Archive for January, 2008

Demo: Certified Documents in Adobe PDF

Here is a demonstration of a PDF document that has a certifying signature plus four recipient signatures from four different certificate authorities that are part of Adobe’s Certified Document Services (CDS) program.

Click here to download the PDF for Adobe Acrobat and Adobe Reader version 6 and higher.

In v8 and higher, you will see a status bar across the top, indicating the valid document certification:

followed by the recipient signatures from each of the CAs:

For long term digital signature validation, each of these signatures also include an embedded OCSP response from the certificates in the chains and RFC3161 timestamps. This shows that the certificates were valid at the time of signing – even if the document is subsequently opened after certificate expiration or revocation.

Demo: Applying Rights Management to a PDF in Acrobat

Applying a policy from Adobe LiveCycle Rights Management is as easy as two clicks in Adobe Acrobat. With a PDF document open, click the Secure menu, followed by one of the pre-defined policy names (that typically map to a organization-wide information classification system).  That’s it!  Click here to see this demonstrated using Adobe Captivate and Flash…


Dynamic Watermarks with LiveCycle Rights Management

Adobe LiveCycle Rights Management provides dynamic watermarking capabilities on PDF documents. A watermark is an image that is superimposed over the original base document. In a rights managed document, the image can be applied dynamically as the document is viewed in Adobe Acrobat or Adobe Reader. The watermark is not editable by recipients and is not permanently stored in the document. The location is customizable by administrators and can contain pre-defined text such as an information classification as well as the recipient’s name, their username, and the date/time the document is opened.

Click here to download a sample PDF with a dynamic watermark across the top of every page. To show it’s really dynamic and not burned into the underlying document, the watermark shows the current date and time for which the document was opened. If you close and reopen the document, it will change.

The dynamic watermark is often used as a detective control to track down unauthorized redistribution of sensitive documents and is a good part of a Data Loss Prevention (DLP) strategy. The dynamic watermark reminds the recipients of the document classification, such as “Company Confidential”, and the user-specific information shown on the document acts as a deterrent to unauthorized redistribution of the document. If a printed copy of a sensitive document shows up someplace it shouldn’t – the source of unauthorized redistribution can be determined by simply looking at the watermark.

The watermark templated is defined by LiveCycle Rights management administrators. Here are the options:



A policy definition, such as “Confidential”, can then specify which watermark template to use every time that policy is applied:


Here is what a watermarked document looks like with a policy applied that includes a dynamic watermark showing full name, username, custom text, and date/time:


Here we have unchecked the User Name, User ID, and Current Date – leaving only the Custom Text.  The H/V alignment is set to center, and the rotation to 45 degrees:


Here the vertical alignment is set to the top at 50% scale using only the custom text field:


By remapping the user name from the DN in LDAP to a separate field containing a unique hex code for each user, it can be applied rather unobtrusively to the lower right hand corner of a document: