Technical FAQs

Data privacy continues to be a significant concern for businesses, employees, customers, and stakeholders alike. Privacy breaches can expose problems with document management and digital document security practices. They can also pose significant risks and costs to companies and stakeholders.  The importance of ensuring the secure sharing of confidential documents can’t be stressed enough.

When developing an application with SDKs or APIs or integrating new features into a workflow, developers must be aware of the security risks. Project managers, security engineers, and architects must work in tandem to identify and address all potential security breaches. This holds especially true for commercially-confidential, highly-sensitive, or private documents while in transit.

The Risks of Document Sharing

Document sharing, in general, can present opportunities for malicious actors to attempt to gain access to a competitor’s documents. It could also pave the way for uploading data containing malware accidentally. Protecting the enterprise as a whole should be a priority to prevent loss or compromise of customer-sensitive information. This is vital because even minor damage to a company’s reputation can have a devastating impact. 

When building applications with document sharing capabilities, developers need to think about the inherent risks that come along with allowing users access to upload and edit documents. Fortunately, there are a number of practical steps that developers can take to share sensitive documents securely without putting confidential information or mission-critical data at risk. 

5 Ways to Ensure Confidential Documents Are Shared Securely

1. Strengthen Application Security

Any conversation about document security needs to start with a focus on the application’s cybersecurity architecture. If document management software contains multiple vulnerabilities or doesn’t provide the necessary controls to safeguard data, it will be difficult to share sensitive documents securely. Here are a few best practices developers should have in place to create a secure application ecosystem: 

• Perform threat-modeling any time there is a major design change in the application or ecosystem to identify potential new threats.
• Encrypt customer sensitive documents both in transit and in storage. Ideally, the keys will be held by clients with an emergency access vault backup system, so that even the software developer cannot access any sensitive customer data. This way, even if an application or data centers are breached, customer documents will still be protected.
• Spend more time testing releases for weaknesses and allow security engineers and architects to weigh in on the product feature roadmap. Security patches and improvements should be given the same value as other new product features.
• Conduct periodic audits or external penetration testing to ensure that applications and customer data cannot be compromised.

2. Design Applications with Segregated Access

Secure documents and sensitive information should only be available to the people authorized to view or edit it. Access to one document should not allow someone to access other documents stored in the same application. By segregating access to data and assigning specific user permissions, developers can provide the tools customers need to manage their assets and share sensitive documents securely.

3. Eliminate External Viewing Dependencies

Although many organizations use secure applications to manage their document workflows, they frequently open themselves up to risk by relying on external software for document viewing. Without some way of sharing and viewing documents within the application itself, files will inevitably be shared over email and opened on local devices that may not have the latest security updates in place. Developers can avoid this problem by integrating HTML5 viewing capabilities into their application. This ensures that documents never have to leave a secure environment, even when they’re being shared with people outside an organization.

4. Create Unique Viewing Sessions

One of the challenges with many cloud-based document management systems is that once someone is granted access to a file, they typically retain that access until it is manually changed at a later date. In most instances, those privileges are also associated with the source file itself. This can create a number of security gaps if an organization doesn’t closely monitor access privileges. By implementing an HTML5 viewer that can generate unique viewing sessions for individual users, developers can provide more control over how to share confidential documents. Viewing sessions can be set to expire after use, and since the session is viewing a rendered version of the document instead of the source document itself, system administrators have more control over what aspects of it are shared. They may decide, for instance, to share only certain pages rather than the entire document.

5. Implement Redaction Capabilities

Redaction has long been used to protect private or confidential information in documents. Although organizations still frequently make embarrassing mistakes when it comes to redaction, it remains one of the most effective tools for anyone who needs to share sensitive documents securely. By integrating true redaction capabilities that not only obscure, but also completely remove sensitive information, developers provide applications that have the ability to screen documents for privacy risks before they’re shared with anyone. Performing redactions within the application environment also has the benefit of further limiting external dependencies that could threaten security.

