Improving accessibility and security on document management system: A Malaysian case study

Documentmanagementsystemisanessentialapproachthatshouldbemanagedwelltoensureaneffectiveandfasteroverallworkingprocessinanorganization.Hardcopydocumentshasbeenoneoftheitemsthatmost organizationsneedtomanageinasafeandsecuremannerduetothehighdependencyonmostoftheirworkingprocedureespeciallyingovernmentorganizations.Hence,weproposedanewframeworktoimprovetheweaknessesoftheexistingdocumentmanagementproceduresingovernmentorganizations.Ourproposed frameworkintegratestheimplementationofanNFCsysteminthisresearchduetoitssecureshort-rangecommunication,andthepeer-to-peercommunicationcapabilityinmostmobiledevices.Besidesthat,most existinggovernmentorganizationswithinMalaysiacouldeasilyimplementsuchtechnologyfortheirinternalusageasthistechnologyiscosteffectiveduetoitsavailabilityonexistingmobiledevicesonmostAndroid baseddevices.


Introduction
The advancement of existing technologies have been rapidly ushered in the next revolution which is aptly called the 4th Industrial Revolution. This new revolution is focusing on the 'blurring of usage capabilities between the physical, digital and biological spheres' [48]. As such, the main aim for all the latest computerized systems is to integrate mobile devices in various fields such as financial, administrative, data management and others. This is to enable the more efficient, safer, and faster access to information no matter where the users are.
The private sector has always been the leader in implementing new technologies when it is first introduced compared to the government sector [54]. But, in saying that, the government cause a lack of security compared to physical documents [42]. Paper documents in documentation are somehow more preferred because of its ease in reviewing, annotating, and even represents a "universal standard" for displaying information [9].
Numerous technologies were adopted in order to manage the documents in a competent manner. The management system has to be secure, achieve a level of cost saving and its accessibility could easily be controlled [29]. Table 1 below highlights the existing studies on the different technologies used in a DMS.

Technology in accessibility and security system
Patil et al. [40] defined accessibility as the ability of a person, irrespective of ability, to easily access information, regardless of form, structure, or presentation. Meanwhile, security is needed to ensure the safety of any valuable item or information from being exposed or lost to irresponsible people [7,8,25]. From these two definitions, accessibility and security are two aspects that need to work together to ensure only authorize personnel has access to protected items or data. The security management system can vary from the guards who protect buildings with the IT expertise who creates high-tech network systems and software applications [22,25]. There are different types of security and accessibility technologies that can be used to improve the current system to increase the safety level of document management system such as Near Field Communication (NFC) and biometric systems. The integration with these two technologies able to increase the security level of any management system.

Near field communication (NFC)
. NFC is one of the communication technologies that is applied in different business areas [56]. There are two types mode of operations known as passive and active. Active mode works when both devices with NFC chip tagged generate their own electromagnetic field for the information exchange process. One of them will deactivates its electromagnetic field during data transfer process. Meanwhile, in passive mode, one of the devices will act as transponder that generates radio frequency field. The other device will be the operation power which uses the power for data exchange procedure Technology Previous studies RFID (Radio frequency Identification) DMS with e-ink RFID Document Management System with e-ink is developed to close the gap of hardcopy production. It helps to keep the information of the organization from slipping out. This technology is cost saving as it based on ink-jet printing technology with spotlight in simplification of RFID creation process [18]. This technology has been proposed by Nikodijevic et al. [38] for a hospital clinical management system. Cloud Document Security System Cloud computing environment-based document security management model is introduced. It includes several modules such as cloud storage, document encryption and authorization system, thin clients, common terminal and document outsourcing management [28]. Symantec Corporation and DSS are among IT security companies that provide cloud security system for corporations, governments and financial institutions around the world (Corporation 1995-2017) (Incorporated 2015) Biometric system Biometric or automation recognition of a person based on his/her physiological and/or behavioral, is a system implemented in major library areas include gate checking, circular section, stack entry record and internet searching via digital library [32]. An example is the biometric system implementation by the Paul Sawyier Public Library since October 2008 [10]. Accessibility on document management system [50]. Essentially, NFC involves the communication of two devices where the devices would be able to read and write to each other easily compare to the standard smart card [5]. The technology also has a wide range of usage in numerous businesses such as assets identification and tracking in supply chain management, access control systems, public ticketing in transportation system as well as user identification via identity cards or passports [42]. NFC technology is also capable in controlling things wirelessly. For example, extension of sensors and actuators devices with NFC module [16]. Their proposal had implemented a Smarthomatic sensor device that was expanded by the addition of an NFC chip along with an Android application for smartphones [16]. In the United Kingdom, it was discovered that NFC can be used in managing asset for medical equipment with the implementation of several operations. This proposal able to improve the security flaws that allows unauthorized modification to the equipment details and descriptions [52].
2.2.2 Biometric system. The measurement and statistical analysis of the human's unique physical (fingerprint, eye, face, etc.) and behavioral characteristics (signature, keystrokes, voice, etc.) are known as biometrics [1,46]. A basic biometric system consists of three modules which are sensor (image acquisition), feature extraction and matching (comparing extracted patterns with template in database) modules [1].
Duarte et al. [11] had mentioned several advantages of biometric security system which include: Universal (own by all users), Unique (specific for each user), Permanent (unalterable over time), Collectable (quantitatively measured by system), Acceptable (no complaint from people) Resistance to circumvention (difficulty to bypass the system).
As a consequence, many devices today are integrated with biometric access system such as smartphones, tablets and laptops. Most of the devices are built-in with cameras or some other biometric scanner like voice recorder and fingerprint scanner to make it feasible with biometrics system [14]. Not only that, numerous of private as well as government organizations around the world have been using this technology as highlighted by [35] and Ratnam et al. [44]. It is only recently that the Malaysian government has begun adopting biometrics system in several government agencies as it provides a better overall secure and tracking system [23,36].
As time goes on, there were several researches that have been trying to enhance the implementation of biometrics. Patil et al. [40] had proposed the idea of the implementation of a Secure Biometrics based on authentication system using RFID and secret sharing. The system works by creating the biometrics template which is then stored in 2 areas, the separate database and the RFID tag [40]. This will eventually form a more secure system where not one area stores the complete data [40]. Another research by Baidya et al. [2] had proposed the fingerprint based lock system for shared access where this system uses an Arduino UNO device which provides physical security using fingerprint sensor technology. Integration of sensor or other possible devices with biometrics is proven to be more efficient and secure based on those two research as well as other research [27,55]. Coincidentally, the market size for authentication services is expected to grow from 2017 to 2022 [34]. Such increased in market provides an opportunity for a growing integration of biometric sensor in securitybased application and in mobility devices [34].

Adoption of technology within Malaysian government
One of the development missions for the Malaysian government is utilizing Information and Communication Technology (ICT) by the year 2020. There are five key thrust areas formulated by the National IT Council (NITC) which includes E-Community, E-Public Services, E-Learning, E-Economy, and E-Sovereignty. The Malaysian Institute of Microelectronic Systems (MIMOS) plays an essential role in researches and projects related to innovation and computer technology. Apart from that, the simplified technological gadget which has computer applications is one of their inventions [39].
NFC has been adopted in various different areas. However, according to the research done in Malaysia, only 43% respondents were aware with this technology and only 9.8% of them who has broad knowledge regarding NFC technology [45]. This research also has confirmed via the performance expectancy determinant that most of the respondents did agree that NFC would bring advantages in their daily activities. Biometrics system has been integrated in Malaysia including government sectors as mentioned by [26] and Knowledge [24]. Most of these integrations are specifically linked to relevant fingerprint systems. As part of the Ministry of Higher Education Malaysia's technology enhancement plan, the department has adopted a biometrics system for their attendance system known as the egBiometric [13].
According to the Malaysian Chief Secretary, Tan Sri Ali Hamsa, "The government is no longer a mere regulator or facilitator, but its citizens' true partner to build a greater nation together". This refers to the open innovation as a relevant approach to improve government business process by considering the ideas from citizens [4]. Through the adoption of applicable citizen's ideas, it will not only improve the business process, but it also is able to fulfil citizen's satisfaction with efficient public services [17]. The influence of subjective norm is able to increase the number of users as by definition, the term refers to the social pressure to perform a certain behavior according to society [53]. Citizens today, especially the younger generations are very close to technology which allows the development of more ideas that incorporates the utilization of advanced technology [37]. Similarly, the Malaysian government could also consider their generation's ideas in enhancing the business processes that subsequently enhances the overall public service delivery.

Research methodology 3.1 Research design
The primary phase of this research is defining the research problem by preliminary investigation at the local government agency, the Land and District Office North of Wellesley, Penang (PDTSPU). This is then followed by the development of the initial literature on the adoption of security technology for the accessibility factor in Malaysian government agencies and applications of NFC technology. The initial literature would allow us to gain a clearer understanding about DMS, accessibility and security systems as well as the application of technology within the Malaysian government.
The second phase of this research would involve a survey that was distributed to 80 staffs from different departments within Penang government agencies that works directly with the Land and District Office. The questionnaire includes three sections which are: the respondents basic information, research on the management and safety of the available hardcopy documents/files management system, and research on the exposure and the use of security technology in working procedures. The aim of this survey are to identify the security and accessibility issues on the available document management system and the level of acceptance as well as use among the Penang government staffs towards the current process in their working procedures. The users' feedback on the system and other related factors that are considered essential to them would be identified as well. The gathered data can be used to generate new hypotheses based on the collected results data about different variables [57].

Accessibility on document management system
After the survey, the collected data was analyzed to identify the significant factors that should be considered as mentioned earlier. Next, a framework solution is proposed for the documentation storage system based on the results and feedback from the second phase of this research. We also conducted a verification process for the proposed framework with 30 PDTSPU staffs that participated earlier in the initial survey. Lastly, the overall outcome and results from this research for the proposed framework were further discussed with the future research focus that should be conducted.

Results and discussion
The survey is essential to understand the working environment and expectation from the respondents who are involved with the document management system specifically the physical documents. The exposure and the acceptance level from the participants towards the use of technology in their daily working activities can be determined as well. The questionnaires have been randomly distributed to 80 respondents from eight different departments within the Land Office and only 70 of the responses were chosen to be analyzed. The remaining 10 response were rejected due to: -

Incomplete survey forms
Invalid answers for some of the questions from the respondents

Analysis result
Based on Figure 1, we can see that 51.4% of the respondents are 21-30 years old. It shows that most of the Penang government staffs are still young and normally people at this age range are used to the application of technology. On the other hand, most of the older respondents prefer manual system more than electronic and is satisfied with the existing manual system. Around 34.3% and 37.1% of the respondents have diploma and degree respectively. This shows that most of the Penang government staffs are educated and theoretically do not have many problems with adopting new technology in their business activities. Previous research had mentioned that education as one of the external variables [41]. This variable acts as an ACI 16,1/2 antecedent that constructs perceive usefulness and perceive ease of use which enhance the predictive power in Technology Acceptance Model [41]. Table 2 shows that 60% of the respondents agrees that the available system is safe to use. However, based on other three questions, more than 50% of respondents did agree that there the occurrence of missing or miss placed documents still occurs and around 55.7% are still not satisfied with the available documentation system. There were some respondents that had commented that the available documentation was fine but it was still not efficient and the data was commonly not updated with the existing method. This situation affects their daily procedures to find the needed document effectively. Figure 2 illustrates that even with a high number of young and educated staffs, it does not mean the adoption of technologies in their existing working procedures are effective. Approximately 50% of the respondents still uses the manual documentation system. The electronic management system used by 41.4% of the respondents are referring to the digitalized system. This digitalized system refers to the hardcopy documents being transformed into a PDF form which are stored and managed by a computerized system. Few of the respondents from the land office department said that the digitalize documentation system did help but they still needed the manual documentation system because most of their working procedures are bound with the National Land Code which needs the original hardcopy document for all the land matters to be stored as well. This shows that physical documents are still relevant in some of the Malaysian government business processes.
Despite the fact that less than 50% of the respondents use the electronic document management system, Table 3   Accessibility on document management system same opinion that an electronic system is more efficient and easier to be used. They also agreed that government sectors should utilize a suitable information technology which could provide higher exposure on the use of information technology within Malaysia. This is due to the huge dependency among their staffs and citizens towards specific government data in their daily routine especially in relevant business working procedures.

