US Government Printing Office Deploys Digital Signatures for FY2009 Budget

Today the United States Government Printing Office (GPO)  deployed digital signatures in Adobe PDF for the release of The Budget of the U.S. Government, Fiscal Year 2009.

The Executive Office of the President, Office of Management and Budget (OMB) released a statement stating this is the first time the White House will not order hard copy versions of the budget, and has instead posted the budget online as fully searchable PDF documents. 

With an estimated total of nearly 2,200 pages in the four-book budget set, and a projected order of more than 3,000 copies for the media, Capitol Hill and the White House, the E-Budget will have a “green” focus above and beyond the fiscal sense. This step will save nearly¬†20 tons of paper, or roughly 480 trees. In terms of fiscal savings, we estimate the E-Budget will save nearly a million dollars over the next five years.

GPO has implemented a new digital seal of authenticity for their PDF documents, including today’s release of the FY2009 budget:

For almost 150 years, the U.S. Government Printing Office (GPO) has been the official disseminator of Government documents and has assured users of their authenticity.

In the 21st century, the increasing use of electronic documents poses special challenges in verifying authenticity, because digital technology makes such documents easy to alter or copy, leading to multiple non-identical versions that can be used in unauthorized or illegitimate ways.

To help meet the challenge of the digital age, GPO has begun implementing digital signatures to certain electronic documents on GPO Access that not only establish GPO as the trusted information disseminator, but also provide the assurance that an electronic document has not been altered since GPO disseminated it.

The visible digital signatures on online PDF documents serve the same purpose as handwritten signatures or traditional wax seals on printed documents. A digital signature, viewed through the GPO Seal of Authenticity, verifies document integrity and authenticity on GPO online Federal documents, at no cost to the customer.

More information on GPO’s authentication program is available at http://www.gpoaccess.gov/authentication/

Opening the Nation’s Fiscal Outlook from GPO Access with Acrobat 8.1.1 on Windows XP SP2:

Opening the Nation’s Fiscal Outlook with Acrobat 8.1.1 on Mac OS X 10.5.1 (Leopard)

The digital signatures on the GPO documents automatically validate with Adobe Acrobat and Adobe Reader version 7 and higher on Mac and Windows, via the Certified Document Service (CDS) program. No additional software or configuration is required to validate CDS signatures. 

There are several ways recipients can verify the signature status.  First is the document message bar across the top of the document, showing the certifying blue ribbon as well as information contained in the signer’s certificate:

The left navigation panel also has an icon of a pen over paper, which brings up the digital signature pane, showing additional information on the document signature:

Clicking on the GPO document seal in the PDF will also bring up the Signature Validation Status:

Clicking on that Signature Properties button above provides even more detail of the signature, including the authenticity, integrity, and timestamping indicators – with the ability to drill down deeper to review revocation status, certificate chaining, and other security information associated with the signature.

For digital signatures to automatically validate in Acrobat and Reader, the Public Key Infrastructure (PKI) certificates must have been issued by a Certificate Authority (CA) participating in the CDS Program. These CAs comply with the Adobe CDS Certificate Policy.  This is a program Adobe released in 2003 with Acrobat and Reader 6.  The CA/Browser Forum released a program with similar intentions for web browser SSL sites in 2007. 

Certifying signatures can be applied to PDF documents on the desktop using Adobe Acrobat, or on the server using Adobe LiveCycle Digital Signatures.  Recipient’s approval signatures can also be applied using Adobe Acrobat or Adobe Reader (via Adobe LiveCycle Reader Extensions) and then subsequently validated on the server with Adobe LiveCycle Digital Signatures as part of an automated workflow process.

Adobe Systems has been providing security technologies in PDF for over a dozen years.  Adobe uses FIPS 140 approved cryptography, has been approved by the US Department of Defense, and certified by the SAFE BioPharma Association. Adobe’s security solutions are also supported by a strong partner ecosystem to extend the native capabilities of authentication through hardware and software integration.