Protect Confidential Documents with Accusoft Integrations

Accusoft’s collection of processing integrations give developers with a variety of document management tools for controlling privacy within their applications. The HTML5 capabilities of PrizmDoc Viewer offer powerful redaction tools and make it easier for administrators to control viewing access. 

To learn more about how Accusoft SDKs and APIs can provide the document management features you need to protect confidential information and privacy, visit our products page today or talk to one of our integration specialists.

Adding viewing and document conversion capabilities to an application can be a daunting task, especially when a development team is facing resource constraints and a tight schedule. That’s why many developers turn to API-based viewing integrations like Accusoft PrizmDoc Viewer instead of building those features from the ground up. By leveraging the versatile power of HTML5 viewing, they can quickly expand software capabilities without having to rethink the basic framework of their products.

What’s Under the Hood of PrizmDoc Viewer?

To understand how PrizmDoc Viewer goes about rendering documents in a web application, it’s helpful to take a closer look at its underlying architecture. There are two primary components that work in concert with the application’s web server: the HTML5 viewer and the backend.

The HTML5 viewer is integrated to run in the browser, typically via a web page or portal that serves as the front-facing aspect of the application. This is where document content is rendered as SVG elements. Since the viewer uses HTML5 to display content, it isn’t dependent upon any specific word processing software or imaging program.

Most of the heavy lifting is handled by the PrizmDoc Viewer backend, which consists of the PrizmDoc Server and PrizmDoc Application Services (PAS). PrizmDoc Server is the core computing component. It performs the actual conversion process to convert document pages to SVG, but it doesn’t have any permanent storage. Converted content and annotation markups are instead stored in PAS. The PAS component primarily handles long-term storage and hands files off to the server for conversion or processing. 

Critically, PAS also has privileged access to other storage locations used by the application, such as file systems or databases. This allows it to easily retrieve source documents and hand off tasks to the server.

The Role of the Web Application

The web application server sits between the HTML5 viewer component and the backend component. It functions as a reverse proxy that relays requests between the two, passing content requests from the viewer to the backend and then delivering converted SVG content from the backend to the viewer.

PrizmDoc Viewer doesn’t actually work with the source documents in the application’s storage. They remain safely unaltered while the backend generates a converted version for viewing and annotation. The web application typically only makes REST API calls to PAS. Background conversion that doesn’t involve the viewer, however, can be performed by making a direct call to PrizmDoc Server.

Making the HTML5 Magic Happen: Viewing a Document

When the web application has to open a stored document for viewing, each component of PrizmDoc Viewer plays a special role in the process. Everything begins with the web application sending a request to PAS to create a new viewing session. How this session is created depends upon how the backend is deployed. In most cases, it will be self-hosted as part of an on-premises deployment or through PrizmDoc Cloud services.

Once that session is created, PAS generates a new viewing session ID and passes it back to the application. All of this happens before any conversion or viewing begins, but the application can begin rendering to the HTML5 viewer by configuring it to use the viewing session ID. This brings up the viewing UI immediately, which will ultimately save time as the document is prepared.

The web application then uploads a copy of the source document to PAS, which can be in any number of formats supported by PrizmDoc Viewer. As soon as PAS receives the document, it begins handing off pages to PrizmDoc Server for conversion to SVG. Since pages are converted one at a time, PrizmDoc Viewer is able to open and view documents in the browser before the entire file is converted. That means less time is spent waiting around for large documents to be prepared for viewing.

As soon as the HTML5 viewer loads in the browser, it begins proxying requests to PAS through the web application for the first pages of content. Once the converted SVG content is available, PAS hands it back to the web application, which then passes it along to the HTML5 viewer, which displays that content in the browser. Additional pages are delivered as they’re ready, and the viewer may make subsequent requests as the user continues to interact with the document.

While the viewing process involves several steps, it is typically performed so quickly that the end user doesn’t experience any significant delays. Larger documents may take more time to render as SVG content, but even in these cases, PrizmDoc Server’s ability to render and deliver each page to the HTML5 viewer as it becomes available allows users to begin viewing documents within their browser right away.

