via web browsers. 2. System shall support online registration to the unregistered users. 3. System shall support X.509 certificates to the users with online registration by using Bouncy Castle API. 4. System shall support logging on to system with user name and password. 5. System shall support logging out from system. 6. System shall provide the ability to view all documents in the system for the administrator. 7. System shall provide the ability to upload documents to the system. 8. System shall support viewing Identification and information of the documents (metadata). 9. System shall support viewing the history of user actions in the OSDSMS. 10. System shall provide the ability to download documents from the system. 11. System shall provide the ability to share documents with the selected users from the system. 12. System shall provide the ability to create digital signatures for documents in the OSDSMS. 13. System shall provide the ability to verify digital signatures for documents in OSDSMS. 14. System shall support verification registrations to the administrator.

15. System shall support following encryption methods to the users for shared documents. a. X.509 Certificate generation and use b. Digital Signatures Generation: Public key Encryption Algorithms (RSA) and Hash functions (SHA-2) c. Digital Signatures Verification d. Symmetric Encryption: Block Ciphers (AES) e. Symmetric Encryption Key Sharing with Public Key Encryption f. Revocation of X. 509 Certificates and Online Certificate Status Protocol (OCSP) support. 16. System shall support users to the create and use their own computation facilities for shared document encryption 17. System shall support data flows with HTTPS protocol. 18. System shall create and keep signatures for every state change of a shared document. 19. System shall create and keep signatures for every server activities. 20. System shall provide the ability to the users to sign their every activity digitally. 21. System shall create and send notifications to the all related users of a shared document. 22.System shall provide the ability to digitally sign a received document by using Nonrepudiation Service with proof of receipt for protecting the originator against an attempt by the recipient to falsely deny receiving the data 23.System shall support signature verification of a received document by using Non-repudiation service with proof of origin service for protecting the recipient against an attempt by the originator to falsely deny sending the data. 24. The language of user interface shall be written as English.

1.6.3 Use Cases Specifications

Use-Case Name Manage Document Use Case Type System Analysis Use-Case ID Primary System Actor Other Participating Actor(s) Description Precondition Trigger Flow of Activities: OSDSMS -1 Logged In User N/A This use case describes the event of managing documents in the OSDSMS. User must log in to the system. When Manage Document button is clicked. Actor System

Step 1: Manage Document button is clicked from the left menu. Step 2: Manage Document Web page is displayed. Exception Conditions: N/A

Post-Conditions

User selects transaction type

Table 1 UCS Manage Document

Use-Case Name Use-Case ID Primary System Actor Other Participating Actor(s) Description Precondition Trigger Flow of Activities:

Upload Document OSDSMS -2 Logged In User N/A

Use Case Type System Analysis

This use case describes the event of uploading a new document to the OSDSMS. User must log in to the system. When Upload Document button is clicked. Actor Step 1: Manage Document button is clicked from the left menu. Step 2: Manage Document Web page is displayed. Step 3: Upload Document button is clicked. Step 4: File browser screen is displayed. System

Step 5: The document is selected from the browser which is going to be uploaded to the system.

Step 6: User clicks OK button.

Step 7: User completes upload activity by filling User Signature field. Step 8: User signature is verified.

Step 9: A new signature is assigned to the Upload activity.

Step 10: Upload Activity is logged in the database. Exception Conditions: After Step7: If the user is not filled signature field correctly Warning Message is displayed. The document is uploaded to the system.
Table 2 UCS Upload Document

Post-Conditions

Use-Case Name Use-Case ID Primary System Actor Other Participating Actor(s) Description

Delete Document OSDSMS -3 Logged In User N/A

Use Case Type System Analysis

This use case describes the event of deleting a document from OSDSMS. User must log in to the system When the Delete Document button is clicked Actor Step 1: Manage Document button is clicked from the left menu. System Step 2: Manage Document page is displayed.

Precondition Trigger Flow of Activities:

Step 3: Delete Document button is clicked.

Step 4: The current users documents are listed on page.

Step 5: The document is selected from the list which is going to be deleted from the system. Step 7: Delete confirmation tab is displayed. Step 6: User clicks Yes button. Step 9: User signature is verified.

Step 8: User completes delete operation by filling User Signature field.

