Archive for August, 2008

Setting Signature Trust in Adobe Reader & Adobe Acrobat – Part Two – “The How – Manual Trust Settings”

In part one of this series, I discussed the three essential questions that Adobe products ask in regards to electronic signatures: (1) is the signature credential in good standing; (2) has the document changed since it was signed, and (3) has the relying party trusted the signer.  This third question is the one that is oftentimes left to the user or organization to answer, due to the unique circumstances of any particular situation.  Today we’ll discuss how users can set up that trust and provide the third leg of the tripod in the intrinsic valdiity of an electronic signature.

Signature credentials are trusted in Adobe products through the establishment and installation of trust anchors and trusted identities.  Trust anchors are typically root certificates—certificates at the top of the hierarchy from which other certificates are derived.  Trusted identities can be any certificate, even an end-entity, or user, certificate.  In any case, in order to pass validation, the signing certificate must either be a trust anchor (root) or be chained to (derived from) that root.

We’ll cover in this post the 3 ways an individual user can set trust in Adobe products.

Continue reading…

Setting Signature Trust in Adobe Reader & Adobe Acrobat – Part One – “The Why”

A few months ago, I wrote about the nature of assurance in electronic signatures and how aspects like authentication, audit, and integrity add to the trust you place in a signature.

When we consider electronic signatures, recognize that there are typically two parties to the transaction: the author / signer and the recipient, or relying party.  The signer’s role is obvious.  The relying party, on the other hand, is the one who is in the position to accept the signature and therefore the signer’s approval of the terms or nature of the signed document.  When faced with an electronic signature, the relying party must be aware (or have resources he/she can turn to, such as a lawyer) of three intersecting zones of validity—legal, contractual, and intrinsic—and how Adobe products can assist. 

Continue reading…

Adobe MAX Awards 2008 is now accepting nominations!!

Adobe Security Customers,

I wanted to be sure the group was aware of the 2008 MAX Awards. These customer recognition awards showcase some of our best customer projects developed around the globe over the past year.

This year we will award projects in 6 categories: Advertising & Branding, Enterprise, Mobility and Devices, Public Sector, Rich Internet Application, and Video. Most of our security nominations are typically in the Enterprise and Public Sector categories.

The top three finalists in each category will be invited to attend MAX North America in San Francisco, where we will announce the winner, as well as the People’s Choice award winner. All finalists will receive complimentary admission to MAX.

All submissions must be received online at by September 12th, 2008, so be sure to submit your Adobe Security project today!

For more information or to see last year’s finalists and winners please Click Here

Continue reading…

Adobe Secured Customer Showcase: Allgaier Automotive GmbH

Read about how Allgaier Automotive is using Livecycle Rights Management ES to improve communications of and collaboration on complex 3D design models.

Flexibility in identifying and authenticating users – Part Two

LiveCycle Rights Management ES provides four fundamental types of authentication to the end-user: anonymous authentication, username/password authentication, Kerberos SSO authentication, and Smart card/Certificate authentication. These enable out-of-the-box deployment into a variety of authentication infrastructure, along with allowing for substantial mechanisms for customization and integration. As promised in part one, today’s topic is a deep dive on smartcard/certificate authentication and the benefits to customers.


Smart card / Certificate authentication

The fourth type of authentication that LiveCycle Rights Management ES supports is smart card, or certificate-based authentication. For some customers, this form of authentication is often more secure than the other forms of authentication supported. To understand how it works in LiveCycle Rights Management ES and the benefits it provides, however, requires some background and context.

A smart card, in its most well-known form, is a credit card-sized ‘intelligent card’ that carries user’s credentials in the form of Digital Certificates. Many variants today also possess processing capabilities like the ability to compute Digital Signatures. A smart card is a something-you-have type of authentication, as compared to Username/Password which is something-you-know.

A Digital Certificate, often just referred to as Certificate, is a digital document that at a minimum includes a Distinguished Name (DN) and an associated Public Key. The DN uniquely identifies a user’s identity, and the public key can be used to prove that identity. The Certificate is signed by a trusted third party known as Certificate Authority (CA). The CA vouches for the authenticity of the certificate holder. This Public Key Infrastructure (PKI) assumes the use of Public Key Cryptography, which is the most common method on the Internet for authenticating end parties or encrypting messages. PKI overcomes the significant flaws in the traditional cryptography or the symmetric cryptography, and at the same time provides added security by having strict requirements for key lengths and industry standard cryptographic algorithms (set forth by Public Key Cryptography Standards or PKCS, and governed by RSA Laboratories).