Enhance Application Viewing Performance with PrizmDoc Viewer

As an API-based HTML5 viewing solution, PrizmDoc Viewer can be integrated into most web-based applications to support a broad range of file formats. Developers can use its annotation, redaction, document comparison, and conversion capabilities to deliver a full range of document management tools within their software platforms rather than having to build them from scratch.

To see how PrizmDoc Viewer will function in your application environment, sign up for a free evaluation trial. We provide ready-to-run Docker images in addition to installers for Windows and Linux. 

When you’re looking to integrate a toolkit into your application, your first priority is assessing the capabilities. Once you’ve found the right fit, you need to make sure that the pricing matches your budget and makes sense for your needs.

Historically, Accusoft has offered a variety of different licensing options for our clients. Products were always licensed by core or number of installs, depending on which runtime fits best. 

These practices have been great for our clients so far, but we realized a missing piece that could help bridge the gap for new clients with smaller projects that dynamically scale based on workload.

Introducing a New Way to License

Barcode Xpress is the first product on the Accusoft line to offer metered licensing based on transaction. Metered licensing helps a variety of different clients scale up or down, when they need to. While our traditional licensing plan is great for projects with defined scope, smaller projects that have potential to grow need more flexible pricing options.

“The main reason we wanted to introduce metered licensing is to address SDKs used in scalable environments,” says Mark Hansen, Product Manager of SDKs. “Clients can use metered licensing to spin up their projects based on the traffic they’re getting, without the need to obtain additional licenses. While many companies opt for an ongoing usage, this new model allows for estimating a specific amount of use, so they only pay for what they need.”

The Benefit of Metered Licensing

Why would a company choose to specify the usage from the start? Metered licensing is great for short-term projects with a limited lifespan, as clients only pay for what they use. It’s also great for clients who don’t know the scale of their project and need to be cautious with how much they spend. 

Metered licensing is based on a pay-per-transaction model. A transaction is defined by the page. For example, if Barcode Xpress reads 30 pages with five barcodes on each page, the transaction total is 30 instead of 150.

This transaction-based model makes for a very low cost of entry, and a no-stress agreement. With this value in mind, clients don’t have to worry about how much they will use the integration after a specific project is complete. In addition, if the project grows, metered licensing allows the client to scale up.

Reliability of Metered Licensing

Accusoft understands that our customers are building mission-critical apps with our SDKs and has carefully architected the system to be extremely reliable. Our server-side authorization and reporting system runs in Amazon AWS and is split into online and offline parts. 

The online portion is built on AWS CloudFront and S3, two of the most reliable systems available on the Internet. All of Accusoft’s backend code is in the offline portion of the system and an outage in that portion of the system will have no effect whatsoever on our customers, even if it were down for several days. Nevertheless, we have 24/7 alerting in place so we will be notified soon after an outage occurs and will quickly get it back up.

Metered licensing is now available for Barcode Xpress 13.1 and following versions.

The scalable vector graphic (SVG) format continues to enjoy steady adoption across the web. According to data from W3Techs, SVG now accounts for 25 percent of website images worldwide. But it wasn’t always this way. In 1998, it became apparent that vector-based graphics had a future on the web, and the W3C received six different file format submissions from technology companies that year. Some were mere proposals ready for a complete revamp, while others were proprietary products that W3C wasn’t permitted to modify. Instead of forging a format from one of the submissions, however, W3C’s SVG working group decided to start from the ground up — and SVG was born.

While the file format had lofty ambitions, focusing on common use rather than specific syntax, the original iteration was cumbersome and complex. However, SVG has improved year after year after year. With increased support came more streamlined functionality and usable features. Now, SVG is often the first choice for meeting the evolving demands of scalable, responsive, and accessible web content.

What is a Scalable Vector Graphic (SVG) and how does it work?

Today, SVG is the de-facto standard for vector-based browser graphics. But what exactly is this file format, and how does it work?

Based on XML, SVG supports three broad types of objects: 

• Vector graphics including paths and outlines that are both straight and curved
• Bitmap images such as .jpeg, .gif, and .png
• Text

What sets SVG apart from bitmap-based images is the use of lines and curves along the edges of graphical objects. Because bitmap images use a fixed set of pixels, scaling them up creates blurriness where the edges of pixels meet. In the case of vector images, meanwhile, a fixed-shape approach allows the preservation of smooth lines and curves no matter the image size.