Step 10: Document is deleted from the system. Step 11: A new signature is assigned to the Delete activity.

Step 12: Delete Activity is logged in the database. Step 13: Notification message is sent to Share List (selected users). Exception Conditions: After Step 9: If the user is not filled signature field correctly Warning Message is displayed. The selected document should be deleted from the system
Table 3 USC Delete Document

Post-Conditions

Use-Case Name

Share Document

Use Case Type 8

Use-Case ID Primary System Actor Other Participating Actor(s) Description

OSDSMS -4 Logged In User N/A

System Analysis

This use case describes the event of deleting a document from OSDSMS. User must log in to the system. The document which is to be shared, must be uploaded to the system.

Precondition

Trigger Flow of Activities:

When the Share Document button is clicked Actor Step 1: Manage Document button is clicked from the left menu. Step 2: Manage Document page is displayed. Step 3: Share Document button is clicked. System

Step 5: The document is selected from the list which is going to be shared from the system.

Step 4: The current users documents on the system are listed on page.

Step 6: Share button is clicked. . Step 7: Share Settings tab is displayed.

Step 8: User selects other users from the user list to share the document and clicks OK. Step 9: User completes upload activity by filling User Signature field.

Step 8: User completes share operation by filling User Signature field.

Step 9: User signature is verified.

Step 10: A new signature is assigned to the Share activity.

Step 11: Share Activity is logged in the database. Step 12: Notification message is sent to Share List(selected users). Exception Conditions: After Step 9: If the user is not filled signature field correctly Warning Message is displayed. The selected document should be shared with the selected users
Table 4 USC Share Document

Post-Conditions

Use-Case Name Use-Case ID Primary System Actor Other Participating Actor(s) Description

Download Document OSDSMS -5 Logged In User N/A

Use Case Type System Analysis

This use case describes the event of download a document from OSDSMS. User must log in to the system An Uploaded or a Shared document must exist in the system.

Precondition

Trigger Flow of Activities:

When the Download Document button is clicked Actor System 10

Step 1: Manage Document button is clicked from the left menu. Step 2: Manage Document page is displayed. Step 3: Download Document button is clicked.

Step 5: The user clicks to the Shared Document link.

Step 4: Uploaded Documents and Shared Documents links are displayed.

Step 7: The document is selected from the list which is going to be downloaded from the system.

Step 6: Shared Documents List is displayed.

Step 8: Verify Sender button is clicked. . Step 9: System verifies the sender`s signature.

Step 10: Download button is clicked.

Step 11: User completes download activity by filling User Signature field. Step 12: User signature is verified.

Step 13: A new signature is assigned to the Download activity.

11

Step 11: Download Activity is logged in the database. Step 12: Confirmation message is displayed. Exception Conditions: After Step 9: If the senders signature is not verified by the system Unknown Sender message is displayed. After Step 12: If the user is not filled signature field correctly Warning Message is displayed. Post-Conditions The selected document should be downloaded from the system.
Table 5 USC Download Document

Use-Case Name Use-Case ID Primary System Actor Other Participating Actor(s) Description

Send Email OSDSMS -6 Logged In User N/A

Use Case Type System Analysis

This use case describes the event of sending an email to the other users on OSDSMS. User must log in to the system When the Send Email button is clicked Actor Step 1: Send Email button is clicked from the left menu. Step 2: Email page is displayed. Step 3: Compose button is clicked. System

Precondition Trigger Flow of Activities:

Step 5: The user fills email fields and message field.

Step 4: New Email form is displayed.

12

Step 6: Send button is clicked. Step 8: System verifies the sender`s signature.

Step 7: User completes send email activity by filling User Signature field.

Step 9: User signature is verified.

Step 10: A new signature is assigned to the send email activity.

Step 11: Send Email Activity is logged in the database. Step 12: Confirmation message is displayed. Exception Conditions: After Step 9: If the user is not filled signature field correctly Warning Message is displayed. The email should be sent to the selected users.
Table 6 USC Send E-Mail

Post-Conditions

Use-Case Name Use-Case ID Primary System Actor

Register OSDSMS-7 Logged In User

Use Case Type System Analysis

13

Other Participating Actor(s) Description

N/A This use case describes the event of registration of a user to the OSDSMS. The user must visit OSDSMS web page. When the Online Registration button is clicked Actor Step 1: Online Registration button is clicked on the main page. Step 2: Registration page is displayed. Step 3: User fills all required registration fields. System

Precondition Trigger Flow of Activities:

Step 4: Register button is clicked.