Discussion
Based on the results, the age of the user does affect the intention to use the technology in working procedures. Age shows a relationship with the intention to use, as it was discovered that older participants are less willing to use the robot than younger ones. It means the older generations are not utilizing new technologies in their life [19]. However, most of the staffs in the Penang Government agencies are considered the younger generations with good education background. Thus, it will not be an issue for the technology implementation in the existing working procedures. Available documentation is considered safe to be used by the staffs but this statement can be argued when they also agreed that there are missing and misplaced documents occurrences even with the implementation of a physical in-out record in the existing document management system. Additionally, the available system is not secured enough and needs to be improved with better security and accessibility control for the system. Therefore, the use of technology in the document management system particularly in security and accessibility able to solve this problem. This can be supported as the participants have agreed that an electronic system is easier and efficient compare to the manual system. According to the system used in the Penang Government agencies, there are approximately 50% of the participants that are still using the manual procedure for the documentation system which means that they should consider using an electronic system for better management in terms of security and accessibility. The adoption of technology that has been identified from this survey corresponds to one of the Malaysian Administrative Modernization and Management Planning Unit (MAMPU). This unit focuses on empowering people-centered service delivery transformation via organizational management development initiatives and implementation of digital government towards an effective and efficient civil service [31].
Based on the analysis result and the preliminary investigation, the next section is our proposed solution which focuses on the accessibility and security of the Land Office documentation system.

Proposed solutions
The proposed solution is focusing on the improvement of the accessibility of the documentation management system in managing hardcopies within the District and Land Office North of Wellesley, Penang (PDTSPU). The proposed document management only focuses on the access control of the file storage room and the security of the hardcopy documents or files. This system does not interfere with the existing digitalized system which has been developed in several agencies as mentioned earlier in the analysis section. Hardcopy documents are the most vital source of references within PDTSPU because it involves the property development from different districts that aligns with the requirements of the National Land Code in Malaysia.
The integration of the NFC and biometrics system is proposed in this study to overcome the existing document management issues. Thus, the document management system may become more secure with increased efficiency as well as safety in regard to the hardcopy files. We have integrated the NFC as part of the documentation management process as the technology has been integrated into existing payment methods in Malaysia specifically via the Samsung Pay application due to its secure data transactions [33,51]. Figure 3 illustrates the summary of current document management system. The current file storage room can only be accessed by the person in-charge (PIC) and authorized staffs that have the password to unlock the door. Their current working procedures is mostly in paper form due to the land procedures that requires the original hardcopies to be present. All of those documents are stored in a file storage room and all the entry records to the room is recorded manually. From our data collection, we found that the accessibility and security control of the available hardcopy document management system have become the weakness that needs to be focused on. The identified problems are:

Current documentation management process
The file racks are quite open which can cause the risk of losing the file The processes of checking in and out for all the related confidential documents are done manually which complicate the process and vulnerable for the safety of the data records. Some of the records also have been missing.
There is no record for room entrance and the exact location of the file storage to identify the location of the file Figure 3. The summary of current document management system. Accessibility on document management system All of these weaknesses can impact the effectiveness of the working procedures and the safety level of the documents.
5.2 Proposed framework 5.2.1 Why was the integration of NFC and biometrics system selected?. The NFC technology is chosen because the implementation of NFC technology in Malaysia is slowly increasing via Samsung devices and most people have been exposed to the technology in some form [45]. Hence, this proposed framework can be one of the methods to introduce the use of NFC technology to Malaysians especially within the government sector. The short range of connectivity between the device and the tag typically than 10 cm causes low risk for other threats to interfere during the information transferring process [15]. The selection of a biometrics system (e.g. fingerprints) is mainly due to its unique characteristic which is specific for a single individual. Besides that, the benefits as mentioned by Duarte et al. [11] in the previous sections provides additional support for the implementation of a biometrics system. Hence, with all of these characteristics from both the NFC and biometrics system, the accessibility and security of a document management system will be more improved compare to the current system.