SVG also offers the benefit of interoperability. Because it’s a W3C open standard, SVG plays well with both other image format and web markup languages including JavaScript, DOM, CSS, and HTML. This allows the format to easily support responsive design approaches that scale websites and web content based on the user device rather than defining standardized size parameters. Thanks to the curves and lines of SVG, scaling presents no problem for responsive designers looking to ensure consistency across device types.

The Benefits of SVG

While scalability is often cited as the biggest benefit of SVG, this format also offers other advantages, including:

• Responsiveness — Images can be easily scaled up or down and modified as necessary to meet web design and development demands.
• Accessibility — Since SVG is text-based, content can be indexed and searched, allowing both users and developers to quickly find what they’re looking for.
• Performance — Image rendering is quick and doesn’t require substantive resources, allowing sites to load quickly and completely.
• Use in Web Applications — Browser incompatibilities and missing functions often frustrate web design efforts, forcing developers to use multiple tool sets and spend time checking content and images for potential format conflicts. SVG, meanwhile, offers powerful scripting and event support, in turn allowing developers to leverage it as a platform for both graphically rich applications and user interfaces. The result? Better-looking sites that enhance the overall user experience.
• Interoperability — Because SVG is based on W3C standards, the format is entirely interoperable, meaning developers aren’t tied to any specific implementation, vendor, or authoring tool. From building their own framework from the ground up to leveraging third-party SVG applications, web developers can find their format best-fit.

SVG in PrizmDoc Viewer

Accusoft’s PrizmDoc Viewer offers multiple ways for developers to make the most of SVG elements at scale, such as:

• File Transformation — Conversion is critical for effective and efficient web design. If development teams need different file transformation tools for every format, the timeline for web projects expands significantly. PrizmDoc Viewer streamlines this process with support for the conversion of more than 100 file types — including PDFs, Microsoft Office files, HTML, EML, rich text, and images — into browser-compliant SVG outputs. In practice, this permits near-native document and image rendering that’s not only fast, but also accessible anytime, anywhere, and from any device.
• HTML5 Functionality — Using SVG in PrizmDoc Viewer is made easier thanks to native HTML5 design. The use of HTML5-native framework not only improves load times with smaller document sizes but means that PrizmDoc Viewer works in all modern web browsers — while also dramatically enhancing document display quality.
• Pre-Conversion — One of the biggest challenges with viewing large documents in a browser is delay. Pages toward the end of the document may take longer to load and frustrate users looking to quickly find a specific image or piece of information. PrizmDoc Viewer solves this problem with a pre-conversion API that returns the first page as an SVG while the rest of the document is being converted, allowing users to interact with documents as conversion takes place and lowering the chance that files will experience format-based delays.

SVG hasn’t always been the go-to web image format. Despite a promising start based on open, interoperable standards, the lack of early support and specific use cases for vector-based file formats saw SVG sitting on the sidelines for decades. 

The advent of on-demand access requirements and mobile-first development realities has changed the conversation. SVG is now continuously gaining ground as companies see the benefit in this scalable, streamlined, and superior-quality file format. Get the big picture and see SVG in action with our online document viewing demo, or start a free PrizmDoc Viewer trial today!

Is .NET or .NET Core the better bet for application development? Both frameworks are designed and supported by Microsoft and offer the ability to create apps capable of using multiple languages, abilities, and libraries, but they’re not the same. .NET Core is rapidly becoming the language of choice. For most app developers, .NET Core comes out ahead of its .NET counterpart. 

To understand why, let’s break down both .NET and .NET Core basics, examine the rise of .NET Core deployments, and dig into some key .NET Core benefits.

What is .NET?

Originally developed in the late 1990s and known as Next Generation Windows Services (NGWS), .NET reached beta release in 2000. As noted by Microsoft, .NET helps streamline application creation by allowing developers to write apps in C#, F#, or Visual Basic. By using a common language runtime (CLR) and class library, .NET manages system resources such as memory, thread execution, code execution, and security validation. This allows apps written in one language to talk with code written in other languages, significantly reducing the potential for interoperability issues.

Despite the benefits offered by .NET and work by Microsoft to standardize the software stack, concerns emerged among developers around the proprietary nature of .NET, especially in the realm of software patents. Microsoft has since changed its development approach to more closely follow open-source development models.

What is .NET Core?

.NET Core is an evolution of .NET that delivers both cross-code and cross-platform support. While Microsoft designed .NET to support Windows-based applications, .NET Core applications run on Windows, Linux, and macOS. It also uses MIT and Apache 2 licenses to deliver true open-source architecture and ensure consistency across operating environments.

While .NET remains the more popular framework by sheer volume of app development, .NET Core is quickly gaining ground. A recent survey found that .NET Core is now one of the “most loved” frameworks by developers.

Why is .NET Core becoming popular?

So, what’s driving the adoption of the .NET Core framework over .NET? Several factors now contribute to this uptake, including:

1. Linux & Windows Deployment – One of the biggest reasons .NET Core is gaining popularity is due to its ability to deploy in both Linux and Windows. This provides vast cost savings to development teams.
2. Run-Time and Performance Improvements –  Whether your application users are internal employees or external partners and customers, runtime speed and performance concerns are always critical to adoption. Since Core is the future of the .NET platform, all future performance improvements will be implemented there and most will not be present in .NET Framework. .NET Core enables APIs and applications to serve up application interfaces and data faster, regardless of the mobile, IoT, or desktop device which is interacting with it.
3. Community – Because .NET Core follows an open-source development model, there’s a large (and growing) community of devs and designers now supporting its ongoing evolution, allowing IT teams to leverage prebuilt .NET Core code rather than building their own from scratch.

.NET vs. .NET Framework

Beyond increased popularity driven by the shift in software development and standardization, the .NET Core framework also offers key benefits such as:

• Ongoing Improvements – In September 2019, Microsoft released version 3.0 of .NET Core and followed it up with version 3.1 in November of the same year. In addition, the company plans to release a new version every year and remove the “Core” distinction between the two frameworks to deliver increased interoperability.
• Improved Security – From security-specific APIs to Microsoft’s Secret Manager and the Azure Key Vault Provider along with straightforward support for two-factor authentication (2FA), .NET Core improves application security without increasing complexity.
• Cloud-Based Development Support – With cloud now the de facto framework for everything from mobile applications, Internet of Things (IoTs), and responsive web applications, .NET Core makes it easy for developers to design cloud-native applications across multiple platforms and devices.
• Easy Updates – .NET Core updates are easily managed and applied, allowing developers to spend more time building great applications instead of dealing with complex and convoluted service upgrades.
• Cross-Platform Code – .NET Core code can run on not only Windows but Linux platforms, which can help greatly reduce your cloud deployment costs. Combined with Docker, developers are able to leverage a greater amount of modularity and flexibility than ever before.

The Accusoft Advantage

To help companies compete on the cutting edge of app development and integration, Accusoft is making .NET Core available for specific products, starting with Barcode Xpress for .NET Core. With just a few lines of code, companies can deploy multi-platform, open-source support for industry-leading barcode recognition. From reading damaged, broken, and incorrect barcodes to scanning multiple barcodes on one document in milliseconds, Barcode Xpress makes it possible to easily integrate cutting-edge barcode functionality into any application across any platform. 

Several of our other SDKs are on deck for .NET Core capabilities. While .NET broke new ground for interoperable frameworks, .NET Core offers the next iteration of interoperable development with cloud-based, cross-platform support for applications at scale. Learn more about our .NET Core plans here.

To comply with federal anti-money laundering/anti-terrorist laws and regulations, the USPS analyzes images of cleared postal money orders to detect possible suspicious activity. Because there are no required standards for the image formats, when the Federal Reserve initiates the digital process and issues the electronic image of the money order, the USPS must be able to read the multiple formats as well as convert the files to a standard format for analysis. Each money order is made up of two images, one each for the front and back.