Step 5: The correctness of the required fields is checked. Step 6: The Registration request is sent to the Administrator system. Step 7: A new signature is assigned to the Request Registration Activity. Step 8: Request Registration Activity is logged in the database. Step 9: Confirmation message is displayed.

Exception Conditions:

After Step 5: If the user is not filled required registration fields correctly Warning Message is displayed. The Registration request should be sent to the Administrator.
Table 7 USC - Register

Post-Conditions

Use-Case Name

Verify Registration

Use Case Type

14

Use-Case ID Primary System Actor Other Participating Actor(s) Description

OSDSMS-8 Admin N/A

System Analysis

This use case describes the event of verification registration of a user to the OSDSMS. The user must request registration to the OSDSMS. When the Verify Registration button is clicked Actor Step 1: Verify Registration button is clicked on the main page. Step 2: Verification page is displayed. Step 3: Admin selects a request from the list. Step 4: Accept and Reject buttons are displayed. System

Precondition Trigger Flow of Activities:

Step 5: Accept button is clicked.

Step 6: The user is registered to the database.

Step 7: User certification is created. Step 8: A new signature is assigned to the Verification Activity. Step 9: Verification Activity is logged in the database. Step 10: Confirmation message is displayed. Exception Conditions: After Step 5: If the admin clicks `Reject` button registration request will be cancelled. The user should be registered to the system with created certification. 15

Post-Conditions

Table 8 USC - Verify Registration

1.7 Non-Functional Requirements and Constraints of the Product

1.7.1 Usability
The system shall be available for users and administrators. Users and administrators shall be able to access the system 24 hours a day. There will be a help menu which helps the usage of this system.

1.7.2 Performance
If approximately 120 users use the system at the same time, there must be no impact on the system performance. Searching and displaying a product on the screen shall take max 10 seconds. Logging in to the system shall take max 2 seconds for administrators. Logging in to the system shall take 3 seconds for users.

1.7.3 Supportability
The system shall be supported by coders. The system shall allow users to update their personal information. The system shall allow administrators to update their personal information.

1.7.4 Implementation
Both users and the administrators shall be able to access the system interface via web browser (e.g. Internet Explorer 6.0 or better versions) The system shall run on any Windows operating system.

1.7.5 Security
User name and password shall be encrypted in the database. Servers shall have the SSL Certification. Each employee must have the username and password for taking the test

1.7.6 Reliability
16

The system shall be available to be used whenever the users and administrators login to the system by entering their user name and passwords.

1.7.7 Availability
The system shall be available for administrators thanks to Internet connection and their proper work computers. The system must be available whenever users have intranet connection and proper worked hardware. The system shall be available for users thanks to Internet connection.

1.7.8 Maintainability
The system shall be changeable and upgradeable according to new requirements. If there is need for defect correcting and determining new requirements, system will be changed.

System Models of the Product

1.8 Activity Diagrams for the main scenario of the use case

17

Figure 3 Activity Diagram for Registration

18

Figure 4 Activity Diagram for Manage Documents

19

Figure 5 Activity Diagram for Send E-Mail

20

Figure 6 Activity Diagram for Verify Registration

21

1.9 System Sequence Diagrams for the main scenario of the use cases

Figure 7 System Sequence Diagram for Delete Document

22

Figure 8 System Sequence Diagram for Download Document

23

Figure 9 System Sequence Diagram for Manage Document

24

Figure 10 System Sequence Diagram for Register

25

Figure 11 System Sequence Diagram for Send E-Mail

26

Figure 12 System Sequence Diagram for Share Document

27

Figure 13 System Sequence Diagram for Upload Document

28

Figure 14 System Sequence Diagram for Verify Registration

29

1.10 Graphical User Interface mock-up screen

Figure 15 Mock-up Screen Login Screen

30

Figure 16 Mock-up Screen Main Screen

31

Figure 17 Mock-up Screen Document Sharing Screen

32

Figure 18 Mock-up Screen Admin Login Screen

33

Figure 19 Mock-up Screen E-mail Sending Screen

34