Security features.
Security component has to take into serious consideration in any proposed system especially the one that involve with valuable as well as private and confidential things. As in this matter, this security features will help to control the access of people who authorize enter the file storage as well as the safety of the file itself where only certain people able to take out and store the file.
Therefore, we choose to use digital signatures to detect any modification of tag data where it based on asymmetric cryptographic encryption [52]. There are private key and public key where both of them are held by central database machine and NFC reader respectively. The public key only can be used to get the encrypt data but not to decrypt the data. Only private key can be used to decrypt the data. Hence, only the person that in-charge with the database can have the private key.
A private key is signed in for the process of addition, deletion and updating the document details before stored and recorded in the database. Then, the duplicate of the record will be stored in the NFC tag. The verification of the data can be done using the public key by scanning the tag followed by getting the data information and its signature. The public key is shared with the PIC and authorize staffs so that they can view the information of the documents. In addition, this system provides with a secure login for the persons-in charge (PIC) as shown in Figure 4. They are able to safely access to the database using a biometric fingerprint scanner with an integrated NFC reader. The image of the fingerprint is compared with the template stored in the system database. When the image and the template are matched, the database is able to decrypt the PIC information and allow them to start their session with the document management system. In order to avoid a reply attack, a timestamp is provided together with the fingerprint template.
As part of the security for the physical file room, we proposed the use of the biometrics door lock with the integrated NFC reader. The door lock would utilize both the NFC and fingerprint method where the fingerprint image and template has to be accepted in order to unlock the door. This will increase the security level to access the room. The time and user details entering and leaving the room will be recorded in the database via the proposed smart terminals. Smart terminals refers to the system with no data processing capabilities that provides keyboard input and screen output [21]. The NFC biometric cabinet lock is placed at the outer part of the documents/files cabinet to secure the cabinet which functions similarly with the door lock. On top of that, the record of all the processes will be printed and stored in the cloud storage once a week as the backup for the system. The computer (PC) for the PIC to do all these procedure is located at the most outer part of the room where there is a partition in the room after the door to put the PC with the database for the PIC to enter and manage the system. This applications or software installed in the PC only for the document management system related software. Other unnecessary software is prohibited for this PC.
5.2.3 System architecture for documentation system. Figure 5 shows the architecture of proposed framework for the documentation system. This will involve several entities and include the interaction with each other. The objects involve are: Person in-charge (PIC): PIC is responsible in managing the document management system and the file storage room where he/she has the access. They also manage the in-out procedure, as well as the adding, deletion, updating and look up document information within the database. Normally, there are two to three PICs.
Authorize staff: The authorize staff is the person who able to access the room, unlock the cabinet locker and able to take out the document as well as looking up the status/ details of the document.  -NFC reader: Use by the authorized person to scan the NFC tags and write to them. It involves two devices which are smartphone and NFC reader that is placed at each of the section inside of the cabinet and each of them has label to identify the location of the document stored.
-The biometrics door lock integrated with NFC reader: This door locker will be placed at the door of the file storage room.
-The NFC biometric cabinet lock: This device functions as the lock at each of the documents/files rack.
-A biometric fingerprint scanner with NFC reader: This devices would be connected to the PIC computer for the login process and other operations that is described below.
All of those devices will be connected to the database as all the operations happen through the devices will be verified and recorded in the database.
Database: This is where all the information of the authorized person, documents and location of the rack are verified and stored. Besides, it also contains the information of in and out of the documents as well as access record for the file room.
Documents: This will involve all the private and confidential documents/files that is manages by the person in-charge in the file room. All the details of the documents/files are stored in the database which include type of document, date issue, authorize person for the documents/files, in and out record for that particular files/documents and file/document status (active or inactive).
Tags: All the documents are recognized by these tags which are applied on the documents/files, staff ID card and the authorize device which for in this case is smartphone. Each documents/file and smartphone only has one tag.
In this system, the PIC able to perform several operations which include: i Adding and updating a document/file details PIC is able to add and update the information for a document in the database and stores that information in the NFC tag for that particular document. The PIC will have the interface that allows them to perform the relevant document information processes. These processes are provided with the data integrity feature to avoid any modifications of the tag data as mentioned in the security features section earlier. Figure 6 summarize the flow for the document storage processes.
ii Document's information searching The PIC and authorized staffs can search for the document status and details by scanning the tag at the documents with the smartphone as demonstrated in Figure 7. They are also able to see the history of the file transactions so they can trace who had accessed the document previously.
iii Document checking out Figure 8 illustrates the document checking out procedure. All applications except the NFC feature in the smartphone will be locked to avoid misuse of the smartphone by the staffs. If he/ she has a smartphone with NFC application, he/she can use his/her own phone when the ID and device information has been saved in the database. After the person take out the document, she/he will go to the PIC to scan his/her tag and follow by the file. The time, date and person who take out the document is recorded in the system. Then only the document can be taken out. The duration for the document to be returned also is set. If the document is not return after a certain period, the system will send out a reminder to the staff via SMS and email to return the document or to renew the document checking out record. The PIC also will be notified through the pop up at the user interface for the late return.
iv Document checking in The returning document process only involves the PIC. The authorized person will hand in the document to the PIC to be scanned and recorded in the database as part of the document return process. Then, the PIC needs to open the cabinet and scan the document at the NFC reader at the particular section in the cabinet before storing it. This will enable the database to record the location and time of the stored document. Figure 9 emphasizes the document checking in process. Table 4 shows how the proposed solution is able to solve the current issues.  Accessibility on document management system 5.2.4 Verification for the proposed system. Verification from the staffs involve in the related working procedure is needed to ensure our proposed framework can improve the existing system. Besides that, it also can verify the suitability of this proposal within the working environment. The user satisfaction is one of the key factors to measure a project's success instead of fulfilling the scope, time and cost goals of a project [49]. Hence, we have presented this proposed framework to the 30 staffs from PDTSPU. These staff are employees who are currently working with the existing document management system. Table 5 shows the results from the staffs towards the proposed framework.  Based on the verification results, it shows that most of the staffs does understand how the proposed framework functions. Majority of them also agreed that this framework can improve the current document management system. We can conclude that our proposed framework solution is accepted by most of the staffs from PDTSPU in relation to its ability to solve the existing issues. Besides that, the framework could provide better accessibility and security features compared to the current existing document system. This proposal could also be applied in other government departments that requires storing physical documents as well because such departments would utilize similar working procedures.

