Archive for March, 2006

NIST Public Key Interoperability Test Suite Results

Adobe Acrobat and Adobe Reader version 7 have demonstrated complaince with the Public Key Interoperability Test Suite (PKITS) developed by the National Institute of Standards and Technology (NIST) along with DigitalNet and NSA.

PKITS is a comprehensive X.509 path validation test suite designed to cover most of the features specified in X.509 and RFC 3280.

Because path validation is natively included in Adobe Acrobat and Adobe Reader, digital signatures are able to consistently validate across operating systems and versions. The Adobe compliance tests may be viewed in the following locations for Windows, Macintosh, and Linux.

DoD Certification of Acrobat and Reader 7

The United States Department of Defense Joint Interoperability Test Command (JITC) has certified both Adobe Acrobat and Adobe Reader version 7.

Many programs supporting the Department of Defense missions require security services, such as authentication, confidentiality, non-repudiation, and access control. The JITC certification demonstrates compliance with DoD policy as well as showing confidence that the applications are properly and securely using Public Key Infrastructure.

Here are the direct links for certification of Adobe Acrobat and Adobe Reader

Proper redaction techniques in PDF

Redaction and document metadata leakage have been in the news lately based on various public incidents.

This is not proper redaction!.

Adobe has been made aware of customers posting public documents that have not been redacted properly to remove sensitive information. The most common user error is shown above. What appears to be an opaque rectangle over some text, is actually the same color font and background applied together. If you select the above text, copy it to the clipboard, and paste it into another application – you’ll see what was redacted!

For the proper way to redact documents in their source form and PDF, Adobe has written a whitepaper titled “Redaction of Confidential Information in a Document“.

The National Security Agency Information Assurance Directorate has also provided guidance in a document titled: “Redacting with Confidence: How to Safely Publish Sanitized Reports Converted from Word to PDF”

Adobe and IBM team on Enterprise Rights Management

At CeBIT this week, IBM announced that they are working with Adobe on Enterprise Rights Management (ERM) solutions to help companies protect their intellectual property and digital data from product theft.

The protection of commercial rights is becoming a major issue for many international companies. As a result of globalization, supplier and cooperation networks are becoming increasingly complex, and development and production data is being made accessible to ever-larger groups of users. Much of the development data and documents in question are “unprotected” against unauthorized access and redistribution.

IBM and Adobe are collaborating to offer joint solutions and services for worldwide Enterprise Rights Management that extends beyond the company firewall.

“The global access rights are issued by the Adobe LiveCycle Policy Server, which we host in our IBM computer centers with high availability and global access options”, said Michael Diemer, Vice President Strategic Outsourcing, IBM Information Technology Services.

“This means that we are immediately able to offer our customers the full ERM functionality of the Adobe LiveCycle Policy Server. In addition, we advise our customers on all ERM requirements and work with Adobe to offer complete end-to-end solutions to ensure maximum protection of their intellectual property, thereby making it difficult for intellectual property thieves.”

Adobe and IBM are demonstrating this solution in the front row of IBM’s primary CeBIT Booth F41/51, dempoint #1.

Here are links to the Enlgish and German press releases.