At the time of authentication, LiveCycle Rights Management ES validates the chosen Certificate’s signature against its cache of known and trusted CA certificates. The server verifies the Certificate, validates the Digital Signature, and finally maps this Certificate to a unique user through the rules an administrator creates when configuring LiveCycle. LiveCycle Rights Management ES also provides for flexibility and easier enterprise integration by providing server-based “SPIs,” which can be used to develop custom certificate authentication providers.

Many enterprises and governments today employ smart card based authentication, not only for its enhanced security but also for its ease of deployment and use for end users. For example the United States Department of Defense issues Common Access Cards (CAC cards) which can be used for secure user identification. These CAC cards can be used within LiveCycle Rights Management ES to authenticate users who are opening protected documents. A user would insert his card into a smart card reader on his machine to identify himself. These readers are available in a variety of form factors and can be connected to a computer using USB or PC card interface – and are integrated into many laptops today, such as the Dell Latitude line of business laptops.

To give you a better idea of how easy it is for an end user to authenticate to LiveCycle Rights Management ES using a smart card, click on the following demo:

Guest Contributor: Chaitanya Atreya

Questions or feedback on this entry? Contact us at

Need more information on how your organization can effectively manage and protect your intellectual property? Further information can be obtained at or by contacting Adobe

Additional Resources on Electronic Signatures and the Law

This entry is part of our continuing educational series, “What is an Electronic Signature, Anyway?” (Parts 1, 2, 3 and 4)

Disclaimer. This blog entry is not intended to provide legal advice. You should discuss issues relating to the use of electronic signatures in your business with your own legal counsel and compliance officers.

Two months ago we discussed here the nature of the legal environment surrounding electronic signatures. I’d like to point out some additional resources that can expand your knowledge of the subject.

• Within the EU context, Law Professor Dr. Jos DuMortier, director of the Interdisciplinary Centre for Law and ICT at the Catholic University of Leuven (K.U. Leuven) in Belgium, and a well-known authority on the intersection of law with information technology, has published and/or contributed to a large number of whitepapers and articles on the subject of electronic signatures. This whitepaper from October 2007 describes how digital signatures created with PDF documents and the Belgian eID can be granted valid, legal status.

• Just last week, the American Bar Association published an impressive book entitled, “Foundations of Digital Evidence,” which covers, as you might have guessed, the implications, nature, and changes that digital evidence has wrought upon legal systems around the world. Adobe’s own Ed Chase, a Solutions Architect and one of our electronic signature gurus, contributed a critical chapter on PDF and its impact on the subject, providing details about how the features of PDF and digital signatures can support legal requirements for electronic records.

Partners working with partners…working with Adobe

Partners are critical to everything we do in the security space, and we are very proud of the best-of-breed Community we have fostered in order to best create solutions based on Adobe’s capabilities and customized to each customer’s needs.

With that in mind, we’re always extremely pleased to see cooperation among our many security partners so that they can also mutually leverage their capabilities which in the end is all the better for our own customers.

One of our partners, Communication Intelligence Corporation (CIC), a key electronic signature industry player, recently announced a partnership with 4Point Solutions, one of our foremost LiveCycle systems integrators, to promote closer integration of their technologies.

And ARX, Inc., a security partner offering a convenient , virtually plug-and-play CA and signing appliance, CoSign, announced relationships (here and here) with two of our Certificate Authority partners, GlobalSign and ChosenSecurity,to provide more complete and easy-to-deploy solutions around these two companies’ digital ID offerings.

So, how do these new relationships benefit Adobe’s customers? CIC’s relationship with 4Point means that customers deploying LiveCycle will have more electronic signature options on the table. With ARX, customers looking to speed workflows with digital signatures can deploy the ARX CoSign product, centrally storing user signing credentials from GlobalSign or Chosen Security, both leading certificate authorities in their own right.

“The train has left the station!” – Electronic Signatures in the Real World

This entry is part of our continuing educational series, “What is an Electronic Signature, Anyway?” (Parts 1, 2 and 3.)

In June, at an event at the National Press Club, Jerry Buckley, Founding Partner at the Buckley Kolar law firm in Washington DC, as well as Counsel to the Electronic Signatures and Records Association (ESRA), an organization devoted to promulgating the use of electronic signatures & documents and educating the public & industry on those matters, stated that the “train had left the station” when it came to electronic signature usage around the world. As the demand for more fully electronic workflows becomes more pronounced, especially given the meteoric rise in gas, and thus shipping, prices, as well as an increasing desire on the part of enterprises and organizations to ‘go green,’ electronic signatures will become even more ubiquitous.

Continue reading…