Conclusion
Efficient, effective and secure working procedures are the major factors in any department and organizations. The emergence of different types of technology is able to improve the current manual procedures to be faster, safer and manageable. By integrating both NFC technology and the biometrics system, better accessibility and security of hardcopy document management system within the PDTSPU may be achieved. Additionally, the usefulness of the NFC technology could be exposed to government employees with the implementation of this system within a government department.
However, the proposed framework solution should be further tested in the future via a controlled physical implementation within the Land Office. This would then be followed with the user acceptance of the adoption of NFC system for the hardcopy document management system. It would also allow us to measure the level of effectiveness for our proposed framework when it is implemented within the specific area.
No. Current issues Solutions

1.
No record for the room entrance and the exact location of the file storage to identify the location of the file.
Use document/file cabinet with NFC biometric cabinet lock. Only the person that his/her fingerprint is recognized by the database will has access to the room. NFC reader at each section of the cabinet to record the location of the document/file.

2.
File racks are quite open which can cause the risk of losing the file 3.
Manual process for checking in and out for all documents which complicate the process and cause missing records.
Use the computerize system with the NFC for the document tracking process within the database.
All the records will be backup once a week. The PIC login is able to secure the data as it integrates with the biometrics system which only recognize the PIC fingerprints.   Accessibility on document management system